Add vetoed_shells option

There may be users in LDAP that have a valid but unwelcome shell set in their account. This adds a blacklist of shells that should always be replaced by the fallback_shell. Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
author: John Hodrien <J.H.Hodrien@leeds.ac.uk> 2011-07-29 10:04:05 -0400
committer: Stephen Gallagher <sgallagh@redhat.com> 2011-08-02 07:47:59 -0400
commit: 6daf03f2597d6a0177cac74dbfcdd502521cf2e2 (patch)
tree: 976c28b75f130262cf7804139410ebeb0346beff /src/responder/nss/nsssrv.c
parent: 7afe9f88aa7fb2f04d9ae5fbe6bed8890dfd5e9a (diff)
download: sssd-6daf03f2597d6a0177cac74dbfcdd502521cf2e2.tar.gz
sssd-6daf03f2597d6a0177cac74dbfcdd502521cf2e2.tar.xz
sssd-6daf03f2597d6a0177cac74dbfcdd502521cf2e2.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index dde2e95ef..cb0acfe13 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -188,6 +188,10 @@ static int nss_get_config(struct nss_ctx *nctx,
                                     &nctx->allowed_shells);
     if (ret != EOK && ret != ENOENT) goto done;
 
+    ret = confdb_get_string_as_list(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
+                                    CONFDB_NSS_VETOED_SHELL,
+                                    &nctx->vetoed_shells);
+    if (ret != EOK && ret != ENOENT) goto done;
     ret = nss_get_etc_shells(nctx, &nctx->etc_shells);
     if (ret != EOK) goto done;
author	John Hodrien <J.H.Hodrien@leeds.ac.uk>	2011-07-29 10:04:05 -0400
committer	Stephen Gallagher <sgallagh@redhat.com>	2011-08-02 07:47:59 -0400
commit	6daf03f2597d6a0177cac74dbfcdd502521cf2e2 (patch)
tree	976c28b75f130262cf7804139410ebeb0346beff /src/responder/nss/nsssrv.c
parent	7afe9f88aa7fb2f04d9ae5fbe6bed8890dfd5e9a (diff)
download	sssd-6daf03f2597d6a0177cac74dbfcdd502521cf2e2.tar.gz sssd-6daf03f2597d6a0177cac74dbfcdd502521cf2e2.tar.xz sssd-6daf03f2597d6a0177cac74dbfcdd502521cf2e2.zip