From nobody Mon Feb  9 03:45:41 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1620150252; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Wb5Y+gtLE4MDz2VCC8xI3uCQMW5E4u5+vDkd+yexJA5d4Sz2v0pWLiAStVbF4p75HeVTwUVKsbe78jbdR0mXvn3M+xyDVZiUWI7BFg0cMyGlv+sIGU5rBAD2nA5PXy07Fh/xGcK+BDm2c893XHY8UpAbjucidR0sYQVm8I1bHoE=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1620150252;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=Km5pUIoNjmSI7acWlU81yo+CavQQ7XaDZQnvOoI/PI0=;
	b=L4ryI6JTMBdba9XqCEWdDWZZaGn/EZwIBgtOeZYjtrHMUD5vIBhH5AZ7KO3CyMFxMZLgKR3aSny7aVPXQt0ePidE1xUHKr9dis2dCYWWh5FbatfV5r7LLCSnyKbtf+I79pPoXUnaRUZcbT6emvOwjivpbaoER8G5ZKQzx9ZhVKY=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
 header.from=<berrange@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1620150252976983.410452080434;
 Tue, 4 May 2021 10:44:12 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-374-Kk6b7j5oOVGEf6kbwPNJJg-1; Tue, 04 May 2021 13:44:09 -0400
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 01C588049CB;
	Tue,  4 May 2021 17:44:05 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id BE8FE19C44;
	Tue,  4 May 2021 17:44:04 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 827765534E;
	Tue,  4 May 2021 17:44:04 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
	[10.5.11.11])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 144Hi2SU003927 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 4 May 2021 13:44:02 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 6701E50B44; Tue,  4 May 2021 17:44:02 +0000 (UTC)
Received: from localhost.localdomain.com (ovpn-113-37.ams2.redhat.com
	[10.36.113.37])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 98C311964B;
	Tue,  4 May 2021 17:44:01 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1620150252;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=Km5pUIoNjmSI7acWlU81yo+CavQQ7XaDZQnvOoI/PI0=;
	b=dpeCLWkTEZQZtFDoU7uagFhXP8aJeMfz2rMI5OrDPmnoM3cTbKt0HUcY11MfkED54CvNzk
	v8rPIhu2463sadRzfyqmVPXx7jqHlHVgh48B0Aa5LwqYEL0O7L9USLneDAhbUSapUwJtUw
	qVwLAcId+Wq5fFREB87BUy/5NdG+QOU=
X-MC-Unique: Kk6b7j5oOVGEf6kbwPNJJg-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH 6/9] util: add method for getting the current identity
	with system token
Date: Tue,  4 May 2021 18:43:47 +0100
Message-Id: <20210504174350.488942-7-berrange@redhat.com>
In-Reply-To: <20210504174350.488942-1-berrange@redhat.com>
References: <20210504174350.488942-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)

The current identity object represents the identity of the application
which initiated the currently executing public API operation. Normally
this is the libvirt client application identity.

There are times when the libvirt daemon has to make extra public API
calls on behalf of the client application. We want these API calls to
still use the client appication's identity for ACL checking. At the
same time we need to be able to show that the API call is coming from
the daemon.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 src/util/viridentity.c | 36 ++++++++++++++++++++++++++++++++++++
 src/util/viridentity.h |  1 +
 2 files changed, 37 insertions(+)

diff --git a/src/util/viridentity.c b/src/util/viridentity.c
index 3b523d7a2d..9fa6ab0dd0 100644
--- a/src/util/viridentity.c
+++ b/src/util/viridentity.c
@@ -123,6 +123,42 @@ virIdentity *virIdentityGetCurrent(void)
 }
=20
=20
+/**
+ * virIdentityGetCurrentElevated:
+ *
+ * Get a copy of the current identity associated with this thread,
+ * with elevated privileges to allow it to identity a system
+ * initiated operation. The caller will own a reference to the
+ * returned identity, but must not modify the object in any way,
+ * other than to release the reference when done with g_object_unref
+ *
+ * Returns: a reference to the current identity, or NULL
+ */
+virIdentity *virIdentityGetCurrentElevated(void)
+{
+    g_autoptr(virIdentity) ident =3D virIdentityGetCurrent();
+    const char *token;
+    int rc;
+
+    if (!ident) {
+        return NULL;
+    }
+
+    if ((rc =3D virIdentityGetSystemToken(ident, &token)) < 0)
+        return NULL;
+
+    if (rc =3D=3D 0) {
+        g_autoptr(virIdentity) identel =3D virIdentityNewCopy(ident);
+
+        if (virIdentitySetSystemToken(identel, systemToken) < 0)
+            return NULL;
+
+        return g_steal_pointer(&identel);
+    }
+
+    return g_steal_pointer(&ident);
+}
+
 /**
  * virIdentitySetCurrent:
  *
diff --git a/src/util/viridentity.h b/src/util/viridentity.h
index 512bca286d..420cd82854 100644
--- a/src/util/viridentity.h
+++ b/src/util/viridentity.h
@@ -28,6 +28,7 @@
 G_DECLARE_FINAL_TYPE(virIdentity, vir_identity, VIR, IDENTITY, GObject);
=20
 virIdentity *virIdentityGetCurrent(void);
+virIdentity *virIdentityGetCurrentElevated(void);
 int virIdentitySetCurrent(virIdentity *ident);
=20
 virIdentity *virIdentityGetSystem(void);
--=20
2.31.1