diff options
author | Denis Kutin <dekutin@ya.ru> | 2013-11-16 16:48:21 +0400 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-22 16:40:20 +0200 |
commit | e88d426def412c0dde83e15fe17cdf374ee70166 (patch) | |
tree | eef55b64b1d3849112dbfbdb0d7c33985a059b28 | |
parent | 03b02ec99ea4be8e6f41c70dbe91d7175d5b63ea (diff) | |
download | sssd-e88d426def412c0dde83e15fe17cdf374ee70166.tar.gz sssd-e88d426def412c0dde83e15fe17cdf374ee70166.tar.xz sssd-e88d426def412c0dde83e15fe17cdf374ee70166.zip |
NSS: Possibility to use any shells in 'allowed_shells'
Resolves:
https://fedorahosted.org/sssd/ticket/2219
Signed-off-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Pavel Reichl <preichl@redhat.com>
-rw-r--r-- | src/man/sssd.conf.5.xml | 10 | ||||
-rw-r--r-- | src/responder/nss/nsssrv_cmd.c | 19 |
2 files changed, 23 insertions, 6 deletions
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index d6bc42ca0..e2cb0b81b 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -630,6 +630,16 @@ fallback_homedir = /home/%u is used. </para> <para> + The wildcard (*) can be used to allow any shell. + </para> + <para> + The (*) is useful if you want to use + shell_fallback in case that user's shell is not + in <quote>/etc/shells</quote> and maintaining list + of all allowed shells in allowed_shells would be + to much overhead. + </para> + <para> An empty string for shell is passed as-is to libc. </para> <para> diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index 616f83dda..4ec99c153 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -284,12 +284,19 @@ static const char *get_shell_override(TALLOC_CTX *mem_ctx, } if (nctx->allowed_shells) { - for (i=0; nctx->allowed_shells[i]; i++) { - if (strcmp(nctx->allowed_shells[i], user_shell) == 0) { - DEBUG(SSSDBG_FUNC_DATA, - "The shell '%s' is allowed but does not exist. " - "Using fallback\n", user_shell); - return talloc_strdup(mem_ctx, nctx->shell_fallback); + if (strcmp(nctx->allowed_shells[0], "*") == 0) { + DEBUG(SSSDBG_FUNC_DATA, + "The shell '%s' is allowed but does not exist. " + "Using fallback\n", user_shell); + return talloc_strdup(mem_ctx, nctx->shell_fallback); + } else { + for (i=0; nctx->allowed_shells[i]; i++) { + if (strcmp(nctx->allowed_shells[i], user_shell) == 0) { + DEBUG(SSSDBG_FUNC_DATA, + "The shell '%s' is allowed but does not exist. " + "Using fallback\n", user_shell); + return talloc_strdup(mem_ctx, nctx->shell_fallback); + } } } } |