1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <errno.h>
4 #include <stddef.h>
5 #include <stdint.h>
6 #include <stdio.h>
7 #include <stdlib.h>
8 #include <sys/prctl.h>
9 #include <unistd.h>
10
11 #include "sd-login.h"
12
13 #include "copy.h"
14 #include "env-util.h"
15 #include "fd-util.h"
16 #include "fileio.h"
17 #include "io-util.h"
18 #include "locale-util.h"
19 #include "log.h"
20 #include "macro.h"
21 #include "pager.h"
22 #include "process-util.h"
23 #include "rlimit-util.h"
24 #include "signal-util.h"
25 #include "string-util.h"
26 #include "strv.h"
27 #include "terminal-util.h"
28 #include "util.h"
29
30 static pid_t pager_pid = 0;
31
32 static int stored_stdout = -1;
33 static int stored_stderr = -1;
34 static bool stdout_redirected = false;
35 static bool stderr_redirected = false;
36
pager_fallback(void)37 _noreturn_ static void pager_fallback(void) {
38 int r;
39
40 r = copy_bytes(STDIN_FILENO, STDOUT_FILENO, UINT64_MAX, 0);
41 if (r < 0) {
42 log_error_errno(r, "Internal pager failed: %m");
43 _exit(EXIT_FAILURE);
44 }
45
46 _exit(EXIT_SUCCESS);
47 }
48
no_quit_on_interrupt(int exe_name_fd,const char * less_opts)49 static int no_quit_on_interrupt(int exe_name_fd, const char *less_opts) {
50 _cleanup_fclose_ FILE *file = NULL;
51 _cleanup_free_ char *line = NULL;
52 int r;
53
54 assert(exe_name_fd >= 0);
55 assert(less_opts);
56
57 /* This takes ownership of exe_name_fd */
58 file = fdopen(exe_name_fd, "r");
59 if (!file) {
60 safe_close(exe_name_fd);
61 return log_error_errno(errno, "Failed to create FILE object: %m");
62 }
63
64 /* Find the last line */
65 for (;;) {
66 _cleanup_free_ char *t = NULL;
67
68 r = read_line(file, LONG_LINE_MAX, &t);
69 if (r < 0)
70 return log_error_errno(r, "Failed to read from socket: %m");
71 if (r == 0)
72 break;
73
74 free_and_replace(line, t);
75 }
76
77 /* We only treat "less" specially.
78 * Return true whenever option K is *not* set. */
79 r = streq_ptr(line, "less") && !strchr(less_opts, 'K');
80
81 log_debug("Pager executable is \"%s\", options \"%s\", quit_on_interrupt: %s",
82 strnull(line), less_opts, yes_no(!r));
83 return r;
84 }
85
pager_open(PagerFlags flags)86 void pager_open(PagerFlags flags) {
87 _cleanup_close_pair_ int fd[2] = { -1, -1 }, exe_name_pipe[2] = { -1, -1 };
88 _cleanup_strv_free_ char **pager_args = NULL;
89 _cleanup_free_ char *l = NULL;
90 const char *pager, *less_opts;
91 int r;
92
93 if (flags & PAGER_DISABLE)
94 return;
95
96 if (pager_pid > 0)
97 return;
98
99 if (terminal_is_dumb())
100 return;
101
102 if (!is_main_thread())
103 return (void) log_error_errno(SYNTHETIC_ERRNO(EPERM), "Pager invoked from wrong thread.");
104
105 pager = getenv("SYSTEMD_PAGER");
106 if (!pager)
107 pager = getenv("PAGER");
108
109 if (pager) {
110 pager_args = strv_split(pager, WHITESPACE);
111 if (!pager_args)
112 return (void) log_oom();
113
114 /* If the pager is explicitly turned off, honour it */
115 if (strv_isempty(pager_args) || strv_equal(pager_args, STRV_MAKE("cat")))
116 return;
117 }
118
119 /* Determine and cache number of columns/lines before we spawn the pager so that we get the value from the
120 * actual tty */
121 (void) columns();
122 (void) lines();
123
124 if (pipe2(fd, O_CLOEXEC) < 0)
125 return (void) log_error_errno(errno, "Failed to create pager pipe: %m");
126
127 /* This is a pipe to feed the name of the executed pager binary into the parent */
128 if (pipe2(exe_name_pipe, O_CLOEXEC) < 0)
129 return (void) log_error_errno(errno, "Failed to create exe_name pipe: %m");
130
131 /* Initialize a good set of less options */
132 less_opts = getenv("SYSTEMD_LESS");
133 if (!less_opts)
134 less_opts = "FRSXMK";
135 if (flags & PAGER_JUMP_TO_END) {
136 l = strjoin(less_opts, " +G");
137 if (!l)
138 return (void) log_oom();
139 less_opts = l;
140 }
141
142 /* We set SIGINT as PR_DEATHSIG signal here, to match the "K" parameter we set in $LESS, which enables SIGINT behaviour. */
143 r = safe_fork("(pager)", FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGINT|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pager_pid);
144 if (r < 0)
145 return;
146 if (r == 0) {
147 const char *less_charset;
148
149 /* In the child start the pager */
150
151 if (dup2(fd[0], STDIN_FILENO) < 0) {
152 log_error_errno(errno, "Failed to duplicate file descriptor to STDIN: %m");
153 _exit(EXIT_FAILURE);
154 }
155
156 safe_close_pair(fd);
157
158 if (setenv("LESS", less_opts, 1) < 0) {
159 log_error_errno(errno, "Failed to set environment variable LESS: %m");
160 _exit(EXIT_FAILURE);
161 }
162
163 /* Initialize a good charset for less. This is particularly important if we output UTF-8
164 * characters. */
165 less_charset = getenv("SYSTEMD_LESSCHARSET");
166 if (!less_charset && is_locale_utf8())
167 less_charset = "utf-8";
168 if (less_charset &&
169 setenv("LESSCHARSET", less_charset, 1) < 0) {
170 log_error_errno(errno, "Failed to set environment variable LESSCHARSET: %m");
171 _exit(EXIT_FAILURE);
172 }
173
174 /* People might invoke us from sudo, don't needlessly allow less to be a way to shell out
175 * privileged stuff. If the user set $SYSTEMD_PAGERSECURE, trust their configuration of the
176 * pager. If they didn't, use secure mode when under euid is changed. If $SYSTEMD_PAGERSECURE
177 * wasn't explicitly set, and we autodetect the need for secure mode, only use the pager we
178 * know to be good. */
179 int use_secure_mode = getenv_bool_secure("SYSTEMD_PAGERSECURE");
180 bool trust_pager = use_secure_mode >= 0;
181 if (use_secure_mode == -ENXIO) {
182 uid_t uid;
183
184 r = sd_pid_get_owner_uid(0, &uid);
185 if (r < 0)
186 log_debug_errno(r, "sd_pid_get_owner_uid() failed, enabling pager secure mode: %m");
187
188 use_secure_mode = r < 0 || uid != geteuid();
189
190 } else if (use_secure_mode < 0) {
191 log_warning_errno(use_secure_mode, "Unable to parse $SYSTEMD_PAGERSECURE, assuming true: %m");
192 use_secure_mode = true;
193 }
194
195 /* We generally always set variables used by less, even if we end up using a different pager.
196 * They shouldn't hurt in any case, and ideally other pagers would look at them too. */
197 r = set_unset_env("LESSSECURE", use_secure_mode ? "1" : NULL, true);
198 if (r < 0) {
199 log_error_errno(r, "Failed to adjust environment variable LESSSECURE: %m");
200 _exit(EXIT_FAILURE);
201 }
202
203 if (trust_pager && pager_args) { /* The pager config might be set globally, and we cannot
204 * know if the user adjusted it to be appropriate for the
205 * secure mode. Thus, start the pager specified through
206 * envvars only when $SYSTEMD_PAGERSECURE was explicitly set
207 * as well. */
208 r = loop_write(exe_name_pipe[1], pager_args[0], strlen(pager_args[0]) + 1, false);
209 if (r < 0) {
210 log_error_errno(r, "Failed to write pager name to socket: %m");
211 _exit(EXIT_FAILURE);
212 }
213
214 execvp(pager_args[0], pager_args);
215 log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_WARNING, errno,
216 "Failed to execute '%s', using fallback pagers: %m", pager_args[0]);
217 }
218
219 /* Debian's alternatives command for pagers is called 'pager'. Note that we do not call
220 * sensible-pagers here, since that is just a shell script that implements a logic that is
221 * similar to this one anyway, but is Debian-specific. */
222 FOREACH_STRING(exe, "pager", "less", "more") {
223 /* Only less implements secure mode right now. */
224 if (use_secure_mode && !streq(exe, "less"))
225 continue;
226
227 r = loop_write(exe_name_pipe[1], exe, strlen(exe) + 1, false);
228 if (r < 0) {
229 log_error_errno(r, "Failed to write pager name to socket: %m");
230 _exit(EXIT_FAILURE);
231 }
232 execlp(exe, exe, NULL);
233 log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_WARNING, errno,
234 "Failed to execute '%s', using next fallback pager: %m", exe);
235 }
236
237 /* Our builtin is also very secure. */
238 r = loop_write(exe_name_pipe[1], "(built-in)", strlen("(built-in)") + 1, false);
239 if (r < 0) {
240 log_error_errno(r, "Failed to write pager name to socket: %m");
241 _exit(EXIT_FAILURE);
242 }
243 /* Close pipe to signal the parent to start sending data */
244 safe_close_pair(exe_name_pipe);
245 pager_fallback();
246 /* not reached */
247 }
248
249 /* Return in the parent */
250 stored_stdout = fcntl(STDOUT_FILENO, F_DUPFD_CLOEXEC, 3);
251 if (dup2(fd[1], STDOUT_FILENO) < 0) {
252 stored_stdout = safe_close(stored_stdout);
253 return (void) log_error_errno(errno, "Failed to duplicate pager pipe: %m");
254 }
255 stdout_redirected = true;
256
257 stored_stderr = fcntl(STDERR_FILENO, F_DUPFD_CLOEXEC, 3);
258 if (dup2(fd[1], STDERR_FILENO) < 0) {
259 stored_stderr = safe_close(stored_stderr);
260 return (void) log_error_errno(errno, "Failed to duplicate pager pipe: %m");
261 }
262 stderr_redirected = true;
263
264 exe_name_pipe[1] = safe_close(exe_name_pipe[1]);
265
266 r = no_quit_on_interrupt(TAKE_FD(exe_name_pipe[0]), less_opts);
267 if (r > 0)
268 (void) ignore_signals(SIGINT);
269 }
270
pager_close(void)271 void pager_close(void) {
272
273 if (pager_pid <= 0)
274 return;
275
276 /* Inform pager that we are done */
277 (void) fflush(stdout);
278 if (stdout_redirected)
279 if (stored_stdout < 0 || dup2(stored_stdout, STDOUT_FILENO) < 0)
280 (void) close(STDOUT_FILENO);
281 stored_stdout = safe_close(stored_stdout);
282 (void) fflush(stderr);
283 if (stderr_redirected)
284 if (stored_stderr < 0 || dup2(stored_stderr, STDERR_FILENO) < 0)
285 (void) close(STDERR_FILENO);
286 stored_stderr = safe_close(stored_stderr);
287 stdout_redirected = stderr_redirected = false;
288
289 (void) kill(pager_pid, SIGCONT);
290 (void) wait_for_terminate(TAKE_PID(pager_pid), NULL);
291 pager_pid = 0;
292 }
293
pager_have(void)294 bool pager_have(void) {
295 return pager_pid > 0;
296 }
297
show_man_page(const char * desc,bool null_stdio)298 int show_man_page(const char *desc, bool null_stdio) {
299 const char *args[4] = { "man", NULL, NULL, NULL };
300 char *e = NULL;
301 pid_t pid;
302 size_t k;
303 int r;
304
305 k = strlen(desc);
306
307 if (desc[k-1] == ')')
308 e = strrchr(desc, '(');
309
310 if (e) {
311 char *page = NULL, *section = NULL;
312
313 page = strndupa_safe(desc, e - desc);
314 section = strndupa_safe(e + 1, desc + k - e - 2);
315
316 args[1] = section;
317 args[2] = page;
318 } else
319 args[1] = desc;
320
321 r = safe_fork("(man)", FORK_RESET_SIGNALS|FORK_DEATHSIG|(null_stdio ? FORK_NULL_STDIO : 0)|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
322 if (r < 0)
323 return r;
324 if (r == 0) {
325 /* Child */
326 execvp(args[0], (char**) args);
327 log_error_errno(errno, "Failed to execute man: %m");
328 _exit(EXIT_FAILURE);
329 }
330
331 return wait_for_terminate_and_check(NULL, pid, 0);
332 }
333