]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/shared/pager.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #17497 from anitazha/randomizeonce
[thirdparty/systemd.git] / src / shared / pager.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <errno.h>
4 #include <stddef.h>
5 #include <stdint.h>
6 #include <stdio.h>
7 #include <stdlib.h>
8 #include <sys/prctl.h>
9 #include <unistd.h>
10
11 #include "sd-login.h"
12
13 #include "copy.h"
14 #include "env-util.h"
15 #include "fd-util.h"
16 #include "fileio.h"
17 #include "io-util.h"
18 #include "locale-util.h"
19 #include "log.h"
20 #include "macro.h"
21 #include "pager.h"
22 #include "process-util.h"
23 #include "rlimit-util.h"
24 #include "signal-util.h"
25 #include "string-util.h"
26 #include "strv.h"
27 #include "terminal-util.h"
28 #include "util.h"
29
30 static pid_t pager_pid = 0;
31
32 static int stored_stdout = -1;
33 static int stored_stderr = -1;
34 static bool stdout_redirected = false;
35 static bool stderr_redirected = false;
36
37 _noreturn_ static void pager_fallback(void) {
38 int r;
39
40 r = copy_bytes(STDIN_FILENO, STDOUT_FILENO, (uint64_t) -1, 0);
41 if (r < 0) {
42 log_error_errno(r, "Internal pager failed: %m");
43 _exit(EXIT_FAILURE);
44 }
45
46 _exit(EXIT_SUCCESS);
47 }
48
49 static int no_quit_on_interrupt(int exe_name_fd, const char *less_opts) {
50 _cleanup_fclose_ FILE *file = NULL;
51 _cleanup_free_ char *line = NULL;
52 int r;
53
54 assert(exe_name_fd >= 0);
55 assert(less_opts);
56
57 /* This takes ownership of exe_name_fd */
58 file = fdopen(exe_name_fd, "r");
59 if (!file) {
60 safe_close(exe_name_fd);
61 return log_error_errno(errno, "Failed to create FILE object: %m");
62 }
63
64 /* Find the last line */
65 for (;;) {
66 _cleanup_free_ char *t = NULL;
67
68 r = read_line(file, LONG_LINE_MAX, &t);
69 if (r < 0)
70 return log_error_errno(r, "Failed to read from socket: %m");
71 if (r == 0)
72 break;
73
74 free_and_replace(line, t);
75 }
76
77 /* We only treat "less" specially.
78 * Return true whenever option K is *not* set. */
79 r = streq_ptr(line, "less") && !strchr(less_opts, 'K');
80
81 log_debug("Pager executable is \"%s\", options \"%s\", quit_on_interrupt: %s",
82 strnull(line), less_opts, yes_no(!r));
83 return r;
84 }
85
86 int pager_open(PagerFlags flags) {
87 _cleanup_close_pair_ int fd[2] = { -1, -1 }, exe_name_pipe[2] = { -1, -1 };
88 _cleanup_strv_free_ char **pager_args = NULL;
89 const char *pager, *less_opts;
90 int r;
91
92 if (flags & PAGER_DISABLE)
93 return 0;
94
95 if (pager_pid > 0)
96 return 1;
97
98 if (terminal_is_dumb())
99 return 0;
100
101 if (!is_main_thread())
102 return log_error_errno(SYNTHETIC_ERRNO(EPERM), "Pager invoked from wrong thread.");
103
104 pager = getenv("SYSTEMD_PAGER");
105 if (!pager)
106 pager = getenv("PAGER");
107
108 if (pager) {
109 pager_args = strv_split(pager, WHITESPACE);
110 if (!pager_args)
111 return log_oom();
112
113 /* If the pager is explicitly turned off, honour it */
114 if (strv_isempty(pager_args) || strv_equal(pager_args, STRV_MAKE("cat")))
115 return 0;
116 }
117
118 /* Determine and cache number of columns/lines before we spawn the pager so that we get the value from the
119 * actual tty */
120 (void) columns();
121 (void) lines();
122
123 if (pipe2(fd, O_CLOEXEC) < 0)
124 return log_error_errno(errno, "Failed to create pager pipe: %m");
125
126 /* This is a pipe to feed the name of the executed pager binary into the parent */
127 if (pipe2(exe_name_pipe, O_CLOEXEC) < 0)
128 return log_error_errno(errno, "Failed to create exe_name pipe: %m");
129
130 /* Initialize a good set of less options */
131 less_opts = getenv("SYSTEMD_LESS");
132 if (!less_opts)
133 less_opts = "FRSXMK";
134 if (flags & PAGER_JUMP_TO_END)
135 less_opts = strjoina(less_opts, " +G");
136
137 /* We set SIGINT as PR_DEATHSIG signal here, to match the "K" parameter we set in $LESS, which enables SIGINT behaviour. */
138 r = safe_fork("(pager)", FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGINT|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pager_pid);
139 if (r < 0)
140 return r;
141 if (r == 0) {
142 const char *less_charset, *exe;
143
144 /* In the child start the pager */
145
146 if (dup2(fd[0], STDIN_FILENO) < 0) {
147 log_error_errno(errno, "Failed to duplicate file descriptor to STDIN: %m");
148 _exit(EXIT_FAILURE);
149 }
150
151 safe_close_pair(fd);
152
153 if (setenv("LESS", less_opts, 1) < 0) {
154 log_error_errno(errno, "Failed to set environment variable LESS: %m");
155 _exit(EXIT_FAILURE);
156 }
157
158 /* Initialize a good charset for less. This is particularly important if we output UTF-8
159 * characters. */
160 less_charset = getenv("SYSTEMD_LESSCHARSET");
161 if (!less_charset && is_locale_utf8())
162 less_charset = "utf-8";
163 if (less_charset &&
164 setenv("LESSCHARSET", less_charset, 1) < 0) {
165 log_error_errno(errno, "Failed to set environment variable LESSCHARSET: %m");
166 _exit(EXIT_FAILURE);
167 }
168
169 /* People might invoke us from sudo, don't needlessly allow less to be a way to shell out
170 * privileged stuff. If the user set $SYSTEMD_PAGERSECURE, trust their configuration of the
171 * pager. If they didn't, use secure mode when under euid is changed. If $SYSTEMD_PAGERSECURE
172 * wasn't explicitly set, and we autodetect the need for secure mode, only use the pager we
173 * know to be good. */
174 int use_secure_mode = getenv_bool_secure("SYSTEMD_PAGERSECURE");
175 bool trust_pager = use_secure_mode >= 0;
176 if (use_secure_mode == -ENXIO) {
177 uid_t uid;
178
179 r = sd_pid_get_owner_uid(0, &uid);
180 if (r < 0)
181 log_debug_errno(r, "sd_pid_get_owner_uid() failed, enabling pager secure mode: %m");
182
183 use_secure_mode = r < 0 || uid != geteuid();
184
185 } else if (use_secure_mode < 0) {
186 log_warning_errno(use_secure_mode, "Unable to parse $SYSTEMD_PAGERSECURE, assuming true: %m");
187 use_secure_mode = true;
188 }
189
190 /* We generally always set variables used by less, even if we end up using a different pager.
191 * They shouldn't hurt in any case, and ideally other pagers would look at them too. */
192 if (use_secure_mode)
193 r = setenv("LESSSECURE", "1", 1);
194 else
195 r = unsetenv("LESSSECURE");
196 if (r < 0) {
197 log_error_errno(errno, "Failed to adjust environment variable LESSSECURE: %m");
198 _exit(EXIT_FAILURE);
199 }
200
201 if (trust_pager && pager_args) { /* The pager config might be set globally, and we cannot
202 * know if the user adjusted it to be appropriate for the
203 * secure mode. Thus, start the pager specified through
204 * envvars only when $SYSTEMD_PAGERSECURE was explicitly set
205 * as well. */
206 r = loop_write(exe_name_pipe[1], pager_args[0], strlen(pager_args[0]) + 1, false);
207 if (r < 0) {
208 log_error_errno(r, "Failed to write pager name to socket: %m");
209 _exit(EXIT_FAILURE);
210 }
211
212 execvp(pager_args[0], pager_args);
213 log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_WARNING, errno,
214 "Failed to execute '%s', using fallback pagers: %m", pager_args[0]);
215 }
216
217 /* Debian's alternatives command for pagers is called 'pager'. Note that we do not call
218 * sensible-pagers here, since that is just a shell script that implements a logic that is
219 * similar to this one anyway, but is Debian-specific. */
220 FOREACH_STRING(exe, "pager", "less", "more") {
221 /* Only less implements secure mode right now. */
222 if (use_secure_mode && !streq(exe, "less"))
223 continue;
224
225 r = loop_write(exe_name_pipe[1], exe, strlen(exe) + 1, false);
226 if (r < 0) {
227 log_error_errno(r, "Failed to write pager name to socket: %m");
228 _exit(EXIT_FAILURE);
229 }
230 execlp(exe, exe, NULL);
231 log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_WARNING, errno,
232 "Failed to execute '%s', using next fallback pager: %m", exe);
233 }
234
235 /* Our builtin is also very secure. */
236 r = loop_write(exe_name_pipe[1], "(built-in)", strlen("(built-in)") + 1, false);
237 if (r < 0) {
238 log_error_errno(r, "Failed to write pager name to socket: %m");
239 _exit(EXIT_FAILURE);
240 }
241 /* Close pipe to signal the parent to start sending data */
242 safe_close_pair(exe_name_pipe);
243 pager_fallback();
244 /* not reached */
245 }
246
247 /* Return in the parent */
248 stored_stdout = fcntl(STDOUT_FILENO, F_DUPFD_CLOEXEC, 3);
249 if (dup2(fd[1], STDOUT_FILENO) < 0) {
250 stored_stdout = safe_close(stored_stdout);
251 return log_error_errno(errno, "Failed to duplicate pager pipe: %m");
252 }
253 stdout_redirected = true;
254
255 stored_stderr = fcntl(STDERR_FILENO, F_DUPFD_CLOEXEC, 3);
256 if (dup2(fd[1], STDERR_FILENO) < 0) {
257 stored_stderr = safe_close(stored_stderr);
258 return log_error_errno(errno, "Failed to duplicate pager pipe: %m");
259 }
260 stderr_redirected = true;
261
262 exe_name_pipe[1] = safe_close(exe_name_pipe[1]);
263
264 r = no_quit_on_interrupt(TAKE_FD(exe_name_pipe[0]), less_opts);
265 if (r < 0)
266 return r;
267 if (r > 0)
268 (void) ignore_signals(SIGINT, -1);
269
270 return 1;
271 }
272
273 void pager_close(void) {
274
275 if (pager_pid <= 0)
276 return;
277
278 /* Inform pager that we are done */
279 (void) fflush(stdout);
280 if (stdout_redirected)
281 if (stored_stdout < 0 || dup2(stored_stdout, STDOUT_FILENO) < 0)
282 (void) close(STDOUT_FILENO);
283 stored_stdout = safe_close(stored_stdout);
284 (void) fflush(stderr);
285 if (stderr_redirected)
286 if (stored_stderr < 0 || dup2(stored_stderr, STDERR_FILENO) < 0)
287 (void) close(STDERR_FILENO);
288 stored_stderr = safe_close(stored_stderr);
289 stdout_redirected = stderr_redirected = false;
290
291 (void) kill(pager_pid, SIGCONT);
292 (void) wait_for_terminate(pager_pid, NULL);
293 pager_pid = 0;
294 }
295
296 bool pager_have(void) {
297 return pager_pid > 0;
298 }
299
300 int show_man_page(const char *desc, bool null_stdio) {
301 const char *args[4] = { "man", NULL, NULL, NULL };
302 char *e = NULL;
303 pid_t pid;
304 size_t k;
305 int r;
306
307 k = strlen(desc);
308
309 if (desc[k-1] == ')')
310 e = strrchr(desc, '(');
311
312 if (e) {
313 char *page = NULL, *section = NULL;
314
315 page = strndupa(desc, e - desc);
316 section = strndupa(e + 1, desc + k - e - 2);
317
318 args[1] = section;
319 args[2] = page;
320 } else
321 args[1] = desc;
322
323 r = safe_fork("(man)", FORK_RESET_SIGNALS|FORK_DEATHSIG|(null_stdio ? FORK_NULL_STDIO : 0)|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
324 if (r < 0)
325 return r;
326 if (r == 0) {
327 /* Child */
328 execvp(args[0], (char**) args);
329 log_error_errno(errno, "Failed to execute man: %m");
330 _exit(EXIT_FAILURE);
331 }
332
333 return wait_for_terminate_and_check(NULL, pid, 0);
334 }
Unnamed repository; edit this file 'description' to name the repository.