This is essentially a way to determine if the current identity is that of another libvirt daemon. Reviewed-by: Michal Privoznik <mprivozn@xxxxxxxxxx> Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> --- src/libvirt_private.syms | 1 + src/util/viridentity.c | 28 ++++++++++++++++++++++++++++ src/util/viridentity.h | 1 + 3 files changed, 30 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 7db04d3d3b..aecb803369 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -2410,6 +2410,7 @@ virIdentityGetUNIXGroupID; virIdentityGetUNIXUserID; virIdentityGetUserName; virIdentityGetX509DName; +virIdentityIsCurrentElevated; virIdentityNew; virIdentityNewCopy; virIdentityRestoreHelper; diff --git a/src/util/viridentity.c b/src/util/viridentity.c index a9f54232b9..d98a7d77d1 100644 --- a/src/util/viridentity.c +++ b/src/util/viridentity.c @@ -363,6 +363,34 @@ virIdentity *virIdentityGetSystem(void) } +/** + * virIdentityIsCurrentElevated: + * + * Determine if the current identity has elevated privileges. + * This indicates that it was invoked on behalf of the + * user by a libvirt daemon. + * + * Returns: true if elevated + */ +int virIdentityIsCurrentElevated(void) +{ + g_autoptr(virIdentity) current = virIdentityGetCurrent(); + const char *currentToken = NULL; + int rv; + + if (!current) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("No current identity")); + return -1; + } + + rv = virIdentityGetSystemToken(current, ¤tToken); + if (rv <= 0) + return rv; + + return STREQ_NULLABLE(currentToken, systemToken); +} + /** * virIdentityNew: * diff --git a/src/util/viridentity.h b/src/util/viridentity.h index 848e5b2056..6da6d0c557 100644 --- a/src/util/viridentity.h +++ b/src/util/viridentity.h @@ -35,6 +35,7 @@ virIdentity *virIdentityElevateCurrent(void); void virIdentityRestoreHelper(virIdentity **identptr); +int virIdentityIsCurrentElevated(void); virIdentity *virIdentityGetSystem(void); virIdentity *virIdentityNew(void); -- 2.31.1