diff options
author | John Hodrien <J.H.Hodrien@leeds.ac.uk> | 2011-07-29 10:04:05 -0400 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-10-26 10:29:38 -0400 |
commit | 8887696f5a4d993bc4123bd681ebc567fb96b6a8 (patch) | |
tree | edecb5bab0a551f6cec7fa28b3e34845c2a58394 /src/responder/nss/nsssrv_cmd.c | |
parent | ff7aa0c9c9df3e5b93abb807806237f844e7f3fe (diff) | |
download | sssd-8887696f5a4d993bc4123bd681ebc567fb96b6a8.tar.gz sssd-8887696f5a4d993bc4123bd681ebc567fb96b6a8.tar.xz sssd-8887696f5a4d993bc4123bd681ebc567fb96b6a8.zip |
Add vetoed_shells option
There may be users in LDAP that have a valid but unwelcome shell
set in their account. This adds a blacklist of shells that should
always be replaced by the fallback_shell.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
Prevent segfault if vetoed_shells are specified without allowed_shells
https://fedorahosted.org/sssd/ticket/954
Diffstat (limited to 'src/responder/nss/nsssrv_cmd.c')
-rw-r--r-- | src/responder/nss/nsssrv_cmd.c | 44 |
1 files changed, 29 insertions, 15 deletions
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index aa1b471d5..2aa7a9126 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -314,26 +314,40 @@ static const char *get_shell_override(TALLOC_CTX *mem_ctx, user_shell = ldb_msg_find_attr_as_string(msg, SYSDB_SHELL, NULL); if (!user_shell) return NULL; - if (!nctx->allowed_shells) return talloc_strdup(mem_ctx, user_shell); - - for (i=0; nctx->etc_shells[i]; i++) { - if (strcmp(user_shell, nctx->etc_shells[i]) == 0) { - DEBUG(9, ("Shell %s found in /etc/shells\n", - nctx->etc_shells[i])); - break; + if (!nctx->allowed_shells && !nctx->vetoed_shells) return talloc_strdup(mem_ctx, user_shell); + + if (nctx->vetoed_shells) { + for (i=0; nctx->vetoed_shells[i]; i++) { + if (strcmp(nctx->vetoed_shells[i], user_shell) == 0) { + DEBUG(5, ("The shell '%s' is vetoed. " + "Using fallback\n", user_shell)); + return talloc_strdup(mem_ctx, nctx->shell_fallback); + } } } - if (nctx->etc_shells[i]) { - DEBUG(9, ("Using original shell '%s'\n", user_shell)); - return talloc_strdup(mem_ctx, user_shell); + if (nctx->etc_shells) { + for (i=0; nctx->etc_shells[i]; i++) { + if (strcmp(user_shell, nctx->etc_shells[i]) == 0) { + DEBUG(9, ("Shell %s found in /etc/shells\n", + nctx->etc_shells[i])); + break; + } + } + + if (nctx->etc_shells[i]) { + DEBUG(9, ("Using original shell '%s'\n", user_shell)); + return talloc_strdup(mem_ctx, user_shell); + } } - for (i=0; nctx->allowed_shells[i]; i++) { - if (strcmp(nctx->allowed_shells[i], user_shell) == 0) { - DEBUG(5, ("The shell '%s' is allowed but does not exist. " - "Using fallback\n", user_shell)); - return talloc_strdup(mem_ctx, nctx->shell_fallback); + if (nctx->allowed_shells) { + for (i=0; nctx->allowed_shells[i]; i++) { + if (strcmp(nctx->allowed_shells[i], user_shell) == 0) { + DEBUG(5, ("The shell '%s' is allowed but does not exist. " + "Using fallback\n", user_shell)); + return talloc_strdup(mem_ctx, nctx->shell_fallback); + } } } |