Class: ACL

Relationships & Source Files
Namespace Children
Classes: ACLEntry, ACLList
Inherits:	Object
Defined in:	lib/drb/acl.rb

Overview

Simple Access Control Lists.

Access control lists are composed of “allow” and “deny” halves to control access. Use “all” or “*” to match any address. To match a specific address use any address or address mask that IPAddr can understand.

Example:

list = %w[
  deny all
  allow 192.168.1.1
  allow ::ffff:192.168.1.2
  allow 192.168.1.3
]

# From Socket#peeraddr, see also ACL#allow_socket?
addr = ["AF_INET", 10, "lc630", "192.168.1.3"]

acl = ACL.new
p acl.allow_addr?(addr) # => true

acl = ACL.new(list, ACL::DENY_ALLOW)
p acl.allow_addr?(addr) # => true

Constant Summary

ALLOW_DENY =

Default to allow

# File 'lib/drb/acl.rb', line 158
```
1
```
DENY_ALLOW =

Default to deny

# File 'lib/drb/acl.rb', line 153
```
0
```
VERSION =

The current version of ACL

# File 'lib/drb/acl.rb', line 39
```
["2.0.0"]
```

Class Method Summary

.new(list = nil, order = DENY_ALLOW) ⇒ ACL constructor

Creates a new ACL from list with an evaluation order of DENY_ALLOW or ALLOW_DENY.

Instance Method Summary

#allow_addr?(addr) ⇒ Boolean

Allow connections from addrinfo addr? It must be formatted like Socket#peeraddr:
#allow_socket?(soc) ⇒ Boolean

Allow connections from Socket soc?
#install_list(list)

Adds list of ACL entries to this ACL.

Constructor Details

.new(list = nil, order = DENY_ALLOW) ⇒ `ACL`

Creates a new ACL from list with an evaluation order of DENY_ALLOW or ALLOW_DENY.

An ACL list is an Array of “allow” or “deny” and an address or address mask or “all” or “*” to match any address:

%w[
  deny all
  allow 192.0.2.2
  allow 192.0.2.128/26
]

[ GitHub ]

# File 'lib/drb/acl.rb', line 173


def initialize(list=nil, order = DENY_ALLOW)
  @order = order
  @deny = ACLList.new
  @allow = ACLList.new
  install_list(list) if list
end

Instance Method Details

#allow_addr?(addr) ⇒ `Boolean`

Allow connections from addrinfo addr? It must be formatted like Socket#peeraddr:

["AF_INET", 10, "lc630", "192.0.2.1"]

[ GitHub ]

# File 'lib/drb/acl.rb', line 197


def allow_addr?(addr)
  case @order
  when DENY_ALLOW
    return true if @allow.match(addr)
    return false if @deny.match(addr)
    return true
  when ALLOW_DENY
    return false if @deny.match(addr)
    return true if @allow.match(addr)
    return false
  else
    false
  end
end

#allow_socket?(soc) ⇒ `Boolean`

Allow connections from Socket soc?

[ GitHub ]

# File 'lib/drb/acl.rb', line 185


def allow_socket?(soc)
  allow_addr?(soc.peeraddr)
end

#install_list(list)

Adds list of ACL entries to this ACL.

[ GitHub ]

# File 'lib/drb/acl.rb', line 217


def install_list(list)
  i = 0
  while i < list.size
    permission, domain = list.slice(i,2)
    case permission.downcase
    when 'allow'
      @allow.add(domain)
    when 'deny'
      @deny.add(domain)
    else
      raise "Invalid ACL entry #{list}"
    end
    i += 2
  end
end

Class: ACL

Overview

Constant Summary

Class Method Summary

Instance Method Summary

Constructor Details

.new(list = nil, order = DENY_ALLOW) ⇒ ACL

Instance Method Details

#allow_addr?(addr) ⇒ Boolean

#allow_socket?(soc) ⇒ Boolean

#install_list(list)

.new(list = nil, order = DENY_ALLOW) ⇒ `ACL`

#allow_addr?(addr) ⇒ `Boolean`

#allow_socket?(soc) ⇒ `Boolean`