diff options
author | jim-p <jimp@pfsense.org> | 2014-11-07 09:41:53 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2014-11-07 09:41:53 -0500 |
commit | f4ae260c8ae8e54f0d40bfd337fbe9ed42253adb (patch) | |
tree | adcd8f436f71670582270778c6c86a77a51543d3 /config/sudo/sudo.inc | |
parent | 23e422f1c31275000637c371bf9d8f650ce82545 (diff) | |
download | pfsense-packages-f4ae260c8ae8e54f0d40bfd337fbe9ed42253adb.tar.gz pfsense-packages-f4ae260c8ae8e54f0d40bfd337fbe9ed42253adb.tar.bz2 pfsense-packages-f4ae260c8ae8e54f0d40bfd337fbe9ed42253adb.zip |
Work around some path issues to let sudo work on 2.2. Will likely need a better long-term solution. Ticket #3994
Diffstat (limited to 'config/sudo/sudo.inc')
-rw-r--r-- | config/sudo/sudo.inc | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/config/sudo/sudo.inc b/config/sudo/sudo.inc index 68cf4a00..a69d9211 100644 --- a/config/sudo/sudo.inc +++ b/config/sudo/sudo.inc @@ -33,16 +33,30 @@ switch ($pfs_version) { case "1.2": case "2.0": define('SUDO_BASE','/usr/local'); + define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/sudo'); break; - default: + case "2.1": // Hackish way to detect if someone manually did pkg_add rather than use pbi. - if (is_dir('/usr/pbi/sudo-' . php_uname("m"))) + if (is_dir('/usr/pbi/sudo-' . php_uname("m"))) { define('SUDO_BASE', '/usr/pbi/sudo-' . php_uname("m")); - else + define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/'); + } else { define('SUDO_BASE','/usr/local'); + define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/sudo'); + } + break; + default: + define('SUDO_BASE','/usr/local'); + // Hackish way to detect if someone manually did pkg_add rather than use pbi. + if (is_dir('/usr/pbi/sudo-' . php_uname("m"))) { + define('SUDO_LIBEXEC_DIR', '/usr/pbi/sudo-' . php_uname("m") . '/local/libexec/sudo'); + } else { + define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/sudo'); + } } define('SUDO_CONFIG_DIR', SUDO_BASE . '/etc'); +define('SUDO_CONF', SUDO_CONFIG_DIR . '/sudo.conf'); define('SUDO_SUDOERS', SUDO_CONFIG_DIR . '/sudoers'); function sudo_install() { @@ -73,6 +87,12 @@ function sudo_write_config() { global $config; $sudoers = ""; conf_mount_rw(); + + $sudoconf = "Plugin sudoers_policy " . SUDO_LIBEXEC_DIR . "/sudoers.so\n"; + $sudoconf .= "Plugin sudoers_io " . SUDO_LIBEXEC_DIR . "/sudoers.so\n"; + $sudoconf .= "Path noexec " . SUDO_LIBEXEC_DIR . "/sudo_noexec.so\n"; + file_put_contents(SUDO_CONF, $sudoconf); + if (!is_array($config['installedpackages']['sudo']['config'][0]['row'])) { /* No config, wipe sudoers file and bail. */ unlink(SUDO_SUDOERS); |