NSS: Move nss_get_shell_override to responder utils

Move nss_get_shell_override to common responder utils and rename it to
sss_resp_get_shell_override to make it available to other responders. In
particular let PAM responder use it to provide original shell when it is
overriden for session recording.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>

3 files changed, 89 insertions, 84 deletions

diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h
index 7a998967f..ba5b73bcc 100644
--- a/src/responder/common/responder.h
+++ b/src/responder/common/responder.h
@@ -404,6 +404,11 @@ char *sss_resp_create_fqname(TALLOC_CTX *mem_ctx,
 
 errno_t sss_resp_populate_cr_domains(struct resp_ctx *rctx);
 
+const char *
+sss_resp_get_shell_override(struct ldb_message *msg,
+                            struct resp_ctx *rctx,
+                            struct sss_domain_info *domain);
+
 /**
  * Helper functions to format output names
  */
diff --git a/src/responder/common/responder_utils.c b/src/responder/common/responder_utils.c
index 7f5c05730..521896088 100644
--- a/src/responder/common/responder_utils.c
+++ b/src/responder/common/responder_utils.c
@@ -399,3 +399,86 @@ int resp_resolve_group_names_recv(TALLOC_CTX *mem_ctx,
     *_initgr_named_res = talloc_steal(mem_ctx, state->initgr_named_res);
     return EOK;
 }
+
+const char *
+sss_resp_get_shell_override(struct ldb_message *msg,
+                            struct resp_ctx *rctx,
+                            struct sss_domain_info *domain)
+{
+    const char *shell;
+    int i;
+
+    /* Check whether we are unconditionally overriding
+     * the server for the login shell. */
+    if (domain->override_shell) {
+        return domain->override_shell;
+    } else if (rctx->override_shell) {
+        return rctx->override_shell;
+    }
+
+    shell = sss_view_ldb_msg_find_attr_as_string(domain, msg, SYSDB_SHELL,
+                                                 NULL);
+    if (shell == NULL) {
+        /* Check whether there is a default shell specified */
+        if (domain->default_shell) {
+            return domain->default_shell;
+        } else if (rctx->default_shell) {
+            return rctx->default_shell;
+        }
+
+        return "";
+    }
+
+    if (rctx->allowed_shells == NULL && rctx->vetoed_shells == NULL) {
+        return shell;
+    }
+
+    if (rctx->vetoed_shells) {
+        for (i = 0; rctx->vetoed_shells[i]; i++) {
+            if (strcmp(rctx->vetoed_shells[i], shell) == 0) {
+                DEBUG(SSSDBG_FUNC_DATA,
+                      "The shell '%s' is vetoed. Using fallback.\n",
+                      shell);
+                return rctx->shell_fallback;
+            }
+        }
+    }
+
+    if (rctx->etc_shells) {
+        for (i = 0; rctx->etc_shells[i]; i++) {
+            if (strcmp(shell, rctx->etc_shells[i]) == 0) {
+                DEBUG(SSSDBG_TRACE_ALL,
+                      "Shell %s found in /etc/shells\n", shell);
+                break;
+            }
+        }
+
+        if (rctx->etc_shells[i]) {
+            DEBUG(SSSDBG_TRACE_ALL, "Using original shell '%s'\n", shell);
+            return shell;
+        }
+    }
+
+    if (rctx->allowed_shells) {
+        if (strcmp(rctx->allowed_shells[0], "*") == 0) {
+            DEBUG(SSSDBG_FUNC_DATA,
+                  "The shell '%s' is allowed but does not exist. "
+                  "Using fallback\n", shell);
+            return rctx->shell_fallback;
+        } else {
+            for (i = 0; rctx->allowed_shells[i]; i++) {
+                if (strcmp(rctx->allowed_shells[i], shell) == 0) {
+                    DEBUG(SSSDBG_FUNC_DATA,
+                          "The shell '%s' is allowed but does not exist. "
+                          "Using fallback\n", shell);
+                    return rctx->shell_fallback;
+                }
+            }
+        }
+    }
+
+    DEBUG(SSSDBG_FUNC_DATA,
+          "The shell '%s' is not allowed and does not exist.\n", shell);
+
+    return NOLOGIN_SHELL;
+}
diff --git a/src/responder/nss/nss_protocol_pwent.c b/src/responder/nss/nss_protocol_pwent.c
index cb11ea3d4..6c1de3123 100644
--- a/src/responder/nss/nss_protocol_pwent.c
+++ b/src/responder/nss/nss_protocol_pwent.c
@@ -119,89 +119,6 @@ nss_get_homedir(TALLOC_CTX *mem_ctx,
     return homedir;
 }
 
-static const char *
-nss_get_shell_override(struct ldb_message *msg,
-                       struct resp_ctx *rctx,
-                       struct sss_domain_info *domain)
-{
-    const char *shell;
-    int i;
-
-    /* Check whether we are unconditionally overriding
-     * the server for the login shell. */
-    if (domain->override_shell) {
-        return domain->override_shell;
-    } else if (rctx->override_shell) {
-        return rctx->override_shell;
-    }
-
-    shell = sss_view_ldb_msg_find_attr_as_string(domain, msg, SYSDB_SHELL,
-                                                 NULL);
-    if (shell == NULL) {
-        /* Check whether there is a default shell specified */
-        if (domain->default_shell) {
-            return domain->default_shell;
-        } else if (rctx->default_shell) {
-            return rctx->default_shell;
-        }
-
-        return "";
-    }
-
-    if (rctx->allowed_shells == NULL && rctx->vetoed_shells == NULL) {
-        return shell;
-    }
-
-    if (rctx->vetoed_shells) {
-        for (i = 0; rctx->vetoed_shells[i]; i++) {
-            if (strcmp(rctx->vetoed_shells[i], shell) == 0) {
-                DEBUG(SSSDBG_FUNC_DATA,
-                      "The shell '%s' is vetoed. Using fallback.\n",
-                      shell);
-                return rctx->shell_fallback;
-            }
-        }
-    }
-
-    if (rctx->etc_shells) {
-        for (i = 0; rctx->etc_shells[i]; i++) {
-            if (strcmp(shell, rctx->etc_shells[i]) == 0) {
-                DEBUG(SSSDBG_TRACE_ALL,
-                      "Shell %s found in /etc/shells\n", shell);
-                break;
-            }
-        }
-
-        if (rctx->etc_shells[i]) {
-            DEBUG(SSSDBG_TRACE_ALL, "Using original shell '%s'\n", shell);
-            return shell;
-        }
-    }
-
-    if (rctx->allowed_shells) {
-        if (strcmp(rctx->allowed_shells[0], "*") == 0) {
-            DEBUG(SSSDBG_FUNC_DATA,
-                  "The shell '%s' is allowed but does not exist. "
-                  "Using fallback\n", shell);
-            return rctx->shell_fallback;
-        } else {
-            for (i = 0; rctx->allowed_shells[i]; i++) {
-                if (strcmp(rctx->allowed_shells[i], shell) == 0) {
-                    DEBUG(SSSDBG_FUNC_DATA,
-                          "The shell '%s' is allowed but does not exist. "
-                          "Using fallback\n", shell);
-                    return rctx->shell_fallback;
-                }
-            }
-        }
-    }
-
-    DEBUG(SSSDBG_FUNC_DATA,
-          "The shell '%s' is not allowed and does not exist.\n", shell);
-
-    return NOLOGIN_SHELL;
-}
-
 static errno_t
 nss_get_pwent(TALLOC_CTX *mem_ctx,
               struct nss_ctx *nss_ctx,
@@ -239,7 +156,7 @@ nss_get_pwent(TALLOC_CTX *mem_ctx,
     gecos = sss_view_ldb_msg_find_attr_as_string(domain, msg, SYSDB_GECOS,
                                                  NULL);
     homedir = nss_get_homedir(mem_ctx, nss_ctx, domain, msg, name, upn, uid);
-    shell = nss_get_shell_override(msg, nss_ctx->rctx, domain);
+    shell = sss_resp_get_shell_override(msg, nss_ctx->rctx, domain);
 
     /* Convert to sized strings. */
     ret = sized_output_name(mem_ctx, nss_ctx->rctx, name, domain, _name);