summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/confdb/confdb.h1
-rw-r--r--src/config/SSSDConfig.py1
-rw-r--r--src/config/etc/sssd.api.conf1
-rw-r--r--src/man/sssd.conf.5.xml15
-rw-r--r--src/responder/nss/nsssrv.c7
-rw-r--r--src/responder/nss/nsssrv.h1
-rw-r--r--src/responder/nss/nsssrv_cmd.c8
7 files changed, 33 insertions, 1 deletions
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index c816d533..2468f7e5 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -85,6 +85,7 @@
#define CONFDB_NSS_VETOED_SHELL "vetoed_shells"
#define CONFDB_NSS_ALLOWED_SHELL "allowed_shells"
#define CONFDB_NSS_SHELL_FALLBACK "shell_fallback"
+#define CONFDB_NSS_DEFAULT_SHELL "default_shell"
/* PAM */
#define CONFDB_PAM_CONF_ENTRY "config/pam"
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index 894837d4..a44e138f 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -67,6 +67,7 @@ option_strings = {
'allowed_shells' : _('The list of shells users are allowed to log in with'),
'vetoed_shells' : _('The list of shells that will be vetoed, and replaced with the fallback shell'),
'shell_fallback' : _('If a shell stored in central directory is allowed but not available, use this fallback'),
+ 'default_shell': _('Shell to use if the provider does not list one'),
# [pam]
'offline_credentials_expiration' : _('How long to allow cached logins between online logins (days)'),
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index ca946dab..a1caa7b5 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -36,6 +36,7 @@ fallback_homedir = str, None, false
allowed_shells = list, str, false
vetoed_shells = list, str, false
shell_fallback = str, None, false
+default_shell = str, None, false
get_domains_timeout = int, None, false
[pam]
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 24c6a74a..1332f289 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -517,6 +517,21 @@
</listitem>
</varlistentry>
<varlistentry>
+ <term>default_shell</term>
+ <listitem>
+ <para>
+ The default shell to use if the provider does not
+ return one during lookup. This option supercedes
+ any other shell options if it takes effect.
+ </para>
+ <para>
+ Default: not set (Return NULL if no shell is
+ specified and rely on libc to substitute something
+ sensible when necessary, usually /bin/sh)
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
<term>get_domains_timeout (int)</term>
<listitem>
<para>
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index c8ee444a..9cb4a569 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -192,6 +192,7 @@ static int nss_get_config(struct nss_ctx *nctx,
CONFDB_NSS_VETOED_SHELL,
&nctx->vetoed_shells);
if (ret != EOK && ret != ENOENT) goto done;
+
ret = nss_get_etc_shells(nctx, &nctx->etc_shells);
if (ret != EOK) goto done;
@@ -201,6 +202,12 @@ static int nss_get_config(struct nss_ctx *nctx,
&nctx->shell_fallback);
if (ret != EOK) goto done;
+ ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
+ CONFDB_NSS_DEFAULT_SHELL,
+ NULL,
+ &nctx->default_shell);
+ if (ret != EOK) goto done;
+
ret = 0;
done:
return ret;
diff --git a/src/responder/nss/nsssrv.h b/src/responder/nss/nsssrv.h
index 5b5ae50b..58cd3da0 100644
--- a/src/responder/nss/nsssrv.h
+++ b/src/responder/nss/nsssrv.h
@@ -66,6 +66,7 @@ struct nss_ctx {
char **vetoed_shells;
char **etc_shells;
char *shell_fallback;
+ char *default_shell;
struct sss_mc_ctx *pwd_mc_ctx;
struct sss_mc_ctx *grp_mc_ctx;
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index d448fa85..263499bf 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -161,7 +161,13 @@ static const char *get_shell_override(TALLOC_CTX *mem_ctx,
int i;
user_shell = ldb_msg_find_attr_as_string(msg, SYSDB_SHELL, NULL);
- if (!user_shell) return NULL;
+ if (!user_shell) {
+ /* Check whether there is a default shell specified */
+ if (nctx->default_shell) {
+ return talloc_strdup(mem_ctx, nctx->default_shell);
+ }
+ return NULL;
+ }
if (!nctx->allowed_shells && !nctx->vetoed_shells) return talloc_strdup(mem_ctx, user_shell);
if (nctx->vetoed_shells) {