diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2012-07-19 15:50:52 -0400 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-07-20 20:21:19 +0200 |
commit | 695bca9d2f73096254308e0883fcc74b2631850e (patch) | |
tree | c3f6e7dae7c8e96bc2ae5b380e1946f9bad3b2ef /src/responder | |
parent | 5f879ab8b6c1cefbc63e1c2303f79b09b6246ca3 (diff) | |
download | sssd-695bca9d2f73096254308e0883fcc74b2631850e.tar.gz sssd-695bca9d2f73096254308e0883fcc74b2631850e.tar.xz sssd-695bca9d2f73096254308e0883fcc74b2631850e.zip |
NSS: Add override_shell option
If override_shell is specified in the [nss] section, all users
managed by SSSD will have their shell set to this value. If it is
specified in the [domain/DOMAINNAME] section, it will apply to
only that domain (and override the [nss] value, if any).
https://fedorahosted.org/sssd/ticket/1087
Diffstat (limited to 'src/responder')
-rw-r--r-- | src/responder/nss/nsssrv.c | 5 | ||||
-rw-r--r-- | src/responder/nss/nsssrv.h | 1 | ||||
-rw-r--r-- | src/responder/nss/nsssrv_cmd.c | 14 |
3 files changed, 18 insertions, 2 deletions
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index cd2060e45..64267e868 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -182,6 +182,11 @@ static int nss_get_config(struct nss_ctx *nctx, &nctx->fallback_homedir); if (ret != EOK) goto done; + ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY, + CONFDB_NSS_OVERRIDE_SHELL, NULL, + &nctx->override_shell); + if (ret != EOK && ret != ENOENT) goto done; + ret = confdb_get_string_as_list(cdb, nctx, CONFDB_NSS_CONF_ENTRY, CONFDB_NSS_ALLOWED_SHELL, &nctx->allowed_shells); diff --git a/src/responder/nss/nsssrv.h b/src/responder/nss/nsssrv.h index 58cd3da0f..a8b2c3c97 100644 --- a/src/responder/nss/nsssrv.h +++ b/src/responder/nss/nsssrv.h @@ -63,6 +63,7 @@ struct nss_ctx { char *override_homedir; char *fallback_homedir; char **allowed_shells; + char *override_shell; char **vetoed_shells; char **etc_shells; char *shell_fallback; diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index 5c5f8060b..64fd7a587 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -155,11 +155,21 @@ static const char *get_homedir_override(TALLOC_CTX *mem_ctx, static const char *get_shell_override(TALLOC_CTX *mem_ctx, struct ldb_message *msg, - struct nss_ctx *nctx) + struct nss_ctx *nctx, + struct sss_domain_info *dom) { const char *user_shell; int i; + /* Check whether we are unconditionally overriding the server + * for the login shell. + */ + if (dom->override_shell) { + return dom->override_shell; + } else if (nctx->override_shell) { + return nctx->override_shell; + } + user_shell = ldb_msg_find_attr_as_string(msg, SYSDB_SHELL, NULL); if (!user_shell) { /* Check whether there is a default shell specified */ @@ -303,7 +313,7 @@ static int fill_pwent(struct sss_packet *packet, } else { to_sized_string(&homedir, tmpstr); } - tmpstr = get_shell_override(tmp_ctx, msg, nctx); + tmpstr = get_shell_override(tmp_ctx, msg, nctx, dom); if (!tmpstr) { to_sized_string(&shell, ""); } else { |