[thirdparty/systemd.git] / man / sd_bus_creds_new_from_pid.xml

<?xml version='1.0'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->

<refentry id="sd_bus_creds_new_from_pid" xmlns:xi="http://www.w3.org/2001/XInclude">

  <refentryinfo>
    <title>sd_bus_creds_new_from_pid</title>
    <productname>systemd</productname>
  </refentryinfo>

  <refmeta>
    <refentrytitle>sd_bus_creds_new_from_pid</refentrytitle>
    <manvolnum>3</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>sd_bus_creds_new_from_pid</refname>
    <refname>sd_bus_creds_new_from_pidfd</refname>
    <refname>sd_bus_creds_get_mask</refname>
    <refname>sd_bus_creds_get_augmented_mask</refname>
    <refname>sd_bus_creds_ref</refname>
    <refname>sd_bus_creds_unref</refname>
    <refname>sd_bus_creds_unrefp</refname>

    <refpurpose>Retrieve credentials object for the specified PID</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <funcsynopsis>
      <funcsynopsisinfo>#include &lt;systemd/sd-bus.h&gt;</funcsynopsisinfo>

      <funcprototype>
        <funcdef>int <function>sd_bus_creds_new_from_pid</function></funcdef>
        <paramdef>pid_t <parameter>pid</parameter></paramdef>
        <paramdef>uint64_t <parameter>creds_mask</parameter></paramdef>
        <paramdef>sd_bus_creds **<parameter>ret</parameter></paramdef>
      </funcprototype>

      <funcprototype>
        <funcdef>int <function>sd_bus_creds_new_from_pidfd</function></funcdef>
        <paramdef>int <parameter>pidfd</parameter></paramdef>
        <paramdef>uint64_t <parameter>creds_mask</parameter></paramdef>
        <paramdef>sd_bus_creds **<parameter>ret</parameter></paramdef>
      </funcprototype>

      <funcprototype>
        <funcdef>uint64_t <function>sd_bus_creds_get_mask</function></funcdef>
        <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
      </funcprototype>

      <funcprototype>
        <funcdef>uint64_t <function>sd_bus_creds_get_augmented_mask</function></funcdef>
        <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
      </funcprototype>

      <funcprototype>
        <funcdef>sd_bus_creds *<function>sd_bus_creds_ref</function></funcdef>
        <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
      </funcprototype>

      <funcprototype>
        <funcdef>sd_bus_creds *<function>sd_bus_creds_unref</function></funcdef>
        <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
      </funcprototype>

      <funcprototype>
        <funcdef>void <function>sd_bus_creds_unrefp</function></funcdef>
        <paramdef>sd_bus_creds **<parameter>c</parameter></paramdef>
      </funcprototype>
    </funcsynopsis>

    <para>
      <constant>SD_BUS_CREDS_PID</constant>,
      <constant>SD_BUS_CREDS_PPID</constant>,
      <constant>SD_BUS_CREDS_TID</constant>,
      <constant>SD_BUS_CREDS_UID</constant>,
      <constant>SD_BUS_CREDS_EUID</constant>,
      <constant>SD_BUS_CREDS_SUID</constant>,
      <constant>SD_BUS_CREDS_FSUID</constant>,
      <constant>SD_BUS_CREDS_GID</constant>,
      <constant>SD_BUS_CREDS_EGID</constant>,
      <constant>SD_BUS_CREDS_SGID</constant>,
      <constant>SD_BUS_CREDS_FSGID</constant>,
      <constant>SD_BUS_CREDS_SUPPLEMENTARY_GIDS</constant>,
      <constant>SD_BUS_CREDS_COMM</constant>,
      <constant>SD_BUS_CREDS_TID_COMM</constant>,
      <constant>SD_BUS_CREDS_EXE</constant>,
      <constant>SD_BUS_CREDS_CMDLINE</constant>,
      <constant>SD_BUS_CREDS_CGROUP</constant>,
      <constant>SD_BUS_CREDS_UNIT</constant>,
      <constant>SD_BUS_CREDS_SLICE</constant>,
      <constant>SD_BUS_CREDS_USER_UNIT</constant>,
      <constant>SD_BUS_CREDS_USER_SLICE</constant>,
      <constant>SD_BUS_CREDS_SESSION</constant>,
      <constant>SD_BUS_CREDS_OWNER_UID</constant>,
      <constant>SD_BUS_CREDS_EFFECTIVE_CAPS</constant>,
      <constant>SD_BUS_CREDS_PERMITTED_CAPS</constant>,
      <constant>SD_BUS_CREDS_INHERITABLE_CAPS</constant>,
      <constant>SD_BUS_CREDS_BOUNDING_CAPS</constant>,
      <constant>SD_BUS_CREDS_SELINUX_CONTEXT</constant>,
      <constant>SD_BUS_CREDS_AUDIT_SESSION_ID</constant>,
      <constant>SD_BUS_CREDS_AUDIT_LOGIN_UID</constant>,
      <constant>SD_BUS_CREDS_TTY</constant>,
      <constant>SD_BUS_CREDS_UNIQUE_NAME</constant>,
      <constant>SD_BUS_CREDS_WELL_KNOWN_NAMES</constant>,
      <constant>SD_BUS_CREDS_DESCRIPTION</constant>,
      <constant>SD_BUS_CREDS_PIDFD</constant>,
      <constant>SD_BUS_CREDS_AUGMENT</constant>,
      <constant>_SD_BUS_CREDS_ALL</constant>
    </para>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para><function>sd_bus_creds_new_from_pid()</function> creates a
    new credentials object and fills it with information about the
    process <parameter>pid</parameter>. The pointer to this object
    will be stored in the <parameter>ret</parameter> pointer. Note that
    credential objects may also be created and retrieved via
    <citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>
    and
    <citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para>

    <para><function>sd_bus_creds_new_from_pidfd()</function> is identical to
    <function>sd_bus_creds_new_from_pid()</function>, but takes a PID file descriptor rather than a numeric
    PID as reference to the process. See <citerefentry
    project='man-pages'><refentrytitle>pidfd_open</refentrytitle><manvolnum>2</manvolnum></citerefentry>.</para>

    <para>The information that will be stored is determined by <parameter>creds_mask</parameter>. It may
    contain a subset of ORed constants <constant>SD_BUS_CREDS_PID</constant>,
    <constant>SD_BUS_CREDS_PPID</constant>, <constant>SD_BUS_CREDS_TID</constant>,
    <constant>SD_BUS_CREDS_UID</constant>, <constant>SD_BUS_CREDS_EUID</constant>,
    <constant>SD_BUS_CREDS_SUID</constant>, <constant>SD_BUS_CREDS_FSUID</constant>,
    <constant>SD_BUS_CREDS_GID</constant>, <constant>SD_BUS_CREDS_EGID</constant>,
    <constant>SD_BUS_CREDS_SGID</constant>, <constant>SD_BUS_CREDS_FSGID</constant>,
    <constant>SD_BUS_CREDS_SUPPLEMENTARY_GIDS</constant>, <constant>SD_BUS_CREDS_COMM</constant>,
    <constant>SD_BUS_CREDS_TID_COMM</constant>, <constant>SD_BUS_CREDS_EXE</constant>,
    <constant>SD_BUS_CREDS_CMDLINE</constant>, <constant>SD_BUS_CREDS_CGROUP</constant>,
    <constant>SD_BUS_CREDS_UNIT</constant>, <constant>SD_BUS_CREDS_SLICE</constant>,
    <constant>SD_BUS_CREDS_USER_UNIT</constant>, <constant>SD_BUS_CREDS_USER_SLICE</constant>,
    <constant>SD_BUS_CREDS_SESSION</constant>, <constant>SD_BUS_CREDS_OWNER_UID</constant>,
    <constant>SD_BUS_CREDS_EFFECTIVE_CAPS</constant>, <constant>SD_BUS_CREDS_PERMITTED_CAPS</constant>,
    <constant>SD_BUS_CREDS_INHERITABLE_CAPS</constant>, <constant>SD_BUS_CREDS_BOUNDING_CAPS</constant>,
    <constant>SD_BUS_CREDS_SELINUX_CONTEXT</constant>, <constant>SD_BUS_CREDS_AUDIT_SESSION_ID</constant>,
    <constant>SD_BUS_CREDS_AUDIT_LOGIN_UID</constant>, <constant>SD_BUS_CREDS_TTY</constant>,
    <constant>SD_BUS_CREDS_UNIQUE_NAME</constant>, <constant>SD_BUS_CREDS_WELL_KNOWN_NAMES</constant>,
    <constant>SD_BUS_CREDS_DESCRIPTION</constant>, and <constant>SD_BUS_CREDS_PIDFD</constant>. Use the
    special value <constant>_SD_BUS_CREDS_ALL</constant> to request all supported fields. The
    <constant>SD_BUS_CREDS_AUGMENT</constant> constant may not be ORed into the mask for invocations of
    <function>sd_bus_creds_new_from_pid()</function> or
    <function>sd_bus_creds_new_from_pidfd()</function>.</para>

    <para>Fields can be retrieved from the credentials object using
    <citerefentry><refentrytitle>sd_bus_creds_get_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry>
    and other functions which correspond directly to the constants
    listed above.</para>

    <para>A mask of fields which were actually successfully retrieved can be retrieved with
    <function>sd_bus_creds_get_mask()</function>. If the credentials object was created with
    <function>sd_bus_creds_new_from_pid()</function> or <function>sd_bus_creds_new_from_pidfd()</function>,
    this will be a subset of fields requested in <parameter>creds_mask</parameter>.
    </para>

    <para>Similar to <function>sd_bus_creds_get_mask()</function>, the function
    <function>sd_bus_creds_get_augmented_mask()</function> returns a bitmask of field constants. The mask
    indicates which credential fields have been retrieved in a non-atomic fashion. For credential objects
    created via <function>sd_bus_creds_new_from_pid()</function> or
    <function>sd_bus_creds_new_from_pidfd()</function>, this mask will be identical to the mask returned by
    <function>sd_bus_creds_get_mask()</function>. However, for credential objects retrieved via
    <function>sd_bus_get_name_creds()</function>, this mask will be set for the credential fields that could
    not be determined atomically at peer connection time, and which were later added by reading augmenting
    credential data from <filename>/proc/</filename>. Similarly, for credential objects retrieved via
    <function>sd_bus_get_owner_creds()</function>, the mask is set for the fields that could not be
    determined atomically at bus creation time, but have been augmented. Similarly, for credential objects
    retrieved via <function>sd_bus_message_get_creds()</function>, the mask is set for the fields that could
    not be determined atomically at message sending time, but have been augmented. The mask returned by
    <function>sd_bus_creds_get_augmented_mask()</function> is always a subset of (or identical to) the mask
    returned by <function>sd_bus_creds_get_mask()</function> for the same object. The latter call hence
    returns all credential fields available in the credential object, the former then marks the subset of
    those that have been augmented. Note that augmented fields are unsuitable for authorization decisions, as
    they may be retrieved at different times, thus being subject to races. Hence, augmented fields should be
    used exclusively for informational purposes.
    </para>

    <para><function>sd_bus_creds_ref()</function> creates a new
    reference to the credentials object <parameter>c</parameter>. This
    object will not be destroyed until
    <function>sd_bus_creds_unref()</function> has been called as many
    times plus once more. Once the reference count has dropped to zero,
    <parameter>c</parameter> cannot be used anymore, so further
    calls to <function>sd_bus_creds_ref(c)</function> or
    <function>sd_bus_creds_unref(c)</function> are illegal.</para>

    <para><function>sd_bus_creds_unref()</function> destroys a reference
    to <parameter>c</parameter>.</para>

    <para><function>sd_bus_creds_unrefp()</function> is similar to
    <function>sd_bus_creds_unref()</function> but takes a pointer to a
    pointer to an <type>sd_bus_creds</type> object. This call is useful in
    conjunction with GCC's and LLVM's <ulink
    url="https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html">Clean-up
    Variable Attribute</ulink>. Note that this function is defined as
    inline function.</para>

    <para><function>sd_bus_creds_ref()</function>,
    <function>sd_bus_creds_unref()</function> and
    <function>sd_bus_creds_unrefp()</function> execute no operation if
    the passed in bus credentials object is
    <constant>NULL</constant>.</para>

  </refsect1>

  <refsect1>
    <title>Return Value</title>

    <para>On success, <function>sd_bus_creds_new_from_pid()</function> and
    <function>sd_bus_creds_new_from_pidfd()</function> return 0 or a positive integer. On failure, they return
    a negative errno-style error code.</para>

    <para><function>sd_bus_creds_get_mask()</function> returns the
    mask of successfully acquired fields.</para>

    <para><function>sd_bus_creds_get_augmented_mask()</function>
    returns the mask of fields that have been augmented from data in
    <filename>/proc/</filename>, and are thus not suitable for
    authorization decisions.</para>

    <para><function>sd_bus_creds_ref()</function> always returns the
    argument.</para>

    <para><function>sd_bus_creds_unref()</function> always returns
    <constant>NULL</constant>.</para>
  </refsect1>

  <refsect1>
    <title>Reference ownership</title>

    <para>The functions <function>sd_bus_creds_new_from_pid()</function> and
    <function>sd_bus_creds_new_from_pidfd()</function> create a new object and the caller owns the sole
    reference. When not needed anymore, this reference should be destroyed with
    <citerefentry><refentrytitle>sd_bus_creds_unref</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
    </para>

    <refsect2>
      <title>Errors</title>

      <para>Returned errors may indicate the following problems:</para>

      <variablelist>

        <varlistentry>
          <term><constant>-ESRCH</constant></term>

          <listitem><para>Specified <parameter>pid</parameter> could not be found.</para></listitem>
        </varlistentry>

        <varlistentry>
          <term><constant>-EINVAL</constant></term>

          <listitem><para>Specified parameter is invalid (<constant>NULL</constant> in case of output
          parameters).</para></listitem>
        </varlistentry>

        <varlistentry>
          <term><constant>-ENOMEM</constant></term>

          <listitem><para>Memory allocation failed.</para></listitem>
        </varlistentry>

        <varlistentry>
          <term><constant>-EOPNOTSUPP</constant></term>

          <listitem><para>One of the requested fields is unknown to the local system.</para></listitem>
        </varlistentry>
      </variablelist>
    </refsect2>
  </refsect1>

  <xi:include href="libsystemd-pkgconfig.xml" />

  <refsect1>
    <title>History</title>
    <para><function>sd_bus_creds_new_from_pid()</function>,
    <function>sd_bus_creds_get_mask()</function>,
    <function>sd_bus_creds_ref()</function>,
    <function>sd_bus_creds_unref()</function>, and
    <function>sd_bus_creds_get_augmented_mask()</function> were added in version 221.</para>
    <para><function>sd_bus_creds_unrefp()</function> was added in version 229.</para>
    <para><function>sd_bus_creds_new_from_pidfd()</function> was added in version 256.</para>
  </refsect1>

  <refsect1>
    <title>See Also</title>

    <para><simplelist type="inline">
      <member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
      <member><citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
      <member><citerefentry><refentrytitle>sd_bus_creds_get_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
      <member><citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
      <member><citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
      <member><citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
    </simplelist></para>
  </refsect1>

</refentry>
Commit	Line	Data
514094f9	1	<?xml version='1.0'?>
3a54a157	2	<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
eea10b26	3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
db9ecf05	4	<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
4cf8496d	5
7d6b2723	6	<refentry id="sd_bus_creds_new_from_pid" xmlns:xi="http://www.w3.org/2001/XInclude">
4cf8496d ZJS	7
	8	<refentryinfo>
	9	<title>sd_bus_creds_new_from_pid</title>
	10	<productname>systemd</productname>
4cf8496d ZJS	11	</refentryinfo>
	12
	13	<refmeta>
	14	<refentrytitle>sd_bus_creds_new_from_pid</refentrytitle>
	15	<manvolnum>3</manvolnum>
	16	</refmeta>
	17
	18	<refnamediv>
	19	<refname>sd_bus_creds_new_from_pid</refname>
a6671075	20	<refname>sd_bus_creds_new_from_pidfd</refname>
4cf8496d	21	<refname>sd_bus_creds_get_mask</refname>
f6f7a984	22	<refname>sd_bus_creds_get_augmented_mask</refname>
4cf8496d ZJS	23	<refname>sd_bus_creds_ref</refname>
4cf8496d ZJS	24	<refname>sd_bus_creds_unref</refname>
4afd3348	25	<refname>sd_bus_creds_unrefp</refname>
4cf8496d ZJS	26
	27	<refpurpose>Retrieve credentials object for the specified PID</refpurpose>
	28	</refnamediv>
	29
	30	<refsynopsisdiv>
	31	<funcsynopsis>
	32	<funcsynopsisinfo>#include <systemd/sd-bus.h></funcsynopsisinfo>
	33
	34	<funcprototype>
	35	<funcdef>int <function>sd_bus_creds_new_from_pid</function></funcdef>
	36	<paramdef>pid_t <parameter>pid</parameter></paramdef>
	37	<paramdef>uint64_t <parameter>creds_mask</parameter></paramdef>
8dc385e7	38	<paramdef>sd_bus_creds **<parameter>ret</parameter></paramdef>
4cf8496d ZJS	39	</funcprototype>
4cf8496d ZJS	40
a6671075 LP	41	<funcprototype>
	42	<funcdef>int <function>sd_bus_creds_new_from_pidfd</function></funcdef>
	43	<paramdef>int <parameter>pidfd</parameter></paramdef>
	44	<paramdef>uint64_t <parameter>creds_mask</parameter></paramdef>
	45	<paramdef>sd_bus_creds **<parameter>ret</parameter></paramdef>
	46	</funcprototype>
	47
4cf8496d ZJS	48	<funcprototype>
4cf8496d ZJS	49	<funcdef>uint64_t <function>sd_bus_creds_get_mask</function></funcdef>
512e3bbc	50	<paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
4cf8496d ZJS	51	</funcprototype>
4cf8496d ZJS	52
f6f7a984 LP	53	<funcprototype>
f6f7a984 LP	54	<funcdef>uint64_t <function>sd_bus_creds_get_augmented_mask</function></funcdef>
512e3bbc	55	<paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
f6f7a984 LP	56	</funcprototype>
f6f7a984 LP	57
4cf8496d	58	<funcprototype>
8dc385e7 JE	59	<funcdef>sd_bus_creds *<function>sd_bus_creds_ref</function></funcdef>
8dc385e7 JE	60	<paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
4cf8496d ZJS	61	</funcprototype>
	62
	63	<funcprototype>
8dc385e7 JE	64	<funcdef>sd_bus_creds *<function>sd_bus_creds_unref</function></funcdef>
8dc385e7 JE	65	<paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
4cf8496d	66	</funcprototype>
4afd3348 LP	67
	68	<funcprototype>
	69	<funcdef>void <function>sd_bus_creds_unrefp</function></funcdef>
	70	<paramdef>sd_bus_creds **<parameter>c</parameter></paramdef>
	71	</funcprototype>
4cf8496d ZJS	72	</funcsynopsis>
	73
	74	<para>
	75	<constant>SD_BUS_CREDS_PID</constant>,
f6f7a984	76	<constant>SD_BUS_CREDS_PPID</constant>,
4cf8496d ZJS	77	<constant>SD_BUS_CREDS_TID</constant>,
4cf8496d ZJS	78	<constant>SD_BUS_CREDS_UID</constant>,
f6f7a984 LP	79	<constant>SD_BUS_CREDS_EUID</constant>,
	80	<constant>SD_BUS_CREDS_SUID</constant>,
	81	<constant>SD_BUS_CREDS_FSUID</constant>,
4cf8496d	82	<constant>SD_BUS_CREDS_GID</constant>,
f6f7a984 LP	83	<constant>SD_BUS_CREDS_EGID</constant>,
	84	<constant>SD_BUS_CREDS_SGID</constant>,
	85	<constant>SD_BUS_CREDS_FSGID</constant>,
	86	<constant>SD_BUS_CREDS_SUPPLEMENTARY_GIDS</constant>,
4cf8496d ZJS	87	<constant>SD_BUS_CREDS_COMM</constant>,
	88	<constant>SD_BUS_CREDS_TID_COMM</constant>,
	89	<constant>SD_BUS_CREDS_EXE</constant>,
	90	<constant>SD_BUS_CREDS_CMDLINE</constant>,
	91	<constant>SD_BUS_CREDS_CGROUP</constant>,
	92	<constant>SD_BUS_CREDS_UNIT</constant>,
4cf8496d	93	<constant>SD_BUS_CREDS_SLICE</constant>,
f6f7a984 LP	94	<constant>SD_BUS_CREDS_USER_UNIT</constant>,
f6f7a984 LP	95	<constant>SD_BUS_CREDS_USER_SLICE</constant>,
4cf8496d ZJS	96	<constant>SD_BUS_CREDS_SESSION</constant>,
	97	<constant>SD_BUS_CREDS_OWNER_UID</constant>,
	98	<constant>SD_BUS_CREDS_EFFECTIVE_CAPS</constant>,
	99	<constant>SD_BUS_CREDS_PERMITTED_CAPS</constant>,
	100	<constant>SD_BUS_CREDS_INHERITABLE_CAPS</constant>,
	101	<constant>SD_BUS_CREDS_BOUNDING_CAPS</constant>,
	102	<constant>SD_BUS_CREDS_SELINUX_CONTEXT</constant>,
	103	<constant>SD_BUS_CREDS_AUDIT_SESSION_ID</constant>,
	104	<constant>SD_BUS_CREDS_AUDIT_LOGIN_UID</constant>,
f6f7a984	105	<constant>SD_BUS_CREDS_TTY</constant>,
4cf8496d ZJS	106	<constant>SD_BUS_CREDS_UNIQUE_NAME</constant>,
4cf8496d ZJS	107	<constant>SD_BUS_CREDS_WELL_KNOWN_NAMES</constant>,
f6f7a984	108	<constant>SD_BUS_CREDS_DESCRIPTION</constant>,
a6671075	109	<constant>SD_BUS_CREDS_PIDFD</constant>,
f6f7a984	110	<constant>SD_BUS_CREDS_AUGMENT</constant>,
4cf8496d ZJS	111	<constant>_SD_BUS_CREDS_ALL</constant>
	112	</para>
	113	</refsynopsisdiv>
	114
	115	<refsect1>
	116	<title>Description</title>
	117
f6f7a984 LP	118	<para><function>sd_bus_creds_new_from_pid()</function> creates a
	119	new credentials object and fills it with information about the
	120	process <parameter>pid</parameter>. The pointer to this object
a8eaaee7	121	will be stored in the <parameter>ret</parameter> pointer. Note that
f6f7a984 LP	122	credential objects may also be created and retrieved via
	123	<citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
	124	<citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>
	125	and
	126	<citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para>
4cf8496d	127
a6671075 LP	128	<para><function>sd_bus_creds_new_from_pidfd()</function> is identical to
	129	<function>sd_bus_creds_new_from_pid()</function>, but takes a PID file descriptor rather than a numeric
	130	PID as reference to the process. See <citerefentry
	131	project='man-pages'><refentrytitle>pidfd_open</refentrytitle><manvolnum>2</manvolnum></citerefentry>.</para>
	132
	133	<para>The information that will be stored is determined by <parameter>creds_mask</parameter>. It may
	134	contain a subset of ORed constants <constant>SD_BUS_CREDS_PID</constant>,
	135	<constant>SD_BUS_CREDS_PPID</constant>, <constant>SD_BUS_CREDS_TID</constant>,
	136	<constant>SD_BUS_CREDS_UID</constant>, <constant>SD_BUS_CREDS_EUID</constant>,
	137	<constant>SD_BUS_CREDS_SUID</constant>, <constant>SD_BUS_CREDS_FSUID</constant>,
	138	<constant>SD_BUS_CREDS_GID</constant>, <constant>SD_BUS_CREDS_EGID</constant>,
	139	<constant>SD_BUS_CREDS_SGID</constant>, <constant>SD_BUS_CREDS_FSGID</constant>,
	140	<constant>SD_BUS_CREDS_SUPPLEMENTARY_GIDS</constant>, <constant>SD_BUS_CREDS_COMM</constant>,
	141	<constant>SD_BUS_CREDS_TID_COMM</constant>, <constant>SD_BUS_CREDS_EXE</constant>,
	142	<constant>SD_BUS_CREDS_CMDLINE</constant>, <constant>SD_BUS_CREDS_CGROUP</constant>,
	143	<constant>SD_BUS_CREDS_UNIT</constant>, <constant>SD_BUS_CREDS_SLICE</constant>,
	144	<constant>SD_BUS_CREDS_USER_UNIT</constant>, <constant>SD_BUS_CREDS_USER_SLICE</constant>,
	145	<constant>SD_BUS_CREDS_SESSION</constant>, <constant>SD_BUS_CREDS_OWNER_UID</constant>,
	146	<constant>SD_BUS_CREDS_EFFECTIVE_CAPS</constant>, <constant>SD_BUS_CREDS_PERMITTED_CAPS</constant>,
	147	<constant>SD_BUS_CREDS_INHERITABLE_CAPS</constant>, <constant>SD_BUS_CREDS_BOUNDING_CAPS</constant>,
	148	<constant>SD_BUS_CREDS_SELINUX_CONTEXT</constant>, <constant>SD_BUS_CREDS_AUDIT_SESSION_ID</constant>,
	149	<constant>SD_BUS_CREDS_AUDIT_LOGIN_UID</constant>, <constant>SD_BUS_CREDS_TTY</constant>,
	150	<constant>SD_BUS_CREDS_UNIQUE_NAME</constant>, <constant>SD_BUS_CREDS_WELL_KNOWN_NAMES</constant>,
	151	<constant>SD_BUS_CREDS_DESCRIPTION</constant>, and <constant>SD_BUS_CREDS_PIDFD</constant>. Use the
	152	special value <constant>_SD_BUS_CREDS_ALL</constant> to request all supported fields. The
	153	<constant>SD_BUS_CREDS_AUGMENT</constant> constant may not be ORed into the mask for invocations of
	154	<function>sd_bus_creds_new_from_pid()</function> or
	155	<function>sd_bus_creds_new_from_pidfd()</function>.</para>
4cf8496d ZJS	156
	157	<para>Fields can be retrieved from the credentials object using
	158	<citerefentry><refentrytitle>sd_bus_creds_get_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry>
	159	and other functions which correspond directly to the constants
	160	listed above.</para>
	161
a6671075 LP	162	<para>A mask of fields which were actually successfully retrieved can be retrieved with
	163	<function>sd_bus_creds_get_mask()</function>. If the credentials object was created with
	164	<function>sd_bus_creds_new_from_pid()</function> or <function>sd_bus_creds_new_from_pidfd()</function>,
	165	this will be a subset of fields requested in <parameter>creds_mask</parameter>.
4cf8496d ZJS	166	</para>
4cf8496d ZJS	167
a6671075 LP	168	<para>Similar to <function>sd_bus_creds_get_mask()</function>, the function
	169	<function>sd_bus_creds_get_augmented_mask()</function> returns a bitmask of field constants. The mask
	170	indicates which credential fields have been retrieved in a non-atomic fashion. For credential objects
	171	created via <function>sd_bus_creds_new_from_pid()</function> or
	172	<function>sd_bus_creds_new_from_pidfd()</function>, this mask will be identical to the mask returned by
	173	<function>sd_bus_creds_get_mask()</function>. However, for credential objects retrieved via
	174	<function>sd_bus_get_name_creds()</function>, this mask will be set for the credential fields that could
	175	not be determined atomically at peer connection time, and which were later added by reading augmenting
	176	credential data from <filename>/proc/</filename>. Similarly, for credential objects retrieved via
	177	<function>sd_bus_get_owner_creds()</function>, the mask is set for the fields that could not be
	178	determined atomically at bus creation time, but have been augmented. Similarly, for credential objects
	179	retrieved via <function>sd_bus_message_get_creds()</function>, the mask is set for the fields that could
	180	not be determined atomically at message sending time, but have been augmented. The mask returned by
	181	<function>sd_bus_creds_get_augmented_mask()</function> is always a subset of (or identical to) the mask
	182	returned by <function>sd_bus_creds_get_mask()</function> for the same object. The latter call hence
	183	returns all credential fields available in the credential object, the former then marks the subset of
	184	those that have been augmented. Note that augmented fields are unsuitable for authorization decisions, as
	185	they may be retrieved at different times, thus being subject to races. Hence, augmented fields should be
	186	used exclusively for informational purposes.
f6f7a984 LP	187	</para>
	188
	189	<para><function>sd_bus_creds_ref()</function> creates a new
4cf8496d ZJS	190	reference to the credentials object <parameter>c</parameter>. This
4cf8496d ZJS	191	object will not be destroyed until
f6f7a984	192	<function>sd_bus_creds_unref()</function> has been called as many
4cf8496d	193	times plus once more. Once the reference count has dropped to zero,
06b643e7	194	<parameter>c</parameter> cannot be used anymore, so further
4cf8496d ZJS	195	calls to <function>sd_bus_creds_ref(c)</function> or
	196	<function>sd_bus_creds_unref(c)</function> are illegal.</para>
	197
f6f7a984	198	<para><function>sd_bus_creds_unref()</function> destroys a reference
4cf8496d	199	to <parameter>c</parameter>.</para>
4afd3348 LP	200
	201	<para><function>sd_bus_creds_unrefp()</function> is similar to
	202	<function>sd_bus_creds_unref()</function> but takes a pointer to a
	203	pointer to an <type>sd_bus_creds</type> object. This call is useful in
	204	conjunction with GCC's and LLVM's <ulink
	205	url="https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html">Clean-up
	206	Variable Attribute</ulink>. Note that this function is defined as
	207	inline function.</para>
	208
	209	<para><function>sd_bus_creds_ref()</function>,
	210	<function>sd_bus_creds_unref()</function> and
	211	<function>sd_bus_creds_unrefp()</function> execute no operation if
	212	the passed in bus credentials object is
	213	<constant>NULL</constant>.</para>
	214
4cf8496d ZJS	215	</refsect1>
	216
	217	<refsect1>
	218	<title>Return Value</title>
	219
a6671075 LP	220	<para>On success, <function>sd_bus_creds_new_from_pid()</function> and
	221	<function>sd_bus_creds_new_from_pidfd()</function> return 0 or a positive integer. On failure, they return
	222	a negative errno-style error code.</para>
4cf8496d ZJS	223
	224	<para><function>sd_bus_creds_get_mask()</function> returns the
	225	mask of successfully acquired fields.</para>
	226
f6f7a984 LP	227	<para><function>sd_bus_creds_get_augmented_mask()</function>
f6f7a984 LP	228	returns the mask of fields that have been augmented from data in
3b121157	229	<filename>/proc/</filename>, and are thus not suitable for
f6f7a984 LP	230	authorization decisions.</para>
	231
	232	<para><function>sd_bus_creds_ref()</function> always returns the
4cf8496d ZJS	233	argument.</para>
4cf8496d ZJS	234
f6f7a984	235	<para><function>sd_bus_creds_unref()</function> always returns
4cf8496d ZJS	236	<constant>NULL</constant>.</para>
	237	</refsect1>
	238
	239	<refsect1>
	240	<title>Reference ownership</title>
	241
a6671075 LP	242	<para>The functions <function>sd_bus_creds_new_from_pid()</function> and
	243	<function>sd_bus_creds_new_from_pidfd()</function> create a new object and the caller owns the sole
	244	reference. When not needed anymore, this reference should be destroyed with
4cf8496d ZJS	245	<citerefentry><refentrytitle>sd_bus_creds_unref</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
4cf8496d ZJS	246	</para>
4cf8496d	247
b1de39de ZJS	248	<refsect2>
b1de39de ZJS	249	<title>Errors</title>
4cf8496d	250
b1de39de	251	<para>Returned errors may indicate the following problems:</para>
4cf8496d	252
b1de39de	253	<variablelist>
4cf8496d	254
b1de39de ZJS	255	<varlistentry>
b1de39de ZJS	256	<term><constant>-ESRCH</constant></term>
4cf8496d	257
b1de39de ZJS	258	<listitem><para>Specified <parameter>pid</parameter> could not be found.</para></listitem>
b1de39de ZJS	259	</varlistentry>
4cf8496d	260
b1de39de ZJS	261	<varlistentry>
b1de39de ZJS	262	<term><constant>-EINVAL</constant></term>
4cf8496d	263
b1de39de ZJS	264	<listitem><para>Specified parameter is invalid (<constant>NULL</constant> in case of output
	265	parameters).</para></listitem>
	266	</varlistentry>
4cf8496d	267
b1de39de ZJS	268	<varlistentry>
b1de39de ZJS	269	<term><constant>-ENOMEM</constant></term>
4cf8496d	270
b1de39de ZJS	271	<listitem><para>Memory allocation failed.</para></listitem>
b1de39de ZJS	272	</varlistentry>
f6f7a984	273
b1de39de ZJS	274	<varlistentry>
b1de39de ZJS	275	<term><constant>-EOPNOTSUPP</constant></term>
f6f7a984	276
b1de39de ZJS	277	<listitem><para>One of the requested fields is unknown to the local system.</para></listitem>
	278	</varlistentry>
	279	</variablelist>
	280	</refsect2>
4cf8496d ZJS	281	</refsect1>
4cf8496d ZJS	282
7d6b2723	283	<xi:include href="libsystemd-pkgconfig.xml" />
4cf8496d	284
69106f47 AK	285	<refsect1>
69106f47 AK	286	<title>History</title>
00f95506 AK	287	<para><function>sd_bus_creds_new_from_pid()</function>,
00f95506 AK	288	<function>sd_bus_creds_get_mask()</function>,
87fe0a69 YW	289	<function>sd_bus_creds_ref()</function>,
	290	<function>sd_bus_creds_unref()</function>, and
	291	<function>sd_bus_creds_get_augmented_mask()</function> were added in version 221.</para>
69106f47	292	<para><function>sd_bus_creds_unrefp()</function> was added in version 229.</para>
a6671075	293	<para><function>sd_bus_creds_new_from_pidfd()</function> was added in version 256.</para>
69106f47 AK	294	</refsect1>
69106f47 AK	295
4cf8496d ZJS	296	<refsect1>
	297	<title>See Also</title>
	298
13a69c12 DT	299	<para><simplelist type="inline">
	300	<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
	301	<member><citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
	302	<member><citerefentry><refentrytitle>sd_bus_creds_get_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
	303	<member><citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
	304	<member><citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
	305	<member><citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
	306	</simplelist></para>
4cf8496d ZJS	307	</refsect1>
	308
	309	</refentry>