summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2012-05-09 12:43:06 -0400
committerStephen Gallagher <sgallagh@redhat.com>2012-05-09 19:23:09 -0400
commit312818233ce48471c56d1a7589579892d9726e3b (patch)
treed080a3d6d90cda4305b779ffcd2ba6a4bc79ff89 /src
parentf6dbb235373b122ae15643ef5dbbe821ee1307d9 (diff)
downloadsssd-312818233ce48471c56d1a7589579892d9726e3b.tar.gz
sssd-312818233ce48471c56d1a7589579892d9726e3b.tar.xz
sssd-312818233ce48471c56d1a7589579892d9726e3b.zip
NSS: Add default_shell option
This option will allow administrators to set a default shell to be used if a user does not have one set in the identity provider. https://fedorahosted.org/sssd/ticket/1289
Diffstat (limited to 'src')
-rw-r--r--src/confdb/confdb.h1
-rw-r--r--src/config/SSSDConfig.py1
-rw-r--r--src/config/etc/sssd.api.conf1
-rw-r--r--src/man/sssd.conf.5.xml15
-rw-r--r--src/responder/nss/nsssrv.c7
-rw-r--r--src/responder/nss/nsssrv.h1
-rw-r--r--src/responder/nss/nsssrv_cmd.c8
7 files changed, 33 insertions, 1 deletions
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index c816d5334..2468f7e50 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -85,6 +85,7 @@
#define CONFDB_NSS_VETOED_SHELL "vetoed_shells"
#define CONFDB_NSS_ALLOWED_SHELL "allowed_shells"
#define CONFDB_NSS_SHELL_FALLBACK "shell_fallback"
+#define CONFDB_NSS_DEFAULT_SHELL "default_shell"
/* PAM */
#define CONFDB_PAM_CONF_ENTRY "config/pam"
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index 894837d40..a44e138f6 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -67,6 +67,7 @@ option_strings = {
'allowed_shells' : _('The list of shells users are allowed to log in with'),
'vetoed_shells' : _('The list of shells that will be vetoed, and replaced with the fallback shell'),
'shell_fallback' : _('If a shell stored in central directory is allowed but not available, use this fallback'),
+ 'default_shell': _('Shell to use if the provider does not list one'),
# [pam]
'offline_credentials_expiration' : _('How long to allow cached logins between online logins (days)'),
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index ca946dab0..a1caa7b53 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -36,6 +36,7 @@ fallback_homedir = str, None, false
allowed_shells = list, str, false
vetoed_shells = list, str, false
shell_fallback = str, None, false
+default_shell = str, None, false
get_domains_timeout = int, None, false
[pam]
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 24c6a74a5..1332f2891 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -517,6 +517,21 @@
</listitem>
</varlistentry>
<varlistentry>
+ <term>default_shell</term>
+ <listitem>
+ <para>
+ The default shell to use if the provider does not
+ return one during lookup. This option supercedes
+ any other shell options if it takes effect.
+ </para>
+ <para>
+ Default: not set (Return NULL if no shell is
+ specified and rely on libc to substitute something
+ sensible when necessary, usually /bin/sh)
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
<term>get_domains_timeout (int)</term>
<listitem>
<para>
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index c8ee444a8..9cb4a5697 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -192,6 +192,7 @@ static int nss_get_config(struct nss_ctx *nctx,
CONFDB_NSS_VETOED_SHELL,
&nctx->vetoed_shells);
if (ret != EOK && ret != ENOENT) goto done;
+
ret = nss_get_etc_shells(nctx, &nctx->etc_shells);
if (ret != EOK) goto done;
@@ -201,6 +202,12 @@ static int nss_get_config(struct nss_ctx *nctx,
&nctx->shell_fallback);
if (ret != EOK) goto done;
+ ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
+ CONFDB_NSS_DEFAULT_SHELL,
+ NULL,
+ &nctx->default_shell);
+ if (ret != EOK) goto done;
+
ret = 0;
done:
return ret;
diff --git a/src/responder/nss/nsssrv.h b/src/responder/nss/nsssrv.h
index 5b5ae50b9..58cd3da0f 100644
--- a/src/responder/nss/nsssrv.h
+++ b/src/responder/nss/nsssrv.h
@@ -66,6 +66,7 @@ struct nss_ctx {
char **vetoed_shells;
char **etc_shells;
char *shell_fallback;
+ char *default_shell;
struct sss_mc_ctx *pwd_mc_ctx;
struct sss_mc_ctx *grp_mc_ctx;
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index d448fa859..263499bfe 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -161,7 +161,13 @@ static const char *get_shell_override(TALLOC_CTX *mem_ctx,
int i;
user_shell = ldb_msg_find_attr_as_string(msg, SYSDB_SHELL, NULL);
- if (!user_shell) return NULL;
+ if (!user_shell) {
+ /* Check whether there is a default shell specified */
+ if (nctx->default_shell) {
+ return talloc_strdup(mem_ctx, nctx->default_shell);
+ }
+ return NULL;
+ }
if (!nctx->allowed_shells && !nctx->vetoed_shells) return talloc_strdup(mem_ctx, user_shell);
if (nctx->vetoed_shells) {