sd_bus_query_sender_creds(3)

1SD_BUS_QUERY_SENDER_CREDS(3)sd_bus_query_sender_credSsD_BUS_QUERY_SENDER_CREDS(3)
2
3
4

NAME

6       sd_bus_query_sender_creds, sd_bus_query_sender_privilege - Query bus
7       message sender credentials/privileges
8

SYNOPSIS

10       #include <systemd/sd-bus.h>
11
12       int sd_bus_query_sender_creds(sd_bus_message *m, uint64_t mask,
13                                     sd_bus_creds **creds);
14
15       sd_bus_error* sd_bus_query_sender_privilege(sd_bus_message *m,
16                                                   int capability);
17

DESCRIPTION

19       sd_bus_query_sender_creds() returns the credentials of the message m.
20       The mask parameter is a combo of SD_BUS_CREDS_* flags that indicate
21       which credential info the caller is interested in. See
22       sd_bus_creds_new_from_pid(3) for a list of possible flags. First, this
23       message checks if the requested credentials are attached to the message
24       itself. If not, but the message contains the pid of the sender and the
25       caller specified the SD_BUS_CREDS_AUGMENT flag, this function tries to
26       figure out the missing credentials via other means (starting from the
27       pid). If the pid isn't available but the message has a sender, this
28       function calls sd_bus_get_name_creds(3) to get the requested
29       credentials. If the message has no sender (when a direct connection is
30       used), this function calls sd_bus_get_owner_creds(3) to get the
31       requested credentials. On success, the requested credentials are stored
32       in creds. Ownership of the credentials object in creds is transferred
33       to the caller and should be freed by calling sd_bus_creds_unref(3).
34
35       sd_bus_query_sender_privilege() checks if the message m has the
36       requested privileges. If capability is a non-negative integer, this
37       function checks if the message has the capability with the same value.
38       See capabilities(7) for a list of capabilities. If capability is a
39       negative integer, this function returns whether the sender of the
40       message runs as the same user as the receiver of the message, or if the
41       sender of the message runs as root and the receiver of the message does
42       not run as root. On success and if the message has the requested
43       privileges, this function returns a positive integer. If the message
44       does not have the requested privileges, this function returns zero.
45

RETURN VALUE

47       On success, these functions return a non-negative integer. On failure,
48       they return a negative errno-style error code.
49
50   Errors
51       Returned errors may indicate the following problems:
52
53       -EINVAL
54           The message m or an output parameter is NULL.
55
56       -ENOTCONN
57           The bus of m is not connected.
58
59       -ECHILD
60           The bus of m was created in a different process, library or module
61           instance.
62
63       -EPERM
64           The message m is not sealed.
65

NOTES

67       Functions described here are available as a shared library, which can
68       be compiled against and linked to with the libsystemd pkg-config(1)
69       file.
70
71       The code described here uses getenv(3), which is declared to be not
72       multi-thread-safe. This means that the code calling the functions
73       described here must not call setenv(3) from a parallel thread. It is
74       recommended to only do calls to setenv() from an early phase of the
75       program when no other threads have been started.
76

NAME

SYNOPSIS

DESCRIPTION

RETURN VALUE

NOTES

SEE ALSO