Plasma GitLab Archive
Projects Blog Knowledge 

(* $Id: rpc_auth_sys.mli 287 2006-04-29 16:28:25Z gerd $
 * ----------------------------------------------------------------------
 *
 *)

(** Authentication module AUTH_SYS *)

(** This module implements system authentication (AUTH_SYS, also known as
 * AUTH_UNIX).
 *
 * ***********************************************************************
 * WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING!
 *
 * This authentication method is insecure because it does not use any
 * verifier. I strongly dissuade everybody from using this authentication
 * method for newly written RPC systems. I include it here only for
 * compatibility with older systems.
 *
 * WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING!
 * ***********************************************************************
 *)

type identity =
    [ `Effective_user
    | `Real_user
    | `This_user of (int * int * int array * string)
	(* (uid, gid, supplementary group IDs, hostname) *)
    ]
      (** Specifies the user:
        * - [`Effective_user]: Take the effective user of the process
        * - [`Real_user]: Take the real user of the process
        * - [`This_user(uid,gid,sup_groups,hostname)]: Pretend to be
        *   this user
       *)


val client_auth_method : ?identity : identity ->       (* default: `Real_user *)
                         unit ->
			   Rpc_client.auth_method
  (** Pass the result of this function to [Rpc_client.set_auth_methods] to
   * configure client authentication.
   *
   * [identity]: As whom the clients authenticates.
   *)


type user_name_format =
    [ `Full
    | `UID
    | `Custom of int32 -> int32 -> int32 array -> string -> string
    ]
    (** How [Rpc_server.get_user] returns the user as string:
      * - [`Full]: The format includes all transmitted details:
      *   ["<uid>.<gid>.<gid1>.<gid2>...@<hostname>"].
      *   All user and group IDs are numeric. The first two numbers, <uid> and
      *   <gid> are always present. The other numbers are the supplementary
      *   group IDs and can be omitted. The <hostname> is the name passed in
      *   the credentials.
      * - [`UID]: The string is the numeric user ID
      * - [`Custom f]: The string is returned by the function [f]. The
      *   arguments are [uid], [gid], the array of the supplementary 
      *   group IDs and the hostname.
     *)

val server_auth_method : ?lookup_hostname:bool ->          (* default: true *)
                         ?require_privileged_port:bool ->  (* default: true *)
                         ?user_name_as:user_name_format -> (* default: `Full *)
			 unit ->
			   Rpc_server.auth_method
  (** Pass the result of this function to [Rpc_server.set_auth_methods] to
   * configure authentication.
   *
   * [lookup_hostname]: if true, the hostname contained in the credentials
   *    is checked (by gethostbyname)
   *
   * [require_privileged_port]: if true, the client must use a privileged
   *    port. Note that Unix domain sockets are rejected in this mode.
   *
   * User name strings as formatted as specified by [user_name_as]. 
   * This defaults to [`Full].
   *)

val parse_user_name : string -> (int * int * int array * string)
  (** Parses a user name as returned by [Rpc_server.get_user] in conjunction
   * with the AUTH_SYS authentication and [`Full] formatting.
   * Returns [(uid,gid,sup_groups,hostname)].1
   *)
This web site is published by Informatikbüro Gerd Stolpmann
Powered by Caml