Commit 273692e5 authored by Franco Fichtner's avatar Franco Fichtner

system: add sudo configure option to permit admins access; closes #990

This is especially useful for "sudo su" in manually created admins
to gain access to the console menu without compromising the root
password.
parent 5f50315c
...@@ -1910,6 +1910,14 @@ function system_console_configure() ...@@ -1910,6 +1910,14 @@ function system_console_configure()
{ {
global $config; global $config;
$sudo_conf = '/usr/local/etc/sudoers.d/opnsense';
if (!empty($config['system']['sudo_allow_wheel'])) {
file_put_contents($sudo_conf, "%wheel ALL=(ALL) ALL\n");
} else {
@unlink($sudo_conf);
}
$serialspeed = (!empty($config['system']['serialspeed']) && is_numeric($config['system']['serialspeed'])) ? $config['system']['serialspeed'] : '115200'; $serialspeed = (!empty($config['system']['serialspeed']) && is_numeric($config['system']['serialspeed'])) ? $config['system']['serialspeed'] : '115200';
$serial_enabled = isset($config['system']['enableserial']); $serial_enabled = isset($config['system']['enableserial']);
......
...@@ -42,6 +42,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -42,6 +42,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig['ssl-certref'] = $config['system']['webgui']['ssl-certref']; $pconfig['ssl-certref'] = $config['system']['webgui']['ssl-certref'];
$pconfig['disablehttpredirect'] = isset($config['system']['webgui']['disablehttpredirect']); $pconfig['disablehttpredirect'] = isset($config['system']['webgui']['disablehttpredirect']);
$pconfig['disableconsolemenu'] = isset($config['system']['disableconsolemenu']); $pconfig['disableconsolemenu'] = isset($config['system']['disableconsolemenu']);
$pconfig['sudo_allow_wheel'] = isset($config['system']['sudo_allow_wheel']);
$pconfig['noantilockout'] = isset($config['system']['webgui']['noantilockout']); $pconfig['noantilockout'] = isset($config['system']['webgui']['noantilockout']);
$pconfig['nodnsrebindcheck'] = isset($config['system']['webgui']['nodnsrebindcheck']); $pconfig['nodnsrebindcheck'] = isset($config['system']['webgui']['nodnsrebindcheck']);
$pconfig['nohttpreferercheck'] = isset($config['system']['webgui']['nohttpreferercheck']); $pconfig['nohttpreferercheck'] = isset($config['system']['webgui']['nohttpreferercheck']);
...@@ -115,6 +116,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -115,6 +116,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($config['system']['disableconsolemenu']); unset($config['system']['disableconsolemenu']);
} }
if ($pconfig['sudo_allow_wheel'] == "yes") {
$config['system']['sudo_allow_wheel'] = true;
} elseif (isset($config['system']['sudo_allow_wheel'])) {
unset($config['system']['sudo_allow_wheel']);
}
if ($pconfig['noantilockout'] == "yes") { if ($pconfig['noantilockout'] == "yes") {
$config['system']['webgui']['noantilockout'] = true; $config['system']['webgui']['noantilockout'] = true;
} elseif (isset($config['system']['webgui']['noantilockout'])) { } elseif (isset($config['system']['webgui']['noantilockout'])) {
...@@ -313,7 +320,7 @@ include("head.inc"); ...@@ -313,7 +320,7 @@ include("head.inc");
<td width="22%"><strong><?=gettext("webConfigurator");?></strong></td> <td width="22%"><strong><?=gettext("webConfigurator");?></strong></td>
<td width="78%" align="right"> <td width="78%" align="right">
<small><?=gettext("full help"); ?> </small> <small><?=gettext("full help"); ?> </small>
<i class="fa fa-toggle-off text-danger" style="cursor: pointer;" id="show_all_help_page" type="button"></i> <i class="fa fa-toggle-off text-danger" style="cursor: pointer;" id="show_all_help_page" type="button"></i>
</td> </td>
</tr> </tr>
<tr> <tr>
...@@ -491,7 +498,7 @@ include("head.inc"); ...@@ -491,7 +498,7 @@ include("head.inc");
<tr> <tr>
<td><a id="help_for_sshport" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("SSH port"); ?></td> <td><a id="help_for_sshport" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("SSH port"); ?></td>
<td width="78%"> <td width="78%">
<input name="sshport" type="text" value="<?=$pconfig['sshport'];?>"/> <input name="sshport" type="text" value="<?=$pconfig['sshport'];?>"/>
<div class="hidden" for="help_for_sshport"> <div class="hidden" for="help_for_sshport">
<?=gettext("Leave this blank for the default of 22."); ?> <?=gettext("Leave this blank for the default of 22."); ?>
</div> </div>
...@@ -559,13 +566,17 @@ include("head.inc"); ...@@ -559,13 +566,17 @@ include("head.inc");
<th colspan="2"><?=gettext("Console Options"); ?></th> <th colspan="2"><?=gettext("Console Options"); ?></th>
</tr> </tr>
<tr> <tr>
<td><a id="help_for_disableconsolemenu" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?= gettext("Console menu") ?></td> <td><i class="fa fa-info-circle text-muted"></i></a> <?= gettext("Console menu") ?></td>
<td width="78%"> <td width="78%">
<input name="disableconsolemenu" type="checkbox" value="yes" <?= empty($pconfig['disableconsolemenu']) ? '' : 'checked="checked"' ?> /> <input name="disableconsolemenu" type="checkbox" value="yes" <?= empty($pconfig['disableconsolemenu']) ? '' : 'checked="checked"' ?> />
<strong><?=gettext("Password protect the console menu"); ?></strong> <strong><?=gettext("Password protect the console menu"); ?></strong>
<div class="hidden" for="help_for_disableconsolemenu"> </td>
<?=gettext("Changes to this option will take effect after a reboot."); ?> </tr>
</div> <tr>
<td><i class="fa fa-info-circle text-muted"></i> <?= gettext("Allow SUDO") ?></td>
<td width="78%">
<input name="sudo_allow_wheel" type="checkbox" value="yes" <?= empty($pconfig['sudo_allow_wheel']) ? '' : 'checked="checked"' ?> />
<strong><?= gettext('Allow administrators to use the SUDO utility') ?></strong>
</td> </td>
</tr> </tr>
<tr> <tr>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment