diff options
author | shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2008-07-07 07:36:34 +0000 |
---|---|---|
committer | shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2008-07-07 07:36:34 +0000 |
commit | 441546edcfbb1b346c87b69c5f578d1a0e522e06 (patch) | |
tree | 04f606a008baebc445f38944ad37e87468da29ea /ruby_1_8_6/lib/drb/acl.rb | |
parent | fa93611c0f9a6db146341c792bfe3b7322ec00e2 (diff) |
add tag v1_8_6_269
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/tags/v1_8_6_269@17937 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ruby_1_8_6/lib/drb/acl.rb')
-rw-r--r-- | ruby_1_8_6/lib/drb/acl.rb | 146 |
1 files changed, 146 insertions, 0 deletions
diff --git a/ruby_1_8_6/lib/drb/acl.rb b/ruby_1_8_6/lib/drb/acl.rb new file mode 100644 index 0000000000..861c8a514d --- /dev/null +++ b/ruby_1_8_6/lib/drb/acl.rb @@ -0,0 +1,146 @@ +# acl-2.0 - simple Access Control List +# +# Copyright (c) 2000,2002,2003 Masatoshi SEKI +# +# acl.rb is copyrighted free software by Masatoshi SEKI. +# You can redistribute it and/or modify it under the same terms as Ruby. + +require 'ipaddr' + +class ACL + VERSION=["2.0.0"] + class ACLEntry + def initialize(str) + if str == '*' or str == 'all' + @pat = [:all] + elsif str.include?('*') + @pat = [:name, dot_pat(str)] + else + begin + @pat = [:ip, IPAddr.new(str)] + rescue ArgumentError + @pat = [:name, dot_pat(str)] + end + end + end + + private + def dot_pat_str(str) + list = str.split('.').collect { |s| + (s == '*') ? '.+' : s + } + list.join("\\.") + end + + private + def dot_pat(str) + exp = "^" + dot_pat_str(str) + "$" + Regexp.new(exp) + end + + public + def match(addr) + case @pat[0] + when :all + true + when :ip + begin + ipaddr = IPAddr.new(addr[3]) + ipaddr = ipaddr.ipv4_mapped if @pat[1].ipv6? && ipaddr.ipv4? + rescue ArgumentError + return false + end + (@pat[1].include?(ipaddr)) ? true : false + when :name + (@pat[1] =~ addr[2]) ? true : false + else + false + end + end + end + + class ACLList + def initialize + @list = [] + end + + public + def match(addr) + @list.each do |e| + return true if e.match(addr) + end + false + end + + public + def add(str) + @list.push(ACLEntry.new(str)) + end + end + + DENY_ALLOW = 0 + ALLOW_DENY = 1 + + def initialize(list=nil, order = DENY_ALLOW) + @order = order + @deny = ACLList.new + @allow = ACLList.new + install_list(list) if list + end + + public + def allow_socket?(soc) + allow_addr?(soc.peeraddr) + end + + public + def allow_addr?(addr) + case @order + when DENY_ALLOW + return true if @allow.match(addr) + return false if @deny.match(addr) + return true + when ALLOW_DENY + return false if @deny.match(addr) + return true if @allow.match(addr) + return false + else + false + end + end + + public + def install_list(list) + i = 0 + while i < list.size + permission, domain = list.slice(i,2) + case permission.downcase + when 'allow' + @allow.add(domain) + when 'deny' + @deny.add(domain) + else + raise "Invalid ACL entry #{list.to_s}" + end + i += 2 + end + end +end + +if __FILE__ == $0 + # example + list = %w(deny all + allow 192.168.1.1 + allow ::ffff:192.168.1.2 + allow 192.168.1.3 + ) + + addr = ["AF_INET", 10, "lc630", "192.168.1.3"] + + acl = ACL.new + p acl.allow_addr?(addr) + + acl = ACL.new(list, ACL::DENY_ALLOW) + p acl.allow_addr?(addr) +end + |