]>
Commit | Line | Data |
---|---|---|
514094f9 | 1 | <?xml version='1.0'?> |
3a54a157 | 2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" |
eea10b26 | 3 | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"> |
db9ecf05 | 4 | <!-- SPDX-License-Identifier: LGPL-2.1-or-later --> |
4cf8496d | 5 | |
7d6b2723 | 6 | <refentry id="sd_bus_creds_new_from_pid" xmlns:xi="http://www.w3.org/2001/XInclude"> |
4cf8496d ZJS |
7 | |
8 | <refentryinfo> | |
9 | <title>sd_bus_creds_new_from_pid</title> | |
10 | <productname>systemd</productname> | |
4cf8496d ZJS |
11 | </refentryinfo> |
12 | ||
13 | <refmeta> | |
14 | <refentrytitle>sd_bus_creds_new_from_pid</refentrytitle> | |
15 | <manvolnum>3</manvolnum> | |
16 | </refmeta> | |
17 | ||
18 | <refnamediv> | |
19 | <refname>sd_bus_creds_new_from_pid</refname> | |
a6671075 | 20 | <refname>sd_bus_creds_new_from_pidfd</refname> |
4cf8496d | 21 | <refname>sd_bus_creds_get_mask</refname> |
f6f7a984 | 22 | <refname>sd_bus_creds_get_augmented_mask</refname> |
4cf8496d ZJS |
23 | <refname>sd_bus_creds_ref</refname> |
24 | <refname>sd_bus_creds_unref</refname> | |
4afd3348 | 25 | <refname>sd_bus_creds_unrefp</refname> |
4cf8496d ZJS |
26 | |
27 | <refpurpose>Retrieve credentials object for the specified PID</refpurpose> | |
28 | </refnamediv> | |
29 | ||
30 | <refsynopsisdiv> | |
31 | <funcsynopsis> | |
32 | <funcsynopsisinfo>#include <systemd/sd-bus.h></funcsynopsisinfo> | |
33 | ||
34 | <funcprototype> | |
35 | <funcdef>int <function>sd_bus_creds_new_from_pid</function></funcdef> | |
36 | <paramdef>pid_t <parameter>pid</parameter></paramdef> | |
37 | <paramdef>uint64_t <parameter>creds_mask</parameter></paramdef> | |
8dc385e7 | 38 | <paramdef>sd_bus_creds **<parameter>ret</parameter></paramdef> |
4cf8496d ZJS |
39 | </funcprototype> |
40 | ||
a6671075 LP |
41 | <funcprototype> |
42 | <funcdef>int <function>sd_bus_creds_new_from_pidfd</function></funcdef> | |
43 | <paramdef>int <parameter>pidfd</parameter></paramdef> | |
44 | <paramdef>uint64_t <parameter>creds_mask</parameter></paramdef> | |
45 | <paramdef>sd_bus_creds **<parameter>ret</parameter></paramdef> | |
46 | </funcprototype> | |
47 | ||
4cf8496d ZJS |
48 | <funcprototype> |
49 | <funcdef>uint64_t <function>sd_bus_creds_get_mask</function></funcdef> | |
512e3bbc | 50 | <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef> |
4cf8496d ZJS |
51 | </funcprototype> |
52 | ||
f6f7a984 LP |
53 | <funcprototype> |
54 | <funcdef>uint64_t <function>sd_bus_creds_get_augmented_mask</function></funcdef> | |
512e3bbc | 55 | <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef> |
f6f7a984 LP |
56 | </funcprototype> |
57 | ||
4cf8496d | 58 | <funcprototype> |
8dc385e7 JE |
59 | <funcdef>sd_bus_creds *<function>sd_bus_creds_ref</function></funcdef> |
60 | <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef> | |
4cf8496d ZJS |
61 | </funcprototype> |
62 | ||
63 | <funcprototype> | |
8dc385e7 JE |
64 | <funcdef>sd_bus_creds *<function>sd_bus_creds_unref</function></funcdef> |
65 | <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef> | |
4cf8496d | 66 | </funcprototype> |
4afd3348 LP |
67 | |
68 | <funcprototype> | |
69 | <funcdef>void <function>sd_bus_creds_unrefp</function></funcdef> | |
70 | <paramdef>sd_bus_creds **<parameter>c</parameter></paramdef> | |
71 | </funcprototype> | |
4cf8496d ZJS |
72 | </funcsynopsis> |
73 | ||
74 | <para> | |
75 | <constant>SD_BUS_CREDS_PID</constant>, | |
f6f7a984 | 76 | <constant>SD_BUS_CREDS_PPID</constant>, |
4cf8496d ZJS |
77 | <constant>SD_BUS_CREDS_TID</constant>, |
78 | <constant>SD_BUS_CREDS_UID</constant>, | |
f6f7a984 LP |
79 | <constant>SD_BUS_CREDS_EUID</constant>, |
80 | <constant>SD_BUS_CREDS_SUID</constant>, | |
81 | <constant>SD_BUS_CREDS_FSUID</constant>, | |
4cf8496d | 82 | <constant>SD_BUS_CREDS_GID</constant>, |
f6f7a984 LP |
83 | <constant>SD_BUS_CREDS_EGID</constant>, |
84 | <constant>SD_BUS_CREDS_SGID</constant>, | |
85 | <constant>SD_BUS_CREDS_FSGID</constant>, | |
86 | <constant>SD_BUS_CREDS_SUPPLEMENTARY_GIDS</constant>, | |
4cf8496d ZJS |
87 | <constant>SD_BUS_CREDS_COMM</constant>, |
88 | <constant>SD_BUS_CREDS_TID_COMM</constant>, | |
89 | <constant>SD_BUS_CREDS_EXE</constant>, | |
90 | <constant>SD_BUS_CREDS_CMDLINE</constant>, | |
91 | <constant>SD_BUS_CREDS_CGROUP</constant>, | |
92 | <constant>SD_BUS_CREDS_UNIT</constant>, | |
4cf8496d | 93 | <constant>SD_BUS_CREDS_SLICE</constant>, |
f6f7a984 LP |
94 | <constant>SD_BUS_CREDS_USER_UNIT</constant>, |
95 | <constant>SD_BUS_CREDS_USER_SLICE</constant>, | |
4cf8496d ZJS |
96 | <constant>SD_BUS_CREDS_SESSION</constant>, |
97 | <constant>SD_BUS_CREDS_OWNER_UID</constant>, | |
98 | <constant>SD_BUS_CREDS_EFFECTIVE_CAPS</constant>, | |
99 | <constant>SD_BUS_CREDS_PERMITTED_CAPS</constant>, | |
100 | <constant>SD_BUS_CREDS_INHERITABLE_CAPS</constant>, | |
101 | <constant>SD_BUS_CREDS_BOUNDING_CAPS</constant>, | |
102 | <constant>SD_BUS_CREDS_SELINUX_CONTEXT</constant>, | |
103 | <constant>SD_BUS_CREDS_AUDIT_SESSION_ID</constant>, | |
104 | <constant>SD_BUS_CREDS_AUDIT_LOGIN_UID</constant>, | |
f6f7a984 | 105 | <constant>SD_BUS_CREDS_TTY</constant>, |
4cf8496d ZJS |
106 | <constant>SD_BUS_CREDS_UNIQUE_NAME</constant>, |
107 | <constant>SD_BUS_CREDS_WELL_KNOWN_NAMES</constant>, | |
f6f7a984 | 108 | <constant>SD_BUS_CREDS_DESCRIPTION</constant>, |
a6671075 | 109 | <constant>SD_BUS_CREDS_PIDFD</constant>, |
f6f7a984 | 110 | <constant>SD_BUS_CREDS_AUGMENT</constant>, |
4cf8496d ZJS |
111 | <constant>_SD_BUS_CREDS_ALL</constant> |
112 | </para> | |
113 | </refsynopsisdiv> | |
114 | ||
115 | <refsect1> | |
116 | <title>Description</title> | |
117 | ||
f6f7a984 LP |
118 | <para><function>sd_bus_creds_new_from_pid()</function> creates a |
119 | new credentials object and fills it with information about the | |
120 | process <parameter>pid</parameter>. The pointer to this object | |
a8eaaee7 | 121 | will be stored in the <parameter>ret</parameter> pointer. Note that |
f6f7a984 LP |
122 | credential objects may also be created and retrieved via |
123 | <citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>, | |
124 | <citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry> | |
125 | and | |
126 | <citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para> | |
4cf8496d | 127 | |
a6671075 LP |
128 | <para><function>sd_bus_creds_new_from_pidfd()</function> is identical to |
129 | <function>sd_bus_creds_new_from_pid()</function>, but takes a PID file descriptor rather than a numeric | |
130 | PID as reference to the process. See <citerefentry | |
131 | project='man-pages'><refentrytitle>pidfd_open</refentrytitle><manvolnum>2</manvolnum></citerefentry>.</para> | |
132 | ||
133 | <para>The information that will be stored is determined by <parameter>creds_mask</parameter>. It may | |
134 | contain a subset of ORed constants <constant>SD_BUS_CREDS_PID</constant>, | |
135 | <constant>SD_BUS_CREDS_PPID</constant>, <constant>SD_BUS_CREDS_TID</constant>, | |
136 | <constant>SD_BUS_CREDS_UID</constant>, <constant>SD_BUS_CREDS_EUID</constant>, | |
137 | <constant>SD_BUS_CREDS_SUID</constant>, <constant>SD_BUS_CREDS_FSUID</constant>, | |
138 | <constant>SD_BUS_CREDS_GID</constant>, <constant>SD_BUS_CREDS_EGID</constant>, | |
139 | <constant>SD_BUS_CREDS_SGID</constant>, <constant>SD_BUS_CREDS_FSGID</constant>, | |
140 | <constant>SD_BUS_CREDS_SUPPLEMENTARY_GIDS</constant>, <constant>SD_BUS_CREDS_COMM</constant>, | |
141 | <constant>SD_BUS_CREDS_TID_COMM</constant>, <constant>SD_BUS_CREDS_EXE</constant>, | |
142 | <constant>SD_BUS_CREDS_CMDLINE</constant>, <constant>SD_BUS_CREDS_CGROUP</constant>, | |
143 | <constant>SD_BUS_CREDS_UNIT</constant>, <constant>SD_BUS_CREDS_SLICE</constant>, | |
144 | <constant>SD_BUS_CREDS_USER_UNIT</constant>, <constant>SD_BUS_CREDS_USER_SLICE</constant>, | |
145 | <constant>SD_BUS_CREDS_SESSION</constant>, <constant>SD_BUS_CREDS_OWNER_UID</constant>, | |
146 | <constant>SD_BUS_CREDS_EFFECTIVE_CAPS</constant>, <constant>SD_BUS_CREDS_PERMITTED_CAPS</constant>, | |
147 | <constant>SD_BUS_CREDS_INHERITABLE_CAPS</constant>, <constant>SD_BUS_CREDS_BOUNDING_CAPS</constant>, | |
148 | <constant>SD_BUS_CREDS_SELINUX_CONTEXT</constant>, <constant>SD_BUS_CREDS_AUDIT_SESSION_ID</constant>, | |
149 | <constant>SD_BUS_CREDS_AUDIT_LOGIN_UID</constant>, <constant>SD_BUS_CREDS_TTY</constant>, | |
150 | <constant>SD_BUS_CREDS_UNIQUE_NAME</constant>, <constant>SD_BUS_CREDS_WELL_KNOWN_NAMES</constant>, | |
151 | <constant>SD_BUS_CREDS_DESCRIPTION</constant>, and <constant>SD_BUS_CREDS_PIDFD</constant>. Use the | |
152 | special value <constant>_SD_BUS_CREDS_ALL</constant> to request all supported fields. The | |
153 | <constant>SD_BUS_CREDS_AUGMENT</constant> constant may not be ORed into the mask for invocations of | |
154 | <function>sd_bus_creds_new_from_pid()</function> or | |
155 | <function>sd_bus_creds_new_from_pidfd()</function>.</para> | |
4cf8496d ZJS |
156 | |
157 | <para>Fields can be retrieved from the credentials object using | |
158 | <citerefentry><refentrytitle>sd_bus_creds_get_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry> | |
159 | and other functions which correspond directly to the constants | |
160 | listed above.</para> | |
161 | ||
a6671075 LP |
162 | <para>A mask of fields which were actually successfully retrieved can be retrieved with |
163 | <function>sd_bus_creds_get_mask()</function>. If the credentials object was created with | |
164 | <function>sd_bus_creds_new_from_pid()</function> or <function>sd_bus_creds_new_from_pidfd()</function>, | |
165 | this will be a subset of fields requested in <parameter>creds_mask</parameter>. | |
4cf8496d ZJS |
166 | </para> |
167 | ||
a6671075 LP |
168 | <para>Similar to <function>sd_bus_creds_get_mask()</function>, the function |
169 | <function>sd_bus_creds_get_augmented_mask()</function> returns a bitmask of field constants. The mask | |
170 | indicates which credential fields have been retrieved in a non-atomic fashion. For credential objects | |
171 | created via <function>sd_bus_creds_new_from_pid()</function> or | |
172 | <function>sd_bus_creds_new_from_pidfd()</function>, this mask will be identical to the mask returned by | |
173 | <function>sd_bus_creds_get_mask()</function>. However, for credential objects retrieved via | |
174 | <function>sd_bus_get_name_creds()</function>, this mask will be set for the credential fields that could | |
175 | not be determined atomically at peer connection time, and which were later added by reading augmenting | |
176 | credential data from <filename>/proc/</filename>. Similarly, for credential objects retrieved via | |
177 | <function>sd_bus_get_owner_creds()</function>, the mask is set for the fields that could not be | |
178 | determined atomically at bus creation time, but have been augmented. Similarly, for credential objects | |
179 | retrieved via <function>sd_bus_message_get_creds()</function>, the mask is set for the fields that could | |
180 | not be determined atomically at message sending time, but have been augmented. The mask returned by | |
181 | <function>sd_bus_creds_get_augmented_mask()</function> is always a subset of (or identical to) the mask | |
182 | returned by <function>sd_bus_creds_get_mask()</function> for the same object. The latter call hence | |
183 | returns all credential fields available in the credential object, the former then marks the subset of | |
184 | those that have been augmented. Note that augmented fields are unsuitable for authorization decisions, as | |
185 | they may be retrieved at different times, thus being subject to races. Hence, augmented fields should be | |
186 | used exclusively for informational purposes. | |
f6f7a984 LP |
187 | </para> |
188 | ||
189 | <para><function>sd_bus_creds_ref()</function> creates a new | |
4cf8496d ZJS |
190 | reference to the credentials object <parameter>c</parameter>. This |
191 | object will not be destroyed until | |
f6f7a984 | 192 | <function>sd_bus_creds_unref()</function> has been called as many |
4cf8496d | 193 | times plus once more. Once the reference count has dropped to zero, |
06b643e7 | 194 | <parameter>c</parameter> cannot be used anymore, so further |
4cf8496d ZJS |
195 | calls to <function>sd_bus_creds_ref(c)</function> or |
196 | <function>sd_bus_creds_unref(c)</function> are illegal.</para> | |
197 | ||
f6f7a984 | 198 | <para><function>sd_bus_creds_unref()</function> destroys a reference |
4cf8496d | 199 | to <parameter>c</parameter>.</para> |
4afd3348 LP |
200 | |
201 | <para><function>sd_bus_creds_unrefp()</function> is similar to | |
202 | <function>sd_bus_creds_unref()</function> but takes a pointer to a | |
203 | pointer to an <type>sd_bus_creds</type> object. This call is useful in | |
204 | conjunction with GCC's and LLVM's <ulink | |
205 | url="https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html">Clean-up | |
206 | Variable Attribute</ulink>. Note that this function is defined as | |
207 | inline function.</para> | |
208 | ||
209 | <para><function>sd_bus_creds_ref()</function>, | |
210 | <function>sd_bus_creds_unref()</function> and | |
211 | <function>sd_bus_creds_unrefp()</function> execute no operation if | |
212 | the passed in bus credentials object is | |
213 | <constant>NULL</constant>.</para> | |
214 | ||
4cf8496d ZJS |
215 | </refsect1> |
216 | ||
217 | <refsect1> | |
218 | <title>Return Value</title> | |
219 | ||
a6671075 LP |
220 | <para>On success, <function>sd_bus_creds_new_from_pid()</function> and |
221 | <function>sd_bus_creds_new_from_pidfd()</function> return 0 or a positive integer. On failure, they return | |
222 | a negative errno-style error code.</para> | |
4cf8496d ZJS |
223 | |
224 | <para><function>sd_bus_creds_get_mask()</function> returns the | |
225 | mask of successfully acquired fields.</para> | |
226 | ||
f6f7a984 LP |
227 | <para><function>sd_bus_creds_get_augmented_mask()</function> |
228 | returns the mask of fields that have been augmented from data in | |
3b121157 | 229 | <filename>/proc/</filename>, and are thus not suitable for |
f6f7a984 LP |
230 | authorization decisions.</para> |
231 | ||
232 | <para><function>sd_bus_creds_ref()</function> always returns the | |
4cf8496d ZJS |
233 | argument.</para> |
234 | ||
f6f7a984 | 235 | <para><function>sd_bus_creds_unref()</function> always returns |
4cf8496d ZJS |
236 | <constant>NULL</constant>.</para> |
237 | </refsect1> | |
238 | ||
239 | <refsect1> | |
240 | <title>Reference ownership</title> | |
241 | ||
a6671075 LP |
242 | <para>The functions <function>sd_bus_creds_new_from_pid()</function> and |
243 | <function>sd_bus_creds_new_from_pidfd()</function> create a new object and the caller owns the sole | |
244 | reference. When not needed anymore, this reference should be destroyed with | |
4cf8496d ZJS |
245 | <citerefentry><refentrytitle>sd_bus_creds_unref</refentrytitle><manvolnum>3</manvolnum></citerefentry>. |
246 | </para> | |
4cf8496d | 247 | |
b1de39de ZJS |
248 | <refsect2> |
249 | <title>Errors</title> | |
4cf8496d | 250 | |
b1de39de | 251 | <para>Returned errors may indicate the following problems:</para> |
4cf8496d | 252 | |
b1de39de | 253 | <variablelist> |
4cf8496d | 254 | |
b1de39de ZJS |
255 | <varlistentry> |
256 | <term><constant>-ESRCH</constant></term> | |
4cf8496d | 257 | |
b1de39de ZJS |
258 | <listitem><para>Specified <parameter>pid</parameter> could not be found.</para></listitem> |
259 | </varlistentry> | |
4cf8496d | 260 | |
b1de39de ZJS |
261 | <varlistentry> |
262 | <term><constant>-EINVAL</constant></term> | |
4cf8496d | 263 | |
b1de39de ZJS |
264 | <listitem><para>Specified parameter is invalid (<constant>NULL</constant> in case of output |
265 | parameters).</para></listitem> | |
266 | </varlistentry> | |
4cf8496d | 267 | |
b1de39de ZJS |
268 | <varlistentry> |
269 | <term><constant>-ENOMEM</constant></term> | |
4cf8496d | 270 | |
b1de39de ZJS |
271 | <listitem><para>Memory allocation failed.</para></listitem> |
272 | </varlistentry> | |
f6f7a984 | 273 | |
b1de39de ZJS |
274 | <varlistentry> |
275 | <term><constant>-EOPNOTSUPP</constant></term> | |
f6f7a984 | 276 | |
b1de39de ZJS |
277 | <listitem><para>One of the requested fields is unknown to the local system.</para></listitem> |
278 | </varlistentry> | |
279 | </variablelist> | |
280 | </refsect2> | |
4cf8496d ZJS |
281 | </refsect1> |
282 | ||
7d6b2723 | 283 | <xi:include href="libsystemd-pkgconfig.xml" /> |
4cf8496d | 284 | |
69106f47 AK |
285 | <refsect1> |
286 | <title>History</title> | |
00f95506 AK |
287 | <para><function>sd_bus_creds_new_from_pid()</function>, |
288 | <function>sd_bus_creds_get_mask()</function>, | |
87fe0a69 YW |
289 | <function>sd_bus_creds_ref()</function>, |
290 | <function>sd_bus_creds_unref()</function>, and | |
291 | <function>sd_bus_creds_get_augmented_mask()</function> were added in version 221.</para> | |
69106f47 | 292 | <para><function>sd_bus_creds_unrefp()</function> was added in version 229.</para> |
a6671075 | 293 | <para><function>sd_bus_creds_new_from_pidfd()</function> was added in version 256.</para> |
69106f47 AK |
294 | </refsect1> |
295 | ||
4cf8496d ZJS |
296 | <refsect1> |
297 | <title>See Also</title> | |
298 | ||
13a69c12 DT |
299 | <para><simplelist type="inline"> |
300 | <member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member> | |
301 | <member><citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry></member> | |
302 | <member><citerefentry><refentrytitle>sd_bus_creds_get_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry></member> | |
303 | <member><citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry></member> | |
304 | <member><citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry></member> | |
305 | <member><citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry></member> | |
306 | </simplelist></para> | |
4cf8496d ZJS |
307 | </refsect1> |
308 | ||
309 | </refentry> |