diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/sudo/sudo.inc | 30 |
1 files changed, 19 insertions, 11 deletions
diff --git a/config/sudo/sudo.inc b/config/sudo/sudo.inc index 1c07984d..ed0feb9c 100644 --- a/config/sudo/sudo.inc +++ b/config/sudo/sudo.inc @@ -1,8 +1,9 @@ <?php /* sudo.inc - + part of pfSense (https://www.pfSense.org/) Copyright (C) 2013 Jim Pingle (jpingle@gmail.com) + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -32,7 +33,7 @@ global $pfs_version; $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); switch ($pfs_version) { case "2.1": - // Hackish way to detect if someone manually did pkg_add rather than use pbi. + /* Hackish way to detect if someone manually did pkg_add rather than use pbi. */ if (is_dir('/usr/pbi/sudo-' . php_uname("m"))) { define('SUDO_BASE', '/usr/pbi/sudo-' . php_uname("m")); define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/'); @@ -43,7 +44,7 @@ switch ($pfs_version) { break; case "2.2": define('SUDO_BASE','/usr/local'); - // Hackish way to detect if someone manually did pkg_add rather than use pbi. + /* Hackish way to detect if someone manually did pkg_add rather than use pbi. */ if (is_dir('/usr/pbi/sudo-' . php_uname("m"))) { define('SUDO_LIBEXEC_DIR', '/usr/pbi/sudo-' . php_uname("m") . '/local/libexec/sudo'); } else { @@ -132,16 +133,19 @@ function sudo_write_config() { conf_mount_ro(); } -/* Get a list of users and groups in a format we can use to make proper sudoers entries. +/* +Get a list of users and groups in a format we can use to make proper sudoers entries. Optionally include "ALL" as a user (for use by the Run As list) */ function sudo_get_users($list_all_user = false) { global $config; - if (!is_array($config['system']['user'])) + if (!is_array($config['system']['user'])) { $config['system']['user'] = array(); + } $a_user = &$config['system']['user']; - if (!is_array($config['system']['group'])) + if (!is_array($config['system']['group'])) { $config['system']['group'] = array(); + } $a_group = &$config['system']['group']; $users = array(); @@ -174,8 +178,9 @@ function sudo_get_users($list_all_user = false) { foreach ($a_group as $group) { /* The "all" group is internal and doesn't make sense to use here. */ - if ($group['name'] == "all") + if ($group['name'] == "all") { continue; + } $tmpgroup = array(); $tmpgroup["name"] = "group:{$group['name']}"; $tmpgroup["descr"] = "Group: {$group['name']}"; @@ -185,20 +190,23 @@ function sudo_get_users($list_all_user = false) { return $users; } -/* Make sure commands passed in are valid executables to help ensure a valid sudoers file and expected behavior. - This also forces the user to give full paths to executables, which they should be doing anyhow. +/* +Make sure commands passed in are valid executables to help ensure a valid sudoers file and expected behavior. +This also forces the user to give full paths to executables, which they should be doing anyhow. */ function sudo_validate_commands(&$input_errors) { $idx = 0; while(isset($_POST["cmdlist{$idx}"])) { $commands = $_POST["cmdlist" . $idx++]; - if (strtoupper($commands) == "ALL") + if (strtoupper($commands) == "ALL") { continue; + } $commands = explode(",", $commands); foreach ($commands as $command) { list($cmd, $params) = explode(" ", trim($command), 2); - if (!is_executable($cmd)) + if (!is_executable($cmd)) { $input_errors[] = htmlspecialchars($cmd) . " is not an executable command."; + } } } } |