blob: 84dd509744360a78d8d4a54d05b5c66b514d86f0 [file] [log] [blame] [raw]
<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!--
This file is part of systemd.
Copyright 2014 Zbigniew Jędrzejewski-Szmek
systemd is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->
<refentry id="sd_bus_creds_new_from_pid">
<refentryinfo>
<title>sd_bus_creds_new_from_pid</title>
<productname>systemd</productname>
<authorgroup>
<author>
<contrib>A monkey with a typewriter</contrib>
<firstname>Zbigniew</firstname>
<surname>Jędrzejewski-Szmek</surname>
<email>zbyszek@in.waw.pl</email>
</author>
</authorgroup>
</refentryinfo>
<refmeta>
<refentrytitle>sd_bus_creds_new_from_pid</refentrytitle>
<manvolnum>3</manvolnum>
</refmeta>
<refnamediv>
<refname>sd_bus_creds_new_from_pid</refname>
<refname>sd_bus_creds_get_mask</refname>
<refname>sd_bus_creds_get_augmented_mask</refname>
<refname>sd_bus_creds_ref</refname>
<refname>sd_bus_creds_unref</refname>
<refpurpose>Retrieve credentials object for the specified PID</refpurpose>
</refnamediv>
<refsynopsisdiv>
<funcsynopsis>
<funcsynopsisinfo>#include &lt;systemd/sd-bus.h&gt;</funcsynopsisinfo>
<funcprototype>
<funcdef>int <function>sd_bus_creds_new_from_pid</function></funcdef>
<paramdef>pid_t <parameter>pid</parameter></paramdef>
<paramdef>uint64_t <parameter>creds_mask</parameter></paramdef>
<paramdef>sd_bus_creds **<parameter>ret</parameter></paramdef>
</funcprototype>
<funcprototype>
<funcdef>uint64_t <function>sd_bus_creds_get_mask</function></funcdef>
<paramdef>const sd_bus_creds *<parameter>c</parameter></paramdef>
</funcprototype>
<funcprototype>
<funcdef>uint64_t <function>sd_bus_creds_get_augmented_mask</function></funcdef>
<paramdef>const sd_bus_creds *<parameter>c</parameter></paramdef>
</funcprototype>
<funcprototype>
<funcdef>sd_bus_creds *<function>sd_bus_creds_ref</function></funcdef>
<paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
</funcprototype>
<funcprototype>
<funcdef>sd_bus_creds *<function>sd_bus_creds_unref</function></funcdef>
<paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
</funcprototype>
</funcsynopsis>
<para>
<constant>SD_BUS_CREDS_PID</constant>,
<constant>SD_BUS_CREDS_PPID</constant>,
<constant>SD_BUS_CREDS_TID</constant>,
<constant>SD_BUS_CREDS_UID</constant>,
<constant>SD_BUS_CREDS_EUID</constant>,
<constant>SD_BUS_CREDS_SUID</constant>,
<constant>SD_BUS_CREDS_FSUID</constant>,
<constant>SD_BUS_CREDS_GID</constant>,
<constant>SD_BUS_CREDS_EGID</constant>,
<constant>SD_BUS_CREDS_SGID</constant>,
<constant>SD_BUS_CREDS_FSGID</constant>,
<constant>SD_BUS_CREDS_SUPPLEMENTARY_GIDS</constant>,
<constant>SD_BUS_CREDS_COMM</constant>,
<constant>SD_BUS_CREDS_TID_COMM</constant>,
<constant>SD_BUS_CREDS_EXE</constant>,
<constant>SD_BUS_CREDS_CMDLINE</constant>,
<constant>SD_BUS_CREDS_CGROUP</constant>,
<constant>SD_BUS_CREDS_UNIT</constant>,
<constant>SD_BUS_CREDS_SLICE</constant>,
<constant>SD_BUS_CREDS_USER_UNIT</constant>,
<constant>SD_BUS_CREDS_USER_SLICE</constant>,
<constant>SD_BUS_CREDS_SESSION</constant>,
<constant>SD_BUS_CREDS_OWNER_UID</constant>,
<constant>SD_BUS_CREDS_EFFECTIVE_CAPS</constant>,
<constant>SD_BUS_CREDS_PERMITTED_CAPS</constant>,
<constant>SD_BUS_CREDS_INHERITABLE_CAPS</constant>,
<constant>SD_BUS_CREDS_BOUNDING_CAPS</constant>,
<constant>SD_BUS_CREDS_SELINUX_CONTEXT</constant>,
<constant>SD_BUS_CREDS_AUDIT_SESSION_ID</constant>,
<constant>SD_BUS_CREDS_AUDIT_LOGIN_UID</constant>,
<constant>SD_BUS_CREDS_TTY</constant>,
<constant>SD_BUS_CREDS_UNIQUE_NAME</constant>,
<constant>SD_BUS_CREDS_WELL_KNOWN_NAMES</constant>,
<constant>SD_BUS_CREDS_DESCRIPTION</constant>,
<constant>SD_BUS_CREDS_AUGMENT</constant>,
<constant>_SD_BUS_CREDS_ALL</constant>
</para>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para><function>sd_bus_creds_new_from_pid()</function> creates a
new credentials object and fills it with information about the
process <parameter>pid</parameter>. The pointer to this object
will be stored in the <parameter>ret</parameter> pointer. Note that
credential objects may also be created and retrieved via
<citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>
and
<citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para>
<para>The information that will be stored is determined by
<parameter>creds_mask</parameter>. It may contain a subset of ORed
constants <constant>SD_BUS_CREDS_PID</constant>,
<constant>SD_BUS_CREDS_PPID</constant>,
<constant>SD_BUS_CREDS_TID</constant>,
<constant>SD_BUS_CREDS_UID</constant>,
<constant>SD_BUS_CREDS_EUID</constant>,
<constant>SD_BUS_CREDS_SUID</constant>,
<constant>SD_BUS_CREDS_FSUID</constant>,
<constant>SD_BUS_CREDS_GID</constant>,
<constant>SD_BUS_CREDS_EGID</constant>,
<constant>SD_BUS_CREDS_SGID</constant>,
<constant>SD_BUS_CREDS_FSGID</constant>,
<constant>SD_BUS_CREDS_SUPPLEMENTARY_GIDS</constant>,
<constant>SD_BUS_CREDS_COMM</constant>,
<constant>SD_BUS_CREDS_TID_COMM</constant>,
<constant>SD_BUS_CREDS_EXE</constant>,
<constant>SD_BUS_CREDS_CMDLINE</constant>,
<constant>SD_BUS_CREDS_CGROUP</constant>,
<constant>SD_BUS_CREDS_UNIT</constant>,
<constant>SD_BUS_CREDS_SLICE</constant>,
<constant>SD_BUS_CREDS_USER_UNIT</constant>,
<constant>SD_BUS_CREDS_USER_SLICE</constant>,
<constant>SD_BUS_CREDS_SESSION</constant>,
<constant>SD_BUS_CREDS_OWNER_UID</constant>,
<constant>SD_BUS_CREDS_EFFECTIVE_CAPS</constant>,
<constant>SD_BUS_CREDS_PERMITTED_CAPS</constant>,
<constant>SD_BUS_CREDS_INHERITABLE_CAPS</constant>,
<constant>SD_BUS_CREDS_BOUNDING_CAPS</constant>,
<constant>SD_BUS_CREDS_SELINUX_CONTEXT</constant>,
<constant>SD_BUS_CREDS_AUDIT_SESSION_ID</constant>,
<constant>SD_BUS_CREDS_AUDIT_LOGIN_UID</constant>,
<constant>SD_BUS_CREDS_TTY</constant>,
<constant>SD_BUS_CREDS_UNIQUE_NAME</constant>,
<constant>SD_BUS_CREDS_WELL_KNOWN_NAMES</constant>, and
<constant>SD_BUS_CREDS_DESCRIPTION</constant>. Use the special
value <constant>_SD_BUS_CREDS_ALL</constant> to request all
supported fields. The <constant>SD_BUS_CREDS_AUGMENT</constant>
constant may not be ORed into the mask for invocations of
<function>sd_bus_creds_new_from_pid()</function>.</para>
<para>Fields can be retrieved from the credentials object using
<citerefentry><refentrytitle>sd_bus_creds_get_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry>
and other functions which correspond directly to the constants
listed above.</para>
<para>A mask of fields which were actually successfully retrieved
can be retrieved with
<function>sd_bus_creds_get_mask()</function>. If the credentials
object was created with
<function>sd_bus_creds_new_from_pid()</function>, this will be a
subset of fields requested in <parameter>creds_mask</parameter>.
</para>
<para>Similar to <function>sd_bus_creds_get_mask()</function>, the
function <function>sd_bus_creds_get_augmented_mask()</function>
returns a bitmask of field constants. The mask indicates which
credential fields have been retrieved in a non-atomic fashion. For
credential objects created via
<function>sd_bus_creds_new_from_pid()</function>, this mask will be
identical to the mask returned by
<function>sd_bus_creds_get_mask()</function>. However, for
credential objects retrieved via
<function>sd_bus_get_name_creds()</function>, this mask will be set
for the credential fields that could not be determined atomically
at peer connection time, and which were later added by reading
augmenting credential data from
<filename>/proc</filename>. Similarly, for credential objects
retrieved via <function>sd_bus_get_owner_creds()</function>, the
mask is set for the fields that could not be determined atomically
at bus creation time, but have been augmented. Similarly, for
credential objects retrieved via
<function>sd_bus_message_get_creds()</function>, the mask is set
for the fields that could not be determined atomically at message
sending time, but have been augmented. The mask returned by
<function>sd_bus_creds_get_augmented_mask()</function> is always a
subset of (or identical to) the mask returned by
<function>sd_bus_creds_get_mask()</function> for the same
object. The latter call hence returns all credential fields
available in the credential object, the former then marks the
subset of those that have been augmented. Note that augmented
fields are unsuitable for authorization decisions, as they may be
retrieved at different times, thus being subject to races. Hence,
augmented fields should be used exclusively for informational
purposes.
</para>
<para><function>sd_bus_creds_ref()</function> creates a new
reference to the credentials object <parameter>c</parameter>. This
object will not be destroyed until
<function>sd_bus_creds_unref()</function> has been called as many
times plus once more. Once the reference count has dropped to zero,
<parameter>c</parameter> cannot be used anymore, so further
calls to <function>sd_bus_creds_ref(c)</function> or
<function>sd_bus_creds_unref(c)</function> are illegal.</para>
<para><function>sd_bus_creds_unref()</function> destroys a reference
to <parameter>c</parameter>.</para>
</refsect1>
<refsect1>
<title>Return Value</title>
<para>On success, <function>sd_bus_creds_new_from_pid()</function>
returns 0 or a positive integer. On failure, it returns a negative
errno-style error code.</para>
<para><function>sd_bus_creds_get_mask()</function> returns the
mask of successfully acquired fields.</para>
<para><function>sd_bus_creds_get_augmented_mask()</function>
returns the mask of fields that have been augmented from data in
<filename>/proc</filename>, and are thus not suitable for
authorization decisions.</para>
<para><function>sd_bus_creds_ref()</function> always returns the
argument.</para>
<para><function>sd_bus_creds_unref()</function> always returns
<constant>NULL</constant>.</para>
</refsect1>
<refsect1>
<title>Reference ownership</title>
<para>Function <function>sd_bus_creds_new_from_pid()</function>
creates a new object and the caller owns the sole reference. When
not needed anymore, this reference should be destroyed with
<citerefentry><refentrytitle>sd_bus_creds_unref</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
</para>
</refsect1>
<refsect1>
<title>Errors</title>
<para>Returned errors may indicate the following problems:</para>
<variablelist>
<varlistentry>
<term><constant>-ESRCH</constant></term>
<listitem><para>Specified <parameter>pid</parameter> could not
be found.</para></listitem>
</varlistentry>
<varlistentry>
<term><constant>-EINVAL</constant></term>
<listitem><para>Specified parameter is invalid
(<constant>NULL</constant> in case of output
parameters).</para></listitem>
</varlistentry>
<varlistentry>
<term><constant>-ENOMEM</constant></term>
<listitem><para>Memory allocation failed.</para></listitem>
</varlistentry>
<varlistentry>
<term><constant>-EOPNOTSUPP</constant></term>
<listitem><para>One of the requested fields is unknown to the local system.</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Notes</title>
<para><function>sd_bus_creds_new_from_pid()</function> and the
other calls described here are available as a shared library,
which can be compiled and linked to with the
<constant>libsystemd</constant> <citerefentry
project='die-net'><refentrytitle>pkg-config</refentrytitle><manvolnum>1</manvolnum></citerefentry>
file.</para>
</refsect1>
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sd_bus_creds_get_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>
</para>
</refsect1>
</refentry>