<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*--> <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> <!-- This file is part of systemd. Copyright 2014 Zbigniew Jędrzejewski-Szmek systemd is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. systemd is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with systemd; If not, see <http://www.gnu.org/licenses/>. --> <refentry id="sd_bus_creds_new_from_pid"> <refentryinfo> <title>sd_bus_creds_new_from_pid</title> <productname>systemd</productname> <authorgroup> <author> <contrib>A monkey with a typewriter</contrib> <firstname>Zbigniew</firstname> <surname>Jędrzejewski-Szmek</surname> <email>zbyszek@in.waw.pl</email> </author> </authorgroup> </refentryinfo> <refmeta> <refentrytitle>sd_bus_creds_new_from_pid</refentrytitle> <manvolnum>3</manvolnum> </refmeta> <refnamediv> <refname>sd_bus_creds_new_from_pid</refname> <refname>sd_bus_creds_get_mask</refname> <refname>sd_bus_creds_get_augmented_mask</refname> <refname>sd_bus_creds_ref</refname> <refname>sd_bus_creds_unref</refname> <refpurpose>Retrieve credentials object for the specified PID</refpurpose> </refnamediv> <refsynopsisdiv> <funcsynopsis> <funcsynopsisinfo>#include <systemd/sd-bus.h></funcsynopsisinfo> <funcprototype> <funcdef>int <function>sd_bus_creds_new_from_pid</function></funcdef> <paramdef>pid_t <parameter>pid</parameter></paramdef> <paramdef>uint64_t <parameter>creds_mask</parameter></paramdef> <paramdef>sd_bus_creds **<parameter>ret</parameter></paramdef> </funcprototype> <funcprototype> <funcdef>uint64_t <function>sd_bus_creds_get_mask</function></funcdef> <paramdef>const sd_bus_creds *<parameter>c</parameter></paramdef> </funcprototype> <funcprototype> <funcdef>uint64_t <function>sd_bus_creds_get_augmented_mask</function></funcdef> <paramdef>const sd_bus_creds *<parameter>c</parameter></paramdef> </funcprototype> <funcprototype> <funcdef>sd_bus_creds *<function>sd_bus_creds_ref</function></funcdef> <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef> </funcprototype> <funcprototype> <funcdef>sd_bus_creds *<function>sd_bus_creds_unref</function></funcdef> <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef> </funcprototype> </funcsynopsis> <para> <constant>SD_BUS_CREDS_PID</constant>, <constant>SD_BUS_CREDS_PPID</constant>, <constant>SD_BUS_CREDS_TID</constant>, <constant>SD_BUS_CREDS_UID</constant>, <constant>SD_BUS_CREDS_EUID</constant>, <constant>SD_BUS_CREDS_SUID</constant>, <constant>SD_BUS_CREDS_FSUID</constant>, <constant>SD_BUS_CREDS_GID</constant>, <constant>SD_BUS_CREDS_EGID</constant>, <constant>SD_BUS_CREDS_SGID</constant>, <constant>SD_BUS_CREDS_FSGID</constant>, <constant>SD_BUS_CREDS_SUPPLEMENTARY_GIDS</constant>, <constant>SD_BUS_CREDS_COMM</constant>, <constant>SD_BUS_CREDS_TID_COMM</constant>, <constant>SD_BUS_CREDS_EXE</constant>, <constant>SD_BUS_CREDS_CMDLINE</constant>, <constant>SD_BUS_CREDS_CGROUP</constant>, <constant>SD_BUS_CREDS_UNIT</constant>, <constant>SD_BUS_CREDS_SLICE</constant>, <constant>SD_BUS_CREDS_USER_UNIT</constant>, <constant>SD_BUS_CREDS_USER_SLICE</constant>, <constant>SD_BUS_CREDS_SESSION</constant>, <constant>SD_BUS_CREDS_OWNER_UID</constant>, <constant>SD_BUS_CREDS_EFFECTIVE_CAPS</constant>, <constant>SD_BUS_CREDS_PERMITTED_CAPS</constant>, <constant>SD_BUS_CREDS_INHERITABLE_CAPS</constant>, <constant>SD_BUS_CREDS_BOUNDING_CAPS</constant>, <constant>SD_BUS_CREDS_SELINUX_CONTEXT</constant>, <constant>SD_BUS_CREDS_AUDIT_SESSION_ID</constant>, <constant>SD_BUS_CREDS_AUDIT_LOGIN_UID</constant>, <constant>SD_BUS_CREDS_TTY</constant>, <constant>SD_BUS_CREDS_UNIQUE_NAME</constant>, <constant>SD_BUS_CREDS_WELL_KNOWN_NAMES</constant>, <constant>SD_BUS_CREDS_DESCRIPTION</constant>, <constant>SD_BUS_CREDS_AUGMENT</constant>, <constant>_SD_BUS_CREDS_ALL</constant> </para> </refsynopsisdiv> <refsect1> <title>Description</title> <para><function>sd_bus_creds_new_from_pid()</function> creates a new credentials object and fills it with information about the process <parameter>pid</parameter>. The pointer to this object will be stored in <parameter>ret</parameter> pointer. Note that credential objects may also be created and retrieved via <citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>, <citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry> and <citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para> <para>The information that will be stored is determined by <parameter>creds_mask</parameter>. It may contain a subset of ORed constants <constant>SD_BUS_CREDS_PID</constant>, <constant>SD_BUS_CREDS_PPID</constant>, <constant>SD_BUS_CREDS_TID</constant>, <constant>SD_BUS_CREDS_UID</constant>, <constant>SD_BUS_CREDS_EUID</constant>, <constant>SD_BUS_CREDS_SUID</constant>, <constant>SD_BUS_CREDS_FSUID</constant>, <constant>SD_BUS_CREDS_GID</constant>, <constant>SD_BUS_CREDS_EGID</constant>, <constant>SD_BUS_CREDS_SGID</constant>, <constant>SD_BUS_CREDS_FSGID</constant>, <constant>SD_BUS_CREDS_SUPPLEMENTARY_GIDS</constant>, <constant>SD_BUS_CREDS_COMM</constant>, <constant>SD_BUS_CREDS_TID_COMM</constant>, <constant>SD_BUS_CREDS_EXE</constant>, <constant>SD_BUS_CREDS_CMDLINE</constant>, <constant>SD_BUS_CREDS_CGROUP</constant>, <constant>SD_BUS_CREDS_UNIT</constant>, <constant>SD_BUS_CREDS_SLICE</constant>, <constant>SD_BUS_CREDS_USER_UNIT</constant>, <constant>SD_BUS_CREDS_USER_SLICE</constant>, <constant>SD_BUS_CREDS_SESSION</constant>, <constant>SD_BUS_CREDS_OWNER_UID</constant>, <constant>SD_BUS_CREDS_EFFECTIVE_CAPS</constant>, <constant>SD_BUS_CREDS_PERMITTED_CAPS</constant>, <constant>SD_BUS_CREDS_INHERITABLE_CAPS</constant>, <constant>SD_BUS_CREDS_BOUNDING_CAPS</constant>, <constant>SD_BUS_CREDS_SELINUX_CONTEXT</constant>, <constant>SD_BUS_CREDS_AUDIT_SESSION_ID</constant>, <constant>SD_BUS_CREDS_AUDIT_LOGIN_UID</constant>, <constant>SD_BUS_CREDS_TTY</constant>, <constant>SD_BUS_CREDS_UNIQUE_NAME</constant>, <constant>SD_BUS_CREDS_WELL_KNOWN_NAMES</constant>, <constant>SD_BUS_CREDS_DESCRIPTION</constant>. Use the special value <constant>_SD_BUS_CREDS_ALL</constant> to request all supported fields. The <constant>SD_BUS_CREDS_AUGMENT</constant> may not be ORed into the mask for invocations of <function>sd_bus_creds_new_from_pid()</function>.</para> <para>Fields can be retrieved from the credentials object using <citerefentry><refentrytitle>sd_bus_creds_get_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry> and other functions which correspond directly to the constants listed above.</para> <para>A mask of fields which were actually successfully retrieved can be retrieved with <function>sd_bus_creds_get_mask()</function>. If the credentials object was created with <function>sd_bus_creds_new_from_pid()</function>, this will be a subset of fields requested in <parameter>creds_mask</parameter>. </para> <para>Similar to <function>sd_bus_creds_get_mask()</function> the function <function>sd_bus_creds_get_augmented_mask()</function> returns a bitmask of field constants. The mask indicates which credential fields have been retrieved in a non-atomic fashion. For credential objects created via <function>sd_bus_creds_new_from_pid()</function> this mask will be identical to the mask returned by <function>sd_bus_creds_get_mask()</function>. However, for credential objects retrieved via <function>sd_bus_get_name_creds()</function> this mask will be set for the credential fields that could not be determined atomically at peer connection time, and which were later added by reading augmenting credential data from <filename>/proc</filename>. Similar, for credential objects retrieved via <function>sd_bus_get_owner_creds()</function> the mask is set for the fields that could not be determined atomically at bus creation time, but have been augmented. Similar, for credential objects retrieved via <function>sd_bus_message_get_creds()</function> the mask is set for the fields that could not be determined atomically at message send time, but have been augmented. The mask returned by <function>sd_bus_creds_get_augmented_mask()</function> is always a subset of (or identical to) the mask returned by <function>sd_bus_creds_get_mask()</function> for the same object. The latter call hence returns all credential fields available in the credential object, the former then marks the subset of those that have been augmented. Note that augmented fields are unsuitable for authorization decisions as they may be retrieved at different times, thus being subject to races. Hence augmented fields should be used exclusively for informational purposes. </para> <para><function>sd_bus_creds_ref()</function> creates a new reference to the credentials object <parameter>c</parameter>. This object will not be destroyed until <function>sd_bus_creds_unref()</function> has been called as many times plus once more. Once the reference count has dropped to zero, <parameter>c</parameter> cannot be used anymore, so further calls to <function>sd_bus_creds_ref(c)</function> or <function>sd_bus_creds_unref(c)</function> are illegal.</para> <para><function>sd_bus_creds_unref()</function> destroys a reference to <parameter>c</parameter>.</para> </refsect1> <refsect1> <title>Return Value</title> <para>On success, <function>sd_bus_creds_new_from_pid()</function> returns 0 or a positive integer. On failure, it returns a negative errno-style error code.</para> <para><function>sd_bus_creds_get_mask()</function> returns the mask of successfully acquired fields.</para> <para><function>sd_bus_creds_get_augmented_mask()</function> returns the mask of fields that have been augmented from data in <filename>/proc</filename>, and are thus not suitable for authorization decisions.</para> <para><function>sd_bus_creds_ref()</function> always returns the argument.</para> <para><function>sd_bus_creds_unref()</function> always returns <constant>NULL</constant>.</para> </refsect1> <refsect1> <title>Reference ownership</title> <para>Function <function>sd_bus_creds_new_from_pid()</function> creates a new object and the caller owns the sole reference. When not needed anymore, this reference should be destroyed with <citerefentry><refentrytitle>sd_bus_creds_unref</refentrytitle><manvolnum>3</manvolnum></citerefentry>. </para> </refsect1> <refsect1> <title>Errors</title> <para>Returned errors may indicate the following problems:</para> <variablelist> <varlistentry> <term><constant>-ESRCH</constant></term> <listitem><para>Specified <parameter>pid</parameter> could not be found.</para></listitem> </varlistentry> <varlistentry> <term><constant>-EINVAL</constant></term> <listitem><para>Specified parameter is invalid (<constant>NULL</constant> in case of output parameters).</para></listitem> </varlistentry> <varlistentry> <term><constant>-ENOMEM</constant></term> <listitem><para>Memory allocation failed.</para></listitem> </varlistentry> <varlistentry> <term><constant>-EOPNOTSUPP</constant></term> <listitem><para>One of the requested fields is unknown to the local system.</para></listitem> </varlistentry> </variablelist> </refsect1> <refsect1> <title>Notes</title> <para><function>sd_bus_creds_new_from_pid()</function> and the other calls described here are available as a shared library, which can be compiled and linked to with the <constant>libsystemd</constant> <citerefentry project='die-net'><refentrytitle>pkg-config</refentrytitle><manvolnum>1</manvolnum></citerefentry> file.</para> </refsect1> <refsect1> <title>See Also</title> <para> <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>, <citerefentry><refentrytitle>sd_bus_creds_get_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry>, <citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>, <citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>, <citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry> </para> </refsect1> </refentry>