blob: 9af7009b3f3aa7823558496b64ebbe5be816eb11 [file] [log] [blame] [raw]
/* SPDX-License-Identifier: LGPL-2.1+ */
#include <errno.h>
#include <stddef.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/prctl.h>
#include <unistd.h>
#include "sd-login.h"
#include "copy.h"
#include "env-util.h"
#include "fd-util.h"
#include "fileio.h"
#include "io-util.h"
#include "locale-util.h"
#include "log.h"
#include "macro.h"
#include "pager.h"
#include "process-util.h"
#include "rlimit-util.h"
#include "signal-util.h"
#include "string-util.h"
#include "strv.h"
#include "terminal-util.h"
#include "util.h"
static pid_t pager_pid = 0;
static int stored_stdout = -1;
static int stored_stderr = -1;
static bool stdout_redirected = false;
static bool stderr_redirected = false;
_noreturn_ static void pager_fallback(void) {
int r;
r = copy_bytes(STDIN_FILENO, STDOUT_FILENO, (uint64_t) -1, 0);
if (r < 0) {
log_error_errno(r, "Internal pager failed: %m");
_exit(EXIT_FAILURE);
}
_exit(EXIT_SUCCESS);
}
static int no_quit_on_interrupt(int exe_name_fd, const char *less_opts) {
_cleanup_fclose_ FILE *file = NULL;
_cleanup_free_ char *line = NULL;
int r;
assert(exe_name_fd >= 0);
assert(less_opts);
/* This takes ownership of exe_name_fd */
file = fdopen(exe_name_fd, "r");
if (!file) {
safe_close(exe_name_fd);
return log_error_errno(errno, "Failed to create FILE object: %m");
}
/* Find the last line */
for (;;) {
_cleanup_free_ char *t = NULL;
r = read_line(file, LONG_LINE_MAX, &t);
if (r < 0)
return log_error_errno(r, "Failed to read from socket: %m");
if (r == 0)
break;
free_and_replace(line, t);
}
/* We only treat "less" specially.
* Return true whenever option K is *not* set. */
r = streq_ptr(line, "less") && !strchr(less_opts, 'K');
log_debug("Pager executable is \"%s\", options \"%s\", quit_on_interrupt: %s",
strnull(line), less_opts, yes_no(!r));
return r;
}
int pager_open(PagerFlags flags) {
_cleanup_close_pair_ int fd[2] = { -1, -1 }, exe_name_pipe[2] = { -1, -1 };
_cleanup_strv_free_ char **pager_args = NULL;
const char *pager, *less_opts;
int r;
if (flags & PAGER_DISABLE)
return 0;
if (pager_pid > 0)
return 1;
if (terminal_is_dumb())
return 0;
if (!is_main_thread())
return log_error_errno(SYNTHETIC_ERRNO(EPERM), "Pager invoked from wrong thread.");
pager = getenv("SYSTEMD_PAGER");
if (!pager)
pager = getenv("PAGER");
if (pager) {
pager_args = strv_split(pager, WHITESPACE);
if (!pager_args)
return log_oom();
/* If the pager is explicitly turned off, honour it */
if (strv_isempty(pager_args) || strv_equal(pager_args, STRV_MAKE("cat")))
return 0;
}
/* Determine and cache number of columns/lines before we spawn the pager so that we get the value from the
* actual tty */
(void) columns();
(void) lines();
if (pipe2(fd, O_CLOEXEC) < 0)
return log_error_errno(errno, "Failed to create pager pipe: %m");
/* This is a pipe to feed the name of the executed pager binary into the parent */
if (pipe2(exe_name_pipe, O_CLOEXEC) < 0)
return log_error_errno(errno, "Failed to create exe_name pipe: %m");
/* Initialize a good set of less options */
less_opts = getenv("SYSTEMD_LESS");
if (!less_opts)
less_opts = "FRSXMK";
if (flags & PAGER_JUMP_TO_END)
less_opts = strjoina(less_opts, " +G");
/* We set SIGINT as PR_DEATHSIG signal here, to match the "K" parameter we set in $LESS, which enables SIGINT behaviour. */
r = safe_fork("(pager)", FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGINT|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pager_pid);
if (r < 0)
return r;
if (r == 0) {
const char *less_charset, *exe;
/* In the child start the pager */
if (dup2(fd[0], STDIN_FILENO) < 0) {
log_error_errno(errno, "Failed to duplicate file descriptor to STDIN: %m");
_exit(EXIT_FAILURE);
}
safe_close_pair(fd);
if (setenv("LESS", less_opts, 1) < 0) {
log_error_errno(errno, "Failed to set environment variable LESS: %m");
_exit(EXIT_FAILURE);
}
/* Initialize a good charset for less. This is particularly important if we output UTF-8
* characters. */
less_charset = getenv("SYSTEMD_LESSCHARSET");
if (!less_charset && is_locale_utf8())
less_charset = "utf-8";
if (less_charset &&
setenv("LESSCHARSET", less_charset, 1) < 0) {
log_error_errno(errno, "Failed to set environment variable LESSCHARSET: %m");
_exit(EXIT_FAILURE);
}
/* People might invoke us from sudo, don't needlessly allow less to be a way to shell out
* privileged stuff. If the user set $SYSTEMD_PAGERSECURE, trust their configuration of the
* pager. If they didn't, use secure mode when under euid is changed. If $SYSTEMD_PAGERSECURE
* wasn't explicitly set, and we autodetect the need for secure mode, only use the pager we
* know to be good. */
int use_secure_mode = getenv_bool_secure("SYSTEMD_PAGERSECURE");
bool trust_pager = use_secure_mode >= 0;
if (use_secure_mode == -ENXIO) {
uid_t uid;
r = sd_pid_get_owner_uid(0, &uid);
if (r < 0)
log_debug_errno(r, "sd_pid_get_owner_uid() failed, enabling pager secure mode: %m");
use_secure_mode = r < 0 || uid != geteuid();
} else if (use_secure_mode < 0) {
log_warning_errno(use_secure_mode, "Unable to parse $SYSTEMD_PAGERSECURE, assuming true: %m");
use_secure_mode = true;
}
/* We generally always set variables used by less, even if we end up using a different pager.
* They shouldn't hurt in any case, and ideally other pagers would look at them too. */
if (use_secure_mode)
r = setenv("LESSSECURE", "1", 1);
else
r = unsetenv("LESSSECURE");
if (r < 0) {
log_error_errno(errno, "Failed to adjust environment variable LESSSECURE: %m");
_exit(EXIT_FAILURE);
}
if (trust_pager && pager_args) { /* The pager config might be set globally, and we cannot
* know if the user adjusted it to be appropriate for the
* secure mode. Thus, start the pager specified through
* envvars only when $SYSTEMD_PAGERSECURE was explicitly set
* as well. */
r = loop_write(exe_name_pipe[1], pager_args[0], strlen(pager_args[0]) + 1, false);
if (r < 0) {
log_error_errno(r, "Failed to write pager name to socket: %m");
_exit(EXIT_FAILURE);
}
execvp(pager_args[0], pager_args);
log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_WARNING, errno,
"Failed to execute '%s', using fallback pagers: %m", pager_args[0]);
}
/* Debian's alternatives command for pagers is called 'pager'. Note that we do not call
* sensible-pagers here, since that is just a shell script that implements a logic that is
* similar to this one anyway, but is Debian-specific. */
FOREACH_STRING(exe, "pager", "less", "more") {
/* Only less implements secure mode right now. */
if (use_secure_mode && !streq(exe, "less"))
continue;
r = loop_write(exe_name_pipe[1], exe, strlen(exe) + 1, false);
if (r < 0) {
log_error_errno(r, "Failed to write pager name to socket: %m");
_exit(EXIT_FAILURE);
}
execlp(exe, exe, NULL);
log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_WARNING, errno,
"Failed to execute '%s', using next fallback pager: %m", exe);
}
/* Our builtin is also very secure. */
r = loop_write(exe_name_pipe[1], "(built-in)", strlen("(built-in)") + 1, false);
if (r < 0) {
log_error_errno(r, "Failed to write pager name to socket: %m");
_exit(EXIT_FAILURE);
}
/* Close pipe to signal the parent to start sending data */
safe_close_pair(exe_name_pipe);
pager_fallback();
/* not reached */
}
/* Return in the parent */
stored_stdout = fcntl(STDOUT_FILENO, F_DUPFD_CLOEXEC, 3);
if (dup2(fd[1], STDOUT_FILENO) < 0) {
stored_stdout = safe_close(stored_stdout);
return log_error_errno(errno, "Failed to duplicate pager pipe: %m");
}
stdout_redirected = true;
stored_stderr = fcntl(STDERR_FILENO, F_DUPFD_CLOEXEC, 3);
if (dup2(fd[1], STDERR_FILENO) < 0) {
stored_stderr = safe_close(stored_stderr);
return log_error_errno(errno, "Failed to duplicate pager pipe: %m");
}
stderr_redirected = true;
exe_name_pipe[1] = safe_close(exe_name_pipe[1]);
r = no_quit_on_interrupt(TAKE_FD(exe_name_pipe[0]), less_opts);
if (r < 0)
return r;
if (r > 0)
(void) ignore_signals(SIGINT, -1);
return 1;
}
void pager_close(void) {
if (pager_pid <= 0)
return;
/* Inform pager that we are done */
(void) fflush(stdout);
if (stdout_redirected)
if (stored_stdout < 0 || dup2(stored_stdout, STDOUT_FILENO) < 0)
(void) close(STDOUT_FILENO);
stored_stdout = safe_close(stored_stdout);
(void) fflush(stderr);
if (stderr_redirected)
if (stored_stderr < 0 || dup2(stored_stderr, STDERR_FILENO) < 0)
(void) close(STDERR_FILENO);
stored_stderr = safe_close(stored_stderr);
stdout_redirected = stderr_redirected = false;
(void) kill(pager_pid, SIGCONT);
(void) wait_for_terminate(pager_pid, NULL);
pager_pid = 0;
}
bool pager_have(void) {
return pager_pid > 0;
}
int show_man_page(const char *desc, bool null_stdio) {
const char *args[4] = { "man", NULL, NULL, NULL };
char *e = NULL;
pid_t pid;
size_t k;
int r;
k = strlen(desc);
if (desc[k-1] == ')')
e = strrchr(desc, '(');
if (e) {
char *page = NULL, *section = NULL;
page = strndupa(desc, e - desc);
section = strndupa(e + 1, desc + k - e - 2);
args[1] = section;
args[2] = page;
} else
args[1] = desc;
r = safe_fork("(man)", FORK_RESET_SIGNALS|FORK_DEATHSIG|(null_stdio ? FORK_NULL_STDIO : 0)|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
if (r < 0)
return r;
if (r == 0) {
/* Child */
execvp(args[0], (char**) args);
log_error_errno(errno, "Failed to execute man: %m");
_exit(EXIT_FAILURE);
}
return wait_for_terminate_and_check(NULL, pid, 0);
}