From 695bca9d2f73096254308e0883fcc74b2631850e Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Thu, 19 Jul 2012 15:50:52 -0400
Subject: NSS: Add override_shell option

If override_shell is specified in the [nss] section, all users
managed by SSSD will have their shell set to this value. If it is
specified in the [domain/DOMAINNAME] section, it will apply to
only that domain (and override the [nss] value, if any).

https://fedorahosted.org/sssd/ticket/1087
---
 src/responder/nss/nsssrv.c     |  5 +++++
 src/responder/nss/nsssrv.h     |  1 +
 src/responder/nss/nsssrv_cmd.c | 14 ++++++++++++--
 3 files changed, 18 insertions(+), 2 deletions(-)

(limited to 'src/responder')

diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index cd2060e45..64267e868 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -182,6 +182,11 @@ static int nss_get_config(struct nss_ctx *nctx,
                             &nctx->fallback_homedir);
     if (ret != EOK) goto done;
 
+    ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
+                            CONFDB_NSS_OVERRIDE_SHELL, NULL,
+                            &nctx->override_shell);
+    if (ret != EOK && ret != ENOENT) goto done;
+
     ret = confdb_get_string_as_list(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
                                     CONFDB_NSS_ALLOWED_SHELL,
                                     &nctx->allowed_shells);
diff --git a/src/responder/nss/nsssrv.h b/src/responder/nss/nsssrv.h
index 58cd3da0f..a8b2c3c97 100644
--- a/src/responder/nss/nsssrv.h
+++ b/src/responder/nss/nsssrv.h
@@ -63,6 +63,7 @@ struct nss_ctx {
     char *override_homedir;
     char *fallback_homedir;
     char **allowed_shells;
+    char *override_shell;
     char **vetoed_shells;
     char **etc_shells;
     char *shell_fallback;
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index 5c5f8060b..64fd7a587 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -155,11 +155,21 @@ static const char *get_homedir_override(TALLOC_CTX *mem_ctx,
 
 static const char *get_shell_override(TALLOC_CTX *mem_ctx,
                                       struct ldb_message *msg,
-                                      struct nss_ctx *nctx)
+                                      struct nss_ctx *nctx,
+                                      struct sss_domain_info *dom)
 {
     const char *user_shell;
     int i;
 
+    /* Check whether we are unconditionally overriding the server
+     * for the login shell.
+     */
+    if (dom->override_shell) {
+        return dom->override_shell;
+    } else if (nctx->override_shell) {
+        return nctx->override_shell;
+    }
+
     user_shell = ldb_msg_find_attr_as_string(msg, SYSDB_SHELL, NULL);
     if (!user_shell) {
         /* Check whether there is a default shell specified */
@@ -303,7 +313,7 @@ static int fill_pwent(struct sss_packet *packet,
         } else {
             to_sized_string(&homedir, tmpstr);
         }
-        tmpstr = get_shell_override(tmp_ctx, msg, nctx);
+        tmpstr = get_shell_override(tmp_ctx, msg, nctx, dom);
         if (!tmpstr) {
             to_sized_string(&shell, "");
         } else {
-- 
cgit