?HAMA

Edit File Size: 4.65 KB

/proc/thread-self/root/opt/alt/ruby20/lib64/ruby/2.0.0/drb/acl.rb

Text Base64

# Copyright (c) 2000,2002,2003 Masatoshi SEKI
#
# acl.rb is copyrighted free software by Masatoshi SEKI.
# You can redistribute it and/or modify it under the same terms as Ruby.

require 'ipaddr'

##
# Simple Access Control Lists.
#
# Access control lists are composed of "allow" and "deny" halves to control
# access.  Use "all" or "*" to match any address.  To match a specific address
# use any address or address mask that IPAddr can understand.
#
# Example:
#
#   list = %w[
#     deny all
#     allow 192.168.1.1
#     allow ::ffff:192.168.1.2
#     allow 192.168.1.3
#   ]
#
#   # From Socket#peeraddr, see also ACL#allow_socket?
#   addr = ["AF_INET", 10, "lc630", "192.168.1.3"]
#
#   acl = ACL.new
#   p acl.allow_addr?(addr) # => true
#
#   acl = ACL.new(list, ACL::DENY_ALLOW)
#   p acl.allow_addr?(addr) # => true

class ACL

##
  # The current version of ACL

VERSION=["2.0.0"]

##
  # An entry in an ACL

class ACLEntry

##
    # Creates a new entry using +str+.
    #
    # +str+ may be "*" or "all" to match any address, an IP address string
    # to match a specific address, an IP address mask per IPAddr, or one
    # containing "*" to match part of an IPv4 address.

def initialize(str)
      if str == '*' or str == 'all'
        @pat = [:all]
      elsif str.include?('*')
        @pat = [:name, dot_pat(str)]
      else
        begin
          @pat = [:ip, IPAddr.new(str)]
        rescue ArgumentError
          @pat = [:name, dot_pat(str)]
        end
      end
    end

private

##
    # Creates a regular expression to match IPv4 addresses

def dot_pat_str(str)
      list = str.split('.').collect { |s|
        (s == '*') ? '.+' : s
      }
      list.join("\\.")
    end

private

##
    # Creates a Regexp to match an address.

def dot_pat(str)
      exp = "^" + dot_pat_str(str) + "$"
      Regexp.new(exp)
    end

public

##
    # Matches +addr+ against this entry.

def match(addr)
      case @pat[0]
      when :all
        true
      when :ip
        begin
          ipaddr = IPAddr.new(addr[3])
          ipaddr = ipaddr.ipv4_mapped if @pat[1].ipv6? && ipaddr.ipv4?
        rescue ArgumentError
          return false
        end
        (@pat[1].include?(ipaddr)) ? true : false
      when :name
        (@pat[1] =~ addr[2]) ? true : false
      else
        false
      end
    end
  end

##
  # A list of ACLEntry objects.  Used to implement the allow and deny halves
  # of an ACL

class ACLList

##
    # Creates an empty ACLList

def initialize
      @list = []
    end

public

##
    # Matches +addr+ against each ACLEntry in this list.

def match(addr)
      @list.each do |e|
        return true if e.match(addr)
      end
      false
    end

public

##
    # Adds +str+ as an ACLEntry in this list

def add(str)
      @list.push(ACLEntry.new(str))
    end

end

##
  # Default to deny

DENY_ALLOW = 0

##
  # Default to allow

ALLOW_DENY = 1

##
  # Creates a new ACL from +list+ with an evaluation +order+ of DENY_ALLOW or
  # ALLOW_DENY.
  #
  # An ACL +list+ is an Array of "allow" or "deny" and an address or address
  # mask or "all" or "*" to match any address:
  #
  #   %w[
  #     deny all
  #     allow 192.0.2.2
  #     allow 192.0.2.128/26
  #   ]

def initialize(list=nil, order = DENY_ALLOW)
    @order = order
    @deny = ACLList.new
    @allow = ACLList.new
    install_list(list) if list
  end

public

##
  # Allow connections from Socket +soc+?

def allow_socket?(soc)
    allow_addr?(soc.peeraddr)
  end

public

##
  # Allow connections from addrinfo +addr+?  It must be formatted like
  # Socket#peeraddr:
  #
  #   ["AF_INET", 10, "lc630", "192.0.2.1"]

def allow_addr?(addr)
    case @order
    when DENY_ALLOW
      return true if @allow.match(addr)
      return false if @deny.match(addr)
      return true
    when ALLOW_DENY
      return false if @deny.match(addr)
      return true if @allow.match(addr)
      return false
    else
      false
    end
  end

public

##
  # Adds +list+ of ACL entries to this ACL.

def install_list(list)
    i = 0
    while i < list.size
      permission, domain = list.slice(i,2)
      case permission.downcase
      when 'allow'
        @allow.add(domain)
      when 'deny'
        @deny.add(domain)
      else
        raise "Invalid ACL entry #{list.to_s}"
      end
      i += 2
    end
  end

end

if __FILE__ == $0
  # example
  list = %w(deny all
            allow 192.168.1.1
            allow ::ffff:192.168.1.2
            allow 192.168.1.3
            )

addr = ["AF_INET", 10, "lc630", "192.168.1.3"]

acl = ACL.new
  p acl.allow_addr?(addr)

acl = ACL.new(list, ACL::DENY_ALLOW)
  p acl.allow_addr?(addr)
end

Exit & Reset Text mode: syntax highlighting auto-detects file type.

Name	Size	Perms	Modified	Actions
acl.rb	4.65 KB	lrw-r--r--	2011-05-19 00:07:25	Edit Download recursive recursive
drb.rb	55.39 KB	lrw-r--r--	2013-01-26 03:58:33	Edit Download recursive recursive
eq.rb	244 B	lrw-r--r--	2013-01-25 03:25:39	Edit Download recursive recursive
extserv.rb	1.20 KB	lrw-r--r--	2013-01-25 03:25:39	Edit Download recursive recursive
extservm.rb	1.71 KB	lrw-r--r--	2012-04-22 11:35:03	Edit Download recursive recursive
gw.rb	2.97 KB	lrw-r--r--	2013-01-25 03:25:39	Edit Download recursive recursive
invokemethod.rb	746 B	lrw-r--r--	2013-01-25 03:25:39	Edit Download recursive recursive
observer.rb	636 B	lrw-r--r--	2013-01-25 03:25:39	Edit Download recursive recursive
ssl.rb	11.50 KB	lrw-r--r--	2013-12-24 15:37:51	Edit Download recursive recursive
timeridconv.rb	2.11 KB	lrw-r--r--	2013-01-25 03:25:39	Edit Download recursive recursive
unix.rb	2.72 KB	lrw-r--r--	2013-01-25 03:25:39	Edit Download recursive recursive

Directory Contents