From 1dc99c9d468cfe2a7f7286a8969c586f8740bb9f Mon Sep 17 00:00:00 2001
From: John Hodrien <J.H.Hodrien@leeds.ac.uk>
Date: Fri, 29 Jul 2011 10:04:05 -0400
Subject: Add vetoed_shells option

There may be users in LDAP that have a valid but unwelcome shell
set in their account. This adds a blacklist of shells that should
always be replaced by the fallback_shell.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
---
 src/responder/nss/nsssrv_cmd.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'src/responder/nss/nsssrv_cmd.c')

diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index 57eb9154d..5dbd3ca74 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -314,7 +314,18 @@ static const char *get_shell_override(TALLOC_CTX *mem_ctx,
 
     user_shell = ldb_msg_find_attr_as_string(msg, SYSDB_SHELL, NULL);
     if (!user_shell) return NULL;
-    if (!nctx->allowed_shells) return talloc_strdup(mem_ctx, user_shell);
+    if (!nctx->allowed_shells && !nctx->vetoed_shells) return talloc_strdup(mem_ctx, user_shell);
+
+    if (nctx->vetoed_shells)
+    {
+        for (i=0; nctx->vetoed_shells[i]; i++) {
+            if (strcmp(nctx->vetoed_shells[i], user_shell) == 0) {
+                DEBUG(5, ("The shell '%s' is vetoed. "
+                         "Using fallback\n", user_shell));
+                return talloc_strdup(mem_ctx, nctx->shell_fallback);
+            }
+        }
+    }
 
     for (i=0; nctx->etc_shells[i]; i++) {
         if (strcmp(user_shell, nctx->etc_shells[i]) == 0) {
-- 
cgit