X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fmachine%2Fimage-dbus.c;h=ef1914e2b93403ebe48c2532a14274347f961183;hb=19e887e709c31ee4366ec44a770d3963cd48cb86;hp=659f7de8257b3d88f09a68772244ba0bf3ad5f25;hpb=94b5088c8d961078d73a2f8659c0ea21f9ebc500;p=elogind.git

diff --git a/src/machine/image-dbus.c b/src/machine/image-dbus.c
index 659f7de82..ef1914e2b 100644
--- a/src/machine/image-dbus.c
+++ b/src/machine/image-dbus.c
@@ -35,12 +35,26 @@ int bus_image_method_remove(
                 sd_bus_error *error) {
 
         Image *image = userdata;
+        Manager *m = image->userdata;
         int r;
 
         assert(bus);
         assert(message);
         assert(image);
 
+        r = bus_verify_polkit_async(
+                        message,
+                        CAP_SYS_ADMIN,
+                        "org.freedesktop.machine1.manage-images",
+                        false,
+                        UID_INVALID,
+                        &m->polkit_registry,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* Will call us back */
+
         r = image_remove(image);
         if (r < 0)
                 return r;
@@ -55,6 +69,7 @@ int bus_image_method_rename(
                 sd_bus_error *error) {
 
         Image *image = userdata;
+        Manager *m = image->userdata;
         const char *new_name;
         int r;
 
@@ -69,6 +84,19 @@ int bus_image_method_rename(
         if (!image_name_is_valid(new_name))
                 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", new_name);
 
+        r = bus_verify_polkit_async(
+                        message,
+                        CAP_SYS_ADMIN,
+                        "org.freedesktop.machine1.manage-images",
+                        false,
+                        UID_INVALID,
+                        &m->polkit_registry,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* Will call us back */
+
         r = image_rename(image, new_name);
         if (r < 0)
                 return r;
@@ -83,6 +111,7 @@ int bus_image_method_clone(
                 sd_bus_error *error) {
 
         Image *image = userdata;
+        Manager *m = image->userdata;
         const char *new_name;
         int r, read_only;
 
@@ -97,6 +126,19 @@ int bus_image_method_clone(
         if (!image_name_is_valid(new_name))
                 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", new_name);
 
+        r = bus_verify_polkit_async(
+                        message,
+                        CAP_SYS_ADMIN,
+                        "org.freedesktop.machine1.manage-images",
+                        false,
+                        UID_INVALID,
+                        &m->polkit_registry,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* Will call us back */
+
         r = image_clone(image, new_name, read_only);
         if (r < 0)
                 return r;
@@ -111,6 +153,7 @@ int bus_image_method_mark_read_only(
                 sd_bus_error *error) {
 
         Image *image = userdata;
+        Manager *m = image->userdata;
         int r, read_only;
 
         assert(bus);
@@ -120,6 +163,19 @@ int bus_image_method_mark_read_only(
         if (r < 0)
                 return r;
 
+        r = bus_verify_polkit_async(
+                        message,
+                        CAP_SYS_ADMIN,
+                        "org.freedesktop.machine1.manage-images",
+                        false,
+                        UID_INVALID,
+                        &m->polkit_registry,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* Will call us back */
+
         r = image_read_only(image, read_only);
         if (r < 0)
                 return r;
@@ -135,14 +191,14 @@ const sd_bus_vtable image_vtable[] = {
         SD_BUS_PROPERTY("ReadOnly", "b", bus_property_get_bool, offsetof(Image, read_only), 0),
         SD_BUS_PROPERTY("CreationTimestamp", "t", NULL, offsetof(Image, crtime), 0),
         SD_BUS_PROPERTY("ModificationTimestamp", "t", NULL, offsetof(Image, mtime), 0),
-        SD_BUS_PROPERTY("Size", "t", NULL, offsetof(Image, size), 0),
+        SD_BUS_PROPERTY("Usage", "t", NULL, offsetof(Image, usage), 0),
         SD_BUS_PROPERTY("Limit", "t", NULL, offsetof(Image, limit), 0),
-        SD_BUS_PROPERTY("SizeExclusive", "t", NULL, offsetof(Image, size_exclusive), 0),
+        SD_BUS_PROPERTY("UsageExclusive", "t", NULL, offsetof(Image, usage_exclusive), 0),
         SD_BUS_PROPERTY("LimitExclusive", "t", NULL, offsetof(Image, limit_exclusive), 0),
-        SD_BUS_METHOD("Remove", NULL, NULL, bus_image_method_remove, 0),
-        SD_BUS_METHOD("Rename", "s", NULL, bus_image_method_rename, 0),
-        SD_BUS_METHOD("Clone", "sb", NULL, bus_image_method_clone, 0),
-        SD_BUS_METHOD("MarkReadOnly", "b", NULL, bus_image_method_mark_read_only, 0),
+        SD_BUS_METHOD("Remove", NULL, NULL, bus_image_method_remove, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("Rename", "s", NULL, bus_image_method_rename, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("Clone", "sb", NULL, bus_image_method_clone, SD_BUS_VTABLE_UNPRIVILEGED),
+        SD_BUS_METHOD("MarkReadOnly", "b", NULL, bus_image_method_mark_read_only, SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_VTABLE_END
 };
 
@@ -207,6 +263,8 @@ int image_object_find(sd_bus *bus, const char *path, const char *interface, void
         if (r <= 0)
                 return r;
 
+        image->userdata = m;
+
         r = hashmap_put(m->image_cache, image->name, image);
         if (r < 0) {
                 image_unref(image);