PIpAccessControlList Class Reference

#include <ipacl.h>

List of all members.

Public Member Functions

 PIpAccessControlList (BOOL defaultAllowance=TRUE)
BOOL LoadHostsAccess (const char *daemonName=NULL)
BOOL Add (PIpAccessControlEntry *entry)
BOOL Add (const PString &description)
BOOL Add (PIPSocket::Address address, PIPSocket::Address mask, BOOL allow)
BOOL Remove (const PString &description)
BOOL Remove (PIPSocket::Address address, PIPSocket::Address mask)
virtual PIpAccessControlEntryCreateControlEntry (const PString &description)
PIpAccessControlEntryFind (PIPSocket::Address address) const
BOOL IsAllowed (PTCPSocket &socket) const
BOOL IsAllowed (PIPSocket::Address address) const
BOOL GetDefaultAllowance () const
void SetDefaultAllowance (BOOL defAllow)

Protected Attributes

BOOL defaultAllowance

Detailed Description

This class is a list of IP address mask specifications used to validate if an address may or may not be used in a connection.

The list may be totally internal to the application, or may use system wide files commonly use under Linux (hosts.allow and hosts.deny file). These will be used regardless of the platform.

When a search is done using IsAllowed() function, the first entry that matches the specified IP address is found, and its allow flag returned. The list sorted so that the most specific IP number specification is first and the broadest onse later. The entry with the value having a mask of zero, that is the match all entry, is always last.

Constructor & Destructor Documentation

PIpAccessControlList::PIpAccessControlList ( BOOL  defaultAllowance = TRUE  ) 

Create a new, empty, access control list.

Member Function Documentation

BOOL PIpAccessControlList::LoadHostsAccess ( const char *  daemonName = NULL  ) 

Load the system wide files commonly use under Linux (hosts.allow and hosts.deny file) for IP access. See the Linux man entries on these files for more information. Note, these files will be loaded regardless of the actual platform used. The directory returned by the PProcess::GetOSConfigDir() function is searched for the files.

The daemonName parameter is used as the search argument in the hosts.allow/hosts.deny file. If this is NULL then the PProcess::GetName() function is used.

Returns:
TRUE if all the entries in the file were added, if any failed then FALSE is returned.
Parameters:
daemonName  Name of "daemon" application

BOOL PIpAccessControlList::Add ( PIpAccessControlEntry entry  ) 

Add the specified entry into the list. See the PIpAccessControlEntry class for more details on the format of the description field.

Returns:
TRUE if the entries was successfully added.
Parameters:
entry  Entry for IP match parameters

BOOL PIpAccessControlList::Add ( const PString description  ) 

Parameters:
description  Description of the IP match parameters

BOOL PIpAccessControlList::Add ( PIPSocket::Address  address,
PIPSocket::Address  mask,
BOOL  allow 
)

Parameters:
address  IP network address
mask  Mask for IP network
allow  Flag for if network is allowed or not

BOOL PIpAccessControlList::Remove ( const PString description  ) 

Remove the specified entry into the list. See the PIpAccessControlEntry class for more details on the format of the description field.

Returns:
TRUE if the entries was successfully removed.
Parameters:
description  Description of the IP match parameters

BOOL PIpAccessControlList::Remove ( PIPSocket::Address  address,
PIPSocket::Address  mask 
)

Parameters:
address  IP network address
mask  Mask for IP network

virtual PIpAccessControlEntry* PIpAccessControlList::CreateControlEntry ( const PString description  )  [virtual]

Create a new PIpAccessControl specification entry object. This may be used by an application to create descendents of PIpAccessControlEntry when extra information/functionality is required.

The default behaviour creates a PIpAccessControlEntry.

PIpAccessControlEntry* PIpAccessControlList::Find ( PIPSocket::Address  address  )  const

Find the PIpAccessControl specification for the address.

Parameters:
address  IP Address to find

BOOL PIpAccessControlList::IsAllowed ( PTCPSocket socket  )  const

Test the address/connection for if it is allowed within this access control list. If the socket form is used the peer address of the connection is tested.

If the list is empty then TRUE is returned. If the list is not empty, but the IP address does not match any entries in the list, then FALSE is returned. If a match is made then the allow state of that entry is returned.

Returns:
TRUE if the remote host address is allowed.
Parameters:
socket  Socket to test

BOOL PIpAccessControlList::IsAllowed ( PIPSocket::Address  address  )  const

Parameters:
address  IP Address to test

BOOL PIpAccessControlList::GetDefaultAllowance (  )  const [inline]

Get the default state for allowed access if the list is empty.

void PIpAccessControlList::SetDefaultAllowance ( BOOL  defAllow  )  [inline]

Set the default state for allowed access if the list is empty.

Member Data Documentation

BOOL PIpAccessControlList::defaultAllowance [protected]

The documentation for this class was generated from the following file:
Generated on Fri Mar 7 06:25:06 2008 for PTLib by  doxygen 1.5.1