dovecot-2.1: auth: userdb passwd iteration now skips users with ...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-2.1/rev/85a8d582d37f
changeset: 14231:85a8d582d37f
user:      Timo Sirainen <tss at iki.fi>
date:      Sun Mar 04 11:17:45 2012 +0200
description:
auth: userdb passwd iteration now skips users with shell set to /bin/false or /sbin/nologin

diffstat:

 src/auth/userdb-passwd.c |  24 +++++++++++++++++++-----
 1 files changed, 19 insertions(+), 5 deletions(-)

diffs (41 lines):

diff -r fed306bef481 -r 85a8d582d37f src/auth/userdb-passwd.c
--- a/src/auth/userdb-passwd.c	Sun Mar 04 10:40:19 2012 +0200
+++ b/src/auth/userdb-passwd.c	Sun Mar 04 11:17:45 2012 +0200
@@ -137,6 +137,24 @@
 	return &ctx->ctx;
 }
 
+static bool
+passwd_iterate_want_pw(struct passwd *pw, const struct auth_settings *set)
+{
+	/* skip entries not in valid UID range.
+	   they're users for daemons and such. */
+	if (pw->pw_uid < (uid_t)set->first_valid_uid)
+		return FALSE;
+	if (pw->pw_uid > (uid_t)set->last_valid_uid && set->last_valid_uid != 0)
+		return FALSE;
+
+	/* skip entries that don't have a valid shell.
+	   they're again probably not real users. */
+	if (strcmp(pw->pw_shell, "/bin/false") == 0 ||
+	    strcmp(pw->pw_shell, "/sbin/nologin") == 0)
+		return FALSE;
+	return TRUE;
+}
+
 static void passwd_iterate_next(struct userdb_iterate_context *_ctx)
 {
 	struct passwd_userdb_iterate_context *ctx =
@@ -154,11 +172,7 @@
 
 	errno = 0;
 	while ((pw = getpwent()) != NULL) {
-		/* skip entries not in valid UID range.
-		   they're users for daemons and such. */
-		if (pw->pw_uid >= (uid_t)set->first_valid_uid &&
-		    (set->last_valid_uid == 0 ||
-		     pw->pw_uid <= (uid_t)set->last_valid_uid)) {
+		if (passwd_iterate_want_pw(pw, set)) {
 			_ctx->callback(pw->pw_name, _ctx->context);
 			return;
 		}