diff options
author | Peter Wemm <peter@FreeBSD.org> | 1996-11-01 06:45:43 +0000 |
---|---|---|
committer | Peter Wemm <peter@FreeBSD.org> | 1996-11-01 06:45:43 +0000 |
commit | b8ba871bd943582ed54f83888569d65b356469bd (patch) | |
tree | 88f923c9c0be2e2a225a9b21716fd582de668b42 /contrib/nvi/ex/ex_init.c | |
parent | f1460870b9b650c789026a4fb571ce2634243b10 (diff) | |
download | src-b8ba871bd943582ed54f83888569d65b356469bd.tar.gz src-b8ba871bd943582ed54f83888569d65b356469bd.zip |
Import of nvi-1.79, minus a few bits that we dont need (eg: postscript
files, curses, db, regex etc that we already have). The other glue will
follow shortly.
Obtained from: Keith Bostic <bostic@bostic.com>
Notes
Notes:
svn path=/vendor/nvi/dist/; revision=19304
Diffstat (limited to 'contrib/nvi/ex/ex_init.c')
-rw-r--r-- | contrib/nvi/ex/ex_init.c | 417 |
1 files changed, 417 insertions, 0 deletions
diff --git a/contrib/nvi/ex/ex_init.c b/contrib/nvi/ex/ex_init.c new file mode 100644 index 000000000000..6a78416a3344 --- /dev/null +++ b/contrib/nvi/ex/ex_init.c @@ -0,0 +1,417 @@ +/*- + * Copyright (c) 1992, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * Copyright (c) 1992, 1993, 1994, 1995, 1996 + * Keith Bostic. All rights reserved. + * + * See the LICENSE file for redistribution information. + */ + +#include "config.h" + +#ifndef lint +static const char sccsid[] = "@(#)ex_init.c 10.26 (Berkeley) 8/12/96"; +#endif /* not lint */ + +#include <sys/param.h> +#include <sys/types.h> /* XXX: param.h may not have included types.h */ +#include <sys/queue.h> +#include <sys/stat.h> + +#include <bitstring.h> +#include <fcntl.h> +#include <limits.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#include "../common/common.h" +#include "tag.h" +#include "pathnames.h" + +enum rc { NOEXIST, NOPERM, RCOK }; +static enum rc exrc_isok __P((SCR *, struct stat *, char *, int, int)); + +static int ex_run_file __P((SCR *, char *)); + +/* + * ex_screen_copy -- + * Copy ex screen. + * + * PUBLIC: int ex_screen_copy __P((SCR *, SCR *)); + */ +int +ex_screen_copy(orig, sp) + SCR *orig, *sp; +{ + EX_PRIVATE *oexp, *nexp; + + /* Create the private ex structure. */ + CALLOC_RET(orig, nexp, EX_PRIVATE *, 1, sizeof(EX_PRIVATE)); + sp->ex_private = nexp; + + /* Initialize queues. */ + CIRCLEQ_INIT(&nexp->tq); + TAILQ_INIT(&nexp->tagfq); + LIST_INIT(&nexp->cscq); + + if (orig == NULL) { + } else { + oexp = EXP(orig); + + if (oexp->lastbcomm != NULL && + (nexp->lastbcomm = strdup(oexp->lastbcomm)) == NULL) { + msgq(sp, M_SYSERR, NULL); + return(1); + } + if (ex_tag_copy(orig, sp)) + return (1); + } + return (0); +} + +/* + * ex_screen_end -- + * End a vi screen. + * + * PUBLIC: int ex_screen_end __P((SCR *)); + */ +int +ex_screen_end(sp) + SCR *sp; +{ + EX_PRIVATE *exp; + int rval; + + if ((exp = EXP(sp)) == NULL) + return (0); + + rval = 0; + + /* Close down script connections. */ + if (F_ISSET(sp, SC_SCRIPT) && sscr_end(sp)) + rval = 1; + + if (argv_free(sp)) + rval = 1; + + if (exp->ibp != NULL) + free(exp->ibp); + + if (exp->lastbcomm != NULL) + free(exp->lastbcomm); + + if (ex_tag_free(sp)) + rval = 1; + + /* Free private memory. */ + free(exp); + sp->ex_private = NULL; + + return (rval); +} + +/* + * ex_optchange -- + * Handle change of options for ex. + * + * PUBLIC: int ex_optchange __P((SCR *, int, char *, u_long *)); + */ +int +ex_optchange(sp, offset, str, valp) + SCR *sp; + int offset; + char *str; + u_long *valp; +{ + switch (offset) { + case O_TAGS: + return (ex_tagf_alloc(sp, str)); + } + return (0); +} + +/* + * ex_exrc -- + * Read the EXINIT environment variable and the startup exrc files, + * and execute their commands. + * + * PUBLIC: int ex_exrc __P((SCR *)); + */ +int +ex_exrc(sp) + SCR *sp; +{ + struct stat hsb, lsb; + char *p, path[MAXPATHLEN]; + + /* + * Source the system, environment, $HOME and local .exrc values. + * Vi historically didn't check $HOME/.exrc if the environment + * variable EXINIT was set. This is all done before the file is + * read in, because things in the .exrc information can set, for + * example, the recovery directory. + * + * !!! + * While nvi can handle any of the options settings of historic vi, + * the converse is not true. Since users are going to have to have + * files and environmental variables that work with both, we use nvi + * versions of both the $HOME and local startup files if they exist, + * otherwise the historic ones. + * + * !!! + * For a discussion of permissions and when what .exrc files are + * read, see the comment above the exrc_isok() function below. + * + * !!! + * If the user started the historic of vi in $HOME, vi read the user's + * .exrc file twice, as $HOME/.exrc and as ./.exrc. We avoid this, as + * it's going to make some commands behave oddly, and I can't imagine + * anyone depending on it. + */ + switch (exrc_isok(sp, &hsb, _PATH_SYSEXRC, 1, 0)) { + case NOEXIST: + case NOPERM: + break; + case RCOK: + if (ex_run_file(sp, _PATH_SYSEXRC)) + return (1); + break; + } + + /* Run the commands. */ + if (EXCMD_RUNNING(sp->gp)) + (void)ex_cmd(sp); + if (F_ISSET(sp, SC_EXIT | SC_EXIT_FORCE)) + return (0); + + if ((p = getenv("NEXINIT")) != NULL) { + if (ex_run_str(sp, "NEXINIT", p, strlen(p), 1, 0)) + return (1); + } else if ((p = getenv("EXINIT")) != NULL) { + if (ex_run_str(sp, "EXINIT", p, strlen(p), 1, 0)) + return (1); + } else if ((p = getenv("HOME")) != NULL && *p) { + (void)snprintf(path, sizeof(path), "%s/%s", p, _PATH_NEXRC); + switch (exrc_isok(sp, &hsb, path, 0, 1)) { + case NOEXIST: + (void)snprintf(path, + sizeof(path), "%s/%s", p, _PATH_EXRC); + if (exrc_isok(sp, + &hsb, path, 0, 1) == RCOK && ex_run_file(sp, path)) + return (1); + break; + case NOPERM: + break; + case RCOK: + if (ex_run_file(sp, path)) + return (1); + break; + } + } + + /* Run the commands. */ + if (EXCMD_RUNNING(sp->gp)) + (void)ex_cmd(sp); + if (F_ISSET(sp, SC_EXIT | SC_EXIT_FORCE)) + return (0); + + /* Previous commands may have set the exrc option. */ + if (O_ISSET(sp, O_EXRC)) { + switch (exrc_isok(sp, &lsb, _PATH_NEXRC, 0, 0)) { + case NOEXIST: + if (exrc_isok(sp, &lsb, _PATH_EXRC, 0, 0) == RCOK && + (lsb.st_dev != hsb.st_dev || + lsb.st_ino != hsb.st_ino) && + ex_run_file(sp, _PATH_EXRC)) + return (1); + break; + case NOPERM: + break; + case RCOK: + if ((lsb.st_dev != hsb.st_dev || + lsb.st_ino != hsb.st_ino) && + ex_run_file(sp, _PATH_NEXRC)) + return (1); + break; + } + /* Run the commands. */ + if (EXCMD_RUNNING(sp->gp)) + (void)ex_cmd(sp); + if (F_ISSET(sp, SC_EXIT | SC_EXIT_FORCE)) + return (0); + } + + return (0); +} + +/* + * ex_run_file -- + * Set up a file of ex commands to run. + */ +static int +ex_run_file(sp, name) + SCR *sp; + char *name; +{ + ARGS *ap[2], a; + EXCMD cmd; + + ex_cinit(&cmd, C_SOURCE, 0, OOBLNO, OOBLNO, 0, ap); + ex_cadd(&cmd, &a, name, strlen(name)); + return (ex_source(sp, &cmd)); +} + +/* + * ex_run_str -- + * Set up a string of ex commands to run. + * + * PUBLIC: int ex_run_str __P((SCR *, char *, char *, size_t, int, int)); + */ +int +ex_run_str(sp, name, str, len, ex_flags, nocopy) + SCR *sp; + char *name, *str; + size_t len; + int ex_flags, nocopy; +{ + GS *gp; + EXCMD *ecp; + + gp = sp->gp; + if (EXCMD_RUNNING(gp)) { + CALLOC_RET(sp, ecp, EXCMD *, 1, sizeof(EXCMD)); + LIST_INSERT_HEAD(&gp->ecq, ecp, q); + } else + ecp = &gp->excmd; + + F_INIT(ecp, + ex_flags ? E_BLIGNORE | E_NOAUTO | E_NOPRDEF | E_VLITONLY : 0); + + if (nocopy) + ecp->cp = str; + else + if ((ecp->cp = v_strdup(sp, str, len)) == NULL) + return (1); + ecp->clen = len; + + if (name == NULL) + ecp->if_name = NULL; + else { + if ((ecp->if_name = v_strdup(sp, name, strlen(name))) == NULL) + return (1); + ecp->if_lno = 1; + F_SET(ecp, E_NAMEDISCARD); + } + + return (0); +} + +/* + * exrc_isok -- + * Check a .exrc file for source-ability. + * + * !!! + * Historically, vi read the $HOME and local .exrc files if they were owned + * by the user's real ID, or the "sourceany" option was set, regardless of + * any other considerations. We no longer support the sourceany option as + * it's a security problem of mammoth proportions. We require the system + * .exrc file to be owned by root, the $HOME .exrc file to be owned by the + * user's effective ID (or that the user's effective ID be root) and the + * local .exrc files to be owned by the user's effective ID. In all cases, + * the file cannot be writeable by anyone other than its owner. + * + * In O'Reilly ("Learning the VI Editor", Fifth Ed., May 1992, page 106), + * it notes that System V release 3.2 and later has an option "[no]exrc". + * The behavior is that local .exrc files are read only if the exrc option + * is set. The default for the exrc option was off, so, by default, local + * .exrc files were not read. The problem this was intended to solve was + * that System V permitted users to give away files, so there's no possible + * ownership or writeability test to ensure that the file is safe. + * + * POSIX 1003.2-1992 standardized exrc as an option. It required the exrc + * option to be off by default, thus local .exrc files are not to be read + * by default. The Rationale noted (incorrectly) that this was a change + * to historic practice, but correctly noted that a default of off improves + * system security. POSIX also required that vi check the effective user + * ID instead of the real user ID, which is why we've switched from historic + * practice. + * + * We initialize the exrc variable to off. If it's turned on by the system + * or $HOME .exrc files, and the local .exrc file passes the ownership and + * writeability tests, then we read it. This breaks historic 4BSD practice, + * but it gives us a measure of security on systems where users can give away + * files. + */ +static enum rc +exrc_isok(sp, sbp, path, rootown, rootid) + SCR *sp; + struct stat *sbp; + char *path; + int rootown, rootid; +{ + enum { ROOTOWN, OWN, WRITER } etype; + uid_t euid; + int nf1, nf2; + char *a, *b, buf[MAXPATHLEN]; + + /* Check for the file's existence. */ + if (stat(path, sbp)) + return (NOEXIST); + + /* Check ownership permissions. */ + euid = geteuid(); + if (!(rootown && sbp->st_uid == 0) && + !(rootid && euid == 0) && sbp->st_uid != euid) { + etype = rootown ? ROOTOWN : OWN; + goto denied; + } + + /* Check writeability. */ + if (sbp->st_mode & (S_IWGRP | S_IWOTH)) { + etype = WRITER; + goto denied; + } + return (RCOK); + +denied: a = msg_print(sp, path, &nf1); + if (strchr(path, '/') == NULL && getcwd(buf, sizeof(buf)) != NULL) { + b = msg_print(sp, buf, &nf2); + switch (etype) { + case ROOTOWN: + msgq(sp, M_ERR, + "125|%s/%s: not sourced: not owned by you or root", + b, a); + break; + case OWN: + msgq(sp, M_ERR, + "126|%s/%s: not sourced: not owned by you", b, a); + break; + case WRITER: + msgq(sp, M_ERR, + "127|%s/%s: not sourced: writeable by a user other than the owner", b, a); + break; + } + if (nf2) + FREE_SPACE(sp, b, 0); + } else + switch (etype) { + case ROOTOWN: + msgq(sp, M_ERR, + "128|%s: not sourced: not owned by you or root", a); + break; + case OWN: + msgq(sp, M_ERR, + "129|%s: not sourced: not owned by you", a); + break; + case WRITER: + msgq(sp, M_ERR, + "130|%s: not sourced: writeable by a user other than the owner", a); + break; + } + + if (nf1) + FREE_SPACE(sp, a, 0); + return (NOPERM); +} |