diff options
Diffstat (limited to 'src/responder/nss/nsssrv_cmd.c')
| -rw-r--r-- | src/responder/nss/nsssrv_cmd.c | 39 |
1 files changed, 38 insertions, 1 deletions
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index 4386da71..e698b5ec 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -305,6 +305,43 @@ static const char *get_homedir_override(TALLOC_CTX *mem_ctx, ldb_msg_find_attr_as_string(msg, SYSDB_HOMEDIR, NULL)); } +static const char *get_shell_override(TALLOC_CTX *mem_ctx, + struct ldb_message *msg, + struct nss_ctx *nctx) +{ + const char *user_shell; + int i; + + user_shell = ldb_msg_find_attr_as_string(msg, SYSDB_SHELL, NULL); + if (!user_shell) return NULL; + if (!nctx->allowed_shells) return talloc_strdup(mem_ctx, user_shell); + + for (i=0; nctx->etc_shells[i]; i++) { + if (strcmp(user_shell, nctx->etc_shells[i]) == 0) { + DEBUG(9, ("Shell %s found in /etc/shells\n", + nctx->etc_shells[i])); + break; + } + } + + if (nctx->etc_shells[i]) { + DEBUG(9, ("Using original shell '%s'\n", user_shell)); + return talloc_strdup(mem_ctx, user_shell); + } + + for (i=0; nctx->allowed_shells[i]; i++) { + if (strcmp(nctx->allowed_shells[i], user_shell) == 0) { + DEBUG(5, ("The shell '%s' is allowed but does not exist. " + "Using fallback\n", user_shell)); + return talloc_strdup(mem_ctx, nctx->shell_fallback); + } + } + + DEBUG(5, ("The shell '%s' is not allowed and does not exist.\n", + user_shell)); + return talloc_strdup(mem_ctx, NOLOGIN_SHELL); +} + static int fill_pwent(struct sss_packet *packet, struct sss_domain_info *dom, struct nss_ctx *nctx, @@ -373,7 +410,7 @@ static int fill_pwent(struct sss_packet *packet, gecos = ldb_msg_find_attr_as_string(msg, SYSDB_GECOS, NULL); homedir = get_homedir_override(tmp_ctx, msg, nctx, dom, name, uid); - shell = ldb_msg_find_attr_as_string(msg, SYSDB_SHELL, NULL); + shell = get_shell_override(tmp_ctx, msg, nctx); if (!gecos) gecos = ""; if (!homedir) homedir = "/"; |