| /************************************************************** |
| * |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| * |
| *************************************************************/ |
| |
| |
| #ifndef __com_sun_star_connection_SocketPermission_idl__ |
| #define __com_sun_star_connection_SocketPermission_idl__ |
| |
| //============================================================================= |
| |
| module com { module sun { module star { module connection { |
| |
| //============================================================================= |
| |
| /** This permission represents access to a network via sockets. |
| A SocketPermission consists of a host specification and a set of actions |
| specifying ways to connect to that host. The host is specified as |
| <pre> |
| host = (hostname | IPaddress)[:portrange] |
| portrange = portnumber | -portnumber | portnumber-[portnumber] |
| </pre> |
| The host is expressed as a DNS name, as a numerical IP address, or as |
| <code>"localhost"</code> (for the local machine). The wildcard <code>"*"</code> |
| may be included once |
| in a DNS name host specification. If it is included, it must be in the |
| leftmost position, as in <code>"*.sun.com"</code>. |
| <br> |
| The port or portrange is optional. A port specification of the form <code>"N-"</code>, |
| where <code>N</code> is a port number, signifies all ports numbered <code>N</code> and above, |
| while a specification of the form <code>"-N"</code> indicates all ports numbered |
| <code>N</code> and below. |
| |
| <p> |
| The possible ways to connect to the host are |
| <ul> |
| <li><code>accept</code></li> |
| <li><code>connect</code></li> |
| <li><code>listen</code></li> |
| <li><code>resolve</code></li> |
| </ul><br> |
| The <code>"listen"</code> action is only meaningful when used with <code>"localhost"</code>. |
| The <code>"resolve"</code> (resolve host/ip name service lookups) action is implied when |
| any of the other actions are present. |
| <br> |
| As an example of the creation and meaning of SocketPermissions, note that if |
| the following permission |
| <pre> |
| SocketPermission("foo.bar.com:7777", "connect,accept"); |
| </pre> |
| is granted, it allows to connect to port 7777 on foo.bar.com, and to |
| accept connections on that port. |
| <br> |
| Similarly, if the following permission |
| <pre> |
| SocketPermission("localhost:1024-", "accept,connect,listen"); |
| </pre> |
| is granted, it allows that code to accept connections on, connect to, or listen |
| on any port between 1024 and 65535 on the local host. |
| </p> |
| |
| @attention |
| Granting code permission to accept or make connections to remote hosts may be |
| dangerous because malevolent code can then more easily transfer and share |
| confidential data among parties who may not otherwise have access to the data. |
| </p> |
| |
| @since OpenOffice 1.1.2 |
| */ |
| published struct SocketPermission |
| { |
| /** target host with optional portrange |
| */ |
| string Host; |
| /** comma separated actions list |
| */ |
| string Actions; |
| }; |
| |
| //============================================================================= |
| |
| }; }; }; }; |
| |
| #endif |