[thirdparty/systemd.git] / src / machine / image-dbus.c

/* SPDX-License-Identifier: LGPL-2.1+ */

#include <sys/file.h>
#include <sys/mount.h>

#include "alloc-util.h"
#include "bus-label.h"
#include "bus-polkit.h"
#include "bus-util.h"
#include "copy.h"
#include "dissect-image.h"
#include "fd-util.h"
#include "fileio.h"
#include "fs-util.h"
#include "image-dbus.h"
#include "io-util.h"
#include "loop-util.h"
#include "machine-image.h"
#include "missing_capability.h"
#include "mount-util.h"
#include "process-util.h"
#include "raw-clone.h"
#include "strv.h"
#include "user-util.h"

static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_type, image_type, ImageType);

int bus_image_method_remove(
                sd_bus_message *message,
                void *userdata,
                sd_bus_error *error) {

        _cleanup_close_pair_ int errno_pipe_fd[2] = { -1, -1 };
        Image *image = userdata;
        Manager *m = image->userdata;
        pid_t child;
        int r;

        assert(message);
        assert(image);

        if (m->n_operations >= OPERATIONS_MAX)
                return sd_bus_error_setf(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Too many ongoing operations.");

        r = bus_verify_polkit_async(
                        message,
                        CAP_SYS_ADMIN,
                        "org.freedesktop.machine1.manage-images",
                        NULL,
                        false,
                        UID_INVALID,
                        &m->polkit_registry,
                        error);
        if (r < 0)
                return r;
        if (r == 0)
                return 1; /* Will call us back */

        if (pipe2(errno_pipe_fd, O_CLOEXEC|O_NONBLOCK) < 0)
                return sd_bus_error_set_errnof(error, errno, "Failed to create pipe: %m");

        r = safe_fork("(sd-imgrm)", FORK_RESET_SIGNALS, &child);
        if (r < 0)
                return sd_bus_error_set_errnof(error, r, "Failed to fork(): %m");
        if (r == 0) {
                errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]);

                r = image_remove(image);
                if (r < 0) {
                        (void) write(errno_pipe_fd[1], &r, sizeof(r));
                        _exit(EXIT_FAILURE);
                }

                _exit(EXIT_SUCCESS);
        }

        errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);

        r = operation_new(m, NULL, child, message, errno_pipe_fd[0], NULL);
        if (r < 0) {
                (void) sigkill_wait(child);
                return r;
        }

        errno_pipe_fd[0] = -1;

        return 1;
}

int bus_image_method_rename(
                sd_bus_message *message,
                void *userdata,
                sd_bus_error *error) {

        Image *image = userdata;
        Manager *m = image->userdata;
        const char *new_name;
        int r;

        assert(message);
        assert(image);

        r = sd_bus_message_read(message, "s", &new_name);
        if (r < 0)
                return r;

        if (!image_name_is_valid(new_name))
                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", new_name);

        r = bus_verify_polkit_async(
                        message,
                        CAP_SYS_ADMIN,
                        "org.freedesktop.machine1.manage-images",
                        NULL,
                        false,
                        UID_INVALID,
                        &m->polkit_registry,
                        error);
        if (r < 0)
                return r;
        if (r == 0)
                return 1; /* Will call us back */

        r = image_rename(image, new_name);
        if (r < 0)
                return r;

        return sd_bus_reply_method_return(message, NULL);
}

int bus_image_method_clone(
                sd_bus_message *message,
                void *userdata,
                sd_bus_error *error) {

        _cleanup_close_pair_ int errno_pipe_fd[2] = { -1, -1 };
        Image *image = userdata;
        Manager *m = image->userdata;
        const char *new_name;
        int r, read_only;
        pid_t child;

        assert(message);
        assert(image);
        assert(m);

        if (m->n_operations >= OPERATIONS_MAX)
                return sd_bus_error_setf(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Too many ongoing operations.");

        r = sd_bus_message_read(message, "sb", &new_name, &read_only);
        if (r < 0)
                return r;

        if (!image_name_is_valid(new_name))
                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", new_name);

        r = bus_verify_polkit_async(
                        message,
                        CAP_SYS_ADMIN,
                        "org.freedesktop.machine1.manage-images",
                        NULL,
                        false,
                        UID_INVALID,
                        &m->polkit_registry,
                        error);
        if (r < 0)
                return r;
        if (r == 0)
                return 1; /* Will call us back */

        if (pipe2(errno_pipe_fd, O_CLOEXEC|O_NONBLOCK) < 0)
                return sd_bus_error_set_errnof(error, errno, "Failed to create pipe: %m");

        r = safe_fork("(sd-imgclone)", FORK_RESET_SIGNALS, &child);
        if (r < 0)
                return sd_bus_error_set_errnof(error, r, "Failed to fork(): %m");
        if (r == 0) {
                errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]);

                r = image_clone(image, new_name, read_only);
                if (r < 0) {
                        (void) write(errno_pipe_fd[1], &r, sizeof(r));
                        _exit(EXIT_FAILURE);
                }

                _exit(EXIT_SUCCESS);
        }

        errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);

        r = operation_new(m, NULL, child, message, errno_pipe_fd[0], NULL);
        if (r < 0) {
                (void) sigkill_wait(child);
                return r;
        }

        errno_pipe_fd[0] = -1;

        return 1;
}

int bus_image_method_mark_read_only(
                sd_bus_message *message,
                void *userdata,
                sd_bus_error *error) {

        Image *image = userdata;
        Manager *m = image->userdata;
        int r, read_only;

        assert(message);

        r = sd_bus_message_read(message, "b", &read_only);
        if (r < 0)
                return r;

        r = bus_verify_polkit_async(
                        message,
                        CAP_SYS_ADMIN,
                        "org.freedesktop.machine1.manage-images",
                        NULL,
                        false,
                        UID_INVALID,
                        &m->polkit_registry,
                        error);
        if (r < 0)
                return r;
        if (r == 0)
                return 1; /* Will call us back */

        r = image_read_only(image, read_only);
        if (r < 0)
                return r;

        return sd_bus_reply_method_return(message, NULL);
}

int bus_image_method_set_limit(
                sd_bus_message *message,
                void *userdata,
                sd_bus_error *error) {

        Image *image = userdata;
        Manager *m = image->userdata;
        uint64_t limit;
        int r;

        assert(message);

        r = sd_bus_message_read(message, "t", &limit);
        if (r < 0)
                return r;
        if (!FILE_SIZE_VALID_OR_INFINITY(limit))
                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "New limit out of range");

        r = bus_verify_polkit_async(
                        message,
                        CAP_SYS_ADMIN,
                        "org.freedesktop.machine1.manage-images",
                        NULL,
                        false,
                        UID_INVALID,
                        &m->polkit_registry,
                        error);
        if (r < 0)
                return r;
        if (r == 0)
                return 1; /* Will call us back */

        r = image_set_limit(image, limit);
        if (r < 0)
                return r;

        return sd_bus_reply_method_return(message, NULL);
}

int bus_image_method_get_hostname(
                sd_bus_message *message,
                void *userdata,
                sd_bus_error *error) {

        Image *image = userdata;
        int r;

        if (!image->metadata_valid) {
                r = image_read_metadata(image);
                if (r < 0)
                        return sd_bus_error_set_errnof(error, r, "Failed to read image metadata: %m");
        }

        return sd_bus_reply_method_return(message, "s", image->hostname);
}

int bus_image_method_get_machine_id(
                sd_bus_message *message,
                void *userdata,
                sd_bus_error *error) {

        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
        Image *image = userdata;
        int r;

        if (!image->metadata_valid) {
                r = image_read_metadata(image);
                if (r < 0)
                        return sd_bus_error_set_errnof(error, r, "Failed to read image metadata: %m");
        }

        r = sd_bus_message_new_method_return(message, &reply);
        if (r < 0)
                return r;

        if (sd_id128_is_null(image->machine_id)) /* Add an empty array if the ID is zero */
                r = sd_bus_message_append(reply, "ay", 0);
        else
                r = sd_bus_message_append_array(reply, 'y', image->machine_id.bytes, 16);
        if (r < 0)
                return r;

        return sd_bus_send(NULL, reply, NULL);
}

int bus_image_method_get_machine_info(
                sd_bus_message *message,
                void *userdata,
                sd_bus_error *error) {

        Image *image = userdata;
        int r;

        if (!image->metadata_valid) {
                r = image_read_metadata(image);
                if (r < 0)
                        return sd_bus_error_set_errnof(error, r, "Failed to read image metadata: %m");
        }

        return bus_reply_pair_array(message, image->machine_info);
}

int bus_image_method_get_os_release(
                sd_bus_message *message,
                void *userdata,
                sd_bus_error *error) {

        Image *image = userdata;
        int r;

        if (!image->metadata_valid) {
                r = image_read_metadata(image);
                if (r < 0)
                        return sd_bus_error_set_errnof(error, r, "Failed to read image metadata: %m");
        }

        return bus_reply_pair_array(message, image->os_release);
}

const sd_bus_vtable image_vtable[] = {
        SD_BUS_VTABLE_START(0),
        SD_BUS_PROPERTY("Name", "s", NULL, offsetof(Image, name), 0),
        SD_BUS_PROPERTY("Path", "s", NULL, offsetof(Image, path), 0),
        SD_BUS_PROPERTY("Type", "s", property_get_type,  offsetof(Image, type), 0),
        SD_BUS_PROPERTY("ReadOnly", "b", bus_property_get_bool, offsetof(Image, read_only), 0),
        SD_BUS_PROPERTY("CreationTimestamp", "t", NULL, offsetof(Image, crtime), 0),
        SD_BUS_PROPERTY("ModificationTimestamp", "t", NULL, offsetof(Image, mtime), 0),
        SD_BUS_PROPERTY("Usage", "t", NULL, offsetof(Image, usage), 0),
        SD_BUS_PROPERTY("Limit", "t", NULL, offsetof(Image, limit), 0),
        SD_BUS_PROPERTY("UsageExclusive", "t", NULL, offsetof(Image, usage_exclusive), 0),
        SD_BUS_PROPERTY("LimitExclusive", "t", NULL, offsetof(Image, limit_exclusive), 0),
        SD_BUS_METHOD("Remove", NULL, NULL, bus_image_method_remove, SD_BUS_VTABLE_UNPRIVILEGED),
        SD_BUS_METHOD("Rename", "s", NULL, bus_image_method_rename, SD_BUS_VTABLE_UNPRIVILEGED),
        SD_BUS_METHOD("Clone", "sb", NULL, bus_image_method_clone, SD_BUS_VTABLE_UNPRIVILEGED),
        SD_BUS_METHOD("MarkReadOnly", "b", NULL, bus_image_method_mark_read_only, SD_BUS_VTABLE_UNPRIVILEGED),
        SD_BUS_METHOD("SetLimit", "t", NULL, bus_image_method_set_limit, SD_BUS_VTABLE_UNPRIVILEGED),
        SD_BUS_METHOD("GetHostname", NULL, "s", bus_image_method_get_hostname, SD_BUS_VTABLE_UNPRIVILEGED),
        SD_BUS_METHOD("GetMachineID", NULL, "ay", bus_image_method_get_machine_id, SD_BUS_VTABLE_UNPRIVILEGED),
        SD_BUS_METHOD("GetMachineInfo", NULL, "a{ss}", bus_image_method_get_machine_info, SD_BUS_VTABLE_UNPRIVILEGED),
        SD_BUS_METHOD("GetOSRelease", NULL, "a{ss}", bus_image_method_get_os_release, SD_BUS_VTABLE_UNPRIVILEGED),
        SD_BUS_VTABLE_END
};

static int image_flush_cache(sd_event_source *s, void *userdata) {
        Manager *m = userdata;

        assert(s);
        assert(m);

        hashmap_clear(m->image_cache);
        return 0;
}

int image_object_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
        _cleanup_free_ char *e = NULL;
        Manager *m = userdata;
        Image *image = NULL;
        const char *p;
        int r;

        assert(bus);
        assert(path);
        assert(interface);
        assert(found);

        p = startswith(path, "/org/freedesktop/machine1/image/");
        if (!p)
                return 0;

        e = bus_label_unescape(p);
        if (!e)
                return -ENOMEM;

        image = hashmap_get(m->image_cache, e);
        if (image) {
                *found = image;
                return 1;
        }

        r = hashmap_ensure_allocated(&m->image_cache, &image_hash_ops);
        if (r < 0)
                return r;

        if (!m->image_cache_defer_event) {
                r = sd_event_add_defer(m->event, &m->image_cache_defer_event, image_flush_cache, m);
                if (r < 0)
                        return r;

                r = sd_event_source_set_priority(m->image_cache_defer_event, SD_EVENT_PRIORITY_IDLE);
                if (r < 0)
                        return r;
        }

        r = sd_event_source_set_enabled(m->image_cache_defer_event, SD_EVENT_ONESHOT);
        if (r < 0)
                return r;

        r = image_find(IMAGE_MACHINE, e, &image);
        if (r == -ENOENT)
                return 0;
        if (r < 0)
                return r;

        image->userdata = m;

        r = hashmap_put(m->image_cache, image->name, image);
        if (r < 0) {
                image_unref(image);
                return r;
        }

        *found = image;
        return 1;
}

char *image_bus_path(const char *name) {
        _cleanup_free_ char *e = NULL;

        assert(name);

        e = bus_label_escape(name);
        if (!e)
                return NULL;

        return strjoin("/org/freedesktop/machine1/image/", e);
}

int image_node_enumerator(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error) {
        _cleanup_hashmap_free_ Hashmap *images = NULL;
        _cleanup_strv_free_ char **l = NULL;
        Image *image;
        Iterator i;
        int r;

        assert(bus);
        assert(path);
        assert(nodes);

        images = hashmap_new(&image_hash_ops);
        if (!images)
                return -ENOMEM;

        r = image_discover(IMAGE_MACHINE, images);
        if (r < 0)
                return r;

        HASHMAP_FOREACH(image, images, i) {
                char *p;

                p = image_bus_path(image->name);
                if (!p)
                        return -ENOMEM;

                r = strv_consume(&l, p);
                if (r < 0)
                        return r;
        }

        *nodes = TAKE_PTR(l);

        return 1;
}
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
ebeccf9e	2
fe993888	3	#include <sys/file.h>
9153b02b LP	4	#include <sys/mount.h>
9153b02b LP	5
b5efdb8a	6	#include "alloc-util.h"
ebeccf9e	7	#include "bus-label.h"
269e4d2d	8	#include "bus-polkit.h"
1ddb263d	9	#include "bus-util.h"
9153b02b LP	10	#include "copy.h"
9153b02b LP	11	#include "dissect-image.h"
56599585	12	#include "fd-util.h"
9153b02b LP	13	#include "fileio.h"
9153b02b LP	14	#include "fs-util.h"
003dffde	15	#include "image-dbus.h"
a90fb858	16	#include "io-util.h"
9153b02b	17	#include "loop-util.h"
ee104e11	18	#include "machine-image.h"
204f52e3	19	#include "missing_capability.h"
9153b02b	20	#include "mount-util.h"
56599585	21	#include "process-util.h"
9153b02b	22	#include "raw-clone.h"
ee104e11 LP	23	#include "strv.h"
ee104e11 LP	24	#include "user-util.h"
ebeccf9e	25
1ddb263d	26	static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_type, image_type, ImageType);
ebeccf9e	27
1ddb263d	28	int bus_image_method_remove(
08682124 LP	29	sd_bus_message *message,
	30	void *userdata,
	31	sd_bus_error *error) {
	32
5d2036b5	33	_cleanup_close_pair_ int errno_pipe_fd[2] = { -1, -1 };
1ddb263d	34	Image *image = userdata;
70244d1d	35	Manager *m = image->userdata;
5d2036b5	36	pid_t child;
08682124 LP	37	int r;
08682124 LP	38
08682124	39	assert(message);
1ddb263d	40	assert(image);
08682124	41
5d2036b5 LP	42	if (m->n_operations >= OPERATIONS_MAX)
	43	return sd_bus_error_setf(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Too many ongoing operations.");
	44
70244d1d LP	45	r = bus_verify_polkit_async(
	46	message,
	47	CAP_SYS_ADMIN,
	48	"org.freedesktop.machine1.manage-images",
403ed0e5	49	NULL,
70244d1d	50	false,
c529695e	51	UID_INVALID,
70244d1d LP	52	&m->polkit_registry,
	53	error);
	54	if (r < 0)
	55	return r;
	56	if (r == 0)
	57	return 1; /* Will call us back */
	58
5d2036b5 LP	59	if (pipe2(errno_pipe_fd, O_CLOEXEC\|O_NONBLOCK) < 0)
	60	return sd_bus_error_set_errnof(error, errno, "Failed to create pipe: %m");
	61
4c253ed1 LP	62	r = safe_fork("(sd-imgrm)", FORK_RESET_SIGNALS, &child);
	63	if (r < 0)
	64	return sd_bus_error_set_errnof(error, r, "Failed to fork(): %m");
	65	if (r == 0) {
5d2036b5 LP	66	errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]);
	67
	68	r = image_remove(image);
	69	if (r < 0) {
	70	(void) write(errno_pipe_fd[1], &r, sizeof(r));
	71	_exit(EXIT_FAILURE);
	72	}
	73
	74	_exit(EXIT_SUCCESS);
	75	}
	76
	77	errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
	78
03c2b288	79	r = operation_new(m, NULL, child, message, errno_pipe_fd[0], NULL);
5d2036b5 LP	80	if (r < 0) {
5d2036b5 LP	81	(void) sigkill_wait(child);
08682124	82	return r;
5d2036b5 LP	83	}
	84
	85	errno_pipe_fd[0] = -1;
08682124	86
5d2036b5	87	return 1;
08682124 LP	88	}
08682124 LP	89
1ddb263d	90	int bus_image_method_rename(
ebd93cb6 LP	91	sd_bus_message *message,
	92	void *userdata,
	93	sd_bus_error *error) {
	94
1ddb263d	95	Image *image = userdata;
70244d1d	96	Manager *m = image->userdata;
ebd93cb6 LP	97	const char *new_name;
	98	int r;
	99
ebd93cb6	100	assert(message);
1ddb263d	101	assert(image);
ebd93cb6 LP	102
	103	r = sd_bus_message_read(message, "s", &new_name);
	104	if (r < 0)
	105	return r;
	106
	107	if (!image_name_is_valid(new_name))
	108	return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", new_name);
	109
70244d1d LP	110	r = bus_verify_polkit_async(
	111	message,
	112	CAP_SYS_ADMIN,
	113	"org.freedesktop.machine1.manage-images",
403ed0e5	114	NULL,
70244d1d	115	false,
c529695e	116	UID_INVALID,
70244d1d LP	117	&m->polkit_registry,
	118	error);
	119	if (r < 0)
	120	return r;
	121	if (r == 0)
	122	return 1; /* Will call us back */
	123
ebd93cb6 LP	124	r = image_rename(image, new_name);
	125	if (r < 0)
	126	return r;
	127
	128	return sd_bus_reply_method_return(message, NULL);
	129	}
	130
1ddb263d	131	int bus_image_method_clone(
ebd93cb6 LP	132	sd_bus_message *message,
	133	void *userdata,
	134	sd_bus_error *error) {
	135
56599585	136	_cleanup_close_pair_ int errno_pipe_fd[2] = { -1, -1 };
1ddb263d	137	Image *image = userdata;
70244d1d	138	Manager *m = image->userdata;
ebd93cb6 LP	139	const char *new_name;
ebd93cb6 LP	140	int r, read_only;
56599585	141	pid_t child;
ebd93cb6	142
ebd93cb6	143	assert(message);
1ddb263d	144	assert(image);
56599585 LP	145	assert(m);
	146
	147	if (m->n_operations >= OPERATIONS_MAX)
	148	return sd_bus_error_setf(error, SD_BUS_ERROR_LIMITS_EXCEEDED, "Too many ongoing operations.");
ebd93cb6 LP	149
	150	r = sd_bus_message_read(message, "sb", &new_name, &read_only);
	151	if (r < 0)
	152	return r;
	153
	154	if (!image_name_is_valid(new_name))
	155	return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image name '%s' is invalid.", new_name);
	156
70244d1d LP	157	r = bus_verify_polkit_async(
	158	message,
	159	CAP_SYS_ADMIN,
	160	"org.freedesktop.machine1.manage-images",
403ed0e5	161	NULL,
70244d1d	162	false,
c529695e	163	UID_INVALID,
70244d1d LP	164	&m->polkit_registry,
	165	error);
	166	if (r < 0)
	167	return r;
	168	if (r == 0)
	169	return 1; /* Will call us back */
	170
56599585 LP	171	if (pipe2(errno_pipe_fd, O_CLOEXEC\|O_NONBLOCK) < 0)
	172	return sd_bus_error_set_errnof(error, errno, "Failed to create pipe: %m");
	173
f2747bf5	174	r = safe_fork("(sd-imgclone)", FORK_RESET_SIGNALS, &child);
4c253ed1 LP	175	if (r < 0)
	176	return sd_bus_error_set_errnof(error, r, "Failed to fork(): %m");
	177	if (r == 0) {
56599585 LP	178	errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]);
	179
	180	r = image_clone(image, new_name, read_only);
	181	if (r < 0) {
	182	(void) write(errno_pipe_fd[1], &r, sizeof(r));
	183	_exit(EXIT_FAILURE);
	184	}
	185
	186	_exit(EXIT_SUCCESS);
	187	}
	188
	189	errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
	190
03c2b288	191	r = operation_new(m, NULL, child, message, errno_pipe_fd[0], NULL);
56599585	192	if (r < 0) {
89c9030d	193	(void) sigkill_wait(child);
ebd93cb6	194	return r;
56599585	195	}
ebd93cb6	196
56599585 LP	197	errno_pipe_fd[0] = -1;
	198
	199	return 1;
ebd93cb6 LP	200	}
ebd93cb6 LP	201
1ddb263d	202	int bus_image_method_mark_read_only(
ebd93cb6 LP	203	sd_bus_message *message,
	204	void *userdata,
	205	sd_bus_error *error) {
	206
1ddb263d	207	Image *image = userdata;
70244d1d	208	Manager *m = image->userdata;
ebd93cb6 LP	209	int r, read_only;
ebd93cb6 LP	210
ebd93cb6 LP	211	assert(message);
ebd93cb6 LP	212
ebd93cb6 LP	213	r = sd_bus_message_read(message, "b", &read_only);
	214	if (r < 0)
	215	return r;
	216
70244d1d LP	217	r = bus_verify_polkit_async(
	218	message,
	219	CAP_SYS_ADMIN,
	220	"org.freedesktop.machine1.manage-images",
403ed0e5	221	NULL,
70244d1d	222	false,
c529695e	223	UID_INVALID,
70244d1d LP	224	&m->polkit_registry,
	225	error);
	226	if (r < 0)
	227	return r;
	228	if (r == 0)
	229	return 1; /* Will call us back */
	230
ebd93cb6 LP	231	r = image_read_only(image, read_only);
	232	if (r < 0)
	233	return r;
	234
	235	return sd_bus_reply_method_return(message, NULL);
	236	}
	237
d6ce17c7	238	int bus_image_method_set_limit(
d6ce17c7 LP	239	sd_bus_message *message,
	240	void *userdata,
	241	sd_bus_error *error) {
	242
	243	Image *image = userdata;
	244	Manager *m = image->userdata;
	245	uint64_t limit;
	246	int r;
	247
d6ce17c7 LP	248	assert(message);
	249
	250	r = sd_bus_message_read(message, "t", &limit);
	251	if (r < 0)
	252	return r;
a90fb858 LP	253	if (!FILE_SIZE_VALID_OR_INFINITY(limit))
a90fb858 LP	254	return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "New limit out of range");
d6ce17c7 LP	255
	256	r = bus_verify_polkit_async(
	257	message,
	258	CAP_SYS_ADMIN,
	259	"org.freedesktop.machine1.manage-images",
403ed0e5	260	NULL,
d6ce17c7 LP	261	false,
	262	UID_INVALID,
	263	&m->polkit_registry,
	264	error);
	265	if (r < 0)
	266	return r;
	267	if (r == 0)
	268	return 1; /* Will call us back */
	269
	270	r = image_set_limit(image, limit);
	271	if (r < 0)
	272	return r;
	273
	274	return sd_bus_reply_method_return(message, NULL);
	275	}
	276
cf30a8c1 LP	277	int bus_image_method_get_hostname(
	278	sd_bus_message *message,
	279	void *userdata,
	280	sd_bus_error *error) {
9153b02b	281
cf30a8c1	282	Image *image = userdata;
9153b02b LP	283	int r;
9153b02b LP	284
cf30a8c1 LP	285	if (!image->metadata_valid) {
	286	r = image_read_metadata(image);
	287	if (r < 0)
	288	return sd_bus_error_set_errnof(error, r, "Failed to read image metadata: %m");
	289	}
9153b02b	290
cf30a8c1	291	return sd_bus_reply_method_return(message, "s", image->hostname);
9153b02b LP	292	}
9153b02b LP	293
cf30a8c1 LP	294	int bus_image_method_get_machine_id(
	295	sd_bus_message *message,
	296	void *userdata,
	297	sd_bus_error *error) {
9153b02b	298
cf30a8c1 LP	299	_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
	300	Image *image = userdata;
	301	int r;
9153b02b	302
cf30a8c1 LP	303	if (!image->metadata_valid) {
cf30a8c1 LP	304	r = image_read_metadata(image);
9153b02b	305	if (r < 0)
cf30a8c1	306	return sd_bus_error_set_errnof(error, r, "Failed to read image metadata: %m");
9153b02b LP	307	}
9153b02b LP	308
cf30a8c1	309	r = sd_bus_message_new_method_return(message, &reply);
9153b02b LP	310	if (r < 0)
	311	return r;
	312
cf30a8c1 LP	313	if (sd_id128_is_null(image->machine_id)) /* Add an empty array if the ID is zero */
	314	r = sd_bus_message_append(reply, "ay", 0);
	315	else
	316	r = sd_bus_message_append_array(reply, 'y', image->machine_id.bytes, 16);
9153b02b	317	if (r < 0)
cf30a8c1	318	return r;
9153b02b	319
cf30a8c1	320	return sd_bus_send(NULL, reply, NULL);
9153b02b LP	321	}
9153b02b LP	322
cf30a8c1	323	int bus_image_method_get_machine_info(
9153b02b LP	324	sd_bus_message *message,
	325	void *userdata,
	326	sd_bus_error *error) {
	327
9153b02b LP	328	Image *image = userdata;
	329	int r;
	330
cf30a8c1 LP	331	if (!image->metadata_valid) {
	332	r = image_read_metadata(image);
	333	if (r < 0)
	334	return sd_bus_error_set_errnof(error, r, "Failed to read image metadata: %m");
	335	}
9153b02b	336
cf30a8c1 LP	337	return bus_reply_pair_array(message, image->machine_info);
cf30a8c1 LP	338	}
9153b02b	339
cf30a8c1 LP	340	int bus_image_method_get_os_release(
	341	sd_bus_message *message,
	342	void *userdata,
	343	sd_bus_error *error) {
9153b02b	344
cf30a8c1 LP	345	Image *image = userdata;
cf30a8c1 LP	346	int r;
9153b02b	347
cf30a8c1 LP	348	if (!image->metadata_valid) {
	349	r = image_read_metadata(image);
	350	if (r < 0)
	351	return sd_bus_error_set_errnof(error, r, "Failed to read image metadata: %m");
9153b02b	352	}
9153b02b	353
cf30a8c1	354	return bus_reply_pair_array(message, image->os_release);
9153b02b LP	355	}
9153b02b LP	356
ebeccf9e LP	357	const sd_bus_vtable image_vtable[] = {
ebeccf9e LP	358	SD_BUS_VTABLE_START(0),
1ddb263d LP	359	SD_BUS_PROPERTY("Name", "s", NULL, offsetof(Image, name), 0),
	360	SD_BUS_PROPERTY("Path", "s", NULL, offsetof(Image, path), 0),
	361	SD_BUS_PROPERTY("Type", "s", property_get_type, offsetof(Image, type), 0),
	362	SD_BUS_PROPERTY("ReadOnly", "b", bus_property_get_bool, offsetof(Image, read_only), 0),
	363	SD_BUS_PROPERTY("CreationTimestamp", "t", NULL, offsetof(Image, crtime), 0),
	364	SD_BUS_PROPERTY("ModificationTimestamp", "t", NULL, offsetof(Image, mtime), 0),
c19de711	365	SD_BUS_PROPERTY("Usage", "t", NULL, offsetof(Image, usage), 0),
1ddb263d	366	SD_BUS_PROPERTY("Limit", "t", NULL, offsetof(Image, limit), 0),
c19de711	367	SD_BUS_PROPERTY("UsageExclusive", "t", NULL, offsetof(Image, usage_exclusive), 0),
1ddb263d	368	SD_BUS_PROPERTY("LimitExclusive", "t", NULL, offsetof(Image, limit_exclusive), 0),
70244d1d LP	369	SD_BUS_METHOD("Remove", NULL, NULL, bus_image_method_remove, SD_BUS_VTABLE_UNPRIVILEGED),
	370	SD_BUS_METHOD("Rename", "s", NULL, bus_image_method_rename, SD_BUS_VTABLE_UNPRIVILEGED),
	371	SD_BUS_METHOD("Clone", "sb", NULL, bus_image_method_clone, SD_BUS_VTABLE_UNPRIVILEGED),
	372	SD_BUS_METHOD("MarkReadOnly", "b", NULL, bus_image_method_mark_read_only, SD_BUS_VTABLE_UNPRIVILEGED),
d6ce17c7	373	SD_BUS_METHOD("SetLimit", "t", NULL, bus_image_method_set_limit, SD_BUS_VTABLE_UNPRIVILEGED),
cf30a8c1 LP	374	SD_BUS_METHOD("GetHostname", NULL, "s", bus_image_method_get_hostname, SD_BUS_VTABLE_UNPRIVILEGED),
	375	SD_BUS_METHOD("GetMachineID", NULL, "ay", bus_image_method_get_machine_id, SD_BUS_VTABLE_UNPRIVILEGED),
	376	SD_BUS_METHOD("GetMachineInfo", NULL, "a{ss}", bus_image_method_get_machine_info, SD_BUS_VTABLE_UNPRIVILEGED),
9153b02b	377	SD_BUS_METHOD("GetOSRelease", NULL, "a{ss}", bus_image_method_get_os_release, SD_BUS_VTABLE_UNPRIVILEGED),
ebeccf9e LP	378	SD_BUS_VTABLE_END
	379	};
	380
1ddb263d LP	381	static int image_flush_cache(sd_event_source s, void userdata) {
1ddb263d LP	382	Manager *m = userdata;
1ddb263d LP	383
	384	assert(s);
	385	assert(m);
	386
b07ec5a1	387	hashmap_clear(m->image_cache);
1ddb263d LP	388	return 0;
	389	}
	390
ebeccf9e	391	int image_object_find(sd_bus bus, const char path, const char interface, void userdata, void *found, sd_bus_error error) {
1ddb263d LP	392	_cleanup_free_ char *e = NULL;
	393	Manager *m = userdata;
	394	Image *image = NULL;
	395	const char *p;
ebeccf9e LP	396	int r;
	397
	398	assert(bus);
	399	assert(path);
	400	assert(interface);
	401	assert(found);
	402
1ddb263d LP	403	p = startswith(path, "/org/freedesktop/machine1/image/");
	404	if (!p)
	405	return 0;
	406
	407	e = bus_label_unescape(p);
	408	if (!e)
	409	return -ENOMEM;
	410
	411	image = hashmap_get(m->image_cache, e);
	412	if (image) {
	413	*found = image;
	414	return 1;
	415	}
	416
b07ec5a1	417	r = hashmap_ensure_allocated(&m->image_cache, &image_hash_ops);
1ddb263d LP	418	if (r < 0)
	419	return r;
	420
	421	if (!m->image_cache_defer_event) {
	422	r = sd_event_add_defer(m->event, &m->image_cache_defer_event, image_flush_cache, m);
	423	if (r < 0)
	424	return r;
	425
	426	r = sd_event_source_set_priority(m->image_cache_defer_event, SD_EVENT_PRIORITY_IDLE);
	427	if (r < 0)
	428	return r;
	429	}
	430
	431	r = sd_event_source_set_enabled(m->image_cache_defer_event, SD_EVENT_ONESHOT);
	432	if (r < 0)
	433	return r;
	434
5ef46e5f	435	r = image_find(IMAGE_MACHINE, e, &image);
3a6ce860 LP	436	if (r == -ENOENT)
	437	return 0;
	438	if (r < 0)
ebeccf9e LP	439	return r;
ebeccf9e LP	440
70244d1d LP	441	image->userdata = m;
70244d1d LP	442
1ddb263d LP	443	r = hashmap_put(m->image_cache, image->name, image);
	444	if (r < 0) {
	445	image_unref(image);
	446	return r;
	447	}
	448
	449	*found = image;
ebeccf9e LP	450	return 1;
	451	}
	452
	453	char image_bus_path(const char name) {
	454	_cleanup_free_ char *e = NULL;
	455
	456	assert(name);
	457
	458	e = bus_label_escape(name);
	459	if (!e)
	460	return NULL;
	461
b910cc72	462	return strjoin("/org/freedesktop/machine1/image/", e);
ebeccf9e LP	463	}
	464
	465	int image_node_enumerator(sd_bus bus, const char path, void userdata, char *nodes, sd_bus_error error) {
b07ec5a1	466	_cleanup_hashmap_free_ Hashmap *images = NULL;
ebeccf9e LP	467	_cleanup_strv_free_ char **l = NULL;
	468	Image *image;
	469	Iterator i;
	470	int r;
	471
	472	assert(bus);
	473	assert(path);
	474	assert(nodes);
	475
b07ec5a1	476	images = hashmap_new(&image_hash_ops);
ebeccf9e LP	477	if (!images)
	478	return -ENOMEM;
	479
5ef46e5f	480	r = image_discover(IMAGE_MACHINE, images);
ebeccf9e LP	481	if (r < 0)
	482	return r;
	483
	484	HASHMAP_FOREACH(image, images, i) {
	485	char *p;
	486
	487	p = image_bus_path(image->name);
	488	if (!p)
	489	return -ENOMEM;
	490
	491	r = strv_consume(&l, p);
	492	if (r < 0)
	493	return r;
	494	}
	495
1cc6c93a	496	*nodes = TAKE_PTR(l);
ebeccf9e LP	497
	498	return 1;
	499	}