1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
|
<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
<refentry id="sd_bus_query_sender_creds" xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>
<title>sd_bus_query_sender_creds</title>
<productname>systemd</productname>
</refentryinfo>
<refmeta>
<refentrytitle>sd_bus_query_sender_creds</refentrytitle>
<manvolnum>3</manvolnum>
</refmeta>
<refnamediv>
<refname>sd_bus_query_sender_creds</refname>
<refname>sd_bus_query_sender_privilege</refname>
<refpurpose>Query bus message sender credentials/privileges</refpurpose>
</refnamediv>
<refsynopsisdiv>
<funcsynopsis>
<funcsynopsisinfo>#include <systemd/sd-bus.h></funcsynopsisinfo>
<funcprototype>
<funcdef>int <function>sd_bus_query_sender_creds</function></funcdef>
<paramdef>sd_bus_message *<parameter>m</parameter></paramdef>
<paramdef>uint64_t <parameter>mask</parameter></paramdef>
<paramdef>sd_bus_creds **<parameter>creds</parameter></paramdef>
</funcprototype>
<funcprototype>
<funcdef>sd_bus_error* <function>sd_bus_query_sender_privilege</function></funcdef>
<paramdef>sd_bus_message *<parameter>m</parameter></paramdef>
<paramdef>int <parameter>capability</parameter></paramdef>
</funcprototype>
</funcsynopsis>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para><function>sd_bus_query_sender_creds()</function> returns the credentials of the message
<parameter>m</parameter>. The <parameter>mask</parameter> parameter is a combo of
<constant index='false'>SD_BUS_CREDS_*</constant> flags that indicate which credential info the caller is
interested in. See
<citerefentry><refentrytitle>sd_bus_creds_new_from_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry>
for a list of possible flags. First, this message checks if the requested credentials are attached to the
message itself. If not, but the message contains the pid of the sender and the caller specified the
<constant index='false'>SD_BUS_CREDS_AUGMENT</constant> flag, this function tries to figure out
the missing credentials via other means (starting from the pid). If the pid isn't available but the
message has a sender, this function calls
<citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>
to get the requested credentials. If the message has no sender (when a direct connection is used), this
function calls
<citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>
to get the requested credentials. On success, the requested credentials are stored in
<parameter>creds</parameter>. Ownership of the credentials object in <parameter>creds</parameter> is
transferred to the caller and should be freed by calling
<citerefentry><refentrytitle>sd_bus_creds_unref</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
</para>
<para><function>sd_bus_query_sender_privilege()</function> checks if the message <parameter>m</parameter>
has the requested privileges. If <parameter>capability</parameter> is a non-negative integer, this
function checks if the message has the capability with the same value. See
<citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for a list of capabilities. If <parameter>capability</parameter> is a negative integer, this function
returns whether the sender of the message runs as the same user as the receiver of the message, or if the
sender of the message runs as root and the receiver of the message does not run as root. On success and
if the message has the requested privileges, this function returns a positive integer. If the message
does not have the requested privileges, this function returns zero.</para>
</refsect1>
<refsect1>
<title>Return Value</title>
<para>On success, these functions return a non-negative integer. On failure, they return a negative
errno-style error code.</para>
<refsect2>
<title>Errors</title>
<para>Returned errors may indicate the following problems:</para>
<variablelist>
<varlistentry>
<term><constant>-EINVAL</constant></term>
<listitem><para>The message <parameter>m</parameter> or an output parameter is
<constant>NULL</constant>.</para>
<xi:include href="version-info.xml" xpointer="v246"/></listitem>
</varlistentry>
<varlistentry>
<term><constant>-ENOTCONN</constant></term>
<listitem><para>The bus of <parameter>m</parameter> is not connected.</para>
<xi:include href="version-info.xml" xpointer="v246"/></listitem>
</varlistentry>
<varlistentry>
<term><constant>-ECHILD</constant></term>
<listitem><para>The bus of <parameter>m</parameter> was created in a different process, library or module instance.
</para>
<xi:include href="version-info.xml" xpointer="v246"/></listitem>
</varlistentry>
<varlistentry>
<term><constant>-EPERM</constant></term>
<listitem><para>The message <parameter>m</parameter> is not sealed.</para>
<xi:include href="version-info.xml" xpointer="v246"/></listitem>
</varlistentry>
</variablelist>
</refsect2>
</refsect1>
<xi:include href="libsystemd-pkgconfig.xml" />
<refsect1>
<title>History</title>
<para><function>sd_bus_query_sender_creds()</function> and
<function>sd_bus_query_sender_privilege()</function> were added in version 246.</para>
</refsect1>
<refsect1>
<title>See Also</title>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>sd_bus_creds_new_from_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>sd_bus_creds_unref</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
<member><citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>
|