package krb

  1. Overview
  2. Docs
package krb
Legend:
Page
Library
Module
Module type
Parameter
Class
Class type
Source

Source file conn_type.ml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
module Stable = struct
  open Core.Core_stable

  module V1 = struct
    module T = struct
      type t =
        | Auth
        | Safe
        | Priv
      [@@deriving bin_io, compare, sexp]

      include (val Comparator.V1.make ~compare ~sexp_of_t)
    end

    include T
    include Comparable.V1.Make (T)
  end
end

open! Core

module T = struct
  type t = Stable.V1.t =
    | Auth
    | Safe
    | Priv
  [@@deriving compare, enumerate, hash, sexp]

  type comparator_witness = Stable.V1.comparator_witness

  let comparator = Stable.V1.comparator
end

include T
include Comparable.Make_plain_using_comparator (T)
include Sexpable.To_stringable (T)

let to_string t = String.lowercase (to_string t)

let strength = function
  | Auth -> 0
  | Safe -> 1
  | Priv -> 2
;;

let strongest = Core.Set.max_elt

let negotiate_strongest ~us ~peer =
  Core.Set.inter us peer
  |> strongest
  |> function
  | Some t -> Ok t
  | None ->
    Or_error.error_s
      [%message
        "No shared connection types between us and our peer" (us : Set.t) (peer : Set.t)]
;;

let is_as_strong client ~as_:server = Int.(strength client >= strength server)
let%test "is_as_strong reflexive" = List.for_all all ~f:(fun t -> is_as_strong t ~as_:t)

let%test "is_as_strong" =
  let is_not_as_strong a ~as_:b = not (is_as_strong a ~as_:b) in
  List.for_all
    ~f:Fn.id
    [ (* Priv is strongest *)
      is_as_strong Priv ~as_:Auth
    ; is_as_strong Priv ~as_:Safe
      ; (* Auth is weakest *)
      is_not_as_strong Auth ~as_:Safe
    ; is_not_as_strong Auth ~as_:Priv
      ; (* Safe is in between *)
      is_as_strong Safe ~as_:Auth
    ; is_not_as_strong Safe ~as_:Priv
    ]
;;

let arg_type =
  Command.Arg_type.create of_string |> Command.Arg_type.comma_separated ~allow_empty:true
;;

let make_flag required_or_optional =
  let open Command.Param in
  flag
    "conn-types"
    (required_or_optional arg_type)
    ~doc:
      "(auth|safe|priv) What kind of Kerberos connection to use (specify multiple \
       separated by comma)"
;;

let flag = make_flag Command.Param.required
let optional_flag = make_flag Command.Param.optional
OCaml

Innovation. Community. Security.

GitHub Discord Twitter Peertube RSS
About
Changelog Releases Industrial Users Academic Users Why OCaml
Ecosystem
Packages Community Events OCaml Planet Jobs
Resources
Install OCaml Get Started Platform Tools Language Manual Standard Library API Books Exercises Papers OCaml Playground Logo
Policies
Carbon Footprint Governance Privacy Code of Conduct