canonical_filenames.html 7.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156
  1. <HTML>
  2. <HEAD><TITLE>APR Canonical Filenames</TITLE></HEAD>
  3. <BODY>
  4. <h1>APR Canonical Filename</h1>
  5. <h2>Requirements</h2>
  6. <p>APR porters need to address the underlying discrepancies between
  7. file systems. To achieve a reasonable degree of security, the
  8. program depending upon APR needs to know that two paths may be
  9. compared, and that a mismatch is guarenteed to reflect that the
  10. two paths do not return the same resource</p>.
  11. <p>The first discrepancy is in volume roots. Unix and pure deriviates
  12. have only one root path, "/". Win32 and OS2 share root paths of
  13. the form "D:/", D: is the volume designation. However, this can
  14. be specified as "//./D:/" as well, indicating D: volume of the
  15. 'this' machine. Win32 and OS2 also may employ a UNC root path,
  16. of the form "//server/share/" where share is a share-point of the
  17. specified network server. Finally, NetWare root paths are of the
  18. form "server/volume:/", or the simpler "volume:/" syntax for 'this'
  19. machine. All these non-Unix file systems accept volume:path,
  20. without a slash following the colon, as a path relative to the
  21. current working directory, which APR will treat as ambigious, that
  22. is, neither an absolute nor a relative path per se.</p>
  23. <p>The second discrepancy is in the meaning of the 'this' directory.
  24. In general, 'this' must be eliminated from the path where it occurs.
  25. The syntax "path/./" and "path/" are both aliases to path. However,
  26. this isn't file system independent, since the double slash "//" has
  27. a special meaning on OS2 and Win32 at the start of the path name,
  28. and is invalid on those platforms before the "//server/share/" UNC
  29. root path is completed. Finally, as noted above, "//./volume/" is
  30. legal root syntax on WinNT, and perhaps others.</p>
  31. <p>The third discrepancy is in the context of the 'parent' directory.
  32. When "parent/path/.." occurs, the path must be unwound to "parent".
  33. It's also critical to simply truncate leading "/../" paths to "/",
  34. since the parent of the root is root. This gets tricky on the
  35. Win32 and OS2 platforms, since the ".." element is invalid before
  36. the "//server/share/" is complete, and the "//server/share/../"
  37. seqence is the complete UNC root "//server/share/". In relative
  38. paths, leading ".." elements are significant, until they are merged
  39. with an absolute path. The relative form must only retain the ".."
  40. segments as leading segments, to be resolved once merged to another
  41. relative or an absolute path.</p>
  42. <p>The fourth discrepancy occurs with acceptance of alternate character
  43. codes for the same element. Path seperators are not retained within
  44. the APR canonical forms. The OS filesystem and APR (slashed) forms
  45. can both be returned as strings, to be used in the proper context.
  46. Unix, Win32 and Netware all accept slashes and backslashes as the
  47. same path seperator symbol, although unix strictly accepts slashes.
  48. While the APR form of the name strictly uses slashes, always consider
  49. that there could be a platform that actually accepts slashes as a
  50. character within a segment name.</p>
  51. <p>The fifth and worst discrepancy plauges Win32, OS2, Netware, and some
  52. filesystems mounted in Unix. Case insensitivity can permit the same
  53. file to slip through in both it's proper case and alternate cases.
  54. Simply changing the case is insufficient for any character set beyond
  55. ASCII, since various dilectic forms of characters suffer from one to
  56. many or many to one translations. An example would be u-umlaut, which
  57. might be accepted as a single character u-umlaut, a two character
  58. sequence u and the zero-width umlaut, the upper case form of the same,
  59. or perhaps even a captial U alone. This can be handled in different
  60. ways depending on the purposes of the APR based program, but the one
  61. requirement is that the path must be absolute in order to resolve these
  62. ambiguities. Methods employed include comparison of device and inode
  63. file uniqifiers, which is a fairly fast operation, or quering the OS
  64. for the true form of the name, which can be much slower. Only the
  65. acknowledgement of the file names by the OS can validate the equality
  66. of two different cases of the same filename.</p>
  67. <p>The sixth discrepancy, illegal or insignificant characters, is especially
  68. significant in non-unix file systems. Trailing periods are accepted
  69. but never stored, therefore trailing periods must be ignored for any
  70. form of comparison. And all OS's have certain expectations of what
  71. characters are illegal (or undesireable due to confusion.)</p>
  72. <p>A final warning, canonical functions don't transform or resolve case
  73. or character ambiguity issues until they are resolved into an absolute
  74. path. The relative canonical path, while useful, while useful for URL
  75. or similar identifiers, cannot be used for testing or comparison of file
  76. system objects.</p>
  77. <hr>
  78. <h2>Canonical API</h2>
  79. Functions to manipulate the apr_canon_file_t (an opaque type) include:
  80. <ul>
  81. <li>Create canon_file_t (from char* path and canon_file_t parent path)
  82. <li>Merged canon_file_t (from path and parent, both canon_file_t)
  83. <li>Get char* path of all or some segments
  84. <li>Get path flags of IsRelative, IsVirtualRoot, and IsAbsolute
  85. <li>Compare two canon_file_t structures for file equality
  86. </ul>
  87. <p>The path is corrected to the file system case only if is in absolute
  88. form. The apr_canon_file_t should be preserved as long as possible and
  89. used as the parent to create child entries to reduce the number of expensive
  90. stat and case canonicalization calls to the OS.</p>
  91. <p>The comparison operation provides that the APR can postpone correction
  92. of case by simply relying upon the device and inode for equivilance. The
  93. stat implementation provides that two files are the same, while their
  94. strings are not equivilant, and eliminates the need for the operating
  95. system to return the proper form of the name.</p>
  96. <p>In any case, returning the char* path, with a flag to request the proper
  97. case, forces the OS calls to resolve the true names of each segment. Where
  98. there is a penality for this operation and the stat device and inode test
  99. is faster, case correction is postponed until the char* result is requested.
  100. On platforms that identify the inode, device, or proper name interchangably
  101. with no penalities, this may occur when the name is initially processed.</p>
  102. <hr>
  103. <h2>Unix Example</h2>
  104. <p>First the simplest case:</p>
  105. <pre>
  106. Parse Canonical Name
  107. accepts parent path as canonical_t
  108. this path as string
  109. Split this path Segments on '/'
  110. For each of this path Segments
  111. If first Segment
  112. If this Segment is Empty ([nothing]/)
  113. Append this Root Segment (don't merge)
  114. Continue to next Segment
  115. Else is relative
  116. Append parent Segments (to merge)
  117. Continue with this Segment
  118. If Segment is '.' or empty (2 slashes)
  119. Discard this Segment
  120. Continue with next Segment
  121. If Segment is '..'
  122. If no previous Segment or previous Segment is '..'
  123. Append this Segment
  124. Continue with next Segment
  125. If previous Segment and previous is not Root Segment
  126. Discard previous Segment
  127. Discard this Segment
  128. Continue with next Segment
  129. Append this Relative Segment
  130. Continue with next Segment
  131. </pre>
  132. </BODY>
  133. </HTML>