2 * Copyright (c) 1996, 1998-2005 Todd C. Miller <Todd.Miller@courtesan.com>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 * Sponsored in part by the Defense Advanced Research Projects
17 * Agency (DARPA) and Air Force Research Laboratory, Air Force
18 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
23 #include <sys/types.h>
24 #include <sys/param.h>
34 #endif /* STDC_HEADERS */
38 # ifdef HAVE_STRINGS_H
41 #endif /* HAVE_STRING_H */
44 #endif /* HAVE_UNISTD_H */
48 # include "emul/err.h"
49 #endif /* HAVE_ERR_H */
54 __unused static const char rcsid[] = "$Sudo: find_path.c,v 1.108.2.4 2007/06/12 01:43:01 millert Exp $";
58 * This function finds the full pathname for a command and
59 * stores it in a statically allocated array, filling in a pointer
60 * to the array. Returns FOUND if the command was found, NOT_FOUND
61 * if it was not found, or NOT_FOUND_DOT if it would have been found
62 * but it is in '.' and IGNORE_DOT is set.
65 find_path(infile, outfile, sbp, path)
66 char *infile; /* file to find */
67 char **outfile; /* result parameter */
68 struct stat *sbp; /* stat result parameter */
69 char *path; /* path to search */
71 static char command[PATH_MAX]; /* qualified filename */
72 char *n; /* for traversing path */
73 char *origpath; /* so we can free path later */
74 char *result = NULL; /* result of path/file lookup */
75 int checkdot = 0; /* check current dir? */
76 int len; /* length parameter */
78 if (strlen(infile) >= PATH_MAX)
79 errx(1, "%s: File name too long", infile);
82 * If we were given a fully qualified or relative path
83 * there is no need to look at $PATH.
85 if (strchr(infile, '/')) {
86 strlcpy(command, infile, sizeof(command)); /* paranoia */
87 if (sudo_goodpath(command, sbp)) {
94 /* Use PATH passed in unless SECURE_PATH is in effect. */
96 if (!user_is_exempt())
98 #endif /* SECURE_PATH */
101 path = estrdup(path);
105 if ((n = strchr(path, ':')))
109 * Search current dir last if it is in PATH This will miss sneaky
110 * things like using './' or './/'
112 if (*path == '\0' || (*path == '.' && *(path + 1) == '\0')) {
119 * Resolve the path and exit the loop if found.
121 len = snprintf(command, sizeof(command), "%s/%s", path, infile);
122 if (len <= 0 || len >= sizeof(command))
123 errx(1, "%s: File name too long", infile);
124 if ((result = sudo_goodpath(command, sbp)))
133 * Check current dir if dot was in the PATH
135 if (!result && checkdot) {
136 result = sudo_goodpath(infile, sbp);
137 if (result && def_ignore_dot)
138 return(NOT_FOUND_DOT);