1/**************************************************************
2 *
3 * Licensed to the Apache Software Foundation (ASF) under one
4 * or more contributor license agreements.  See the NOTICE file
5 * distributed with this work for additional information
6 * regarding copyright ownership.  The ASF licenses this file
7 * to you under the Apache License, Version 2.0 (the
8 * "License"); you may not use this file except in compliance
9 * with the License.  You may obtain a copy of the License at
10 *
11 *   http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing,
14 * software distributed under the License is distributed on an
15 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 * KIND, either express or implied.  See the License for the
17 * specific language governing permissions and limitations
18 * under the License.
19 *
20 *************************************************************/
21
22
23#ifndef __com_sun_star_connection_SocketPermission_idl__
24#define __com_sun_star_connection_SocketPermission_idl__
25
26//=============================================================================
27
28module com {  module sun {  module star {  module connection {
29
30//=============================================================================
31
32/** This permission represents access to a network via sockets.
33    A SocketPermission consists of a host specification and a set of actions
34    specifying ways to connect to that host.  The host is specified as
35    <pre>
36    host = (hostname | IPaddress)[:portrange]
37    portrange = portnumber | -portnumber | portnumber-[portnumber]
38    </pre>
39    The host is expressed as a DNS name, as a numerical IP address, or as
40    <code>"localhost"</code> (for the local machine).  The wildcard <code>"*"</code>
41     may be included once
42    in a DNS name host specification.  If it is included, it must be in the
43    leftmost position, as in <code>"*.sun.com"</code>.
44    <br>
45    The port or portrange is optional.  A port specification of the form <code>"N-"</code>,
46    where <code>N</code> is a port number, signifies all ports numbered <code>N</code> and above,
47    while a specification of the form <code>"-N"</code> indicates all ports numbered
48    <code>N</code> and below.
49
50    <p>
51    The possible ways to connect to the host are
52    <ul>
53    <li><code>accept</code></li>
54    <li><code>connect</code></li>
55    <li><code>listen</code></li>
56    <li><code>resolve</code></li>
57    </ul><br>
58    The <code>"listen"</code> action is only meaningful when used with <code>"localhost"</code>.
59    The <code>"resolve"</code> (resolve host/ip name service lookups) action is implied when
60    any of the other actions are present.
61    <br>
62    As an example of the creation and meaning of SocketPermissions, note that if
63    the following permission
64<pre>
65SocketPermission("foo.bar.com:7777", "connect,accept");
66</pre>
67    is granted, it allows to connect to port 7777 on foo.bar.com, and to
68    accept connections on that port.
69    <br>
70    Similarly, if the following permission
71<pre>
72SocketPermission("localhost:1024-", "accept,connect,listen");
73</pre>
74    is granted, it allows that code to accept connections on, connect to, or listen
75    on any port between 1024 and 65535 on the local host.
76    </p>
77
78    @attention
79    Granting code permission to accept or make connections to remote hosts may be
80    dangerous because malevolent code can then more easily transfer and share
81    confidential data among parties who may not otherwise have access to the data.
82    </p>
83
84    @since OOo 1.1.2
85*/
86published struct SocketPermission
87{
88	/** target host with optional portrange
89	*/
90	string Host;
91	/** comma separated actions list
92	*/
93	string Actions;
94};
95
96//=============================================================================
97
98}; }; }; };
99
100#endif
101