1 /* GDBus - GLib D-Bus Library
2 *
3 * Copyright (C) 2008-2010 Red Hat, Inc.
4 *
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
14 *
15 * You should have received a copy of the GNU Lesser General
16 * Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
17 *
18 * Author: David Zeuthen <davidz@redhat.com>
19 */
20
21 #include "config.h"
22
23 #include <stdlib.h>
24 #include <string.h>
25
26 #include <gobject/gvaluecollector.h>
27
28 #include "gcredentials.h"
29 #include "gcredentialsprivate.h"
30 #include "gnetworking.h"
31 #include "gioerror.h"
32 #include "gioenumtypes.h"
33
34 #include "glibintl.h"
35
36 /**
37 * SECTION:gcredentials
38 * @short_description: An object containing credentials
39 * @include: gio/gio.h
40 *
41 * The #GCredentials type is a reference-counted wrapper for native
42 * credentials. This information is typically used for identifying,
43 * authenticating and authorizing other processes.
44 *
45 * Some operating systems supports looking up the credentials of the
46 * remote peer of a communication endpoint - see e.g.
47 * g_socket_get_credentials().
48 *
49 * Some operating systems supports securely sending and receiving
50 * credentials over a Unix Domain Socket, see
51 * #GUnixCredentialsMessage, g_unix_connection_send_credentials() and
52 * g_unix_connection_receive_credentials() for details.
53 *
54 * On Linux, the native credential type is a `struct ucred` - see the
55 * unix(7) man page for details. This corresponds to
56 * %G_CREDENTIALS_TYPE_LINUX_UCRED.
57 *
58 * On Apple operating systems (including iOS, tvOS, and macOS),
59 * the native credential type is a `struct xucred`.
60 * This corresponds to %G_CREDENTIALS_TYPE_APPLE_XUCRED.
61 *
62 * On FreeBSD, Debian GNU/kFreeBSD, and GNU/Hurd, the native
63 * credential type is a `struct cmsgcred`. This corresponds
64 * to %G_CREDENTIALS_TYPE_FREEBSD_CMSGCRED.
65 *
66 * On NetBSD, the native credential type is a `struct unpcbid`.
67 * This corresponds to %G_CREDENTIALS_TYPE_NETBSD_UNPCBID.
68 *
69 * On OpenBSD, the native credential type is a `struct sockpeercred`.
70 * This corresponds to %G_CREDENTIALS_TYPE_OPENBSD_SOCKPEERCRED.
71 *
72 * On Solaris (including OpenSolaris and its derivatives), the native
73 * credential type is a `ucred_t`. This corresponds to
74 * %G_CREDENTIALS_TYPE_SOLARIS_UCRED.
75 */
76
77 /**
78 * GCredentials:
79 *
80 * The #GCredentials structure contains only private data and
81 * should only be accessed using the provided API.
82 *
83 * Since: 2.26
84 */
85 struct _GCredentials
86 {
87 /*< private >*/
88 GObject parent_instance;
89
90 #if G_CREDENTIALS_USE_LINUX_UCRED
91 struct ucred native;
92 #elif G_CREDENTIALS_USE_APPLE_XUCRED
93 struct xucred native;
94 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
95 struct cmsgcred native;
96 #elif G_CREDENTIALS_USE_NETBSD_UNPCBID
97 struct unpcbid native;
98 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
99 struct sockpeercred native;
100 #elif G_CREDENTIALS_USE_SOLARIS_UCRED
101 ucred_t *native;
102 #else
103 #ifdef __GNUC__
104 #pragma GCC diagnostic push
105 #pragma GCC diagnostic warning "-Wcpp"
106 #warning Please add GCredentials support for your OS
107 #pragma GCC diagnostic pop
108 #endif
109 #endif
110 };
111
112 /**
113 * GCredentialsClass:
114 *
115 * Class structure for #GCredentials.
116 *
117 * Since: 2.26
118 */
119 struct _GCredentialsClass
120 {
121 /*< private >*/
122 GObjectClass parent_class;
123 };
124
G_DEFINE_TYPE(GCredentials,g_credentials,G_TYPE_OBJECT)125 G_DEFINE_TYPE (GCredentials, g_credentials, G_TYPE_OBJECT)
126
127 static void
128 g_credentials_finalize (GObject *object)
129 {
130 #if G_CREDENTIALS_USE_SOLARIS_UCRED
131 GCredentials *credentials = G_CREDENTIALS (object);
132
133 ucred_free (credentials->native);
134 #endif
135
136 if (G_OBJECT_CLASS (g_credentials_parent_class)->finalize != NULL)
137 G_OBJECT_CLASS (g_credentials_parent_class)->finalize (object);
138 }
139
140
141 static void
g_credentials_class_init(GCredentialsClass * klass)142 g_credentials_class_init (GCredentialsClass *klass)
143 {
144 GObjectClass *gobject_class;
145
146 gobject_class = G_OBJECT_CLASS (klass);
147 gobject_class->finalize = g_credentials_finalize;
148 }
149
150 static void
g_credentials_init(GCredentials * credentials)151 g_credentials_init (GCredentials *credentials)
152 {
153 #if G_CREDENTIALS_USE_LINUX_UCRED
154 credentials->native.pid = getpid ();
155 credentials->native.uid = geteuid ();
156 credentials->native.gid = getegid ();
157 #elif G_CREDENTIALS_USE_APPLE_XUCRED
158 gsize i;
159
160 credentials->native.cr_version = XUCRED_VERSION;
161 credentials->native.cr_uid = geteuid ();
162 credentials->native.cr_ngroups = 1;
163 credentials->native.cr_groups[0] = getegid ();
164
165 /* FIXME: In principle this could use getgroups() to fill in the rest
166 * of cr_groups, but then we'd have to handle the case where a process
167 * can have more than NGROUPS groups, if that's even possible. A macOS
168 * user would have to develop and test this.
169 *
170 * For now we fill it with -1 (meaning "no data"). */
171 for (i = 1; i < NGROUPS; i++)
172 credentials->native.cr_groups[i] = -1;
173 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
174 memset (&credentials->native, 0, sizeof (struct cmsgcred));
175 credentials->native.cmcred_pid = getpid ();
176 credentials->native.cmcred_euid = geteuid ();
177 credentials->native.cmcred_gid = getegid ();
178 #elif G_CREDENTIALS_USE_NETBSD_UNPCBID
179 credentials->native.unp_pid = getpid ();
180 credentials->native.unp_euid = geteuid ();
181 credentials->native.unp_egid = getegid ();
182 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
183 credentials->native.pid = getpid ();
184 credentials->native.uid = geteuid ();
185 credentials->native.gid = getegid ();
186 #elif G_CREDENTIALS_USE_SOLARIS_UCRED
187 credentials->native = ucred_get (P_MYID);
188 #endif
189 }
190
191 /* ---------------------------------------------------------------------------------------------------- */
192
193 /**
194 * g_credentials_new:
195 *
196 * Creates a new #GCredentials object with credentials matching the
197 * the current process.
198 *
199 * Returns: (transfer full): A #GCredentials. Free with g_object_unref().
200 *
201 * Since: 2.26
202 */
203 GCredentials *
g_credentials_new(void)204 g_credentials_new (void)
205 {
206 return g_object_new (G_TYPE_CREDENTIALS, NULL);
207 }
208
209 /* ---------------------------------------------------------------------------------------------------- */
210
211 /**
212 * g_credentials_to_string:
213 * @credentials: A #GCredentials object.
214 *
215 * Creates a human-readable textual representation of @credentials
216 * that can be used in logging and debug messages. The format of the
217 * returned string may change in future GLib release.
218 *
219 * Returns: (transfer full): A string that should be freed with g_free().
220 *
221 * Since: 2.26
222 */
223 gchar *
g_credentials_to_string(GCredentials * credentials)224 g_credentials_to_string (GCredentials *credentials)
225 {
226 GString *ret;
227 #if G_CREDENTIALS_USE_APPLE_XUCRED
228 glib_typeof (credentials->native.cr_ngroups) i;
229 #endif
230
231 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), NULL);
232
233 ret = g_string_new ("GCredentials:");
234 #if G_CREDENTIALS_USE_LINUX_UCRED
235 g_string_append (ret, "linux-ucred:");
236 if (credentials->native.pid != (pid_t) -1)
237 g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.pid);
238 if (credentials->native.uid != (uid_t) -1)
239 g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.uid);
240 if (credentials->native.gid != (gid_t) -1)
241 g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.gid);
242 if (ret->str[ret->len - 1] == ',')
243 ret->str[ret->len - 1] = '\0';
244 #elif G_CREDENTIALS_USE_APPLE_XUCRED
245 g_string_append (ret, "apple-xucred:");
246 g_string_append_printf (ret, "version=%u,", credentials->native.cr_version);
247 if (credentials->native.cr_uid != (uid_t) -1)
248 g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cr_uid);
249 for (i = 0; i < credentials->native.cr_ngroups; i++)
250 g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cr_groups[i]);
251 if (ret->str[ret->len - 1] == ',')
252 ret->str[ret->len - 1] = '\0';
253 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
254 g_string_append (ret, "freebsd-cmsgcred:");
255 if (credentials->native.cmcred_pid != (pid_t) -1)
256 g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cmcred_pid);
257 if (credentials->native.cmcred_euid != (uid_t) -1)
258 g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cmcred_euid);
259 if (credentials->native.cmcred_gid != (gid_t) -1)
260 g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.cmcred_gid);
261 #elif G_CREDENTIALS_USE_NETBSD_UNPCBID
262 g_string_append (ret, "netbsd-unpcbid:");
263 if (credentials->native.unp_pid != (pid_t) -1)
264 g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.unp_pid);
265 if (credentials->native.unp_euid != (uid_t) -1)
266 g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.unp_euid);
267 if (credentials->native.unp_egid != (gid_t) -1)
268 g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.unp_egid);
269 ret->str[ret->len - 1] = '\0';
270 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
271 g_string_append (ret, "openbsd-sockpeercred:");
272 if (credentials->native.pid != (pid_t) -1)
273 g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.pid);
274 if (credentials->native.uid != (uid_t) -1)
275 g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.uid);
276 if (credentials->native.gid != (gid_t) -1)
277 g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) credentials->native.gid);
278 if (ret->str[ret->len - 1] == ',')
279 ret->str[ret->len - 1] = '\0';
280 #elif G_CREDENTIALS_USE_SOLARIS_UCRED
281 g_string_append (ret, "solaris-ucred:");
282 {
283 id_t id;
284 if ((id = ucred_getpid (credentials->native)) != (id_t) -1)
285 g_string_append_printf (ret, "pid=%" G_GINT64_FORMAT ",", (gint64) id);
286 if ((id = ucred_geteuid (credentials->native)) != (id_t) -1)
287 g_string_append_printf (ret, "uid=%" G_GINT64_FORMAT ",", (gint64) id);
288 if ((id = ucred_getegid (credentials->native)) != (id_t) -1)
289 g_string_append_printf (ret, "gid=%" G_GINT64_FORMAT ",", (gint64) id);
290 if (ret->str[ret->len - 1] == ',')
291 ret->str[ret->len - 1] = '\0';
292 }
293 #else
294 g_string_append (ret, "unknown");
295 #endif
296
297 return g_string_free (ret, FALSE);
298 }
299
300 /* ---------------------------------------------------------------------------------------------------- */
301
302 #if G_CREDENTIALS_USE_LINUX_UCRED
303 /*
304 * Check whether @native contains invalid data. If getsockopt SO_PEERCRED
305 * is used on a TCP socket, it succeeds but yields a credentials structure
306 * with pid 0, uid -1 and gid -1. Similarly, if SO_PASSCRED is used on a
307 * receiving Unix socket when the sending socket did not also enable
308 * SO_PASSCRED, it can succeed but yield a credentials structure with
309 * pid 0, uid /proc/sys/kernel/overflowuid and gid
310 * /proc/sys/kernel/overflowgid.
311 */
312 static gboolean
linux_ucred_check_valid(struct ucred * native,GError ** error)313 linux_ucred_check_valid (struct ucred *native,
314 GError **error)
315 {
316 if (native->pid == 0
317 || native->uid == (uid_t) -1
318 || native->gid == (gid_t) -1)
319 {
320 g_set_error_literal (error,
321 G_IO_ERROR,
322 G_IO_ERROR_INVALID_DATA,
323 _("GCredentials contains invalid data"));
324 return FALSE;
325 }
326
327 return TRUE;
328 }
329 #endif
330
331 /**
332 * g_credentials_is_same_user:
333 * @credentials: A #GCredentials.
334 * @other_credentials: A #GCredentials.
335 * @error: Return location for error or %NULL.
336 *
337 * Checks if @credentials and @other_credentials is the same user.
338 *
339 * This operation can fail if #GCredentials is not supported on the
340 * the OS.
341 *
342 * Returns: %TRUE if @credentials and @other_credentials has the same
343 * user, %FALSE otherwise or if @error is set.
344 *
345 * Since: 2.26
346 */
347 gboolean
g_credentials_is_same_user(GCredentials * credentials,GCredentials * other_credentials,GError ** error)348 g_credentials_is_same_user (GCredentials *credentials,
349 GCredentials *other_credentials,
350 GError **error)
351 {
352 gboolean ret;
353
354 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), FALSE);
355 g_return_val_if_fail (G_IS_CREDENTIALS (other_credentials), FALSE);
356 g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
357
358 ret = FALSE;
359 #if G_CREDENTIALS_USE_LINUX_UCRED
360 if (linux_ucred_check_valid (&credentials->native, NULL)
361 && credentials->native.uid == other_credentials->native.uid)
362 ret = TRUE;
363 #elif G_CREDENTIALS_USE_APPLE_XUCRED
364 if (credentials->native.cr_version == other_credentials->native.cr_version &&
365 credentials->native.cr_uid == other_credentials->native.cr_uid)
366 ret = TRUE;
367 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
368 if (credentials->native.cmcred_euid == other_credentials->native.cmcred_euid)
369 ret = TRUE;
370 #elif G_CREDENTIALS_USE_NETBSD_UNPCBID
371 if (credentials->native.unp_euid == other_credentials->native.unp_euid)
372 ret = TRUE;
373 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
374 if (credentials->native.uid == other_credentials->native.uid)
375 ret = TRUE;
376 #elif G_CREDENTIALS_USE_SOLARIS_UCRED
377 if (ucred_geteuid (credentials->native) == ucred_geteuid (other_credentials->native))
378 ret = TRUE;
379 #else
380 g_set_error_literal (error,
381 G_IO_ERROR,
382 G_IO_ERROR_NOT_SUPPORTED,
383 _("GCredentials is not implemented on this OS"));
384 #endif
385
386 return ret;
387 }
388
389 static gboolean
credentials_native_type_check(GCredentialsType requested_type,const char * op)390 credentials_native_type_check (GCredentialsType requested_type,
391 const char *op)
392 {
393 GEnumClass *enum_class;
394 GEnumValue *requested;
395 #if G_CREDENTIALS_SUPPORTED
396 GEnumValue *supported;
397 #endif
398
399 #if G_CREDENTIALS_SUPPORTED
400 if (requested_type == G_CREDENTIALS_NATIVE_TYPE)
401 return TRUE;
402 #endif
403
404 enum_class = g_type_class_ref (g_credentials_type_get_type ());
405 requested = g_enum_get_value (enum_class, requested_type);
406
407 #if G_CREDENTIALS_SUPPORTED
408 supported = g_enum_get_value (enum_class, G_CREDENTIALS_NATIVE_TYPE);
409 g_assert (supported);
410 g_warning ("g_credentials_%s_native: Trying to %s credentials of type %s "
411 "but only %s is supported on this platform.",
412 op, op,
413 requested ? requested->value_name : "(unknown)",
414 supported->value_name);
415 #else
416 g_warning ("g_credentials_%s_native: Trying to %s credentials of type %s "
417 "but there is no support for GCredentials on this platform.",
418 op, op,
419 requested ? requested->value_name : "(unknown)");
420 #endif
421
422 g_type_class_unref (enum_class);
423 return FALSE;
424 }
425
426 /**
427 * g_credentials_get_native: (skip)
428 * @credentials: A #GCredentials.
429 * @native_type: The type of native credentials to get.
430 *
431 * Gets a pointer to native credentials of type @native_type from
432 * @credentials.
433 *
434 * It is a programming error (which will cause a warning to be
435 * logged) to use this method if there is no #GCredentials support for
436 * the OS or if @native_type isn't supported by the OS.
437 *
438 * Returns: (transfer none) (nullable): The pointer to native credentials or
439 * %NULL if there is no #GCredentials support for the OS or if @native_type
440 * isn't supported by the OS. Do not free the returned data, it is owned
441 * by @credentials.
442 *
443 * Since: 2.26
444 */
445 gpointer
g_credentials_get_native(GCredentials * credentials,GCredentialsType native_type)446 g_credentials_get_native (GCredentials *credentials,
447 GCredentialsType native_type)
448 {
449 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), NULL);
450
451 if (!credentials_native_type_check (native_type, "get"))
452 return NULL;
453
454 #if G_CREDENTIALS_USE_SOLARIS_UCRED
455 return credentials->native;
456 #elif G_CREDENTIALS_SUPPORTED
457 return &credentials->native;
458 #else
459 g_assert_not_reached ();
460 #endif
461 }
462
463 /**
464 * g_credentials_set_native:
465 * @credentials: A #GCredentials.
466 * @native_type: The type of native credentials to set.
467 * @native: (not nullable): A pointer to native credentials.
468 *
469 * Copies the native credentials of type @native_type from @native
470 * into @credentials.
471 *
472 * It is a programming error (which will cause a warning to be
473 * logged) to use this method if there is no #GCredentials support for
474 * the OS or if @native_type isn't supported by the OS.
475 *
476 * Since: 2.26
477 */
478 void
g_credentials_set_native(GCredentials * credentials,GCredentialsType native_type,gpointer native)479 g_credentials_set_native (GCredentials *credentials,
480 GCredentialsType native_type,
481 gpointer native)
482 {
483 if (!credentials_native_type_check (native_type, "set"))
484 return;
485
486 #if G_CREDENTIALS_USE_SOLARIS_UCRED
487 memcpy (credentials->native, native, ucred_size ());
488 #elif G_CREDENTIALS_SUPPORTED
489 memcpy (&credentials->native, native, sizeof (credentials->native));
490 #else
491 g_assert_not_reached ();
492 #endif
493 }
494
495 /* ---------------------------------------------------------------------------------------------------- */
496
497 #ifdef G_OS_UNIX
498 /**
499 * g_credentials_get_unix_user:
500 * @credentials: A #GCredentials
501 * @error: Return location for error or %NULL.
502 *
503 * Tries to get the UNIX user identifier from @credentials. This
504 * method is only available on UNIX platforms.
505 *
506 * This operation can fail if #GCredentials is not supported on the
507 * OS or if the native credentials type does not contain information
508 * about the UNIX user.
509 *
510 * Returns: The UNIX user identifier or `-1` if @error is set.
511 *
512 * Since: 2.26
513 */
514 uid_t
g_credentials_get_unix_user(GCredentials * credentials,GError ** error)515 g_credentials_get_unix_user (GCredentials *credentials,
516 GError **error)
517 {
518 uid_t ret;
519
520 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), -1);
521 g_return_val_if_fail (error == NULL || *error == NULL, -1);
522
523 #if G_CREDENTIALS_USE_LINUX_UCRED
524 if (linux_ucred_check_valid (&credentials->native, error))
525 ret = credentials->native.uid;
526 else
527 ret = -1;
528 #elif G_CREDENTIALS_USE_APPLE_XUCRED
529 if (credentials->native.cr_version == XUCRED_VERSION)
530 {
531 ret = credentials->native.cr_uid;
532 }
533 else
534 {
535 g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
536 /* No point in translating the part in parentheses... */
537 "%s (struct xucred cr_version %u != %u)",
538 _("There is no GCredentials support for your platform"),
539 credentials->native.cr_version,
540 XUCRED_VERSION);
541 ret = -1;
542 }
543 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
544 ret = credentials->native.cmcred_euid;
545 #elif G_CREDENTIALS_USE_NETBSD_UNPCBID
546 ret = credentials->native.unp_euid;
547 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
548 ret = credentials->native.uid;
549 #elif G_CREDENTIALS_USE_SOLARIS_UCRED
550 ret = ucred_geteuid (credentials->native);
551 #else
552 ret = -1;
553 g_set_error_literal (error,
554 G_IO_ERROR,
555 G_IO_ERROR_NOT_SUPPORTED,
556 _("There is no GCredentials support for your platform"));
557 #endif
558
559 return ret;
560 }
561
562 /**
563 * g_credentials_get_unix_pid:
564 * @credentials: A #GCredentials
565 * @error: Return location for error or %NULL.
566 *
567 * Tries to get the UNIX process identifier from @credentials. This
568 * method is only available on UNIX platforms.
569 *
570 * This operation can fail if #GCredentials is not supported on the
571 * OS or if the native credentials type does not contain information
572 * about the UNIX process ID (for example this is the case for
573 * %G_CREDENTIALS_TYPE_APPLE_XUCRED).
574 *
575 * Returns: The UNIX process ID, or `-1` if @error is set.
576 *
577 * Since: 2.36
578 */
579 pid_t
g_credentials_get_unix_pid(GCredentials * credentials,GError ** error)580 g_credentials_get_unix_pid (GCredentials *credentials,
581 GError **error)
582 {
583 pid_t ret;
584
585 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), -1);
586 g_return_val_if_fail (error == NULL || *error == NULL, -1);
587
588 #if G_CREDENTIALS_USE_LINUX_UCRED
589 if (linux_ucred_check_valid (&credentials->native, error))
590 ret = credentials->native.pid;
591 else
592 ret = -1;
593 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
594 ret = credentials->native.cmcred_pid;
595 #elif G_CREDENTIALS_USE_NETBSD_UNPCBID
596 ret = credentials->native.unp_pid;
597 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
598 ret = credentials->native.pid;
599 #elif G_CREDENTIALS_USE_SOLARIS_UCRED
600 ret = ucred_getpid (credentials->native);
601 #else
602 /* this case includes G_CREDENTIALS_USE_APPLE_XUCRED */
603 ret = -1;
604 g_set_error_literal (error,
605 G_IO_ERROR,
606 G_IO_ERROR_NOT_SUPPORTED,
607 _("GCredentials does not contain a process ID on this OS"));
608 #endif
609
610 return ret;
611 }
612
613 /**
614 * g_credentials_set_unix_user:
615 * @credentials: A #GCredentials.
616 * @uid: The UNIX user identifier to set.
617 * @error: Return location for error or %NULL.
618 *
619 * Tries to set the UNIX user identifier on @credentials. This method
620 * is only available on UNIX platforms.
621 *
622 * This operation can fail if #GCredentials is not supported on the
623 * OS or if the native credentials type does not contain information
624 * about the UNIX user. It can also fail if the OS does not allow the
625 * use of "spoofed" credentials.
626 *
627 * Returns: %TRUE if @uid was set, %FALSE if error is set.
628 *
629 * Since: 2.26
630 */
631 gboolean
g_credentials_set_unix_user(GCredentials * credentials,uid_t uid,GError ** error)632 g_credentials_set_unix_user (GCredentials *credentials,
633 uid_t uid,
634 GError **error)
635 {
636 gboolean ret = FALSE;
637
638 g_return_val_if_fail (G_IS_CREDENTIALS (credentials), FALSE);
639 g_return_val_if_fail (uid != (uid_t) -1, FALSE);
640 g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
641
642 #if G_CREDENTIALS_USE_LINUX_UCRED
643 credentials->native.uid = uid;
644 ret = TRUE;
645 #elif G_CREDENTIALS_USE_APPLE_XUCRED
646 credentials->native.cr_uid = uid;
647 ret = TRUE;
648 #elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
649 credentials->native.cmcred_euid = uid;
650 ret = TRUE;
651 #elif G_CREDENTIALS_USE_NETBSD_UNPCBID
652 credentials->native.unp_euid = uid;
653 ret = TRUE;
654 #elif G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
655 credentials->native.uid = uid;
656 ret = TRUE;
657 #elif !G_CREDENTIALS_SPOOFING_SUPPORTED
658 g_set_error_literal (error,
659 G_IO_ERROR,
660 G_IO_ERROR_PERMISSION_DENIED,
661 _("Credentials spoofing is not possible on this OS"));
662 ret = FALSE;
663 #else
664 g_set_error_literal (error,
665 G_IO_ERROR,
666 G_IO_ERROR_NOT_SUPPORTED,
667 _("GCredentials is not implemented on this OS"));
668 ret = FALSE;
669 #endif
670
671 return ret;
672 }
673
674 #endif /* G_OS_UNIX */
675