NSS: Add override_shell option

If override_shell is specified in the [nss] section, all users
managed by SSSD will have their shell set to this value. If it is
specified in the [domain/DOMAINNAME] section, it will apply to
only that domain (and override the [nss] value, if any).

https://fedorahosted.org/sssd/ticket/1087

2 files changed, 12 insertions, 0 deletions

diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index ab0d00480..37a5758c7 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -1064,6 +1064,16 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
         }
     }
 
+    tmp = ldb_msg_find_attr_as_string(res->msgs[0],
+                                      CONFDB_NSS_OVERRIDE_SHELL, NULL);
+    if (tmp != NULL) {
+        domain->override_shell = talloc_strdup(domain, tmp);
+        if (!domain->override_shell) {
+            ret = ENOMEM;
+            goto done;
+        }
+    }
+
     ret = get_entry_as_bool(res->msgs[0], &domain->case_sensitive,
                             CONFDB_DOMAIN_CASE_SENSITIVE, true);
     if(ret != EOK) {
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index 6f6b730ae..d06ec7a35 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -87,6 +87,7 @@
 #define CONFDB_NSS_PWFIELD  "pwfield"
 #define CONFDB_NSS_OVERRIDE_HOMEDIR "override_homedir"
 #define CONFDB_NSS_FALLBACK_HOMEDIR "fallback_homedir"
+#define CONFDB_NSS_OVERRIDE_SHELL  "override_shell"
 #define CONFDB_NSS_VETOED_SHELL  "vetoed_shells"
 #define CONFDB_NSS_ALLOWED_SHELL "allowed_shells"
 #define CONFDB_NSS_SHELL_FALLBACK "shell_fallback"
@@ -207,6 +208,7 @@ struct sss_domain_info {
     const char *override_homedir;
     const char *fallback_homedir;
     const char *subdomain_homedir;
+    const char *override_shell;
 
     uint32_t user_timeout;
     uint32_t group_timeout;