summaryrefslogtreecommitdiff
path: root/src/responder/nss
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2012-07-19 15:50:52 -0400
committerJakub Hrozek <jhrozek@redhat.com>2012-07-20 20:21:19 +0200
commit695bca9d2f73096254308e0883fcc74b2631850e (patch)
treec3f6e7dae7c8e96bc2ae5b380e1946f9bad3b2ef /src/responder/nss
parent5f879ab8b6c1cefbc63e1c2303f79b09b6246ca3 (diff)
downloadsssd-695bca9d2f73096254308e0883fcc74b2631850e.tar.gz
sssd-695bca9d2f73096254308e0883fcc74b2631850e.tar.bz2
sssd-695bca9d2f73096254308e0883fcc74b2631850e.zip
NSS: Add override_shell option
If override_shell is specified in the [nss] section, all users managed by SSSD will have their shell set to this value. If it is specified in the [domain/DOMAINNAME] section, it will apply to only that domain (and override the [nss] value, if any). https://fedorahosted.org/sssd/ticket/1087
Diffstat (limited to 'src/responder/nss')
-rw-r--r--src/responder/nss/nsssrv.c5
-rw-r--r--src/responder/nss/nsssrv.h1
-rw-r--r--src/responder/nss/nsssrv_cmd.c14
3 files changed, 18 insertions, 2 deletions
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index cd2060e4..64267e86 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -182,6 +182,11 @@ static int nss_get_config(struct nss_ctx *nctx,
&nctx->fallback_homedir);
if (ret != EOK) goto done;
+ ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
+ CONFDB_NSS_OVERRIDE_SHELL, NULL,
+ &nctx->override_shell);
+ if (ret != EOK && ret != ENOENT) goto done;
+
ret = confdb_get_string_as_list(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
CONFDB_NSS_ALLOWED_SHELL,
&nctx->allowed_shells);
diff --git a/src/responder/nss/nsssrv.h b/src/responder/nss/nsssrv.h
index 58cd3da0..a8b2c3c9 100644
--- a/src/responder/nss/nsssrv.h
+++ b/src/responder/nss/nsssrv.h
@@ -63,6 +63,7 @@ struct nss_ctx {
char *override_homedir;
char *fallback_homedir;
char **allowed_shells;
+ char *override_shell;
char **vetoed_shells;
char **etc_shells;
char *shell_fallback;
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index 5c5f8060..64fd7a58 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -155,11 +155,21 @@ static const char *get_homedir_override(TALLOC_CTX *mem_ctx,
static const char *get_shell_override(TALLOC_CTX *mem_ctx,
struct ldb_message *msg,
- struct nss_ctx *nctx)
+ struct nss_ctx *nctx,
+ struct sss_domain_info *dom)
{
const char *user_shell;
int i;
+ /* Check whether we are unconditionally overriding the server
+ * for the login shell.
+ */
+ if (dom->override_shell) {
+ return dom->override_shell;
+ } else if (nctx->override_shell) {
+ return nctx->override_shell;
+ }
+
user_shell = ldb_msg_find_attr_as_string(msg, SYSDB_SHELL, NULL);
if (!user_shell) {
/* Check whether there is a default shell specified */
@@ -303,7 +313,7 @@ static int fill_pwent(struct sss_packet *packet,
} else {
to_sized_string(&homedir, tmpstr);
}
- tmpstr = get_shell_override(tmp_ctx, msg, nctx);
+ tmpstr = get_shell_override(tmp_ctx, msg, nctx, dom);
if (!tmpstr) {
to_sized_string(&shell, "");
} else {