ACL
class ACL
Parent:Object
简单的访问控制列表。
访问控制列表由“允许”和“拒绝”两部分组成,以控制访问。使用“全部”或“*”来匹配任何地址。要匹配特定地址,请使用IPAddr可以理解的任何地址或地址掩码。
Example:
list = %w[
deny all
allow 192.168.1.1
allow ::ffff:192.168.1.2
allow 192.168.1.3
]
# From Socket#peeraddr, see also ACL#allow_socket?
addr = ["AF_INET", 10, "lc630", "192.168.1.3"]
acl = ACL.new
p acl.allow_addr?(addr) # => true
acl = ACL.new(list, ACL::DENY_ALLOW)
p acl.allow_addr?(addr) # => true
Constants
ALLOW_DENY
默认允许
DENY_ALLOW
默认为拒绝
VERSION
ACL的当前版本
Public Class Methods
new(list=nil, order = DENY_ALLOW) Show source
list通过评估orderDENY_ALLOW或ALLOW_DENY 创建一个新的ACL 。
一个ACL list是一个“允许”或“拒绝”的数组,以及一个地址或地址掩码或“全部”或“*”来匹配任何地址:
%w[
deny all
allow 192.0.2.2
allow 192.0.2.128/26
]
# File lib/drb/acl.rb, line 172
def initialize(list=nil, order = DENY_ALLOW)
@order = order
@deny = ACLList.new
@allow = ACLList.new
install_list(list) if list
end
Public Instance Methods
allow_addr?(addr) Show source
允许来自addrinfo的连接addr?它必须格式化为Socket#peeraddr:
["AF_INET", 10, "lc630", "192.0.2.1"]
# File lib/drb/acl.rb, line 196
def allow_addr?(addr)
case @order
when DENY_ALLOW
return true if @allow.match(addr)
return false if @deny.match(addr)
return true
when ALLOW_DENY
return false if @deny.match(addr)
return true if @allow.match(addr)
return false
else
false
end
end
allow_socket?(soc) Show source
Allow connections from Socket soc?
# File lib/drb/acl.rb, line 184
def allow_socket?(soc)
allow_addr?(soc.peeraddr)
end
install_list(list) Show source
将listACL条目添加到此ACL。
# File lib/drb/acl.rb, line 216
def install_list(list)
i = 0
while i < list.size
permission, domain = list.slice(i,2)
case permission.downcase
when 'allow'
@allow.add(domain)
when 'deny'
@deny.add(domain)
else
raise "Invalid ACL entry #{list}"
end
i += 2
end
end
