[thirdparty/systemd.git] / src / machine / image-dbus.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <sys/file.h>
#include <sys/mount.h>

#include "alloc-util.h"
#include "bus-get-properties.h"
#include "bus-label.h"
#include "bus-polkit.h"
#include "copy.h"
#include "discover-image.h"
#include "dissect-image.h"
#include "fd-util.h"
#include "fileio.h"
#include "fs-util.h"
#include "image-dbus.h"
#include "io-util.h"
#include "loop-util.h"
#include "missing_capability.h"
#include "mount-util.h"
#include "os-util.h"
#include "process-util.h"
#include "raw-clone.h"
#include "strv.h"
#include "user-util.h"

static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_type, image_type, ImageType);

int bus_image_method_remove(
                sd_bus_message *message,
                void *userdata,
                sd_bus_error *error) {

        _cleanup_close_pair_ int errno_pipe_fd[2] = { -1, -1 };
        Image *image = userdata;
        Manager *m = image->userdata;
        pid_t child;
        int r;

        assert(message);
        assert(image);

        if (m->n_operations >= OPERATIONS_MAX)
                return sd_bus_error_set(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Too many ongoing operations.");

        const char *details[] = {
                "image", image->name,
                "verb", "remove",
                NULL
        };

        r = bus_verify_polkit_async(
                        message,
                        CAP_SYS_ADMIN,
                        "org.freedesktop.machine1.manage-images",
                        details,
                        false,
                        UID_INVALID,
                        &m->polkit_registry,
                        error);
        if (r < 0)
                return r;
        if (r == 0)
                return 1; /* Will call us back */

        if (pipe2(errno_pipe_fd, O_CLOEXEC|O_NONBLOCK) < 0)
                return sd_bus_error_set_errnof(error, errno, "Failed to create pipe: %m");

        r = safe_fork("(sd-imgrm)", FORK_RESET_SIGNALS, &child);
        if (r < 0)
                return sd_bus_error_set_errnof(error, r, "Failed to fork(): %m");
        if (r == 0) {
                errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]);

                r = image_remove(image);
                if (r < 0) {
                        (void) write(errno_pipe_fd[1], &r, sizeof(r));
                        _exit(EXIT_FAILURE);
                }

                _exit(EXIT_SUCCESS);
        }

        errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);

        r = operation_new(m, NULL, child, message, errno_pipe_fd[0], NULL);
        if (r < 0) {
                (void) sigkill_wait(child);
                return r;
        }

        errno_pipe_fd[0] = -1;

        return 1;
}

int bus_image_method_rename(
                sd_bus_message *message,
                void *userdata,
                sd_bus_error *error) {

        Image *image = userdata;
        Manager *m = image->userdata;
        const char *new_name;
        int r;

        assert(message);
        assert(image);

        r = sd_bus_message_read(message, "s", &new_name);
        if (r < 0)
                return r;

        if (!image_name_is_valid(new_name))
                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", new_name);

        const char *details[] = {
                "image", image->name,
                "verb", "rename",
                "new_name", new_name,
                NULL
        };

        r = bus_verify_polkit_async(
                        message,
                        CAP_SYS_ADMIN,
                        "org.freedesktop.machine1.manage-images",
                        details,
                        false,
                        UID_INVALID,
                        &m->polkit_registry,
                        error);
        if (r < 0)
                return r;
        if (r == 0)
                return 1; /* Will call us back */

        r = image_rename(image, new_name);
        if (r < 0)
                return r;

        return sd_bus_reply_method_return(message, NULL);
}

int bus_image_method_clone(
                sd_bus_message *message,
                void *userdata,
                sd_bus_error *error) {

        _cleanup_close_pair_ int errno_pipe_fd[2] = { -1, -1 };
        Image *image = userdata;
        Manager *m = image->userdata;
        const char *new_name;
        int r, read_only;
        pid_t child;

        assert(message);
        assert(image);
        assert(m);

        if (m->n_operations >= OPERATIONS_MAX)
                return sd_bus_error_set(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Too many ongoing operations.");

        r = sd_bus_message_read(message, "sb", &new_name, &read_only);
        if (r < 0)
                return r;

        if (!image_name_is_valid(new_name))
                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", new_name);

        const char *details[] = {
                "image", image->name,
                "verb", "clone",
                "new_name", new_name,
                NULL
        };

        r = bus_verify_polkit_async(
                        message,
                        CAP_SYS_ADMIN,
                        "org.freedesktop.machine1.manage-images",
                        details,
                        false,
                        UID_INVALID,
                        &m->polkit_registry,
                        error);
        if (r < 0)
                return r;
        if (r == 0)
                return 1; /* Will call us back */

        if (pipe2(errno_pipe_fd, O_CLOEXEC|O_NONBLOCK) < 0)
                return sd_bus_error_set_errnof(error, errno, "Failed to create pipe: %m");

        r = safe_fork("(sd-imgclone)", FORK_RESET_SIGNALS, &child);
        if (r < 0)
                return sd_bus_error_set_errnof(error, r, "Failed to fork(): %m");
        if (r == 0) {
                errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]);

                r = image_clone(image, new_name, read_only);
                if (r < 0) {
                        (void) write(errno_pipe_fd[1], &r, sizeof(r));
                        _exit(EXIT_FAILURE);
                }

                _exit(EXIT_SUCCESS);
        }

        errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);

        r = operation_new(m, NULL, child, message, errno_pipe_fd[0], NULL);
        if (r < 0) {
                (void) sigkill_wait(child);
                return r;
        }

        errno_pipe_fd[0] = -1;

        return 1;
}

int bus_image_method_mark_read_only(
                sd_bus_message *message,
                void *userdata,
                sd_bus_error *error) {

        Image *image = userdata;
        Manager *m = image->userdata;
        int read_only, r;

        assert(message);

        r = sd_bus_message_read(message, "b", &read_only);
        if (r < 0)
                return r;

        const char *details[] = {
                "image", image->name,
                "verb", "mark_read_only",
                "read_only", one_zero(read_only),
                NULL
        };

        r = bus_verify_polkit_async(
                        message,
                        CAP_SYS_ADMIN,
                        "org.freedesktop.machine1.manage-images",
                        details,
                        false,
                        UID_INVALID,
                        &m->polkit_registry,
                        error);
        if (r < 0)
                return r;
        if (r == 0)
                return 1; /* Will call us back */

        r = image_read_only(image, read_only);
        if (r < 0)
                return r;

        return sd_bus_reply_method_return(message, NULL);
}

int bus_image_method_set_limit(
                sd_bus_message *message,
                void *userdata,
                sd_bus_error *error) {

        Image *image = userdata;
        Manager *m = image->userdata;
        uint64_t limit;
        int r;

        assert(message);

        r = sd_bus_message_read(message, "t", &limit);
        if (r < 0)
                return r;
        if (!FILE_SIZE_VALID_OR_INFINITY(limit))
                return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "New limit out of range");

        const char *details[] = {
                "machine", image->name,
                "verb", "set_limit",
                NULL
        };

        r = bus_verify_polkit_async(
                        message,
                        CAP_SYS_ADMIN,
                        "org.freedesktop.machine1.manage-images",
                        details,
                        false,
                        UID_INVALID,
                        &m->polkit_registry,
                        error);
        if (r < 0)
                return r;
        if (r == 0)
                return 1; /* Will call us back */

        r = image_set_limit(image, limit);
        if (r < 0)
                return r;

        return sd_bus_reply_method_return(message, NULL);
}

int bus_image_method_get_hostname(
                sd_bus_message *message,
                void *userdata,
                sd_bus_error *error) {

        Image *image = userdata;
        int r;

        if (!image->metadata_valid) {
                r = image_read_metadata(image);
                if (r < 0)
                        return sd_bus_error_set_errnof(error, r, "Failed to read image metadata: %m");
        }

        return sd_bus_reply_method_return(message, "s", image->hostname);
}

int bus_image_method_get_machine_id(
                sd_bus_message *message,
                void *userdata,
                sd_bus_error *error) {

        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
        Image *image = userdata;
        int r;

        if (!image->metadata_valid) {
                r = image_read_metadata(image);
                if (r < 0)
                        return sd_bus_error_set_errnof(error, r, "Failed to read image metadata: %m");
        }

        r = sd_bus_message_new_method_return(message, &reply);
        if (r < 0)
                return r;

        if (sd_id128_is_null(image->machine_id)) /* Add an empty array if the ID is zero */
                r = sd_bus_message_append(reply, "ay", 0);
        else
                r = sd_bus_message_append_array(reply, 'y', image->machine_id.bytes, 16);
        if (r < 0)
                return r;

        return sd_bus_send(NULL, reply, NULL);
}

int bus_image_method_get_machine_info(
                sd_bus_message *message,
                void *userdata,
                sd_bus_error *error) {

        Image *image = userdata;
        int r;

        if (!image->metadata_valid) {
                r = image_read_metadata(image);
                if (r < 0)
                        return sd_bus_error_set_errnof(error, r, "Failed to read image metadata: %m");
        }

        return bus_reply_pair_array(message, image->machine_info);
}

int bus_image_method_get_os_release(
                sd_bus_message *message,
                void *userdata,
                sd_bus_error *error) {

        Image *image = userdata;
        int r;

        if (!image->metadata_valid) {
                r = image_read_metadata(image);
                if (r < 0)
                        return sd_bus_error_set_errnof(error, r, "Failed to read image metadata: %m");
        }

        return bus_reply_pair_array(message, image->os_release);
}

static int image_flush_cache(sd_event_source *s, void *userdata) {
        Manager *m = userdata;

        assert(s);
        assert(m);

        hashmap_clear(m->image_cache);
        return 0;
}

static int image_object_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
        _cleanup_free_ char *e = NULL;
        Manager *m = userdata;
        Image *image = NULL;
        const char *p;
        int r;

        assert(bus);
        assert(path);
        assert(interface);
        assert(found);

        p = startswith(path, "/org/freedesktop/machine1/image/");
        if (!p)
                return 0;

        e = bus_label_unescape(p);
        if (!e)
                return -ENOMEM;

        image = hashmap_get(m->image_cache, e);
        if (image) {
                *found = image;
                return 1;
        }

        if (!m->image_cache_defer_event) {
                r = sd_event_add_defer(m->event, &m->image_cache_defer_event, image_flush_cache, m);
                if (r < 0)
                        return r;

                r = sd_event_source_set_priority(m->image_cache_defer_event, SD_EVENT_PRIORITY_IDLE);
                if (r < 0)
                        return r;
        }

        r = sd_event_source_set_enabled(m->image_cache_defer_event, SD_EVENT_ONESHOT);
        if (r < 0)
                return r;

        r = image_find(IMAGE_MACHINE, e, NULL, &image);
        if (r == -ENOENT)
                return 0;
        if (r < 0)
                return r;

        image->userdata = m;

        r = hashmap_ensure_put(&m->image_cache, &image_hash_ops, image->name, image);
        if (r < 0) {
                image_unref(image);
                return r;
        }

        *found = image;
        return 1;
}

char *image_bus_path(const char *name) {
        _cleanup_free_ char *e = NULL;

        assert(name);

        e = bus_label_escape(name);
        if (!e)
                return NULL;

        return strjoin("/org/freedesktop/machine1/image/", e);
}

static int image_node_enumerator(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error) {
        _cleanup_hashmap_free_ Hashmap *images = NULL;
        _cleanup_strv_free_ char **l = NULL;
        Image *image;
        int r;

        assert(bus);
        assert(path);
        assert(nodes);

        images = hashmap_new(&image_hash_ops);
        if (!images)
                return -ENOMEM;

        r = image_discover(IMAGE_MACHINE, NULL, images);
        if (r < 0)
                return r;

        HASHMAP_FOREACH(image, images) {
                char *p;

                p = image_bus_path(image->name);
                if (!p)
                        return -ENOMEM;

                r = strv_consume(&l, p);
                if (r < 0)
                        return r;
        }

        *nodes = TAKE_PTR(l);

        return 1;
}

const sd_bus_vtable image_vtable[] = {
        SD_BUS_VTABLE_START(0),
        SD_BUS_PROPERTY("Name", "s", NULL, offsetof(Image, name), 0),
        SD_BUS_PROPERTY("Path", "s", NULL, offsetof(Image, path), 0),
        SD_BUS_PROPERTY("Type", "s", property_get_type,  offsetof(Image, type), 0),
        SD_BUS_PROPERTY("ReadOnly", "b", bus_property_get_bool, offsetof(Image, read_only), 0),
        SD_BUS_PROPERTY("CreationTimestamp", "t", NULL, offsetof(Image, crtime), 0),
        SD_BUS_PROPERTY("ModificationTimestamp", "t", NULL, offsetof(Image, mtime), 0),
        SD_BUS_PROPERTY("Usage", "t", NULL, offsetof(Image, usage), 0),
        SD_BUS_PROPERTY("Limit", "t", NULL, offsetof(Image, limit), 0),
        SD_BUS_PROPERTY("UsageExclusive", "t", NULL, offsetof(Image, usage_exclusive), 0),
        SD_BUS_PROPERTY("LimitExclusive", "t", NULL, offsetof(Image, limit_exclusive), 0),
        SD_BUS_METHOD("Remove", NULL, NULL, bus_image_method_remove, SD_BUS_VTABLE_UNPRIVILEGED),
        SD_BUS_METHOD("Rename", "s", NULL, bus_image_method_rename, SD_BUS_VTABLE_UNPRIVILEGED),
        SD_BUS_METHOD("Clone", "sb", NULL, bus_image_method_clone, SD_BUS_VTABLE_UNPRIVILEGED),
        SD_BUS_METHOD("MarkReadOnly", "b", NULL, bus_image_method_mark_read_only, SD_BUS_VTABLE_UNPRIVILEGED),
        SD_BUS_METHOD("SetLimit", "t", NULL, bus_image_method_set_limit, SD_BUS_VTABLE_UNPRIVILEGED),
        SD_BUS_METHOD("GetHostname", NULL, "s", bus_image_method_get_hostname, SD_BUS_VTABLE_UNPRIVILEGED),
        SD_BUS_METHOD("GetMachineID", NULL, "ay", bus_image_method_get_machine_id, SD_BUS_VTABLE_UNPRIVILEGED),
        SD_BUS_METHOD("GetMachineInfo", NULL, "a{ss}", bus_image_method_get_machine_info, SD_BUS_VTABLE_UNPRIVILEGED),
        SD_BUS_METHOD("GetOSRelease", NULL, "a{ss}", bus_image_method_get_os_release, SD_BUS_VTABLE_UNPRIVILEGED),
        SD_BUS_VTABLE_END
};

const BusObjectImplementation image_object = {
        "/org/freedesktop/machine1/image",
        "org.freedesktop.machine1.Image",
        .fallback_vtables = BUS_FALLBACK_VTABLES({image_vtable, image_object_find}),
        .node_enumerator = image_node_enumerator,
};
Commit	Line	Data
db9ecf05	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
ebeccf9e	2
fe993888	3	#include <sys/file.h>
9153b02b LP	4	#include <sys/mount.h>
9153b02b LP	5
b5efdb8a	6	#include "alloc-util.h"
40af3d02	7	#include "bus-get-properties.h"
ebeccf9e	8	#include "bus-label.h"
269e4d2d	9	#include "bus-polkit.h"
9153b02b	10	#include "copy.h"
57f1b61b	11	#include "discover-image.h"
9153b02b	12	#include "dissect-image.h"
56599585	13	#include "fd-util.h"
9153b02b LP	14	#include "fileio.h"
9153b02b LP	15	#include "fs-util.h"
003dffde	16	#include "image-dbus.h"
a90fb858	17	#include "io-util.h"
9153b02b	18	#include "loop-util.h"
204f52e3	19	#include "missing_capability.h"
9153b02b	20	#include "mount-util.h"
6ef06723	21	#include "os-util.h"
56599585	22	#include "process-util.h"
9153b02b	23	#include "raw-clone.h"
ee104e11 LP	24	#include "strv.h"
ee104e11 LP	25	#include "user-util.h"
ebeccf9e	26
1ddb263d	27	static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_type, image_type, ImageType);
ebeccf9e	28
1ddb263d	29	int bus_image_method_remove(
08682124 LP	30	sd_bus_message *message,
	31	void *userdata,
	32	sd_bus_error *error) {
	33
5d2036b5	34	_cleanup_close_pair_ int errno_pipe_fd[2] = { -1, -1 };
1ddb263d	35	Image *image = userdata;
70244d1d	36	Manager *m = image->userdata;
5d2036b5	37	pid_t child;
08682124 LP	38	int r;
08682124 LP	39
08682124	40	assert(message);
1ddb263d	41	assert(image);
08682124	42
5d2036b5	43	if (m->n_operations >= OPERATIONS_MAX)
1b09b81c	44	return sd_bus_error_set(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Too many ongoing operations.");
5d2036b5	45
8dd3f6a3 LN	46	const char *details[] = {
	47	"image", image->name,
	48	"verb", "remove",
	49	NULL
	50	};
	51
70244d1d LP	52	r = bus_verify_polkit_async(
	53	message,
	54	CAP_SYS_ADMIN,
	55	"org.freedesktop.machine1.manage-images",
8dd3f6a3	56	details,
70244d1d	57	false,
c529695e	58	UID_INVALID,
70244d1d LP	59	&m->polkit_registry,
	60	error);
	61	if (r < 0)
	62	return r;
	63	if (r == 0)
	64	return 1; /* Will call us back */
	65
5d2036b5 LP	66	if (pipe2(errno_pipe_fd, O_CLOEXEC\|O_NONBLOCK) < 0)
	67	return sd_bus_error_set_errnof(error, errno, "Failed to create pipe: %m");
	68
4c253ed1 LP	69	r = safe_fork("(sd-imgrm)", FORK_RESET_SIGNALS, &child);
	70	if (r < 0)
	71	return sd_bus_error_set_errnof(error, r, "Failed to fork(): %m");
	72	if (r == 0) {
5d2036b5 LP	73	errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]);
	74
	75	r = image_remove(image);
	76	if (r < 0) {
	77	(void) write(errno_pipe_fd[1], &r, sizeof(r));
	78	_exit(EXIT_FAILURE);
	79	}
	80
	81	_exit(EXIT_SUCCESS);
	82	}
	83
	84	errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
	85
03c2b288	86	r = operation_new(m, NULL, child, message, errno_pipe_fd[0], NULL);
5d2036b5 LP	87	if (r < 0) {
5d2036b5 LP	88	(void) sigkill_wait(child);
08682124	89	return r;
5d2036b5 LP	90	}
	91
	92	errno_pipe_fd[0] = -1;
08682124	93
5d2036b5	94	return 1;
08682124 LP	95	}
08682124 LP	96
1ddb263d	97	int bus_image_method_rename(
ebd93cb6 LP	98	sd_bus_message *message,
	99	void *userdata,
	100	sd_bus_error *error) {
	101
1ddb263d	102	Image *image = userdata;
70244d1d	103	Manager *m = image->userdata;
ebd93cb6 LP	104	const char *new_name;
	105	int r;
	106
ebd93cb6	107	assert(message);
1ddb263d	108	assert(image);
ebd93cb6 LP	109
	110	r = sd_bus_message_read(message, "s", &new_name);
	111	if (r < 0)
	112	return r;
	113
	114	if (!image_name_is_valid(new_name))
	115	return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", new_name);
	116
8dd3f6a3 LN	117	const char *details[] = {
	118	"image", image->name,
	119	"verb", "rename",
	120	"new_name", new_name,
	121	NULL
	122	};
	123
70244d1d LP	124	r = bus_verify_polkit_async(
	125	message,
	126	CAP_SYS_ADMIN,
	127	"org.freedesktop.machine1.manage-images",
8dd3f6a3	128	details,
70244d1d	129	false,
c529695e	130	UID_INVALID,
70244d1d LP	131	&m->polkit_registry,
	132	error);
	133	if (r < 0)
	134	return r;
	135	if (r == 0)
	136	return 1; /* Will call us back */
	137
ebd93cb6 LP	138	r = image_rename(image, new_name);
	139	if (r < 0)
	140	return r;
	141
	142	return sd_bus_reply_method_return(message, NULL);
	143	}
	144
1ddb263d	145	int bus_image_method_clone(
ebd93cb6 LP	146	sd_bus_message *message,
	147	void *userdata,
	148	sd_bus_error *error) {
	149
56599585	150	_cleanup_close_pair_ int errno_pipe_fd[2] = { -1, -1 };
1ddb263d	151	Image *image = userdata;
70244d1d	152	Manager *m = image->userdata;
ebd93cb6 LP	153	const char *new_name;
ebd93cb6 LP	154	int r, read_only;
56599585	155	pid_t child;
ebd93cb6	156
ebd93cb6	157	assert(message);
1ddb263d	158	assert(image);
56599585 LP	159	assert(m);
	160
	161	if (m->n_operations >= OPERATIONS_MAX)
1b09b81c	162	return sd_bus_error_set(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Too many ongoing operations.");
ebd93cb6 LP	163
	164	r = sd_bus_message_read(message, "sb", &new_name, &read_only);
	165	if (r < 0)
	166	return r;
	167
	168	if (!image_name_is_valid(new_name))
	169	return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", new_name);
	170
8dd3f6a3 LN	171	const char *details[] = {
	172	"image", image->name,
	173	"verb", "clone",
	174	"new_name", new_name,
	175	NULL
	176	};
	177
70244d1d LP	178	r = bus_verify_polkit_async(
	179	message,
	180	CAP_SYS_ADMIN,
	181	"org.freedesktop.machine1.manage-images",
8dd3f6a3	182	details,
70244d1d	183	false,
c529695e	184	UID_INVALID,
70244d1d LP	185	&m->polkit_registry,
	186	error);
	187	if (r < 0)
	188	return r;
	189	if (r == 0)
	190	return 1; /* Will call us back */
	191
56599585 LP	192	if (pipe2(errno_pipe_fd, O_CLOEXEC\|O_NONBLOCK) < 0)
	193	return sd_bus_error_set_errnof(error, errno, "Failed to create pipe: %m");
	194
f2747bf5	195	r = safe_fork("(sd-imgclone)", FORK_RESET_SIGNALS, &child);
4c253ed1 LP	196	if (r < 0)
	197	return sd_bus_error_set_errnof(error, r, "Failed to fork(): %m");
	198	if (r == 0) {
56599585 LP	199	errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]);
	200
	201	r = image_clone(image, new_name, read_only);
	202	if (r < 0) {
	203	(void) write(errno_pipe_fd[1], &r, sizeof(r));
	204	_exit(EXIT_FAILURE);
	205	}
	206
	207	_exit(EXIT_SUCCESS);
	208	}
	209
	210	errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
	211
03c2b288	212	r = operation_new(m, NULL, child, message, errno_pipe_fd[0], NULL);
56599585	213	if (r < 0) {
89c9030d	214	(void) sigkill_wait(child);
ebd93cb6	215	return r;
56599585	216	}
ebd93cb6	217
56599585 LP	218	errno_pipe_fd[0] = -1;
	219
	220	return 1;
ebd93cb6 LP	221	}
ebd93cb6 LP	222
1ddb263d	223	int bus_image_method_mark_read_only(
ebd93cb6 LP	224	sd_bus_message *message,
	225	void *userdata,
	226	sd_bus_error *error) {
	227
1ddb263d	228	Image *image = userdata;
70244d1d	229	Manager *m = image->userdata;
2e1ae325	230	int read_only, r;
ebd93cb6	231
ebd93cb6 LP	232	assert(message);
ebd93cb6 LP	233
ebd93cb6 LP	234	r = sd_bus_message_read(message, "b", &read_only);
	235	if (r < 0)
	236	return r;
	237
8dd3f6a3 LN	238	const char *details[] = {
	239	"image", image->name,
	240	"verb", "mark_read_only",
2c7bcdd5	241	"read_only", one_zero(read_only),
8dd3f6a3 LN	242	NULL
	243	};
	244
70244d1d LP	245	r = bus_verify_polkit_async(
	246	message,
	247	CAP_SYS_ADMIN,
	248	"org.freedesktop.machine1.manage-images",
8dd3f6a3	249	details,
70244d1d	250	false,
c529695e	251	UID_INVALID,
70244d1d LP	252	&m->polkit_registry,
	253	error);
	254	if (r < 0)
	255	return r;
	256	if (r == 0)
	257	return 1; /* Will call us back */
	258
ebd93cb6 LP	259	r = image_read_only(image, read_only);
	260	if (r < 0)
	261	return r;
	262
	263	return sd_bus_reply_method_return(message, NULL);
	264	}
	265
d6ce17c7	266	int bus_image_method_set_limit(
d6ce17c7 LP	267	sd_bus_message *message,
	268	void *userdata,
	269	sd_bus_error *error) {
	270
	271	Image *image = userdata;
	272	Manager *m = image->userdata;
	273	uint64_t limit;
	274	int r;
	275
d6ce17c7 LP	276	assert(message);
	277
	278	r = sd_bus_message_read(message, "t", &limit);
	279	if (r < 0)
	280	return r;
a90fb858	281	if (!FILE_SIZE_VALID_OR_INFINITY(limit))
1b09b81c	282	return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "New limit out of range");
d6ce17c7	283
8dd3f6a3 LN	284	const char *details[] = {
	285	"machine", image->name,
	286	"verb", "set_limit",
	287	NULL
	288	};
	289
d6ce17c7 LP	290	r = bus_verify_polkit_async(
	291	message,
	292	CAP_SYS_ADMIN,
	293	"org.freedesktop.machine1.manage-images",
8dd3f6a3	294	details,
d6ce17c7 LP	295	false,
	296	UID_INVALID,
	297	&m->polkit_registry,
	298	error);
	299	if (r < 0)
	300	return r;
	301	if (r == 0)
	302	return 1; /* Will call us back */
	303
	304	r = image_set_limit(image, limit);
	305	if (r < 0)
	306	return r;
	307
	308	return sd_bus_reply_method_return(message, NULL);
	309	}
	310
cf30a8c1 LP	311	int bus_image_method_get_hostname(
	312	sd_bus_message *message,
	313	void *userdata,
	314	sd_bus_error *error) {
9153b02b	315
cf30a8c1	316	Image *image = userdata;
9153b02b LP	317	int r;
9153b02b LP	318
cf30a8c1 LP	319	if (!image->metadata_valid) {
	320	r = image_read_metadata(image);
	321	if (r < 0)
	322	return sd_bus_error_set_errnof(error, r, "Failed to read image metadata: %m");
	323	}
9153b02b	324
cf30a8c1	325	return sd_bus_reply_method_return(message, "s", image->hostname);
9153b02b LP	326	}
9153b02b LP	327
cf30a8c1 LP	328	int bus_image_method_get_machine_id(
	329	sd_bus_message *message,
	330	void *userdata,
	331	sd_bus_error *error) {
9153b02b	332
cf30a8c1 LP	333	_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
	334	Image *image = userdata;
	335	int r;
9153b02b	336
cf30a8c1 LP	337	if (!image->metadata_valid) {
cf30a8c1 LP	338	r = image_read_metadata(image);
9153b02b	339	if (r < 0)
cf30a8c1	340	return sd_bus_error_set_errnof(error, r, "Failed to read image metadata: %m");
9153b02b LP	341	}
9153b02b LP	342
cf30a8c1	343	r = sd_bus_message_new_method_return(message, &reply);
9153b02b LP	344	if (r < 0)
	345	return r;
	346
cf30a8c1 LP	347	if (sd_id128_is_null(image->machine_id)) /* Add an empty array if the ID is zero */
	348	r = sd_bus_message_append(reply, "ay", 0);
	349	else
	350	r = sd_bus_message_append_array(reply, 'y', image->machine_id.bytes, 16);
9153b02b	351	if (r < 0)
cf30a8c1	352	return r;
9153b02b	353
cf30a8c1	354	return sd_bus_send(NULL, reply, NULL);
9153b02b LP	355	}
9153b02b LP	356
cf30a8c1	357	int bus_image_method_get_machine_info(
9153b02b LP	358	sd_bus_message *message,
	359	void *userdata,
	360	sd_bus_error *error) {
	361
9153b02b LP	362	Image *image = userdata;
	363	int r;
	364
cf30a8c1 LP	365	if (!image->metadata_valid) {
	366	r = image_read_metadata(image);
	367	if (r < 0)
	368	return sd_bus_error_set_errnof(error, r, "Failed to read image metadata: %m");
	369	}
9153b02b	370
cf30a8c1 LP	371	return bus_reply_pair_array(message, image->machine_info);
cf30a8c1 LP	372	}
9153b02b	373
cf30a8c1 LP	374	int bus_image_method_get_os_release(
	375	sd_bus_message *message,
	376	void *userdata,
	377	sd_bus_error *error) {
9153b02b	378
cf30a8c1 LP	379	Image *image = userdata;
cf30a8c1 LP	380	int r;
9153b02b	381
cf30a8c1 LP	382	if (!image->metadata_valid) {
	383	r = image_read_metadata(image);
	384	if (r < 0)
	385	return sd_bus_error_set_errnof(error, r, "Failed to read image metadata: %m");
9153b02b	386	}
9153b02b	387
cf30a8c1	388	return bus_reply_pair_array(message, image->os_release);
9153b02b LP	389	}
9153b02b LP	390
1ddb263d LP	391	static int image_flush_cache(sd_event_source s, void userdata) {
1ddb263d LP	392	Manager *m = userdata;
1ddb263d LP	393
	394	assert(s);
	395	assert(m);
	396
b07ec5a1	397	hashmap_clear(m->image_cache);
1ddb263d LP	398	return 0;
	399	}
	400
4faa530c	401	static int image_object_find(sd_bus bus, const char path, const char interface, void userdata, void *found, sd_bus_error error) {
1ddb263d LP	402	_cleanup_free_ char *e = NULL;
	403	Manager *m = userdata;
	404	Image *image = NULL;
	405	const char *p;
ebeccf9e LP	406	int r;
	407
	408	assert(bus);
	409	assert(path);
	410	assert(interface);
	411	assert(found);
	412
1ddb263d LP	413	p = startswith(path, "/org/freedesktop/machine1/image/");
	414	if (!p)
	415	return 0;
	416
	417	e = bus_label_unescape(p);
	418	if (!e)
	419	return -ENOMEM;
	420
	421	image = hashmap_get(m->image_cache, e);
	422	if (image) {
	423	*found = image;
	424	return 1;
	425	}
	426
1ddb263d LP	427	if (!m->image_cache_defer_event) {
	428	r = sd_event_add_defer(m->event, &m->image_cache_defer_event, image_flush_cache, m);
	429	if (r < 0)
	430	return r;
	431
	432	r = sd_event_source_set_priority(m->image_cache_defer_event, SD_EVENT_PRIORITY_IDLE);
	433	if (r < 0)
	434	return r;
	435	}
	436
	437	r = sd_event_source_set_enabled(m->image_cache_defer_event, SD_EVENT_ONESHOT);
	438	if (r < 0)
	439	return r;
	440
d577d4a4	441	r = image_find(IMAGE_MACHINE, e, NULL, &image);
3a6ce860 LP	442	if (r == -ENOENT)
	443	return 0;
	444	if (r < 0)
ebeccf9e LP	445	return r;
ebeccf9e LP	446
70244d1d LP	447	image->userdata = m;
70244d1d LP	448
32ae5db6	449	r = hashmap_ensure_put(&m->image_cache, &image_hash_ops, image->name, image);
1ddb263d LP	450	if (r < 0) {
	451	image_unref(image);
	452	return r;
	453	}
	454
	455	*found = image;
ebeccf9e LP	456	return 1;
	457	}
	458
	459	char image_bus_path(const char name) {
	460	_cleanup_free_ char *e = NULL;
	461
	462	assert(name);
	463
	464	e = bus_label_escape(name);
	465	if (!e)
	466	return NULL;
	467
b910cc72	468	return strjoin("/org/freedesktop/machine1/image/", e);
ebeccf9e LP	469	}
ebeccf9e LP	470
4faa530c	471	static int image_node_enumerator(sd_bus bus, const char path, void userdata, char *nodes, sd_bus_error error) {
b07ec5a1	472	_cleanup_hashmap_free_ Hashmap *images = NULL;
ebeccf9e LP	473	_cleanup_strv_free_ char **l = NULL;
ebeccf9e LP	474	Image *image;
ebeccf9e LP	475	int r;
	476
	477	assert(bus);
	478	assert(path);
	479	assert(nodes);
	480
b07ec5a1	481	images = hashmap_new(&image_hash_ops);
ebeccf9e LP	482	if (!images)
	483	return -ENOMEM;
	484
d577d4a4	485	r = image_discover(IMAGE_MACHINE, NULL, images);
ebeccf9e LP	486	if (r < 0)
	487	return r;
	488
90e74a66	489	HASHMAP_FOREACH(image, images) {
ebeccf9e LP	490	char *p;
	491
	492	p = image_bus_path(image->name);
	493	if (!p)
	494	return -ENOMEM;
	495
	496	r = strv_consume(&l, p);
	497	if (r < 0)
	498	return r;
	499	}
	500
1cc6c93a	501	*nodes = TAKE_PTR(l);
ebeccf9e LP	502
	503	return 1;
	504	}
4faa530c ZJS	505
	506	const sd_bus_vtable image_vtable[] = {
	507	SD_BUS_VTABLE_START(0),
	508	SD_BUS_PROPERTY("Name", "s", NULL, offsetof(Image, name), 0),
	509	SD_BUS_PROPERTY("Path", "s", NULL, offsetof(Image, path), 0),
	510	SD_BUS_PROPERTY("Type", "s", property_get_type, offsetof(Image, type), 0),
	511	SD_BUS_PROPERTY("ReadOnly", "b", bus_property_get_bool, offsetof(Image, read_only), 0),
	512	SD_BUS_PROPERTY("CreationTimestamp", "t", NULL, offsetof(Image, crtime), 0),
	513	SD_BUS_PROPERTY("ModificationTimestamp", "t", NULL, offsetof(Image, mtime), 0),
	514	SD_BUS_PROPERTY("Usage", "t", NULL, offsetof(Image, usage), 0),
	515	SD_BUS_PROPERTY("Limit", "t", NULL, offsetof(Image, limit), 0),
	516	SD_BUS_PROPERTY("UsageExclusive", "t", NULL, offsetof(Image, usage_exclusive), 0),
	517	SD_BUS_PROPERTY("LimitExclusive", "t", NULL, offsetof(Image, limit_exclusive), 0),
	518	SD_BUS_METHOD("Remove", NULL, NULL, bus_image_method_remove, SD_BUS_VTABLE_UNPRIVILEGED),
	519	SD_BUS_METHOD("Rename", "s", NULL, bus_image_method_rename, SD_BUS_VTABLE_UNPRIVILEGED),
	520	SD_BUS_METHOD("Clone", "sb", NULL, bus_image_method_clone, SD_BUS_VTABLE_UNPRIVILEGED),
	521	SD_BUS_METHOD("MarkReadOnly", "b", NULL, bus_image_method_mark_read_only, SD_BUS_VTABLE_UNPRIVILEGED),
	522	SD_BUS_METHOD("SetLimit", "t", NULL, bus_image_method_set_limit, SD_BUS_VTABLE_UNPRIVILEGED),
	523	SD_BUS_METHOD("GetHostname", NULL, "s", bus_image_method_get_hostname, SD_BUS_VTABLE_UNPRIVILEGED),
	524	SD_BUS_METHOD("GetMachineID", NULL, "ay", bus_image_method_get_machine_id, SD_BUS_VTABLE_UNPRIVILEGED),
	525	SD_BUS_METHOD("GetMachineInfo", NULL, "a{ss}", bus_image_method_get_machine_info, SD_BUS_VTABLE_UNPRIVILEGED),
	526	SD_BUS_METHOD("GetOSRelease", NULL, "a{ss}", bus_image_method_get_os_release, SD_BUS_VTABLE_UNPRIVILEGED),
	527	SD_BUS_VTABLE_END
	528	};
	529
	530	const BusObjectImplementation image_object = {
	531	"/org/freedesktop/machine1/image",
	532	"org.freedesktop.machine1.Image",
	533	.fallback_vtables = BUS_FALLBACK_VTABLES({image_vtable, image_object_find}),
	534	.node_enumerator = image_node_enumerator,
	535	};