]> git.ipfire.org Git - thirdparty/libvirt.git/commitdiff
projects / thirdparty / libvirt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 10689c1)
src: add API to determine if current identity is a system identity
authorDaniel P. Berrangé <berrange@redhat.com>
Thu, 29 Apr 2021 14:52:20 +0000 (15:52 +0100)
committerDaniel P. Berrangé <berrange@redhat.com>
Thu, 13 May 2021 10:07:40 +0000 (11:07 +0100)
This is essentially a way to determine if the current identity
is that of another libvirt daemon.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
src/libvirt_private.syms patch | blob | blame | history
src/util/viridentity.c patch | blob | blame | history
src/util/viridentity.h patch | blob | blame | history

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 2ea950c5cda85606242d7f527b2b542ef2e20e83..1df4b8cfe86d58fe05c6864069c57fe4b1f1e8ab 100644 (file)
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2411,6 +2411,7 @@ virIdentityGetUNIXGroupID;
 virIdentityGetUNIXUserID;
 virIdentityGetUserName;
 virIdentityGetX509DName;
+virIdentityIsCurrentElevated;
 virIdentityNew;
 virIdentityNewCopy;
 virIdentityRestoreHelper;
diff --git a/src/util/viridentity.c b/src/util/viridentity.c
index 2e3fcc5add47a7510002ba7eca82e7d2461a1f50..e7e5c31241a78123c06ef0132bac11621b147ff2 100644 (file)
--- a/src/util/viridentity.c
+++ b/src/util/viridentity.c
@@ -366,6 +366,34 @@ virIdentity *virIdentityGetSystem(void)
 }
 
 
+/**
+ * virIdentityIsCurrentElevated:
+ *
+ * Determine if the current identity has elevated privileges.
+ * This indicates that it was invoked on behalf of the
+ * user by a libvirt daemon.
+ *
+ * Returns: true if elevated
+ */
+int virIdentityIsCurrentElevated(void)
+{
+    g_autoptr(virIdentity) current = virIdentityGetCurrent();
+    const char *currentToken = NULL;
+    int rv;
+
+    if (!current) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("No current identity"));
+        return -1;
+    }
+
+    rv = virIdentityGetSystemToken(current, &currentToken);
+    if (rv <= 0)
+        return rv;
+
+    return STREQ_NULLABLE(currentToken, systemToken);
+}
+
 /**
  * virIdentityNew:
  *
diff --git a/src/util/viridentity.h b/src/util/viridentity.h
index 848e5b2056250a5bb29b8ceca41736b50992aec7..6da6d0c55792e843d3a736958c7957b86c9cf0e7 100644 (file)
--- a/src/util/viridentity.h
+++ b/src/util/viridentity.h
@@ -35,6 +35,7 @@ virIdentity *virIdentityElevateCurrent(void);
 
 void virIdentityRestoreHelper(virIdentity **identptr);
 
+int virIdentityIsCurrentElevated(void);
 virIdentity *virIdentityGetSystem(void);
 
 virIdentity *virIdentityNew(void);
Mirror of https://github.com/libvirt/libvirt.git