1SD_BUS_CREDS_GET_PID(3) sd_bus_creds_get_pid SD_BUS_CREDS_GET_PID(3)
2
6 sd_bus_creds_get_pid, sd_bus_creds_get_ppid, sd_bus_creds_get_tid,
7 sd_bus_creds_get_uid, sd_bus_creds_get_euid, sd_bus_creds_get_suid,
8 sd_bus_creds_get_fsuid, sd_bus_creds_get_gid, sd_bus_creds_get_egid,
9 sd_bus_creds_get_sgid, sd_bus_creds_get_fsgid,
10 sd_bus_creds_get_supplementary_gids, sd_bus_creds_get_comm,
11 sd_bus_creds_get_tid_comm, sd_bus_creds_get_exe,
12 sd_bus_creds_get_cmdline, sd_bus_creds_get_cgroup,
13 sd_bus_creds_get_unit, sd_bus_creds_get_slice,
14 sd_bus_creds_get_user_unit, sd_bus_creds_get_user_slice,
15 sd_bus_creds_get_session, sd_bus_creds_get_owner_uid,
16 sd_bus_creds_has_effective_cap, sd_bus_creds_has_permitted_cap,
17 sd_bus_creds_has_inheritable_cap, sd_bus_creds_has_bounding_cap,
18 sd_bus_creds_get_selinux_context, sd_bus_creds_get_audit_session_id,
19 sd_bus_creds_get_audit_login_uid, sd_bus_creds_get_tty,
20 sd_bus_creds_get_unique_name, sd_bus_creds_get_well_known_names,
21 sd_bus_creds_get_description - Retrieve fields from a credentials
22 object
23
25 #include <systemd/sd-bus.h>
26 int sd_bus_creds_get_pid(sd_bus_creds *c, pid_t *pid);
28 int sd_bus_creds_get_ppid(sd_bus_creds *c, pid_t *ppid);
30 int sd_bus_creds_get_tid(sd_bus_creds *c, pid_t *tid);
32 int sd_bus_creds_get_uid(sd_bus_creds *c, uid_t *uid);
34 int sd_bus_creds_get_euid(sd_bus_creds *c, uid_t *uid);
36 int sd_bus_creds_get_suid(sd_bus_creds *c, uid_t *uid);
38 int sd_bus_creds_get_fsuid(sd_bus_creds *c, uid_t *uid);
40 int sd_bus_creds_get_gid(sd_bus_creds *c, gid_t *gid);
42 int sd_bus_creds_get_egid(sd_bus_creds *c, gid_t *gid);
44 int sd_bus_creds_get_sgid(sd_bus_creds *c, gid_t *gid);
46 int sd_bus_creds_get_fsgid(sd_bus_creds *c, gid_t *gid);
48 int sd_bus_creds_get_supplementary_gids(sd_bus_creds *c,
50 const gid_t **gids);
51 int sd_bus_creds_get_comm(sd_bus_creds *c, const char **comm);
53 int sd_bus_creds_get_tid_comm(sd_bus_creds *c, const char **comm);
55 int sd_bus_creds_get_exe(sd_bus_creds *c, const char **exe);
57 int sd_bus_creds_get_cmdline(sd_bus_creds *c, char ***cmdline);
59 int sd_bus_creds_get_cgroup(sd_bus_creds *c, const char **cgroup);
61 int sd_bus_creds_get_unit(sd_bus_creds *c, const char **unit);
63 int sd_bus_creds_get_slice(sd_bus_creds *c, const char **slice);
65 int sd_bus_creds_get_user_unit(sd_bus_creds *c, const char **unit);
67 int sd_bus_creds_get_user_slice(sd_bus_creds *c, const char **slice);
69 int sd_bus_creds_get_session(sd_bus_creds *c, const char **slice);
71 int sd_bus_creds_get_owner_uid(sd_bus_creds *c, uid_t *uid);
73 int sd_bus_creds_has_effective_cap(sd_bus_creds *c, int capability);
75 int sd_bus_creds_has_permitted_cap(sd_bus_creds *c, int capability);
77 int sd_bus_creds_has_inheritable_cap(sd_bus_creds *c, int capability);
79 int sd_bus_creds_has_bounding_cap(sd_bus_creds *c, int capability);
81 int sd_bus_creds_get_selinux_context(sd_bus_creds *c,
83 const char **context);
84 int sd_bus_creds_get_audit_session_id(sd_bus_creds *c,
86 uint32_t *sessionid);
87 int sd_bus_creds_get_audit_login_uid(sd_bus_creds *c, uid_t *loginuid);
89 int sd_bus_creds_get_tty(sd_bus_creds *c, const char **tty);
91 int sd_bus_creds_get_unique_name(sd_bus_creds *c, const char **name);
93 int sd_bus_creds_get_well_known_names(sd_bus_creds *c, char ***name);
95 int sd_bus_creds_get_description(sd_bus_creds *c, const char **name);
97
99 These functions return credential information from an sd_bus_creds
100 object. Credential objects may be created with
101 sd_bus_creds_new_from_pid(3), in which case they describe the
102 credentials of the process identified by the specified PID, with
103 sd_bus_get_name_creds(3), in which case they describe the credentials
104 of a bus peer identified by the specified bus name, with
105 sd_bus_get_owner_creds(3), in which case they describe the credentials
106 of the creator of a bus, or with sd_bus_message_get_creds(3), in which
107 case they describe the credentials of the sender of the message.
108 Not all credential fields are part of every "sd_bus_creds" object. Use
110 sd_bus_creds_get_mask(3) to determine the mask of fields available.
111 sd_bus_creds_get_pid() will retrieve the PID (process identifier).
113 Similarly, sd_bus_creds_get_ppid() will retrieve the parent PID. Note
114 that PID 1 has no parent process, in which case -ENXIO is returned.
115 sd_bus_creds_get_tid() will retrieve the TID (thread identifier).
117 sd_bus_creds_get_uid() will retrieve the numeric UID (user identifier).
119 Similarly, sd_bus_creds_get_euid() returns the effective UID,
120 sd_bus_creds_get_suid() the saved UID and sd_bus_creds_get_fsuid() the
121 file system UID.
122 sd_bus_creds_get_gid() will retrieve the numeric GID (group
124 identifier). Similarly, sd_bus_creds_get_egid() returns the effective
125 GID, sd_bus_creds_get_sgid() the saved GID and sd_bus_creds_get_fsgid()
126 the file system GID.
127 sd_bus_creds_get_supplementary_gids() will retrieve the supplementary
129 GIDs list.
130 sd_bus_creds_get_comm() will retrieve the comm field (truncated name of
132 the executable, as stored in /proc/pid/comm).
133 sd_bus_creds_get_tid_comm() will retrieve the comm field of the thread
135 (as stored in /proc/pid/task/tid/comm).
136 sd_bus_creds_get_exe() will retrieve the path to the program executable
138 (as stored in the /proc/pid/exe link, but with the " (deleted)" suffix
139 removed). Note that kernel threads do not have an executable path, in
140 which case -ENXIO is returned.
141 sd_bus_creds_get_cmdline() will retrieve an array of command line
143 arguments (as stored in /proc/pid/cmdline). Note that kernel threads do
144 not have a command line, in which case -ENXIO is returned.
145 sd_bus_creds_get_cgroup() will retrieve the control group path. See
147 cgroups.txt[1].
148 sd_bus_creds_get_unit() will retrieve the systemd unit name (in the
150 system instance of systemd) that the process is a part of. See
151 systemd.unit(5). For processes that are not part of a unit, returns
152 -ENXIO.
153 sd_bus_creds_get_user_unit() will retrieve the systemd unit name (in
155 the user instance of systemd) that the process is a part of. See
156 systemd.unit(5). For processes that are not part of a user unit,
157 returns -ENXIO.
158 sd_bus_creds_get_slice() will retrieve the systemd slice (a unit in the
160 system instance of systemd) that the process is a part of. See
161 systemd.slice(5). Similarly, sd_bus_creds_get_user_slice() retrieves
162 the systemd slice of the process, in the user instance of systemd.
163 sd_bus_creds_get_session() will retrieve the identifier of the login
165 session that the process is a part of. Please note the login session
166 may be limited to a stub process or two. User processes may instead be
167 started from their systemd user manager, e.g. GUI applications started
168 using DBus activation, as well as service processes which are shared
169 between multiple logins of the same user. For processes that are not
170 part of a session, returns -ENXIO.
171 sd_bus_creds_get_owner_uid() will retrieve the numeric UID (user
173 identifier) of the user who owns the user unit or login session that
174 the process is a part of. See systemd-logind.service(8). For processes
175 that are not part of a user unit or session, returns -ENXIO.
176 sd_bus_creds_has_effective_cap() will check whether the capability
178 specified by capability was set in the effective capabilities mask. A
179 positive return value means that it was set, zero means that it was not
180 set, and a negative return value indicates an error. See
181 capabilities(7) and the AmbientCapabilities= and CapabilityBoundingSet=
182 settings in systemd.exec(5).
183 sd_bus_creds_has_permitted_cap() is similar to
185 sd_bus_creds_has_effective_cap(), but will check the permitted
186 capabilities mask.
187 sd_bus_creds_has_inheritable_cap() is similar to
189 sd_bus_creds_has_effective_cap(), but will check the inheritable
190 capabilities mask.
191 sd_bus_creds_has_bounding_cap() is similar to
193 sd_bus_creds_has_effective_cap(), but will check the bounding
194 capabilities mask.
195 sd_bus_creds_get_selinux_context() will retrieve the SELinux security
197 context (label) of the process.
198 sd_bus_creds_get_audit_session_id() will retrieve the audit session
200 identifier of the process. Returns -ENXIO for processes that are not
201 part of an audit session.
202 sd_bus_creds_get_audit_login_uid() will retrieve the audit user login
204 identifier (the identifier of the user who is "responsible" for the
205 session). Returns -ENXIO for processes that are not part of an audit
206 session.
207 sd_bus_creds_get_tty() will retrieve the controlling TTY, without the
209 prefixing "/dev/". Returns -ENXIO for processes that have no
210 controlling TTY.
211 sd_bus_creds_get_unique_name() will retrieve the D-Bus unique name. See
213 The D-Bus specification[2].
214 sd_bus_creds_get_well_known_names() will retrieve the set of D-Bus
216 well-known names. See The D-Bus specification[2].
217 sd_bus_creds_get_description() will retrieve a descriptive name of the
219 bus connection of the peer. This name is useful to discern multiple bus
220 connections by the same peer, and may be altered by the peer with the
221 sd_bus_set_description(3) call.
222 All functions that take a const char** parameter will store the answer
224 there as an address of a NUL-terminated string. It will be valid as
225 long as c remains valid, and should not be freed or modified by the
226 caller.
227 All functions that take a char*** parameter will store the answer there
229 as an address of an array of strings. Each individual string is
230 NUL-terminated, and the array is NULL-terminated as a whole. It will be
231 valid as long as c remains valid, and should not be freed or modified
232 by the caller.
233
235 On success, these calls return 0 or a positive integer. On failure,
236 these calls return a negative errno-style error code.
237
239 Returned errors may indicate the following problems:
240 -ENODATA
242 The given field is not available in the credentials object c.
243 -ENXIO
245 The given field is not specified for the described process or peer.
246 This will be returned by sd_bus_creds_get_unit(),
247 sd_bus_creds_get_slice(), sd_bus_creds_get_user_unit(),
248 sd_bus_creds_get_user_slice(), and sd_bus_creds_get_session() if
249 the process is not part of a systemd system unit, systemd user
250 unit, systemd slice, or logind session. It will be returned by
251 sd_bus_creds_get_owner_uid() if the process is not part of a
252 systemd user unit or logind session. It will also be returned by
253 sd_bus_creds_get_exe() and sd_bus_creds_get_cmdline() for kernel
254 threads (since these are not started from an executable binary, nor
255 have a command line), and by sd_bus_creds_get_audit_session_id()
256 and sd_bus_creds_get_audit_login_uid() when the process is not part
257 of an audit session, and sd_bus_creds_get_tty() if the process has
258 no controlling TTY.
259 -EINVAL
261 Specified pointer parameter is NULL.
262 -ENOMEM
264 Memory allocation failed.
265
267 These APIs are implemented as a shared library, which can be compiled
268 and linked to with the libsystemd pkg-config(1) file.
269
271 systemd(1), sd-bus(3), sd_bus_creds_new_from_pid(2), fork(2),
272 execve(2), credentials(7), free(3), proc(5), systemd.journal-fields(7)
273
275 1. cgroups.txt
276 https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt
277 2. The D-Bus specification
279 http://dbus.freedesktop.org/doc/dbus-specification.html#message-protocol-names-bus
280systemd 239 SD_BUS_CREDS_GET_PID(3)