2 * Copyright (c) 1996, 1998-2005 Todd C. Miller <Todd.Miller@courtesan.com>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 * Sponsored in part by the Defense Advanced Research Projects
17 * Agency (DARPA) and Air Force Research Laboratory, Air Force
18 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
23 #include <sys/types.h>
24 #include <sys/param.h>
34 #endif /* STDC_HEADERS */
38 # ifdef HAVE_STRINGS_H
41 #endif /* HAVE_STRING_H */
44 #endif /* HAVE_UNISTD_H */
49 * This function finds the full pathname for a command and
50 * stores it in a statically allocated array, filling in a pointer
51 * to the array. Returns FOUND if the command was found, NOT_FOUND
52 * if it was not found, or NOT_FOUND_DOT if it would have been found
53 * but it is in '.' and IGNORE_DOT is set.
56 find_path(infile, outfile, sbp, path)
57 char *infile; /* file to find */
58 char **outfile; /* result parameter */
59 struct stat *sbp; /* stat result parameter */
60 char *path; /* path to search */
62 static char command[PATH_MAX]; /* qualified filename */
63 char *n; /* for traversing path */
64 char *origpath; /* so we can free path later */
65 char *result = NULL; /* result of path/file lookup */
66 int checkdot = 0; /* check current dir? */
67 int len; /* length parameter */
69 if (strlen(infile) >= PATH_MAX)
70 errorx(1, "%s: File name too long", infile);
73 * If we were given a fully qualified or relative path
74 * there is no need to look at $PATH.
76 if (strchr(infile, '/')) {
77 strlcpy(command, infile, sizeof(command)); /* paranoia */
78 if (sudo_goodpath(command, sbp)) {
85 /* Use PATH passed in unless SECURE_PATH is in effect. */
86 if (def_secure_path && !user_is_exempt())
87 path = def_secure_path;
88 else if (path == NULL)
94 if ((n = strchr(path, ':')))
98 * Search current dir last if it is in PATH This will miss sneaky
99 * things like using './' or './/'
101 if (*path == '\0' || (*path == '.' && *(path + 1) == '\0')) {
108 * Resolve the path and exit the loop if found.
110 len = snprintf(command, sizeof(command), "%s/%s", path, infile);
111 if (len <= 0 || len >= sizeof(command))
112 errorx(1, "%s: File name too long", infile);
113 if ((result = sudo_goodpath(command, sbp)))
122 * Check current dir if dot was in the PATH
124 if (!result && checkdot) {
125 len = snprintf(command, sizeof(command), "./%s", infile);
126 if (len <= 0 || len >= sizeof(command))
127 errorx(1, "%s: File name too long", infile);
128 result = sudo_goodpath(command, sbp);
129 if (result && def_ignore_dot)
130 return(NOT_FOUND_DOT);