machined: open up machine registration for unpriv clients also via D-Bus

This is already opened up via Varlink. Let's also open it up via D-Bus
with the same polikit operation.

diff --git a/man/org.freedesktop.machine1.xml b/man/org.freedesktop.machine1.xml
index e2ec4a11475772f3695eedfc83811f8740eacfee..35b2d64cc85401f31e9a973bdd37b672c43b95a0 100644 (file)
--- a/man/org.freedesktop.machine1.xml
+++ b/man/org.freedesktop.machine1.xml
@@ -46,7 +46,6 @@ node /org/freedesktop/machine1 {
                       out o machine);
       ListMachines(out a(ssso) machines);
       ListImages(out a(ssbttto) images);
-      @org.freedesktop.systemd1.Privileged("true")
       CreateMachine(in  s name,
                     in  ay id,
                     in  s service,
@@ -55,7 +54,6 @@ node /org/freedesktop/machine1 {
                     in  s root_directory,
                     in  a(sv) scope_properties,
                     out o path);
-      @org.freedesktop.systemd1.Privileged("true")
       CreateMachineWithNetwork(in  s name,
                                in  ay id,
                                in  s service,
@@ -65,7 +63,6 @@ node /org/freedesktop/machine1 {
                                in  ai ifindices,
                                in  a(sv) scope_properties,
                                out o path);
-      @org.freedesktop.systemd1.Privileged("true")
       RegisterMachine(in  s name,
                       in  ay id,
                       in  s service,
@@ -73,7 +70,6 @@ node /org/freedesktop/machine1 {
                       in  u leader,
                       in  s root_directory,
                       out o path);
-      @org.freedesktop.systemd1.Privileged("true")
       RegisterMachineWithNetwork(in  s name,
                                  in  ay id,
                                  in  s service,

diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c
index d64959dab71b150c585f2a20ac6e193e5264fa0a..b13546df095078319538d1426b93993df0508227 100644 (file)
--- a/src/machine/machined-dbus.c
+++ b/src/machine/machined-dbus.c
@@ -300,6 +300,23 @@ static int method_create_or_register_machine(
         if (hashmap_get(manager->machines, name))
                 return sd_bus_error_setf(error, BUS_ERROR_MACHINE_EXISTS, "Machine '%s' already exists", name);
 
+        const char *details[] = {
+                "name",  name,
+                "class", machine_class_to_string(c),
+                NULL
+        };
+
+        r = bus_verify_polkit_async(
+                        message,
+                        "org.freedesktop.machine1.create-machine",
+                        details,
+                        &manager->polkit_registry,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 0; /* Will call us back */
+
         r = manager_add_machine(manager, name, &m);
         if (r < 0)
                 return r;
@@ -353,6 +370,8 @@ static int method_create_machine_internal(sd_bus_message *message, bool read_net
         r = method_create_or_register_machine(manager, message, read_network, &m, error);
         if (r < 0)
                 return r;
+        if (r == 0)
+                return 1; /* Will call us back */
 
         r = sd_bus_message_enter_container(message, 'a', "(sv)");
         if (r < 0)
@@ -389,6 +408,8 @@ static int method_register_machine_internal(sd_bus_message *message, bool read_n
         r = method_create_or_register_machine(manager, message, read_network, &m, error);
         if (r < 0)
                 return r;
+        if (r == 0)
+                return 1; /* Will call us back */
 
         r = cg_pidref_get_unit(&m->leader, &m->unit);
         if (r < 0) {
@@ -901,19 +922,23 @@ const sd_bus_vtable manager_vtable[] = {
         SD_BUS_METHOD_WITH_ARGS("CreateMachine",
                                 SD_BUS_ARGS("s", name, "ay", id, "s", service, "s", class, "u", leader, "s", root_directory, "a(sv)", scope_properties),
                                 SD_BUS_RESULT("o", path),
-                                method_create_machine, 0),
+                                method_create_machine,
+                                SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_METHOD_WITH_ARGS("CreateMachineWithNetwork",
                                 SD_BUS_ARGS("s", name, "ay", id, "s", service, "s", class, "u", leader, "s", root_directory, "ai", ifindices, "a(sv)", scope_properties),
                                 SD_BUS_RESULT("o", path),
-                                method_create_machine_with_network, 0),
+                                method_create_machine_with_network,
+                                SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_METHOD_WITH_ARGS("RegisterMachine",
                                 SD_BUS_ARGS("s", name, "ay", id, "s", service, "s", class, "u", leader, "s", root_directory),
                                 SD_BUS_RESULT("o", path),
-                                method_register_machine, 0),
+                                method_register_machine,
+                                SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_METHOD_WITH_ARGS("RegisterMachineWithNetwork",
                                 SD_BUS_ARGS("s", name, "ay", id, "s", service, "s", class, "u", leader, "s", root_directory, "ai", ifindices),
                                 SD_BUS_RESULT("o", path),
-                                method_register_machine_with_network, 0),
+                                method_register_machine_with_network,
+                                SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_METHOD_WITH_ARGS("UnregisterMachine",
                                 SD_BUS_ARGS("s", name),
                                 SD_BUS_NO_RESULT,

diff --git a/src/machine/org.freedesktop.machine1.conf b/src/machine/org.freedesktop.machine1.conf
index c0b329fcc3bbcaecb241956b57c3071153e62606..5077294692995fbd9b4f723512e962394ba8b271 100644 (file)
--- a/src/machine/org.freedesktop.machine1.conf
+++ b/src/machine/org.freedesktop.machine1.conf
@@ -36,6 +36,8 @@
                        send_interface="org.freedesktop.DBus.Properties"
                        send_member="GetAll"/>
 
+                <!-- org.freedesktop.machine1.Manager Method Calls -->
+
                 <allow send_destination="org.freedesktop.machine1"
                        send_interface="org.freedesktop.machine1.Manager"
                        send_member="ListMachines"/>
@@ -180,6 +182,24 @@
                        send_interface="org.freedesktop.machine1.Manager"
                        send_member="MapToMachineGroup"/>
 
+                <allow send_destination="org.freedesktop.machine1"
+                       send_interface="org.freedesktop.machine1.Manager"
+                       send_member="CreateMachine"/>
+
+                <allow send_destination="org.freedesktop.machine1"
+                       send_interface="org.freedesktop.machine1.Manager"
+                       send_member="CreateMachineWithNetwork"/>
+
+                <allow send_destination="org.freedesktop.machine1"
+                       send_interface="org.freedesktop.machine1.Manager"
+                       send_member="RegisterMachine"/>
+
+                <allow send_destination="org.freedesktop.machine1"
+                       send_interface="org.freedesktop.machine1.Manager"
+                       send_member="RegisterMachineWithNetwork"/>
+
+                <!-- org.freedesktop.machine1.Machine Method Calls -->
+
                 <allow send_destination="org.freedesktop.machine1"
                        send_interface="org.freedesktop.machine1.Machine"
                        send_member="GetAddresses"/>