Mercurial > dovecot > core-2.2

changeset 14267:85a8d582d37f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
auth: userdb passwd iteration now skips users with shell set to /bin/false or /sbin/nologin
author Timo Sirainen <tss@iki.fi>
date Sun, 04 Mar 2012 11:17:45 +0200
parents fed306bef481
children a422bd8ed511
files src/auth/userdb-passwd.c
diffstat 1 files changed, 19 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/src/auth/userdb-passwd.c	Sun Mar 04 10:40:19 2012 +0200
+++ b/src/auth/userdb-passwd.c	Sun Mar 04 11:17:45 2012 +0200
@@ -137,6 +137,24 @@
 	return &ctx->ctx;
 }
 
+static bool
+passwd_iterate_want_pw(struct passwd *pw, const struct auth_settings *set)
+{
+	/* skip entries not in valid UID range.
+	   they're users for daemons and such. */
+	if (pw->pw_uid < (uid_t)set->first_valid_uid)
+		return FALSE;
+	if (pw->pw_uid > (uid_t)set->last_valid_uid && set->last_valid_uid != 0)
+		return FALSE;
+
+	/* skip entries that don't have a valid shell.
+	   they're again probably not real users. */
+	if (strcmp(pw->pw_shell, "/bin/false") == 0 ||
+	    strcmp(pw->pw_shell, "/sbin/nologin") == 0)
+		return FALSE;
+	return TRUE;
+}
+
 static void passwd_iterate_next(struct userdb_iterate_context *_ctx)
 {
 	struct passwd_userdb_iterate_context *ctx =
@@ -154,11 +172,7 @@
 
 	errno = 0;
 	while ((pw = getpwent()) != NULL) {
-		/* skip entries not in valid UID range.
-		   they're users for daemons and such. */
-		if (pw->pw_uid >= (uid_t)set->first_valid_uid &&
-		    (set->last_valid_uid == 0 ||
-		     pw->pw_uid <= (uid_t)set->last_valid_uid)) {
+		if (passwd_iterate_want_pw(pw, set)) {
 			_ctx->callback(pw->pw_name, _ctx->context);
 			return;
 		}