X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=man%2Fsd_id128_get_machine.xml;h=e7326422b5c9e6c4718dcbff428300d4f7e485c2;hp=cd6c39032c497b8995bd705dda38cf4b0b07f243;hb=e0e3ee7aeb2d4043149a728e431a9dda949ceed5;hpb=90d6a4ed9d3ef81bad45801bfebe7446ee9d08ef;ds=sidebyside diff --git a/man/sd_id128_get_machine.xml b/man/sd_id128_get_machine.xml index cd6c39032..e7326422b 100644 --- a/man/sd_id128_get_machine.xml +++ b/man/sd_id128_get_machine.xml @@ -44,6 +44,7 @@ sd_id128_get_machine + sd_id128_get_machine_app_specific sd_id128_get_boot sd_id128_get_invocation Retrieve 128-bit IDs @@ -58,6 +59,12 @@ sd_id128_t *ret + + int sd_id128_get_machine_app_specific + sd_id128_t app_id + sd_id128_t *ret + + int sd_id128_get_boot sd_id128_t *ret @@ -74,11 +81,22 @@ Description - sd_id128_get_machine() returns the - machine ID of the executing host. This reads and parses the - machine-id5 - file. This function caches the machine ID internally to make - retrieving the machine ID a cheap operation. + sd_id128_get_machine() returns the machine ID of the executing host. This reads and + parses the machine-id5 + file. This function caches the machine ID internally to make retrieving the machine ID a cheap operation. This ID + may be used wherever a unique identifier for the local system is needed. However, it is recommended to use this ID + as-is only in trusted environments. In untrusted environments it is recommended to derive an application specific + ID from this machine ID, in an irreversable (cryptographically secure) way. To make this easy + sd_id128_get_machine_app_specific() is provided, see below. + + sd_id128_get_machine_app_specific() is similar to + sd_id128_get_machine(), but retrieves a machine ID that is specific to the application that is + identified by the indicated application ID. It is recommended to use this function instead of + sd_id128_get_machine() when passing an ID to untrusted environments, in order to make sure + that the original machine ID may not be determined externally. The application-specific ID should be generated via + a tool like journalctl --new-id128, and may be compiled into the application. This function will + return the same application-specific ID for each combination of machine ID and application ID. Internally, this + function calculates HMAC-SHA256 of the application ID, keyed by the machine ID. sd_id128_get_boot() returns the boot ID of the executing kernel. This reads and parses the @@ -95,10 +113,10 @@ systemd.exec5 for details. The ID is cached internally. In future a different mechanism to determine the invocation ID may be added. - Note that sd_id128_get_boot() and sd_id128_get_invocation() always - return UUID v4 compatible IDs. sd_id128_get_machine() will also return a UUID v4-compatible - ID on new installations but might not on older. It is possible to convert the machine ID into a UUID v4-compatible - one. For more information, see + Note that sd_id128_get_machine_app_specific(), sd_id128_get_boot() + and sd_id128_get_invocation() always return UUID v4 compatible IDs. + sd_id128_get_machine() will also return a UUID v4-compatible ID on new installations but might + not on older. It is possible to convert the machine ID into a UUID v4-compatible one. For more information, see machine-id5. For more information about the sd_id128_t @@ -117,12 +135,35 @@ Notes - The sd_id128_get_machine(), sd_id128_get_boot() and - sd_id128_get_invocation() interfaces are available as a shared library, which can be compiled - and linked to with the libsystemd The sd_id128_get_machine(), sd_id128_get_machine_app_specific() + sd_id128_get_boot() and sd_id128_get_invocation() interfaces are + available as a shared library, which can be compiled and linked to with the + libsystemd pkg-config1 file. + + Examples + + + Application-specific machine ID + + Here's a simple example for an application specific machine ID: + + #include <systemd/sd-id128.h> +#include <stdio.h> + +#define OUR_APPLICATION_ID SD_ID128_MAKE(c2,73,27,73,23,db,45,4e,a6,3b,b9,6e,79,b5,3e,97) + +int main(int argc, char *argv[]) { + sd_id128_t id; + sd_id128_get_machine_app_specific(OUR_APPLICATION_ID, &id); + printf("Our application ID: " SD_ID128_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(id)); + return 0; +} + + + See Also