package krb

  1. Overview
  2. Docs
package krb
Legend:
Page
Library
Module
Module type
Parameter
Class
Class type
Source

Source file authorize.ml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
open! Core
open! Async
open! Import


type 'principal authorize =
  Socket.Address.Inet.t -> 'principal -> [ `Accept | `Reject ] Deferred.t

let bool_to_auth = function
  | true -> `Accept
  | false -> `Reject
;;

module Krb = struct
  type t =
    | Single_realm_accept_all
    | Single_realm of Principal.Name.t authorize
    | Cross_realm of Cross_realm_principal_name.t authorize
  [@@deriving variants]

  let create_async f = Single_realm f
  let create f = create_async (fun addr principal -> f addr principal |> Deferred.return)
  let accept_all = Single_realm_accept_all

  let accept_single allowed =
    create (fun _ principal -> bool_to_auth (Principal.Name.equal allowed principal))
  ;;

  let accept_multiple allowed =
    create (fun _ principal -> bool_to_auth (Set.mem allowed principal))
  ;;

  module Cross_realm = struct
    let create f = Cross_realm (fun addr principal -> f addr principal |> Deferred.return)

    let accept_single allowed =
      create (fun _ principal ->
        bool_to_auth (Cross_realm_principal_name.equal allowed principal))
    ;;

    let accept_multiple allowed =
      create (fun _ principal -> bool_to_auth (Set.mem allowed principal))
    ;;
  end
end

module Anon = struct
  type t = Principal.Name.t option authorize

  let of_krb ?(on_anon = `Accept) f addr maybe_principal =
    match maybe_principal with
    | None -> return on_anon
    | Some principal -> f addr principal |> return
  ;;

  let create f addr principal_opt = f addr principal_opt |> Deferred.return
  let accept_all = of_krb (fun _ _ -> `Accept)

  let accept_single allowed =
    of_krb (fun _ principal -> bool_to_auth (Principal.Name.equal allowed principal))
  ;;

  let accept_multiple allowed =
    of_krb (fun _ principal -> bool_to_auth (Set.mem allowed principal))
  ;;
end

include Krb

let krb_of_anon auth_anon =
  create_async (fun addr principal -> auth_anon addr (Some principal))
;;

let authorization_method = function
  | Single_realm_accept_all -> `Accept_all
  | Single_realm _ | Cross_realm _ -> `Custom
;;

module For_internal_use = struct
  let authorize auth addr principal =
    match auth with
    | Single_realm_accept_all -> return `Accept
    | Single_realm single_auth ->
      single_auth addr (Principal.Name.of_cross_realm principal)
    | Cross_realm cr_auth -> cr_auth addr principal
  ;;

  let allows_cross_realm = function
    | Single_realm_accept_all | Single_realm _ -> false
    | Cross_realm _ -> true
  ;;

  module Anon = struct
    let authorize auth addr maybe_principal = auth addr maybe_principal
  end
end
OCaml

Innovation. Community. Security.

GitHub Discord Twitter Peertube RSS
About
Changelog Releases Industrial Users Academic Users Why OCaml
Ecosystem
Packages Community Events OCaml Planet Jobs
Resources
Install OCaml Get Started Platform Tools Language Manual Standard Library API Books Exercises Papers OCaml Playground Logo
Policies
Carbon Footprint Governance Privacy Code of Conduct