#include <ipacl.h>
Public Member Functions | |
| PIpAccessControlList (PBoolean defaultAllowance=true) | |
| Create a new, empty, access control list. | |
| PBoolean | LoadHostsAccess (const char *daemonName=NULL) |
| Load the system wide files commonly use under Linux (hosts.allow and hosts.deny file) for IP access. | |
| PBoolean | Load (PConfig &cfg) |
| Load entries in the list from the configuration file specified. | |
| PBoolean | Load (PConfig &cfg, const PString &baseName) |
| Load entries in the list from the configuration file specified, using the base name for the array of configuration file values. | |
| void | Save (PConfig &cfg) |
| Save entries in the list to the configuration file specified. | |
| void | Save (PConfig &cfg, const PString &baseName) |
| Save entries in the list to the configuration file specified, using the base name for the array of configuration file values. | |
| PBoolean | Add (PIpAccessControlEntry *entry) |
| Add the specified entry into the list. | |
| PBoolean | Add (const PString &description) |
| PBoolean | Add (PIPSocket::Address address, PIPSocket::Address mask, PBoolean allow) |
| PBoolean | Remove (const PString &description) |
| Remove the specified entry into the list. | |
| PBoolean | Remove (PIPSocket::Address address, PIPSocket::Address mask) |
| virtual PIpAccessControlEntry * | CreateControlEntry (const PString &description) |
| Create a new PIpAccessControl specification entry object. | |
| PIpAccessControlEntry * | Find (PIPSocket::Address address) const |
| Find the PIpAccessControl specification for the address. | |
| PBoolean | IsAllowed (PTCPSocket &socket) const |
| Test the address/connection for if it is allowed within this access control list. | |
| PBoolean | IsAllowed (PIPSocket::Address address) const |
| PBoolean | GetDefaultAllowance () const |
| Get the default state for allowed access if the list is empty. | |
| void | SetDefaultAllowance (PBoolean defAllow) |
| Set the default state for allowed access if the list is empty. | |
Protected Attributes | |
| PBoolean | defaultAllowance |
The list may be totally internal to the application, or may use system wide files commonly use under Linux (hosts.allow and hosts.deny file). These will be used regardless of the platform.
When a search is done using IsAllowed() function, the first entry that matches the specified IP address is found, and its allow flag returned. The list sorted so that the most specific IP number specification is first and the broadest onse later. The entry with the value having a mask of zero, that is the match all entry, is always last.
| PIpAccessControlList::PIpAccessControlList | ( | PBoolean | defaultAllowance = true |
) |
Create a new, empty, access control list.
| PBoolean PIpAccessControlList::Add | ( | PIPSocket::Address | address, | |
| PIPSocket::Address | mask, | |||
| PBoolean | allow | |||
| ) |
| address | IP network address |
| mask | Mask for IP network |
| allow | Flag for if network is allowed or not |
| description | Description of the IP match parameters |
| PBoolean PIpAccessControlList::Add | ( | PIpAccessControlEntry * | entry | ) |
Add the specified entry into the list.
See the PIpAccessControlEntry class for more details on the format of the description field.
| entry | Entry for IP match parameters |
| virtual PIpAccessControlEntry* PIpAccessControlList::CreateControlEntry | ( | const PString & | description | ) | [virtual] |
Create a new PIpAccessControl specification entry object.
This may be used by an application to create descendents of PIpAccessControlEntry when extra information/functionality is required.
The default behaviour creates a PIpAccessControlEntry.
| PIpAccessControlEntry* PIpAccessControlList::Find | ( | PIPSocket::Address | address | ) | const |
Find the PIpAccessControl specification for the address.
| address | IP Address to find |
| PBoolean PIpAccessControlList::GetDefaultAllowance | ( | ) | const [inline] |
Get the default state for allowed access if the list is empty.
| PBoolean PIpAccessControlList::IsAllowed | ( | PIPSocket::Address | address | ) | const |
| address | IP Address to test |
| PBoolean PIpAccessControlList::IsAllowed | ( | PTCPSocket & | socket | ) | const |
Test the address/connection for if it is allowed within this access control list.
If the socket form is used the peer address of the connection is tested.
If the list is empty then true is returned. If the list is not empty, but the IP address does not match any entries in the list, then false is returned. If a match is made then the allow state of that entry is returned.
| socket | Socket to test |
Load entries in the list from the configuration file specified, using the base name for the array of configuration file values.
The format of entries in the configuration file are suitable for use with the PHTTPConfig classes.
| cfg | Configuration file to load entries from. |
| baseName | Base name string for each entry in file. |
Load entries in the list from the configuration file specified.
This is equivalent to Load(cfg, "IP Access Control List").
| cfg | Configuration file to load entries from. |
| PBoolean PIpAccessControlList::LoadHostsAccess | ( | const char * | daemonName = NULL |
) |
Load the system wide files commonly use under Linux (hosts.allow and hosts.deny file) for IP access.
See the Linux man entries on these files for more information. Note, these files will be loaded regardless of the actual platform used. The directory returned by the PProcess::GetOSConfigDir() function is searched for the files.
The daemonName parameter is used as the search argument in the hosts.allow/hosts.deny file. If this is NULL then the PProcess::GetName() function is used.
| daemonName | Name of "daemon" application |
| PBoolean PIpAccessControlList::Remove | ( | PIPSocket::Address | address, | |
| PIPSocket::Address | mask | |||
| ) |
| address | IP network address |
| mask | Mask for IP network |
Remove the specified entry into the list.
See the PIpAccessControlEntry class for more details on the format of the description field.
| description | Description of the IP match parameters |
Save entries in the list to the configuration file specified, using the base name for the array of configuration file values.
The format of entries in the configuration file are suitable for use with the PHTTPConfig classes.
| cfg | Configuration file to save entries to. |
| baseName | Base name string for each entry in file. |
| void PIpAccessControlList::Save | ( | PConfig & | cfg | ) |
Save entries in the list to the configuration file specified.
This is equivalent to Save(cfg, "IP Access Control List").
| cfg | Configuration file to save entries to. |
| void PIpAccessControlList::SetDefaultAllowance | ( | PBoolean | defAllow | ) | [inline] |
Set the default state for allowed access if the list is empty.
PBoolean PIpAccessControlList::defaultAllowance [protected] |
1.4.7