From f4ae260c8ae8e54f0d40bfd337fbe9ed42253adb Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Fri, 7 Nov 2014 09:41:53 -0500
Subject: Work around some path issues to let sudo work on 2.2. Will likely
 need a better long-term solution. Ticket #3994

---
 config/sudo/sudo.inc | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

(limited to 'config')

diff --git a/config/sudo/sudo.inc b/config/sudo/sudo.inc
index 68cf4a00..a69d9211 100644
--- a/config/sudo/sudo.inc
+++ b/config/sudo/sudo.inc
@@ -33,16 +33,30 @@ switch ($pfs_version) {
 	case "1.2":
 	case "2.0":
 		define('SUDO_BASE','/usr/local');
+		define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/sudo');
 		break;
-	default:
+	case "2.1":
 		// Hackish way to detect if someone manually did pkg_add rather than use pbi.
-		if (is_dir('/usr/pbi/sudo-' . php_uname("m")))
+		if (is_dir('/usr/pbi/sudo-' . php_uname("m"))) {
 			define('SUDO_BASE', '/usr/pbi/sudo-' . php_uname("m"));
-		else
+			define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/');
+		} else {
 			define('SUDO_BASE','/usr/local');
+			define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/sudo');
+		}
+		break;
+	default:
+		define('SUDO_BASE','/usr/local');
+		// Hackish way to detect if someone manually did pkg_add rather than use pbi.
+		if (is_dir('/usr/pbi/sudo-' . php_uname("m"))) {
+			define('SUDO_LIBEXEC_DIR', '/usr/pbi/sudo-' . php_uname("m") . '/local/libexec/sudo');
+		} else {
+			define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/sudo');
+		}
 }
 
 define('SUDO_CONFIG_DIR', SUDO_BASE . '/etc');
+define('SUDO_CONF', SUDO_CONFIG_DIR . '/sudo.conf');
 define('SUDO_SUDOERS', SUDO_CONFIG_DIR . '/sudoers');
 
 function sudo_install() {
@@ -73,6 +87,12 @@ function sudo_write_config() {
 	global $config;
 	$sudoers = "";
 	conf_mount_rw();
+
+	$sudoconf = "Plugin sudoers_policy " . SUDO_LIBEXEC_DIR . "/sudoers.so\n";
+	$sudoconf .= "Plugin sudoers_io " . SUDO_LIBEXEC_DIR . "/sudoers.so\n";
+	$sudoconf .= "Path noexec " . SUDO_LIBEXEC_DIR . "/sudo_noexec.so\n";
+	file_put_contents(SUDO_CONF, $sudoconf);
+
 	if (!is_array($config['installedpackages']['sudo']['config'][0]['row'])) {
 		/* No config, wipe sudoers file and bail. */
 		unlink(SUDO_SUDOERS);
-- 
cgit v1.2.3