X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fmachine%2Fimage-dbus.c;h=9061017eefce7a8396d92aebe6f71a0827ad93be;hb=2eec67acbb00593e414549a7e5b35eb7dd776b1b;hp=f5c7d4d880eae8916c2592f55dfea557b53ab488;hpb=c19de71113f956809995fc68817e055e9f61f607;p=elogind.git diff --git a/src/machine/image-dbus.c b/src/machine/image-dbus.c index f5c7d4d88..9061017ee 100644 --- a/src/machine/image-dbus.c +++ b/src/machine/image-dbus.c @@ -20,7 +20,6 @@ ***/ #include "bus-label.h" -#include "bus-common-errors.h" #include "strv.h" #include "bus-util.h" #include "machine-image.h" @@ -35,12 +34,26 @@ int bus_image_method_remove( sd_bus_error *error) { Image *image = userdata; + Manager *m = image->userdata; int r; assert(bus); assert(message); assert(image); + r = bus_verify_polkit_async( + message, + CAP_SYS_ADMIN, + "org.freedesktop.machine1.manage-images", + false, + UID_INVALID, + &m->polkit_registry, + error); + if (r < 0) + return r; + if (r == 0) + return 1; /* Will call us back */ + r = image_remove(image); if (r < 0) return r; @@ -55,6 +68,7 @@ int bus_image_method_rename( sd_bus_error *error) { Image *image = userdata; + Manager *m = image->userdata; const char *new_name; int r; @@ -69,6 +83,19 @@ int bus_image_method_rename( if (!image_name_is_valid(new_name)) return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", new_name); + r = bus_verify_polkit_async( + message, + CAP_SYS_ADMIN, + "org.freedesktop.machine1.manage-images", + false, + UID_INVALID, + &m->polkit_registry, + error); + if (r < 0) + return r; + if (r == 0) + return 1; /* Will call us back */ + r = image_rename(image, new_name); if (r < 0) return r; @@ -83,6 +110,7 @@ int bus_image_method_clone( sd_bus_error *error) { Image *image = userdata; + Manager *m = image->userdata; const char *new_name; int r, read_only; @@ -97,6 +125,19 @@ int bus_image_method_clone( if (!image_name_is_valid(new_name)) return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", new_name); + r = bus_verify_polkit_async( + message, + CAP_SYS_ADMIN, + "org.freedesktop.machine1.manage-images", + false, + UID_INVALID, + &m->polkit_registry, + error); + if (r < 0) + return r; + if (r == 0) + return 1; /* Will call us back */ + r = image_clone(image, new_name, read_only); if (r < 0) return r; @@ -111,6 +152,7 @@ int bus_image_method_mark_read_only( sd_bus_error *error) { Image *image = userdata; + Manager *m = image->userdata; int r, read_only; assert(bus); @@ -120,6 +162,19 @@ int bus_image_method_mark_read_only( if (r < 0) return r; + r = bus_verify_polkit_async( + message, + CAP_SYS_ADMIN, + "org.freedesktop.machine1.manage-images", + false, + UID_INVALID, + &m->polkit_registry, + error); + if (r < 0) + return r; + if (r == 0) + return 1; /* Will call us back */ + r = image_read_only(image, read_only); if (r < 0) return r; @@ -139,10 +194,10 @@ const sd_bus_vtable image_vtable[] = { SD_BUS_PROPERTY("Limit", "t", NULL, offsetof(Image, limit), 0), SD_BUS_PROPERTY("UsageExclusive", "t", NULL, offsetof(Image, usage_exclusive), 0), SD_BUS_PROPERTY("LimitExclusive", "t", NULL, offsetof(Image, limit_exclusive), 0), - SD_BUS_METHOD("Remove", NULL, NULL, bus_image_method_remove, 0), - SD_BUS_METHOD("Rename", "s", NULL, bus_image_method_rename, 0), - SD_BUS_METHOD("Clone", "sb", NULL, bus_image_method_clone, 0), - SD_BUS_METHOD("MarkReadOnly", "b", NULL, bus_image_method_mark_read_only, 0), + SD_BUS_METHOD("Remove", NULL, NULL, bus_image_method_remove, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("Rename", "s", NULL, bus_image_method_rename, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("Clone", "sb", NULL, bus_image_method_clone, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("MarkReadOnly", "b", NULL, bus_image_method_mark_read_only, SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_VTABLE_END }; @@ -207,6 +262,8 @@ int image_object_find(sd_bus *bus, const char *path, const char *interface, void if (r <= 0) return r; + image->userdata = m; + r = hashmap_put(m->image_cache, image->name, image); if (r < 0) { image_unref(image);