Skip to main content

zlink_core/connection/
credentials.rs

1//! Connection credentials.
2
3use super::{Gid, Pid, Uid};
4
5/// Credentials of a peer connection.
6#[derive(Debug)]
7pub struct Credentials {
8    unix_user_id: Uid,
9    unix_primary_group_id: Gid,
10    #[cfg(target_os = "linux")]
11    unix_supplementary_group_ids: Vec<Gid>,
12    process_id: Pid,
13    #[cfg(target_os = "linux")]
14    process_fd: std::os::fd::OwnedFd,
15}
16
17impl Credentials {
18    /// Create new credentials for a peer connection.
19    ///
20    /// # Arguments
21    /// * `unix_user_id` - The numeric Unix user ID.
22    /// * `process_id` - The numeric process ID.
23    /// * `process_fd` (Linux only) - A file descriptor pinning the process.
24    pub(crate) fn new(
25        unix_user_id: Uid,
26        unix_primary_group_id: Gid,
27        #[cfg(target_os = "linux")] unix_supplementary_group_ids: Vec<Gid>,
28        process_id: Pid,
29        #[cfg(target_os = "linux")] process_fd: std::os::fd::OwnedFd,
30    ) -> Self {
31        Self {
32            unix_user_id,
33            unix_primary_group_id,
34            #[cfg(target_os = "linux")]
35            unix_supplementary_group_ids,
36            process_id,
37            #[cfg(target_os = "linux")]
38            process_fd,
39        }
40    }
41
42    /// The numeric Unix user ID, as defined by POSIX.
43    pub fn unix_user_id(&self) -> Uid {
44        self.unix_user_id
45    }
46
47    /// The numeric process ID, on platforms that have this concept.
48    ///
49    /// On Unix, this is the process ID defined by POSIX.
50    pub fn process_id(&self) -> Pid {
51        self.process_id
52    }
53
54    /// The numeric Unix group ID, as defined by POSIX.
55    pub fn unix_primary_group_id(&self) -> Gid {
56        self.unix_primary_group_id
57    }
58
59    /// The set of numeric supplementary Unix group IDs, as defined by POSIX.
60    ///
61    /// Currently, this method is only available for Linux targets.
62    #[cfg(target_os = "linux")]
63    pub fn unix_supplementary_group_ids(&self) -> &[Gid] {
64        &self.unix_supplementary_group_ids
65    }
66
67    /// A file descriptor pinning the process, on platforms that have this concept.
68    ///
69    /// On Linux, the SO_PEERPIDFD socket option is a suitable implementation. This is safer to use
70    /// to identify a process than the ProcessID, as the latter is subject to re-use attacks, while
71    /// the FD cannot be recycled. If the original process no longer exists the FD will no longer
72    /// be resolvable.
73    #[cfg(target_os = "linux")]
74    pub fn process_fd(&self) -> std::os::fd::BorrowedFd<'_> {
75        use std::os::fd::AsFd;
76
77        self.process_fd.as_fd()
78    }
79}