Add vetoed_shells option

There may be users in LDAP that have a valid but unwelcome shell set in their account. This adds a blacklist of shells that should always be replaced by the fallback_shell. Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
author: John Hodrien <J.H.Hodrien@leeds.ac.uk> 2011-07-29 10:04:05 -0400
committer: Stephen Gallagher <sgallagh@redhat.com> 2011-07-29 10:13:26 -0400
commit: 1dc99c9d468cfe2a7f7286a8969c586f8740bb9f (patch)
tree: 5bde5191ec2a67eea5e62ccda694ae2fafc812a5 /src/responder/nss/nsssrv.c
parent: 336879aabae137f9a81304f147fb0d43001654b0 (diff)
download: sssd-1dc99c9d468cfe2a7f7286a8969c586f8740bb9f.tar.gz
sssd-1dc99c9d468cfe2a7f7286a8969c586f8740bb9f.tar.xz
sssd-1dc99c9d468cfe2a7f7286a8969c586f8740bb9f.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index b9d548e41..ec2f0caf0 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -188,6 +188,10 @@ static int nss_get_config(struct nss_ctx *nctx,
                                     &nctx->allowed_shells);
     if (ret != EOK && ret != ENOENT) goto done;
 
+    ret = confdb_get_string_as_list(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
+                                    CONFDB_NSS_VETOED_SHELL,
+                                    &nctx->vetoed_shells);
+    if (ret != EOK && ret != ENOENT) goto done;
     ret = nss_get_etc_shells(nctx, &nctx->etc_shells);
     if (ret != EOK) goto done;
author	John Hodrien <J.H.Hodrien@leeds.ac.uk>	2011-07-29 10:04:05 -0400
committer	Stephen Gallagher <sgallagh@redhat.com>	2011-07-29 10:13:26 -0400
commit	1dc99c9d468cfe2a7f7286a8969c586f8740bb9f (patch)
tree	5bde5191ec2a67eea5e62ccda694ae2fafc812a5 /src/responder/nss/nsssrv.c
parent	336879aabae137f9a81304f147fb0d43001654b0 (diff)
download	sssd-1dc99c9d468cfe2a7f7286a8969c586f8740bb9f.tar.gz sssd-1dc99c9d468cfe2a7f7286a8969c586f8740bb9f.tar.xz sssd-1dc99c9d468cfe2a7f7286a8969c586f8740bb9f.zip