diff options
Diffstat (limited to 'lib/orber/doc/src/orber_acl.xml')
-rw-r--r-- | lib/orber/doc/src/orber_acl.xml | 106 |
1 files changed, 106 insertions, 0 deletions
diff --git a/lib/orber/doc/src/orber_acl.xml b/lib/orber/doc/src/orber_acl.xml new file mode 100644 index 0000000000..441001894a --- /dev/null +++ b/lib/orber/doc/src/orber_acl.xml @@ -0,0 +1,106 @@ +<?xml version="1.0" encoding="latin1" ?> +<!DOCTYPE erlref SYSTEM "erlref.dtd"> + +<erlref> + <header> + <copyright> + <year>2005</year> + <year>2007</year> + <holder>Ericsson AB, All Rights Reserved</holder> + </copyright> + <legalnotice> + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + </legalnotice> + + <title>orber_acl</title> + <prepared></prepared> + <responsible></responsible> + <docno></docno> + <approved></approved> + <checked></checked> + <date>2005-05-19</date> + <rev>A</rev> + </header> + <module>orber_acl</module> + <modulesummary>Orber ACL operations</modulesummary> + <description> + <p>This module contains functions intended for analyzing Access + Control List (ACL) filters. The filters uses a extended format of + Classless Inter Domain Routing (CIDR). + For example, <c>"123.123.123.10"</c> limits + the connection to that particular host, while <c>"123.123.123.10/17"</c> allows + connections to or from any host equal to the 17 most significant bits. Orber + also allow the user to specify a certain port or port range, for example, + <c>"123.123.123.10/17#4001"</c> and <c>"123.123.123.10/17#4001/5001"</c> + respectively. IPv4 or none compressed IPv6 strings are accepted.</p> + </description> + <funcs> + <func> + <name>match(IP, Direction) -> boolean()</name> + <name>match(IP, Direction, GetInfo) -> Reply</name> + <fsummary>Verify if the IP address versus the current configuration</fsummary> + <type> + <v>IP = tuple() | [integer()]</v> + <v>Direction = tcp_in | ssl_in | tcp_out | ssl_out</v> + <v>GetInfo = boolean()</v> + <v>Reply = boolean() | {boolean(), [Interface], PortInfo}</v> + <v>Interface = string()</v> + <v>PortInfo = integer() | {integer(), integer()}</v> + </type> + <desc> + <p>If <c>GetInfo</c> is not supplied or set to false, this operation returns + a boolean which tells if the IPv4 or IPv6 address would pass the ACL + filter, defined by the <c>iiop_acl</c> configuration parameter, or not. + When <c>GetInfo</c> is set to true, a tuple which, besides the boolean + that tells if access was granted, also include the defined + interfaces and port(s). This operation requires that Orber is running and + can be used on a live node to determine if Orber has been properly configured.</p> + </desc> + </func> + <func> + <name>verify(IP, Filter, Family) -> Reply</name> + <fsummary>Verify if the IP address versus the Filter</fsummary> + <type> + <v>IP = string()</v> + <v>Filter = string()</v> + <v>Family = inet | inet6</v> + <v>Reply = true | {false, From, To} | {error, string()}</v> + <v>From = string()</v> + <v>To = string()</v> + </type> + <desc> + <p>This operation returns true if the IPv4 or IPv6 address would pass the + supplied ACL. If that is not the case, a tuple containing the accepted range + is returned. This operation should only be used for test purposes.</p> + </desc> + </func> + <func> + <name>range(Filter, Family) -> Reply</name> + <fsummary>Get range of Filter</fsummary> + <type> + <v>Filter = string()</v> + <v>Family = inet | inet6</v> + <v>Reply = {ok, From, To} | {error, string()}</v> + <v>From = string()</v> + <v>To = string()</v> + </type> + <desc> + <p>Returns the range of accepted IP addresses based on the supplied filter. + This operation should only be used for test purposes.</p> + </desc> + </func> + </funcs> + +</erlref> + |