Class
Simple Access Control Lists.
Access control lists are composed of “allow” and “deny” halves to control access. Use “all” or “*” to match any address. To match a specific address use any address or address mask that IPAddr
can understand.
Example:
list = %w[ deny all allow 192.168.1.1 allow ::ffff:192.168.1.2 allow 192.168.1.3 ] # From Socket#peeraddr, see also ACL#allow_socket? addr = ["AF_INET", 10, "lc630", "192.168.1.3"] acl = ACL.new p acl.allow_addr?(addr) # => true acl = ACL.new(list, ACL::DENY_ALLOW) p acl.allow_addr?(addr) # => true
Constants
Default to deny
Default to allow
Class Methods
lib/drb/acl.rb
View on GitHub
# File tmp/rubies/ruby-2.6.10/lib/drb/acl.rb, line 179
def initialize(list=nil, order = DENY_ALLOW)
@order = order
@deny = ACLList.new
@allow = ACLList.new
install_list(list) if list
end
Creates a new ACL
from list
with an evaluation order
of DENY_ALLOW
or ALLOW_DENY
.
An ACL
list
is an Array
of “allow” or “deny” and an address or address mask or “all” or “*” to match any address:
%w[
deny all
allow 192.0.2.2
allow 192.0.2.128/26
]
Instance Methods
lib/drb/acl.rb
View on GitHub
# File tmp/rubies/ruby-2.6.10/lib/drb/acl.rb, line 203
def allow_addr?(addr)
case @order
when DENY_ALLOW
return true if @allow.match(addr)
return false if @deny.match(addr)
return true
when ALLOW_DENY
return false if @deny.match(addr)
return true if @allow.match(addr)
return false
else
false
end
end
Allow connections from addrinfo addr
? It must be formatted like Socket#peeraddr:
["AF_INET", 10, "lc630", "192.0.2.1"]
lib/drb/acl.rb
View on GitHub
# File tmp/rubies/ruby-2.6.10/lib/drb/acl.rb, line 191
def allow_socket?(soc)
allow_addr?(soc.peeraddr)
end
Allow connections from Socket
soc
?
lib/drb/acl.rb
View on GitHub
# File tmp/rubies/ruby-2.6.10/lib/drb/acl.rb, line 223
def install_list(list)
i = 0
while i < list.size
permission, domain = list.slice(i,2)
case permission.downcase
when 'allow'
@allow.add(domain)
when 'deny'
@deny.add(domain)
else
raise "Invalid ACL entry #{list}"
end
i += 2
end
end