1*b1cdbd2cSJim Jagielski/************************************************************** 2*b1cdbd2cSJim Jagielski * 3*b1cdbd2cSJim Jagielski * Licensed to the Apache Software Foundation (ASF) under one 4*b1cdbd2cSJim Jagielski * or more contributor license agreements. See the NOTICE file 5*b1cdbd2cSJim Jagielski * distributed with this work for additional information 6*b1cdbd2cSJim Jagielski * regarding copyright ownership. The ASF licenses this file 7*b1cdbd2cSJim Jagielski * to you under the Apache License, Version 2.0 (the 8*b1cdbd2cSJim Jagielski * "License"); you may not use this file except in compliance 9*b1cdbd2cSJim Jagielski * with the License. You may obtain a copy of the License at 10*b1cdbd2cSJim Jagielski * 11*b1cdbd2cSJim Jagielski * http://www.apache.org/licenses/LICENSE-2.0 12*b1cdbd2cSJim Jagielski * 13*b1cdbd2cSJim Jagielski * Unless required by applicable law or agreed to in writing, 14*b1cdbd2cSJim Jagielski * software distributed under the License is distributed on an 15*b1cdbd2cSJim Jagielski * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16*b1cdbd2cSJim Jagielski * KIND, either express or implied. See the License for the 17*b1cdbd2cSJim Jagielski * specific language governing permissions and limitations 18*b1cdbd2cSJim Jagielski * under the License. 19*b1cdbd2cSJim Jagielski * 20*b1cdbd2cSJim Jagielski *************************************************************/ 21*b1cdbd2cSJim Jagielski 22*b1cdbd2cSJim Jagielski 23*b1cdbd2cSJim Jagielski#ifndef __com_sun_star_connection_SocketPermission_idl__ 24*b1cdbd2cSJim Jagielski#define __com_sun_star_connection_SocketPermission_idl__ 25*b1cdbd2cSJim Jagielski 26*b1cdbd2cSJim Jagielski//============================================================================= 27*b1cdbd2cSJim Jagielski 28*b1cdbd2cSJim Jagielskimodule com { module sun { module star { module connection { 29*b1cdbd2cSJim Jagielski 30*b1cdbd2cSJim Jagielski//============================================================================= 31*b1cdbd2cSJim Jagielski 32*b1cdbd2cSJim Jagielski/** This permission represents access to a network via sockets. 33*b1cdbd2cSJim Jagielski A SocketPermission consists of a host specification and a set of actions 34*b1cdbd2cSJim Jagielski specifying ways to connect to that host. The host is specified as 35*b1cdbd2cSJim Jagielski <pre> 36*b1cdbd2cSJim Jagielski host = (hostname | IPaddress)[:portrange] 37*b1cdbd2cSJim Jagielski portrange = portnumber | -portnumber | portnumber-[portnumber] 38*b1cdbd2cSJim Jagielski </pre> 39*b1cdbd2cSJim Jagielski The host is expressed as a DNS name, as a numerical IP address, or as 40*b1cdbd2cSJim Jagielski <code>"localhost"</code> (for the local machine). The wildcard <code>"*"</code> 41*b1cdbd2cSJim Jagielski may be included once 42*b1cdbd2cSJim Jagielski in a DNS name host specification. If it is included, it must be in the 43*b1cdbd2cSJim Jagielski leftmost position, as in <code>"*.sun.com"</code>. 44*b1cdbd2cSJim Jagielski <br> 45*b1cdbd2cSJim Jagielski The port or portrange is optional. A port specification of the form <code>"N-"</code>, 46*b1cdbd2cSJim Jagielski where <code>N</code> is a port number, signifies all ports numbered <code>N</code> and above, 47*b1cdbd2cSJim Jagielski while a specification of the form <code>"-N"</code> indicates all ports numbered 48*b1cdbd2cSJim Jagielski <code>N</code> and below. 49*b1cdbd2cSJim Jagielski 50*b1cdbd2cSJim Jagielski <p> 51*b1cdbd2cSJim Jagielski The possible ways to connect to the host are 52*b1cdbd2cSJim Jagielski <ul> 53*b1cdbd2cSJim Jagielski <li><code>accept</code></li> 54*b1cdbd2cSJim Jagielski <li><code>connect</code></li> 55*b1cdbd2cSJim Jagielski <li><code>listen</code></li> 56*b1cdbd2cSJim Jagielski <li><code>resolve</code></li> 57*b1cdbd2cSJim Jagielski </ul><br> 58*b1cdbd2cSJim Jagielski The <code>"listen"</code> action is only meaningful when used with <code>"localhost"</code>. 59*b1cdbd2cSJim Jagielski The <code>"resolve"</code> (resolve host/ip name service lookups) action is implied when 60*b1cdbd2cSJim Jagielski any of the other actions are present. 61*b1cdbd2cSJim Jagielski <br> 62*b1cdbd2cSJim Jagielski As an example of the creation and meaning of SocketPermissions, note that if 63*b1cdbd2cSJim Jagielski the following permission 64*b1cdbd2cSJim Jagielski<pre> 65*b1cdbd2cSJim JagielskiSocketPermission("foo.bar.com:7777", "connect,accept"); 66*b1cdbd2cSJim Jagielski</pre> 67*b1cdbd2cSJim Jagielski is granted, it allows to connect to port 7777 on foo.bar.com, and to 68*b1cdbd2cSJim Jagielski accept connections on that port. 69*b1cdbd2cSJim Jagielski <br> 70*b1cdbd2cSJim Jagielski Similarly, if the following permission 71*b1cdbd2cSJim Jagielski<pre> 72*b1cdbd2cSJim JagielskiSocketPermission("localhost:1024-", "accept,connect,listen"); 73*b1cdbd2cSJim Jagielski</pre> 74*b1cdbd2cSJim Jagielski is granted, it allows that code to accept connections on, connect to, or listen 75*b1cdbd2cSJim Jagielski on any port between 1024 and 65535 on the local host. 76*b1cdbd2cSJim Jagielski </p> 77*b1cdbd2cSJim Jagielski 78*b1cdbd2cSJim Jagielski @attention 79*b1cdbd2cSJim Jagielski Granting code permission to accept or make connections to remote hosts may be 80*b1cdbd2cSJim Jagielski dangerous because malevolent code can then more easily transfer and share 81*b1cdbd2cSJim Jagielski confidential data among parties who may not otherwise have access to the data. 82*b1cdbd2cSJim Jagielski </p> 83*b1cdbd2cSJim Jagielski 84*b1cdbd2cSJim Jagielski @since OpenOffice 1.1.2 85*b1cdbd2cSJim Jagielski*/ 86*b1cdbd2cSJim Jagielskipublished struct SocketPermission 87*b1cdbd2cSJim Jagielski{ 88*b1cdbd2cSJim Jagielski /** target host with optional portrange 89*b1cdbd2cSJim Jagielski */ 90*b1cdbd2cSJim Jagielski string Host; 91*b1cdbd2cSJim Jagielski /** comma separated actions list 92*b1cdbd2cSJim Jagielski */ 93*b1cdbd2cSJim Jagielski string Actions; 94*b1cdbd2cSJim Jagielski}; 95*b1cdbd2cSJim Jagielski 96*b1cdbd2cSJim Jagielski//============================================================================= 97*b1cdbd2cSJim Jagielski 98*b1cdbd2cSJim Jagielski}; }; }; }; 99*b1cdbd2cSJim Jagielski 100*b1cdbd2cSJim Jagielski#endif 101