(* $Id: rpc_auth_local.mli 1676 2011-10-11 10:56:36Z gerd $ * ---------------------------------------------------------------------- * *) (* Authentication for Unix domain sockets * * Some operating systems allow it to check the uid of the connecting user * of a Unix domain socket. This feature can be used for a very reliable * way of authentication. * * To use this method, connect with AUTH_NONE on the client side. On the * server side, put the following [server_auth_method] into the list of * permitted methods (in addition to {!Rpc_server.auth_none}). * * This method formats user names as strings * "<uid>.<gid>@localhost" * where <uid> is the effective user ID and <gid> is the effective group ID * of the calling user. * Note that you can parse this string with {!Rpc_auth_sys.parse_user_name}. * * If the file descriptor is not a Unix domain socket, this method generates * the error [Auth_too_weak]. * The same happens if the operating system does not provide a way to * get the credentials of the connecting user (or I have not yet implemented * it). * * {2 Supported OS} * * Currently this works {b only} on Linux. * * {2 Interface} *) val server_auth_method : unit -> Rpc_server.auth_method (** Return the authentication method [AUTH_LOCAL]. * * Note that you need another authentication method that operates at * message level (like AUTH_NONE, AUTH_SYS, AUTH_DH), otherwise you will * get an error [Auth_too_weak]. [AUTH_LOCAL] overrides the result of the * other authentication method. *) val get_peer_credentials : Unix.file_descr -> (int * int);; (** Return the pair (euid,egid) for a Unix domain socket. * The function raises [Invalid_argument] if it is not available for this * operating system. (Generally, this should work on Linux, BSD, and * Solaris, and OS with compatible system functions - supported methods are * [SO_PEERCRED], [getpeerucred], and [getpeereid]). * * Some OS support this only for named Unix domain sockets but not for * socketpairs. *) (* val peek_peer_credentials : Unix.file_descr -> (int * int);; (** Peeks at the next message and returns the pair (euid,egid) for a * Unix domain socket. This function must be called before data is * read from the socket (and it blocks until data is available). * The function raises [Invalid_argument] if it is not available for this * operating system. * The exception [Not_found] is raised if the credentials cannot be * extracted from the control block. * [peek_peer_credentials] seems to be more portable than * [get_peer_credentials]. *) *)