aboutsummaryrefslogblamecommitdiffstats
path: root/lib/orber/doc/src/orber_acl.xml
blob: 5feda83ef6cbab9c53b4c0ee6fdd9e8709943613 (plain) (tree)
1
2
3
4
5
6
7
8
                                       





                                     
                       


                                                       




                                                                  
 




                                                                          




















































































                                                                                            
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE erlref SYSTEM "erlref.dtd">

<erlref>
  <header>
    <copyright>
      <year>2005</year>
      <year>2016</year>
      <holder>Ericsson AB, All Rights Reserved</holder>
    </copyright>
    <legalnotice>
  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
  You may obtain a copy of the License at
 
      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.

  The Initial Developer of the Original Code is Ericsson AB.
    </legalnotice>

    <title>orber_acl</title>
    <prepared></prepared>
    <responsible></responsible>
    <docno></docno>
    <approved></approved>
    <checked></checked>
    <date>2005-05-19</date>
    <rev>A</rev>
  </header>
  <module>orber_acl</module>
  <modulesummary>Orber ACL operations</modulesummary>
  <description>
    <p>This module contains functions intended for analyzing Access 
      Control List (ACL) filters. The filters uses a extended format of 
      Classless Inter Domain Routing (CIDR). 
      For example, <c>"123.123.123.10"</c> limits
      the connection to that particular host, while <c>"123.123.123.10/17"</c> allows
      connections to or from any host equal to the 17 most significant bits. Orber
      also allow the user to specify a certain port or port range, for example,
      <c>"123.123.123.10/17#4001"</c> and <c>"123.123.123.10/17#4001/5001"</c>
      respectively. IPv4 or none compressed IPv6 strings are accepted.</p>
  </description>
  <funcs>
    <func>
      <name>match(IP, Direction) -> boolean()</name>
      <name>match(IP, Direction, GetInfo) -> Reply</name>
      <fsummary>Verify if the IP address versus the current configuration</fsummary>
      <type>
        <v>IP = tuple() | [integer()]</v>
        <v>Direction = tcp_in | ssl_in | tcp_out | ssl_out</v>
        <v>GetInfo = boolean()</v>
        <v>Reply = boolean() | {boolean(), [Interface], PortInfo}</v>
        <v>Interface = string()</v>
        <v>PortInfo = integer() | {integer(), integer()}</v>
      </type>
      <desc>
        <p>If <c>GetInfo</c> is not supplied or set to false, this operation returns
          a boolean which tells if the IPv4 or IPv6 address would pass the ACL
          filter, defined by the <c>iiop_acl</c> configuration parameter, or not.
          When <c>GetInfo</c> is set to true, a tuple which, besides the boolean
          that tells if access was granted, also include the defined
          interfaces and port(s). This operation requires that Orber is running and
          can be used on a live node to determine if Orber has been properly configured.</p>
      </desc>
    </func>
    <func>
      <name>verify(IP, Filter, Family) -> Reply</name>
      <fsummary>Verify if the IP address versus the Filter</fsummary>
      <type>
        <v>IP = string()</v>
        <v>Filter = string()</v>
        <v>Family = inet | inet6</v>
        <v>Reply = true | {false, From, To} | {error, string()}</v>
        <v>From = string()</v>
        <v>To = string()</v>
      </type>
      <desc>
        <p>This operation returns true if the IPv4 or IPv6 address would pass the
          supplied ACL. If that is not the case, a tuple containing the accepted range
          is returned. This operation should only be used for test purposes.</p>
      </desc>
    </func>
    <func>
      <name>range(Filter, Family) -> Reply</name>
      <fsummary>Get range of Filter</fsummary>
      <type>
        <v>Filter = string()</v>
        <v>Family = inet | inet6</v>
        <v>Reply = {ok, From, To} | {error, string()}</v>
        <v>From = string()</v>
        <v>To = string()</v>
      </type>
      <desc>
        <p>Returns the range of accepted IP addresses based on the supplied filter. 
          This operation should only be used for test purposes.</p>
      </desc>
    </func>
  </funcs>
  
</erlref>