20401947236

Committed 20 Dec 2025 09:56PM UTC coverage: 72.701% (+0.1%) from 72.578%

Build # 20401947236

Build Type

push

github

Committed by

DaanDeMeyer

Commit Message

core/socket: modernize listen/accept_in_cgroup

Run Details

4 of 9 new or added lines in 1 file covered. (44.44%)

7723 existing lines in 114 files now uncovered.

309972 of 426363 relevant lines covered (72.7%)

1133403.64 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

76.7

/src/shared/exec-util.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

#include "alloc-util.h"
#include "bitfield.h"
#include "conf-files.h"
#include "env-file.h"
#include "env-util.h"
#include "errno-util.h"
#include "escape.h"
#include "exec-util.h"
#include "fd-util.h"
#include "fileio.h"
#include "hashmap.h"
#include "log.h"
#include "path-util.h"
#include "pidref.h"
#include "process-util.h"
#include "serialize.h"
#include "stat-util.h"
#include "string-table.h"
#include "string-util.h"
#include "strv.h"
#include "terminal-util.h"
#include "time-util.h"

#define EXIT_SKIP_REMAINING 77

DEFINE_PRIVATE_HASH_OPS_FULL(pidref_hash_ops_free_free,
                             PidRef, pidref_hash_func, pidref_compare_func,
                             pidref_free, char*, free);

/* Put this test here for a lack of better place */
assert_cc(EAGAIN == EWOULDBLOCK);

static int do_spawn(
                const char *path,
                char *argv[],
                int stdout_fd,
                bool set_systemd_exec_pid,
                PidRef *ret) {

        int r;

        assert(path);
        assert(ret);

        if (null_or_empty_path(path) > 0) {
                log_debug("%s is masked, skipping.", path);
                return 0;
        }

        _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
        r = pidref_safe_fork_full(
                        "(exec-inner)",
                        (const int[]) { STDIN_FILENO, stdout_fd < 0 ? STDOUT_FILENO : stdout_fd, STDERR_FILENO },
                        /* except_fds= */ NULL, /* n_except_fds= */ 0,
                        FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO|FORK_CLOSE_ALL_FDS,
                        &pidref);
        if (r < 0)
                return r;
        if (r == 0) {
                char *_argv[2];

                if (set_systemd_exec_pid) {
                        r = setenv_systemd_exec_pid(false);
                        if (r < 0)
                                log_warning_errno(r, "Failed to set $SYSTEMD_EXEC_PID, ignoring: %m");
                }

                if (!argv) {
                        _argv[0] = (char*) path;
                        _argv[1] = NULL;
                        argv = _argv;
                } else
                        argv[0] = (char*) path;

                execv(path, argv);
                log_error_errno(errno, "Failed to execute %s: %m", path);
                _exit(EXIT_FAILURE);
        }

        *ret = TAKE_PIDREF(pidref);
        return 1;
}

static int do_execute(
                char * const *paths,
                const char *root,
                usec_t timeout,
                gather_stdout_callback_t const callbacks[_STDOUT_CONSUME_MAX],
                void * const callback_args[_STDOUT_CONSUME_MAX],
                int output_fd,
                char *argv[],
                char *envp[],
                ExecDirFlags flags) {

        _cleanup_hashmap_free_ Hashmap *pids = NULL;
        bool parallel_execution;
        int r;

        /* We fork this all off from a child process so that we can somewhat cleanly make use of SIGALRM
         * to set a time limit.
         *
         * We attempt to perform parallel execution if configured by the user, however if `callbacks` is nonnull,
         * execution must be serial.
         */

        assert(!strv_isempty(paths));

        parallel_execution = FLAGS_SET(flags, EXEC_DIR_PARALLEL) && !callbacks;

        /* Abort execution of this process after the timeout. We simply rely on SIGALRM as
         * default action terminating the process, and turn on alarm(). */

        if (timeout != USEC_INFINITY)
                alarm(DIV_ROUND_UP(timeout, USEC_PER_SEC));

        STRV_FOREACH(e, envp)
                if (putenv(*e) != 0)
                        return log_error_errno(errno, "Failed to set environment variable: %m");

        STRV_FOREACH(path, paths) {
                _cleanup_free_ char *t = NULL;
                _cleanup_close_ int fd = -EBADF;

                t = path_join(root, *path);
                if (!t)
                        return log_oom();

                if (callbacks) {
                        _cleanup_free_ char *bn = NULL;

                        r = path_extract_filename(*path, &bn);
                        if (r < 0)
                                return log_error_errno(r, "Failed to extract filename from path '%s': %m", *path);

                        fd = open_serialization_fd(bn);
                        if (fd < 0)
                                return log_error_errno(fd, "Failed to open serialization file: %m");
                }

                if (DEBUG_LOGGING) {
                        _cleanup_free_ char *s = NULL;

                        char **args = strv_skip(argv, 1);
                        if (args)
                                s = quote_command_line(args, SHELL_ESCAPE_EMPTY);

                        log_debug("About to execute %s%s%s", t, args ? " " : "", args ? strnull(s) : "");
                }

                if (FLAGS_SET(flags, EXEC_DIR_WARN_WORLD_WRITABLE)) {
                        struct stat st;

                        r = stat(t, &st);
                        if (r < 0)
                                log_warning_errno(errno, "Failed to stat '%s', ignoring: %m", t);
                        else if (S_ISREG(st.st_mode) && (st.st_mode & 0002))
                                log_warning("'%s' is marked world-writable, which is a security risk as it "
                                            "is executed with privileges. Please remove world writability "
                                            "permission bits. Proceeding anyway.", t);
                }

                _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
                r = do_spawn(t, argv, fd, FLAGS_SET(flags, EXEC_DIR_SET_SYSTEMD_EXEC_PID), &pidref);
                if (r <= 0)
                        continue;

                if (parallel_execution) {
                        _cleanup_(pidref_freep) PidRef *dup = NULL;
                        r = pidref_dup(&pidref, &dup);
                        if (r < 0)
                                return r;

                        r = hashmap_ensure_put(&pids, &pidref_hash_ops_free_free, dup, t);
                        if (r < 0)
                                return log_oom();

                        TAKE_PTR(dup);
                        TAKE_PTR(t);
                } else {
                        bool skip_remaining = false;

                        r = pidref_wait_for_terminate_and_check(t, &pidref, WAIT_LOG_ABNORMAL);
                        if (r < 0)
                                return r;
                        if (r > 0) {
                                if (FLAGS_SET(flags, EXEC_DIR_SKIP_REMAINING) && r == EXIT_SKIP_REMAINING) {
                                        log_info("%s succeeded with exit status %i, not executing remaining executables.", *path, r);
                                        skip_remaining = true;
                                } else if (FLAGS_SET(flags, EXEC_DIR_IGNORE_ERRORS))
                                        log_warning("%s failed with exit status %i, ignoring.", *path, r);
                                else {
                                        log_error("%s failed with exit status %i.", *path, r);
                                        return r;
                                }
                        }

                        if (callbacks) {
                                r = finish_serialization_fd(fd);
                                if (r < 0)
                                        return log_error_errno(r, "Failed to finish serialization fd: %m");

                                r = callbacks[STDOUT_GENERATE](TAKE_FD(fd), callback_args[STDOUT_GENERATE]);
                                if (r < 0)
                                        return log_error_errno(r, "Failed to process output from %s: %m", *path);
                        }

                        if (skip_remaining)
                                break;
                }
        }

        if (callbacks) {
                r = callbacks[STDOUT_COLLECT](output_fd, callback_args[STDOUT_COLLECT]);
                if (r < 0)
                        return log_error_errno(r, "Callback two failed: %m");
        }

        while (!hashmap_isempty(pids)) {
                _cleanup_free_ char *t = NULL;
                void *p;

                t = ASSERT_PTR(hashmap_steal_first_key_and_value(pids, &p));
                _cleanup_(pidref_freep) PidRef *pidref = p;

                r = pidref_wait_for_terminate_and_check(t, pidref, WAIT_LOG);
                if (r < 0)
                        return r;
                if (!FLAGS_SET(flags, EXEC_DIR_IGNORE_ERRORS) && r > 0)
                        return r;
        }

        return 0;
}

int execute_strv(
                const char *name,
                char * const *paths,
                const char *root,
                usec_t timeout,
                gather_stdout_callback_t const callbacks[_STDOUT_CONSUME_MAX],
                void * const callback_args[_STDOUT_CONSUME_MAX],
                char *argv[],
                char *envp[],
                ExecDirFlags flags) {

        _cleanup_close_ int fd = -EBADF;
        int r;

        assert(name);
        assert(!FLAGS_SET(flags, EXEC_DIR_PARALLEL | EXEC_DIR_SKIP_REMAINING));

        if (strv_isempty(paths))
                return 0;

        if (callbacks) {
                assert(callbacks[STDOUT_GENERATE]);
                assert(callbacks[STDOUT_COLLECT]);
                assert(callbacks[STDOUT_CONSUME]);
                assert(callback_args);

                fd = open_serialization_fd(name);
                if (fd < 0)
                        return log_error_errno(fd, "Failed to open serialization file for %s: %m", name);
        }

        /* Executes all binaries in the directories serially or in parallel and waits for
         * them to finish. Optionally a timeout is applied. If a file with the same name
         * exists in more than one directory, the earliest one wins. */

        const char *process_name = strjoina("(", name, ")");

        PidRef executor_pidref = PIDREF_NULL;
        r = pidref_safe_fork(process_name, FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_LOG, &executor_pidref);
        if (r < 0)
                return r;
        if (r == 0) {
                r = do_execute(paths, root, timeout, callbacks, callback_args, fd, argv, envp, flags);
                _exit(r < 0 ? EXIT_FAILURE : r);
        }

        r = pidref_wait_for_terminate_and_check(process_name, &executor_pidref, 0);
        if (r < 0)
                return r;
        if (!FLAGS_SET(flags, EXEC_DIR_IGNORE_ERRORS) && r > 0)
                return r;

        if (!callbacks)
                return 0;

        r = finish_serialization_fd(fd);
        if (r < 0)
                return log_error_errno(r, "Failed to finish serialization fd for %s: %m", name);

        r = callbacks[STDOUT_CONSUME](TAKE_FD(fd), callback_args[STDOUT_CONSUME]);
        if (r < 0)
                return log_error_errno(r, "Failed to parse returned data for %s: %m", name);

        return 0;
}

int execute_directories(
                const char *name,
                const char * const *directories,
                usec_t timeout,
                gather_stdout_callback_t const callbacks[_STDOUT_CONSUME_MAX],
                void * const callback_args[_STDOUT_CONSUME_MAX],
                char *argv[],
                char *envp[],
                ExecDirFlags flags) {

        _cleanup_strv_free_ char **paths = NULL;
        int r;

        assert(name);
        assert(!strv_isempty((char* const*) directories));

        r = conf_files_list_strv(
                        &paths,
                        /* suffix= */ NULL,
                        /* root= */ NULL,
                        CONF_FILES_EXECUTABLE|CONF_FILES_REGULAR|CONF_FILES_FILTER_MASKED,
                        directories);
        if (r < 0)
                return log_error_errno(r, "%s: failed to enumerate executables: %m", name);

        if (strv_isempty(paths)) {
                log_debug("%s: no executables found.", name);
                return 0;
        }

        return execute_strv(name, paths, /* root= */ NULL, timeout, callbacks, callback_args, argv, envp, flags);
}

static int gather_environment_generate(int fd, void *arg) {
        char ***env = ASSERT_PTR(arg);
        _cleanup_fclose_ FILE *f = NULL;
        _cleanup_strv_free_ char **new = NULL;
        int r;

        /* Read a series of VAR=value assignments from fd, use them to update the list of variables in env.
         * Also update the exported environment.
         *
         * fd is always consumed, even on error.
         */

        assert(fd >= 0);

        f = fdopen(fd, "r");
        if (!f) {
                safe_close(fd);
                return -errno;
        }

        r = load_env_file_pairs(f, NULL, &new);
        if (r < 0)
                return r;

        STRV_FOREACH_PAIR(x, y, new) {
                if (!env_name_is_valid(*x)) {
                        log_warning("Invalid variable assignment \"%s=...\", ignoring.", *x);
                        continue;
                }

                r = strv_env_assign(env, *x, *y);
                if (r < 0)
                        return r;

                if (setenv(*x, *y, /* overwrite= */ true) < 0)
                        return -errno;
        }

        return 0;
}

static int gather_environment_collect(int fd, void *arg) {
        char ***env = ASSERT_PTR(arg);
        _cleanup_fclose_ FILE *f = NULL;
        int r;

        /* Write out a series of env=cescape(VAR=value) assignments to fd. */

        assert(fd >= 0);

        f = fdopen(fd, "w");
        if (!f) {
                safe_close(fd);
                return -errno;
        }

        r = serialize_strv(f, "env", *env);
        if (r < 0)
                return r;

        r = fflush_and_check(f);
        if (r < 0)
                return r;

        return 0;
}

static int gather_environment_consume(int fd, void *arg) {
        char ***env = ASSERT_PTR(arg);
        _cleanup_fclose_ FILE *f = NULL;
        int r, ret = 0;

        /* Read a series of env=cescape(VAR=value) assignments from fd into env. */

        assert(fd >= 0);

        f = fdopen(fd, "r");
        if (!f) {
                safe_close(fd);
                return -errno;
        }

        for (;;) {
                _cleanup_free_ char *line = NULL;
                const char *v;

                r = read_line(f, LONG_LINE_MAX, &line);
                if (r < 0)
                        return r;
                if (r == 0)
                        return ret;

                v = startswith(line, "env=");
                if (!v) {
                        RET_GATHER(ret, log_debug_errno(SYNTHETIC_ERRNO(EINVAL),
                                                        "Serialization line unexpectedly didn't start with \"env=\", ignoring: %s",
                                                        line));
                        continue;
                }

                r = deserialize_environment(v, env);
                if (r < 0)
                        RET_GATHER(ret, log_debug_errno(r, "Failed to deserialize line \"%s\": %m", line));
        }
}

const gather_stdout_callback_t gather_environment[_STDOUT_CONSUME_MAX] = {
        gather_environment_generate,
        gather_environment_collect,
        gather_environment_consume,
};

int exec_command_flags_from_strv(char * const *ex_opts, ExecCommandFlags *ret) {
        ExecCommandFlags flags = 0;

        assert(ret);

        STRV_FOREACH(opt, ex_opts) {
                ExecCommandFlags fl = exec_command_flags_from_string(*opt);
                if (fl < 0)
                        return fl;

                flags |= fl;
        }

        *ret = flags;

        return 0;
}

int exec_command_flags_to_strv(ExecCommandFlags flags, char ***ret) {
        _cleanup_strv_free_ char **opts = NULL;
        int r;

        assert(flags >= 0);
        assert(ret);

        BIT_FOREACH(i, flags) {
                const char *s = exec_command_flags_to_string(1 << i);
                if (!s)
                        return -EINVAL;

                r = strv_extend(&opts, s);
                if (r < 0)
                        return r;
        }

        *ret = TAKE_PTR(opts);

        return 0;
}

static const char* const exec_command_strings[] = {
        "ignore-failure", /* EXEC_COMMAND_IGNORE_FAILURE */
        "privileged",     /* EXEC_COMMAND_FULLY_PRIVILEGED */
        "no-setuid",      /* EXEC_COMMAND_NO_SETUID */
        "no-env-expand",  /* EXEC_COMMAND_NO_ENV_EXPAND */
        "via-shell",      /* EXEC_COMMAND_VIA_SHELL */
};

assert_cc((1 << ELEMENTSOF(exec_command_strings)) - 1 == _EXEC_COMMAND_FLAGS_ALL);

const char* exec_command_flags_to_string(ExecCommandFlags i) {
        for (size_t idx = 0; idx < ELEMENTSOF(exec_command_strings); idx++)
                if (i == (1 << idx))
                        return exec_command_strings[idx];

        return NULL;
}

ExecCommandFlags exec_command_flags_from_string(const char *s) {
        ssize_t idx;

        if (streq(s, "ambient")) /* Compatibility with ambient hack, removed in v258, map to no bits set */
                return 0;

        idx = string_table_lookup_from_string(exec_command_strings, ELEMENTSOF(exec_command_strings), s);
        if (idx < 0)
                return _EXEC_COMMAND_FLAGS_INVALID;

        return 1 << idx;
}

int fexecve_or_execve(int executable_fd, const char *executable, char *const argv[], char *const envp[]) {
        /* Refuse invalid fds, regardless if fexecve() use is enabled or not */
        if (executable_fd < 0)
                return -EBADF;

        /* Block any attempts on exploiting Linux' liberal argv[] handling, i.e. CVE-2021-4034 and suchlike */
        if (isempty(executable) || strv_isempty(argv))
                return -EINVAL;

#if ENABLE_FEXECVE

        execveat(executable_fd, "", argv, envp, AT_EMPTY_PATH);

        /* Old kernel or a script or an overzealous seccomp filter? Let's fall back to execve().
         *
         * fexecve(3): "If fd refers to a script (i.e., it is an executable text file that names a
         * script interpreter with a first line that begins with the characters #!) and the
         * close-on-exec flag has been set for fd, then fexecve() fails with the error ENOENT. This
         * error occurs because, by the time the script interpreter is executed, fd has already been
         * closed because of the close-on-exec flag. Thus, the close-on-exec flag can't be set on fd
         * if it refers to a script."
         *
         * Unfortunately, if we unset close-on-exec, the script will be executed just fine, but (at
         * least in case of bash) the script name, $0, will be shown as /dev/fd/nnn, which breaks
         * scripts which make use of $0. Thus, let's fall back to execve() in this case.
         */
        if (!IN_SET(errno, ENOSYS, ENOENT) && !ERRNO_IS_PRIVILEGE(errno))
                return -errno;
#endif
        execve(executable, argv, envp);
        return -errno;
}

int shall_fork_agent(void) {
        int r;

        /* Check if we have a controlling terminal. If not (ENXIO here), we aren't actually invoked
         * interactively on a terminal, hence fail. */
        r = get_ctty_devnr(0, NULL);
        if (r == -ENXIO)
                return false;
        if (r < 0)
                return r;

        if (!is_main_thread())
                return -EPERM;

        return true;
}

int _fork_agent(const char *name, char * const *argv, const int except[], size_t n_except, PidRef *ret) {
        int r;

        assert(!strv_isempty(argv));

        /* Spawns a temporary TTY agent, making sure it goes away when we go away */

        r = pidref_safe_fork_full(
                        name,
                        /* stdio_fds= */ NULL,
                        (int*) except, n_except, /* safe_fork_full only changes except if you pass in FORK_PACK_FDS, which we don't */
                        FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_CLOSE_ALL_FDS|FORK_REOPEN_LOG|FORK_RLIMIT_NOFILE_SAFE,
                        ret);
        if (r < 0)
                return r;
        if (r > 0)
                return 0;

        /* In the child: */

        bool stdin_is_tty = isatty_safe(STDIN_FILENO),
                stdout_is_tty = isatty_safe(STDOUT_FILENO),
                stderr_is_tty = isatty_safe(STDERR_FILENO);

        if (!stdin_is_tty || !stdout_is_tty || !stderr_is_tty) {
                int fd;

                /* Detach from stdin/stdout/stderr and reopen /dev/tty for them. This is important to ensure
                 * that when systemctl is started via popen() or a similar call that expects to read EOF we
                 * actually do generate EOF and not delay this indefinitely by keeping an unused copy of
                 * stdin around. */
                fd = open_terminal("/dev/tty", stdin_is_tty ? O_WRONLY : (stdout_is_tty && stderr_is_tty) ? O_RDONLY : O_RDWR);
                if (fd < 0) {
                        log_error_errno(fd, "Failed to open %s: %m", "/dev/tty");
                        _exit(EXIT_FAILURE);
                }

                if (!stdin_is_tty && dup2(fd, STDIN_FILENO) < 0) {
                        log_error_errno(errno, "Failed to dup2 /dev/tty to STDIN: %m");
                        _exit(EXIT_FAILURE);
                }

                if (!stdout_is_tty && dup2(fd, STDOUT_FILENO) < 0) {
                        log_error_errno(errno, "Failed to dup2 /dev/tty to STDOUT: %m");
                        _exit(EXIT_FAILURE);
                }

                if (!stderr_is_tty && dup2(fd, STDERR_FILENO) < 0) {
                        log_error_errno(errno, "Failed to dup2 /dev/tty to STDERR: %m");
                        _exit(EXIT_FAILURE);
                }

                fd = safe_close_above_stdio(fd);
        }

        /* Count arguments */
        execv(argv[0], argv);

        /* Let's treat missing agent binary as a graceful issue (in order to support splitting out the Polkit
         * or password agents into separate, optional distro packages), and not complain loudly. */
        log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, errno,
                       "Failed to execute %s: %m", argv[0]);
        _exit(EXIT_FAILURE);
}

1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3	#include <stdio.h>
4	#include <stdlib.h>
5	#include <unistd.h>
6
7	#include "alloc-util.h"
8	#include "bitfield.h"
9	#include "conf-files.h"
10	#include "env-file.h"
11	#include "env-util.h"
12	#include "errno-util.h"
13	#include "escape.h"
14	#include "exec-util.h"
15	#include "fd-util.h"
16	#include "fileio.h"
17	#include "hashmap.h"
18	#include "log.h"
19	#include "path-util.h"
20	#include "pidref.h"
21	#include "process-util.h"
22	#include "serialize.h"
23	#include "stat-util.h"
24	#include "string-table.h"
25	#include "string-util.h"
26	#include "strv.h"
27	#include "terminal-util.h"
28	#include "time-util.h"
29
30	#define EXIT_SKIP_REMAINING 77
31
UNCOV 32	DEFINE_PRIVATE_HASH_OPS_FULL(pidref_hash_ops_free_free,	×
33	PidRef, pidref_hash_func, pidref_compare_func,
34	pidref_free, char*, free);
35
36	/* Put this test here for a lack of better place */
37	assert_cc(EAGAIN == EWOULDBLOCK);
38
39	static int do_spawn(	1,551✔
40	const char *path,
41	char *argv[],
42	int stdout_fd,
43	bool set_systemd_exec_pid,
44	PidRef *ret) {
45
46	int r;	1,551✔
47
48	assert(path);	1,551✔
49	assert(ret);	1,551✔
50
51	if (null_or_empty_path(path) > 0) {	1,551✔
UNCOV 52	log_debug("%s is masked, skipping.", path);	×
53	return 0;	1,551✔
54	}
55
56	_cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;	1,551✔
57	r = pidref_safe_fork_full(	6,204✔
58	"(exec-inner)",
59	(const int[]) { STDIN_FILENO, stdout_fd < 0 ? STDOUT_FILENO : stdout_fd, STDERR_FILENO },	1,759✔
60	/* except_fds= / NULL, / n_except_fds= */ 0,
61	FORK_DEATHSIG_SIGTERM\|FORK_LOG\|FORK_RLIMIT_NOFILE_SAFE\|FORK_REARRANGE_STDIO\|FORK_CLOSE_ALL_FDS,
62	&pidref);
63	if (r < 0)	3,102✔
64	return r;
65	if (r == 0) {	3,102✔
66	char *_argv[2];	1,551✔
67
68	if (set_systemd_exec_pid) {	1,551✔
69	r = setenv_systemd_exec_pid(false);	1,519✔
70	if (r < 0)	1,519✔
UNCOV 71	log_warning_errno(r, "Failed to set $SYSTEMD_EXEC_PID, ignoring: %m");	×
72	}
73
74	if (!argv) {	1,551✔
75	_argv[0] = (char*) path;	1,348✔
76	_argv[1] = NULL;	1,348✔
77	argv = _argv;	1,348✔
78	} else
79	argv[0] = (char*) path;	203✔
80
81	execv(path, argv);	1,551✔
82	log_error_errno(errno, "Failed to execute %s: %m", path);	1,551✔
83	_exit(EXIT_FAILURE);	1,551✔
84	}
85
86	*ret = TAKE_PIDREF(pidref);	1,551✔
87	return 1;	1,551✔
88	}
89
90	static int do_execute(	1,537✔
91	char * const *paths,
92	const char *root,
93	usec_t timeout,
94	gather_stdout_callback_t const callbacks[_STDOUT_CONSUME_MAX],
95	void * const callback_args[_STDOUT_CONSUME_MAX],
96	int output_fd,
97	char *argv[],
98	char *envp[],
99	ExecDirFlags flags) {
100
101	_cleanup_hashmap_free_ Hashmap *pids = NULL;	1,537✔
102	bool parallel_execution;	1,537✔
103	int r;	1,537✔
104
105	/* We fork this all off from a child process so that we can somewhat cleanly make use of SIGALRM
106	* to set a time limit.
107	*
108	* We attempt to perform parallel execution if configured by the user, however if `callbacks` is nonnull,
109	* execution must be serial.
110	*/
111
112	assert(!strv_isempty(paths));	1,537✔
113
114	parallel_execution = FLAGS_SET(flags, EXEC_DIR_PARALLEL) && !callbacks;	1,537✔
115
116	/* Abort execution of this process after the timeout. We simply rely on SIGALRM as
117	* default action terminating the process, and turn on alarm(). */
118
119	if (timeout != USEC_INFINITY)	1,537✔
120	alarm(DIV_ROUND_UP(timeout, USEC_PER_SEC));	1,537✔
121
122	STRV_FOREACH(e, envp)	9,365✔
123	if (putenv(*e) != 0)	7,828✔
UNCOV 124	return log_error_errno(errno, "Failed to set environment variable: %m");	×
125
126	STRV_FOREACH(path, paths) {	3,087✔
127	_cleanup_free_ char *t = NULL;	1,551✔
128	_cleanup_close_ int fd = -EBADF;	1,551✔
129
130	t = path_join(root, *path);	1,551✔
131	if (!t)	1,551✔
UNCOV 132	return log_oom();	×
133
134	if (callbacks) {	1,551✔
135	_cleanup_free_ char *bn = NULL;	1,343✔
136
137	r = path_extract_filename(*path, &bn);	1,343✔
138	if (r < 0)	1,343✔
139	return log_error_errno(r, "Failed to extract filename from path '%s': %m", *path);	×
140
141	fd = open_serialization_fd(bn);	1,343✔
142	if (fd < 0)	1,343✔
UNCOV 143	return log_error_errno(fd, "Failed to open serialization file: %m");	×
144	}
145
146	if (DEBUG_LOGGING) {	1,551✔
147	_cleanup_free_ char *s = NULL;	1,100✔
148
149	char **args = strv_skip(argv, 1);	1,100✔
150	if (args)	1,100✔
UNCOV 151	s = quote_command_line(args, SHELL_ESCAPE_EMPTY);	×
152
153	log_debug("About to execute %s%s%s", t, args ? " " : "", args ? strnull(s) : "");	1,100✔
154	}
155
156	if (FLAGS_SET(flags, EXEC_DIR_WARN_WORLD_WRITABLE)) {	1,551✔
157	struct stat st;	192✔
158
159	r = stat(t, &st);	192✔
160	if (r < 0)	192✔
161	log_warning_errno(errno, "Failed to stat '%s', ignoring: %m", t);	192✔
162	else if (S_ISREG(st.st_mode) && (st.st_mode & 0002))	192✔
UNCOV 163	log_warning("'%s' is marked world-writable, which is a security risk as it "	×
164	"is executed with privileges. Please remove world writability "
165	"permission bits. Proceeding anyway.", t);
166	}
167
168	_cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;	1,551✔
169	r = do_spawn(t, argv, fd, FLAGS_SET(flags, EXEC_DIR_SET_SYSTEMD_EXEC_PID), &pidref);	1,551✔
170	if (r <= 0)	1,551✔
171	continue;	×
172
173	if (parallel_execution) {	1,551✔
UNCOV 174	_cleanup_(pidref_freep) PidRef *dup = NULL;	×
175	r = pidref_dup(&pidref, &dup);	206✔
176	if (r < 0)	206✔
177	return r;
178
179	r = hashmap_ensure_put(&pids, &pidref_hash_ops_free_free, dup, t);	206✔
180	if (r < 0)	206✔
181	return log_oom();	×
182
183	TAKE_PTR(dup);	206✔
184	TAKE_PTR(t);	206✔
185	} else {
186	bool skip_remaining = false;	1,345✔
187
188	r = pidref_wait_for_terminate_and_check(t, &pidref, WAIT_LOG_ABNORMAL);	1,345✔
189	if (r < 0)	1,345✔
190	return r;
191	if (r > 0) {	1,345✔
192	if (FLAGS_SET(flags, EXEC_DIR_SKIP_REMAINING) && r == EXIT_SKIP_REMAINING) {	1✔
UNCOV 193	log_info("%s succeeded with exit status %i, not executing remaining executables.", *path, r);	×
194	skip_remaining = true;
195	} else if (FLAGS_SET(flags, EXEC_DIR_IGNORE_ERRORS))	1✔
UNCOV 196	log_warning("%s failed with exit status %i, ignoring.", *path, r);	×
197	else {
198	log_error("%s failed with exit status %i.", *path, r);	1✔
199	return r;	1✔
200	}
201	}
202
203	if (callbacks) {	1,344✔
204	r = finish_serialization_fd(fd);	1,343✔
205	if (r < 0)	1,343✔
UNCOV 206	return log_error_errno(r, "Failed to finish serialization fd: %m");	×
207
208	r = callbacks[STDOUT_GENERATE](TAKE_FD(fd), callback_args[STDOUT_GENERATE]);	1,343✔
209	if (r < 0)	1,343✔
UNCOV 210	return log_error_errno(r, "Failed to process output from %s: %m", *path);	×
211	}
212
213	if (skip_remaining)	1,344✔
214	break;
215	}
216	}
217
218	if (callbacks) {	1,536✔
219	r = callbacks[STDOUT_COLLECT](output_fd, callback_args[STDOUT_COLLECT]);	1,332✔
220	if (r < 0)	1,332✔
UNCOV 221	return log_error_errno(r, "Callback two failed: %m");	×
222	}
223
224	while (!hashmap_isempty(pids)) {	1,742✔
225	_cleanup_free_ char *t = NULL;	206✔
226	void *p;	206✔
227
228	t = ASSERT_PTR(hashmap_steal_first_key_and_value(pids, &p));	206✔
229	_cleanup_(pidref_freep) PidRef *pidref = p;	206✔
230
231	r = pidref_wait_for_terminate_and_check(t, pidref, WAIT_LOG);	206✔
232	if (r < 0)	206✔
233	return r;
234	if (!FLAGS_SET(flags, EXEC_DIR_IGNORE_ERRORS) && r > 0)	206✔
235	return r;
236	}
237
238	return 0;
239	}
240
241	int execute_strv(	938✔
242	const char *name,
243	char * const *paths,
244	const char *root,
245	usec_t timeout,
246	gather_stdout_callback_t const callbacks[_STDOUT_CONSUME_MAX],
247	void * const callback_args[_STDOUT_CONSUME_MAX],
248	char *argv[],
249	char *envp[],
250	ExecDirFlags flags) {
251
252	_cleanup_close_ int fd = -EBADF;	938✔
253	int r;	938✔
254
255	assert(name);	938✔
256	assert(!FLAGS_SET(flags, EXEC_DIR_PARALLEL \| EXEC_DIR_SKIP_REMAINING));	938✔
257
258	if (strv_isempty(paths))	1,876✔
259	return 0;
260
261	if (callbacks) {	938✔
262	assert(callbacks[STDOUT_GENERATE]);	745✔
263	assert(callbacks[STDOUT_COLLECT]);	745✔
264	assert(callbacks[STDOUT_CONSUME]);	745✔
265	assert(callback_args);	745✔
266
267	fd = open_serialization_fd(name);	745✔
268	if (fd < 0)	745✔
UNCOV 269	return log_error_errno(fd, "Failed to open serialization file for %s: %m", name);	×
270	}
271
272	/* Executes all binaries in the directories serially or in parallel and waits for
273	* them to finish. Optionally a timeout is applied. If a file with the same name
274	* exists in more than one directory, the earliest one wins. */
275
276	const char *process_name = strjoina("(", name, ")");	6,566✔
277
278	PidRef executor_pidref = PIDREF_NULL;	938✔
279	r = pidref_safe_fork(process_name, FORK_RESET_SIGNALS\|FORK_DEATHSIG_SIGTERM\|FORK_LOG, &executor_pidref);	938✔
280	if (r < 0)	2,475✔
281	return r;
282	if (r == 0) {	2,475✔
283	r = do_execute(paths, root, timeout, callbacks, callback_args, fd, argv, envp, flags);	1,537✔
284	_exit(r < 0 ? EXIT_FAILURE : r);	1,537✔
285	}
286
287	r = pidref_wait_for_terminate_and_check(process_name, &executor_pidref, 0);	938✔
288	if (r < 0)	938✔
289	return r;
290	if (!FLAGS_SET(flags, EXEC_DIR_IGNORE_ERRORS) && r > 0)	938✔
291	return r;
292
293	if (!callbacks)	937✔
294	return 0;
295
296	r = finish_serialization_fd(fd);	745✔
297	if (r < 0)	745✔
UNCOV 298	return log_error_errno(r, "Failed to finish serialization fd for %s: %m", name);	×
299
300	r = callbacks[STDOUT_CONSUME](TAKE_FD(fd), callback_args[STDOUT_CONSUME]);	745✔
301	if (r < 0)	745✔
UNCOV 302	return log_error_errno(r, "Failed to parse returned data for %s: %m", name);	×
303
304	return 0;
305	}
306
307	int execute_directories(	938✔
308	const char *name,
309	const char * const *directories,
310	usec_t timeout,
311	gather_stdout_callback_t const callbacks[_STDOUT_CONSUME_MAX],
312	void * const callback_args[_STDOUT_CONSUME_MAX],
313	char *argv[],
314	char *envp[],
315	ExecDirFlags flags) {
316
317	_cleanup_strv_free_ char **paths = NULL;	938✔
318	int r;	938✔
319
320	assert(name);	938✔
321	assert(!strv_isempty((char* const*) directories));	938✔
322
323	r = conf_files_list_strv(	938✔
324	&paths,
325	/* suffix= */ NULL,
326	/* root= */ NULL,
327	CONF_FILES_EXECUTABLE\|CONF_FILES_REGULAR\|CONF_FILES_FILTER_MASKED,
328	directories);
329	if (r < 0)	938✔
UNCOV 330	return log_error_errno(r, "%s: failed to enumerate executables: %m", name);	×
331
332	if (strv_isempty(paths)) {	938✔
UNCOV 333	log_debug("%s: no executables found.", name);	×
UNCOV 334	return 0;	×
335	}
336
337	return execute_strv(name, paths, /* root= */ NULL, timeout, callbacks, callback_args, argv, envp, flags);	938✔
338	}
339
340	static int gather_environment_generate(int fd, void *arg) {	1,333✔
341	char ***env = ASSERT_PTR(arg);	1,333✔
342	_cleanup_fclose_ FILE *f = NULL;	1,333✔
343	_cleanup_strv_free_ char **new = NULL;	1,333✔
344	int r;	1,333✔
345
346	/* Read a series of VAR=value assignments from fd, use them to update the list of variables in env.
347	* Also update the exported environment.
348	*
349	* fd is always consumed, even on error.
350	*/
351
352	assert(fd >= 0);	1,333✔
353
354	f = fdopen(fd, "r");	1,333✔
355	if (!f) {	1,333✔
UNCOV 356	safe_close(fd);	×
UNCOV 357	return -errno;	×
358	}
359
360	r = load_env_file_pairs(f, NULL, &new);	1,333✔
361	if (r < 0)	1,333✔
362	return r;
363
364	STRV_FOREACH_PAIR(x, y, new) {	2,492✔
365	if (!env_name_is_valid(*x)) {	1,159✔
366	log_warning("Invalid variable assignment \"%s=...\", ignoring.", *x);	4✔
367	continue;	4✔
368	}
369
370	r = strv_env_assign(env, x, y);	1,155✔
371	if (r < 0)	1,155✔
372	return r;
373
374	if (setenv(x, y, /* overwrite= */ true) < 0)	1,155✔
UNCOV 375	return -errno;	×
376	}
377
378	return 0;
379	}
380
381	static int gather_environment_collect(int fd, void *arg) {	1,329✔
382	char ***env = ASSERT_PTR(arg);	1,329✔
383	_cleanup_fclose_ FILE *f = NULL;	1,329✔
384	int r;	1,329✔
385
386	/* Write out a series of env=cescape(VAR=value) assignments to fd. */
387
388	assert(fd >= 0);	1,329✔
389
390	f = fdopen(fd, "w");	1,329✔
391	if (!f) {	1,329✔
392	safe_close(fd);	×
UNCOV 393	return -errno;	×
394	}
395
396	r = serialize_strv(f, "env", *env);	1,329✔
397	if (r < 0)	1,329✔
398	return r;
399
400	r = fflush_and_check(f);	1,329✔
401	if (r < 0)	1,329✔
UNCOV 402	return r;	×
403
404	return 0;
405	}
406
407	static int gather_environment_consume(int fd, void *arg) {	742✔
408	char ***env = ASSERT_PTR(arg);	742✔
409	_cleanup_fclose_ FILE *f = NULL;	742✔
410	int r, ret = 0;	742✔
411
412	/* Read a series of env=cescape(VAR=value) assignments from fd into env. */
413
414	assert(fd >= 0);	742✔
415
416	f = fdopen(fd, "r");	742✔
417	if (!f) {	742✔
UNCOV 418	safe_close(fd);	×
UNCOV 419	return -errno;	×
420	}
421
422	for (;;) {	1,307✔
423	_cleanup_free_ char *line = NULL;	1,307✔
424	const char *v;	1,307✔
425
426	r = read_line(f, LONG_LINE_MAX, &line);	1,307✔
427	if (r < 0)	1,307✔
428	return r;
429	if (r == 0)	1,307✔
430	return ret;
431
432	v = startswith(line, "env=");	565✔
433	if (!v) {	565✔
UNCOV 434	RET_GATHER(ret, log_debug_errno(SYNTHETIC_ERRNO(EINVAL),	×
435	"Serialization line unexpectedly didn't start with \"env=\", ignoring: %s",
436	line));
UNCOV 437	continue;	×
438	}
439
440	r = deserialize_environment(v, env);	565✔
441	if (r < 0)	565✔
UNCOV 442	RET_GATHER(ret, log_debug_errno(r, "Failed to deserialize line \"%s\": %m", line));	×
443	}
444	}
445
446	const gather_stdout_callback_t gather_environment[_STDOUT_CONSUME_MAX] = {
447	gather_environment_generate,
448	gather_environment_collect,
449	gather_environment_consume,
450	};
451
452	int exec_command_flags_from_strv(char * const ex_opts, ExecCommandFlags ret) {	488✔
453	ExecCommandFlags flags = 0;	488✔
454
455	assert(ret);	488✔
456
457	STRV_FOREACH(opt, ex_opts) {	703✔
458	ExecCommandFlags fl = exec_command_flags_from_string(*opt);	216✔
459	if (fl < 0)	216✔
460	return fl;
461
462	flags \|= fl;	215✔
463	}
464
465	*ret = flags;	487✔
466
467	return 0;	487✔
468	}
469
470	int exec_command_flags_to_strv(ExecCommandFlags flags, char ***ret) {	3,234✔
471	_cleanup_strv_free_ char **opts = NULL;	3,234✔
472	int r;	3,234✔
473
474	assert(flags >= 0);	3,234✔
475	assert(ret);	3,234✔
476
477	BIT_FOREACH(i, flags) {	4,632✔
478	const char *s = exec_command_flags_to_string(1 << i);	1,399✔
479	if (!s)	1,399✔
480	return -EINVAL;
481
482	r = strv_extend(&opts, s);	1,398✔
483	if (r < 0)	1,398✔
484	return r;
485	}
486
487	*ret = TAKE_PTR(opts);	3,233✔
488
489	return 0;	3,233✔
490	}
491
492	static const char* const exec_command_strings[] = {
493	"ignore-failure", /* EXEC_COMMAND_IGNORE_FAILURE */
494	"privileged", /* EXEC_COMMAND_FULLY_PRIVILEGED */
495	"no-setuid", /* EXEC_COMMAND_NO_SETUID */
496	"no-env-expand", /* EXEC_COMMAND_NO_ENV_EXPAND */
497	"via-shell", /* EXEC_COMMAND_VIA_SHELL */
498	};
499
500	assert_cc((1 << ELEMENTSOF(exec_command_strings)) - 1 == _EXEC_COMMAND_FLAGS_ALL);
501
502	const char* exec_command_flags_to_string(ExecCommandFlags i) {	1,399✔
503	for (size_t idx = 0; idx < ELEMENTSOF(exec_command_strings); idx++)	5,577✔
504	if (i == (1 << idx))	5,576✔
505	return exec_command_strings[idx];	1,398✔
506
507	return NULL;
508	}
509
510	ExecCommandFlags exec_command_flags_from_string(const char *s) {	216✔
511	ssize_t idx;	216✔
512
513	if (streq(s, "ambient")) /* Compatibility with ambient hack, removed in v258, map to no bits set */	216✔
514	return 0;
515
516	idx = string_table_lookup_from_string(exec_command_strings, ELEMENTSOF(exec_command_strings), s);	216✔
517	if (idx < 0)	216✔
518	return _EXEC_COMMAND_FLAGS_INVALID;
519
520	return 1 << idx;	215✔
521	}
522
523	int fexecve_or_execve(int executable_fd, const char executable, char const argv[], char *const envp[]) {	23,406✔
524	/* Refuse invalid fds, regardless if fexecve() use is enabled or not */
525	if (executable_fd < 0)	23,406✔
526	return -EBADF;
527
528	/* Block any attempts on exploiting Linux' liberal argv[] handling, i.e. CVE-2021-4034 and suchlike */
529	if (isempty(executable) \|\| strv_isempty(argv))	46,812✔
530	return -EINVAL;
531
532	#if ENABLE_FEXECVE
533
534	execveat(executable_fd, "", argv, envp, AT_EMPTY_PATH);
535
536	/* Old kernel or a script or an overzealous seccomp filter? Let's fall back to execve().
537	*
538	* fexecve(3): "If fd refers to a script (i.e., it is an executable text file that names a
539	* script interpreter with a first line that begins with the characters #!) and the
540	* close-on-exec flag has been set for fd, then fexecve() fails with the error ENOENT. This
541	* error occurs because, by the time the script interpreter is executed, fd has already been
542	* closed because of the close-on-exec flag. Thus, the close-on-exec flag can't be set on fd
543	* if it refers to a script."
544	*
545	* Unfortunately, if we unset close-on-exec, the script will be executed just fine, but (at
546	* least in case of bash) the script name, $0, will be shown as /dev/fd/nnn, which breaks
547	* scripts which make use of $0. Thus, let's fall back to execve() in this case.
548	*/
549	if (!IN_SET(errno, ENOSYS, ENOENT) && !ERRNO_IS_PRIVILEGE(errno))
550	return -errno;
551	#endif
552	execve(executable, argv, envp);	23,406✔
553	return -errno;	23,406✔
554	}
555
556	int shall_fork_agent(void) {	4,385✔
557	int r;	4,385✔
558
559	/* Check if we have a controlling terminal. If not (ENXIO here), we aren't actually invoked
560	* interactively on a terminal, hence fail. */
561	r = get_ctty_devnr(0, NULL);	4,385✔
562	if (r == -ENXIO)	4,385✔
563	return false;
564	if (r < 0)	×
565	return r;
566
UNCOV 567	if (!is_main_thread())	×
UNCOV 568	return -EPERM;	×
569
570	return true;
571	}
572
UNCOV 573	int _fork_agent(const char name, char const argv, const int except[], size_t n_except, PidRef ret) {	×
UNCOV 574	int r;	×
575
576	assert(!strv_isempty(argv));	×
577
578	/* Spawns a temporary TTY agent, making sure it goes away when we go away */
579
UNCOV 580	r = pidref_safe_fork_full(	×
581	name,
582	/* stdio_fds= */ NULL,
583	(int) except, n_except, / safe_fork_full only changes except if you pass in FORK_PACK_FDS, which we don't */
584	FORK_RESET_SIGNALS\|FORK_DEATHSIG_SIGTERM\|FORK_CLOSE_ALL_FDS\|FORK_REOPEN_LOG\|FORK_RLIMIT_NOFILE_SAFE,
585	ret);
UNCOV 586	if (r < 0)	×
587	return r;
588	if (r > 0)	×
589	return 0;
590
591	/* In the child: */
592
UNCOV 593	bool stdin_is_tty = isatty_safe(STDIN_FILENO),	×
594	stdout_is_tty = isatty_safe(STDOUT_FILENO),	×
595	stderr_is_tty = isatty_safe(STDERR_FILENO);	×
596
597	if (!stdin_is_tty \|\| !stdout_is_tty \|\| !stderr_is_tty) {	×
UNCOV 598	int fd;	×
599
600	/* Detach from stdin/stdout/stderr and reopen /dev/tty for them. This is important to ensure
601	* that when systemctl is started via popen() or a similar call that expects to read EOF we
602	* actually do generate EOF and not delay this indefinitely by keeping an unused copy of
603	* stdin around. */
UNCOV 604	fd = open_terminal("/dev/tty", stdin_is_tty ? O_WRONLY : (stdout_is_tty && stderr_is_tty) ? O_RDONLY : O_RDWR);	×
605	if (fd < 0) {	×
606	log_error_errno(fd, "Failed to open %s: %m", "/dev/tty");	×
607	_exit(EXIT_FAILURE);	×
608	}
609
610	if (!stdin_is_tty && dup2(fd, STDIN_FILENO) < 0) {	×
611	log_error_errno(errno, "Failed to dup2 /dev/tty to STDIN: %m");	×
612	_exit(EXIT_FAILURE);	×
613	}
614
615	if (!stdout_is_tty && dup2(fd, STDOUT_FILENO) < 0) {	×
UNCOV 616	log_error_errno(errno, "Failed to dup2 /dev/tty to STDOUT: %m");	×
UNCOV 617	_exit(EXIT_FAILURE);	×
618	}
619
UNCOV 620	if (!stderr_is_tty && dup2(fd, STDERR_FILENO) < 0) {	×
UNCOV 621	log_error_errno(errno, "Failed to dup2 /dev/tty to STDERR: %m");	×
UNCOV 622	_exit(EXIT_FAILURE);	×
623	}
624
625	fd = safe_close_above_stdio(fd);	×
626	}
627
628	/* Count arguments */
UNCOV 629	execv(argv[0], argv);	×
630
631	/* Let's treat missing agent binary as a graceful issue (in order to support splitting out the Polkit
632	* or password agents into separate, optional distro packages), and not complain loudly. */
UNCOV 633	log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, errno,	×
634	"Failed to execute %s: %m", argv[0]);
UNCOV 635	_exit(EXIT_FAILURE);	×
636	}

systemd / systemd / 20401947236

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous