diff options
| author | Renato Botelho <renato@netgate.com> | 2015-08-03 09:01:16 -0300 |
|---|---|---|
| committer | Renato Botelho <renato@netgate.com> | 2015-08-03 09:01:16 -0300 |
| commit | e2957d644dabb146de90c19c710d9420a30d6778 (patch) | |
| tree | b62381e5d3d44637f893b89ed6135fe274595b72 | |
| parent | ce76b1f0010a6b378d1f47d03367c20850c19da4 (diff) | |
| parent | 78fe829d18ae9c4fdd7fa4cb82be8045f65f5609 (diff) | |
| download | pfsense-packages-e2957d644dabb146de90c19c710d9420a30d6778.tar.gz pfsense-packages-e2957d644dabb146de90c19c710d9420a30d6778.tar.bz2 pfsense-packages-e2957d644dabb146de90c19c710d9420a30d6778.zip | |
Merge pull request #923 from doktornotor/patch-12
| -rw-r--r-- | config/sudo/sudo.inc | 30 | ||||
| -rw-r--r-- | config/sudo/sudo.xml | 42 | ||||
| -rw-r--r-- | pkg_config.10.xml | 2 |
3 files changed, 60 insertions, 14 deletions
diff --git a/config/sudo/sudo.inc b/config/sudo/sudo.inc index 1c07984d..ed0feb9c 100644 --- a/config/sudo/sudo.inc +++ b/config/sudo/sudo.inc @@ -1,8 +1,9 @@ <?php /* sudo.inc - + part of pfSense (https://www.pfSense.org/) Copyright (C) 2013 Jim Pingle (jpingle@gmail.com) + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -32,7 +33,7 @@ global $pfs_version; $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); switch ($pfs_version) { case "2.1": - // Hackish way to detect if someone manually did pkg_add rather than use pbi. + /* Hackish way to detect if someone manually did pkg_add rather than use pbi. */ if (is_dir('/usr/pbi/sudo-' . php_uname("m"))) { define('SUDO_BASE', '/usr/pbi/sudo-' . php_uname("m")); define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/'); @@ -43,7 +44,7 @@ switch ($pfs_version) { break; case "2.2": define('SUDO_BASE','/usr/local'); - // Hackish way to detect if someone manually did pkg_add rather than use pbi. + /* Hackish way to detect if someone manually did pkg_add rather than use pbi. */ if (is_dir('/usr/pbi/sudo-' . php_uname("m"))) { define('SUDO_LIBEXEC_DIR', '/usr/pbi/sudo-' . php_uname("m") . '/local/libexec/sudo'); } else { @@ -132,16 +133,19 @@ function sudo_write_config() { conf_mount_ro(); } -/* Get a list of users and groups in a format we can use to make proper sudoers entries. +/* +Get a list of users and groups in a format we can use to make proper sudoers entries. Optionally include "ALL" as a user (for use by the Run As list) */ function sudo_get_users($list_all_user = false) { global $config; - if (!is_array($config['system']['user'])) + if (!is_array($config['system']['user'])) { $config['system']['user'] = array(); + } $a_user = &$config['system']['user']; - if (!is_array($config['system']['group'])) + if (!is_array($config['system']['group'])) { $config['system']['group'] = array(); + } $a_group = &$config['system']['group']; $users = array(); @@ -174,8 +178,9 @@ function sudo_get_users($list_all_user = false) { foreach ($a_group as $group) { /* The "all" group is internal and doesn't make sense to use here. */ - if ($group['name'] == "all") + if ($group['name'] == "all") { continue; + } $tmpgroup = array(); $tmpgroup["name"] = "group:{$group['name']}"; $tmpgroup["descr"] = "Group: {$group['name']}"; @@ -185,20 +190,23 @@ function sudo_get_users($list_all_user = false) { return $users; } -/* Make sure commands passed in are valid executables to help ensure a valid sudoers file and expected behavior. - This also forces the user to give full paths to executables, which they should be doing anyhow. +/* +Make sure commands passed in are valid executables to help ensure a valid sudoers file and expected behavior. +This also forces the user to give full paths to executables, which they should be doing anyhow. */ function sudo_validate_commands(&$input_errors) { $idx = 0; while(isset($_POST["cmdlist{$idx}"])) { $commands = $_POST["cmdlist" . $idx++]; - if (strtoupper($commands) == "ALL") + if (strtoupper($commands) == "ALL") { continue; + } $commands = explode(",", $commands); foreach ($commands as $command) { list($cmd, $params) = explode(" ", trim($command), 2); - if (!is_executable($cmd)) + if (!is_executable($cmd)) { $input_errors[] = htmlspecialchars($cmd) . " is not an executable command."; + } } } } diff --git a/config/sudo/sudo.xml b/config/sudo/sudo.xml index 069606ba..e9b4dcbb 100644 --- a/config/sudo/sudo.xml +++ b/config/sudo/sudo.xml @@ -1,9 +1,48 @@ <?xml version="1.0" encoding="utf-8" ?> <packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ====================================================================================== */ +/* + sudo.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Jim Pingle + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <description>Sudo Command Control</description> <requirements>None</requirements> <name>sudo</name> - <version>0.2.5</version> + <version>0.2.6</version> <title>Sudo - Shell Command Privilege Delegation Utility</title> <include_file>/usr/local/pkg/sudo.inc</include_file> <menu> @@ -15,7 +54,6 @@ <configpath>installedpackages->package->sudo</configpath> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/sudo/sudo.inc</item> </additional_files_needed> <fields> diff --git a/pkg_config.10.xml b/pkg_config.10.xml index 2f485ae8..e2ef44c6 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -1570,7 +1570,7 @@ <pkginfolink>https://doc.pfsense.org/index.php/Sudo_Package</pkginfolink> <descr><![CDATA[sudo allows delegation of privileges to users in the shell so commands can be run as other users, such as root.]]></descr> <category>Security</category> - <version>0.2.5</version> + <version>0.2.6</version> <status>Beta</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/sudo/sudo.xml</config_file> |