diff options
| author | John Hodrien <J.H.Hodrien@leeds.ac.uk> | 2011-07-29 10:04:05 -0400 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-08-02 07:47:59 -0400 |
| commit | 6daf03f2597d6a0177cac74dbfcdd502521cf2e2 (patch) | |
| tree | 976c28b75f130262cf7804139410ebeb0346beff /src/responder/nss/nsssrv_cmd.c | |
| parent | 7afe9f88aa7fb2f04d9ae5fbe6bed8890dfd5e9a (diff) | |
| download | sssd-6daf03f2597d6a0177cac74dbfcdd502521cf2e2.tar.gz sssd-6daf03f2597d6a0177cac74dbfcdd502521cf2e2.tar.xz sssd-6daf03f2597d6a0177cac74dbfcdd502521cf2e2.zip | |
Add vetoed_shells option
There may be users in LDAP that have a valid but unwelcome shell
set in their account. This adds a blacklist of shells that should
always be replaced by the fallback_shell.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
Diffstat (limited to 'src/responder/nss/nsssrv_cmd.c')
| -rw-r--r-- | src/responder/nss/nsssrv_cmd.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index aa1b471d5..415e7a31a 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -314,7 +314,18 @@ static const char *get_shell_override(TALLOC_CTX *mem_ctx, user_shell = ldb_msg_find_attr_as_string(msg, SYSDB_SHELL, NULL); if (!user_shell) return NULL; - if (!nctx->allowed_shells) return talloc_strdup(mem_ctx, user_shell); + if (!nctx->allowed_shells && !nctx->vetoed_shells) return talloc_strdup(mem_ctx, user_shell); + + if (nctx->vetoed_shells) + { + for (i=0; nctx->vetoed_shells[i]; i++) { + if (strcmp(nctx->vetoed_shells[i], user_shell) == 0) { + DEBUG(5, ("The shell '%s' is vetoed. " + "Using fallback\n", user_shell)); + return talloc_strdup(mem_ctx, nctx->shell_fallback); + } + } + } for (i=0; nctx->etc_shells[i]; i++) { if (strcmp(user_shell, nctx->etc_shells[i]) == 0) { |