diff options
| author | jim-p <jimp@pfsense.org> | 2016-11-07 10:37:25 -0500 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2016-11-07 10:37:25 -0500 |
| commit | f98d15c9f28f88eee0354f432a4b85dc48e8bd67 (patch) | |
| tree | 07d57364d283cb1744253b86d2625f4ac8b0d585 | |
| parent | 996242eb7da1f1e4e012619176dbcfe5eb3ff998 (diff) | |
| download | FreeBSD-ports-f98d15c9f28f88eee0354f432a4b85dc48e8bd67.zip FreeBSD-ports-f98d15c9f28f88eee0354f432a4b85dc48e8bd67.tar.gz | |
Add a way to include custom configuration files in sudo using #includedir. Implements #6859
| -rw-r--r-- | security/pfSense-pkg-sudo/Makefile | 3 | ||||
| -rw-r--r-- | security/pfSense-pkg-sudo/files/usr/local/pkg/sudo.inc | 13 | ||||
| -rw-r--r-- | security/pfSense-pkg-sudo/files/usr/local/pkg/sudo.xml | 25 |
3 files changed, 37 insertions, 4 deletions
diff --git a/security/pfSense-pkg-sudo/Makefile b/security/pfSense-pkg-sudo/Makefile index e0a5119..8060445 100644 --- a/security/pfSense-pkg-sudo/Makefile +++ b/security/pfSense-pkg-sudo/Makefile @@ -1,8 +1,7 @@ # $FreeBSD$ PORTNAME= pfSense-pkg-sudo -PORTVERSION= 0.2.9 -PORTREVISION= 2 +PORTVERSION= 0.3 CATEGORIES= security MASTER_SITES= # empty DISTFILES= # empty diff --git a/security/pfSense-pkg-sudo/files/usr/local/pkg/sudo.inc b/security/pfSense-pkg-sudo/files/usr/local/pkg/sudo.inc index 62e2979..57f3fc3d 100644 --- a/security/pfSense-pkg-sudo/files/usr/local/pkg/sudo.inc +++ b/security/pfSense-pkg-sudo/files/usr/local/pkg/sudo.inc @@ -68,9 +68,14 @@ function sudo_write_config() { log_error("No sudo configuration found, removing sudoers file to prevent unpredictable results."); return; } - $sudocfg = &$config['installedpackages']['sudo']['config'][0]['row']; + $sudocfg = &$config['installedpackages']['sudo']['config'][0]; + + if ($sudocfg['add_includedir'] == 'include_start') { + $sudoers .= "#includedir /usr/local/etc/sudoers.d\n"; + } + /* Parse the config and massage it into proper sudo config lines. */ - foreach ($sudocfg as $sudo_commands) { + foreach ($sudocfg['row'] as $sudo_commands) { // (user|group) ALL=(ALL|user spec) ALL|command list list($etype, $ename) = explode(":", $sudo_commands['username']); $user = ($etype == "group") ? "%{$ename}" : $ename; @@ -82,6 +87,10 @@ function sudo_write_config() { $sudoers .= "{$user} ALL=({$runas}) {$nopasswd} {$commands}\n"; } + if ($sudocfg['add_includedir'] == 'include_end') { + $sudoers .= "#includedir /usr/local/etc/sudoers.d\n"; + } + /* Check validity of the sudoers data created above. */ $tmpsudoers = tempnam("/tmp", "sudoers"); file_put_contents($tmpsudoers, $sudoers); diff --git a/security/pfSense-pkg-sudo/files/usr/local/pkg/sudo.xml b/security/pfSense-pkg-sudo/files/usr/local/pkg/sudo.xml index 2886091..78beded 100644 --- a/security/pfSense-pkg-sudo/files/usr/local/pkg/sudo.xml +++ b/security/pfSense-pkg-sudo/files/usr/local/pkg/sudo.xml @@ -50,6 +50,10 @@ </description> </field> <field> + <name>User Privileges</name> + <type>listtopic</type> + </field> + <field> <fielddescr>User Permissions</fielddescr> <fieldname>none</fieldname> <type>rowhelper</type> @@ -87,6 +91,27 @@ </rowhelperfield> </rowhelper> </field> + <field> + <name>Advanced Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Custom Configuration</fielddescr> + <fieldname>add_includedir</fieldname> + <type>select</type> + <default_value>none</default_value> + <options> + <option><name>Do Not Include</name><value>none</value></option> + <option><name>Include at Start</name><value>include_start</value></option> + <option><name>Include at End</name><value>include_end</value></option> + </options> + <description> + <![CDATA[ + Include additional custom configuration files from <b>/usr/local/etc/sudoers.d</b>.<br /><br /> + Including custom configuration files allows options to be set which are not supported by the GUI, but these files can be a potential security risk and they are not backed up.<br /><br /> + ]]> + </description> + </field> </fields> <custom_php_install_command> <