aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRenato Botelho <renato@netgate.com>2015-08-03 09:01:16 -0300
committerRenato Botelho <renato@netgate.com>2015-08-03 09:01:16 -0300
commite2957d644dabb146de90c19c710d9420a30d6778 (patch)
treeb62381e5d3d44637f893b89ed6135fe274595b72
parentce76b1f0010a6b378d1f47d03367c20850c19da4 (diff)
parent78fe829d18ae9c4fdd7fa4cb82be8045f65f5609 (diff)
downloadpfsense-packages-e2957d644dabb146de90c19c710d9420a30d6778.tar.gz
pfsense-packages-e2957d644dabb146de90c19c710d9420a30d6778.tar.bz2
pfsense-packages-e2957d644dabb146de90c19c710d9420a30d6778.zip
Merge pull request #923 from doktornotor/patch-12
-rw-r--r--config/sudo/sudo.inc30
-rw-r--r--config/sudo/sudo.xml42
-rw-r--r--pkg_config.10.xml2
3 files changed, 60 insertions, 14 deletions
diff --git a/config/sudo/sudo.inc b/config/sudo/sudo.inc
index 1c07984d..ed0feb9c 100644
--- a/config/sudo/sudo.inc
+++ b/config/sudo/sudo.inc
@@ -1,8 +1,9 @@
<?php
/*
sudo.inc
-
+ part of pfSense (https://www.pfSense.org/)
Copyright (C) 2013 Jim Pingle (jpingle@gmail.com)
+ Copyright (C) 2015 ESF, LLC
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -32,7 +33,7 @@ global $pfs_version;
$pfs_version = substr(trim(file_get_contents("/etc/version")),0,3);
switch ($pfs_version) {
case "2.1":
- // Hackish way to detect if someone manually did pkg_add rather than use pbi.
+ /* Hackish way to detect if someone manually did pkg_add rather than use pbi. */
if (is_dir('/usr/pbi/sudo-' . php_uname("m"))) {
define('SUDO_BASE', '/usr/pbi/sudo-' . php_uname("m"));
define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/');
@@ -43,7 +44,7 @@ switch ($pfs_version) {
break;
case "2.2":
define('SUDO_BASE','/usr/local');
- // Hackish way to detect if someone manually did pkg_add rather than use pbi.
+ /* Hackish way to detect if someone manually did pkg_add rather than use pbi. */
if (is_dir('/usr/pbi/sudo-' . php_uname("m"))) {
define('SUDO_LIBEXEC_DIR', '/usr/pbi/sudo-' . php_uname("m") . '/local/libexec/sudo');
} else {
@@ -132,16 +133,19 @@ function sudo_write_config() {
conf_mount_ro();
}
-/* Get a list of users and groups in a format we can use to make proper sudoers entries.
+/*
+Get a list of users and groups in a format we can use to make proper sudoers entries.
Optionally include "ALL" as a user (for use by the Run As list)
*/
function sudo_get_users($list_all_user = false) {
global $config;
- if (!is_array($config['system']['user']))
+ if (!is_array($config['system']['user'])) {
$config['system']['user'] = array();
+ }
$a_user = &$config['system']['user'];
- if (!is_array($config['system']['group']))
+ if (!is_array($config['system']['group'])) {
$config['system']['group'] = array();
+ }
$a_group = &$config['system']['group'];
$users = array();
@@ -174,8 +178,9 @@ function sudo_get_users($list_all_user = false) {
foreach ($a_group as $group) {
/* The "all" group is internal and doesn't make sense to use here. */
- if ($group['name'] == "all")
+ if ($group['name'] == "all") {
continue;
+ }
$tmpgroup = array();
$tmpgroup["name"] = "group:{$group['name']}";
$tmpgroup["descr"] = "Group: {$group['name']}";
@@ -185,20 +190,23 @@ function sudo_get_users($list_all_user = false) {
return $users;
}
-/* Make sure commands passed in are valid executables to help ensure a valid sudoers file and expected behavior.
- This also forces the user to give full paths to executables, which they should be doing anyhow.
+/*
+Make sure commands passed in are valid executables to help ensure a valid sudoers file and expected behavior.
+This also forces the user to give full paths to executables, which they should be doing anyhow.
*/
function sudo_validate_commands(&$input_errors) {
$idx = 0;
while(isset($_POST["cmdlist{$idx}"])) {
$commands = $_POST["cmdlist" . $idx++];
- if (strtoupper($commands) == "ALL")
+ if (strtoupper($commands) == "ALL") {
continue;
+ }
$commands = explode(",", $commands);
foreach ($commands as $command) {
list($cmd, $params) = explode(" ", trim($command), 2);
- if (!is_executable($cmd))
+ if (!is_executable($cmd)) {
$input_errors[] = htmlspecialchars($cmd) . " is not an executable command.";
+ }
}
}
}
diff --git a/config/sudo/sudo.xml b/config/sudo/sudo.xml
index 069606ba..e9b4dcbb 100644
--- a/config/sudo/sudo.xml
+++ b/config/sudo/sudo.xml
@@ -1,9 +1,48 @@
<?xml version="1.0" encoding="utf-8" ?>
<packagegui>
+ <copyright>
+ <![CDATA[
+/* $Id$ */
+/* ====================================================================================== */
+/*
+ sudo.xml
+ part of pfSense (https://www.pfSense.org/)
+ Copyright (C) 2013 Jim Pingle
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+*/
+/* ====================================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+/* ====================================================================================== */
+ ]]>
+ </copyright>
<description>Sudo Command Control</description>
<requirements>None</requirements>
<name>sudo</name>
- <version>0.2.5</version>
+ <version>0.2.6</version>
<title>Sudo - Shell Command Privilege Delegation Utility</title>
<include_file>/usr/local/pkg/sudo.inc</include_file>
<menu>
@@ -15,7 +54,6 @@
<configpath>installedpackages->package->sudo</configpath>
<additional_files_needed>
<prefix>/usr/local/pkg/</prefix>
- <chmod>077</chmod>
<item>https://packages.pfsense.org/packages/config/sudo/sudo.inc</item>
</additional_files_needed>
<fields>
diff --git a/pkg_config.10.xml b/pkg_config.10.xml
index 2f485ae8..e2ef44c6 100644
--- a/pkg_config.10.xml
+++ b/pkg_config.10.xml
@@ -1570,7 +1570,7 @@
<pkginfolink>https://doc.pfsense.org/index.php/Sudo_Package</pkginfolink>
<descr><![CDATA[sudo allows delegation of privileges to users in the shell so commands can be run as other users, such as root.]]></descr>
<category>Security</category>
- <version>0.2.5</version>
+ <version>0.2.6</version>
<status>Beta</status>
<required_version>2.2</required_version>
<config_file>https://packages.pfsense.org/packages/config/sudo/sudo.xml</config_file>