250 lines
5.2 KiB
C
250 lines
5.2 KiB
C
/*
|
|
* canonicalize.c -- canonicalize pathname by removing symlinks
|
|
* Copyright (C) 1993 Rick Sladkey <jrs@world.std.com>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU Library Public License as published by
|
|
* the Free Software Foundation; either version 2, or (at your option)
|
|
* any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Library Public License for more details.
|
|
*
|
|
*/
|
|
|
|
/*
|
|
* This routine is part of libc. We include it nevertheless,
|
|
* since the libc version has some security flaws.
|
|
*
|
|
* TODO: use canonicalize_file_name() when exist in glibc
|
|
*/
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
#include <ctype.h>
|
|
#include <unistd.h>
|
|
#include <errno.h>
|
|
#include <stdlib.h>
|
|
|
|
#include "canonicalize.h"
|
|
|
|
#ifndef MAXSYMLINKS
|
|
# define MAXSYMLINKS 256
|
|
#endif
|
|
|
|
static char *
|
|
myrealpath(const char *path, char *resolved_path, int maxreslth) {
|
|
int readlinks = 0;
|
|
char *npath;
|
|
char link_path[PATH_MAX+1];
|
|
int n;
|
|
char *buf = NULL;
|
|
|
|
npath = resolved_path;
|
|
|
|
/* If it's a relative pathname use getcwd for starters. */
|
|
if (*path != '/') {
|
|
if (!getcwd(npath, maxreslth-2))
|
|
return NULL;
|
|
npath += strlen(npath);
|
|
if (npath[-1] != '/')
|
|
*npath++ = '/';
|
|
} else {
|
|
*npath++ = '/';
|
|
path++;
|
|
}
|
|
|
|
/* Expand each slash-separated pathname component. */
|
|
while (*path != '\0') {
|
|
/* Ignore stray "/" */
|
|
if (*path == '/') {
|
|
path++;
|
|
continue;
|
|
}
|
|
if (*path == '.' && (path[1] == '\0' || path[1] == '/')) {
|
|
/* Ignore "." */
|
|
path++;
|
|
continue;
|
|
}
|
|
if (*path == '.' && path[1] == '.' &&
|
|
(path[2] == '\0' || path[2] == '/')) {
|
|
/* Backup for ".." */
|
|
path += 2;
|
|
while (npath > resolved_path+1 &&
|
|
(--npath)[-1] != '/')
|
|
;
|
|
continue;
|
|
}
|
|
/* Safely copy the next pathname component. */
|
|
while (*path != '\0' && *path != '/') {
|
|
if (npath-resolved_path > maxreslth-2) {
|
|
errno = ENAMETOOLONG;
|
|
goto err;
|
|
}
|
|
*npath++ = *path++;
|
|
}
|
|
|
|
/* Protect against infinite loops. */
|
|
if (readlinks++ > MAXSYMLINKS) {
|
|
errno = ELOOP;
|
|
goto err;
|
|
}
|
|
|
|
/* See if last pathname component is a symlink. */
|
|
*npath = '\0';
|
|
n = readlink(resolved_path, link_path, PATH_MAX);
|
|
if (n < 0) {
|
|
/* EINVAL means the file exists but isn't a symlink. */
|
|
if (errno != EINVAL)
|
|
goto err;
|
|
} else {
|
|
int m;
|
|
char *newbuf;
|
|
|
|
/* Note: readlink doesn't add the null byte. */
|
|
link_path[n] = '\0';
|
|
if (*link_path == '/')
|
|
/* Start over for an absolute symlink. */
|
|
npath = resolved_path;
|
|
else
|
|
/* Otherwise back up over this component. */
|
|
while (*(--npath) != '/')
|
|
;
|
|
|
|
/* Insert symlink contents into path. */
|
|
m = strlen(path);
|
|
newbuf = malloc(m + n + 1);
|
|
if (!newbuf)
|
|
goto err;
|
|
memcpy(newbuf, link_path, n);
|
|
memcpy(newbuf + n, path, m + 1);
|
|
free(buf);
|
|
path = buf = newbuf;
|
|
}
|
|
*npath++ = '/';
|
|
}
|
|
/* Delete trailing slash but don't whomp a lone slash. */
|
|
if (npath != resolved_path+1 && npath[-1] == '/')
|
|
npath--;
|
|
/* Make sure it's null terminated. */
|
|
*npath = '\0';
|
|
|
|
free(buf);
|
|
return resolved_path;
|
|
|
|
err:
|
|
free(buf);
|
|
return NULL;
|
|
}
|
|
|
|
/*
|
|
* Converts private "dm-N" names to "/dev/mapper/<name>"
|
|
*
|
|
* Since 2.6.29 (patch 784aae735d9b0bba3f8b9faef4c8b30df3bf0128) kernel sysfs
|
|
* provides the real DM device names in /sys/block/<ptname>/dm/name
|
|
*/
|
|
char *
|
|
canonicalize_dm_name(const char *ptname)
|
|
{
|
|
FILE *f;
|
|
size_t sz;
|
|
char path[256], name[256], *res = NULL;
|
|
|
|
snprintf(path, sizeof(path), "/sys/block/%s/dm/name", ptname);
|
|
if (!(f = fopen(path, "r" UL_CLOEXECSTR)))
|
|
return NULL;
|
|
|
|
/* read "<name>\n" from sysfs */
|
|
if (fgets(name, sizeof(name), f) && (sz = strlen(name)) > 1) {
|
|
name[sz - 1] = '\0';
|
|
snprintf(path, sizeof(path), "/dev/mapper/%s", name);
|
|
|
|
if (access(path, F_OK) == 0)
|
|
res = strdup(path);
|
|
}
|
|
fclose(f);
|
|
return res;
|
|
}
|
|
|
|
char *
|
|
canonicalize_path(const char *path)
|
|
{
|
|
char canonical[PATH_MAX+2];
|
|
char *p;
|
|
|
|
if (path == NULL)
|
|
return NULL;
|
|
|
|
if (!myrealpath(path, canonical, PATH_MAX+1))
|
|
return strdup(path);
|
|
|
|
|
|
p = strrchr(canonical, '/');
|
|
if (p && strncmp(p, "/dm-", 4) == 0 && isdigit(*(p + 4))) {
|
|
p = canonicalize_dm_name(p+1);
|
|
if (p)
|
|
return p;
|
|
}
|
|
|
|
return strdup(canonical);
|
|
}
|
|
|
|
char *
|
|
canonicalize_path_restricted(const char *path)
|
|
{
|
|
char canonical[PATH_MAX+2];
|
|
char *p = NULL;
|
|
int errsv;
|
|
uid_t euid;
|
|
gid_t egid;
|
|
|
|
if (path == NULL)
|
|
return NULL;
|
|
|
|
euid = geteuid();
|
|
egid = getegid();
|
|
|
|
/* drop permissions */
|
|
if (setegid(getgid()) < 0 || seteuid(getuid()) < 0)
|
|
return NULL;
|
|
|
|
errsv = errno = 0;
|
|
|
|
if (myrealpath(path, canonical, PATH_MAX+1)) {
|
|
p = strrchr(canonical, '/');
|
|
if (p && strncmp(p, "/dm-", 4) == 0 && isdigit(*(p + 4)))
|
|
p = canonicalize_dm_name(p+1);
|
|
else
|
|
p = NULL;
|
|
if (!p)
|
|
p = strdup(canonical);
|
|
} else
|
|
errsv = errno;
|
|
|
|
/* restore */
|
|
if (setegid(egid) < 0 || seteuid(euid) < 0) {
|
|
free(p);
|
|
return NULL;
|
|
}
|
|
|
|
errno = errsv;
|
|
return p;
|
|
}
|
|
|
|
|
|
#ifdef TEST_PROGRAM_CANONICALIZE
|
|
int main(int argc, char **argv)
|
|
{
|
|
if (argc < 2) {
|
|
fprintf(stderr, "usage: %s <device>\n", argv[0]);
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
|
|
fprintf(stdout, "orig: %s\n", argv[1]);
|
|
fprintf(stdout, "real: %s\n", canonicalize_path(argv[1]));
|
|
|
|
exit(EXIT_SUCCESS);
|
|
}
|
|
#endif
|