From 96f96e74926f48ae5a023af9bed36ba813a7d024 Mon Sep 17 00:00:00 2001 From: Denis Kutin Date: Sat, 16 Nov 2013 16:48:21 +0400 Subject: [PATCH 20/22] NSS: Possibility to use any shells in 'allowed_shells' Resolves: https://fedorahosted.org/sssd/ticket/2219 Signed-off-by: Pavel Reichl Reviewed-by: Jakub Hrozek Reviewed-by: Pavel Reichl --- src/man/sssd.conf.5.xml | 10 ++++++++++ src/responder/nss/nsssrv_cmd.c | 19 +++++++++++++------ 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index d5734166144a7c3ce7e62914558f8e69121bf774..77690432b841221328d65403830cf4a1ac12dba0 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -617,6 +617,16 @@ fallback_homedir = /home/%u is used. + The wildcard (*) can be used to allow any shell. + + + The (*) is useful if you want to use + shell_fallback in case that user's shell is not + in /etc/shells and maintaining list + of all allowed shells in allowed_shells would be + to much overhead. + + An empty string for shell is passed as-is to libc. diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index 616f83dda58b11bb7b715e1eb6a2c43e91d2d9da..4ec99c153b25db26d482eec8da6ca52487967abc 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -284,12 +284,19 @@ static const char *get_shell_override(TALLOC_CTX *mem_ctx, } if (nctx->allowed_shells) { - for (i=0; nctx->allowed_shells[i]; i++) { - if (strcmp(nctx->allowed_shells[i], user_shell) == 0) { - DEBUG(SSSDBG_FUNC_DATA, - "The shell '%s' is allowed but does not exist. " - "Using fallback\n", user_shell); - return talloc_strdup(mem_ctx, nctx->shell_fallback); + if (strcmp(nctx->allowed_shells[0], "*") == 0) { + DEBUG(SSSDBG_FUNC_DATA, + "The shell '%s' is allowed but does not exist. " + "Using fallback\n", user_shell); + return talloc_strdup(mem_ctx, nctx->shell_fallback); + } else { + for (i=0; nctx->allowed_shells[i]; i++) { + if (strcmp(nctx->allowed_shells[i], user_shell) == 0) { + DEBUG(SSSDBG_FUNC_DATA, + "The shell '%s' is allowed but does not exist. " + "Using fallback\n", user_shell); + return talloc_strdup(mem_ctx, nctx->shell_fallback); + } } } } -- 1.9.3