File: rpc_auth_local.mli

package info (click to toggle)
ocamlnet 4.1.2-1
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 51,764 kB
  • ctags: 16,446
  • sloc: ml: 148,419; ansic: 10,989; sh: 1,885; makefile: 1,355
file content (69 lines) | stat: -rw-r--r-- 2,592 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
(* $Id$
 * ----------------------------------------------------------------------
 *
 *)

(* Authentication for Unix domain sockets
 *
 * Some operating systems allow it to check the uid of the connecting user
 * of a Unix domain socket. This feature can be used for a very reliable
 * way of authentication.
 *
 * To use this method, connect with AUTH_NONE on the client side. On the
 * server side, put the following [server_auth_method] into the list of
 * permitted methods (in addition to {!Rpc_server.auth_none}).
 *
 * This method formats user names as strings
 *   "<uid>.<gid>@localhost"
 * where <uid> is the effective user ID and <gid> is the effective group ID
 * of the calling user.
 * Note that you can parse this string with {!Rpc_auth_sys.parse_user_name}.
 *
 * If the file descriptor is not a Unix domain socket, this method generates
 * the error [Auth_too_weak].
 * The same happens if the operating system does not provide a way to
 * get the credentials of the connecting user (or I have not yet implemented
 * it).
 *
 * {2 Supported OS}
 *
 * Currently this works {b only} on Linux.
 *
 * {2 Interface}
 *)

val server_auth_method : unit -> Rpc_server.auth_method
  (** Return the authentication method [AUTH_LOCAL].
   *
   * Note that you need another authentication method that operates at
   * message level (like AUTH_NONE, AUTH_SYS, AUTH_DH), otherwise you will
   * get an error [Auth_too_weak]. [AUTH_LOCAL] overrides the result of the
   * other authentication method.
   *)


val get_peer_credentials : Unix.file_descr -> (int * int);;
  (** Return the pair (euid,egid) for a Unix domain socket.
   * The function raises [Invalid_argument] if it is not available for this
   * operating system. (Generally, this should work on Linux, BSD, and
   * Solaris, and OS with compatible system functions - supported methods are
   * [SO_PEERCRED], [getpeerucred], and [getpeereid]).
   *
   * Some OS support this only for named Unix domain sockets but not for
   * socketpairs.
   *)

(*
val peek_peer_credentials : Unix.file_descr -> (int * int);;
  (** Peeks at the next message and returns the pair (euid,egid) for a
   * Unix domain socket. This function must be called before data is
   * read from the socket (and it blocks until data is available).
   * The function raises [Invalid_argument] if it is not available for this
   * operating system.
   * The exception [Not_found] is raised if the credentials cannot be
   * extracted from the control block.
   * [peek_peer_credentials] seems to be more portable than
   * [get_peer_credentials].
   *)
*)