Oberon || Library || Module Index || Search Engine || Definition || Module
TYPE Path = POINTER TO PathRec; TYPE PathRec = RECORD (Disciplines.ObjectRec) END;
PROCEDURE CreatePath(VAR path: Path; root, pathname: ARRAY OF CHAR); PROCEDURE CreateDerivedPath(VAR path: Path; oldpath: Path; pathname: ARRAY OF CHAR); PROCEDURE GetRelPath(path: Path; VAR pathname: ARRAY OF CHAR); PROCEDURE GetAbsPath(path: Path; VAR pathname: ARRAY OF CHAR); PROCEDURE Upward(path: Path); PROCEDURE ChangeDir(path: Path; dirname: ARRAY OF CHAR);
PROCEDURE CheckAndProcessSymLinks(path: Path; newfile: BOOLEAN; VAR expandedPath: ARRAY OF CHAR; errors: RelatedEvents.Object) : BOOLEAN;
CreatePath and CreateDerivedPath create paths that may be later manipulated using Upward and ChangeDir. Before accessing a file or directory, CheckAndProcessSymLinks is to be used to convert a path into a pathname free of symbolic links and uplinks which resides inside the simulated chroot jail.
CreatePath creates path out of pathname that is to be taken relative to root, the assumed pseudo root. CreateDerivedPath creates a new path out of oldpath with relative path pathname. The new path shares its root with the old path.
GetRelPath returns the relative uplink-free pathname of path as string, while GetAbsPath returns the absolute uplink-free pathname including its root. Neither GetRelPath nor GetAbsPath check for symlinks.
ChangeDir appends dirname to path. References to the upward directory (``..'') and to the same directory (``.'') are processed as by the constructors CreateDerivedPath and CheckAndProcessSymLinks. Likewise is the upward link of the pseudo root is interpreted to point to the pseudo root itself. Upward is equivalent to ChangeDir with ``..'' as dirname.
CheckAndProcessSymLinks should be used to extract a path name usable for UnixFiles or similar modules before accessing files or directories. It checks the entire path for symbolic links and interpretes them relative to the pseudo root of path. The last component of path may be non-existant if newfile is set to TRUE. On success, a symlink-free absolute path that points inside of the pseudo root is returned in expandedPath. Access errors, if any, are related to errors.
In summary, FTPUnixPaths helps to restrict FTP accesses to a particular directory and below (a home directory, for example) while running not with super-user privileges. This is an improvement in comparison to FTP servers that, if not logged in anonymously, provide unrestricted access to the whole file system including shared spaces like /tmp. But it is far from offering the security of a chroot jail based on chroot(2).
Oberon || Library || Module Index || Search Engine || Definition || Module