ruby--ruby/lib/drb/acl.rb

# acl-2.0 - simple Access Control List
#
# Copyright (c) 2000,2002,2003 Masatoshi SEKI
#
# acl.rb is copyrighted free software by Masatoshi SEKI.
# You can redistribute it and/or modify it under the same terms as Ruby.

require 'ipaddr'

class ACL
  VERSION=["2.0.0"]
  class ACLEntry
    def initialize(str)
      if str == '*' or str == 'all'
	@pat = [:all]
      else
	begin
	  @pat = [:ip, IPAddr.new(str)]
	rescue ArgumentError
	  @pat = [:name, dot_pat(str)]
	end
      end
    end

    private
    def dot_pat_str(str)
      list = str.split('.').collect { |s|
	(s == '*') ? '.+' : s
      }
      list.join("\\.")
    end

    private
    def dot_pat(str)
      exp = "^" + dot_pat_str(str) + "$"
      Regexp.new(exp)
    end

    public
    def match(addr)
      case @pat[0]
      when :all
	true
      when :ip
	begin
	  ipaddr = IPAddr.new(addr[3])
	  ipaddr = ipaddr.ipv4_mapped if @pat[1].ipv6? && ipaddr.ipv4?
	rescue ArgumentError
	  return false
	end
	(@pat[1].include?(ipaddr)) ? true : false
      when :name
	(@pat[1] =~ addr[2]) ? true : false
      else
	false
      end
    end
  end

  class ACLList
    def initialize
      @list = []
    end

    public
    def match(addr)
      @list.each do |e|
	return true if e.match(addr)
      end
      false
    end

    public
    def add(str)
      @list.push(ACLEntry.new(str))
    end
  end

  DENY_ALLOW = 0
  ALLOW_DENY = 1

  def initialize(list=nil, order = DENY_ALLOW)
    @order = order
    @deny = ACLList.new
    @allow = ACLList.new
    install_list(list) if list
  end

  public
  def allow_socket?(soc)
    allow_addr?(soc.peeraddr)
  end

  public
  def allow_addr?(addr)
    case @order
    when DENY_ALLOW
      return true if @allow.match(addr)
      return false if @deny.match(addr)
      return true
    when ALLOW_DENY
      return false if @deny.match(addr)
      return true if @allow.match(addr)
      return false
    else
      false
    end
  end

  public
  def install_list(list)
    i = 0
    while i < list.size
      permission, domain = list.slice(i,2)
      case permission.downcase
      when 'allow'
	@allow.add(domain)
      when 'deny'
	@deny.add(domain)
      else
	raise "Invalid ACL entry #{list.to_s}"
      end
      i += 2
    end
  end
end

if __FILE__ == $0
  # example
  list = %w(deny all
	    allow 192.168.1.1
            allow ::ffff:192.168.1.2
            allow 192.168.1.3
            )

  addr = ["AF_INET", 10, "lc630", "192.168.1.3"]

  acl = ACL.new
  p acl.allow_addr?(addr)

  acl = ACL.new(list, ACL::DENY_ALLOW)
  p acl.allow_addr?(addr)
end
add acl.rb, ssl.rb git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4676 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2003-10-04 13:08:23 -04:00			`# acl-2.0 - simple Access Control List`
			`#`
			`# Copyright (c) 2000,2002,2003 Masatoshi SEKI`
			`#`
			`# acl.rb is copyrighted free software by Masatoshi SEKI.`
			`# You can redistribute it and/or modify it under the same terms as Ruby.`

			`require 'ipaddr'`

			`class ACL`
			`VERSION=["2.0.0"]`
			`class ACLEntry`
			`def initialize(str)`
			`if str == '*' or str == 'all'`
			`@pat = [:all]`
			`else`
			`begin`
			`@pat = [:ip, IPAddr.new(str)]`
			`rescue ArgumentError`
			`@pat = [:name, dot_pat(str)]`
			`end`
			`end`
			`end`

			`private`
			`def dot_pat_str(str)`
			`list = str.split('.').collect { \|s\|`
			`(s == '*') ? '.+' : s`
			`}`
			`list.join("\\.")`
			`end`

			`private`
			`def dot_pat(str)`
			`exp = "^" + dot_pat_str(str) + "$"`
			`Regexp.new(exp)`
			`end`

			`public`
			`def match(addr)`
			`case @pat[0]`
			`when :all`
			`true`
			`when :ip`
			`begin`
			`ipaddr = IPAddr.new(addr[3])`
			`ipaddr = ipaddr.ipv4_mapped if @pat[1].ipv6? && ipaddr.ipv4?`
			`rescue ArgumentError`
			`return false`
			`end`
			`(@pat[1].include?(ipaddr)) ? true : false`
			`when :name`
			`(@pat[1] =~ addr[2]) ? true : false`
			`else`
			`false`
			`end`
			`end`
			`end`

			`class ACLList`
			`def initialize`
			`@list = []`
			`end`

			`public`
			`def match(addr)`
			`@list.each do \|e\|`
			`return true if e.match(addr)`
			`end`
			`false`
			`end`

			`public`
			`def add(str)`
			`@list.push(ACLEntry.new(str))`
			`end`
			`end`

			`DENY_ALLOW = 0`
			`ALLOW_DENY = 1`

			`def initialize(list=nil, order = DENY_ALLOW)`
			`@order = order`
			`@deny = ACLList.new`
			`@allow = ACLList.new`
			`install_list(list) if list`
			`end`

			`public`
			`def allow_socket?(soc)`
			`allow_addr?(soc.peeraddr)`
			`end`

			`public`
			`def allow_addr?(addr)`
			`case @order`
			`when DENY_ALLOW`
			`return true if @allow.match(addr)`
			`return false if @deny.match(addr)`
			`return true`
			`when ALLOW_DENY`
			`return false if @deny.match(addr)`
			`return true if @allow.match(addr)`
			`return false`
			`else`
			`false`
			`end`
			`end`

			`public`
			`def install_list(list)`
			`i = 0`
			`while i < list.size`
			`permission, domain = list.slice(i,2)`
			`case permission.downcase`
			`when 'allow'`
			`@allow.add(domain)`
			`when 'deny'`
			`@deny.add(domain)`
			`else`
			`raise "Invalid ACL entry #{list.to_s}"`
			`end`
			`i += 2`
			`end`
			`end`
			`end`

			`if __FILE__ == $0`
			`# example`
			`list = %w(deny all`
			`allow 192.168.1.1`
			`allow ::ffff:192.168.1.2`
			`allow 192.168.1.3`
			`)`

			`addr = ["AF_INET", 10, "lc630", "192.168.1.3"]`

			`acl = ACL.new`
			`p acl.allow_addr?(addr)`

			`acl = ACL.new(list, ACL::DENY_ALLOW)`
			`p acl.allow_addr?(addr)`
			`end`