iprange-procs.tcl

IP range procs - support different kind of IP ranges These class defined here is not related to the test-items, other than the fact that exams can be restricted. Since the IP-ranges are typically site specific, it is expected that sites define interesting IP ranges (such as e.g., WLAN, on-site, VPN, ...) in the iprange-init.tcl file.

This file defines the following Objects and Classes: ::xowf::IpRange[i], ::xowf::iprange::all[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i], ::xowf::IpRange[i]

Location:
packages/xowf/tcl/iprange-procs.tcl
Author:
Gustaf Neumann

Procedures in this file

Detailed information

Class ::xowf::IpRange (public)

 ::nx::Class ::xowf::IpRange[i]

Class representing a range of IPs to be used to enforce access control.

Testcases:
No testcase defined.

Object ::xowf::iprange::all (public)

 ::xowf::IpRange ::xowf::iprange::all[i]

Testcases:
No testcase defined.

xowf::IpRange method allow_access (public)

 <instance of xowf::IpRange[i]> allow_access ip

Check, if provided IP address is in the provided ranges of disallowed or allowed addresses. First, the explicitly disallowed addresses are checked, then the explicitly allowed ones. Addresses can be specified in the following formats:

  • IP address in CIDR format (e.g., 127.208.0.0/16)
  • IP address containing wildcard "*"
  • literal IP address

Parameters:
ip (required)
Returns:
boolean value expressing success

Testcases:
No testcase defined.

xowf::IpRange method match (protected)

 <instance of xowf::IpRange[i]> match spec ip
Parameters:
spec (required)
ip (required)

Testcases:
No testcase defined.
[ hide source ] | [ make this the default ]

Content File Source

::xo::library doc {
  IP range procs - support different kind of IP ranges

  These class defined here is not related to the test-items, other
  than the fact that exams can be restricted. Since the IP-ranges are
  typically site specific, it is expected that sites define
  interesting IP ranges (such as e.g., WLAN, on-site, VPN, ...) in the
  iprange-init.tcl file.

  @author Gustaf Neumann
}

namespace eval ::xowf {
  nx::Class create IpRange {
    #
    # Class representing a range of IPs to be used to enforce access
    # control.
    #

    :property {allowed ""}
    :property {disallowed ""}
    :property {title ""}

    :method match {spec ip} {
      if {[string first / $spec] > -1 && [ns_subnetmatch $spec $ip]} {
        return 1
      } elseif {[string first * $spec] > -1 && [string match $spec $ip]} {
        return 1
      } elseif {$spec eq $ip} {
        return 1
      }
      return 0
    }

    :public method allow_access {ip} {
      #
      # Check, if provided IP address is in the provided ranges of
      # disallowed or allowed addresses. First, the explicitly
      # disallowed addresses are checked, then the explicitly allowed
      # ones. Addresses can be specified in the following formats:
      #
      # <ul>
      #  <li> IP address in CIDR format (e.g., 127.208.0.0/16)
      #  <li> IP address containing wildcard "*"
      #  <li> literal IP address
      # </ul>
      # @return boolean value expressing success

      foreach spec ${:disallowed} {
        if {[:match $spec $ip]} {
          return 0
        }
      }

      foreach spec ${:allowed} {
        if {[:match $spec $ip]} {
          return 1
        }
      }
      return 0
    }
  }

}

#
# Local variables:
#    mode: tcl
#    tcl-indent-level: 2
#    eval: (setq tcl-type-alist (remove* "method" tcl-type-alist :test 'equal :key 'car))
#    indent-tabs-mode: nil
# End: