PIpAccessControlList Class Reference

#include <ipacl.h>

List of all members.

Public Member Functions

 PIpAccessControlList (PBoolean defaultAllowance=PTrue)
PBoolean LoadHostsAccess (const char *daemonName=NULL)
PBoolean Add (PIpAccessControlEntry *entry)
PBoolean Add (const PString &description)
PBoolean Add (PIPSocket::Address address, PIPSocket::Address mask, PBoolean allow)
PBoolean Remove (const PString &description)
PBoolean Remove (PIPSocket::Address address, PIPSocket::Address mask)
virtual PIpAccessControlEntryCreateControlEntry (const PString &description)
PIpAccessControlEntryFind (PIPSocket::Address address) const
PBoolean IsAllowed (PTCPSocket &socket) const
PBoolean IsAllowed (PIPSocket::Address address) const
PBoolean GetDefaultAllowance () const
void SetDefaultAllowance (PBoolean defAllow)

Protected Attributes

PBoolean defaultAllowance

Detailed Description

This class is a list of IP address mask specifications used to validate if an address may or may not be used in a connection.

The list may be totally internal to the application, or may use system wide files commonly use under Linux (hosts.allow and hosts.deny file). These will be used regardless of the platform.

When a search is done using IsAllowed() function, the first entry that matches the specified IP address is found, and its allow flag returned. The list sorted so that the most specific IP number specification is first and the broadest onse later. The entry with the value having a mask of zero, that is the match all entry, is always last.

Constructor & Destructor Documentation

PIpAccessControlList::PIpAccessControlList ( PBoolean  defaultAllowance = PTrue  ) 

Create a new, empty, access control list.

Member Function Documentation

PBoolean PIpAccessControlList::Add ( PIPSocket::Address  address,
PIPSocket::Address  mask,
PBoolean  allow 
)

Parameters:
address  IP network address
mask  Mask for IP network
allow  Flag for if network is allowed or not

PBoolean PIpAccessControlList::Add ( const PString description  ) 

Parameters:
description  Description of the IP match parameters

PBoolean PIpAccessControlList::Add ( PIpAccessControlEntry entry  ) 

Add the specified entry into the list. See the PIpAccessControlEntry class for more details on the format of the description field.

Returns:
PTrue if the entries was successfully added.
Parameters:
entry  Entry for IP match parameters

virtual PIpAccessControlEntry* PIpAccessControlList::CreateControlEntry ( const PString description  )  [virtual]

Create a new PIpAccessControl specification entry object. This may be used by an application to create descendents of PIpAccessControlEntry when extra information/functionality is required.

The default behaviour creates a PIpAccessControlEntry.

PIpAccessControlEntry* PIpAccessControlList::Find ( PIPSocket::Address  address  )  const

Find the PIpAccessControl specification for the address.

Parameters:
address  IP Address to find

PBoolean PIpAccessControlList::GetDefaultAllowance (  )  const [inline]

Get the default state for allowed access if the list is empty.

PBoolean PIpAccessControlList::IsAllowed ( PIPSocket::Address  address  )  const

Parameters:
address  IP Address to test

PBoolean PIpAccessControlList::IsAllowed ( PTCPSocket socket  )  const

Test the address/connection for if it is allowed within this access control list. If the socket form is used the peer address of the connection is tested.

If the list is empty then PTrue is returned. If the list is not empty, but the IP address does not match any entries in the list, then PFalse is returned. If a match is made then the allow state of that entry is returned.

Returns:
PTrue if the remote host address is allowed.
Parameters:
socket  Socket to test

PBoolean PIpAccessControlList::LoadHostsAccess ( const char *  daemonName = NULL  ) 

Load the system wide files commonly use under Linux (hosts.allow and hosts.deny file) for IP access. See the Linux man entries on these files for more information. Note, these files will be loaded regardless of the actual platform used. The directory returned by the PProcess::GetOSConfigDir() function is searched for the files.

The daemonName parameter is used as the search argument in the hosts.allow/hosts.deny file. If this is NULL then the PProcess::GetName() function is used.

Returns:
PTrue if all the entries in the file were added, if any failed then PFalse is returned.
Parameters:
daemonName  Name of "daemon" application

PBoolean PIpAccessControlList::Remove ( PIPSocket::Address  address,
PIPSocket::Address  mask 
)

Parameters:
address  IP network address
mask  Mask for IP network

PBoolean PIpAccessControlList::Remove ( const PString description  ) 

Remove the specified entry into the list. See the PIpAccessControlEntry class for more details on the format of the description field.

Returns:
PTrue if the entries was successfully removed.
Parameters:
description  Description of the IP match parameters

void PIpAccessControlList::SetDefaultAllowance ( PBoolean  defAllow  )  [inline]

Set the default state for allowed access if the list is empty.

Member Data Documentation

PBoolean PIpAccessControlList::defaultAllowance [protected]

The documentation for this class was generated from the following file:
Generated on Thu May 27 01:36:49 2010 for PTLib by  doxygen 1.4.7