NSS: Possibility to use any shells in 'allowed_shells'

Resolves: https://fedorahosted.org/sssd/ticket/2219 Signed-off-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
author: Denis Kutin <dekutin@ya.ru> 2013-11-16 16:48:21 +0400
committer: Jakub Hrozek <jhrozek@redhat.com> 2014-10-22 16:40:20 +0200
commit: e88d426def412c0dde83e15fe17cdf374ee70166 (patch)
tree: eef55b64b1d3849112dbfbdb0d7c33985a059b28
parent: 03b02ec99ea4be8e6f41c70dbe91d7175d5b63ea (diff)
download: sssd-e88d426def412c0dde83e15fe17cdf374ee70166.tar.gz
sssd-e88d426def412c0dde83e15fe17cdf374ee70166.tar.xz
sssd-e88d426def412c0dde83e15fe17cdf374ee70166.zip
2 files changed, 23 insertions, 6 deletions
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index d6bc42ca0..e2cb0b81b 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -630,6 +630,16 @@ fallback_homedir = /home/%u
                             is used.
                         </para>
                         <para>
+                            The wildcard (*) can be used to allow any shell.
+                        </para>
+                        <para>
+                            The (*) is useful if you want to use
+                            shell_fallback in case that user's shell is not
+                            in <quote>/etc/shells</quote> and maintaining list
+                            of all allowed shells in allowed_shells would be
+                            to much overhead.
+                        </para>
+                        <para>
                             An empty string for shell is passed as-is to libc.
                         </para>
                         <para>
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index 616f83dda..4ec99c153 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -284,12 +284,19 @@ static const char *get_shell_override(TALLOC_CTX *mem_ctx,
     }
 
     if (nctx->allowed_shells) {
-        for (i=0; nctx->allowed_shells[i]; i++) {
-            if (strcmp(nctx->allowed_shells[i], user_shell) == 0) {
-                DEBUG(SSSDBG_FUNC_DATA,
-                      "The shell '%s' is allowed but does not exist. "
-                        "Using fallback\n", user_shell);
-                return talloc_strdup(mem_ctx, nctx->shell_fallback);
+        if (strcmp(nctx->allowed_shells[0], "*") == 0) {
+            DEBUG(SSSDBG_FUNC_DATA,
+                  "The shell '%s' is allowed but does not exist. "
+                  "Using fallback\n", user_shell);
+            return talloc_strdup(mem_ctx, nctx->shell_fallback);
+        } else {
+            for (i=0; nctx->allowed_shells[i]; i++) {
+                if (strcmp(nctx->allowed_shells[i], user_shell) == 0) {
+                    DEBUG(SSSDBG_FUNC_DATA,
+                          "The shell '%s' is allowed but does not exist. "
+                          "Using fallback\n", user_shell);
+                    return talloc_strdup(mem_ctx, nctx->shell_fallback);
+                }
             }
         }
     }
author	Denis Kutin <dekutin@ya.ru>	2013-11-16 16:48:21 +0400
committer	Jakub Hrozek <jhrozek@redhat.com>	2014-10-22 16:40:20 +0200
commit	e88d426def412c0dde83e15fe17cdf374ee70166 (patch)
tree	eef55b64b1d3849112dbfbdb0d7c33985a059b28
parent	03b02ec99ea4be8e6f41c70dbe91d7175d5b63ea (diff)
download	sssd-e88d426def412c0dde83e15fe17cdf374ee70166.tar.gz sssd-e88d426def412c0dde83e15fe17cdf374ee70166.tar.xz sssd-e88d426def412c0dde83e15fe17cdf374ee70166.zip