]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/shared/exec-util.c
ask-password-api: Add more debug logging
[thirdparty/systemd.git] / src / shared / exec-util.c
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
89711996 2
1cf40697 3#include <stdio.h>
69a283c5 4#include <stdlib.h>
89711996
ZJS
5#include <unistd.h>
6
7#include "alloc-util.h"
05c754bc 8#include "bitfield.h"
2e4cfe65 9#include "conf-files.h"
686d13b9 10#include "env-file.h"
c6e47247 11#include "env-util.h"
3f51bbff 12#include "errno-util.h"
9ec4f7c7 13#include "escape.h"
89711996 14#include "exec-util.h"
c6e47247
ZJS
15#include "fd-util.h"
16#include "fileio.h"
89711996 17#include "hashmap.h"
69a283c5 18#include "log.h"
03469b77 19#include "path-util.h"
89711996 20#include "process-util.h"
d68c645b 21#include "serialize.h"
89711996 22#include "stat-util.h"
b3d59367 23#include "string-table.h"
89711996
ZJS
24#include "string-util.h"
25#include "strv.h"
c6e47247 26#include "terminal-util.h"
69a283c5 27#include "time-util.h"
89711996 28
6ad9af0b
YW
29#define EXIT_SKIP_REMAINING 77
30
89711996
ZJS
31/* Put this test here for a lack of better place */
32assert_cc(EAGAIN == EWOULDBLOCK);
33
6b90b04d
LP
34static int do_spawn(
35 const char *path,
36 char *argv[],
37 int stdout_fd,
38 bool set_systemd_exec_pid,
39 pid_t *ret_pid) {
40
4c253ed1 41 int r;
cf55fc18 42
6b90b04d
LP
43 assert(path);
44 assert(ret_pid);
45
7d0c47da 46 if (null_or_empty_path(path) > 0) {
f5dc74de 47 log_debug("%s is masked, skipping.", path);
cf55fc18
ZJS
48 return 0;
49 }
50
6b90b04d
LP
51 pid_t pid;
52 r = safe_fork_full(
f5dc74de 53 "(exec-inner)",
6b90b04d
LP
54 (const int[]) { STDIN_FILENO, stdout_fd < 0 ? STDOUT_FILENO : stdout_fd, STDERR_FILENO },
55 /* except_fds= */ NULL, /* n_except_fds= */ 0,
a25acf70 56 FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO|FORK_CLOSE_ALL_FDS,
6b90b04d 57 &pid);
4c253ed1 58 if (r < 0)
b6e1fff1 59 return r;
4c253ed1 60 if (r == 0) {
cf55fc18
ZJS
61 char *_argv[2];
62
43f565c6
YW
63 if (set_systemd_exec_pid) {
64 r = setenv_systemd_exec_pid(false);
65 if (r < 0)
66 log_warning_errno(r, "Failed to set $SYSTEMD_EXEC_PID, ignoring: %m");
67 }
68
cf55fc18
ZJS
69 if (!argv) {
70 _argv[0] = (char*) path;
71 _argv[1] = NULL;
72 argv = _argv;
73 } else
74 argv[0] = (char*) path;
75
76 execv(path, argv);
77 log_error_errno(errno, "Failed to execute %s: %m", path);
78 _exit(EXIT_FAILURE);
79 }
80
6b90b04d 81 *ret_pid = pid;
cf55fc18
ZJS
82 return 1;
83}
84
c6e47247 85static int do_execute(
f5dc74de 86 char * const *paths,
8521338f 87 const char *root,
c6e47247
ZJS
88 usec_t timeout,
89 gather_stdout_callback_t const callbacks[_STDOUT_CONSUME_MAX],
f5dc74de 90 void * const callback_args[_STDOUT_CONSUME_MAX],
c6e47247 91 int output_fd,
78ec1bb4 92 char *argv[],
4b05f0c9
MK
93 char *envp[],
94 ExecDirFlags flags) {
c6e47247 95
60cc858e 96 _cleanup_hashmap_free_ Hashmap *pids = NULL;
4b05f0c9 97 bool parallel_execution;
753e38d9 98 int r;
89711996 99
f5dc74de
MY
100 /* We fork this all off from a child process so that we can somewhat cleanly make use of SIGALRM
101 * to set a time limit.
c6e47247 102 *
f5dc74de
MY
103 * We attempt to perform parallel execution if configured by the user, however if `callbacks` is nonnull,
104 * execution must be serial.
c6e47247 105 */
f5dc74de
MY
106
107 assert(!strv_isempty(paths));
108
4b05f0c9 109 parallel_execution = FLAGS_SET(flags, EXEC_DIR_PARALLEL) && !callbacks;
89711996 110
5238e957 111 /* Abort execution of this process after the timeout. We simply rely on SIGALRM as
c6e47247
ZJS
112 * default action terminating the process, and turn on alarm(). */
113
114 if (timeout != USEC_INFINITY)
be6b0c21 115 alarm(DIV_ROUND_UP(timeout, USEC_PER_SEC));
89711996 116
78ec1bb4 117 STRV_FOREACH(e, envp)
8f7329ac 118 if (putenv(*e) != 0)
ed689f78 119 return log_error_errno(errno, "Failed to set environment variable: %m");
78ec1bb4 120
2e4cfe65
ZJS
121 STRV_FOREACH(path, paths) {
122 _cleanup_free_ char *t = NULL;
254d1313 123 _cleanup_close_ int fd = -EBADF;
2e4cfe65 124 pid_t pid;
89711996 125
8521338f 126 t = path_join(root, *path);
2e4cfe65
ZJS
127 if (!t)
128 return log_oom();
89711996 129
c6e47247 130 if (callbacks) {
03469b77
LP
131 _cleanup_free_ char *bn = NULL;
132
133 r = path_extract_filename(*path, &bn);
134 if (r < 0)
135 return log_error_errno(r, "Failed to extract filename from path '%s': %m", *path);
136
137 fd = open_serialization_fd(bn);
c6e47247
ZJS
138 if (fd < 0)
139 return log_error_errno(fd, "Failed to open serialization file: %m");
140 }
141
9ec4f7c7 142 if (DEBUG_LOGGING) {
6bb9caa2 143 _cleanup_free_ char *s = NULL;
9ec4f7c7 144
6bb9caa2
ZJS
145 char **args = strv_skip(argv, 1);
146 if (args)
147 s = quote_command_line(args, SHELL_ESCAPE_EMPTY);
148
149 log_debug("About to execute %s%s%s", t, args ? " " : "", args ? strnull(s) : "");
9ec4f7c7
ZJS
150 }
151
da32cac8
LN
152 if (FLAGS_SET(flags, EXEC_DIR_WARN_WORLD_WRITABLE)) {
153 struct stat st;
154
155 r = stat(t, &st);
156 if (r < 0)
157 log_warning_errno(errno, "Failed to stat '%s', ignoring: %m", t);
158 else if (S_ISREG(st.st_mode) && (st.st_mode & 0002))
159 log_warning("'%s' is marked world-writable, which is a security risk as it "
160 "is executed with privileges. Please remove world writability "
161 "permission bits. Proceeding anyway.", t);
162 }
163
6b90b04d 164 r = do_spawn(t, argv, fd, FLAGS_SET(flags, EXEC_DIR_SET_SYSTEMD_EXEC_PID), &pid);
2e4cfe65
ZJS
165 if (r <= 0)
166 continue;
89711996 167
4b05f0c9 168 if (parallel_execution) {
60cc858e 169 r = hashmap_ensure_put(&pids, &trivial_hash_ops_value_free, PID_TO_PTR(pid), t);
c6e47247
ZJS
170 if (r < 0)
171 return log_oom();
172 t = NULL;
173 } else {
6ad9af0b
YW
174 bool skip_remaining = false;
175
176 r = wait_for_terminate_and_check(t, pid, WAIT_LOG_ABNORMAL);
65cd9c72
YW
177 if (r < 0)
178 return r;
6ad9af0b
YW
179 if (r > 0) {
180 if (FLAGS_SET(flags, EXEC_DIR_SKIP_REMAINING) && r == EXIT_SKIP_REMAINING) {
181 log_info("%s succeeded with exit status %i, not executing remaining executables.", *path, r);
182 skip_remaining = true;
183 } else if (FLAGS_SET(flags, EXEC_DIR_IGNORE_ERRORS))
184 log_warning("%s failed with exit status %i, ignoring.", *path, r);
185 else {
186 log_error("%s failed with exit status %i.", *path, r);
187 return r;
188 }
189 }
4b05f0c9
MK
190
191 if (callbacks) {
5d1e57b8
LP
192 r = finish_serialization_fd(fd);
193 if (r < 0)
194 return log_error_errno(r, "Failed to finish serialization fd: %m");
4b05f0c9 195
ced30d69 196 r = callbacks[STDOUT_GENERATE](TAKE_FD(fd), callback_args[STDOUT_GENERATE]);
4b05f0c9
MK
197 if (r < 0)
198 return log_error_errno(r, "Failed to process output from %s: %m", *path);
199 }
6ad9af0b
YW
200
201 if (skip_remaining)
202 break;
c6e47247 203 }
89711996
ZJS
204 }
205
c6e47247
ZJS
206 if (callbacks) {
207 r = callbacks[STDOUT_COLLECT](output_fd, callback_args[STDOUT_COLLECT]);
208 if (r < 0)
209 return log_error_errno(r, "Callback two failed: %m");
210 }
89711996
ZJS
211
212 while (!hashmap_isempty(pids)) {
2e4cfe65 213 _cleanup_free_ char *t = NULL;
89711996 214 pid_t pid;
f5dc74de 215 void *p;
89711996 216
f5dc74de
MY
217 t = ASSERT_PTR(hashmap_steal_first_key_and_value(pids, &p));
218 pid = PTR_TO_PID(p);
89711996
ZJS
219 assert(pid > 0);
220
4b05f0c9 221 r = wait_for_terminate_and_check(t, pid, WAIT_LOG);
65cd9c72
YW
222 if (r < 0)
223 return r;
4b05f0c9
MK
224 if (!FLAGS_SET(flags, EXEC_DIR_IGNORE_ERRORS) && r > 0)
225 return r;
89711996
ZJS
226 }
227
228 return 0;
229}
230
f691157b
YW
231int execute_strv(
232 const char *name,
f5dc74de 233 char * const *paths,
8521338f 234 const char *root,
c6e47247
ZJS
235 usec_t timeout,
236 gather_stdout_callback_t const callbacks[_STDOUT_CONSUME_MAX],
f5dc74de 237 void * const callback_args[_STDOUT_CONSUME_MAX],
78ec1bb4 238 char *argv[],
4b05f0c9
MK
239 char *envp[],
240 ExecDirFlags flags) {
c6e47247 241
254d1313 242 _cleanup_close_ int fd = -EBADF;
4b05f0c9 243 pid_t executor_pid;
753e38d9
YW
244 int r;
245
6ad9af0b
YW
246 assert(!FLAGS_SET(flags, EXEC_DIR_PARALLEL | EXEC_DIR_SKIP_REMAINING));
247
f691157b 248 if (strv_isempty(paths))
753e38d9 249 return 0;
89711996 250
c6e47247 251 if (callbacks) {
f691157b 252 assert(name);
c6e47247
ZJS
253 assert(callbacks[STDOUT_GENERATE]);
254 assert(callbacks[STDOUT_COLLECT]);
255 assert(callbacks[STDOUT_CONSUME]);
f5dc74de 256 assert(callback_args);
c6e47247
ZJS
257
258 fd = open_serialization_fd(name);
259 if (fd < 0)
260 return log_error_errno(fd, "Failed to open serialization file: %m");
261 }
262
263 /* Executes all binaries in the directories serially or in parallel and waits for
264 * them to finish. Optionally a timeout is applied. If a file with the same name
265 * exists in more than one directory, the earliest one wins. */
89711996 266
0f926750 267 r = safe_fork("(sd-exec-strv)", FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_LOG, &executor_pid);
4c253ed1 268 if (r < 0)
b6e1fff1 269 return r;
4c253ed1 270 if (r == 0) {
8521338f 271 r = do_execute(paths, root, timeout, callbacks, callback_args, fd, argv, envp, flags);
4b05f0c9 272 _exit(r < 0 ? EXIT_FAILURE : r);
89711996
ZJS
273 }
274
0f926750 275 r = wait_for_terminate_and_check("(sd-exec-strv)", executor_pid, 0);
4b05f0c9
MK
276 if (r < 0)
277 return r;
278 if (!FLAGS_SET(flags, EXEC_DIR_IGNORE_ERRORS) && r > 0)
279 return r;
280
c6e47247
ZJS
281 if (!callbacks)
282 return 0;
283
5d1e57b8
LP
284 r = finish_serialization_fd(fd);
285 if (r < 0)
286 return log_error_errno(r, "Failed to finish serialization fd: %m");
c6e47247 287
ced30d69 288 r = callbacks[STDOUT_CONSUME](TAKE_FD(fd), callback_args[STDOUT_CONSUME]);
c6e47247
ZJS
289 if (r < 0)
290 return log_error_errno(r, "Failed to parse returned data: %m");
5d1e57b8 291
c6e47247 292 return 0;
89711996 293}
3303d1b2 294
f691157b 295int execute_directories(
f5dc74de 296 const char * const *directories,
f691157b
YW
297 usec_t timeout,
298 gather_stdout_callback_t const callbacks[_STDOUT_CONSUME_MAX],
f5dc74de 299 void * const callback_args[_STDOUT_CONSUME_MAX],
f691157b
YW
300 char *argv[],
301 char *envp[],
302 ExecDirFlags flags) {
303
304 _cleanup_strv_free_ char **paths = NULL;
305 _cleanup_free_ char *name = NULL;
306 int r;
307
f5dc74de 308 assert(!strv_isempty((char* const*) directories));
f691157b 309
d65dc4c5
LP
310 r = conf_files_list_strv(
311 &paths,
312 /* suffix= */ NULL,
313 /* root= */ NULL,
314 CONF_FILES_EXECUTABLE|CONF_FILES_REGULAR|CONF_FILES_FILTER_MASKED,
315 directories);
f691157b
YW
316 if (r < 0)
317 return log_error_errno(r, "Failed to enumerate executables: %m");
318
319 if (strv_isempty(paths)) {
320 log_debug("No executables found.");
321 return 0;
322 }
323
324 if (callbacks) {
325 r = path_extract_filename(directories[0], &name);
326 if (r < 0)
327 return log_error_errno(r, "Failed to extract file name from '%s': %m", directories[0]);
328 }
329
f5dc74de 330 return execute_strv(name, paths, /* root = */ NULL, timeout, callbacks, callback_args, argv, envp, flags);
f691157b
YW
331}
332
3303d1b2 333static int gather_environment_generate(int fd, void *arg) {
99534007 334 char ***env = ASSERT_PTR(arg);
3303d1b2 335 _cleanup_fclose_ FILE *f = NULL;
3f199740 336 _cleanup_strv_free_ char **new = NULL;
3303d1b2
ZJS
337 int r;
338
f5dc74de
MY
339 /* Read a series of VAR=value assignments from fd, use them to update the list of variables in env.
340 * Also update the exported environment.
3303d1b2
ZJS
341 *
342 * fd is always consumed, even on error.
343 */
344
f5dc74de
MY
345 assert(fd >= 0);
346
3303d1b2
ZJS
347 f = fdopen(fd, "r");
348 if (!f) {
349 safe_close(fd);
350 return -errno;
351 }
352
aa8fbc74 353 r = load_env_file_pairs(f, NULL, &new);
3303d1b2
ZJS
354 if (r < 0)
355 return r;
356
357 STRV_FOREACH_PAIR(x, y, new) {
184d1904
ZJS
358 if (!env_name_is_valid(*x)) {
359 log_warning("Invalid variable assignment \"%s=...\", ignoring.", *x);
360 continue;
361 }
362
b230baae 363 r = strv_env_assign(env, *x, *y);
3303d1b2
ZJS
364 if (r < 0)
365 return r;
366
f5dc74de 367 if (setenv(*x, *y, /* overwrite = */ true) < 0)
3303d1b2
ZJS
368 return -errno;
369 }
370
b230baae 371 return 0;
3303d1b2
ZJS
372}
373
374static int gather_environment_collect(int fd, void *arg) {
99534007 375 char ***env = ASSERT_PTR(arg);
f5dc74de 376 _cleanup_fclose_ FILE *f = NULL;
3303d1b2
ZJS
377 int r;
378
379 /* Write out a series of env=cescape(VAR=value) assignments to fd. */
380
f5dc74de
MY
381 assert(fd >= 0);
382
3303d1b2
ZJS
383 f = fdopen(fd, "w");
384 if (!f) {
385 safe_close(fd);
386 return -errno;
387 }
388
d68c645b 389 r = serialize_strv(f, "env", *env);
3303d1b2
ZJS
390 if (r < 0)
391 return r;
392
c93d527f
LP
393 r = fflush_and_check(f);
394 if (r < 0)
395 return r;
3303d1b2
ZJS
396
397 return 0;
398}
399
400static int gather_environment_consume(int fd, void *arg) {
99534007 401 char ***env = ASSERT_PTR(arg);
f5dc74de
MY
402 _cleanup_fclose_ FILE *f = NULL;
403 int r, ret = 0;
3303d1b2
ZJS
404
405 /* Read a series of env=cescape(VAR=value) assignments from fd into env. */
406
f5dc74de
MY
407 assert(fd >= 0);
408
e92aaed3 409 f = fdopen(fd, "r");
3303d1b2
ZJS
410 if (!f) {
411 safe_close(fd);
412 return -errno;
413 }
414
d68c645b
LP
415 for (;;) {
416 _cleanup_free_ char *line = NULL;
417 const char *v;
3303d1b2 418
f5dc74de
MY
419 r = read_line(f, LONG_LINE_MAX, &line);
420 if (r < 0)
421 return r;
422 if (r == 0)
423 return ret;
d68c645b
LP
424
425 v = startswith(line, "env=");
426 if (!v) {
f5dc74de
MY
427 RET_GATHER(ret, log_debug_errno(SYNTHETIC_ERRNO(EINVAL),
428 "Serialization line unexpectedly didn't start with \"env=\", ignoring: %s",
429 line));
d68c645b
LP
430 continue;
431 }
432
f5dc74de
MY
433 r = deserialize_environment(v, env);
434 if (r < 0)
435 RET_GATHER(ret, log_debug_errno(r, "Failed to deserialize line \"%s\": %m", line));
3303d1b2 436 }
3303d1b2
ZJS
437}
438
8e39ba3e
MY
439const gather_stdout_callback_t gather_environment[_STDOUT_CONSUME_MAX] = {
440 gather_environment_generate,
441 gather_environment_collect,
442 gather_environment_consume,
443};
444
05c754bc
MY
445int exec_command_flags_from_strv(char * const *ex_opts, ExecCommandFlags *ret) {
446 ExecCommandFlags flags = 0;
b3d59367 447
05c754bc 448 assert(ret);
b3d59367
AZ
449
450 STRV_FOREACH(opt, ex_opts) {
05c754bc
MY
451 ExecCommandFlags fl = exec_command_flags_from_string(*opt);
452 if (fl < 0)
453 return fl;
454
455 flags |= fl;
b3d59367
AZ
456 }
457
05c754bc 458 *ret = flags;
b3d59367
AZ
459
460 return 0;
461}
462
05c754bc
MY
463int exec_command_flags_to_strv(ExecCommandFlags flags, char ***ret) {
464 _cleanup_strv_free_ char **opts = NULL;
73ed4874 465 int r;
b3d59367 466
05c754bc
MY
467 assert(flags >= 0);
468 assert(ret);
9de42a6a 469
05c754bc
MY
470 BIT_FOREACH(i, flags) {
471 const char *s = exec_command_flags_to_string(1 << i);
472 if (!s)
473 return -EINVAL;
b3d59367 474
05c754bc
MY
475 r = strv_extend(&opts, s);
476 if (r < 0)
477 return r;
478 }
b3d59367 479
05c754bc 480 *ret = TAKE_PTR(opts);
b3d59367
AZ
481
482 return 0;
483}
484
b3d59367
AZ
485static const char* const exec_command_strings[] = {
486 "ignore-failure", /* EXEC_COMMAND_IGNORE_FAILURE */
487 "privileged", /* EXEC_COMMAND_FULLY_PRIVILEGED */
488 "no-setuid", /* EXEC_COMMAND_NO_SETUID */
b3d59367 489 "no-env-expand", /* EXEC_COMMAND_NO_ENV_EXPAND */
5b8bcbcf 490 "via-shell", /* EXEC_COMMAND_VIA_SHELL */
b3d59367
AZ
491};
492
00a415fc
LP
493assert_cc((1 << ELEMENTSOF(exec_command_strings)) - 1 == _EXEC_COMMAND_FLAGS_ALL);
494
b3d59367 495const char* exec_command_flags_to_string(ExecCommandFlags i) {
73ed4874 496 for (size_t idx = 0; idx < ELEMENTSOF(exec_command_strings); idx++)
b3d59367
AZ
497 if (i == (1 << idx))
498 return exec_command_strings[idx];
499
500 return NULL;
501}
502
503ExecCommandFlags exec_command_flags_from_string(const char *s) {
504 ssize_t idx;
505
00a415fc
LP
506 if (streq(s, "ambient")) /* Compatibility with ambient hack, removed in v258, map to no bits set */
507 return 0;
b3d59367 508
c94f6ab1 509 idx = string_table_lookup_from_string(exec_command_strings, ELEMENTSOF(exec_command_strings), s);
b3d59367
AZ
510 if (idx < 0)
511 return _EXEC_COMMAND_FLAGS_INVALID;
00a415fc
LP
512
513 return 1 << idx;
b3d59367 514}
a6d9111c
ZJS
515
516int fexecve_or_execve(int executable_fd, const char *executable, char *const argv[], char *const envp[]) {
69339ae9
LP
517 /* Refuse invalid fds, regardless if fexecve() use is enabled or not */
518 if (executable_fd < 0)
519 return -EBADF;
520
521 /* Block any attempts on exploiting Linux' liberal argv[] handling, i.e. CVE-2021-4034 and suchlike */
522 if (isempty(executable) || strv_isempty(argv))
523 return -EINVAL;
524
ceedbf81 525#if ENABLE_FEXECVE
69339ae9 526
8939eeae 527 execveat(executable_fd, "", argv, envp, AT_EMPTY_PATH);
3f51bbff
ZJS
528
529 if (IN_SET(errno, ENOSYS, ENOENT) || ERRNO_IS_PRIVILEGE(errno))
530 /* Old kernel or a script or an overzealous seccomp filter? Let's fall back to execve().
a6d9111c
ZJS
531 *
532 * fexecve(3): "If fd refers to a script (i.e., it is an executable text file that names a
533 * script interpreter with a first line that begins with the characters #!) and the
534 * close-on-exec flag has been set for fd, then fexecve() fails with the error ENOENT. This
535 * error occurs because, by the time the script interpreter is executed, fd has already been
536 * closed because of the close-on-exec flag. Thus, the close-on-exec flag can't be set on fd
537 * if it refers to a script."
538 *
539 * Unfortunately, if we unset close-on-exec, the script will be executed just fine, but (at
540 * least in case of bash) the script name, $0, will be shown as /dev/fd/nnn, which breaks
541 * scripts which make use of $0. Thus, let's fall back to execve() in this case.
542 */
ceedbf81 543#endif
a6d9111c
ZJS
544 execve(executable, argv, envp);
545 return -errno;
546}
3e24e8cd 547
fc3691a7
YW
548int shall_fork_agent(void) {
549 int r;
550
551 /* Check if we have a controlling terminal. If not (ENXIO here), we aren't actually invoked
552 * interactively on a terminal, hence fail. */
553 r = get_ctty_devnr(0, NULL);
554 if (r == -ENXIO)
555 return false;
556 if (r < 0)
557 return r;
558
559 if (!is_main_thread())
560 return -EPERM;
561
562 return true;
563}
564
38c9ca53 565int _fork_agent(const char *name, char * const *argv, const int except[], size_t n_except, pid_t *ret_pid) {
3e24e8cd
ZJS
566 int r;
567
38c9ca53 568 assert(!strv_isempty(argv));
3e24e8cd
ZJS
569
570 /* Spawns a temporary TTY agent, making sure it goes away when we go away */
571
572 r = safe_fork_full(name,
911f8f01 573 NULL,
85f660d4 574 (int*) except, /* safe_fork_full only changes except if you pass in FORK_PACK_FDS, which we don't */
3e24e8cd 575 n_except,
e9ccae31 576 FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_CLOSE_ALL_FDS|FORK_REOPEN_LOG|FORK_RLIMIT_NOFILE_SAFE,
3e24e8cd
ZJS
577 ret_pid);
578 if (r < 0)
579 return r;
580 if (r > 0)
581 return 0;
582
583 /* In the child: */
584
0f81c840
YW
585 bool stdin_is_tty = isatty_safe(STDIN_FILENO),
586 stdout_is_tty = isatty_safe(STDOUT_FILENO),
587 stderr_is_tty = isatty_safe(STDERR_FILENO);
3e24e8cd 588
0f81c840 589 if (!stdin_is_tty || !stdout_is_tty || !stderr_is_tty) {
3e24e8cd
ZJS
590 int fd;
591
0f81c840
YW
592 /* Detach from stdin/stdout/stderr and reopen /dev/tty for them. This is important to ensure
593 * that when systemctl is started via popen() or a similar call that expects to read EOF we
3e24e8cd
ZJS
594 * actually do generate EOF and not delay this indefinitely by keeping an unused copy of
595 * stdin around. */
f0ace165 596 fd = open_terminal("/dev/tty", stdin_is_tty ? O_WRONLY : (stdout_is_tty && stderr_is_tty) ? O_RDONLY : O_RDWR);
3e24e8cd 597 if (fd < 0) {
42ba9974 598 log_error_errno(fd, "Failed to open %s: %m", "/dev/tty");
90579fd0
YW
599 _exit(EXIT_FAILURE);
600 }
0f81c840 601
90579fd0
YW
602 if (!stdin_is_tty && dup2(fd, STDIN_FILENO) < 0) {
603 log_error_errno(errno, "Failed to dup2 /dev/tty to STDIN: %m");
604 _exit(EXIT_FAILURE);
605 }
3e24e8cd 606
90579fd0
YW
607 if (!stdout_is_tty && dup2(fd, STDOUT_FILENO) < 0) {
608 log_error_errno(errno, "Failed to dup2 /dev/tty to STDOUT: %m");
609 _exit(EXIT_FAILURE);
610 }
3e24e8cd 611
90579fd0
YW
612 if (!stderr_is_tty && dup2(fd, STDERR_FILENO) < 0) {
613 log_error_errno(errno, "Failed to dup2 /dev/tty to STDERR: %m");
614 _exit(EXIT_FAILURE);
0bcf1679 615 }
90579fd0
YW
616
617 fd = safe_close_above_stdio(fd);
3e24e8cd
ZJS
618 }
619
3e24e8cd 620 /* Count arguments */
38c9ca53 621 execv(argv[0], argv);
0d5ee894
LP
622
623 /* Let's treat missing agent binary as a graceful issue (in order to support splitting out the Polkit
624 * or password agents into separate, optional distro packages), and not complain loudly. */
625 log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, errno,
626 "Failed to execute %s: %m", argv[0]);
3e24e8cd
ZJS
627 _exit(EXIT_FAILURE);
628}