mirror of
https://github.com/systemd/systemd.git
synced 2024-12-12 03:33:44 +08:00
87fe0a6960
Fixes #31920.
310 lines
15 KiB
XML
310 lines
15 KiB
XML
<?xml version='1.0'?>
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
|
|
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
|
|
|
|
<refentry id="sd_bus_creds_new_from_pid" xmlns:xi="http://www.w3.org/2001/XInclude">
|
|
|
|
<refentryinfo>
|
|
<title>sd_bus_creds_new_from_pid</title>
|
|
<productname>systemd</productname>
|
|
</refentryinfo>
|
|
|
|
<refmeta>
|
|
<refentrytitle>sd_bus_creds_new_from_pid</refentrytitle>
|
|
<manvolnum>3</manvolnum>
|
|
</refmeta>
|
|
|
|
<refnamediv>
|
|
<refname>sd_bus_creds_new_from_pid</refname>
|
|
<refname>sd_bus_creds_new_from_pidfd</refname>
|
|
<refname>sd_bus_creds_get_mask</refname>
|
|
<refname>sd_bus_creds_get_augmented_mask</refname>
|
|
<refname>sd_bus_creds_ref</refname>
|
|
<refname>sd_bus_creds_unref</refname>
|
|
<refname>sd_bus_creds_unrefp</refname>
|
|
|
|
<refpurpose>Retrieve credentials object for the specified PID</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsynopsisdiv>
|
|
<funcsynopsis>
|
|
<funcsynopsisinfo>#include <systemd/sd-bus.h></funcsynopsisinfo>
|
|
|
|
<funcprototype>
|
|
<funcdef>int <function>sd_bus_creds_new_from_pid</function></funcdef>
|
|
<paramdef>pid_t <parameter>pid</parameter></paramdef>
|
|
<paramdef>uint64_t <parameter>creds_mask</parameter></paramdef>
|
|
<paramdef>sd_bus_creds **<parameter>ret</parameter></paramdef>
|
|
</funcprototype>
|
|
|
|
<funcprototype>
|
|
<funcdef>int <function>sd_bus_creds_new_from_pidfd</function></funcdef>
|
|
<paramdef>int <parameter>pidfd</parameter></paramdef>
|
|
<paramdef>uint64_t <parameter>creds_mask</parameter></paramdef>
|
|
<paramdef>sd_bus_creds **<parameter>ret</parameter></paramdef>
|
|
</funcprototype>
|
|
|
|
<funcprototype>
|
|
<funcdef>uint64_t <function>sd_bus_creds_get_mask</function></funcdef>
|
|
<paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
|
|
</funcprototype>
|
|
|
|
<funcprototype>
|
|
<funcdef>uint64_t <function>sd_bus_creds_get_augmented_mask</function></funcdef>
|
|
<paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
|
|
</funcprototype>
|
|
|
|
<funcprototype>
|
|
<funcdef>sd_bus_creds *<function>sd_bus_creds_ref</function></funcdef>
|
|
<paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
|
|
</funcprototype>
|
|
|
|
<funcprototype>
|
|
<funcdef>sd_bus_creds *<function>sd_bus_creds_unref</function></funcdef>
|
|
<paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
|
|
</funcprototype>
|
|
|
|
<funcprototype>
|
|
<funcdef>void <function>sd_bus_creds_unrefp</function></funcdef>
|
|
<paramdef>sd_bus_creds **<parameter>c</parameter></paramdef>
|
|
</funcprototype>
|
|
</funcsynopsis>
|
|
|
|
<para>
|
|
<constant>SD_BUS_CREDS_PID</constant>,
|
|
<constant>SD_BUS_CREDS_PPID</constant>,
|
|
<constant>SD_BUS_CREDS_TID</constant>,
|
|
<constant>SD_BUS_CREDS_UID</constant>,
|
|
<constant>SD_BUS_CREDS_EUID</constant>,
|
|
<constant>SD_BUS_CREDS_SUID</constant>,
|
|
<constant>SD_BUS_CREDS_FSUID</constant>,
|
|
<constant>SD_BUS_CREDS_GID</constant>,
|
|
<constant>SD_BUS_CREDS_EGID</constant>,
|
|
<constant>SD_BUS_CREDS_SGID</constant>,
|
|
<constant>SD_BUS_CREDS_FSGID</constant>,
|
|
<constant>SD_BUS_CREDS_SUPPLEMENTARY_GIDS</constant>,
|
|
<constant>SD_BUS_CREDS_COMM</constant>,
|
|
<constant>SD_BUS_CREDS_TID_COMM</constant>,
|
|
<constant>SD_BUS_CREDS_EXE</constant>,
|
|
<constant>SD_BUS_CREDS_CMDLINE</constant>,
|
|
<constant>SD_BUS_CREDS_CGROUP</constant>,
|
|
<constant>SD_BUS_CREDS_UNIT</constant>,
|
|
<constant>SD_BUS_CREDS_SLICE</constant>,
|
|
<constant>SD_BUS_CREDS_USER_UNIT</constant>,
|
|
<constant>SD_BUS_CREDS_USER_SLICE</constant>,
|
|
<constant>SD_BUS_CREDS_SESSION</constant>,
|
|
<constant>SD_BUS_CREDS_OWNER_UID</constant>,
|
|
<constant>SD_BUS_CREDS_EFFECTIVE_CAPS</constant>,
|
|
<constant>SD_BUS_CREDS_PERMITTED_CAPS</constant>,
|
|
<constant>SD_BUS_CREDS_INHERITABLE_CAPS</constant>,
|
|
<constant>SD_BUS_CREDS_BOUNDING_CAPS</constant>,
|
|
<constant>SD_BUS_CREDS_SELINUX_CONTEXT</constant>,
|
|
<constant>SD_BUS_CREDS_AUDIT_SESSION_ID</constant>,
|
|
<constant>SD_BUS_CREDS_AUDIT_LOGIN_UID</constant>,
|
|
<constant>SD_BUS_CREDS_TTY</constant>,
|
|
<constant>SD_BUS_CREDS_UNIQUE_NAME</constant>,
|
|
<constant>SD_BUS_CREDS_WELL_KNOWN_NAMES</constant>,
|
|
<constant>SD_BUS_CREDS_DESCRIPTION</constant>,
|
|
<constant>SD_BUS_CREDS_PIDFD</constant>,
|
|
<constant>SD_BUS_CREDS_AUGMENT</constant>,
|
|
<constant>_SD_BUS_CREDS_ALL</constant>
|
|
</para>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1>
|
|
<title>Description</title>
|
|
|
|
<para><function>sd_bus_creds_new_from_pid()</function> creates a
|
|
new credentials object and fills it with information about the
|
|
process <parameter>pid</parameter>. The pointer to this object
|
|
will be stored in the <parameter>ret</parameter> pointer. Note that
|
|
credential objects may also be created and retrieved via
|
|
<citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>
|
|
and
|
|
<citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para>
|
|
|
|
<para><function>sd_bus_creds_new_from_pidfd()</function> is identical to
|
|
<function>sd_bus_creds_new_from_pid()</function>, but takes a PID file descriptor rather than a numeric
|
|
PID as reference to the process. See <citerefentry
|
|
project='man-pages'><refentrytitle>pidfd_open</refentrytitle><manvolnum>2</manvolnum></citerefentry>.</para>
|
|
|
|
<para>The information that will be stored is determined by <parameter>creds_mask</parameter>. It may
|
|
contain a subset of ORed constants <constant>SD_BUS_CREDS_PID</constant>,
|
|
<constant>SD_BUS_CREDS_PPID</constant>, <constant>SD_BUS_CREDS_TID</constant>,
|
|
<constant>SD_BUS_CREDS_UID</constant>, <constant>SD_BUS_CREDS_EUID</constant>,
|
|
<constant>SD_BUS_CREDS_SUID</constant>, <constant>SD_BUS_CREDS_FSUID</constant>,
|
|
<constant>SD_BUS_CREDS_GID</constant>, <constant>SD_BUS_CREDS_EGID</constant>,
|
|
<constant>SD_BUS_CREDS_SGID</constant>, <constant>SD_BUS_CREDS_FSGID</constant>,
|
|
<constant>SD_BUS_CREDS_SUPPLEMENTARY_GIDS</constant>, <constant>SD_BUS_CREDS_COMM</constant>,
|
|
<constant>SD_BUS_CREDS_TID_COMM</constant>, <constant>SD_BUS_CREDS_EXE</constant>,
|
|
<constant>SD_BUS_CREDS_CMDLINE</constant>, <constant>SD_BUS_CREDS_CGROUP</constant>,
|
|
<constant>SD_BUS_CREDS_UNIT</constant>, <constant>SD_BUS_CREDS_SLICE</constant>,
|
|
<constant>SD_BUS_CREDS_USER_UNIT</constant>, <constant>SD_BUS_CREDS_USER_SLICE</constant>,
|
|
<constant>SD_BUS_CREDS_SESSION</constant>, <constant>SD_BUS_CREDS_OWNER_UID</constant>,
|
|
<constant>SD_BUS_CREDS_EFFECTIVE_CAPS</constant>, <constant>SD_BUS_CREDS_PERMITTED_CAPS</constant>,
|
|
<constant>SD_BUS_CREDS_INHERITABLE_CAPS</constant>, <constant>SD_BUS_CREDS_BOUNDING_CAPS</constant>,
|
|
<constant>SD_BUS_CREDS_SELINUX_CONTEXT</constant>, <constant>SD_BUS_CREDS_AUDIT_SESSION_ID</constant>,
|
|
<constant>SD_BUS_CREDS_AUDIT_LOGIN_UID</constant>, <constant>SD_BUS_CREDS_TTY</constant>,
|
|
<constant>SD_BUS_CREDS_UNIQUE_NAME</constant>, <constant>SD_BUS_CREDS_WELL_KNOWN_NAMES</constant>,
|
|
<constant>SD_BUS_CREDS_DESCRIPTION</constant>, and <constant>SD_BUS_CREDS_PIDFD</constant>. Use the
|
|
special value <constant>_SD_BUS_CREDS_ALL</constant> to request all supported fields. The
|
|
<constant>SD_BUS_CREDS_AUGMENT</constant> constant may not be ORed into the mask for invocations of
|
|
<function>sd_bus_creds_new_from_pid()</function> or
|
|
<function>sd_bus_creds_new_from_pidfd()</function>.</para>
|
|
|
|
<para>Fields can be retrieved from the credentials object using
|
|
<citerefentry><refentrytitle>sd_bus_creds_get_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry>
|
|
and other functions which correspond directly to the constants
|
|
listed above.</para>
|
|
|
|
<para>A mask of fields which were actually successfully retrieved can be retrieved with
|
|
<function>sd_bus_creds_get_mask()</function>. If the credentials object was created with
|
|
<function>sd_bus_creds_new_from_pid()</function> or <function>sd_bus_creds_new_from_pidfd()</function>,
|
|
this will be a subset of fields requested in <parameter>creds_mask</parameter>.
|
|
</para>
|
|
|
|
<para>Similar to <function>sd_bus_creds_get_mask()</function>, the function
|
|
<function>sd_bus_creds_get_augmented_mask()</function> returns a bitmask of field constants. The mask
|
|
indicates which credential fields have been retrieved in a non-atomic fashion. For credential objects
|
|
created via <function>sd_bus_creds_new_from_pid()</function> or
|
|
<function>sd_bus_creds_new_from_pidfd()</function>, this mask will be identical to the mask returned by
|
|
<function>sd_bus_creds_get_mask()</function>. However, for credential objects retrieved via
|
|
<function>sd_bus_get_name_creds()</function>, this mask will be set for the credential fields that could
|
|
not be determined atomically at peer connection time, and which were later added by reading augmenting
|
|
credential data from <filename>/proc/</filename>. Similarly, for credential objects retrieved via
|
|
<function>sd_bus_get_owner_creds()</function>, the mask is set for the fields that could not be
|
|
determined atomically at bus creation time, but have been augmented. Similarly, for credential objects
|
|
retrieved via <function>sd_bus_message_get_creds()</function>, the mask is set for the fields that could
|
|
not be determined atomically at message sending time, but have been augmented. The mask returned by
|
|
<function>sd_bus_creds_get_augmented_mask()</function> is always a subset of (or identical to) the mask
|
|
returned by <function>sd_bus_creds_get_mask()</function> for the same object. The latter call hence
|
|
returns all credential fields available in the credential object, the former then marks the subset of
|
|
those that have been augmented. Note that augmented fields are unsuitable for authorization decisions, as
|
|
they may be retrieved at different times, thus being subject to races. Hence, augmented fields should be
|
|
used exclusively for informational purposes.
|
|
</para>
|
|
|
|
<para><function>sd_bus_creds_ref()</function> creates a new
|
|
reference to the credentials object <parameter>c</parameter>. This
|
|
object will not be destroyed until
|
|
<function>sd_bus_creds_unref()</function> has been called as many
|
|
times plus once more. Once the reference count has dropped to zero,
|
|
<parameter>c</parameter> cannot be used anymore, so further
|
|
calls to <function>sd_bus_creds_ref(c)</function> or
|
|
<function>sd_bus_creds_unref(c)</function> are illegal.</para>
|
|
|
|
<para><function>sd_bus_creds_unref()</function> destroys a reference
|
|
to <parameter>c</parameter>.</para>
|
|
|
|
<para><function>sd_bus_creds_unrefp()</function> is similar to
|
|
<function>sd_bus_creds_unref()</function> but takes a pointer to a
|
|
pointer to an <type>sd_bus_creds</type> object. This call is useful in
|
|
conjunction with GCC's and LLVM's <ulink
|
|
url="https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html">Clean-up
|
|
Variable Attribute</ulink>. Note that this function is defined as
|
|
inline function.</para>
|
|
|
|
<para><function>sd_bus_creds_ref()</function>,
|
|
<function>sd_bus_creds_unref()</function> and
|
|
<function>sd_bus_creds_unrefp()</function> execute no operation if
|
|
the passed in bus credentials object is
|
|
<constant>NULL</constant>.</para>
|
|
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Return Value</title>
|
|
|
|
<para>On success, <function>sd_bus_creds_new_from_pid()</function> and
|
|
<function>sd_bus_creds_new_from_pidfd()</function> return 0 or a positive integer. On failure, they return
|
|
a negative errno-style error code.</para>
|
|
|
|
<para><function>sd_bus_creds_get_mask()</function> returns the
|
|
mask of successfully acquired fields.</para>
|
|
|
|
<para><function>sd_bus_creds_get_augmented_mask()</function>
|
|
returns the mask of fields that have been augmented from data in
|
|
<filename>/proc/</filename>, and are thus not suitable for
|
|
authorization decisions.</para>
|
|
|
|
<para><function>sd_bus_creds_ref()</function> always returns the
|
|
argument.</para>
|
|
|
|
<para><function>sd_bus_creds_unref()</function> always returns
|
|
<constant>NULL</constant>.</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Reference ownership</title>
|
|
|
|
<para>The functions <function>sd_bus_creds_new_from_pid()</function> and
|
|
<function>sd_bus_creds_new_from_pidfd()</function> create a new object and the caller owns the sole
|
|
reference. When not needed anymore, this reference should be destroyed with
|
|
<citerefentry><refentrytitle>sd_bus_creds_unref</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
|
|
</para>
|
|
|
|
<refsect2>
|
|
<title>Errors</title>
|
|
|
|
<para>Returned errors may indicate the following problems:</para>
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry>
|
|
<term><constant>-ESRCH</constant></term>
|
|
|
|
<listitem><para>Specified <parameter>pid</parameter> could not be found.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><constant>-EINVAL</constant></term>
|
|
|
|
<listitem><para>Specified parameter is invalid (<constant>NULL</constant> in case of output
|
|
parameters).</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><constant>-ENOMEM</constant></term>
|
|
|
|
<listitem><para>Memory allocation failed.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><constant>-EOPNOTSUPP</constant></term>
|
|
|
|
<listitem><para>One of the requested fields is unknown to the local system.</para></listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</refsect2>
|
|
</refsect1>
|
|
|
|
<xi:include href="libsystemd-pkgconfig.xml" />
|
|
|
|
<refsect1>
|
|
<title>History</title>
|
|
<para><function>sd_bus_creds_new_from_pid()</function>,
|
|
<function>sd_bus_creds_get_mask()</function>,
|
|
<function>sd_bus_creds_ref()</function>,
|
|
<function>sd_bus_creds_unref()</function>, and
|
|
<function>sd_bus_creds_get_augmented_mask()</function> were added in version 221.</para>
|
|
<para><function>sd_bus_creds_unrefp()</function> was added in version 229.</para>
|
|
<para><function>sd_bus_creds_new_from_pidfd()</function> was added in version 256.</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>See Also</title>
|
|
|
|
<para><simplelist type="inline">
|
|
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
|
|
<member><citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
|
|
<member><citerefentry><refentrytitle>sd_bus_creds_get_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
|
|
<member><citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
|
|
<member><citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
|
|
<member><citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
|
|
</simplelist></para>
|
|
</refsect1>
|
|
|
|
</refentry>
|