diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2011-05-17 16:49:19 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-06-02 15:30:29 -0400 |
commit | 9b5eccc8894994151e33fc4546b97b76b2da5b1d (patch) | |
tree | b5e7624aa60772779082eff4eed3098ab351fecc /src/responder/nss/nsssrv_cmd.c | |
parent | 72c3252abe5d200e8e3a5a1ad26b6b96d2beffef (diff) | |
download | sssd-9b5eccc8894994151e33fc4546b97b76b2da5b1d.tar.gz sssd-9b5eccc8894994151e33fc4546b97b76b2da5b1d.tar.xz sssd-9b5eccc8894994151e33fc4546b97b76b2da5b1d.zip |
Add new options to override shell value
https://fedorahosted.org/sssd/ticket/742
Conflicts:
src/conf_macros.m4
Diffstat (limited to 'src/responder/nss/nsssrv_cmd.c')
-rw-r--r-- | src/responder/nss/nsssrv_cmd.c | 39 |
1 files changed, 38 insertions, 1 deletions
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index c8021a72d..db7edd023 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -305,6 +305,43 @@ static const char *get_homedir_override(TALLOC_CTX *mem_ctx, ldb_msg_find_attr_as_string(msg, SYSDB_HOMEDIR, NULL)); } +static const char *get_shell_override(TALLOC_CTX *mem_ctx, + struct ldb_message *msg, + struct nss_ctx *nctx) +{ + const char *user_shell; + int i; + + user_shell = ldb_msg_find_attr_as_string(msg, SYSDB_SHELL, NULL); + if (!user_shell) return NULL; + if (!nctx->allowed_shells) return talloc_strdup(mem_ctx, user_shell); + + for (i=0; nctx->etc_shells[i]; i++) { + if (strcmp(user_shell, nctx->etc_shells[i]) == 0) { + DEBUG(9, ("Shell %s found in /etc/shells\n", + nctx->etc_shells[i])); + break; + } + } + + if (nctx->etc_shells[i]) { + DEBUG(9, ("Using original shell '%s'\n", user_shell)); + return talloc_strdup(mem_ctx, user_shell); + } + + for (i=0; nctx->allowed_shells[i]; i++) { + if (strcmp(nctx->allowed_shells[i], user_shell) == 0) { + DEBUG(5, ("The shell '%s' is allowed but does not exist. " + "Using fallback\n", user_shell)); + return talloc_strdup(mem_ctx, nctx->shell_fallback); + } + } + + DEBUG(5, ("The shell '%s' is not allowed and does not exist.\n", + user_shell)); + return talloc_strdup(mem_ctx, NOLOGIN_SHELL); +} + static int fill_pwent(struct sss_packet *packet, struct sss_domain_info *dom, struct nss_ctx *nctx, @@ -373,7 +410,7 @@ static int fill_pwent(struct sss_packet *packet, gecos = ldb_msg_find_attr_as_string(msg, SYSDB_GECOS, NULL); homedir = get_homedir_override(tmp_ctx, msg, nctx, dom, name, uid); - shell = ldb_msg_find_attr_as_string(msg, SYSDB_SHELL, NULL); + shell = get_shell_override(tmp_ctx, msg, nctx); if (!gecos) gecos = ""; if (!homedir) homedir = "/"; |