1SD_BUS_QUERY_SENDER_CREDS(3)sd_bus_query_sender_credSsD_BUS_QUERY_SENDER_CREDS(3)
2
3
4

NAME

6       sd_bus_query_sender_creds, sd_bus_query_sender_privilege - Query bus
7       message sender credentials/privileges
8

SYNOPSIS

10       #include <systemd/sd-bus.h>
11
12       int sd_bus_query_sender_creds(sd_bus_message *m, uint64_t mask,
13                                     sd_bus_creds **creds);
14
15       sd_bus_error* sd_bus_query_sender_privilege(sd_bus_message *m,
16                                                   int capability);
17

DESCRIPTION

19       sd_bus_query_sender_creds() returns the credentials of the message m.
20       The mask parameter is a combo of SD_BUS_CREDS_* flags that indicate
21       which credential info the caller is interested in. See
22       sd_bus_creds_new_from_pid(3) for a list of possible flags. First, this
23       message checks if the requested credentials are attached to the message
24       itself. If not, but the message contains the pid of the sender and the
25       caller specified the SD_BUS_CREDS_AUGMENT flag, this function tries to
26       figure out the missing credentials via other means (starting from the
27       pid). If the pid isn't available but the message has a sender, this
28       function calls sd_bus_get_name_creds(3) to get the requested
29       credentials. If the message has no sender (when a direct connection is
30       used), this function calls sd_bus_get_owner_creds(3) to get the
31       requested credentials. On success, the requested credentials are stored
32       in creds. Ownership of the credentials object in creds is transferred
33       to the caller and should be freed by calling sd_bus_creds_unref(3).
34
35       sd_bus_query_sender_privilege() checks if the message m has the
36       requested privileges. If capability is a non-negative integer, this
37       function checks if the message has the capability with the same value.
38       See capabilities(7) for a list of capabilities. If capability is a
39       negative integer, this function returns whether the sender of the
40       message runs as the same user as the receiver of the message, or if the
41       sender of the message runs as root and the receiver of the message does
42       not run as root. On success and if the message has the requested
43       privileges, this function returns a positive integer. If the message
44       does not have the requested privileges, this function returns zero.
45

RETURN VALUE

47       On success, these functions return a non-negative integer. On failure,
48       they return a negative errno-style error code.
49
50   Errors
51       Returned errors may indicate the following problems:
52
53       -EINVAL
54           The message m or an output parameter is NULL.
55
56       -ENOTCONN
57           The bus of m is not connected.
58
59       -ECHILD
60           The bus of m was created in a different process.
61
62       -EPERM
63           The message m is not sealed.
64

NOTES

66       These APIs are implemented as a shared library, which can be compiled
67       and linked to with the libsystemd pkg-config(1) file.
68

SEE ALSO

70       systemd(1), sd-bus(3), sd_bus_creds_new_from_pid(3),
71       sd_bus_get_name_creds(3), sd_bus_get_owner_creds(3),
72       sd_bus_creds_unref(3), capabilities(7)
73
74
75
76systemd 251                                       SD_BUS_QUERY_SENDER_CREDS(3)
Impressum