diff options
| author | John Hodrien <J.H.Hodrien@leeds.ac.uk> | 2011-07-29 10:04:05 -0400 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-07-29 10:13:26 -0400 |
| commit | 1dc99c9d468cfe2a7f7286a8969c586f8740bb9f (patch) | |
| tree | 5bde5191ec2a67eea5e62ccda694ae2fafc812a5 /src/responder/nss/nsssrv_cmd.c | |
| parent | 336879aabae137f9a81304f147fb0d43001654b0 (diff) | |
| download | sssd-1dc99c9d468cfe2a7f7286a8969c586f8740bb9f.tar.gz sssd-1dc99c9d468cfe2a7f7286a8969c586f8740bb9f.tar.xz sssd-1dc99c9d468cfe2a7f7286a8969c586f8740bb9f.zip | |
Add vetoed_shells option
There may be users in LDAP that have a valid but unwelcome shell
set in their account. This adds a blacklist of shells that should
always be replaced by the fallback_shell.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
Diffstat (limited to 'src/responder/nss/nsssrv_cmd.c')
| -rw-r--r-- | src/responder/nss/nsssrv_cmd.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index 57eb9154d..5dbd3ca74 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -314,7 +314,18 @@ static const char *get_shell_override(TALLOC_CTX *mem_ctx, user_shell = ldb_msg_find_attr_as_string(msg, SYSDB_SHELL, NULL); if (!user_shell) return NULL; - if (!nctx->allowed_shells) return talloc_strdup(mem_ctx, user_shell); + if (!nctx->allowed_shells && !nctx->vetoed_shells) return talloc_strdup(mem_ctx, user_shell); + + if (nctx->vetoed_shells) + { + for (i=0; nctx->vetoed_shells[i]; i++) { + if (strcmp(nctx->vetoed_shells[i], user_shell) == 0) { + DEBUG(5, ("The shell '%s' is vetoed. " + "Using fallback\n", user_shell)); + return talloc_strdup(mem_ctx, nctx->shell_fallback); + } + } + } for (i=0; nctx->etc_shells[i]; i++) { if (strcmp(user_shell, nctx->etc_shells[i]) == 0) { |