Mercurial > dovecot > core-2.2
changeset 14267:85a8d582d37f
auth: userdb passwd iteration now skips users with shell set to /bin/false or /sbin/nologin
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Sun, 04 Mar 2012 11:17:45 +0200 |
parents | fed306bef481 |
children | a422bd8ed511 |
files | src/auth/userdb-passwd.c |
diffstat | 1 files changed, 19 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/userdb-passwd.c Sun Mar 04 10:40:19 2012 +0200 +++ b/src/auth/userdb-passwd.c Sun Mar 04 11:17:45 2012 +0200 @@ -137,6 +137,24 @@ return &ctx->ctx; } +static bool +passwd_iterate_want_pw(struct passwd *pw, const struct auth_settings *set) +{ + /* skip entries not in valid UID range. + they're users for daemons and such. */ + if (pw->pw_uid < (uid_t)set->first_valid_uid) + return FALSE; + if (pw->pw_uid > (uid_t)set->last_valid_uid && set->last_valid_uid != 0) + return FALSE; + + /* skip entries that don't have a valid shell. + they're again probably not real users. */ + if (strcmp(pw->pw_shell, "/bin/false") == 0 || + strcmp(pw->pw_shell, "/sbin/nologin") == 0) + return FALSE; + return TRUE; +} + static void passwd_iterate_next(struct userdb_iterate_context *_ctx) { struct passwd_userdb_iterate_context *ctx = @@ -154,11 +172,7 @@ errno = 0; while ((pw = getpwent()) != NULL) { - /* skip entries not in valid UID range. - they're users for daemons and such. */ - if (pw->pw_uid >= (uid_t)set->first_valid_uid && - (set->last_valid_uid == 0 || - pw->pw_uid <= (uid_t)set->last_valid_uid)) { + if (passwd_iterate_want_pw(pw, set)) { _ctx->callback(pw->pw_name, _ctx->context); return; }