]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
89711996 | 2 | |
1cf40697 | 3 | #include <stdio.h> |
69a283c5 | 4 | #include <stdlib.h> |
89711996 ZJS |
5 | #include <unistd.h> |
6 | ||
7 | #include "alloc-util.h" | |
05c754bc | 8 | #include "bitfield.h" |
2e4cfe65 | 9 | #include "conf-files.h" |
686d13b9 | 10 | #include "env-file.h" |
c6e47247 | 11 | #include "env-util.h" |
3f51bbff | 12 | #include "errno-util.h" |
9ec4f7c7 | 13 | #include "escape.h" |
89711996 | 14 | #include "exec-util.h" |
c6e47247 ZJS |
15 | #include "fd-util.h" |
16 | #include "fileio.h" | |
89711996 | 17 | #include "hashmap.h" |
69a283c5 | 18 | #include "log.h" |
03469b77 | 19 | #include "path-util.h" |
89711996 | 20 | #include "process-util.h" |
d68c645b | 21 | #include "serialize.h" |
89711996 | 22 | #include "stat-util.h" |
b3d59367 | 23 | #include "string-table.h" |
89711996 ZJS |
24 | #include "string-util.h" |
25 | #include "strv.h" | |
c6e47247 | 26 | #include "terminal-util.h" |
69a283c5 | 27 | #include "time-util.h" |
89711996 | 28 | |
6ad9af0b YW |
29 | #define EXIT_SKIP_REMAINING 77 |
30 | ||
89711996 ZJS |
31 | /* Put this test here for a lack of better place */ |
32 | assert_cc(EAGAIN == EWOULDBLOCK); | |
33 | ||
6b90b04d LP |
34 | static int do_spawn( |
35 | const char *path, | |
36 | char *argv[], | |
37 | int stdout_fd, | |
38 | bool set_systemd_exec_pid, | |
39 | pid_t *ret_pid) { | |
40 | ||
4c253ed1 | 41 | int r; |
cf55fc18 | 42 | |
6b90b04d LP |
43 | assert(path); |
44 | assert(ret_pid); | |
45 | ||
7d0c47da | 46 | if (null_or_empty_path(path) > 0) { |
f5dc74de | 47 | log_debug("%s is masked, skipping.", path); |
cf55fc18 ZJS |
48 | return 0; |
49 | } | |
50 | ||
6b90b04d LP |
51 | pid_t pid; |
52 | r = safe_fork_full( | |
f5dc74de | 53 | "(exec-inner)", |
6b90b04d LP |
54 | (const int[]) { STDIN_FILENO, stdout_fd < 0 ? STDOUT_FILENO : stdout_fd, STDERR_FILENO }, |
55 | /* except_fds= */ NULL, /* n_except_fds= */ 0, | |
a25acf70 | 56 | FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO|FORK_CLOSE_ALL_FDS, |
6b90b04d | 57 | &pid); |
4c253ed1 | 58 | if (r < 0) |
b6e1fff1 | 59 | return r; |
4c253ed1 | 60 | if (r == 0) { |
cf55fc18 ZJS |
61 | char *_argv[2]; |
62 | ||
43f565c6 YW |
63 | if (set_systemd_exec_pid) { |
64 | r = setenv_systemd_exec_pid(false); | |
65 | if (r < 0) | |
66 | log_warning_errno(r, "Failed to set $SYSTEMD_EXEC_PID, ignoring: %m"); | |
67 | } | |
68 | ||
cf55fc18 ZJS |
69 | if (!argv) { |
70 | _argv[0] = (char*) path; | |
71 | _argv[1] = NULL; | |
72 | argv = _argv; | |
73 | } else | |
74 | argv[0] = (char*) path; | |
75 | ||
76 | execv(path, argv); | |
77 | log_error_errno(errno, "Failed to execute %s: %m", path); | |
78 | _exit(EXIT_FAILURE); | |
79 | } | |
80 | ||
6b90b04d | 81 | *ret_pid = pid; |
cf55fc18 ZJS |
82 | return 1; |
83 | } | |
84 | ||
c6e47247 | 85 | static int do_execute( |
f5dc74de | 86 | char * const *paths, |
8521338f | 87 | const char *root, |
c6e47247 ZJS |
88 | usec_t timeout, |
89 | gather_stdout_callback_t const callbacks[_STDOUT_CONSUME_MAX], | |
f5dc74de | 90 | void * const callback_args[_STDOUT_CONSUME_MAX], |
c6e47247 | 91 | int output_fd, |
78ec1bb4 | 92 | char *argv[], |
4b05f0c9 MK |
93 | char *envp[], |
94 | ExecDirFlags flags) { | |
c6e47247 | 95 | |
60cc858e | 96 | _cleanup_hashmap_free_ Hashmap *pids = NULL; |
4b05f0c9 | 97 | bool parallel_execution; |
753e38d9 | 98 | int r; |
89711996 | 99 | |
f5dc74de MY |
100 | /* We fork this all off from a child process so that we can somewhat cleanly make use of SIGALRM |
101 | * to set a time limit. | |
c6e47247 | 102 | * |
f5dc74de MY |
103 | * We attempt to perform parallel execution if configured by the user, however if `callbacks` is nonnull, |
104 | * execution must be serial. | |
c6e47247 | 105 | */ |
f5dc74de MY |
106 | |
107 | assert(!strv_isempty(paths)); | |
108 | ||
4b05f0c9 | 109 | parallel_execution = FLAGS_SET(flags, EXEC_DIR_PARALLEL) && !callbacks; |
89711996 | 110 | |
5238e957 | 111 | /* Abort execution of this process after the timeout. We simply rely on SIGALRM as |
c6e47247 ZJS |
112 | * default action terminating the process, and turn on alarm(). */ |
113 | ||
114 | if (timeout != USEC_INFINITY) | |
be6b0c21 | 115 | alarm(DIV_ROUND_UP(timeout, USEC_PER_SEC)); |
89711996 | 116 | |
78ec1bb4 | 117 | STRV_FOREACH(e, envp) |
8f7329ac | 118 | if (putenv(*e) != 0) |
ed689f78 | 119 | return log_error_errno(errno, "Failed to set environment variable: %m"); |
78ec1bb4 | 120 | |
2e4cfe65 ZJS |
121 | STRV_FOREACH(path, paths) { |
122 | _cleanup_free_ char *t = NULL; | |
254d1313 | 123 | _cleanup_close_ int fd = -EBADF; |
2e4cfe65 | 124 | pid_t pid; |
89711996 | 125 | |
8521338f | 126 | t = path_join(root, *path); |
2e4cfe65 ZJS |
127 | if (!t) |
128 | return log_oom(); | |
89711996 | 129 | |
c6e47247 | 130 | if (callbacks) { |
03469b77 LP |
131 | _cleanup_free_ char *bn = NULL; |
132 | ||
133 | r = path_extract_filename(*path, &bn); | |
134 | if (r < 0) | |
135 | return log_error_errno(r, "Failed to extract filename from path '%s': %m", *path); | |
136 | ||
137 | fd = open_serialization_fd(bn); | |
c6e47247 ZJS |
138 | if (fd < 0) |
139 | return log_error_errno(fd, "Failed to open serialization file: %m"); | |
140 | } | |
141 | ||
9ec4f7c7 | 142 | if (DEBUG_LOGGING) { |
6bb9caa2 | 143 | _cleanup_free_ char *s = NULL; |
9ec4f7c7 | 144 | |
6bb9caa2 ZJS |
145 | char **args = strv_skip(argv, 1); |
146 | if (args) | |
147 | s = quote_command_line(args, SHELL_ESCAPE_EMPTY); | |
148 | ||
149 | log_debug("About to execute %s%s%s", t, args ? " " : "", args ? strnull(s) : ""); | |
9ec4f7c7 ZJS |
150 | } |
151 | ||
da32cac8 LN |
152 | if (FLAGS_SET(flags, EXEC_DIR_WARN_WORLD_WRITABLE)) { |
153 | struct stat st; | |
154 | ||
155 | r = stat(t, &st); | |
156 | if (r < 0) | |
157 | log_warning_errno(errno, "Failed to stat '%s', ignoring: %m", t); | |
158 | else if (S_ISREG(st.st_mode) && (st.st_mode & 0002)) | |
159 | log_warning("'%s' is marked world-writable, which is a security risk as it " | |
160 | "is executed with privileges. Please remove world writability " | |
161 | "permission bits. Proceeding anyway.", t); | |
162 | } | |
163 | ||
6b90b04d | 164 | r = do_spawn(t, argv, fd, FLAGS_SET(flags, EXEC_DIR_SET_SYSTEMD_EXEC_PID), &pid); |
2e4cfe65 ZJS |
165 | if (r <= 0) |
166 | continue; | |
89711996 | 167 | |
4b05f0c9 | 168 | if (parallel_execution) { |
60cc858e | 169 | r = hashmap_ensure_put(&pids, &trivial_hash_ops_value_free, PID_TO_PTR(pid), t); |
c6e47247 ZJS |
170 | if (r < 0) |
171 | return log_oom(); | |
172 | t = NULL; | |
173 | } else { | |
6ad9af0b YW |
174 | bool skip_remaining = false; |
175 | ||
176 | r = wait_for_terminate_and_check(t, pid, WAIT_LOG_ABNORMAL); | |
65cd9c72 YW |
177 | if (r < 0) |
178 | return r; | |
6ad9af0b YW |
179 | if (r > 0) { |
180 | if (FLAGS_SET(flags, EXEC_DIR_SKIP_REMAINING) && r == EXIT_SKIP_REMAINING) { | |
181 | log_info("%s succeeded with exit status %i, not executing remaining executables.", *path, r); | |
182 | skip_remaining = true; | |
183 | } else if (FLAGS_SET(flags, EXEC_DIR_IGNORE_ERRORS)) | |
184 | log_warning("%s failed with exit status %i, ignoring.", *path, r); | |
185 | else { | |
186 | log_error("%s failed with exit status %i.", *path, r); | |
187 | return r; | |
188 | } | |
189 | } | |
4b05f0c9 MK |
190 | |
191 | if (callbacks) { | |
5d1e57b8 LP |
192 | r = finish_serialization_fd(fd); |
193 | if (r < 0) | |
194 | return log_error_errno(r, "Failed to finish serialization fd: %m"); | |
4b05f0c9 | 195 | |
ced30d69 | 196 | r = callbacks[STDOUT_GENERATE](TAKE_FD(fd), callback_args[STDOUT_GENERATE]); |
4b05f0c9 MK |
197 | if (r < 0) |
198 | return log_error_errno(r, "Failed to process output from %s: %m", *path); | |
199 | } | |
6ad9af0b YW |
200 | |
201 | if (skip_remaining) | |
202 | break; | |
c6e47247 | 203 | } |
89711996 ZJS |
204 | } |
205 | ||
c6e47247 ZJS |
206 | if (callbacks) { |
207 | r = callbacks[STDOUT_COLLECT](output_fd, callback_args[STDOUT_COLLECT]); | |
208 | if (r < 0) | |
209 | return log_error_errno(r, "Callback two failed: %m"); | |
210 | } | |
89711996 ZJS |
211 | |
212 | while (!hashmap_isempty(pids)) { | |
2e4cfe65 | 213 | _cleanup_free_ char *t = NULL; |
89711996 | 214 | pid_t pid; |
f5dc74de | 215 | void *p; |
89711996 | 216 | |
f5dc74de MY |
217 | t = ASSERT_PTR(hashmap_steal_first_key_and_value(pids, &p)); |
218 | pid = PTR_TO_PID(p); | |
89711996 ZJS |
219 | assert(pid > 0); |
220 | ||
4b05f0c9 | 221 | r = wait_for_terminate_and_check(t, pid, WAIT_LOG); |
65cd9c72 YW |
222 | if (r < 0) |
223 | return r; | |
4b05f0c9 MK |
224 | if (!FLAGS_SET(flags, EXEC_DIR_IGNORE_ERRORS) && r > 0) |
225 | return r; | |
89711996 ZJS |
226 | } |
227 | ||
228 | return 0; | |
229 | } | |
230 | ||
f691157b YW |
231 | int execute_strv( |
232 | const char *name, | |
f5dc74de | 233 | char * const *paths, |
8521338f | 234 | const char *root, |
c6e47247 ZJS |
235 | usec_t timeout, |
236 | gather_stdout_callback_t const callbacks[_STDOUT_CONSUME_MAX], | |
f5dc74de | 237 | void * const callback_args[_STDOUT_CONSUME_MAX], |
78ec1bb4 | 238 | char *argv[], |
4b05f0c9 MK |
239 | char *envp[], |
240 | ExecDirFlags flags) { | |
c6e47247 | 241 | |
254d1313 | 242 | _cleanup_close_ int fd = -EBADF; |
4b05f0c9 | 243 | pid_t executor_pid; |
753e38d9 YW |
244 | int r; |
245 | ||
6ad9af0b YW |
246 | assert(!FLAGS_SET(flags, EXEC_DIR_PARALLEL | EXEC_DIR_SKIP_REMAINING)); |
247 | ||
f691157b | 248 | if (strv_isempty(paths)) |
753e38d9 | 249 | return 0; |
89711996 | 250 | |
c6e47247 | 251 | if (callbacks) { |
f691157b | 252 | assert(name); |
c6e47247 ZJS |
253 | assert(callbacks[STDOUT_GENERATE]); |
254 | assert(callbacks[STDOUT_COLLECT]); | |
255 | assert(callbacks[STDOUT_CONSUME]); | |
f5dc74de | 256 | assert(callback_args); |
c6e47247 ZJS |
257 | |
258 | fd = open_serialization_fd(name); | |
259 | if (fd < 0) | |
260 | return log_error_errno(fd, "Failed to open serialization file: %m"); | |
261 | } | |
262 | ||
263 | /* Executes all binaries in the directories serially or in parallel and waits for | |
264 | * them to finish. Optionally a timeout is applied. If a file with the same name | |
265 | * exists in more than one directory, the earliest one wins. */ | |
89711996 | 266 | |
0f926750 | 267 | r = safe_fork("(sd-exec-strv)", FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_LOG, &executor_pid); |
4c253ed1 | 268 | if (r < 0) |
b6e1fff1 | 269 | return r; |
4c253ed1 | 270 | if (r == 0) { |
8521338f | 271 | r = do_execute(paths, root, timeout, callbacks, callback_args, fd, argv, envp, flags); |
4b05f0c9 | 272 | _exit(r < 0 ? EXIT_FAILURE : r); |
89711996 ZJS |
273 | } |
274 | ||
0f926750 | 275 | r = wait_for_terminate_and_check("(sd-exec-strv)", executor_pid, 0); |
4b05f0c9 MK |
276 | if (r < 0) |
277 | return r; | |
278 | if (!FLAGS_SET(flags, EXEC_DIR_IGNORE_ERRORS) && r > 0) | |
279 | return r; | |
280 | ||
c6e47247 ZJS |
281 | if (!callbacks) |
282 | return 0; | |
283 | ||
5d1e57b8 LP |
284 | r = finish_serialization_fd(fd); |
285 | if (r < 0) | |
286 | return log_error_errno(r, "Failed to finish serialization fd: %m"); | |
c6e47247 | 287 | |
ced30d69 | 288 | r = callbacks[STDOUT_CONSUME](TAKE_FD(fd), callback_args[STDOUT_CONSUME]); |
c6e47247 ZJS |
289 | if (r < 0) |
290 | return log_error_errno(r, "Failed to parse returned data: %m"); | |
5d1e57b8 | 291 | |
c6e47247 | 292 | return 0; |
89711996 | 293 | } |
3303d1b2 | 294 | |
f691157b | 295 | int execute_directories( |
f5dc74de | 296 | const char * const *directories, |
f691157b YW |
297 | usec_t timeout, |
298 | gather_stdout_callback_t const callbacks[_STDOUT_CONSUME_MAX], | |
f5dc74de | 299 | void * const callback_args[_STDOUT_CONSUME_MAX], |
f691157b YW |
300 | char *argv[], |
301 | char *envp[], | |
302 | ExecDirFlags flags) { | |
303 | ||
304 | _cleanup_strv_free_ char **paths = NULL; | |
305 | _cleanup_free_ char *name = NULL; | |
306 | int r; | |
307 | ||
f5dc74de | 308 | assert(!strv_isempty((char* const*) directories)); |
f691157b | 309 | |
d65dc4c5 LP |
310 | r = conf_files_list_strv( |
311 | &paths, | |
312 | /* suffix= */ NULL, | |
313 | /* root= */ NULL, | |
314 | CONF_FILES_EXECUTABLE|CONF_FILES_REGULAR|CONF_FILES_FILTER_MASKED, | |
315 | directories); | |
f691157b YW |
316 | if (r < 0) |
317 | return log_error_errno(r, "Failed to enumerate executables: %m"); | |
318 | ||
319 | if (strv_isempty(paths)) { | |
320 | log_debug("No executables found."); | |
321 | return 0; | |
322 | } | |
323 | ||
324 | if (callbacks) { | |
325 | r = path_extract_filename(directories[0], &name); | |
326 | if (r < 0) | |
327 | return log_error_errno(r, "Failed to extract file name from '%s': %m", directories[0]); | |
328 | } | |
329 | ||
f5dc74de | 330 | return execute_strv(name, paths, /* root = */ NULL, timeout, callbacks, callback_args, argv, envp, flags); |
f691157b YW |
331 | } |
332 | ||
3303d1b2 | 333 | static int gather_environment_generate(int fd, void *arg) { |
99534007 | 334 | char ***env = ASSERT_PTR(arg); |
3303d1b2 | 335 | _cleanup_fclose_ FILE *f = NULL; |
3f199740 | 336 | _cleanup_strv_free_ char **new = NULL; |
3303d1b2 ZJS |
337 | int r; |
338 | ||
f5dc74de MY |
339 | /* Read a series of VAR=value assignments from fd, use them to update the list of variables in env. |
340 | * Also update the exported environment. | |
3303d1b2 ZJS |
341 | * |
342 | * fd is always consumed, even on error. | |
343 | */ | |
344 | ||
f5dc74de MY |
345 | assert(fd >= 0); |
346 | ||
3303d1b2 ZJS |
347 | f = fdopen(fd, "r"); |
348 | if (!f) { | |
349 | safe_close(fd); | |
350 | return -errno; | |
351 | } | |
352 | ||
aa8fbc74 | 353 | r = load_env_file_pairs(f, NULL, &new); |
3303d1b2 ZJS |
354 | if (r < 0) |
355 | return r; | |
356 | ||
357 | STRV_FOREACH_PAIR(x, y, new) { | |
184d1904 ZJS |
358 | if (!env_name_is_valid(*x)) { |
359 | log_warning("Invalid variable assignment \"%s=...\", ignoring.", *x); | |
360 | continue; | |
361 | } | |
362 | ||
b230baae | 363 | r = strv_env_assign(env, *x, *y); |
3303d1b2 ZJS |
364 | if (r < 0) |
365 | return r; | |
366 | ||
f5dc74de | 367 | if (setenv(*x, *y, /* overwrite = */ true) < 0) |
3303d1b2 ZJS |
368 | return -errno; |
369 | } | |
370 | ||
b230baae | 371 | return 0; |
3303d1b2 ZJS |
372 | } |
373 | ||
374 | static int gather_environment_collect(int fd, void *arg) { | |
99534007 | 375 | char ***env = ASSERT_PTR(arg); |
f5dc74de | 376 | _cleanup_fclose_ FILE *f = NULL; |
3303d1b2 ZJS |
377 | int r; |
378 | ||
379 | /* Write out a series of env=cescape(VAR=value) assignments to fd. */ | |
380 | ||
f5dc74de MY |
381 | assert(fd >= 0); |
382 | ||
3303d1b2 ZJS |
383 | f = fdopen(fd, "w"); |
384 | if (!f) { | |
385 | safe_close(fd); | |
386 | return -errno; | |
387 | } | |
388 | ||
d68c645b | 389 | r = serialize_strv(f, "env", *env); |
3303d1b2 ZJS |
390 | if (r < 0) |
391 | return r; | |
392 | ||
c93d527f LP |
393 | r = fflush_and_check(f); |
394 | if (r < 0) | |
395 | return r; | |
3303d1b2 ZJS |
396 | |
397 | return 0; | |
398 | } | |
399 | ||
400 | static int gather_environment_consume(int fd, void *arg) { | |
99534007 | 401 | char ***env = ASSERT_PTR(arg); |
f5dc74de MY |
402 | _cleanup_fclose_ FILE *f = NULL; |
403 | int r, ret = 0; | |
3303d1b2 ZJS |
404 | |
405 | /* Read a series of env=cescape(VAR=value) assignments from fd into env. */ | |
406 | ||
f5dc74de MY |
407 | assert(fd >= 0); |
408 | ||
e92aaed3 | 409 | f = fdopen(fd, "r"); |
3303d1b2 ZJS |
410 | if (!f) { |
411 | safe_close(fd); | |
412 | return -errno; | |
413 | } | |
414 | ||
d68c645b LP |
415 | for (;;) { |
416 | _cleanup_free_ char *line = NULL; | |
417 | const char *v; | |
3303d1b2 | 418 | |
f5dc74de MY |
419 | r = read_line(f, LONG_LINE_MAX, &line); |
420 | if (r < 0) | |
421 | return r; | |
422 | if (r == 0) | |
423 | return ret; | |
d68c645b LP |
424 | |
425 | v = startswith(line, "env="); | |
426 | if (!v) { | |
f5dc74de MY |
427 | RET_GATHER(ret, log_debug_errno(SYNTHETIC_ERRNO(EINVAL), |
428 | "Serialization line unexpectedly didn't start with \"env=\", ignoring: %s", | |
429 | line)); | |
d68c645b LP |
430 | continue; |
431 | } | |
432 | ||
f5dc74de MY |
433 | r = deserialize_environment(v, env); |
434 | if (r < 0) | |
435 | RET_GATHER(ret, log_debug_errno(r, "Failed to deserialize line \"%s\": %m", line)); | |
3303d1b2 | 436 | } |
3303d1b2 ZJS |
437 | } |
438 | ||
8e39ba3e MY |
439 | const gather_stdout_callback_t gather_environment[_STDOUT_CONSUME_MAX] = { |
440 | gather_environment_generate, | |
441 | gather_environment_collect, | |
442 | gather_environment_consume, | |
443 | }; | |
444 | ||
05c754bc MY |
445 | int exec_command_flags_from_strv(char * const *ex_opts, ExecCommandFlags *ret) { |
446 | ExecCommandFlags flags = 0; | |
b3d59367 | 447 | |
05c754bc | 448 | assert(ret); |
b3d59367 AZ |
449 | |
450 | STRV_FOREACH(opt, ex_opts) { | |
05c754bc MY |
451 | ExecCommandFlags fl = exec_command_flags_from_string(*opt); |
452 | if (fl < 0) | |
453 | return fl; | |
454 | ||
455 | flags |= fl; | |
b3d59367 AZ |
456 | } |
457 | ||
05c754bc | 458 | *ret = flags; |
b3d59367 AZ |
459 | |
460 | return 0; | |
461 | } | |
462 | ||
05c754bc MY |
463 | int exec_command_flags_to_strv(ExecCommandFlags flags, char ***ret) { |
464 | _cleanup_strv_free_ char **opts = NULL; | |
73ed4874 | 465 | int r; |
b3d59367 | 466 | |
05c754bc MY |
467 | assert(flags >= 0); |
468 | assert(ret); | |
9de42a6a | 469 | |
05c754bc MY |
470 | BIT_FOREACH(i, flags) { |
471 | const char *s = exec_command_flags_to_string(1 << i); | |
472 | if (!s) | |
473 | return -EINVAL; | |
b3d59367 | 474 | |
05c754bc MY |
475 | r = strv_extend(&opts, s); |
476 | if (r < 0) | |
477 | return r; | |
478 | } | |
b3d59367 | 479 | |
05c754bc | 480 | *ret = TAKE_PTR(opts); |
b3d59367 AZ |
481 | |
482 | return 0; | |
483 | } | |
484 | ||
b3d59367 AZ |
485 | static const char* const exec_command_strings[] = { |
486 | "ignore-failure", /* EXEC_COMMAND_IGNORE_FAILURE */ | |
487 | "privileged", /* EXEC_COMMAND_FULLY_PRIVILEGED */ | |
488 | "no-setuid", /* EXEC_COMMAND_NO_SETUID */ | |
b3d59367 | 489 | "no-env-expand", /* EXEC_COMMAND_NO_ENV_EXPAND */ |
5b8bcbcf | 490 | "via-shell", /* EXEC_COMMAND_VIA_SHELL */ |
b3d59367 AZ |
491 | }; |
492 | ||
00a415fc LP |
493 | assert_cc((1 << ELEMENTSOF(exec_command_strings)) - 1 == _EXEC_COMMAND_FLAGS_ALL); |
494 | ||
b3d59367 | 495 | const char* exec_command_flags_to_string(ExecCommandFlags i) { |
73ed4874 | 496 | for (size_t idx = 0; idx < ELEMENTSOF(exec_command_strings); idx++) |
b3d59367 AZ |
497 | if (i == (1 << idx)) |
498 | return exec_command_strings[idx]; | |
499 | ||
500 | return NULL; | |
501 | } | |
502 | ||
503 | ExecCommandFlags exec_command_flags_from_string(const char *s) { | |
504 | ssize_t idx; | |
505 | ||
00a415fc LP |
506 | if (streq(s, "ambient")) /* Compatibility with ambient hack, removed in v258, map to no bits set */ |
507 | return 0; | |
b3d59367 | 508 | |
c94f6ab1 | 509 | idx = string_table_lookup_from_string(exec_command_strings, ELEMENTSOF(exec_command_strings), s); |
b3d59367 AZ |
510 | if (idx < 0) |
511 | return _EXEC_COMMAND_FLAGS_INVALID; | |
00a415fc LP |
512 | |
513 | return 1 << idx; | |
b3d59367 | 514 | } |
a6d9111c ZJS |
515 | |
516 | int fexecve_or_execve(int executable_fd, const char *executable, char *const argv[], char *const envp[]) { | |
69339ae9 LP |
517 | /* Refuse invalid fds, regardless if fexecve() use is enabled or not */ |
518 | if (executable_fd < 0) | |
519 | return -EBADF; | |
520 | ||
521 | /* Block any attempts on exploiting Linux' liberal argv[] handling, i.e. CVE-2021-4034 and suchlike */ | |
522 | if (isempty(executable) || strv_isempty(argv)) | |
523 | return -EINVAL; | |
524 | ||
ceedbf81 | 525 | #if ENABLE_FEXECVE |
69339ae9 | 526 | |
8939eeae | 527 | execveat(executable_fd, "", argv, envp, AT_EMPTY_PATH); |
3f51bbff ZJS |
528 | |
529 | if (IN_SET(errno, ENOSYS, ENOENT) || ERRNO_IS_PRIVILEGE(errno)) | |
530 | /* Old kernel or a script or an overzealous seccomp filter? Let's fall back to execve(). | |
a6d9111c ZJS |
531 | * |
532 | * fexecve(3): "If fd refers to a script (i.e., it is an executable text file that names a | |
533 | * script interpreter with a first line that begins with the characters #!) and the | |
534 | * close-on-exec flag has been set for fd, then fexecve() fails with the error ENOENT. This | |
535 | * error occurs because, by the time the script interpreter is executed, fd has already been | |
536 | * closed because of the close-on-exec flag. Thus, the close-on-exec flag can't be set on fd | |
537 | * if it refers to a script." | |
538 | * | |
539 | * Unfortunately, if we unset close-on-exec, the script will be executed just fine, but (at | |
540 | * least in case of bash) the script name, $0, will be shown as /dev/fd/nnn, which breaks | |
541 | * scripts which make use of $0. Thus, let's fall back to execve() in this case. | |
542 | */ | |
ceedbf81 | 543 | #endif |
a6d9111c ZJS |
544 | execve(executable, argv, envp); |
545 | return -errno; | |
546 | } | |
3e24e8cd | 547 | |
fc3691a7 YW |
548 | int shall_fork_agent(void) { |
549 | int r; | |
550 | ||
551 | /* Check if we have a controlling terminal. If not (ENXIO here), we aren't actually invoked | |
552 | * interactively on a terminal, hence fail. */ | |
553 | r = get_ctty_devnr(0, NULL); | |
554 | if (r == -ENXIO) | |
555 | return false; | |
556 | if (r < 0) | |
557 | return r; | |
558 | ||
559 | if (!is_main_thread()) | |
560 | return -EPERM; | |
561 | ||
562 | return true; | |
563 | } | |
564 | ||
38c9ca53 | 565 | int _fork_agent(const char *name, char * const *argv, const int except[], size_t n_except, pid_t *ret_pid) { |
3e24e8cd ZJS |
566 | int r; |
567 | ||
38c9ca53 | 568 | assert(!strv_isempty(argv)); |
3e24e8cd ZJS |
569 | |
570 | /* Spawns a temporary TTY agent, making sure it goes away when we go away */ | |
571 | ||
572 | r = safe_fork_full(name, | |
911f8f01 | 573 | NULL, |
85f660d4 | 574 | (int*) except, /* safe_fork_full only changes except if you pass in FORK_PACK_FDS, which we don't */ |
3e24e8cd | 575 | n_except, |
e9ccae31 | 576 | FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_CLOSE_ALL_FDS|FORK_REOPEN_LOG|FORK_RLIMIT_NOFILE_SAFE, |
3e24e8cd ZJS |
577 | ret_pid); |
578 | if (r < 0) | |
579 | return r; | |
580 | if (r > 0) | |
581 | return 0; | |
582 | ||
583 | /* In the child: */ | |
584 | ||
0f81c840 YW |
585 | bool stdin_is_tty = isatty_safe(STDIN_FILENO), |
586 | stdout_is_tty = isatty_safe(STDOUT_FILENO), | |
587 | stderr_is_tty = isatty_safe(STDERR_FILENO); | |
3e24e8cd | 588 | |
0f81c840 | 589 | if (!stdin_is_tty || !stdout_is_tty || !stderr_is_tty) { |
3e24e8cd ZJS |
590 | int fd; |
591 | ||
0f81c840 YW |
592 | /* Detach from stdin/stdout/stderr and reopen /dev/tty for them. This is important to ensure |
593 | * that when systemctl is started via popen() or a similar call that expects to read EOF we | |
3e24e8cd ZJS |
594 | * actually do generate EOF and not delay this indefinitely by keeping an unused copy of |
595 | * stdin around. */ | |
f0ace165 | 596 | fd = open_terminal("/dev/tty", stdin_is_tty ? O_WRONLY : (stdout_is_tty && stderr_is_tty) ? O_RDONLY : O_RDWR); |
3e24e8cd | 597 | if (fd < 0) { |
42ba9974 | 598 | log_error_errno(fd, "Failed to open %s: %m", "/dev/tty"); |
90579fd0 YW |
599 | _exit(EXIT_FAILURE); |
600 | } | |
0f81c840 | 601 | |
90579fd0 YW |
602 | if (!stdin_is_tty && dup2(fd, STDIN_FILENO) < 0) { |
603 | log_error_errno(errno, "Failed to dup2 /dev/tty to STDIN: %m"); | |
604 | _exit(EXIT_FAILURE); | |
605 | } | |
3e24e8cd | 606 | |
90579fd0 YW |
607 | if (!stdout_is_tty && dup2(fd, STDOUT_FILENO) < 0) { |
608 | log_error_errno(errno, "Failed to dup2 /dev/tty to STDOUT: %m"); | |
609 | _exit(EXIT_FAILURE); | |
610 | } | |
3e24e8cd | 611 | |
90579fd0 YW |
612 | if (!stderr_is_tty && dup2(fd, STDERR_FILENO) < 0) { |
613 | log_error_errno(errno, "Failed to dup2 /dev/tty to STDERR: %m"); | |
614 | _exit(EXIT_FAILURE); | |
0bcf1679 | 615 | } |
90579fd0 YW |
616 | |
617 | fd = safe_close_above_stdio(fd); | |
3e24e8cd ZJS |
618 | } |
619 | ||
3e24e8cd | 620 | /* Count arguments */ |
38c9ca53 | 621 | execv(argv[0], argv); |
0d5ee894 LP |
622 | |
623 | /* Let's treat missing agent binary as a graceful issue (in order to support splitting out the Polkit | |
624 | * or password agents into separate, optional distro packages), and not complain loudly. */ | |
625 | log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, errno, | |
626 | "Failed to execute %s: %m", argv[0]); | |
3e24e8cd ZJS |
627 | _exit(EXIT_FAILURE); |
628 | } |