sd_bus_query_sender_creds, sd_bus_query_sender_privilege - Query bus message
sd_bus_query_sender_creds() returns the credentials of the message
m. The mask parameter is a combo of SD_BUS_CREDS_* flags
that indicate which credential info the caller is interested in. See
sd_bus_creds_new_from_pid(3) for a list of possible flags. First, this
message checks if the requested credentials are attached to the message
itself. If not, but the message contains the pid of the sender and the caller
specified the SD_BUS_CREDS_AUGMENT flag, this function tries to figure
out the missing credentials via other means (starting from the pid). If the
pid isn't available but the message has a sender, this function calls
sd_bus_get_name_creds(3) to get the requested credentials. If the
message has no sender (when a direct connection is used), this function calls
sd_bus_get_owner_creds(3) to get the requested credentials. On success,
the requested credentials are stored in creds. Ownership of the
credentials object in creds is transferred to the caller and should be
freed by calling sd_bus_creds_unref(3).
sd_bus_query_sender_privilege() checks if the message
m has the requested privileges. If capability is a
non-negative integer, this function checks if the message has the capability
with the same value. See capabilities(7) for a list of capabilities.
If capability is a negative integer, this function returns whether
the sender of the message runs as the same user as the receiver of the
message, or if the sender of the message runs as root and the receiver of
the message does not run as root. On success and if the message has the
requested privileges, this function returns a positive integer. If the
message does not have the requested privileges, this function returns
On success, these functions return a non-negative integer. On failure, they
return a negative errno-style error code.
Returned errors may indicate the following problems:
The message m or an output parameter is
The bus of m is not connected.
The bus of m was created in a different
The message m is not sealed.
These APIs are implemented as a shared library, which can be compiled and linked
to with the libsystemd pkg-config(1) file.