1 /* $NetBSD: ex_init.c,v 1.4 2014/01/26 21:43:45 christos Exp $ */
3 * Copyright (c) 1992, 1993, 1994
4 * The Regents of the University of California. All rights reserved.
5 * Copyright (c) 1992, 1993, 1994, 1995, 1996
6 * Keith Bostic. All rights reserved.
8 * See the LICENSE file for redistribution information.
13 #include <sys/cdefs.h>
16 static const char sccsid
[] = "Id: ex_init.c,v 10.31 2001/06/25 15:19:16 skimo Exp (Berkeley) Date: 2001/06/25 15:19:16 ";
19 __RCSID("$NetBSD: ex_init.c,v 1.4 2014/01/26 21:43:45 christos Exp $");
22 #include <sys/param.h>
23 #include <sys/types.h> /* XXX: param.h may not have included types.h */
24 #include <sys/queue.h>
27 #include <bitstring.h>
35 #include "../common/common.h"
37 #include "pathnames.h"
39 enum rc
{ NOEXIST
, NOPERM
, RCOK
};
40 static enum rc exrc_isok
__P((SCR
*, struct stat
*, const char *, int, int));
42 static int ex_run_file
__P((SCR
*, const char *));
48 * PUBLIC: int ex_screen_copy __P((SCR *, SCR *));
51 ex_screen_copy(SCR
*orig
, SCR
*sp
)
53 EX_PRIVATE
*oexp
, *nexp
;
55 /* Create the private ex structure. */
56 CALLOC_RET(orig
, nexp
, EX_PRIVATE
*, 1, sizeof(EX_PRIVATE
));
57 sp
->ex_private
= nexp
;
59 /* Initialize queues. */
60 TAILQ_INIT(&nexp
->tq
);
61 TAILQ_INIT(&nexp
->tagfq
);
62 LIST_INIT(&nexp
->cscq
);
68 if (oexp
->lastbcomm
!= NULL
&&
69 (nexp
->lastbcomm
= v_wstrdup(sp
, oexp
->lastbcomm
,
70 STRLEN(oexp
->lastbcomm
))) == NULL
) {
71 msgq(sp
, M_SYSERR
, NULL
);
74 if (ex_tag_copy(orig
, sp
))
84 * PUBLIC: int ex_screen_end __P((SCR *));
87 ex_screen_end(SCR
*sp
)
92 if ((exp
= EXP(sp
)) == NULL
)
97 /* Close down script connections. */
98 if (F_ISSET(sp
, SC_SCRIPT
) && sscr_end(sp
))
104 if (exp
->ibp
!= NULL
)
107 if (exp
->lastbcomm
!= NULL
)
108 free(exp
->lastbcomm
);
113 /* Free private memory. */
115 sp
->ex_private
= NULL
;
122 * Handle change of options for ex.
124 * PUBLIC: int ex_optchange __P((SCR *, int, const char *, u_long *));
127 ex_optchange(SCR
*sp
, int offset
, const char *str
, u_long
*valp
)
131 return (ex_tagf_alloc(sp
, str
));
138 * Read the EXINIT environment variable and the startup exrc files,
139 * and execute their commands.
141 * PUBLIC: int ex_exrc __P((SCR *));
146 struct stat hsb
, lsb
;
147 char *p
, path
[MAXPATHLEN
];
152 * Source the system, environment, $HOME and local .exrc values.
153 * Vi historically didn't check $HOME/.exrc if the environment
154 * variable EXINIT was set. This is all done before the file is
155 * read in, because things in the .exrc information can set, for
156 * example, the recovery directory.
159 * While nvi can handle any of the options settings of historic vi,
160 * the converse is not true. Since users are going to have to have
161 * files and environmental variables that work with both, we use nvi
162 * versions of both the $HOME and local startup files if they exist,
163 * otherwise the historic ones.
166 * For a discussion of permissions and when what .exrc files are
167 * read, see the comment above the exrc_isok() function below.
170 * If the user started the historic of vi in $HOME, vi read the user's
171 * .exrc file twice, as $HOME/.exrc and as ./.exrc. We avoid this, as
172 * it's going to make some commands behave oddly, and I can't imagine
173 * anyone depending on it.
175 switch (exrc_isok(sp
, &hsb
, _PATH_SYSEXRC
, 1, 0)) {
180 if (ex_run_file(sp
, _PATH_SYSEXRC
))
185 /* Run the commands. */
186 if (EXCMD_RUNNING(sp
->wp
))
188 if (F_ISSET(sp
, SC_EXIT
| SC_EXIT_FORCE
))
191 if ((p
= getenv("NEXINIT")) != NULL
) {
192 CHAR2INT(sp
, p
, strlen(p
) + 1, wp
, wlen
);
193 if (ex_run_str(sp
, "NEXINIT", wp
, wlen
- 1, 1, 0))
195 } else if ((p
= getenv("EXINIT")) != NULL
) {
196 CHAR2INT(sp
, p
, strlen(p
) + 1, wp
, wlen
);
197 if (ex_run_str(sp
, "EXINIT", wp
, wlen
- 1, 1, 0))
199 } else if ((p
= getenv("HOME")) != NULL
&& *p
) {
200 (void)snprintf(path
, sizeof(path
), "%s/%s", p
, _PATH_NEXRC
);
201 switch (exrc_isok(sp
, &hsb
, path
, 0, 1)) {
204 sizeof(path
), "%s/%s", p
, _PATH_EXRC
);
206 &hsb
, path
, 0, 1) == RCOK
&& ex_run_file(sp
, path
))
212 if (ex_run_file(sp
, path
))
218 /* Run the commands. */
219 if (EXCMD_RUNNING(sp
->wp
))
221 if (F_ISSET(sp
, SC_EXIT
| SC_EXIT_FORCE
))
224 /* Previous commands may have set the exrc option. */
225 if (O_ISSET(sp
, O_EXRC
)) {
226 switch (exrc_isok(sp
, &lsb
, _PATH_NEXRC
, 0, 0)) {
228 if (exrc_isok(sp
, &lsb
, _PATH_EXRC
, 0, 0) == RCOK
&&
229 (lsb
.st_dev
!= hsb
.st_dev
||
230 lsb
.st_ino
!= hsb
.st_ino
) &&
231 ex_run_file(sp
, _PATH_EXRC
))
237 if ((lsb
.st_dev
!= hsb
.st_dev
||
238 lsb
.st_ino
!= hsb
.st_ino
) &&
239 ex_run_file(sp
, _PATH_NEXRC
))
243 /* Run the commands. */
244 if (EXCMD_RUNNING(sp
->wp
))
246 if (F_ISSET(sp
, SC_EXIT
| SC_EXIT_FORCE
))
255 * Set up a file of ex commands to run.
258 ex_run_file(SCR
*sp
, const char *name
)
264 ex_cinit(sp
, &cmd
, C_SOURCE
, 0, OOBLNO
, OOBLNO
, 0);
265 CHAR2INT(sp
, name
, strlen(name
)+1, wp
, wlen
);
266 argv_exp0(sp
, &cmd
, wp
, wlen
- 1);
267 return (ex_source(sp
, &cmd
));
272 * Set up a string of ex commands to run.
274 * PUBLIC: int ex_run_str __P((SCR *, const char *, const CHAR_T *, size_t, int, int));
277 ex_run_str(SCR
*sp
, const char *name
, const CHAR_T
*str
, size_t len
, int ex_flags
, int nocopy
)
283 if (EXCMD_RUNNING(wp
)) {
284 CALLOC_RET(sp
, ecp
, EXCMD
*, 1, sizeof(EXCMD
));
285 LIST_INSERT_HEAD(&wp
->ecq
, ecp
, q
);
290 ex_flags
? E_BLIGNORE
| E_NOAUTO
| E_NOPRDEF
| E_VLITONLY
: 0);
293 ecp
->cp
= __UNCONST(str
);
295 if ((ecp
->cp
= v_wstrdup(sp
, str
, len
)) == NULL
)
302 if ((ecp
->if_name
= v_strdup(sp
, name
, strlen(name
))) == NULL
)
305 F_SET(ecp
, E_NAMEDISCARD
);
313 * Check a .exrc file for source-ability.
316 * Historically, vi read the $HOME and local .exrc files if they were owned
317 * by the user's real ID, or the "sourceany" option was set, regardless of
318 * any other considerations. We no longer support the sourceany option as
319 * it's a security problem of mammoth proportions. We require the system
320 * .exrc file to be owned by root, the $HOME .exrc file to be owned by the
321 * user's effective ID (or that the user's effective ID be root) and the
322 * local .exrc files to be owned by the user's effective ID. In all cases,
323 * the file cannot be writeable by anyone other than its owner.
325 * In O'Reilly ("Learning the VI Editor", Fifth Ed., May 1992, page 106),
326 * it notes that System V release 3.2 and later has an option "[no]exrc".
327 * The behavior is that local .exrc files are read only if the exrc option
328 * is set. The default for the exrc option was off, so, by default, local
329 * .exrc files were not read. The problem this was intended to solve was
330 * that System V permitted users to give away files, so there's no possible
331 * ownership or writeability test to ensure that the file is safe.
333 * POSIX 1003.2-1992 standardized exrc as an option. It required the exrc
334 * option to be off by default, thus local .exrc files are not to be read
335 * by default. The Rationale noted (incorrectly) that this was a change
336 * to historic practice, but correctly noted that a default of off improves
337 * system security. POSIX also required that vi check the effective user
338 * ID instead of the real user ID, which is why we've switched from historic
341 * We initialize the exrc variable to off. If it's turned on by the system
342 * or $HOME .exrc files, and the local .exrc file passes the ownership and
343 * writeability tests, then we read it. This breaks historic 4BSD practice,
344 * but it gives us a measure of security on systems where users can give away
348 exrc_isok(SCR
*sp
, struct stat
*sbp
, const char *path
, int rootown
, int rootid
)
350 enum { ROOTOWN
, OWN
, WRITER
} etype
;
353 char *a
, *b
, buf
[MAXPATHLEN
];
355 /* Check for the file's existence. */
359 /* Check ownership permissions. */
361 if (!(rootown
&& sbp
->st_uid
== 0) &&
362 !(rootid
&& euid
== 0) && sbp
->st_uid
!= euid
) {
363 etype
= rootown
? ROOTOWN
: OWN
;
367 /* Check writeability. */
368 if (sbp
->st_mode
& (S_IWGRP
| S_IWOTH
)) {
374 denied
: a
= msg_print(sp
, path
, &nf1
);
375 if (strchr(path
, '/') == NULL
&& getcwd(buf
, sizeof(buf
)) != NULL
) {
376 b
= msg_print(sp
, buf
, &nf2
);
380 "125|%s/%s: not sourced: not owned by you or root",
385 "126|%s/%s: not sourced: not owned by you", b
, a
);
389 "127|%s/%s: not sourced: writeable by a user other than the owner", b
, a
);
393 FREE_SPACE(sp
, b
, 0);
398 "128|%s: not sourced: not owned by you or root", a
);
402 "129|%s: not sourced: not owned by you", a
);
406 "130|%s: not sourced: writeable by a user other than the owner", a
);
411 FREE_SPACE(sp
, a
, 0);