]>
Commit | Line | Data |
---|---|---|
3802a3d3 | 1 | <?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*--> |
4cf8496d | 2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" |
12b42c76 | 3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> |
4cf8496d ZJS |
4 | |
5 | <!-- | |
572eb058 ZJS |
6 | SPDX-License-Identifier: LGPL-2.1+ |
7 | ||
b975b0d5 | 8 | This file is part of systemd. |
4cf8496d | 9 | |
b975b0d5 | 10 | Copyright 2014 Zbigniew Jędrzejewski-Szmek |
4cf8496d ZJS |
11 | --> |
12 | ||
48f69d8f | 13 | <refentry id="sd_bus_creds_new_from_pid"> |
4cf8496d ZJS |
14 | |
15 | <refentryinfo> | |
16 | <title>sd_bus_creds_new_from_pid</title> | |
17 | <productname>systemd</productname> | |
18 | ||
19 | <authorgroup> | |
20 | <author> | |
21 | <contrib>A monkey with a typewriter</contrib> | |
22 | <firstname>Zbigniew</firstname> | |
23 | <surname>Jędrzejewski-Szmek</surname> | |
24 | <email>zbyszek@in.waw.pl</email> | |
25 | </author> | |
26 | </authorgroup> | |
27 | </refentryinfo> | |
28 | ||
29 | <refmeta> | |
30 | <refentrytitle>sd_bus_creds_new_from_pid</refentrytitle> | |
31 | <manvolnum>3</manvolnum> | |
32 | </refmeta> | |
33 | ||
34 | <refnamediv> | |
35 | <refname>sd_bus_creds_new_from_pid</refname> | |
36 | <refname>sd_bus_creds_get_mask</refname> | |
f6f7a984 | 37 | <refname>sd_bus_creds_get_augmented_mask</refname> |
4cf8496d ZJS |
38 | <refname>sd_bus_creds_ref</refname> |
39 | <refname>sd_bus_creds_unref</refname> | |
4afd3348 | 40 | <refname>sd_bus_creds_unrefp</refname> |
4cf8496d ZJS |
41 | |
42 | <refpurpose>Retrieve credentials object for the specified PID</refpurpose> | |
43 | </refnamediv> | |
44 | ||
45 | <refsynopsisdiv> | |
46 | <funcsynopsis> | |
47 | <funcsynopsisinfo>#include <systemd/sd-bus.h></funcsynopsisinfo> | |
48 | ||
49 | <funcprototype> | |
50 | <funcdef>int <function>sd_bus_creds_new_from_pid</function></funcdef> | |
51 | <paramdef>pid_t <parameter>pid</parameter></paramdef> | |
52 | <paramdef>uint64_t <parameter>creds_mask</parameter></paramdef> | |
8dc385e7 | 53 | <paramdef>sd_bus_creds **<parameter>ret</parameter></paramdef> |
4cf8496d ZJS |
54 | </funcprototype> |
55 | ||
56 | <funcprototype> | |
57 | <funcdef>uint64_t <function>sd_bus_creds_get_mask</function></funcdef> | |
512e3bbc | 58 | <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef> |
4cf8496d ZJS |
59 | </funcprototype> |
60 | ||
f6f7a984 LP |
61 | <funcprototype> |
62 | <funcdef>uint64_t <function>sd_bus_creds_get_augmented_mask</function></funcdef> | |
512e3bbc | 63 | <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef> |
f6f7a984 LP |
64 | </funcprototype> |
65 | ||
4cf8496d | 66 | <funcprototype> |
8dc385e7 JE |
67 | <funcdef>sd_bus_creds *<function>sd_bus_creds_ref</function></funcdef> |
68 | <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef> | |
4cf8496d ZJS |
69 | </funcprototype> |
70 | ||
71 | <funcprototype> | |
8dc385e7 JE |
72 | <funcdef>sd_bus_creds *<function>sd_bus_creds_unref</function></funcdef> |
73 | <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef> | |
4cf8496d | 74 | </funcprototype> |
4afd3348 LP |
75 | |
76 | <funcprototype> | |
77 | <funcdef>void <function>sd_bus_creds_unrefp</function></funcdef> | |
78 | <paramdef>sd_bus_creds **<parameter>c</parameter></paramdef> | |
79 | </funcprototype> | |
4cf8496d ZJS |
80 | </funcsynopsis> |
81 | ||
82 | <para> | |
83 | <constant>SD_BUS_CREDS_PID</constant>, | |
f6f7a984 | 84 | <constant>SD_BUS_CREDS_PPID</constant>, |
4cf8496d ZJS |
85 | <constant>SD_BUS_CREDS_TID</constant>, |
86 | <constant>SD_BUS_CREDS_UID</constant>, | |
f6f7a984 LP |
87 | <constant>SD_BUS_CREDS_EUID</constant>, |
88 | <constant>SD_BUS_CREDS_SUID</constant>, | |
89 | <constant>SD_BUS_CREDS_FSUID</constant>, | |
4cf8496d | 90 | <constant>SD_BUS_CREDS_GID</constant>, |
f6f7a984 LP |
91 | <constant>SD_BUS_CREDS_EGID</constant>, |
92 | <constant>SD_BUS_CREDS_SGID</constant>, | |
93 | <constant>SD_BUS_CREDS_FSGID</constant>, | |
94 | <constant>SD_BUS_CREDS_SUPPLEMENTARY_GIDS</constant>, | |
4cf8496d ZJS |
95 | <constant>SD_BUS_CREDS_COMM</constant>, |
96 | <constant>SD_BUS_CREDS_TID_COMM</constant>, | |
97 | <constant>SD_BUS_CREDS_EXE</constant>, | |
98 | <constant>SD_BUS_CREDS_CMDLINE</constant>, | |
99 | <constant>SD_BUS_CREDS_CGROUP</constant>, | |
100 | <constant>SD_BUS_CREDS_UNIT</constant>, | |
4cf8496d | 101 | <constant>SD_BUS_CREDS_SLICE</constant>, |
f6f7a984 LP |
102 | <constant>SD_BUS_CREDS_USER_UNIT</constant>, |
103 | <constant>SD_BUS_CREDS_USER_SLICE</constant>, | |
4cf8496d ZJS |
104 | <constant>SD_BUS_CREDS_SESSION</constant>, |
105 | <constant>SD_BUS_CREDS_OWNER_UID</constant>, | |
106 | <constant>SD_BUS_CREDS_EFFECTIVE_CAPS</constant>, | |
107 | <constant>SD_BUS_CREDS_PERMITTED_CAPS</constant>, | |
108 | <constant>SD_BUS_CREDS_INHERITABLE_CAPS</constant>, | |
109 | <constant>SD_BUS_CREDS_BOUNDING_CAPS</constant>, | |
110 | <constant>SD_BUS_CREDS_SELINUX_CONTEXT</constant>, | |
111 | <constant>SD_BUS_CREDS_AUDIT_SESSION_ID</constant>, | |
112 | <constant>SD_BUS_CREDS_AUDIT_LOGIN_UID</constant>, | |
f6f7a984 | 113 | <constant>SD_BUS_CREDS_TTY</constant>, |
4cf8496d ZJS |
114 | <constant>SD_BUS_CREDS_UNIQUE_NAME</constant>, |
115 | <constant>SD_BUS_CREDS_WELL_KNOWN_NAMES</constant>, | |
f6f7a984 LP |
116 | <constant>SD_BUS_CREDS_DESCRIPTION</constant>, |
117 | <constant>SD_BUS_CREDS_AUGMENT</constant>, | |
4cf8496d ZJS |
118 | <constant>_SD_BUS_CREDS_ALL</constant> |
119 | </para> | |
120 | </refsynopsisdiv> | |
121 | ||
122 | <refsect1> | |
123 | <title>Description</title> | |
124 | ||
f6f7a984 LP |
125 | <para><function>sd_bus_creds_new_from_pid()</function> creates a |
126 | new credentials object and fills it with information about the | |
127 | process <parameter>pid</parameter>. The pointer to this object | |
a8eaaee7 | 128 | will be stored in the <parameter>ret</parameter> pointer. Note that |
f6f7a984 LP |
129 | credential objects may also be created and retrieved via |
130 | <citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>, | |
131 | <citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry> | |
132 | and | |
133 | <citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para> | |
4cf8496d ZJS |
134 | |
135 | <para>The information that will be stored is determined by | |
136 | <parameter>creds_mask</parameter>. It may contain a subset of ORed | |
137 | constants <constant>SD_BUS_CREDS_PID</constant>, | |
f6f7a984 | 138 | <constant>SD_BUS_CREDS_PPID</constant>, |
4cf8496d ZJS |
139 | <constant>SD_BUS_CREDS_TID</constant>, |
140 | <constant>SD_BUS_CREDS_UID</constant>, | |
f6f7a984 LP |
141 | <constant>SD_BUS_CREDS_EUID</constant>, |
142 | <constant>SD_BUS_CREDS_SUID</constant>, | |
143 | <constant>SD_BUS_CREDS_FSUID</constant>, | |
4cf8496d | 144 | <constant>SD_BUS_CREDS_GID</constant>, |
f6f7a984 LP |
145 | <constant>SD_BUS_CREDS_EGID</constant>, |
146 | <constant>SD_BUS_CREDS_SGID</constant>, | |
147 | <constant>SD_BUS_CREDS_FSGID</constant>, | |
148 | <constant>SD_BUS_CREDS_SUPPLEMENTARY_GIDS</constant>, | |
4cf8496d ZJS |
149 | <constant>SD_BUS_CREDS_COMM</constant>, |
150 | <constant>SD_BUS_CREDS_TID_COMM</constant>, | |
151 | <constant>SD_BUS_CREDS_EXE</constant>, | |
152 | <constant>SD_BUS_CREDS_CMDLINE</constant>, | |
153 | <constant>SD_BUS_CREDS_CGROUP</constant>, | |
154 | <constant>SD_BUS_CREDS_UNIT</constant>, | |
4cf8496d | 155 | <constant>SD_BUS_CREDS_SLICE</constant>, |
f6f7a984 LP |
156 | <constant>SD_BUS_CREDS_USER_UNIT</constant>, |
157 | <constant>SD_BUS_CREDS_USER_SLICE</constant>, | |
4cf8496d ZJS |
158 | <constant>SD_BUS_CREDS_SESSION</constant>, |
159 | <constant>SD_BUS_CREDS_OWNER_UID</constant>, | |
160 | <constant>SD_BUS_CREDS_EFFECTIVE_CAPS</constant>, | |
161 | <constant>SD_BUS_CREDS_PERMITTED_CAPS</constant>, | |
162 | <constant>SD_BUS_CREDS_INHERITABLE_CAPS</constant>, | |
163 | <constant>SD_BUS_CREDS_BOUNDING_CAPS</constant>, | |
164 | <constant>SD_BUS_CREDS_SELINUX_CONTEXT</constant>, | |
165 | <constant>SD_BUS_CREDS_AUDIT_SESSION_ID</constant>, | |
166 | <constant>SD_BUS_CREDS_AUDIT_LOGIN_UID</constant>, | |
f6f7a984 | 167 | <constant>SD_BUS_CREDS_TTY</constant>, |
4cf8496d | 168 | <constant>SD_BUS_CREDS_UNIQUE_NAME</constant>, |
a8eaaee7 | 169 | <constant>SD_BUS_CREDS_WELL_KNOWN_NAMES</constant>, and |
f6f7a984 LP |
170 | <constant>SD_BUS_CREDS_DESCRIPTION</constant>. Use the special |
171 | value <constant>_SD_BUS_CREDS_ALL</constant> to request all | |
172 | supported fields. The <constant>SD_BUS_CREDS_AUGMENT</constant> | |
a8eaaee7 | 173 | constant may not be ORed into the mask for invocations of |
f6f7a984 | 174 | <function>sd_bus_creds_new_from_pid()</function>.</para> |
4cf8496d ZJS |
175 | |
176 | <para>Fields can be retrieved from the credentials object using | |
177 | <citerefentry><refentrytitle>sd_bus_creds_get_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry> | |
178 | and other functions which correspond directly to the constants | |
179 | listed above.</para> | |
180 | ||
f6f7a984 LP |
181 | <para>A mask of fields which were actually successfully retrieved |
182 | can be retrieved with | |
183 | <function>sd_bus_creds_get_mask()</function>. If the credentials | |
184 | object was created with | |
4cf8496d ZJS |
185 | <function>sd_bus_creds_new_from_pid()</function>, this will be a |
186 | subset of fields requested in <parameter>creds_mask</parameter>. | |
187 | </para> | |
188 | ||
b938cb90 | 189 | <para>Similar to <function>sd_bus_creds_get_mask()</function>, the |
f6f7a984 LP |
190 | function <function>sd_bus_creds_get_augmented_mask()</function> |
191 | returns a bitmask of field constants. The mask indicates which | |
192 | credential fields have been retrieved in a non-atomic fashion. For | |
193 | credential objects created via | |
b938cb90 | 194 | <function>sd_bus_creds_new_from_pid()</function>, this mask will be |
f6f7a984 LP |
195 | identical to the mask returned by |
196 | <function>sd_bus_creds_get_mask()</function>. However, for | |
197 | credential objects retrieved via | |
b938cb90 | 198 | <function>sd_bus_get_name_creds()</function>, this mask will be set |
f6f7a984 LP |
199 | for the credential fields that could not be determined atomically |
200 | at peer connection time, and which were later added by reading | |
201 | augmenting credential data from | |
a8eaaee7 | 202 | <filename>/proc</filename>. Similarly, for credential objects |
b938cb90 | 203 | retrieved via <function>sd_bus_get_owner_creds()</function>, the |
f6f7a984 | 204 | mask is set for the fields that could not be determined atomically |
a8eaaee7 | 205 | at bus creation time, but have been augmented. Similarly, for |
f6f7a984 | 206 | credential objects retrieved via |
b938cb90 | 207 | <function>sd_bus_message_get_creds()</function>, the mask is set |
f6f7a984 | 208 | for the fields that could not be determined atomically at message |
a8eaaee7 | 209 | sending time, but have been augmented. The mask returned by |
f6f7a984 LP |
210 | <function>sd_bus_creds_get_augmented_mask()</function> is always a |
211 | subset of (or identical to) the mask returned by | |
212 | <function>sd_bus_creds_get_mask()</function> for the same | |
213 | object. The latter call hence returns all credential fields | |
214 | available in the credential object, the former then marks the | |
215 | subset of those that have been augmented. Note that augmented | |
b938cb90 JE |
216 | fields are unsuitable for authorization decisions, as they may be |
217 | retrieved at different times, thus being subject to races. Hence, | |
f6f7a984 LP |
218 | augmented fields should be used exclusively for informational |
219 | purposes. | |
220 | </para> | |
221 | ||
222 | <para><function>sd_bus_creds_ref()</function> creates a new | |
4cf8496d ZJS |
223 | reference to the credentials object <parameter>c</parameter>. This |
224 | object will not be destroyed until | |
f6f7a984 | 225 | <function>sd_bus_creds_unref()</function> has been called as many |
4cf8496d | 226 | times plus once more. Once the reference count has dropped to zero, |
06b643e7 | 227 | <parameter>c</parameter> cannot be used anymore, so further |
4cf8496d ZJS |
228 | calls to <function>sd_bus_creds_ref(c)</function> or |
229 | <function>sd_bus_creds_unref(c)</function> are illegal.</para> | |
230 | ||
f6f7a984 | 231 | <para><function>sd_bus_creds_unref()</function> destroys a reference |
4cf8496d | 232 | to <parameter>c</parameter>.</para> |
4afd3348 LP |
233 | |
234 | <para><function>sd_bus_creds_unrefp()</function> is similar to | |
235 | <function>sd_bus_creds_unref()</function> but takes a pointer to a | |
236 | pointer to an <type>sd_bus_creds</type> object. This call is useful in | |
237 | conjunction with GCC's and LLVM's <ulink | |
238 | url="https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html">Clean-up | |
239 | Variable Attribute</ulink>. Note that this function is defined as | |
240 | inline function.</para> | |
241 | ||
242 | <para><function>sd_bus_creds_ref()</function>, | |
243 | <function>sd_bus_creds_unref()</function> and | |
244 | <function>sd_bus_creds_unrefp()</function> execute no operation if | |
245 | the passed in bus credentials object is | |
246 | <constant>NULL</constant>.</para> | |
247 | ||
4cf8496d ZJS |
248 | </refsect1> |
249 | ||
250 | <refsect1> | |
251 | <title>Return Value</title> | |
252 | ||
253 | <para>On success, <function>sd_bus_creds_new_from_pid()</function> | |
254 | returns 0 or a positive integer. On failure, it returns a negative | |
255 | errno-style error code.</para> | |
256 | ||
257 | <para><function>sd_bus_creds_get_mask()</function> returns the | |
258 | mask of successfully acquired fields.</para> | |
259 | ||
f6f7a984 LP |
260 | <para><function>sd_bus_creds_get_augmented_mask()</function> |
261 | returns the mask of fields that have been augmented from data in | |
262 | <filename>/proc</filename>, and are thus not suitable for | |
263 | authorization decisions.</para> | |
264 | ||
265 | <para><function>sd_bus_creds_ref()</function> always returns the | |
4cf8496d ZJS |
266 | argument.</para> |
267 | ||
f6f7a984 | 268 | <para><function>sd_bus_creds_unref()</function> always returns |
4cf8496d ZJS |
269 | <constant>NULL</constant>.</para> |
270 | </refsect1> | |
271 | ||
272 | <refsect1> | |
273 | <title>Reference ownership</title> | |
274 | ||
275 | <para>Function <function>sd_bus_creds_new_from_pid()</function> | |
276 | creates a new object and the caller owns the sole reference. When | |
277 | not needed anymore, this reference should be destroyed with | |
278 | <citerefentry><refentrytitle>sd_bus_creds_unref</refentrytitle><manvolnum>3</manvolnum></citerefentry>. | |
279 | </para> | |
280 | </refsect1> | |
281 | ||
282 | <refsect1> | |
283 | <title>Errors</title> | |
284 | ||
285 | <para>Returned errors may indicate the following problems:</para> | |
286 | ||
287 | <variablelist> | |
288 | ||
289 | <varlistentry> | |
8474b70c | 290 | <term><constant>-ESRCH</constant></term> |
4cf8496d ZJS |
291 | |
292 | <listitem><para>Specified <parameter>pid</parameter> could not | |
293 | be found.</para></listitem> | |
294 | </varlistentry> | |
295 | ||
296 | <varlistentry> | |
8474b70c | 297 | <term><constant>-EINVAL</constant></term> |
4cf8496d ZJS |
298 | |
299 | <listitem><para>Specified parameter is invalid | |
300 | (<constant>NULL</constant> in case of output | |
301 | parameters).</para></listitem> | |
302 | </varlistentry> | |
303 | ||
304 | <varlistentry> | |
8474b70c | 305 | <term><constant>-ENOMEM</constant></term> |
4cf8496d ZJS |
306 | |
307 | <listitem><para>Memory allocation failed.</para></listitem> | |
308 | </varlistentry> | |
f6f7a984 LP |
309 | |
310 | <varlistentry> | |
311 | <term><constant>-EOPNOTSUPP</constant></term> | |
312 | ||
313 | <listitem><para>One of the requested fields is unknown to the local system.</para></listitem> | |
314 | </varlistentry> | |
4cf8496d ZJS |
315 | </variablelist> |
316 | </refsect1> | |
317 | ||
318 | <refsect1> | |
319 | <title>Notes</title> | |
320 | ||
f6f7a984 LP |
321 | <para><function>sd_bus_creds_new_from_pid()</function> and the |
322 | other calls described here are available as a shared library, | |
323 | which can be compiled and linked to with the | |
324 | <constant>libsystemd</constant> <citerefentry | |
325 | project='die-net'><refentrytitle>pkg-config</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
4cf8496d ZJS |
326 | file.</para> |
327 | </refsect1> | |
328 | ||
329 | <refsect1> | |
330 | <title>See Also</title> | |
331 | ||
332 | <para> | |
333 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
334 | <citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>, | |
4cf8496d | 335 | <citerefentry><refentrytitle>sd_bus_creds_get_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry>, |
f6f7a984 LP |
336 | <citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>, |
337 | <citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>, | |
338 | <citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry> | |
4cf8496d ZJS |
339 | </para> |
340 | </refsect1> | |
341 | ||
342 | </refentry> |