1 /*-
2 * Copyright (c) 1992, 1993, 1994
3 * The Regents of the University of California. All rights reserved.
4 * Copyright (c) 1992, 1993, 1994, 1995, 1996
5 * Keith Bostic. All rights reserved.
6 *
7 * See the LICENSE file for redistribution information.
8 */
9
10 #include "config.h"
11
12 #include <sys/types.h>
13 #include <sys/queue.h>
14 #include <sys/stat.h>
15
16 #include <bitstring.h>
17 #include <fcntl.h>
18 #include <limits.h>
19 #include <stdio.h>
20 #include <stdlib.h>
21 #include <string.h>
22 #include <unistd.h>
23
24 #include "../common/common.h"
25 #include "tag.h"
26 #include "pathnames.h"
27
28 enum rc { NOEXIST, NOPERM, RCOK };
29 static enum rc exrc_isok(SCR *, struct stat *, char *, int, int);
30
31 static int ex_run_file(SCR *, char *);
32
33 /*
34 * ex_screen_copy --
35 * Copy ex screen.
36 *
37 * PUBLIC: int ex_screen_copy(SCR *, SCR *);
38 */
39 int
ex_screen_copy(SCR * orig,SCR * sp)40 ex_screen_copy(SCR *orig, SCR *sp)
41 {
42 EX_PRIVATE *oexp, *nexp;
43
44 /* Create the private ex structure. */
45 CALLOC_RET(orig, nexp, 1, sizeof(EX_PRIVATE));
46 sp->ex_private = nexp;
47
48 /* Initialize queues. */
49 TAILQ_INIT(nexp->tq);
50 TAILQ_INIT(nexp->tagfq);
51 SLIST_INIT(nexp->cscq);
52
53 if (orig == NULL) {
54 } else {
55 oexp = EXP(orig);
56
57 if (oexp->lastbcomm != NULL &&
58 (nexp->lastbcomm = v_wstrdup(sp, oexp->lastbcomm,
59 STRLEN(oexp->lastbcomm))) == NULL) {
60 msgq(sp, M_SYSERR, NULL);
61 return(1);
62 }
63 if (ex_tag_copy(orig, sp))
64 return (1);
65 }
66 return (0);
67 }
68
69 /*
70 * ex_screen_end --
71 * End a vi screen.
72 *
73 * PUBLIC: int ex_screen_end(SCR *);
74 */
75 int
ex_screen_end(SCR * sp)76 ex_screen_end(SCR *sp)
77 {
78 EX_PRIVATE *exp;
79 int rval;
80
81 if ((exp = EXP(sp)) == NULL)
82 return (0);
83
84 rval = 0;
85
86 /* Close down script connections. */
87 if (F_ISSET(sp, SC_SCRIPT) && sscr_end(sp))
88 rval = 1;
89
90 if (argv_free(sp))
91 rval = 1;
92
93 free(exp->ibp);
94
95 free(exp->lastbcomm);
96
97 free(exp->ibcw.bp1.c);
98
99 if (ex_tag_free(sp))
100 rval = 1;
101
102 if (cscope_end(sp))
103 rval = 1;
104
105 /* Free private memory. */
106 free(exp);
107 sp->ex_private = NULL;
108
109 return (rval);
110 }
111
112 /*
113 * ex_optchange --
114 * Handle change of options for ex.
115 *
116 * PUBLIC: int ex_optchange(SCR *, int, char *, u_long *);
117 */
118 int
ex_optchange(SCR * sp,int offset,char * str,u_long * valp)119 ex_optchange(SCR *sp, int offset, char *str, u_long *valp)
120 {
121 switch (offset) {
122 case O_TAGS:
123 return (ex_tagf_alloc(sp, str));
124 }
125 return (0);
126 }
127
128 /*
129 * ex_exrc --
130 * Read the EXINIT environment variable and the startup exrc files,
131 * and execute their commands.
132 *
133 * PUBLIC: int ex_exrc(SCR *);
134 */
135 int
ex_exrc(SCR * sp)136 ex_exrc(SCR *sp)
137 {
138 struct stat hsb, lsb;
139 char *p, *path;
140 CHAR_T *wp;
141 size_t wlen;
142
143 /*
144 * Source the system, environment, $HOME and local .exrc values.
145 * Vi historically didn't check $HOME/.exrc if the environment
146 * variable EXINIT was set. This is all done before the file is
147 * read in, because things in the .exrc information can set, for
148 * example, the recovery directory.
149 *
150 * !!!
151 * While nvi can handle any of the options settings of historic vi,
152 * the converse is not true. Since users are going to have to have
153 * files and environmental variables that work with both, we use nvi
154 * versions of both the $HOME and local startup files if they exist,
155 * otherwise the historic ones.
156 *
157 * !!!
158 * For a discussion of permissions and when what .exrc files are
159 * read, see the comment above the exrc_isok() function below.
160 *
161 * !!!
162 * If the user started the historic of vi in $HOME, vi read the user's
163 * .exrc file twice, as $HOME/.exrc and as ./.exrc. We avoid this, as
164 * it's going to make some commands behave oddly, and I can't imagine
165 * anyone depending on it.
166 */
167 switch (exrc_isok(sp, &hsb, _PATH_SYSEXRC, 1, 0)) {
168 case NOEXIST:
169 case NOPERM:
170 break;
171 case RCOK:
172 if (ex_run_file(sp, _PATH_SYSEXRC))
173 return (1);
174 break;
175 }
176
177 /* Run the commands. */
178 if (EXCMD_RUNNING(sp->gp))
179 (void)ex_cmd(sp);
180 if (F_ISSET(sp, SC_EXIT | SC_EXIT_FORCE))
181 return (0);
182
183 if ((p = getenv("NEXINIT")) != NULL) {
184 CHAR2INT(sp, p, strlen(p) + 1, wp, wlen);
185 if (ex_run_str(sp, "NEXINIT", wp, wlen - 1, 1, 0))
186 return (1);
187 } else if ((p = getenv("EXINIT")) != NULL) {
188 CHAR2INT(sp, p, strlen(p) + 1, wp, wlen);
189 if (ex_run_str(sp, "EXINIT", wp, wlen - 1, 1, 0))
190 return (1);
191 } else if ((p = getenv("HOME")) != NULL && *p) {
192 int st = 0;
193
194 if ((path = join(p, _PATH_NEXRC)) == NULL) {
195 msgq(sp, M_SYSERR, NULL);
196 return (1);
197 }
198 switch (exrc_isok(sp, &hsb, path, 0, 1)) {
199 case NOEXIST:
200 free(path);
201 if ((path = join(p, _PATH_EXRC)) == NULL) {
202 msgq(sp, M_SYSERR, NULL);
203 return (1);
204 }
205 if (exrc_isok(sp,
206 &hsb, path, 0, 1) == RCOK && ex_run_file(sp, path))
207 st = 1;
208 break;
209 case NOPERM:
210 break;
211 case RCOK:
212 if (ex_run_file(sp, path))
213 st = 1;
214 break;
215 }
216 free(path);
217 if (st)
218 return st;
219 }
220
221 /* Run the commands. */
222 if (EXCMD_RUNNING(sp->gp))
223 (void)ex_cmd(sp);
224 if (F_ISSET(sp, SC_EXIT | SC_EXIT_FORCE))
225 return (0);
226
227 /* Previous commands may have set the exrc option. */
228 if (O_ISSET(sp, O_EXRC)) {
229 switch (exrc_isok(sp, &lsb, _PATH_NEXRC, 0, 0)) {
230 case NOEXIST:
231 if (exrc_isok(sp, &lsb, _PATH_EXRC, 0, 0) == RCOK &&
232 (lsb.st_dev != hsb.st_dev ||
233 lsb.st_ino != hsb.st_ino) &&
234 ex_run_file(sp, _PATH_EXRC))
235 return (1);
236 break;
237 case NOPERM:
238 break;
239 case RCOK:
240 if ((lsb.st_dev != hsb.st_dev ||
241 lsb.st_ino != hsb.st_ino) &&
242 ex_run_file(sp, _PATH_NEXRC))
243 return (1);
244 break;
245 }
246 /* Run the commands. */
247 if (EXCMD_RUNNING(sp->gp))
248 (void)ex_cmd(sp);
249 if (F_ISSET(sp, SC_EXIT | SC_EXIT_FORCE))
250 return (0);
251 }
252
253 return (0);
254 }
255
256 /*
257 * ex_run_file --
258 * Set up a file of ex commands to run.
259 */
260 static int
ex_run_file(SCR * sp,char * name)261 ex_run_file(SCR *sp, char *name)
262 {
263 EXCMD cmd;
264 CHAR_T *wp;
265 size_t wlen;
266
267 ex_cinit(sp, &cmd, C_SOURCE, 0, OOBLNO, OOBLNO, 0);
268 CHAR2INT(sp, name, strlen(name)+1, wp, wlen);
269 argv_exp0(sp, &cmd, wp, wlen - 1);
270 return (ex_source(sp, &cmd));
271 }
272
273 /*
274 * ex_run_str --
275 * Set up a string of ex commands to run.
276 *
277 * PUBLIC: int ex_run_str(SCR *, char *, CHAR_T *, size_t, int, int);
278 */
279 int
ex_run_str(SCR * sp,char * name,CHAR_T * str,size_t len,int ex_flags,int nocopy)280 ex_run_str(SCR *sp, char *name, CHAR_T *str, size_t len, int ex_flags, int nocopy)
281 {
282 GS *gp;
283 EXCMD *ecp;
284
285 gp = sp->gp;
286 if (EXCMD_RUNNING(gp)) {
287 CALLOC_RET(sp, ecp, 1, sizeof(EXCMD));
288 SLIST_INSERT_HEAD(gp->ecq, ecp, q);
289 } else
290 ecp = &gp->excmd;
291
292 F_INIT(ecp,
293 ex_flags ? E_BLIGNORE | E_NOAUTO | E_NOPRDEF | E_VLITONLY : 0);
294
295 if (nocopy)
296 ecp->cp = str;
297 else
298 if ((ecp->cp = v_wstrdup(sp, str, len)) == NULL)
299 return (1);
300 ecp->clen = len;
301
302 if (name == NULL)
303 ecp->if_name = NULL;
304 else {
305 if ((ecp->if_name = v_strdup(sp, name, strlen(name))) == NULL)
306 return (1);
307 ecp->if_lno = 1;
308 F_SET(ecp, E_NAMEDISCARD);
309 }
310
311 return (0);
312 }
313
314 /*
315 * exrc_isok --
316 * Check a .exrc file for source-ability.
317 *
318 * !!!
319 * Historically, vi read the $HOME and local .exrc files if they were owned
320 * by the user's real ID, or the "sourceany" option was set, regardless of
321 * any other considerations. We no longer support the sourceany option as
322 * it's a security problem of mammoth proportions. We require the system
323 * .exrc file to be owned by root, the $HOME .exrc file to be owned by the
324 * user's effective ID (or that the user's effective ID be root) and the
325 * local .exrc files to be owned by the user's effective ID. In all cases,
326 * the file cannot be writeable by anyone other than its owner.
327 *
328 * In O'Reilly ("Learning the VI Editor", Fifth Ed., May 1992, page 106),
329 * it notes that System V release 3.2 and later has an option "[no]exrc".
330 * The behavior is that local .exrc files are read only if the exrc option
331 * is set. The default for the exrc option was off, so, by default, local
332 * .exrc files were not read. The problem this was intended to solve was
333 * that System V permitted users to give away files, so there's no possible
334 * ownership or writeability test to ensure that the file is safe.
335 *
336 * POSIX 1003.2-1992 standardized exrc as an option. It required the exrc
337 * option to be off by default, thus local .exrc files are not to be read
338 * by default. The Rationale noted (incorrectly) that this was a change
339 * to historic practice, but correctly noted that a default of off improves
340 * system security. POSIX also required that vi check the effective user
341 * ID instead of the real user ID, which is why we've switched from historic
342 * practice.
343 *
344 * We initialize the exrc variable to off. If it's turned on by the system
345 * or $HOME .exrc files, and the local .exrc file passes the ownership and
346 * writeability tests, then we read it. This breaks historic 4BSD practice,
347 * but it gives us a measure of security on systems where users can give away
348 * files.
349 */
350 static enum rc
exrc_isok(SCR * sp,struct stat * sbp,char * path,int rootown,int rootid)351 exrc_isok(SCR *sp, struct stat *sbp, char *path, int rootown, int rootid)
352 {
353 enum { ROOTOWN, OWN, WRITER } etype;
354 uid_t euid;
355 int nf1, nf2;
356 char *a, *b, *buf;
357
358 /* Check for the file's existence. */
359 if (stat(path, sbp))
360 return (NOEXIST);
361
362 /* Check ownership permissions. */
363 euid = geteuid();
364 if (!(rootown && sbp->st_uid == 0) &&
365 !(rootid && euid == 0) && sbp->st_uid != euid) {
366 etype = rootown ? ROOTOWN : OWN;
367 goto denied;
368 }
369
370 /* Check writeability. */
371 if (sbp->st_mode & (S_IWGRP | S_IWOTH)) {
372 etype = WRITER;
373 goto denied;
374 }
375 return (RCOK);
376
377 denied: a = msg_print(sp, path, &nf1);
378 if (strchr(path, '/') == NULL && (buf = getcwd(NULL, 0)) != NULL) {
379 char *p;
380
381 b = msg_print(sp, buf, &nf2);
382 if ((p = join(b, a)) == NULL) {
383 msgq(sp, M_SYSERR, NULL);
384 goto err;
385 }
386 switch (etype) {
387 case ROOTOWN:
388 msgq(sp, M_ERR,
389 "128|%s: not sourced: not owned by you or root", p);
390 break;
391 case OWN:
392 msgq(sp, M_ERR,
393 "129|%s: not sourced: not owned by you", p);
394 break;
395 case WRITER:
396 msgq(sp, M_ERR,
397 "130|%s: not sourced: writeable by a user other than the owner", p);
398 break;
399 }
400 free(p);
401 err: free(buf);
402 if (nf2)
403 FREE_SPACE(sp, b, 0);
404 } else
405 switch (etype) {
406 case ROOTOWN:
407 msgq(sp, M_ERR,
408 "128|%s: not sourced: not owned by you or root", a);
409 break;
410 case OWN:
411 msgq(sp, M_ERR,
412 "129|%s: not sourced: not owned by you", a);
413 break;
414 case WRITER:
415 msgq(sp, M_ERR,
416 "130|%s: not sourced: writeable by a user other than the owner", a);
417 break;
418 }
419
420 if (nf1)
421 FREE_SPACE(sp, a, 0);
422 return (NOPERM);
423 }
424