Add vetoed_shells optionsssd-1.5.1-47.el6

There may be users in LDAP that have a valid but unwelcome shell
set in their account. This adds a blacklist of shells that should
always be replaced by the fallback_shell.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>

Prevent segfault if vetoed_shells are specified without allowed_shells

https://fedorahosted.org/sssd/ticket/954

1 files changed, 4 insertions, 0 deletions

diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index dde2e95ef..cb0acfe13 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -188,6 +188,10 @@ static int nss_get_config(struct nss_ctx *nctx,
                                     &nctx->allowed_shells);
     if (ret != EOK && ret != ENOENT) goto done;
 
+    ret = confdb_get_string_as_list(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
+                                    CONFDB_NSS_VETOED_SHELL,
+                                    &nctx->vetoed_shells);
+    if (ret != EOK && ret != ENOENT) goto done;
     ret = nss_get_etc_shells(nctx, &nctx->etc_shells);
     if (ret != EOK) goto done;