dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Source Code
GIT

Blame SOURCES/0020-NSS-Possibility-to-use-any-shells-in-allowed_shells.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   6070bf104c72c97f6da7578de30b099b6d3e9153
  2.   SOURCES
  3.   0020-NSS-Possibility-to-use-any-shells-in-allowed_shells.patch
Blob History Raw
905b4d 
From 96f96e74926f48ae5a023af9bed36ba813a7d024 Mon Sep 17 00:00:00 2001
905b4d 
From: Denis Kutin <dekutin@ya.ru>
905b4d 
Date: Sat, 16 Nov 2013 16:48:21 +0400
905b4d 
Subject: [PATCH 20/22] NSS: Possibility to use any shells in 'allowed_shells'
905b4d
905b4d 
Resolves:
905b4d 
https://fedorahosted.org/sssd/ticket/2219
905b4d
905b4d 
Signed-off-by: Pavel Reichl <preichl@redhat.com>
905b4d
905b4d 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
905b4d 
Reviewed-by: Pavel Reichl <preichl@redhat.com>
905b4d 
---
905b4d 
 src/man/sssd.conf.5.xml        | 10 ++++++++++
905b4d 
 src/responder/nss/nsssrv_cmd.c | 19 +++++++++++++------
905b4d 
 2 files changed, 23 insertions(+), 6 deletions(-)
905b4d
905b4d 
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
905b4d 
index d5734166144a7c3ce7e62914558f8e69121bf774..77690432b841221328d65403830cf4a1ac12dba0 100644
905b4d 
--- a/src/man/sssd.conf.5.xml
905b4d 
+++ b/src/man/sssd.conf.5.xml
905b4d 
@@ -617,6 +617,16 @@ fallback_homedir = /home/%u
905b4d 
                             is used.
905b4d 
                         </para>
905b4d 
                         <para>
905b4d 
+                            The wildcard (*) can be used to allow any shell.
905b4d 
+                        </para>
905b4d 
+                        <para>
905b4d 
+                            The (*) is useful if you want to use
905b4d 
+                            shell_fallback in case that user's shell is not
905b4d 
+                            in <quote>/etc/shells</quote> and maintaining list
905b4d 
+                            of all allowed shells in allowed_shells would be
905b4d 
+                            to much overhead.
905b4d 
+                        </para>
905b4d 
+                        <para>
905b4d 
                             An empty string for shell is passed as-is to libc.
905b4d 
                         </para>
905b4d 
                         <para>
905b4d 
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
905b4d 
index 616f83dda58b11bb7b715e1eb6a2c43e91d2d9da..4ec99c153b25db26d482eec8da6ca52487967abc 100644
905b4d 
--- a/src/responder/nss/nsssrv_cmd.c
905b4d 
+++ b/src/responder/nss/nsssrv_cmd.c
905b4d 
@@ -284,12 +284,19 @@ static const char *get_shell_override(TALLOC_CTX *mem_ctx,
905b4d 
     }
905b4d
905b4d 
     if (nctx->allowed_shells) {
905b4d 
-        for (i=0; nctx->allowed_shells[i]; i++) {
905b4d 
-            if (strcmp(nctx->allowed_shells[i], user_shell) == 0) {
905b4d 
-                DEBUG(SSSDBG_FUNC_DATA,
905b4d 
-                      "The shell '%s' is allowed but does not exist. "
905b4d 
-                        "Using fallback\n", user_shell);
905b4d 
-                return talloc_strdup(mem_ctx, nctx->shell_fallback);
905b4d 
+        if (strcmp(nctx->allowed_shells[0], "*") == 0) {
905b4d 
+            DEBUG(SSSDBG_FUNC_DATA,
905b4d 
+                  "The shell '%s' is allowed but does not exist. "
905b4d 
+                  "Using fallback\n", user_shell);
905b4d 
+            return talloc_strdup(mem_ctx, nctx->shell_fallback);
905b4d 
+        } else {
905b4d 
+            for (i=0; nctx->allowed_shells[i]; i++) {
905b4d 
+                if (strcmp(nctx->allowed_shells[i], user_shell) == 0) {
905b4d 
+                    DEBUG(SSSDBG_FUNC_DATA,
905b4d 
+                          "The shell '%s' is allowed but does not exist. "
905b4d 
+                          "Using fallback\n", user_shell);
905b4d 
+                    return talloc_strdup(mem_ctx, nctx->shell_fallback);
905b4d 
+                }
905b4d 
             }
905b4d 
         }
905b4d 
     }
905b4d 
--
905b4d 
1.9.3
905b4d

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation