machined: provide more details to polkit auth

[thirdparty/systemd.git] / src / machine / machined-dbus.c
diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c

index 08179eb4006cc277b01ad9155e09bd50d8f38490..ee9ad99255342655fb2546fdf35bc44ac2f844bb 100644 (file)
--- a/src/machine/machined-dbus.c
+++ b/src/machine/machined-dbus.c
@@ -24,6 +24,7 @@
  #include "machine-pool.h"
  #include "machined.h"
  #include "missing_capability.h"
+#include "os-util.h"
  #include "path-util.h"
  #include "process-util.h"
  #include "stdio-util.h"
@@ -44,7 +45,7 @@ static int property_get_pool_usage(
                  sd_bus_error *error) {
  
          _cleanup_close_ int fd = -1;
-        uint64_t usage = (uint64_t) -1;
+        uint64_t usage = UINT64_MAX;
  
          assert(bus);
          assert(reply);
@@ -70,7 +71,7 @@ static int property_get_pool_limit(
                  sd_bus_error *error) {
  
          _cleanup_close_ int fd = -1;
-        uint64_t size = (uint64_t) -1;
+        uint64_t size = UINT64_MAX;
  
          assert(bus);
          assert(reply);
@@ -240,7 +241,7 @@ static int method_create_or_register_machine(Manager *manager, sd_bus_message *m
          if (r < 0)
                  return r;
          if (!hostname_is_valid(name, 0))
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid machine name");
+                return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid machine name");
  
          r = sd_bus_message_read_array(message, 'y', &v, &n);
          if (r < 0)
@@ -250,7 +251,7 @@ static int method_create_or_register_machine(Manager *manager, sd_bus_message *m
          else if (n == 16)
                  memcpy(&id, v, n);
          else
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid machine ID parameter");
+                return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid machine ID parameter");
  
          r = sd_bus_message_read(message, "ssus", &service, &class, &leader, &root_directory);
          if (r < 0)
@@ -274,14 +275,14 @@ static int method_create_or_register_machine(Manager *manager, sd_bus_message *m
          else {
                  c = machine_class_from_string(class);
                  if (c < 0)
-                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid machine class parameter");
+                        return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid machine class parameter");
          }
  
          if (leader == 1)
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid leader PID");
+                return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid leader PID");
  
          if (!isempty(root_directory) && !path_is_absolute(root_directory))
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Root directory must be empty or an absolute path");
+                return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Root directory must be empty or an absolute path");
  
          if (leader == 0) {
                  _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
@@ -700,7 +701,7 @@ static int method_clean_pool(sd_bus_message *message, void *userdata, sd_bus_err
          assert(message);
  
          if (m->n_operations >= OPERATIONS_MAX)
-                return sd_bus_error_setf(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Too many ongoing operations.");
+                return sd_bus_error_set(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Too many ongoing operations.");
  
          r = sd_bus_message_read(message, "s", &mm);
          if (r < 0)
@@ -713,11 +714,17 @@ static int method_clean_pool(sd_bus_message *message, void *userdata, sd_bus_err
          else
                  return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unknown mode '%s'.", mm);
  
+        const char *details[] = {
+                "verb", "clean_pool",
+                "mode", mm,
+                NULL
+        };
+
          r = bus_verify_polkit_async(
                          message,
                          CAP_SYS_ADMIN,
                          "org.freedesktop.machine1.manage-machines",
-                        NULL,
+                        details,
                          false,
                          UID_INVALID,
                          &m->polkit_registry,
@@ -841,13 +848,18 @@ static int method_set_pool_limit(sd_bus_message *message, void *userdata, sd_bus
          if (r < 0)
                  return r;
          if (!FILE_SIZE_VALID_OR_INFINITY(limit))
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "New limit out of range");
+                return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "New limit out of range");
+
+        const char *details[] = {
+                "verb", "set_pool_limit",
+                NULL
+        };
  
          r = bus_verify_polkit_async(
                          message,
                          CAP_SYS_ADMIN,
                          "org.freedesktop.machine1.manage-machines",
-                        NULL,
+                        details,
                          false,
                          UID_INVALID,
                          &m->polkit_registry,
@@ -866,7 +878,7 @@ static int method_set_pool_limit(sd_bus_message *message, void *userdata, sd_bus
  
          r = btrfs_subvol_set_subtree_quota_limit("/var/lib/machines", 0, limit);
          if (r == -ENOTTY)
-                return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Quota is only supported on btrfs.");
+                return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "Quota is only supported on btrfs.");
          if (r < 0)
                  return sd_bus_error_set_errnof(error, r, "Failed to adjust quota limit: %m");
  
@@ -897,7 +909,7 @@ static int method_map_from_machine_user(sd_bus_message *message, void *userdata,
                  return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
  
          if (machine->class != MACHINE_CONTAINER)
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Not supported for non-container machines.");
+                return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Not supported for non-container machines.");
  
          r = machine_translate_uid(machine, uid, &converted);
          if (r == -ESRCH)
@@ -956,7 +968,7 @@ static int method_map_from_machine_group(sd_bus_message *message, void *userdata
                  return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
  
          if (machine->class != MACHINE_CONTAINER)
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Not supported for non-container machines.");
+                return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Not supported for non-container machines.");
  
          r = machine_translate_gid(machine, gid, &converted);
          if (r == -ESRCH)