capability: add new ambient_capabilities_supported() helper

[thirdparty/systemd.git] / man / sd_bus_creds_new_from_pid.xml

<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">

<!--
  This file is part of systemd.

  Copyright 2014 Zbigniew Jędrzejewski-Szmek

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->

<refentry id="sd_bus_creds_new_from_pid">

  <refentryinfo>
    <title>sd_bus_creds_new_from_pid</title>
    <productname>systemd</productname>

    <authorgroup>
      <author>
        <contrib>A monkey with a typewriter</contrib>
        <firstname>Zbigniew</firstname>
        <surname>Jędrzejewski-Szmek</surname>
        <email>zbyszek@in.waw.pl</email>
      </author>
    </authorgroup>
  </refentryinfo>

  <refmeta>
    <refentrytitle>sd_bus_creds_new_from_pid</refentrytitle>
    <manvolnum>3</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>sd_bus_creds_new_from_pid</refname>
    <refname>sd_bus_creds_get_mask</refname>
    <refname>sd_bus_creds_get_augmented_mask</refname>
    <refname>sd_bus_creds_ref</refname>
    <refname>sd_bus_creds_unref</refname>
    <refname>sd_bus_creds_unrefp</refname>

    <refpurpose>Retrieve credentials object for the specified PID</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <funcsynopsis>
      <funcsynopsisinfo>#include &lt;systemd/sd-bus.h&gt;</funcsynopsisinfo>

      <funcprototype>
        <funcdef>int <function>sd_bus_creds_new_from_pid</function></funcdef>
        <paramdef>pid_t <parameter>pid</parameter></paramdef>
        <paramdef>uint64_t <parameter>creds_mask</parameter></paramdef>
        <paramdef>sd_bus_creds **<parameter>ret</parameter></paramdef>
      </funcprototype>

      <funcprototype>
        <funcdef>uint64_t <function>sd_bus_creds_get_mask</function></funcdef>
        <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
      </funcprototype>

      <funcprototype>
        <funcdef>uint64_t <function>sd_bus_creds_get_augmented_mask</function></funcdef>
        <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
      </funcprototype>

      <funcprototype>
        <funcdef>sd_bus_creds *<function>sd_bus_creds_ref</function></funcdef>
        <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
      </funcprototype>

      <funcprototype>
        <funcdef>sd_bus_creds *<function>sd_bus_creds_unref</function></funcdef>
        <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
      </funcprototype>

      <funcprototype>
        <funcdef>void <function>sd_bus_creds_unrefp</function></funcdef>
        <paramdef>sd_bus_creds **<parameter>c</parameter></paramdef>
      </funcprototype>
    </funcsynopsis>

    <para>
      <constant>SD_BUS_CREDS_PID</constant>,
      <constant>SD_BUS_CREDS_PPID</constant>,
      <constant>SD_BUS_CREDS_TID</constant>,
      <constant>SD_BUS_CREDS_UID</constant>,
      <constant>SD_BUS_CREDS_EUID</constant>,
      <constant>SD_BUS_CREDS_SUID</constant>,
      <constant>SD_BUS_CREDS_FSUID</constant>,
      <constant>SD_BUS_CREDS_GID</constant>,
      <constant>SD_BUS_CREDS_EGID</constant>,
      <constant>SD_BUS_CREDS_SGID</constant>,
      <constant>SD_BUS_CREDS_FSGID</constant>,
      <constant>SD_BUS_CREDS_SUPPLEMENTARY_GIDS</constant>,
      <constant>SD_BUS_CREDS_COMM</constant>,
      <constant>SD_BUS_CREDS_TID_COMM</constant>,
      <constant>SD_BUS_CREDS_EXE</constant>,
      <constant>SD_BUS_CREDS_CMDLINE</constant>,
      <constant>SD_BUS_CREDS_CGROUP</constant>,
      <constant>SD_BUS_CREDS_UNIT</constant>,
      <constant>SD_BUS_CREDS_SLICE</constant>,
      <constant>SD_BUS_CREDS_USER_UNIT</constant>,
      <constant>SD_BUS_CREDS_USER_SLICE</constant>,
      <constant>SD_BUS_CREDS_SESSION</constant>,
      <constant>SD_BUS_CREDS_OWNER_UID</constant>,
      <constant>SD_BUS_CREDS_EFFECTIVE_CAPS</constant>,
      <constant>SD_BUS_CREDS_PERMITTED_CAPS</constant>,
      <constant>SD_BUS_CREDS_INHERITABLE_CAPS</constant>,
      <constant>SD_BUS_CREDS_BOUNDING_CAPS</constant>,
      <constant>SD_BUS_CREDS_SELINUX_CONTEXT</constant>,
      <constant>SD_BUS_CREDS_AUDIT_SESSION_ID</constant>,
      <constant>SD_BUS_CREDS_AUDIT_LOGIN_UID</constant>,
      <constant>SD_BUS_CREDS_TTY</constant>,
      <constant>SD_BUS_CREDS_UNIQUE_NAME</constant>,
      <constant>SD_BUS_CREDS_WELL_KNOWN_NAMES</constant>,
      <constant>SD_BUS_CREDS_DESCRIPTION</constant>,
      <constant>SD_BUS_CREDS_AUGMENT</constant>,
      <constant>_SD_BUS_CREDS_ALL</constant>
    </para>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para><function>sd_bus_creds_new_from_pid()</function> creates a
    new credentials object and fills it with information about the
    process <parameter>pid</parameter>. The pointer to this object
    will be stored in the <parameter>ret</parameter> pointer. Note that
    credential objects may also be created and retrieved via
    <citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
    <citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>
    and
    <citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para>

    <para>The information that will be stored is determined by
    <parameter>creds_mask</parameter>. It may contain a subset of ORed
    constants <constant>SD_BUS_CREDS_PID</constant>,
    <constant>SD_BUS_CREDS_PPID</constant>,
    <constant>SD_BUS_CREDS_TID</constant>,
    <constant>SD_BUS_CREDS_UID</constant>,
    <constant>SD_BUS_CREDS_EUID</constant>,
    <constant>SD_BUS_CREDS_SUID</constant>,
    <constant>SD_BUS_CREDS_FSUID</constant>,
    <constant>SD_BUS_CREDS_GID</constant>,
    <constant>SD_BUS_CREDS_EGID</constant>,
    <constant>SD_BUS_CREDS_SGID</constant>,
    <constant>SD_BUS_CREDS_FSGID</constant>,
    <constant>SD_BUS_CREDS_SUPPLEMENTARY_GIDS</constant>,
    <constant>SD_BUS_CREDS_COMM</constant>,
    <constant>SD_BUS_CREDS_TID_COMM</constant>,
    <constant>SD_BUS_CREDS_EXE</constant>,
    <constant>SD_BUS_CREDS_CMDLINE</constant>,
    <constant>SD_BUS_CREDS_CGROUP</constant>,
    <constant>SD_BUS_CREDS_UNIT</constant>,
    <constant>SD_BUS_CREDS_SLICE</constant>,
    <constant>SD_BUS_CREDS_USER_UNIT</constant>,
    <constant>SD_BUS_CREDS_USER_SLICE</constant>,
    <constant>SD_BUS_CREDS_SESSION</constant>,
    <constant>SD_BUS_CREDS_OWNER_UID</constant>,
    <constant>SD_BUS_CREDS_EFFECTIVE_CAPS</constant>,
    <constant>SD_BUS_CREDS_PERMITTED_CAPS</constant>,
    <constant>SD_BUS_CREDS_INHERITABLE_CAPS</constant>,
    <constant>SD_BUS_CREDS_BOUNDING_CAPS</constant>,
    <constant>SD_BUS_CREDS_SELINUX_CONTEXT</constant>,
    <constant>SD_BUS_CREDS_AUDIT_SESSION_ID</constant>,
    <constant>SD_BUS_CREDS_AUDIT_LOGIN_UID</constant>,
    <constant>SD_BUS_CREDS_TTY</constant>,
    <constant>SD_BUS_CREDS_UNIQUE_NAME</constant>,
    <constant>SD_BUS_CREDS_WELL_KNOWN_NAMES</constant>, and
    <constant>SD_BUS_CREDS_DESCRIPTION</constant>. Use the special
    value <constant>_SD_BUS_CREDS_ALL</constant> to request all
    supported fields. The <constant>SD_BUS_CREDS_AUGMENT</constant>
    constant may not be ORed into the mask for invocations of
    <function>sd_bus_creds_new_from_pid()</function>.</para>

    <para>Fields can be retrieved from the credentials object using
    <citerefentry><refentrytitle>sd_bus_creds_get_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry>
    and other functions which correspond directly to the constants
    listed above.</para>

    <para>A mask of fields which were actually successfully retrieved
    can be retrieved with
    <function>sd_bus_creds_get_mask()</function>. If the credentials
    object was created with
    <function>sd_bus_creds_new_from_pid()</function>, this will be a
    subset of fields requested in <parameter>creds_mask</parameter>.
    </para>

    <para>Similar to <function>sd_bus_creds_get_mask()</function>, the
    function <function>sd_bus_creds_get_augmented_mask()</function>
    returns a bitmask of field constants. The mask indicates which
    credential fields have been retrieved in a non-atomic fashion. For
    credential objects created via
    <function>sd_bus_creds_new_from_pid()</function>, this mask will be
    identical to the mask returned by
    <function>sd_bus_creds_get_mask()</function>. However, for
    credential objects retrieved via
    <function>sd_bus_get_name_creds()</function>, this mask will be set
    for the credential fields that could not be determined atomically
    at peer connection time, and which were later added by reading
    augmenting credential data from
    <filename>/proc</filename>. Similarly, for credential objects
    retrieved via <function>sd_bus_get_owner_creds()</function>, the
    mask is set for the fields that could not be determined atomically
    at bus creation time, but have been augmented. Similarly, for
    credential objects retrieved via
    <function>sd_bus_message_get_creds()</function>, the mask is set
    for the fields that could not be determined atomically at message
    sending time, but have been augmented. The mask returned by
    <function>sd_bus_creds_get_augmented_mask()</function> is always a
    subset of (or identical to) the mask returned by
    <function>sd_bus_creds_get_mask()</function> for the same
    object. The latter call hence returns all credential fields
    available in the credential object, the former then marks the
    subset of those that have been augmented. Note that augmented
    fields are unsuitable for authorization decisions, as they may be
    retrieved at different times, thus being subject to races. Hence,
    augmented fields should be used exclusively for informational
    purposes.
    </para>

    <para><function>sd_bus_creds_ref()</function> creates a new
    reference to the credentials object <parameter>c</parameter>. This
    object will not be destroyed until
    <function>sd_bus_creds_unref()</function> has been called as many
    times plus once more. Once the reference count has dropped to zero,
    <parameter>c</parameter> cannot be used anymore, so further
    calls to <function>sd_bus_creds_ref(c)</function> or
    <function>sd_bus_creds_unref(c)</function> are illegal.</para>

    <para><function>sd_bus_creds_unref()</function> destroys a reference
    to <parameter>c</parameter>.</para>

    <para><function>sd_bus_creds_unrefp()</function> is similar to
    <function>sd_bus_creds_unref()</function> but takes a pointer to a
    pointer to an <type>sd_bus_creds</type> object. This call is useful in
    conjunction with GCC's and LLVM's <ulink
    url="https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html">Clean-up
    Variable Attribute</ulink>. Note that this function is defined as
    inline function.</para>

    <para><function>sd_bus_creds_ref()</function>,
    <function>sd_bus_creds_unref()</function> and
    <function>sd_bus_creds_unrefp()</function> execute no operation if
    the passed in bus credentials object is
    <constant>NULL</constant>.</para>

  </refsect1>

  <refsect1>
    <title>Return Value</title>

    <para>On success, <function>sd_bus_creds_new_from_pid()</function>
    returns 0 or a positive integer. On failure, it returns a negative
    errno-style error code.</para>

    <para><function>sd_bus_creds_get_mask()</function> returns the
    mask of successfully acquired fields.</para>

    <para><function>sd_bus_creds_get_augmented_mask()</function>
    returns the mask of fields that have been augmented from data in
    <filename>/proc</filename>, and are thus not suitable for
    authorization decisions.</para>

    <para><function>sd_bus_creds_ref()</function> always returns the
    argument.</para>

    <para><function>sd_bus_creds_unref()</function> always returns
    <constant>NULL</constant>.</para>
  </refsect1>

  <refsect1>
    <title>Reference ownership</title>

    <para>Function <function>sd_bus_creds_new_from_pid()</function>
    creates a new object and the caller owns the sole reference. When
    not needed anymore, this reference should be destroyed with
    <citerefentry><refentrytitle>sd_bus_creds_unref</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
    </para>
  </refsect1>

  <refsect1>
    <title>Errors</title>

    <para>Returned errors may indicate the following problems:</para>

    <variablelist>

      <varlistentry>
        <term><constant>-ESRCH</constant></term>

        <listitem><para>Specified <parameter>pid</parameter> could not
        be found.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>-EINVAL</constant></term>

        <listitem><para>Specified parameter is invalid
        (<constant>NULL</constant> in case of output
        parameters).</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>-ENOMEM</constant></term>

        <listitem><para>Memory allocation failed.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>-EOPNOTSUPP</constant></term>

        <listitem><para>One of the requested fields is unknown to the local system.</para></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1>
    <title>Notes</title>

    <para><function>sd_bus_creds_new_from_pid()</function> and the
    other calls described here are available as a shared library,
    which can be compiled and linked to with the
    <constant>libsystemd</constant> <citerefentry
    project='die-net'><refentrytitle>pkg-config</refentrytitle><manvolnum>1</manvolnum></citerefentry>
    file.</para>
  </refsect1>

  <refsect1>
    <title>See Also</title>

    <para>
      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>sd_bus_creds_get_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>
    </para>
  </refsect1>

</refentry>