# coding=utf-8
#
# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2019 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENSE.TXT

import os


def open_nofollow(path):
    """
    Open *path* rejecting symlinks at every component, not just the
    leaf.  Uses openat() (via *dir_fd*) to walk each component with
    O_NOFOLLOW so that an attacker who controls an intermediate
    directory (e.g. /tmp/lshttpd owned by nobody) cannot substitute
    it with a symlink.

    :return: file descriptor (caller must close)
    :raises: OSError if any component is a symlink or does not exist
    """
    parts = path.lstrip('/').split('/')
    fd = os.open('/', os.O_RDONLY | os.O_DIRECTORY)
    try:
        for component in parts[:-1]:
            next_fd = os.open(
                component,
                os.O_RDONLY | os.O_NOFOLLOW | os.O_DIRECTORY,
                dir_fd=fd,
            )
            os.close(fd)
            fd = next_fd
        result_fd = os.open(
            parts[-1], os.O_RDONLY | os.O_NOFOLLOW, dir_fd=fd,
        )
    finally:
        os.close(fd)
    return result_fd