Annotation of src/usr.bin/sudo/find_path.c, Revision 1.2
1.1 millert 1: /*
2: * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
3: * All rights reserved.
4: *
5: * Redistribution and use in source and binary forms, with or without
6: * modification, are permitted provided that the following conditions
7: * are met:
8: *
9: * 1. Redistributions of source code must retain the above copyright
10: * notice, this list of conditions and the following disclaimer.
11: *
12: * 2. Redistributions in binary form must reproduce the above copyright
13: * notice, this list of conditions and the following disclaimer in the
14: * documentation and/or other materials provided with the distribution.
15: *
16: * 3. The name of the author may not be used to endorse or promote products
17: * derived from this software without specific prior written permission.
18: *
19: * 4. Products derived from this software may not be called "Sudo" nor
20: * may "Sudo" appear in their names without specific prior written
21: * permission from the author.
22: *
23: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
24: * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
25: * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
26: * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
27: * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
28: * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
29: * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
30: * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
31: * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
32: * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33: */
34:
35: #include "config.h"
36:
37: #include <stdio.h>
38: #ifdef STDC_HEADERS
39: #include <stdlib.h>
40: #endif /* STDC_HEADERS */
41: #ifdef HAVE_UNISTD_H
42: #include <unistd.h>
43: #endif /* HAVE_UNISTD_H */
44: #ifdef HAVE_STRING_H
45: #include <string.h>
46: #endif /* HAVE_STRING_H */
47: #ifdef HAVE_STRINGS_H
48: #include <strings.h>
49: #endif /* HAVE_STRINGS_H */
50: #include <errno.h>
51: #include <sys/types.h>
52: #include <sys/param.h>
53: #include <sys/stat.h>
54:
55: #include "sudo.h"
56:
57: #ifndef STDC_HEADERS
58: extern char *getenv __P((const char *));
59: extern char *strcpy __P((char *, const char *));
60: extern int fprintf __P((FILE *, const char *, ...));
61: extern ssize_t readlink __P((const char *, VOID *, size_t));
62: extern int stat __P((const char *, struct stat *));
63: extern int lstat __P((const char *, struct stat *));
64: #endif /* !STDC_HEADERS */
65:
66: #ifndef lint
1.2 ! millert 67: static const char rcsid[] = "$Sudo: find_path.c,v 1.95 2000/01/27 04:31:58 millert Exp $";
1.1 millert 68: #endif /* lint */
69:
70: /*
71: * This function finds the full pathname for a command and
72: * stores it in a statically allocated array, filling in a pointer
73: * to the array. Returns FOUND if the command was found, NOT_FOUND
74: * if it was not found, or NOT_FOUND_DOT if it would have been found
75: * but it is in '.' and IGNORE_DOT is set.
76: */
77: int
78: find_path(infile, outfile)
79: char *infile; /* file to find */
80: char **outfile; /* result parameter */
81: {
82: static char command[MAXPATHLEN]; /* qualified filename */
83: char *n; /* for traversing path */
84: char *path = NULL; /* contents of PATH env var */
85: char *origpath; /* so we can free path later */
86: char *result = NULL; /* result of path/file lookup */
87: int checkdot = 0; /* check current dir? */
88:
89: if (strlen(infile) >= MAXPATHLEN) {
90: (void) fprintf(stderr, "%s: path too long: %s\n", Argv[0], infile);
91: exit(1);
92: }
93:
94: /*
95: * If we were given a fully qualified or relative path
96: * there is no need to look at $PATH.
97: */
98: if (strchr(infile, '/')) {
99: (void) strcpy(command, infile);
100: if (sudo_goodpath(command)) {
101: *outfile = command;
102: return(FOUND);
103: } else
104: return(NOT_FOUND);
105: }
106:
107: /*
108: * Grab PATH out of the environment (or from the string table
109: * if SECURE_PATH is in effect) and make a local copy.
110: */
1.2 ! millert 111: if (def_str(I_SECURE_PATH) && !user_is_exempt())
1.1 millert 112: path = def_str(I_SECURE_PATH);
113: else if ((path = getenv("PATH")) == NULL)
114: return(NOT_FOUND);
115: path = estrdup(path);
116: origpath = path;
117:
118: do {
119: if ((n = strchr(path, ':')))
120: *n = '\0';
121:
122: /*
123: * Search current dir last if it is in PATH This will miss sneaky
124: * things like using './' or './/'
125: */
126: if (*path == '\0' || (*path == '.' && *(path + 1) == '\0')) {
127: checkdot = 1;
128: path = n + 1;
129: continue;
130: }
131:
132: /*
133: * Resolve the path and exit the loop if found.
134: */
135: if (strlen(path) + strlen(infile) + 1 >= MAXPATHLEN) {
136: (void) fprintf(stderr, "%s: path too long: %s\n", Argv[0], infile);
137: exit(1);
138: }
139: (void) sprintf(command, "%s/%s", path, infile);
140: if ((result = sudo_goodpath(command)))
141: break;
142:
143: path = n + 1;
144:
145: } while (n);
146: free(origpath);
147:
148: /*
149: * Check current dir if dot was in the PATH
150: */
151: if (!result && checkdot) {
152: result = sudo_goodpath(infile);
153: if (result && def_flag(I_IGNORE_DOT))
154: return(NOT_FOUND_DOT);
155: }
156:
157: if (result) {
158: *outfile = result;
159: return(FOUND);
160: } else
161: return(NOT_FOUND);
162: }