From f4ae260c8ae8e54f0d40bfd337fbe9ed42253adb Mon Sep 17 00:00:00 2001 From: jim-p Date: Fri, 7 Nov 2014 09:41:53 -0500 Subject: Work around some path issues to let sudo work on 2.2. Will likely need a better long-term solution. Ticket #3994 --- config/sudo/sudo.inc | 26 +++++++++++++++++++++++--- pkg_config.10.xml | 2 +- pkg_config.8.xml | 2 +- pkg_config.8.xml.amd64 | 2 +- 4 files changed, 26 insertions(+), 6 deletions(-) diff --git a/config/sudo/sudo.inc b/config/sudo/sudo.inc index 68cf4a00..a69d9211 100644 --- a/config/sudo/sudo.inc +++ b/config/sudo/sudo.inc @@ -33,16 +33,30 @@ switch ($pfs_version) { case "1.2": case "2.0": define('SUDO_BASE','/usr/local'); + define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/sudo'); break; - default: + case "2.1": // Hackish way to detect if someone manually did pkg_add rather than use pbi. - if (is_dir('/usr/pbi/sudo-' . php_uname("m"))) + if (is_dir('/usr/pbi/sudo-' . php_uname("m"))) { define('SUDO_BASE', '/usr/pbi/sudo-' . php_uname("m")); - else + define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/'); + } else { define('SUDO_BASE','/usr/local'); + define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/sudo'); + } + break; + default: + define('SUDO_BASE','/usr/local'); + // Hackish way to detect if someone manually did pkg_add rather than use pbi. + if (is_dir('/usr/pbi/sudo-' . php_uname("m"))) { + define('SUDO_LIBEXEC_DIR', '/usr/pbi/sudo-' . php_uname("m") . '/local/libexec/sudo'); + } else { + define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/sudo'); + } } define('SUDO_CONFIG_DIR', SUDO_BASE . '/etc'); +define('SUDO_CONF', SUDO_CONFIG_DIR . '/sudo.conf'); define('SUDO_SUDOERS', SUDO_CONFIG_DIR . '/sudoers'); function sudo_install() { @@ -73,6 +87,12 @@ function sudo_write_config() { global $config; $sudoers = ""; conf_mount_rw(); + + $sudoconf = "Plugin sudoers_policy " . SUDO_LIBEXEC_DIR . "/sudoers.so\n"; + $sudoconf .= "Plugin sudoers_io " . SUDO_LIBEXEC_DIR . "/sudoers.so\n"; + $sudoconf .= "Path noexec " . SUDO_LIBEXEC_DIR . "/sudo_noexec.so\n"; + file_put_contents(SUDO_CONF, $sudoconf); + if (!is_array($config['installedpackages']['sudo']['config'][0]['row'])) { /* No config, wipe sudoers file and bail. */ unlink(SUDO_SUDOERS); diff --git a/pkg_config.10.xml b/pkg_config.10.xml index 5a00da13..1310f1e2 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -1426,7 +1426,7 @@ https://doc.pfsense.org/index.php/Sudo_Package Security - 0.2.2 + 0.2.3 Beta 2.2 https://packages.pfsense.org/packages/config/sudo/sudo.xml diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 8d7bcd94..e1f6cc24 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -1831,7 +1831,7 @@ https://doc.pfsense.org/index.php/Sudo_Package Security - 0.2.1 + 0.2.3 Beta 2.0.2 https://packages.pfsense.org/packages/config/sudo/sudo.xml diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 88792d6a..87cc2107 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -1818,7 +1818,7 @@ https://doc.pfsense.org/index.php/Sudo_Package Security - 0.2.1 + 0.2.3 Beta 2.0.2 https://packages.pfsense.org/packages/config/sudo/sudo.xml -- cgit v1.2.3