1 /*-
2 * Copyright (c) 1992, 1993, 1994
3 * The Regents of the University of California. All rights reserved.
4 * Copyright (c) 1992, 1993, 1994, 1995, 1996
5 * Keith Bostic. All rights reserved.
6 *
7 * See the LICENSE file for redistribution information.
8 */
9
10 #include "config.h"
11
12 #ifndef lint
13 static const char sccsid[] = "@(#)ex_init.c 10.26 (Berkeley) 8/12/96";
14 #endif /* not lint */
15
16 #include <sys/param.h>
17 #include <sys/types.h> /* XXX: param.h may not have included types.h */
18 #include <sys/queue.h>
19 #include <sys/stat.h>
20
21 #include <bitstring.h>
22 #include <fcntl.h>
23 #include <limits.h>
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <string.h>
27 #include <unistd.h>
28
29 #include "../common/common.h"
30 #include "tag.h"
31 #include "pathnames.h"
32
33 enum rc { NOEXIST, NOPERM, RCOK };
34 static enum rc exrc_isok __P((SCR *, struct stat *, char *, int, int));
35
36 static int ex_run_file __P((SCR *, char *));
37
38 /*
39 * ex_screen_copy --
40 * Copy ex screen.
41 *
42 * PUBLIC: int ex_screen_copy __P((SCR *, SCR *));
43 */
44 int
ex_screen_copy(orig,sp)45 ex_screen_copy(orig, sp)
46 SCR *orig, *sp;
47 {
48 EX_PRIVATE *oexp, *nexp;
49
50 /* Create the private ex structure. */
51 CALLOC_RET(orig, nexp, EX_PRIVATE *, 1, sizeof(EX_PRIVATE));
52 sp->ex_private = nexp;
53
54 /* Initialize queues. */
55 CIRCLEQ_INIT(&nexp->tq);
56 TAILQ_INIT(&nexp->tagfq);
57 LIST_INIT(&nexp->cscq);
58
59 if (orig == NULL) {
60 } else {
61 oexp = EXP(orig);
62
63 if (oexp->lastbcomm != NULL &&
64 (nexp->lastbcomm = strdup(oexp->lastbcomm)) == NULL) {
65 msgq(sp, M_SYSERR, NULL);
66 return(1);
67 }
68 if (ex_tag_copy(orig, sp))
69 return (1);
70 }
71 return (0);
72 }
73
74 /*
75 * ex_screen_end --
76 * End a vi screen.
77 *
78 * PUBLIC: int ex_screen_end __P((SCR *));
79 */
80 int
ex_screen_end(sp)81 ex_screen_end(sp)
82 SCR *sp;
83 {
84 EX_PRIVATE *exp;
85 int rval;
86
87 if ((exp = EXP(sp)) == NULL)
88 return (0);
89
90 rval = 0;
91
92 /* Close down script connections. */
93 if (F_ISSET(sp, SC_SCRIPT) && sscr_end(sp))
94 rval = 1;
95
96 if (argv_free(sp))
97 rval = 1;
98
99 if (exp->ibp != NULL)
100 free(exp->ibp);
101
102 if (exp->lastbcomm != NULL)
103 free(exp->lastbcomm);
104
105 if (ex_tag_free(sp))
106 rval = 1;
107
108 /* Free private memory. */
109 free(exp);
110 sp->ex_private = NULL;
111
112 return (rval);
113 }
114
115 /*
116 * ex_optchange --
117 * Handle change of options for ex.
118 *
119 * PUBLIC: int ex_optchange __P((SCR *, int, char *, u_long *));
120 */
121 int
ex_optchange(sp,offset,str,valp)122 ex_optchange(sp, offset, str, valp)
123 SCR *sp;
124 int offset;
125 char *str;
126 u_long *valp;
127 {
128 switch (offset) {
129 case O_TAGS:
130 return (ex_tagf_alloc(sp, str));
131 }
132 return (0);
133 }
134
135 /*
136 * ex_exrc --
137 * Read the EXINIT environment variable and the startup exrc files,
138 * and execute their commands.
139 *
140 * PUBLIC: int ex_exrc __P((SCR *));
141 */
142 int
ex_exrc(sp)143 ex_exrc(sp)
144 SCR *sp;
145 {
146 struct stat hsb, lsb;
147 char *p, path[MAXPATHLEN];
148
149 /*
150 * Source the system, environment, $HOME and local .exrc values.
151 * Vi historically didn't check $HOME/.exrc if the environment
152 * variable EXINIT was set. This is all done before the file is
153 * read in, because things in the .exrc information can set, for
154 * example, the recovery directory.
155 *
156 * !!!
157 * While nvi can handle any of the options settings of historic vi,
158 * the converse is not true. Since users are going to have to have
159 * files and environmental variables that work with both, we use nvi
160 * versions of both the $HOME and local startup files if they exist,
161 * otherwise the historic ones.
162 *
163 * !!!
164 * For a discussion of permissions and when what .exrc files are
165 * read, see the comment above the exrc_isok() function below.
166 *
167 * !!!
168 * If the user started the historic of vi in $HOME, vi read the user's
169 * .exrc file twice, as $HOME/.exrc and as ./.exrc. We avoid this, as
170 * it's going to make some commands behave oddly, and I can't imagine
171 * anyone depending on it.
172 */
173 switch (exrc_isok(sp, &hsb, _PATH_SYSEXRC, 1, 0)) {
174 case NOEXIST:
175 case NOPERM:
176 break;
177 case RCOK:
178 if (ex_run_file(sp, _PATH_SYSEXRC))
179 return (1);
180 break;
181 }
182
183 /* Run the commands. */
184 if (EXCMD_RUNNING(sp->gp))
185 (void)ex_cmd(sp);
186 if (F_ISSET(sp, SC_EXIT | SC_EXIT_FORCE))
187 return (0);
188
189 if ((p = getenv("NEXINIT")) != NULL) {
190 if (ex_run_str(sp, "NEXINIT", p, strlen(p), 1, 0))
191 return (1);
192 } else if ((p = getenv("EXINIT")) != NULL) {
193 if (ex_run_str(sp, "EXINIT", p, strlen(p), 1, 0))
194 return (1);
195 } else if ((p = getenv("HOME")) != NULL && *p) {
196 (void)snprintf(path, sizeof(path), "%s/%s", p, _PATH_NEXRC);
197 switch (exrc_isok(sp, &hsb, path, 0, 1)) {
198 case NOEXIST:
199 (void)snprintf(path,
200 sizeof(path), "%s/%s", p, _PATH_EXRC);
201 if (exrc_isok(sp,
202 &hsb, path, 0, 1) == RCOK && ex_run_file(sp, path))
203 return (1);
204 break;
205 case NOPERM:
206 break;
207 case RCOK:
208 if (ex_run_file(sp, path))
209 return (1);
210 break;
211 }
212 }
213
214 /* Run the commands. */
215 if (EXCMD_RUNNING(sp->gp))
216 (void)ex_cmd(sp);
217 if (F_ISSET(sp, SC_EXIT | SC_EXIT_FORCE))
218 return (0);
219
220 /* Previous commands may have set the exrc option. */
221 if (O_ISSET(sp, O_EXRC)) {
222 switch (exrc_isok(sp, &lsb, _PATH_NEXRC, 0, 0)) {
223 case NOEXIST:
224 if (exrc_isok(sp, &lsb, _PATH_EXRC, 0, 0) == RCOK &&
225 (lsb.st_dev != hsb.st_dev ||
226 lsb.st_ino != hsb.st_ino) &&
227 ex_run_file(sp, _PATH_EXRC))
228 return (1);
229 break;
230 case NOPERM:
231 break;
232 case RCOK:
233 if ((lsb.st_dev != hsb.st_dev ||
234 lsb.st_ino != hsb.st_ino) &&
235 ex_run_file(sp, _PATH_NEXRC))
236 return (1);
237 break;
238 }
239 /* Run the commands. */
240 if (EXCMD_RUNNING(sp->gp))
241 (void)ex_cmd(sp);
242 if (F_ISSET(sp, SC_EXIT | SC_EXIT_FORCE))
243 return (0);
244 }
245
246 return (0);
247 }
248
249 /*
250 * ex_run_file --
251 * Set up a file of ex commands to run.
252 */
253 static int
ex_run_file(sp,name)254 ex_run_file(sp, name)
255 SCR *sp;
256 char *name;
257 {
258 ARGS *ap[2], a;
259 EXCMD cmd;
260
261 ex_cinit(&cmd, C_SOURCE, 0, OOBLNO, OOBLNO, 0, ap);
262 ex_cadd(&cmd, &a, name, strlen(name));
263 return (ex_source(sp, &cmd));
264 }
265
266 /*
267 * ex_run_str --
268 * Set up a string of ex commands to run.
269 *
270 * PUBLIC: int ex_run_str __P((SCR *, char *, char *, size_t, int, int));
271 */
272 int
ex_run_str(sp,name,str,len,ex_flags,nocopy)273 ex_run_str(sp, name, str, len, ex_flags, nocopy)
274 SCR *sp;
275 char *name, *str;
276 size_t len;
277 int ex_flags, nocopy;
278 {
279 GS *gp;
280 EXCMD *ecp;
281
282 gp = sp->gp;
283 if (EXCMD_RUNNING(gp)) {
284 CALLOC_RET(sp, ecp, EXCMD *, 1, sizeof(EXCMD));
285 LIST_INSERT_HEAD(&gp->ecq, ecp, q);
286 } else
287 ecp = &gp->excmd;
288
289 F_INIT(ecp,
290 ex_flags ? E_BLIGNORE | E_NOAUTO | E_NOPRDEF | E_VLITONLY : 0);
291
292 if (nocopy)
293 ecp->cp = str;
294 else
295 if ((ecp->cp = v_strdup(sp, str, len)) == NULL)
296 return (1);
297 ecp->clen = len;
298
299 if (name == NULL)
300 ecp->if_name = NULL;
301 else {
302 if ((ecp->if_name = v_strdup(sp, name, strlen(name))) == NULL)
303 return (1);
304 ecp->if_lno = 1;
305 F_SET(ecp, E_NAMEDISCARD);
306 }
307
308 return (0);
309 }
310
311 /*
312 * exrc_isok --
313 * Check a .exrc file for source-ability.
314 *
315 * !!!
316 * Historically, vi read the $HOME and local .exrc files if they were owned
317 * by the user's real ID, or the "sourceany" option was set, regardless of
318 * any other considerations. We no longer support the sourceany option as
319 * it's a security problem of mammoth proportions. We require the system
320 * .exrc file to be owned by root, the $HOME .exrc file to be owned by the
321 * user's effective ID (or that the user's effective ID be root) and the
322 * local .exrc files to be owned by the user's effective ID. In all cases,
323 * the file cannot be writeable by anyone other than its owner.
324 *
325 * In O'Reilly ("Learning the VI Editor", Fifth Ed., May 1992, page 106),
326 * it notes that System V release 3.2 and later has an option "[no]exrc".
327 * The behavior is that local .exrc files are read only if the exrc option
328 * is set. The default for the exrc option was off, so, by default, local
329 * .exrc files were not read. The problem this was intended to solve was
330 * that System V permitted users to give away files, so there's no possible
331 * ownership or writeability test to ensure that the file is safe.
332 *
333 * POSIX 1003.2-1992 standardized exrc as an option. It required the exrc
334 * option to be off by default, thus local .exrc files are not to be read
335 * by default. The Rationale noted (incorrectly) that this was a change
336 * to historic practice, but correctly noted that a default of off improves
337 * system security. POSIX also required that vi check the effective user
338 * ID instead of the real user ID, which is why we've switched from historic
339 * practice.
340 *
341 * We initialize the exrc variable to off. If it's turned on by the system
342 * or $HOME .exrc files, and the local .exrc file passes the ownership and
343 * writeability tests, then we read it. This breaks historic 4BSD practice,
344 * but it gives us a measure of security on systems where users can give away
345 * files.
346 */
347 static enum rc
exrc_isok(sp,sbp,path,rootown,rootid)348 exrc_isok(sp, sbp, path, rootown, rootid)
349 SCR *sp;
350 struct stat *sbp;
351 char *path;
352 int rootown, rootid;
353 {
354 enum { ROOTOWN, OWN, WRITER } etype;
355 uid_t euid;
356 int nf1, nf2;
357 char *a, *b, buf[MAXPATHLEN];
358
359 /* Check for the file's existence. */
360 if (stat(path, sbp))
361 return (NOEXIST);
362
363 /* Check ownership permissions. */
364 euid = geteuid();
365 if (!(rootown && sbp->st_uid == 0) &&
366 !(rootid && euid == 0) && sbp->st_uid != euid) {
367 etype = rootown ? ROOTOWN : OWN;
368 goto denied;
369 }
370
371 /* Check writeability. */
372 if (sbp->st_mode & (S_IWGRP | S_IWOTH)) {
373 etype = WRITER;
374 goto denied;
375 }
376 return (RCOK);
377
378 denied: a = msg_print(sp, path, &nf1);
379 if (strchr(path, '/') == NULL && getcwd(buf, sizeof(buf)) != NULL) {
380 b = msg_print(sp, buf, &nf2);
381 switch (etype) {
382 case ROOTOWN:
383 msgq(sp, M_ERR,
384 "125|%s/%s: not sourced: not owned by you or root",
385 b, a);
386 break;
387 case OWN:
388 msgq(sp, M_ERR,
389 "126|%s/%s: not sourced: not owned by you", b, a);
390 break;
391 case WRITER:
392 msgq(sp, M_ERR,
393 "127|%s/%s: not sourced: writeable by a user other than the owner", b, a);
394 break;
395 }
396 if (nf2)
397 FREE_SPACE(sp, b, 0);
398 } else
399 switch (etype) {
400 case ROOTOWN:
401 msgq(sp, M_ERR,
402 "128|%s: not sourced: not owned by you or root", a);
403 break;
404 case OWN:
405 msgq(sp, M_ERR,
406 "129|%s: not sourced: not owned by you", a);
407 break;
408 case WRITER:
409 msgq(sp, M_ERR,
410 "130|%s: not sourced: writeable by a user other than the owner", a);
411 break;
412 }
413
414 if (nf1)
415 FREE_SPACE(sp, a, 0);
416 return (NOPERM);
417 }
418