diff options
Diffstat (limited to 'config/sudo')
| -rw-r--r-- | config/sudo/sudo.inc | 30 | ||||
| -rw-r--r-- | config/sudo/sudo.xml | 42 |
2 files changed, 59 insertions, 13 deletions
diff --git a/config/sudo/sudo.inc b/config/sudo/sudo.inc index 1c07984d..ed0feb9c 100644 --- a/config/sudo/sudo.inc +++ b/config/sudo/sudo.inc @@ -1,8 +1,9 @@ <?php /* sudo.inc - + part of pfSense (https://www.pfSense.org/) Copyright (C) 2013 Jim Pingle (jpingle@gmail.com) + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -32,7 +33,7 @@ global $pfs_version; $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); switch ($pfs_version) { case "2.1": - // Hackish way to detect if someone manually did pkg_add rather than use pbi. + /* Hackish way to detect if someone manually did pkg_add rather than use pbi. */ if (is_dir('/usr/pbi/sudo-' . php_uname("m"))) { define('SUDO_BASE', '/usr/pbi/sudo-' . php_uname("m")); define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/'); @@ -43,7 +44,7 @@ switch ($pfs_version) { break; case "2.2": define('SUDO_BASE','/usr/local'); - // Hackish way to detect if someone manually did pkg_add rather than use pbi. + /* Hackish way to detect if someone manually did pkg_add rather than use pbi. */ if (is_dir('/usr/pbi/sudo-' . php_uname("m"))) { define('SUDO_LIBEXEC_DIR', '/usr/pbi/sudo-' . php_uname("m") . '/local/libexec/sudo'); } else { @@ -132,16 +133,19 @@ function sudo_write_config() { conf_mount_ro(); } -/* Get a list of users and groups in a format we can use to make proper sudoers entries. +/* +Get a list of users and groups in a format we can use to make proper sudoers entries. Optionally include "ALL" as a user (for use by the Run As list) */ function sudo_get_users($list_all_user = false) { global $config; - if (!is_array($config['system']['user'])) + if (!is_array($config['system']['user'])) { $config['system']['user'] = array(); + } $a_user = &$config['system']['user']; - if (!is_array($config['system']['group'])) + if (!is_array($config['system']['group'])) { $config['system']['group'] = array(); + } $a_group = &$config['system']['group']; $users = array(); @@ -174,8 +178,9 @@ function sudo_get_users($list_all_user = false) { foreach ($a_group as $group) { /* The "all" group is internal and doesn't make sense to use here. */ - if ($group['name'] == "all") + if ($group['name'] == "all") { continue; + } $tmpgroup = array(); $tmpgroup["name"] = "group:{$group['name']}"; $tmpgroup["descr"] = "Group: {$group['name']}"; @@ -185,20 +190,23 @@ function sudo_get_users($list_all_user = false) { return $users; } -/* Make sure commands passed in are valid executables to help ensure a valid sudoers file and expected behavior. - This also forces the user to give full paths to executables, which they should be doing anyhow. +/* +Make sure commands passed in are valid executables to help ensure a valid sudoers file and expected behavior. +This also forces the user to give full paths to executables, which they should be doing anyhow. */ function sudo_validate_commands(&$input_errors) { $idx = 0; while(isset($_POST["cmdlist{$idx}"])) { $commands = $_POST["cmdlist" . $idx++]; - if (strtoupper($commands) == "ALL") + if (strtoupper($commands) == "ALL") { continue; + } $commands = explode(",", $commands); foreach ($commands as $command) { list($cmd, $params) = explode(" ", trim($command), 2); - if (!is_executable($cmd)) + if (!is_executable($cmd)) { $input_errors[] = htmlspecialchars($cmd) . " is not an executable command."; + } } } } diff --git a/config/sudo/sudo.xml b/config/sudo/sudo.xml index 069606ba..e9b4dcbb 100644 --- a/config/sudo/sudo.xml +++ b/config/sudo/sudo.xml @@ -1,9 +1,48 @@ <?xml version="1.0" encoding="utf-8" ?> <packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ====================================================================================== */ +/* + sudo.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Jim Pingle + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <description>Sudo Command Control</description> <requirements>None</requirements> <name>sudo</name> - <version>0.2.5</version> + <version>0.2.6</version> <title>Sudo - Shell Command Privilege Delegation Utility</title> <include_file>/usr/local/pkg/sudo.inc</include_file> <menu> @@ -15,7 +54,6 @@ <configpath>installedpackages->package->sudo</configpath> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/sudo/sudo.inc</item> </additional_files_needed> <fields> |