| <?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*--> |
| <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" |
| "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> |
| |
| <!-- |
| This file is part of systemd. |
| |
| Copyright 2014 Zbigniew Jędrzejewski-Szmek |
| |
| systemd is free software; you can redistribute it and/or modify it |
| under the terms of the GNU Lesser General Public License as published by |
| the Free Software Foundation; either version 2.1 of the License, or |
| (at your option) any later version. |
| |
| systemd is distributed in the hope that it will be useful, but |
| WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| Lesser General Public License for more details. |
| |
| You should have received a copy of the GNU Lesser General Public License |
| along with systemd; If not, see <http://www.gnu.org/licenses/>. |
| --> |
| |
| <refentry id="sd_bus_creds_new_from_pid"> |
| |
| <refentryinfo> |
| <title>sd_bus_creds_new_from_pid</title> |
| <productname>systemd</productname> |
| |
| <authorgroup> |
| <author> |
| <contrib>A monkey with a typewriter</contrib> |
| <firstname>Zbigniew</firstname> |
| <surname>Jędrzejewski-Szmek</surname> |
| <email>zbyszek@in.waw.pl</email> |
| </author> |
| </authorgroup> |
| </refentryinfo> |
| |
| <refmeta> |
| <refentrytitle>sd_bus_creds_new_from_pid</refentrytitle> |
| <manvolnum>3</manvolnum> |
| </refmeta> |
| |
| <refnamediv> |
| <refname>sd_bus_creds_new_from_pid</refname> |
| <refname>sd_bus_creds_get_mask</refname> |
| <refname>sd_bus_creds_get_augmented_mask</refname> |
| <refname>sd_bus_creds_ref</refname> |
| <refname>sd_bus_creds_unref</refname> |
| |
| <refpurpose>Retrieve credentials object for the specified PID</refpurpose> |
| </refnamediv> |
| |
| <refsynopsisdiv> |
| <funcsynopsis> |
| <funcsynopsisinfo>#include <systemd/sd-bus.h></funcsynopsisinfo> |
| |
| <funcprototype> |
| <funcdef>int <function>sd_bus_creds_new_from_pid</function></funcdef> |
| <paramdef>pid_t <parameter>pid</parameter></paramdef> |
| <paramdef>uint64_t <parameter>creds_mask</parameter></paramdef> |
| <paramdef>sd_bus_creds **<parameter>ret</parameter></paramdef> |
| </funcprototype> |
| |
| <funcprototype> |
| <funcdef>uint64_t <function>sd_bus_creds_get_mask</function></funcdef> |
| <paramdef>const sd_bus_creds *<parameter>c</parameter></paramdef> |
| </funcprototype> |
| |
| <funcprototype> |
| <funcdef>uint64_t <function>sd_bus_creds_get_augmented_mask</function></funcdef> |
| <paramdef>const sd_bus_creds *<parameter>c</parameter></paramdef> |
| </funcprototype> |
| |
| <funcprototype> |
| <funcdef>sd_bus_creds *<function>sd_bus_creds_ref</function></funcdef> |
| <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef> |
| </funcprototype> |
| |
| <funcprototype> |
| <funcdef>sd_bus_creds *<function>sd_bus_creds_unref</function></funcdef> |
| <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef> |
| </funcprototype> |
| </funcsynopsis> |
| |
| <para> |
| <constant>SD_BUS_CREDS_PID</constant>, |
| <constant>SD_BUS_CREDS_PPID</constant>, |
| <constant>SD_BUS_CREDS_TID</constant>, |
| <constant>SD_BUS_CREDS_UID</constant>, |
| <constant>SD_BUS_CREDS_EUID</constant>, |
| <constant>SD_BUS_CREDS_SUID</constant>, |
| <constant>SD_BUS_CREDS_FSUID</constant>, |
| <constant>SD_BUS_CREDS_GID</constant>, |
| <constant>SD_BUS_CREDS_EGID</constant>, |
| <constant>SD_BUS_CREDS_SGID</constant>, |
| <constant>SD_BUS_CREDS_FSGID</constant>, |
| <constant>SD_BUS_CREDS_SUPPLEMENTARY_GIDS</constant>, |
| <constant>SD_BUS_CREDS_COMM</constant>, |
| <constant>SD_BUS_CREDS_TID_COMM</constant>, |
| <constant>SD_BUS_CREDS_EXE</constant>, |
| <constant>SD_BUS_CREDS_CMDLINE</constant>, |
| <constant>SD_BUS_CREDS_CGROUP</constant>, |
| <constant>SD_BUS_CREDS_UNIT</constant>, |
| <constant>SD_BUS_CREDS_SLICE</constant>, |
| <constant>SD_BUS_CREDS_USER_UNIT</constant>, |
| <constant>SD_BUS_CREDS_USER_SLICE</constant>, |
| <constant>SD_BUS_CREDS_SESSION</constant>, |
| <constant>SD_BUS_CREDS_OWNER_UID</constant>, |
| <constant>SD_BUS_CREDS_EFFECTIVE_CAPS</constant>, |
| <constant>SD_BUS_CREDS_PERMITTED_CAPS</constant>, |
| <constant>SD_BUS_CREDS_INHERITABLE_CAPS</constant>, |
| <constant>SD_BUS_CREDS_BOUNDING_CAPS</constant>, |
| <constant>SD_BUS_CREDS_SELINUX_CONTEXT</constant>, |
| <constant>SD_BUS_CREDS_AUDIT_SESSION_ID</constant>, |
| <constant>SD_BUS_CREDS_AUDIT_LOGIN_UID</constant>, |
| <constant>SD_BUS_CREDS_TTY</constant>, |
| <constant>SD_BUS_CREDS_UNIQUE_NAME</constant>, |
| <constant>SD_BUS_CREDS_WELL_KNOWN_NAMES</constant>, |
| <constant>SD_BUS_CREDS_DESCRIPTION</constant>, |
| <constant>SD_BUS_CREDS_AUGMENT</constant>, |
| <constant>_SD_BUS_CREDS_ALL</constant> |
| </para> |
| </refsynopsisdiv> |
| |
| <refsect1> |
| <title>Description</title> |
| |
| <para><function>sd_bus_creds_new_from_pid()</function> creates a |
| new credentials object and fills it with information about the |
| process <parameter>pid</parameter>. The pointer to this object |
| will be stored in the <parameter>ret</parameter> pointer. Note that |
| credential objects may also be created and retrieved via |
| <citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry> |
| and |
| <citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para> |
| |
| <para>The information that will be stored is determined by |
| <parameter>creds_mask</parameter>. It may contain a subset of ORed |
| constants <constant>SD_BUS_CREDS_PID</constant>, |
| <constant>SD_BUS_CREDS_PPID</constant>, |
| <constant>SD_BUS_CREDS_TID</constant>, |
| <constant>SD_BUS_CREDS_UID</constant>, |
| <constant>SD_BUS_CREDS_EUID</constant>, |
| <constant>SD_BUS_CREDS_SUID</constant>, |
| <constant>SD_BUS_CREDS_FSUID</constant>, |
| <constant>SD_BUS_CREDS_GID</constant>, |
| <constant>SD_BUS_CREDS_EGID</constant>, |
| <constant>SD_BUS_CREDS_SGID</constant>, |
| <constant>SD_BUS_CREDS_FSGID</constant>, |
| <constant>SD_BUS_CREDS_SUPPLEMENTARY_GIDS</constant>, |
| <constant>SD_BUS_CREDS_COMM</constant>, |
| <constant>SD_BUS_CREDS_TID_COMM</constant>, |
| <constant>SD_BUS_CREDS_EXE</constant>, |
| <constant>SD_BUS_CREDS_CMDLINE</constant>, |
| <constant>SD_BUS_CREDS_CGROUP</constant>, |
| <constant>SD_BUS_CREDS_UNIT</constant>, |
| <constant>SD_BUS_CREDS_SLICE</constant>, |
| <constant>SD_BUS_CREDS_USER_UNIT</constant>, |
| <constant>SD_BUS_CREDS_USER_SLICE</constant>, |
| <constant>SD_BUS_CREDS_SESSION</constant>, |
| <constant>SD_BUS_CREDS_OWNER_UID</constant>, |
| <constant>SD_BUS_CREDS_EFFECTIVE_CAPS</constant>, |
| <constant>SD_BUS_CREDS_PERMITTED_CAPS</constant>, |
| <constant>SD_BUS_CREDS_INHERITABLE_CAPS</constant>, |
| <constant>SD_BUS_CREDS_BOUNDING_CAPS</constant>, |
| <constant>SD_BUS_CREDS_SELINUX_CONTEXT</constant>, |
| <constant>SD_BUS_CREDS_AUDIT_SESSION_ID</constant>, |
| <constant>SD_BUS_CREDS_AUDIT_LOGIN_UID</constant>, |
| <constant>SD_BUS_CREDS_TTY</constant>, |
| <constant>SD_BUS_CREDS_UNIQUE_NAME</constant>, |
| <constant>SD_BUS_CREDS_WELL_KNOWN_NAMES</constant>, and |
| <constant>SD_BUS_CREDS_DESCRIPTION</constant>. Use the special |
| value <constant>_SD_BUS_CREDS_ALL</constant> to request all |
| supported fields. The <constant>SD_BUS_CREDS_AUGMENT</constant> |
| constant may not be ORed into the mask for invocations of |
| <function>sd_bus_creds_new_from_pid()</function>.</para> |
| |
| <para>Fields can be retrieved from the credentials object using |
| <citerefentry><refentrytitle>sd_bus_creds_get_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry> |
| and other functions which correspond directly to the constants |
| listed above.</para> |
| |
| <para>A mask of fields which were actually successfully retrieved |
| can be retrieved with |
| <function>sd_bus_creds_get_mask()</function>. If the credentials |
| object was created with |
| <function>sd_bus_creds_new_from_pid()</function>, this will be a |
| subset of fields requested in <parameter>creds_mask</parameter>. |
| </para> |
| |
| <para>Similar to <function>sd_bus_creds_get_mask()</function>, the |
| function <function>sd_bus_creds_get_augmented_mask()</function> |
| returns a bitmask of field constants. The mask indicates which |
| credential fields have been retrieved in a non-atomic fashion. For |
| credential objects created via |
| <function>sd_bus_creds_new_from_pid()</function>, this mask will be |
| identical to the mask returned by |
| <function>sd_bus_creds_get_mask()</function>. However, for |
| credential objects retrieved via |
| <function>sd_bus_get_name_creds()</function>, this mask will be set |
| for the credential fields that could not be determined atomically |
| at peer connection time, and which were later added by reading |
| augmenting credential data from |
| <filename>/proc</filename>. Similarly, for credential objects |
| retrieved via <function>sd_bus_get_owner_creds()</function>, the |
| mask is set for the fields that could not be determined atomically |
| at bus creation time, but have been augmented. Similarly, for |
| credential objects retrieved via |
| <function>sd_bus_message_get_creds()</function>, the mask is set |
| for the fields that could not be determined atomically at message |
| sending time, but have been augmented. The mask returned by |
| <function>sd_bus_creds_get_augmented_mask()</function> is always a |
| subset of (or identical to) the mask returned by |
| <function>sd_bus_creds_get_mask()</function> for the same |
| object. The latter call hence returns all credential fields |
| available in the credential object, the former then marks the |
| subset of those that have been augmented. Note that augmented |
| fields are unsuitable for authorization decisions, as they may be |
| retrieved at different times, thus being subject to races. Hence, |
| augmented fields should be used exclusively for informational |
| purposes. |
| </para> |
| |
| <para><function>sd_bus_creds_ref()</function> creates a new |
| reference to the credentials object <parameter>c</parameter>. This |
| object will not be destroyed until |
| <function>sd_bus_creds_unref()</function> has been called as many |
| times plus once more. Once the reference count has dropped to zero, |
| <parameter>c</parameter> cannot be used anymore, so further |
| calls to <function>sd_bus_creds_ref(c)</function> or |
| <function>sd_bus_creds_unref(c)</function> are illegal.</para> |
| |
| <para><function>sd_bus_creds_unref()</function> destroys a reference |
| to <parameter>c</parameter>.</para> |
| </refsect1> |
| |
| <refsect1> |
| <title>Return Value</title> |
| |
| <para>On success, <function>sd_bus_creds_new_from_pid()</function> |
| returns 0 or a positive integer. On failure, it returns a negative |
| errno-style error code.</para> |
| |
| <para><function>sd_bus_creds_get_mask()</function> returns the |
| mask of successfully acquired fields.</para> |
| |
| <para><function>sd_bus_creds_get_augmented_mask()</function> |
| returns the mask of fields that have been augmented from data in |
| <filename>/proc</filename>, and are thus not suitable for |
| authorization decisions.</para> |
| |
| <para><function>sd_bus_creds_ref()</function> always returns the |
| argument.</para> |
| |
| <para><function>sd_bus_creds_unref()</function> always returns |
| <constant>NULL</constant>.</para> |
| </refsect1> |
| |
| <refsect1> |
| <title>Reference ownership</title> |
| |
| <para>Function <function>sd_bus_creds_new_from_pid()</function> |
| creates a new object and the caller owns the sole reference. When |
| not needed anymore, this reference should be destroyed with |
| <citerefentry><refentrytitle>sd_bus_creds_unref</refentrytitle><manvolnum>3</manvolnum></citerefentry>. |
| </para> |
| </refsect1> |
| |
| <refsect1> |
| <title>Errors</title> |
| |
| <para>Returned errors may indicate the following problems:</para> |
| |
| <variablelist> |
| |
| <varlistentry> |
| <term><constant>-ESRCH</constant></term> |
| |
| <listitem><para>Specified <parameter>pid</parameter> could not |
| be found.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><constant>-EINVAL</constant></term> |
| |
| <listitem><para>Specified parameter is invalid |
| (<constant>NULL</constant> in case of output |
| parameters).</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><constant>-ENOMEM</constant></term> |
| |
| <listitem><para>Memory allocation failed.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><constant>-EOPNOTSUPP</constant></term> |
| |
| <listitem><para>One of the requested fields is unknown to the local system.</para></listitem> |
| </varlistentry> |
| </variablelist> |
| </refsect1> |
| |
| <refsect1> |
| <title>Notes</title> |
| |
| <para><function>sd_bus_creds_new_from_pid()</function> and the |
| other calls described here are available as a shared library, |
| which can be compiled and linked to with the |
| <constant>libsystemd</constant> <citerefentry |
| project='die-net'><refentrytitle>pkg-config</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
| file.</para> |
| </refsect1> |
| |
| <refsect1> |
| <title>See Also</title> |
| |
| <para> |
| <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>sd_bus_creds_get_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry> |
| </para> |
| </refsect1> |
| |
| </refentry> |