[libvirt PATCH 7/9] src: add API to determine if current identity is a system identity
This is essentially a way to determine if the current identity
is that of another libvirt daemon.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/libvirt_private.syms | 1 +
src/util/viridentity.c | 28 ++++++++++++++++++++++++++++
src/util/viridentity.h | 1 +
3 files changed, 30 insertions(+)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 90ca52c95c..698ba50d6b 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2409,6 +2409,7 @@ virIdentityGetUNIXGroupID;
virIdentityGetUNIXUserID;
virIdentityGetUserName;
virIdentityGetX509DName;
+virIdentityIsCurrentElevated;
virIdentityNew;
virIdentityNewCopy;
virIdentitySetCurrent;
diff --git a/src/util/viridentity.c b/src/util/viridentity.c
index 9fa6ab0dd0..424de513d9 100644
--- a/src/util/viridentity.c
+++ b/src/util/viridentity.c
@@ -354,6 +354,34 @@ virIdentity *virIdentityGetSystem(void)
}
+/**
+ * virIdentityIsCurrentElevated:
+ *
+ * Determine if the current identity has elevated privileges.
+ * This indicates that it was invoked on behalf of the
+ * user by a libvirt daemon.
+ *
+ * Returns: true if elevated
+ */
+int virIdentityIsCurrentElevated(void)
+{
+ g_autoptr(virIdentity) current = virIdentityGetCurrent();
+ const char *currentToken = NULL;
+ int rv;
+
+ if (!current) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("No current identity"));
+ return -1;
+ }
+
+ rv = virIdentityGetSystemToken(current, ¤tToken);
+ if (rv <= 0)
+ return rv;
+
+ return STREQ_NULLABLE(currentToken, systemToken);
+}
+
/**
* virIdentityNew:
*
diff --git a/src/util/viridentity.h b/src/util/viridentity.h
index 420cd82854..37a0c1ad4c 100644
--- a/src/util/viridentity.h
+++ b/src/util/viridentity.h
@@ -31,6 +31,7 @@ virIdentity *virIdentityGetCurrent(void);
virIdentity *virIdentityGetCurrentElevated(void);
int virIdentitySetCurrent(virIdentity *ident);
+int virIdentityIsCurrentElevated(void);
virIdentity *virIdentityGetSystem(void);
virIdentity *virIdentityNew(void);
--
2.31.1