Work around some path issues to let sudo work on 2.2. Will likely nee…

…d a better long-term solution. Ticket #3994
pfsense · Nov 7, 2014 · f4ae260 · f4ae260
1 parent 23e422f
commit f4ae260
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 6 deletions.
diff --git a/config/sudo/sudo.inc b/config/sudo/sudo.inc
@@ -33,16 +33,30 @@ switch ($pfs_version) {
 	case "1.2":
 	case "2.0":
 		define('SUDO_BASE','/usr/local');
+		define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/sudo');
 		break;
-	default:
+	case "2.1":
 		// Hackish way to detect if someone manually did pkg_add rather than use pbi.
-		if (is_dir('/usr/pbi/sudo-' . php_uname("m")))
+		if (is_dir('/usr/pbi/sudo-' . php_uname("m"))) {
 			define('SUDO_BASE', '/usr/pbi/sudo-' . php_uname("m"));
-		else
+			define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/');
+		} else {
 			define('SUDO_BASE','/usr/local');
+			define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/sudo');
+		}
+		break;
+	default:
+		define('SUDO_BASE','/usr/local');
+		// Hackish way to detect if someone manually did pkg_add rather than use pbi.
+		if (is_dir('/usr/pbi/sudo-' . php_uname("m"))) {
+			define('SUDO_LIBEXEC_DIR', '/usr/pbi/sudo-' . php_uname("m") . '/local/libexec/sudo');
+		} else {
+			define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/sudo');
+		}
 }
 
 define('SUDO_CONFIG_DIR', SUDO_BASE . '/etc');
+define('SUDO_CONF', SUDO_CONFIG_DIR . '/sudo.conf');
 define('SUDO_SUDOERS', SUDO_CONFIG_DIR . '/sudoers');
 
 function sudo_install() {
@@ -73,6 +87,12 @@ function sudo_write_config() {
 	global $config;
 	$sudoers = "";
 	conf_mount_rw();
+
+	$sudoconf = "Plugin sudoers_policy " . SUDO_LIBEXEC_DIR . "/sudoers.so\n";
+	$sudoconf .= "Plugin sudoers_io " . SUDO_LIBEXEC_DIR . "/sudoers.so\n";
+	$sudoconf .= "Path noexec " . SUDO_LIBEXEC_DIR . "/sudo_noexec.so\n";
+	file_put_contents(SUDO_CONF, $sudoconf);
+
 	if (!is_array($config['installedpackages']['sudo']['config'][0]['row'])) {
 		/* No config, wipe sudoers file and bail. */
 		unlink(SUDO_SUDOERS);

diff --git a/pkg_config.10.xml b/pkg_config.10.xml
@@ -1426,7 +1426,7 @@
 		<pkginfolink>https://doc.pfsense.org/index.php/Sudo_Package</pkginfolink>
 		<descr><![CDATA[sudo allows delegation of privileges to users in the shell so commands can be run as other users, such as root.]]></descr>
 		<category>Security</category>
-		<version>0.2.2</version>
+		<version>0.2.3</version>
 		<status>Beta</status>
 		<required_version>2.2</required_version>
 		<config_file>https://packages.pfsense.org/packages/config/sudo/sudo.xml</config_file>

diff --git a/pkg_config.8.xml b/pkg_config.8.xml
@@ -1831,7 +1831,7 @@
 		<pkginfolink>https://doc.pfsense.org/index.php/Sudo_Package</pkginfolink>
 		<descr><![CDATA[sudo allows delegation of privileges to users in the shell so commands can be run as other users, such as root.]]></descr>
 		<category>Security</category>
-		<version>0.2.1</version>
+		<version>0.2.3</version>
 		<status>Beta</status>
 		<required_version>2.0.2</required_version>
 		<config_file>https://packages.pfsense.org/packages/config/sudo/sudo.xml</config_file>

diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
@@ -1818,7 +1818,7 @@
 		<pkginfolink>https://doc.pfsense.org/index.php/Sudo_Package</pkginfolink>
 		<descr><![CDATA[sudo allows delegation of privileges to users in the shell so commands can be run as other users, such as root.]]></descr>
 		<category>Security</category>
-		<version>0.2.1</version>
+		<version>0.2.3</version>
 		<status>Beta</status>
 		<required_version>2.0.2</required_version>
 		<config_file>https://packages.pfsense.org/packages/config/sudo/sudo.xml</config_file>