2 * Copyright (c) 1992, 1993, 1994
3 * The Regents of the University of California. All rights reserved.
4 * Copyright (c) 1992, 1993, 1994, 1995, 1996
5 * Keith Bostic. All rights reserved.
7 * See the LICENSE file for redistribution information.
13 static const char sccsid[] = "$Id: ex_init.c,v 10.33 2012/04/11 19:12:34 zy Exp $";
16 #include <sys/types.h>
17 #include <sys/queue.h>
20 #include <bitstring.h>
28 #include "../common/common.h"
30 #include "pathnames.h"
32 enum rc { NOEXIST, NOPERM, RCOK };
33 static enum rc exrc_isok __P((SCR *, struct stat *, char *, int, int));
35 static int ex_run_file __P((SCR *, char *));
41 * PUBLIC: int ex_screen_copy __P((SCR *, SCR *));
44 ex_screen_copy(SCR *orig, SCR *sp)
46 EX_PRIVATE *oexp, *nexp;
48 /* Create the private ex structure. */
49 CALLOC_RET(orig, nexp, EX_PRIVATE *, 1, sizeof(EX_PRIVATE));
50 sp->ex_private = nexp;
52 /* Initialize queues. */
54 TAILQ_INIT(nexp->tagfq);
55 SLIST_INIT(nexp->cscq);
61 if (oexp->lastbcomm != NULL &&
62 (nexp->lastbcomm = v_wstrdup(sp, oexp->lastbcomm,
63 STRLEN(oexp->lastbcomm))) == NULL) {
64 msgq(sp, M_SYSERR, NULL);
67 if (ex_tag_copy(orig, sp))
77 * PUBLIC: int ex_screen_end __P((SCR *));
80 ex_screen_end(SCR *sp)
85 if ((exp = EXP(sp)) == NULL)
90 /* Close down script connections. */
91 if (F_ISSET(sp, SC_SCRIPT) && sscr_end(sp))
100 if (exp->lastbcomm != NULL)
101 free(exp->lastbcomm);
103 if (exp->ibcw.bp1.c != NULL)
104 free(exp->ibcw.bp1.c);
112 /* Free private memory. */
114 sp->ex_private = NULL;
121 * Handle change of options for ex.
123 * PUBLIC: int ex_optchange __P((SCR *, int, char *, u_long *));
126 ex_optchange(SCR *sp, int offset, char *str, u_long *valp)
130 return (ex_tagf_alloc(sp, str));
137 * Read the EXINIT environment variable and the startup exrc files,
138 * and execute their commands.
140 * PUBLIC: int ex_exrc __P((SCR *));
145 struct stat hsb, lsb;
151 * Source the system, environment, $HOME and local .exrc values.
152 * Vi historically didn't check $HOME/.exrc if the environment
153 * variable EXINIT was set. This is all done before the file is
154 * read in, because things in the .exrc information can set, for
155 * example, the recovery directory.
158 * While nvi can handle any of the options settings of historic vi,
159 * the converse is not true. Since users are going to have to have
160 * files and environmental variables that work with both, we use nvi
161 * versions of both the $HOME and local startup files if they exist,
162 * otherwise the historic ones.
165 * For a discussion of permissions and when what .exrc files are
166 * read, see the comment above the exrc_isok() function below.
169 * If the user started the historic of vi in $HOME, vi read the user's
170 * .exrc file twice, as $HOME/.exrc and as ./.exrc. We avoid this, as
171 * it's going to make some commands behave oddly, and I can't imagine
172 * anyone depending on it.
174 switch (exrc_isok(sp, &hsb, _PATH_SYSEXRC, 1, 0)) {
179 if (ex_run_file(sp, _PATH_SYSEXRC))
184 /* Run the commands. */
185 if (EXCMD_RUNNING(sp->gp))
187 if (F_ISSET(sp, SC_EXIT | SC_EXIT_FORCE))
190 if ((p = getenv("NEXINIT")) != NULL) {
191 CHAR2INT(sp, p, strlen(p) + 1, wp, wlen);
192 if (ex_run_str(sp, "NEXINIT", wp, wlen - 1, 1, 0))
194 } else if ((p = getenv("EXINIT")) != NULL) {
195 CHAR2INT(sp, p, strlen(p) + 1, wp, wlen);
196 if (ex_run_str(sp, "EXINIT", wp, wlen - 1, 1, 0))
198 } else if ((p = getenv("HOME")) != NULL && *p) {
201 if ((path = join(p, _PATH_NEXRC)) == NULL) {
202 msgq(sp, M_SYSERR, NULL);
205 switch (exrc_isok(sp, &hsb, path, 0, 1)) {
208 if ((path = join(p, _PATH_EXRC)) == NULL) {
209 msgq(sp, M_SYSERR, NULL);
213 &hsb, path, 0, 1) == RCOK && ex_run_file(sp, path))
219 if (ex_run_file(sp, path))
228 /* Run the commands. */
229 if (EXCMD_RUNNING(sp->gp))
231 if (F_ISSET(sp, SC_EXIT | SC_EXIT_FORCE))
234 /* Previous commands may have set the exrc option. */
235 if (O_ISSET(sp, O_EXRC)) {
236 switch (exrc_isok(sp, &lsb, _PATH_NEXRC, 0, 0)) {
238 if (exrc_isok(sp, &lsb, _PATH_EXRC, 0, 0) == RCOK &&
239 (lsb.st_dev != hsb.st_dev ||
240 lsb.st_ino != hsb.st_ino) &&
241 ex_run_file(sp, _PATH_EXRC))
247 if ((lsb.st_dev != hsb.st_dev ||
248 lsb.st_ino != hsb.st_ino) &&
249 ex_run_file(sp, _PATH_NEXRC))
253 /* Run the commands. */
254 if (EXCMD_RUNNING(sp->gp))
256 if (F_ISSET(sp, SC_EXIT | SC_EXIT_FORCE))
265 * Set up a file of ex commands to run.
268 ex_run_file(SCR *sp, char *name)
274 ex_cinit(sp, &cmd, C_SOURCE, 0, OOBLNO, OOBLNO, 0);
275 CHAR2INT(sp, name, strlen(name)+1, wp, wlen);
276 argv_exp0(sp, &cmd, wp, wlen - 1);
277 return (ex_source(sp, &cmd));
282 * Set up a string of ex commands to run.
284 * PUBLIC: int ex_run_str __P((SCR *, char *, CHAR_T *, size_t, int, int));
287 ex_run_str(SCR *sp, char *name, CHAR_T *str, size_t len, int ex_flags, int nocopy)
293 if (EXCMD_RUNNING(gp)) {
294 CALLOC_RET(sp, ecp, EXCMD *, 1, sizeof(EXCMD));
295 SLIST_INSERT_HEAD(gp->ecq, ecp, q);
300 ex_flags ? E_BLIGNORE | E_NOAUTO | E_NOPRDEF | E_VLITONLY : 0);
305 if ((ecp->cp = v_wstrdup(sp, str, len)) == NULL)
312 if ((ecp->if_name = v_strdup(sp, name, strlen(name))) == NULL)
315 F_SET(ecp, E_NAMEDISCARD);
323 * Check a .exrc file for source-ability.
326 * Historically, vi read the $HOME and local .exrc files if they were owned
327 * by the user's real ID, or the "sourceany" option was set, regardless of
328 * any other considerations. We no longer support the sourceany option as
329 * it's a security problem of mammoth proportions. We require the system
330 * .exrc file to be owned by root, the $HOME .exrc file to be owned by the
331 * user's effective ID (or that the user's effective ID be root) and the
332 * local .exrc files to be owned by the user's effective ID. In all cases,
333 * the file cannot be writeable by anyone other than its owner.
335 * In O'Reilly ("Learning the VI Editor", Fifth Ed., May 1992, page 106),
336 * it notes that System V release 3.2 and later has an option "[no]exrc".
337 * The behavior is that local .exrc files are read only if the exrc option
338 * is set. The default for the exrc option was off, so, by default, local
339 * .exrc files were not read. The problem this was intended to solve was
340 * that System V permitted users to give away files, so there's no possible
341 * ownership or writeability test to ensure that the file is safe.
343 * POSIX 1003.2-1992 standardized exrc as an option. It required the exrc
344 * option to be off by default, thus local .exrc files are not to be read
345 * by default. The Rationale noted (incorrectly) that this was a change
346 * to historic practice, but correctly noted that a default of off improves
347 * system security. POSIX also required that vi check the effective user
348 * ID instead of the real user ID, which is why we've switched from historic
351 * We initialize the exrc variable to off. If it's turned on by the system
352 * or $HOME .exrc files, and the local .exrc file passes the ownership and
353 * writeability tests, then we read it. This breaks historic 4BSD practice,
354 * but it gives us a measure of security on systems where users can give away
358 exrc_isok(SCR *sp, struct stat *sbp, char *path, int rootown, int rootid)
360 enum { ROOTOWN, OWN, WRITER } etype;
365 /* Check for the file's existence. */
369 /* Check ownership permissions. */
371 if (!(rootown && sbp->st_uid == 0) &&
372 !(rootid && euid == 0) && sbp->st_uid != euid) {
373 etype = rootown ? ROOTOWN : OWN;
377 /* Check writeability. */
378 if (sbp->st_mode & (S_IWGRP | S_IWOTH)) {
384 denied: a = msg_print(sp, path, &nf1);
385 if (strchr(path, '/') == NULL && (buf = getcwd(NULL, 0)) != NULL) {
388 b = msg_print(sp, buf, &nf2);
389 if ((p = join(b, a)) == NULL) {
390 msgq(sp, M_SYSERR, NULL);
396 "128|%s: not sourced: not owned by you or root", p);
400 "129|%s: not sourced: not owned by you", p);
404 "130|%s: not sourced: writeable by a user other than the owner", p);
410 FREE_SPACE(sp, b, 0);
415 "128|%s: not sourced: not owned by you or root", a);
419 "129|%s: not sourced: not owned by you", a);
423 "130|%s: not sourced: writeable by a user other than the owner", a);
428 FREE_SPACE(sp, a, 0);