module Rpc_auth_sys:sig
..end
Authentication module AUTH_SYS
This module implements system authentication (AUTH_SYS, also known as AUTH_UNIX).
*********************************************************************** WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING!
This authentication method is insecure because it does not use any verifier. I strongly dissuade everybody from using this authentication method for newly written RPC systems. I include it here only for compatibility with older systems.
WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! ***********************************************************************
typeidentity =
[ `Effective_user | `Real_user | `This_user of int * int * int array * string
]
Specifies the user:
`Effective_user
: Take the effective user of the process`Real_user
: Take the real user of the process`This_user(uid,gid,sup_groups,hostname)
: Pretend to be
this userval client_auth_method : ?identity:identity -> unit -> Rpc_client.auth_method
Pass the result of this function to Rpc_client.set_auth_methods
to
configure client authentication.
identity
: As whom the clients authenticates.
typeuser_name_format =
[ `Custom of int32 -> int32 -> int32 array -> string -> string | `Full | `UID
]
How Rpc_server.get_user
returns the user as string:
`Full
: The format includes all transmitted details:
"<uid>.<gid>.<gid1>.<gid2>...@<hostname>"
.
All user and group IDs are numeric. The first two numbers, <uid> and
<gid> are always present. The other numbers are the supplementary
group IDs and can be omitted. The <hostname> is the name passed in
the credentials.`UID
: The string is the numeric user ID`Custom f
: The string is returned by the function f
. The
arguments are uid
, gid
, the array of the supplementary
group IDs and the hostname.val server_auth_method : ?lookup_hostname:bool ->
?require_privileged_port:bool ->
?user_name_as:user_name_format -> unit -> Rpc_server.auth_method
Pass the result of this function to Rpc_server.set_auth_methods
to
configure authentication.
lookup_hostname
: if true, the hostname contained in the credentials
is checked (by gethostbyname)
require_privileged_port
: if true, the client must use a privileged
port. Note that Unix domain sockets are rejected in this mode.
User name strings as formatted as specified by user_name_as
.
This defaults to `Full
.
val parse_user_name : string -> int * int * int array * string
Parses a user name as returned by Rpc_server.get_user
in conjunction
with the AUTH_SYS authentication and `Full
formatting.
Returns (uid,gid,sup_groups,hostname)
.1