sudo/find_path.c

/*
 *  CU sudo version 1.5.7
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 1, or (at your option)
 *  any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 *
 *  Please send bugs, changes, problems to sudo-bugs@courtesan.com
 *
 *******************************************************************
 *
 *  This module contains the find_path() function that returns
 *  TRUE if the command was found and FALSE if not.
 *  If find_path() returns TRUE, the copyin paramters command and
 *  ocommand contain the resolved and unresolved pathnames respectively.
 *  NOTE: if "." or "" exists in PATH it will be searched last.
 *
 *  Todd C. Miller (millert@colorado.edu) Sat Mar 25 21:50:36 MST 1995
 */

#ifndef lint
static const char rcsid[] = "$Id$";
#endif /* lint */

#include "config.h"

#include <stdio.h>
#ifdef STDC_HEADERS
#include <stdlib.h>
#endif /* STDC_HEADERS */
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif /* HAVE_UNISTD_H */
#ifdef HAVE_STRING_H
#include <string.h>
#endif /* HAVE_STRING_H */
#ifdef HAVE_STRINGS_H
#include <strings.h>
#endif /* HAVE_STRINGS_H */
#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
#include <malloc.h>
#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
#include <errno.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/stat.h>
#include <netinet/in.h>
#include "sudo.h"

#ifndef STDC_HEADERS
#ifndef __GNUC__		/* gcc has its own malloc */
extern char *malloc	__P((size_t));
#endif /* __GNUC__ */
extern char *getenv	__P((const char *));
extern char *strcpy	__P((char *, const char *));
extern int fprintf	__P((FILE *, const char *, ...));
extern ssize_t readlink	__P((const char *, VOID *, size_t));
extern int stat		__P((const char *, struct stat *));
extern int lstat	__P((const char *, struct stat *));
#ifdef HAVE_STRDUP
extern char *strdup	__P((const char *));
#endif /* HAVE_STRDUP */
#endif /* !STDC_HEADERS */


#ifndef _S_IFMT
#define _S_IFMT		S_IFMT
#endif /* _S_IFMT */
#ifndef _S_IFLNK
#define _S_IFLNK	S_IFLNK
#endif /* _S_IFLNK */


/*******************************************************************
 *
 *  find_path()
 *
 *  this function finds the full pathname for a command and
 *  stores it in a statically allocated array, filling in a pointer
 *  to the array.  Returns FOUND if the command was found, NOT_FOUND
 *  if it was not found, or NOT_FOUND_DOT if it would have been found
 *  but it is in '.' and IGNORE_DOT_PATH is in effect.
 */

int find_path(infile, outfile)
    char *infile;		/* file to find */
    char **outfile;		/* result parameter */
{
    static char command[MAXPATHLEN]; /* qualified filename */
    register char *n;		/* for traversing path */
    char *path = NULL;		/* contents of PATH env var */
    char *origpath;		/* so we can free path later */
    char *result = NULL;	/* result of path/file lookup */
    int checkdot = 0;		/* check current dir? */

    command[0] = '\0';

    if (strlen(infile) >= MAXPATHLEN) {
	errno = ENAMETOOLONG;
	(void) fprintf(stderr, "%s: path too long: %s\n", Argv[0], infile);
	exit(1);
    }

    /*
     * If we were given a fully qualified or relative path
     * there is no need to look at PATH.
     */
    if (strchr(infile, '/')) {
	(void) strcpy(command, infile);
	if (sudo_goodpath(command)) {
	    *outfile = command;
	    return(FOUND);
	} else
	    return(NOT_FOUND);
    }

    /*
     * grab PATH out of environment and make a local copy
     */
    if ((path = getenv("PATH")) == NULL)
	return(NOT_FOUND);

    if ((path = (char *) strdup(path)) == NULL) {
	(void) fprintf(stderr, "%s: out of memory!\n", Argv[0]);
	exit(1);
    }
    origpath = path;

    /* XXX use strtok() */
    do {
	if ((n = strchr(path, ':')))
	    *n = '\0';

	/*
	 * search current dir last if it is in PATH This will miss sneaky
	 * things like using './' or './/' 
	 */
	if (*path == '\0' || (*path == '.' && *(path + 1) == '\0')) {
	    checkdot = 1;
	    path = n + 1;
	    continue;
	}

	/*
	 * resolve the path and exit the loop if found
	 */
	if (strlen(path) + strlen(infile) + 1 >= MAXPATHLEN) {
	    (void) fprintf(stderr, "%s: path too long: %s\n", Argv[0], infile);
	    exit(1);
	}
	(void) sprintf(command, "%s/%s", path, infile);
	if ((result = sudo_goodpath(command)))
	    break;

	path = n + 1;

    } while (n);
    (void) free(origpath);

    /*
     * Check current dir if dot was in the PATH
     */
    if (!result && checkdot) {
	result = sudo_goodpath(infile);
#ifdef IGNORE_DOT_PATH
	if (result)
	    return(NOT_FOUND_DOT);
#endif /* IGNORE_DOT_PATH */
    }

    if (result) {
	*outfile = result;
	return(FOUND);
    } else
	return(NOT_FOUND);
}
updated version number and took out jeff's email (since it is invalid) 1993-11-27 23:42:49 +00:00			`/*`
updated version 1998-09-17 16:27:15 +00:00			`* CU sudo version 1.5.7`
Initial revision 1993-02-16 03:01:06 +00:00			`*`
			`* This program is free software; you can redistribute it and/or modify`
			`* it under the terms of the GNU General Public License as published by`
			`* the Free Software Foundation; either version 1, or (at your option)`
			`* any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
			`* along with this program; if not, write to the Free Software`
			`* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.`
			`*`
courtesan 1996-09-08 00:21:42 +00:00			`* Please send bugs, changes, problems to sudo-bugs@courtesan.com`
rewrote to use realpath(3) - nis now all my code 1994-06-06 00:03:26 +00:00			`*`
Initial revision 1993-02-16 03:01:06 +00:00			`*******************************************************************`
			`*`
rewrote to use realpath(3) - nis now all my code 1994-06-06 00:03:26 +00:00			`* This module contains the find_path() function that returns`
find_path() now takes 2 copyout parameters (one for the qualified pathname and one for the unqualified pathname). The third parameter may be NULL. 1995-01-16 21:32:30 +00:00			`* TRUE if the command was found and FALSE if not.`
			`* If find_path() returns TRUE, the copyin paramters command and`
			`* ocommand contain the resolved and unresolved pathnames respectively.`
rewrote to use realpath(3) - nis now all my code 1994-06-06 00:03:26 +00:00			`* NOTE: if "." or "" exists in PATH it will be searched last.`
ENOTDIR is ok now too (in case part of the path is bogus) 1993-09-04 18:08:15 +00:00			`*`
removed all the realpath() stuff 1995-03-26 06:16:43 +00:00			`* Todd C. Miller (millert@colorado.edu) Sat Mar 25 21:50:36 MST 1995`
ENOTDIR is ok now too (in case part of the path is bogus) 1993-09-04 18:08:15 +00:00			`*/`

updated version number and took out jeff's email (since it is invalid) 1993-11-27 23:42:49 +00:00			`#ifndef lint`
-Wall 1998-11-18 03:51:10 +00:00			`static const char rcsid[] = "$Id$";`
updated version number and took out jeff's email (since it is invalid) 1993-11-27 23:42:49 +00:00			`#endif /* lint */`

updated to work with configure + pathnames.h 1994-03-12 18:36:53 +00:00			`#include "config.h"`

Initial revision 1993-02-16 03:01:06 +00:00			`#include <stdio.h>`
updated to work with configure + pathnames.h 1994-03-12 18:36:53 +00:00			`#ifdef STDC_HEADERS`
now uses STD_HEADERS macro 1993-11-30 00:14:02 +00:00			`#include <stdlib.h>`
updated to work with configure + pathnames.h 1994-03-12 18:36:53 +00:00			`#endif /* STDC_HEADERS */`
			`#ifdef HAVE_UNISTD_H`
			`#include <unistd.h>`
			`#endif /* HAVE_UNISTD_H */`
			`#ifdef HAVE_STRING_H`
added patches from John_Rouillard directory spec uses EDITOR 1993-12-03 02:35:16 +00:00			`#include <string.h>`
updated to work with configure + pathnames.h 1994-03-12 18:36:53 +00:00			`#endif /* HAVE_STRING_H */`
			`#ifdef HAVE_STRINGS_H`
always include strings.h 1993-12-06 06:12:34 +00:00			`#include <strings.h>`
updated to work with configure + pathnames.h 1994-03-12 18:36:53 +00:00			`#endif /* HAVE_STRINGS_H */`
don't include malloc.h if we include stdlib.h 1995-09-13 21:17:06 +00:00			`#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)`
updated to work with configure + pathnames.h 1994-03-12 18:36:53 +00:00			`#include <malloc.h>`
don't include malloc.h if we include stdlib.h 1995-09-13 21:17:06 +00:00			`#endif /* HAVE_MALLOC_H && !STDC_HEADERS */`
ENOTDIR is ok now too (in case part of the path is bogus) 1993-09-04 18:08:15 +00:00			`#include <errno.h>`
Initial revision 1993-02-16 03:01:06 +00:00			`#include <sys/types.h>`
			`#include <sys/param.h>`
ENOTDIR is ok now too (in case part of the path is bogus) 1993-09-04 18:08:15 +00:00			`#include <sys/stat.h>`
added include of netinet/in.h 1994-08-12 01:58:03 +00:00			`#include <netinet/in.h>`
ENOTDIR is ok now too (in case part of the path is bogus) 1993-09-04 18:08:15 +00:00			`#include "sudo.h"`

updated to work with configure + pathnames.h 1994-03-12 18:36:53 +00:00			`#ifndef STDC_HEADERS`
don't do malloc decl if gnuc 1994-08-08 17:05:22 +00:00			`#ifndef __GNUC__ /* gcc has its own malloc */`
ansi-fied !STDC_HEADER function prottypes 1994-08-08 04:41:20 +00:00			`extern char *malloc __P((size_t));`
don't do malloc decl if gnuc 1994-08-08 17:05:22 +00:00			`#endif /* __GNUC__ */`
ansi-fied !STDC_HEADER function prottypes 1994-08-08 04:41:20 +00:00			`extern char getenv __P((const char ));`
			`extern char strcpy __P((char , const char *));`
added params to func decls when STDC_HEADERS is not defined 1994-08-08 04:06:48 +00:00			`extern int fprintf __P((FILE , const char , ...));`
fixed prreadlink() prototype 1995-07-18 17:35:56 +00:00			`extern ssize_t readlink __P((const char , VOID , size_t));`
ansi-fied !STDC_HEADER function prottypes 1994-08-08 04:41:20 +00:00			`extern int stat __P((const char , struct stat ));`
			`extern int lstat __P((const char , struct stat ));`
updated to work with configure + pathnames.h 1994-03-12 18:36:53 +00:00			`#ifdef HAVE_STRDUP`
ansi-fied !STDC_HEADER function prottypes 1994-08-08 04:41:20 +00:00			`extern char strdup __P((const char ));`
updated to work with configure + pathnames.h 1994-03-12 18:36:53 +00:00			`#endif /* HAVE_STRDUP */`
			`#endif /* !STDC_HEADERS */`
Initial revision 1993-02-16 03:01:06 +00:00

now use _S_* stat stuff to be ansi-like 1994-03-12 19:33:10 +00:00			`#ifndef _S_IFMT`
			`#define _S_IFMT S_IFMT`
			`#endif /* _S_IFMT */`
			`#ifndef _S_IFLNK`
			`#define _S_IFLNK S_IFLNK`
			`#endif /* _S_IFLNK */`


Initial revision 1993-02-16 03:01:06 +00:00			`/*******************************************************************`
			`*`
ENOTDIR is ok now too (in case part of the path is bogus) 1993-09-04 18:08:15 +00:00			`* find_path()`
Initial revision 1993-02-16 03:01:06 +00:00			`*`
removed all the realpath() stuff 1995-03-26 06:16:43 +00:00			`* this function finds the full pathname for a command and`
go back to printing "command not found" unless --disable-path-info specified. Also, tell user when we ignore '.' in their path and it would have been used but for --with-ignore-dot. 1998-11-08 20:56:52 +00:00			`* stores it in a statically allocated array, filling in a pointer`
			`* to the array. Returns FOUND if the command was found, NOT_FOUND`
			`* if it was not found, or NOT_FOUND_DOT if it would have been found`
			`* but it is in '.' and IGNORE_DOT_PATH is in effect.`
Initial revision 1993-02-16 03:01:06 +00:00			`*/`

go back to printing "command not found" unless --disable-path-info specified. Also, tell user when we ignore '.' in their path and it would have been used but for --with-ignore-dot. 1998-11-08 20:56:52 +00:00			`int find_path(infile, outfile)`
			`char infile; / file to find */`
			`char *outfile; / result parameter */`
Initial revision 1993-02-16 03:01:06 +00:00			`{`
MAX* + 1 -> MAX* 1998-04-06 03:15:39 +00:00			`static char command[MAXPATHLEN]; /* qualified filename */`
used indent to "fix" coding style 1993-10-04 19:10:33 +00:00			`register char n; / for traversing path */`
			`char path = NULL; / contents of PATH env var */`
find_path() now takes 2 copyout parameters (one for the qualified pathname and one for the unqualified pathname). The third parameter may be NULL. 1995-01-16 21:32:30 +00:00			`char origpath; / so we can free path later */`
rewrote to use realpath(3) - nis now all my code 1994-06-06 00:03:26 +00:00			`char result = NULL; / result of path/file lookup */`
used indent to "fix" coding style 1993-10-04 19:10:33 +00:00			`int checkdot = 0; /* check current dir? */`
ENOTDIR is ok now too (in case part of the path is bogus) 1993-09-04 18:08:15 +00:00
NULL -> '\0' 1995-03-29 20:58:57 +00:00			`command[0] = '\0';`
removed all the realpath() stuff 1995-03-26 06:16:43 +00:00
go back to printing "command not found" unless --disable-path-info specified. Also, tell user when we ignore '.' in their path and it would have been used but for --with-ignore-dot. 1998-11-08 20:56:52 +00:00			`if (strlen(infile) >= MAXPATHLEN) {`
removed all the realpath() stuff 1995-03-26 06:16:43 +00:00			`errno = ENAMETOOLONG;`
go back to printing "command not found" unless --disable-path-info specified. Also, tell user when we ignore '.' in their path and it would have been used but for --with-ignore-dot. 1998-11-08 20:56:52 +00:00			`(void) fprintf(stderr, "%s: path too long: %s\n", Argv[0], infile);`
made command (and therefor cmnd dynamically allocated) 1994-08-05 20:12:09 +00:00			`exit(1);`
			`}`

			`/*`
if given a fully-qualified or relative path we now check it with sudo_goodpath() and error out with the appropriate error message if the file does not exist or is not executable 1995-09-01 04:04:43 +00:00			`* If we were given a fully qualified or relative path`
			`* there is no need to look at PATH.`
used indent to "fix" coding style 1993-10-04 19:10:33 +00:00			`*/`
go back to printing "command not found" unless --disable-path-info specified. Also, tell user when we ignore '.' in their path and it would have been used but for --with-ignore-dot. 1998-11-08 20:56:52 +00:00			`if (strchr(infile, '/')) {`
			`(void) strcpy(command, infile);`
if given a fully-qualified or relative path we now check it with sudo_goodpath() and error out with the appropriate error message if the file does not exist or is not executable 1995-09-01 04:04:43 +00:00			`if (sudo_goodpath(command)) {`
go back to printing "command not found" unless --disable-path-info specified. Also, tell user when we ignore '.' in their path and it would have been used but for --with-ignore-dot. 1998-11-08 20:56:52 +00:00			`*outfile = command;`
			`return(FOUND);`
return NOT_FOUND if given fully qualified path and it does not exist previously it would perror(ENOENT) which bypasses the option to not leak path info 1998-11-14 00:21:40 +00:00			`} else`
			`return(NOT_FOUND);`
find_path() now takes 2 copyout parameters (one for the qualified pathname and one for the unqualified pathname). The third parameter may be NULL. 1995-01-16 21:32:30 +00:00			`}`
Initial revision 1993-02-16 03:01:06 +00:00
used indent to "fix" coding style 1993-10-04 19:10:33 +00:00			`/*`
			`* grab PATH out of environment and make a local copy`
			`*/`
			`if ((path = getenv("PATH")) == NULL)`
go back to printing "command not found" unless --disable-path-info specified. Also, tell user when we ignore '.' in their path and it would have been used but for --with-ignore-dot. 1998-11-08 20:56:52 +00:00			`return(NOT_FOUND);`
Initial revision 1993-02-16 03:01:06 +00:00
added explict casts for strdup since many includes don't prototype it. gag me. 1995-11-25 18:53:22 +00:00			`if ((path = (char *) strdup(path)) == NULL) {`
if given a fully-qualified or relative path we now check it with sudo_goodpath() and error out with the appropriate error message if the file does not exist or is not executable 1995-09-01 04:04:43 +00:00			`(void) fprintf(stderr, "%s: out of memory!\n", Argv[0]);`
ENOTDIR is ok now too (in case part of the path is bogus) 1993-09-04 18:08:15 +00:00			`exit(1);`
Initial revision 1993-02-16 03:01:06 +00:00			`}`
go back to printing "command not found" unless --disable-path-info specified. Also, tell user when we ignore '.' in their path and it would have been used but for --with-ignore-dot. 1998-11-08 20:56:52 +00:00			`origpath = path;`
Initial revision 1993-02-16 03:01:06 +00:00
removed all the realpath() stuff 1995-03-26 06:16:43 +00:00			`/* XXX use strtok() */`
now checks '.' or '.' or '' in PATH -- but does it LAST should maybe move the code that does this into the loop body. makes it messier tho. hmmm. 1993-10-04 00:12:35 +00:00			`do {`
updated to work with configure + pathnames.h 1994-03-12 18:36:53 +00:00			`if ((n = strchr(path, ':')))`
now checks '.' or '.' or '' in PATH -- but does it LAST should maybe move the code that does this into the loop body. makes it messier tho. hmmm. 1993-10-04 00:12:35 +00:00			`*n = '\0';`

			`/*`
used indent to "fix" coding style 1993-10-04 19:10:33 +00:00			`* search current dir last if it is in PATH This will miss sneaky`
			`* things like using './' or './/'`
now checks '.' or '.' or '' in PATH -- but does it LAST should maybe move the code that does this into the loop body. makes it messier tho. hmmm. 1993-10-04 00:12:35 +00:00			`*/`
now uses STD_HEADERS macro 1993-11-30 00:14:02 +00:00			`if (path == '\0' \|\| (path == '.' && *(path + 1) == '\0')) {`
now checks '.' or '.' or '' in PATH -- but does it LAST should maybe move the code that does this into the loop body. makes it messier tho. hmmm. 1993-10-04 00:12:35 +00:00			`checkdot = 1;`
			`path = n + 1;`
			`continue;`
			`}`

used indent to "fix" coding style 1993-10-04 19:10:33 +00:00			`/*`
rewrote to use realpath(3) - nis now all my code 1994-06-06 00:03:26 +00:00			`* resolve the path and exit the loop if found`
used indent to "fix" coding style 1993-10-04 19:10:33 +00:00			`*/`
go back to printing "command not found" unless --disable-path-info specified. Also, tell user when we ignore '.' in their path and it would have been used but for --with-ignore-dot. 1998-11-08 20:56:52 +00:00			`if (strlen(path) + strlen(infile) + 1 >= MAXPATHLEN) {`
			`(void) fprintf(stderr, "%s: path too long: %s\n", Argv[0], infile);`
removed all the realpath() stuff 1995-03-26 06:16:43 +00:00			`exit(1);`
			`}`
go back to printing "command not found" unless --disable-path-info specified. Also, tell user when we ignore '.' in their path and it would have been used but for --with-ignore-dot. 1998-11-08 20:56:52 +00:00			`(void) sprintf(command, "%s/%s", path, infile);`
removed all the realpath() stuff 1995-03-26 06:16:43 +00:00			`if ((result = sudo_goodpath(command)))`
rewrote to use realpath(3) - nis now all my code 1994-06-06 00:03:26 +00:00			`break;`
now return NULL instead pfof exiting for nopnn-fatal errors 1993-10-23 00:46:05 +00:00
redid the fix for non-executable files in an easier to read way plus some minor aethetic changes 1993-09-08 15:53:08 +00:00			`path = n + 1;`
now checks '.' or '.' or '' in PATH -- but does it LAST should maybe move the code that does this into the loop body. makes it messier tho. hmmm. 1993-10-04 00:12:35 +00:00
			`} while (n);`
go back to printing "command not found" unless --disable-path-info specified. Also, tell user when we ignore '.' in their path and it would have been used but for --with-ignore-dot. 1998-11-08 20:56:52 +00:00			`(void) free(origpath);`
now checks '.' or '.' or '' in PATH -- but does it LAST should maybe move the code that does this into the loop body. makes it messier tho. hmmm. 1993-10-04 00:12:35 +00:00
used indent to "fix" coding style 1993-10-04 19:10:33 +00:00			`/*`
go back to printing "command not found" unless --disable-path-info specified. Also, tell user when we ignore '.' in their path and it would have been used but for --with-ignore-dot. 1998-11-08 20:56:52 +00:00			`* Check current dir if dot was in the PATH`
used indent to "fix" coding style 1993-10-04 19:10:33 +00:00			`*/`
go back to printing "command not found" unless --disable-path-info specified. Also, tell user when we ignore '.' in their path and it would have been used but for --with-ignore-dot. 1998-11-08 20:56:52 +00:00			`if (!result && checkdot) {`
			`result = sudo_goodpath(infile);`
			`#ifdef IGNORE_DOT_PATH`
			`if (result)`
			`return(NOT_FOUND_DOT);`
-DNO_DOT_PATH -> -DIGNORE_DOT_PATH 1996-03-19 00:37:24 +00:00			`#endif /* IGNORE_DOT_PATH */`
go back to printing "command not found" unless --disable-path-info specified. Also, tell user when we ignore '.' in their path and it would have been used but for --with-ignore-dot. 1998-11-08 20:56:52 +00:00			`}`
find_path() now takes 2 copyout parameters (one for the qualified pathname and one for the unqualified pathname). The third parameter may be NULL. 1995-01-16 21:32:30 +00:00
go back to printing "command not found" unless --disable-path-info specified. Also, tell user when we ignore '.' in their path and it would have been used but for --with-ignore-dot. 1998-11-08 20:56:52 +00:00			`if (result) {`
			`*outfile = result;`
			`return(FOUND);`
			`} else`
			`return(NOT_FOUND);`
added calls to sudo_goodpath() 1995-03-26 01:39:14 +00:00			`}`