This is essentially a way to determine if the current identity is that of another libvirt daemon.
Reviewed-by: Michal Privoznik <mpriv...@redhat.com> Signed-off-by: Daniel P. Berrangé <berra...@redhat.com> --- src/libvirt_private.syms | 1 + src/util/viridentity.c | 28 ++++++++++++++++++++++++++++ src/util/viridentity.h | 1 + 3 files changed, 30 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 2ea950c5cd..1df4b8cfe8 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -2411,6 +2411,7 @@ virIdentityGetUNIXGroupID; virIdentityGetUNIXUserID; virIdentityGetUserName; virIdentityGetX509DName; +virIdentityIsCurrentElevated; virIdentityNew; virIdentityNewCopy; virIdentityRestoreHelper; diff --git a/src/util/viridentity.c b/src/util/viridentity.c index 2e3fcc5add..e7e5c31241 100644 --- a/src/util/viridentity.c +++ b/src/util/viridentity.c @@ -366,6 +366,34 @@ virIdentity *virIdentityGetSystem(void) } +/** + * virIdentityIsCurrentElevated: + * + * Determine if the current identity has elevated privileges. + * This indicates that it was invoked on behalf of the + * user by a libvirt daemon. + * + * Returns: true if elevated + */ +int virIdentityIsCurrentElevated(void) +{ + g_autoptr(virIdentity) current = virIdentityGetCurrent(); + const char *currentToken = NULL; + int rv; + + if (!current) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("No current identity")); + return -1; + } + + rv = virIdentityGetSystemToken(current, ¤tToken); + if (rv <= 0) + return rv; + + return STREQ_NULLABLE(currentToken, systemToken); +} + /** * virIdentityNew: * diff --git a/src/util/viridentity.h b/src/util/viridentity.h index 848e5b2056..6da6d0c557 100644 --- a/src/util/viridentity.h +++ b/src/util/viridentity.h @@ -35,6 +35,7 @@ virIdentity *virIdentityElevateCurrent(void); void virIdentityRestoreHelper(virIdentity **identptr); +int virIdentityIsCurrentElevated(void); virIdentity *virIdentityGetSystem(void); virIdentity *virIdentityNew(void); -- 2.31.1