1 files changed, 106 insertions, 0 deletions

diff --git a/lib/orber/doc/src/orber_acl.xml b/lib/orber/doc/src/orber_acl.xml
new file mode 100644
index 0000000000..441001894a
--- /dev/null
+++ b/lib/orber/doc/src/orber_acl.xml
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="latin1" ?>
+<!DOCTYPE erlref SYSTEM "erlref.dtd">
+
+<erlref>
+  <header>
+    <copyright>
+      <year>2005</year>
+      <year>2007</year>
+      <holder>Ericsson AB, All Rights Reserved</holder>
+    </copyright>
+    <legalnotice>
+  The contents of this file are subject to the Erlang Public License,
+  Version 1.1, (the "License"); you may not use this file except in
+  compliance with the License. You should have received a copy of the
+  Erlang Public License along with this software. If not, it can be
+  retrieved online at http://www.erlang.org/.
+
+  Software distributed under the License is distributed on an "AS IS"
+  basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+  the License for the specific language governing rights and limitations
+  under the License.
+
+  The Initial Developer of the Original Code is Ericsson AB.
+    </legalnotice>
+
+    <title>orber_acl</title>
+    <prepared></prepared>
+    <responsible></responsible>
+    <docno></docno>
+    <approved></approved>
+    <checked></checked>
+    <date>2005-05-19</date>
+    <rev>A</rev>
+  </header>
+  <module>orber_acl</module>
+  <modulesummary>Orber ACL operations</modulesummary>
+  <description>
+    <p>This module contains functions intended for analyzing Access 
+      Control List (ACL) filters. The filters uses a extended format of 
+      Classless Inter Domain Routing (CIDR). 
+      For example, <c>"123.123.123.10"</c> limits
+      the connection to that particular host, while <c>"123.123.123.10/17"</c> allows
+      connections to or from any host equal to the 17 most significant bits. Orber
+      also allow the user to specify a certain port or port range, for example,
+      <c>"123.123.123.10/17#4001"</c> and <c>"123.123.123.10/17#4001/5001"</c>
+      respectively. IPv4 or none compressed IPv6 strings are accepted.</p>
+  </description>
+  <funcs>
+    <func>
+      <name>match(IP, Direction) -> boolean()</name>
+      <name>match(IP, Direction, GetInfo) -> Reply</name>
+      <fsummary>Verify if the IP address versus the current configuration</fsummary>
+      <type>
+        <v>IP = tuple() | [integer()]</v>
+        <v>Direction = tcp_in | ssl_in | tcp_out | ssl_out</v>
+        <v>GetInfo = boolean()</v>
+        <v>Reply = boolean() | {boolean(), [Interface], PortInfo}</v>
+        <v>Interface = string()</v>
+        <v>PortInfo = integer() | {integer(), integer()}</v>
+      </type>
+      <desc>
+        <p>If <c>GetInfo</c> is not supplied or set to false, this operation returns
+          a boolean which tells if the IPv4 or IPv6 address would pass the ACL
+          filter, defined by the <c>iiop_acl</c> configuration parameter, or not.
+          When <c>GetInfo</c> is set to true, a tuple which, besides the boolean
+          that tells if access was granted, also include the defined
+          interfaces and port(s). This operation requires that Orber is running and
+          can be used on a live node to determine if Orber has been properly configured.</p>
+      </desc>
+    </func>
+    <func>
+      <name>verify(IP, Filter, Family) -> Reply</name>
+      <fsummary>Verify if the IP address versus the Filter</fsummary>
+      <type>
+        <v>IP = string()</v>
+        <v>Filter = string()</v>
+        <v>Family = inet | inet6</v>
+        <v>Reply = true | {false, From, To} | {error, string()}</v>
+        <v>From = string()</v>
+        <v>To = string()</v>
+      </type>
+      <desc>
+        <p>This operation returns true if the IPv4 or IPv6 address would pass the
+          supplied ACL. If that is not the case, a tuple containing the accepted range
+          is returned. This operation should only be used for test purposes.</p>
+      </desc>
+    </func>
+    <func>
+      <name>range(Filter, Family) -> Reply</name>
+      <fsummary>Get range of Filter</fsummary>
+      <type>
+        <v>Filter = string()</v>
+        <v>Family = inet | inet6</v>
+        <v>Reply = {ok, From, To} | {error, string()}</v>
+        <v>From = string()</v>
+        <v>To = string()</v>
+      </type>
+      <desc>
+        <p>Returns the range of accepted IP addresses based on the supplied filter. 
+          This operation should only be used for test purposes.</p>
+      </desc>
+    </func>
+  </funcs>
+  
+</erlref>
+