PTLib  Version 2.10.4
PIpAccessControlList Class Reference

This class is a list of IP address mask specifications used to validate if an address may or may not be used in a connection. More...

#include <ipacl.h>

List of all members.

Public Member Functions

 PIpAccessControlList (PBoolean defaultAllowance=true)
 Create a new, empty, access control list.
PBoolean LoadHostsAccess (const char *daemonName=NULL)
 Load the system wide files commonly use under Linux (hosts.allow and hosts.deny file) for IP access.
PBoolean Load (PConfig &cfg)
 Load entries in the list from the configuration file specified.
PBoolean Load (PConfig &cfg, const PString &baseName)
 Load entries in the list from the configuration file specified, using the base name for the array of configuration file values.
void Save (PConfig &cfg)
 Save entries in the list to the configuration file specified.
void Save (PConfig &cfg, const PString &baseName)
 Save entries in the list to the configuration file specified, using the base name for the array of configuration file values.
PBoolean Add (PIpAccessControlEntry *entry)
 Add the specified entry into the list.
PBoolean Add (const PString &description)
PBoolean Add (PIPSocket::Address address, PIPSocket::Address mask, PBoolean allow)
PBoolean Remove (const PString &description)
 Remove the specified entry into the list.
PBoolean Remove (PIPSocket::Address address, PIPSocket::Address mask)
virtual PIpAccessControlEntryCreateControlEntry (const PString &description)
 Create a new PIpAccessControl specification entry object.
PIpAccessControlEntryFind (PIPSocket::Address address) const
 Find the PIpAccessControl specification for the address.
PBoolean IsAllowed (PTCPSocket &socket) const
 Test the address/connection for if it is allowed within this access control list.
PBoolean IsAllowed (PIPSocket::Address address) const
PBoolean GetDefaultAllowance () const
 Get the default state for allowed access if the list is empty.
void SetDefaultAllowance (PBoolean defAllow)
 Set the default state for allowed access if the list is empty.

Protected Attributes

PBoolean defaultAllowance

Detailed Description

This class is a list of IP address mask specifications used to validate if an address may or may not be used in a connection.

The list may be totally internal to the application, or may use system wide files commonly use under Linux (hosts.allow and hosts.deny file). These will be used regardless of the platform.

When a search is done using IsAllowed() function, the first entry that matches the specified IP address is found, and its allow flag returned. The list sorted so that the most specific IP number specification is first and the broadest onse later. The entry with the value having a mask of zero, that is the match all entry, is always last.


Constructor & Destructor Documentation

Create a new, empty, access control list.


Member Function Documentation

Add the specified entry into the list.

See the PIpAccessControlEntry class for more details on the format of the description field.

Returns:
true if the entries was successfully added.
Parameters:
entryEntry for IP match parameters
PBoolean PIpAccessControlList::Add ( const PString description)
Parameters:
descriptionDescription of the IP match parameters
Parameters:
addressIP network address
maskMask for IP network
allowFlag for if network is allowed or not
virtual PIpAccessControlEntry* PIpAccessControlList::CreateControlEntry ( const PString description) [virtual]

Create a new PIpAccessControl specification entry object.

This may be used by an application to create descendents of PIpAccessControlEntry when extra information/functionality is required.

The default behaviour creates a PIpAccessControlEntry.

Find the PIpAccessControl specification for the address.

Parameters:
addressIP Address to find

Get the default state for allowed access if the list is empty.

References defaultAllowance.

Test the address/connection for if it is allowed within this access control list.

If the socket form is used the peer address of the connection is tested.

If the list is empty then true is returned. If the list is not empty, but the IP address does not match any entries in the list, then false is returned. If a match is made then the allow state of that entry is returned.

Returns:
true if the remote host address is allowed.
Parameters:
socketSocket to test
Parameters:
addressIP Address to test

Load entries in the list from the configuration file specified.

This is equivalent to Load(cfg, "IP Access Control List").

Returns:
true if all the entries in the file were added, if any failed then false is returned.
Parameters:
cfgConfiguration file to load entries from.
PBoolean PIpAccessControlList::Load ( PConfig cfg,
const PString baseName 
)

Load entries in the list from the configuration file specified, using the base name for the array of configuration file values.

The format of entries in the configuration file are suitable for use with the PHTTPConfig classes.

Returns:
true if all the entries in the file were added, if any failed then false is returned.
Parameters:
cfgConfiguration file to load entries from.
baseNameBase name string for each entry in file.
PBoolean PIpAccessControlList::LoadHostsAccess ( const char *  daemonName = NULL)

Load the system wide files commonly use under Linux (hosts.allow and hosts.deny file) for IP access.

See the Linux man entries on these files for more information. Note, these files will be loaded regardless of the actual platform used. The directory returned by the PProcess::GetOSConfigDir() function is searched for the files.

The daemonName parameter is used as the search argument in the hosts.allow/hosts.deny file. If this is NULL then the PProcess::GetName() function is used.

Returns:
true if all the entries in the file were added, if any failed then false is returned.
Parameters:
daemonNameName of "daemon" application
PBoolean PIpAccessControlList::Remove ( const PString description)

Remove the specified entry into the list.

See the PIpAccessControlEntry class for more details on the format of the description field.

Returns:
true if the entries was successfully removed.
Parameters:
descriptionDescription of the IP match parameters
Parameters:
addressIP network address
maskMask for IP network

Save entries in the list to the configuration file specified.

This is equivalent to Save(cfg, "IP Access Control List").

Parameters:
cfgConfiguration file to save entries to.
void PIpAccessControlList::Save ( PConfig cfg,
const PString baseName 
)

Save entries in the list to the configuration file specified, using the base name for the array of configuration file values.

The format of entries in the configuration file are suitable for use with the PHTTPConfig classes.

Parameters:
cfgConfiguration file to save entries to.
baseNameBase name string for each entry in file.

Set the default state for allowed access if the list is empty.

References defaultAllowance.


Member Data Documentation


The documentation for this class was generated from the following file:
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Defines