hare

[hare] The Hare programming language
git clone https://git.torresjrjr.com/hare.git
Log | Files | Refs | README | LICENSE

creds.ha (4438B)

      1 // SPDX-License-Identifier: MPL-2.0
      2 // (c) Hare authors <https://harelang.org>
      3 // Unix credentials types & functions; ref credentials(7)
      4 
      5 use errors;
      6 use rt;
      7 
      8 // Process ID.
      9 export type pid = rt::pid_t;
     10 
     11 // User ID.
     12 export type uid = rt::uid_t;
     13 
     14 // Group ID.
     15 export type gid = rt::gid_t;
     16 
     17 // Returns the current process user ID.
     18 export fn getuid() uid = rt::getuid() as rt::uid_t: uid;
     19 
     20 // Returns the current process effective user ID.
     21 export fn geteuid() uid = rt::geteuid() as rt::uid_t: uid;
     22 
     23 // Returns the current process group ID.
     24 export fn getgid() gid = rt::getgid() as rt::gid_t: gid;
     25 
     26 // Returns the current process effective group ID.
     27 export fn getegid() gid = rt::getegid() as rt::gid_t: gid;
     28 
     29 // Sets the caller's user ID to the specified value. This generally requires
     30 // elevated permissions from the calling process.
     31 //
     32 // If the system returns an error, this function will abort the program. Failing
     33 // to handle errors from setuid is a grave security issue in your program, and
     34 // therefore we require this function to succeed. If you need to handle the
     35 // error case gracefully, call the appropriate syscall wrapper in [[rt::]]
     36 // yourself, and take extreme care to handle errors correctly.
     37 export fn setuid(uid: uid) void = rt::setuid(&uid)!;
     38 
     39 // Sets the caller's effective user ID to the specified value. This generally
     40 // requires elevated permissions from the calling process.
     41 //
     42 // If the system returns an error, this function will abort the program. Failing
     43 // to handle errors from seteuid is a grave security issue in your program, and
     44 // therefore we require this function to succeed. If you need to handle the
     45 // error case gracefully, call the appropriate syscall wrapper in [[rt::]]
     46 // yourself, and take extreme care to handle errors correctly.
     47 export fn seteuid(euid: uid) void = rt::seteuid(&euid)!;
     48 
     49 // Sets the caller's group ID to the specified value. This generally requires
     50 // elevated permissions from the calling process.
     51 //
     52 // If the system returns an error, this function will abort the program. Failing
     53 // to handle errors from setuid is a grave security issue in your program, and
     54 // therefore we require this function to succeed. If you need to handle the
     55 // error case gracefully, call the appropriate syscall wrapper in [[rt::]]
     56 // yourself, and take extreme care to handle errors correctly.
     57 export fn setgid(gid: gid) void = rt::setgid(&gid)!;
     58 
     59 // Sets the caller's effective group ID to the specified value. This generally
     60 // requires elevated permissions from the calling process.
     61 //
     62 // If the system returns an error, this function will abort the program. Failing
     63 // to handle errors from setegid is a grave security issue in your program, and
     64 // therefore we require this function to succeed. If you need to handle the
     65 // error case gracefully, call the appropriate syscall wrapper in [[rt::]]
     66 // yourself, and take extreme care to handle errors correctly.
     67 export fn setegid(egid: gid) void = rt::setegid(&egid)!;
     68 
     69 // Returns a list of supplementary group IDs for the current process. The
     70 // returned slice is statically allocated.
     71 export fn getgroups() []gid = {
     72 	static let gids: [rt::NGROUPS_MAX]rt::gid_t = [0...];
     73 	const n = rt::getgroups(gids)!;
     74 	return gids[..n]: []gid;
     75 };
     76 
     77 // Sets the list of supplementary group IDs which apply to the current process.
     78 // This generally requires elevated permissions.
     79 //
     80 // If the system returns an error, this function will abort the program. Failing
     81 // to handle errors from setgroups is a grave security issue in your program,
     82 // and therefore we require this function to succeed. If you need to handle the
     83 // error case gracefully, call the appropriate syscall wrapper in [[rt::]]
     84 // yourself, and take extreme care to handle errors correctly.
     85 export fn setgroups(gids: []gid) void = rt::setgroups(gids: []rt::gid_t)!;
     86 
     87 // Returns the current process ID.
     88 export fn getpid() pid = rt::getpid();
     89 
     90 // Returns the parent process ID.
     91 export fn getppid() pid = rt::getppid();
     92 
     93 // Returns the current process group ID.
     94 export fn getpgrp() pid = rt::getpgrp();
     95 
     96 // Returns the current process's session ID.
     97 export fn getsid() pid = rt::getsid(0)!;
     98 
     99 // Returns the session ID associated with the given process.
    100 export fn getpsid(pid: pid) (pid | errors::noentry | errors::noaccess) = {
    101 	match (rt::getsid(pid)) {
    102 	case let pid: rt::pid_t =>
    103 		return pid;
    104 	case let err: rt::errno =>
    105 		assert(err == rt::ESRCH);
    106 		return errors::noentry;
    107 	};
    108 };