]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/shared/pager.c
projects / thirdparty / systemd.git / blob
? search:


3797adbb7cc3e17088647cb3509b97ce57ee2ffc
[thirdparty/systemd.git] / src / shared / pager.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <stdio.h>
4 #include <stdlib.h>
5 #include <unistd.h>
6
7 #include "sd-login.h"
8
9 #include "copy.h"
10 #include "env-util.h"
11 #include "fd-util.h"
12 #include "fileio.h"
13 #include "io-util.h"
14 #include "locale-util.h"
15 #include "log.h"
16 #include "pager.h"
17 #include "process-util.h"
18 #include "signal-util.h"
19 #include "string-util.h"
20 #include "strv.h"
21 #include "terminal-util.h"
22
23 static pid_t pager_pid = 0;
24
25 static int stored_stdout = -1;
26 static int stored_stderr = -1;
27 static bool stdout_redirected = false;
28 static bool stderr_redirected = false;
29
30 _noreturn_ static void pager_fallback(void) {
31 int r;
32
33 r = copy_bytes(STDIN_FILENO, STDOUT_FILENO, UINT64_MAX, 0);
34 if (r < 0) {
35 log_error_errno(r, "Internal pager failed: %m");
36 _exit(EXIT_FAILURE);
37 }
38
39 _exit(EXIT_SUCCESS);
40 }
41
42 static int no_quit_on_interrupt(int exe_name_fd, const char *less_opts) {
43 _cleanup_fclose_ FILE *file = NULL;
44 _cleanup_free_ char *line = NULL;
45 int r;
46
47 assert(exe_name_fd >= 0);
48 assert(less_opts);
49
50 /* This takes ownership of exe_name_fd */
51 file = fdopen(exe_name_fd, "r");
52 if (!file) {
53 safe_close(exe_name_fd);
54 return log_error_errno(errno, "Failed to create FILE object: %m");
55 }
56
57 /* Find the last line */
58 for (;;) {
59 _cleanup_free_ char *t = NULL;
60
61 r = read_line(file, LONG_LINE_MAX, &t);
62 if (r < 0)
63 return log_error_errno(r, "Failed to read from socket: %m");
64 if (r == 0)
65 break;
66
67 free_and_replace(line, t);
68 }
69
70 /* We only treat "less" specially.
71 * Return true whenever option K is *not* set. */
72 r = streq_ptr(line, "less") && !strchr(less_opts, 'K');
73
74 log_debug("Pager executable is \"%s\", options \"%s\", quit_on_interrupt: %s",
75 strnull(line), less_opts, yes_no(!r));
76 return r;
77 }
78
79 static bool running_with_escalated_privileges(void) {
80 int r;
81
82 if (getenv("SUDO_UID"))
83 return true;
84
85 uid_t uid;
86 r = sd_pid_get_owner_uid(0, &uid);
87 if (r < 0) {
88 log_debug_errno(r, "sd_pid_get_owner_uid() failed, enabling pager secure mode: %m");
89 return true;
90 }
91
92 return uid != geteuid();
93 }
94
95 void pager_open(PagerFlags flags) {
96 _cleanup_close_pair_ int fd[2] = EBADF_PAIR, exe_name_pipe[2] = EBADF_PAIR;
97 _cleanup_strv_free_ char **pager_args = NULL;
98 _cleanup_free_ char *l = NULL;
99 const char *pager, *less_opts;
100 int r;
101
102 if (flags & PAGER_DISABLE)
103 return;
104
105 if (pager_pid > 0)
106 return;
107
108 if (terminal_is_dumb())
109 return;
110
111 if (!is_main_thread())
112 return (void) log_error_errno(SYNTHETIC_ERRNO(EPERM), "Pager invoked from wrong thread.");
113
114 pager = getenv("SYSTEMD_PAGER");
115 if (!pager)
116 pager = getenv("PAGER");
117
118 if (pager) {
119 pager_args = strv_split(pager, WHITESPACE);
120 if (!pager_args)
121 return (void) log_oom();
122
123 /* If the pager is explicitly turned off, honour it */
124 if (strv_isempty(pager_args) || strv_equal(pager_args, STRV_MAKE("cat")))
125 return;
126 }
127
128 /* Determine and cache number of columns/lines before we spawn the pager so that we get the value from the
129 * actual tty */
130 (void) columns();
131 (void) lines();
132
133 if (pipe2(fd, O_CLOEXEC) < 0)
134 return (void) log_error_errno(errno, "Failed to create pager pipe: %m");
135
136 /* This is a pipe to feed the name of the executed pager binary into the parent */
137 if (pipe2(exe_name_pipe, O_CLOEXEC) < 0)
138 return (void) log_error_errno(errno, "Failed to create exe_name pipe: %m");
139
140 /* Initialize a good set of less options */
141 less_opts = getenv("SYSTEMD_LESS");
142 if (!less_opts)
143 less_opts = "FRSXMK";
144 if (flags & PAGER_JUMP_TO_END) {
145 l = strjoin(less_opts, " +G");
146 if (!l)
147 return (void) log_oom();
148 less_opts = l;
149 }
150
151 /* We set SIGINT as PR_DEATHSIG signal here, to match the "K" parameter we set in $LESS, which enables SIGINT behaviour. */
152 r = safe_fork("(pager)", FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGINT|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pager_pid);
153 if (r < 0)
154 return;
155 if (r == 0) {
156 const char *less_charset;
157
158 /* In the child start the pager */
159
160 if (dup2(fd[0], STDIN_FILENO) < 0) {
161 log_error_errno(errno, "Failed to duplicate file descriptor to STDIN: %m");
162 _exit(EXIT_FAILURE);
163 }
164
165 safe_close_pair(fd);
166
167 if (setenv("LESS", less_opts, 1) < 0) {
168 log_error_errno(errno, "Failed to set environment variable LESS: %m");
169 _exit(EXIT_FAILURE);
170 }
171
172 /* Initialize a good charset for less. This is particularly important if we output UTF-8
173 * characters. */
174 less_charset = getenv("SYSTEMD_LESSCHARSET");
175 if (!less_charset && is_locale_utf8())
176 less_charset = "utf-8";
177 if (less_charset &&
178 setenv("LESSCHARSET", less_charset, 1) < 0) {
179 log_error_errno(errno, "Failed to set environment variable LESSCHARSET: %m");
180 _exit(EXIT_FAILURE);
181 }
182
183 /* People might invoke us from sudo, don't needlessly allow less to be a way to shell out
184 * privileged stuff. If the user set $SYSTEMD_PAGERSECURE, trust their configuration of the
185 * pager. If they didn't, use secure mode when under euid is changed. If $SYSTEMD_PAGERSECURE
186 * wasn't explicitly set, and we autodetect the need for secure mode, only use the pager we
187 * know to be good. */
188 int use_secure_mode = secure_getenv_bool("SYSTEMD_PAGERSECURE");
189 bool trust_pager = use_secure_mode >= 0;
190 if (use_secure_mode == -ENXIO)
191 use_secure_mode = running_with_escalated_privileges();
192 else if (use_secure_mode < 0) {
193 log_warning_errno(use_secure_mode, "Unable to parse $SYSTEMD_PAGERSECURE, assuming true: %m");
194 use_secure_mode = true;
195 }
196
197 /* We generally always set variables used by less, even if we end up using a different pager.
198 * They shouldn't hurt in any case, and ideally other pagers would look at them too. */
199 r = set_unset_env("LESSSECURE", use_secure_mode ? "1" : NULL, true);
200 if (r < 0) {
201 log_error_errno(r, "Failed to adjust environment variable LESSSECURE: %m");
202 _exit(EXIT_FAILURE);
203 }
204
205 if (trust_pager && pager_args) { /* The pager config might be set globally, and we cannot
206 * know if the user adjusted it to be appropriate for the
207 * secure mode. Thus, start the pager specified through
208 * envvars only when $SYSTEMD_PAGERSECURE was explicitly set
209 * as well. */
210 r = loop_write(exe_name_pipe[1], pager_args[0], strlen(pager_args[0]) + 1);
211 if (r < 0) {
212 log_error_errno(r, "Failed to write pager name to socket: %m");
213 _exit(EXIT_FAILURE);
214 }
215
216 execvp(pager_args[0], pager_args);
217 log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_WARNING, errno,
218 "Failed to execute '%s', using fallback pagers: %m", pager_args[0]);
219 }
220
221 /* Debian's alternatives command for pagers is called 'pager'. Note that we do not call
222 * sensible-pagers here, since that is just a shell script that implements a logic that is
223 * similar to this one anyway, but is Debian-specific. */
224 static const char* pagers[] = { "pager", "less", "more", "(built-in)" };
225
226 for (unsigned i = 0; i < ELEMENTSOF(pagers); i++) {
227 /* Only less (and our trivial fallback) implement secure mode right now. */
228 if (use_secure_mode && !STR_IN_SET(pagers[i], "less", "(built-in)"))
229 continue;
230
231 r = loop_write(exe_name_pipe[1], pagers[i], strlen(pagers[i]) + 1);
232 if (r < 0) {
233 log_error_errno(r, "Failed to write pager name to socket: %m");
234 _exit(EXIT_FAILURE);
235 }
236
237 if (i < ELEMENTSOF(pagers) - 1) {
238 execlp(pagers[i], pagers[i], NULL);
239 log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_WARNING, errno,
240 "Failed to execute '%s', will try '%s' next: %m", pagers[i], pagers[i+1]);
241 } else {
242 /* Close pipe to signal the parent to start sending data */
243 safe_close_pair(exe_name_pipe);
244 pager_fallback();
245 assert_not_reached();
246 }
247 }
248 }
249
250 /* Return in the parent */
251 stored_stdout = fcntl(STDOUT_FILENO, F_DUPFD_CLOEXEC, 3);
252 if (dup2(fd[1], STDOUT_FILENO) < 0) {
253 stored_stdout = safe_close(stored_stdout);
254 return (void) log_error_errno(errno, "Failed to duplicate pager pipe: %m");
255 }
256 stdout_redirected = true;
257
258 stored_stderr = fcntl(STDERR_FILENO, F_DUPFD_CLOEXEC, 3);
259 if (dup2(fd[1], STDERR_FILENO) < 0) {
260 stored_stderr = safe_close(stored_stderr);
261 return (void) log_error_errno(errno, "Failed to duplicate pager pipe: %m");
262 }
263 stderr_redirected = true;
264
265 exe_name_pipe[1] = safe_close(exe_name_pipe[1]);
266
267 r = no_quit_on_interrupt(TAKE_FD(exe_name_pipe[0]), less_opts);
268 if (r > 0)
269 (void) ignore_signals(SIGINT);
270 }
271
272 void pager_close(void) {
273
274 if (pager_pid <= 0)
275 return;
276
277 /* Inform pager that we are done */
278 (void) fflush(stdout);
279 if (stdout_redirected)
280 if (stored_stdout < 0 || dup2(stored_stdout, STDOUT_FILENO) < 0)
281 (void) close(STDOUT_FILENO);
282 stored_stdout = safe_close(stored_stdout);
283 (void) fflush(stderr);
284 if (stderr_redirected)
285 if (stored_stderr < 0 || dup2(stored_stderr, STDERR_FILENO) < 0)
286 (void) close(STDERR_FILENO);
287 stored_stderr = safe_close(stored_stderr);
288 stdout_redirected = stderr_redirected = false;
289
290 (void) kill(pager_pid, SIGCONT);
291 (void) wait_for_terminate(TAKE_PID(pager_pid), NULL);
292 pager_pid = 0;
293 }
294
295 bool pager_have(void) {
296 return pager_pid > 0;
297 }
298
299 int show_man_page(const char *desc, bool null_stdio) {
300 const char *args[4] = { "man", NULL, NULL, NULL };
301 char *e = NULL;
302 pid_t pid;
303 size_t k;
304 int r;
305
306 k = strlen(desc);
307
308 if (desc[k-1] == ')')
309 e = strrchr(desc, '(');
310
311 if (e) {
312 char *page = NULL, *section = NULL;
313
314 page = strndupa_safe(desc, e - desc);
315 section = strndupa_safe(e + 1, desc + k - e - 2);
316
317 args[1] = section;
318 args[2] = page;
319 } else
320 args[1] = desc;
321
322 r = safe_fork("(man)", FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|(null_stdio ? FORK_REARRANGE_STDIO : 0)|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
323 if (r < 0)
324 return r;
325 if (r == 0) {
326 /* Child */
327 execvp(args[0], (char**) args);
328 log_error_errno(errno, "Failed to execute man: %m");
329 _exit(EXIT_FAILURE);
330 }
331
332 return wait_for_terminate_and_check(NULL, pid, 0);
333 }
Unnamed repository; edit this file 'description' to name the repository.