Supporting vendor given -shells- configuration file

man/chsh.1.xml

@@ -115,7 +115,7 @@
 
   <refsect1 id='note'>
     <title>NOTE</title>
-    <para>
+    <para condition="without_vendordir">
       The only restriction placed on the login shell is that the command
       name must be listed in <filename>/etc/shells</filename>, unless the
       invoker is the superuser, and then any value may be added. An
@@ -125,6 +125,25 @@
       changing to a restricted shell would prevent the user from ever
       changing her login shell back to its original value.
     </para>
+    <para condition="with_vendordir">
+      The only restriction placed on the login shell is that the command
+      name must be listed in <filename>/etc/shells</filename>.
+      If this file does not exist, the definitions are taken from the files
+      <filename>%vendordir%/shells</filename>,
+      <filename>%vendordir%/shells.d/*</filename> and
+      <filename>/etc/shells.d/*</filename> in that order.
+      If <filename>/etc/shells.d/@filename@</filename> exists, then
+      <filename>%vendordir%/shells.d/@filename@</filename> will not be used.
+      If the invoker is the superuser any value may be added regardless what is
+      defined in the configuration files.
+      An account with a restricted login shell may not change her login shell.
+    </para>
+    <para>
+      For this reason, placing <filename>/bin/rsh</filename> in
+      <filename>/etc/shells</filename> is discouraged since accidentally
+      changing to a restricted shell would prevent the user from ever
+      changing her login shell back to its original value.
+    </para>
   </refsect1>
 
   <refsect1 id='configuration' condition="no_pam">
@@ -151,9 +170,31 @@
       </varlistentry>
       <varlistentry>
 	<term><filename>/etc/shells</filename></term>
-	<listitem>
+	<listitem condition="without_vendordir">
 	  <para>List of valid login shells.</para>
 	</listitem>
+	<listitem condition="with_vendordir">
+	  <para>User defined list of valid login shells.</para>
+	</listitem>
+      </varlistentry>
+      <varlistentry condition="with_vendordir">
+       <term><filename>%vendordir%/shells</filename></term>
+        <listitem>
+          <para>Default configuration file if
+	  <filename>/etc/shells</filename> does not exist.</para>
+        </listitem>
+      </varlistentry>
+      <varlistentry condition="with_vendordir">
+        <term><filename>%vendordir%/shells.d</filename></term>
+        <listitem>
+          <para>Directory for additional vendor specific configuration files.</para>
+        </listitem>
+      </varlistentry>
+      <varlistentry condition="with_vendordir">
+        <term><filename>/etc/shells.d</filename></term>
+        <listitem>
+          <para>Directory for additional user defined configuration files.</para>
+        </listitem>
       </varlistentry>
       <varlistentry>
 	<term><filename>/etc/login.defs</filename></term>

man/generate_mans.mak

@@ -1,3 +1,8 @@
+if HAVE_VENDORDIR
+VENDORDIR_COND=with_vendordir
+else
+VENDORDIR_COND=without_vendordir
+endif
 if USE_PAM
 PAM_COND=pam
 else
@@ -35,11 +40,12 @@ if ENABLE_REGENERATE_MAN
 	fi
 
 man1/% man3/% man5/% man8/%: %.xml-config Makefile config.xml
-	$(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(SUBIDS_COND)" \
+	$(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(SUBIDS_COND);$(VENDORDIR_COND)" \
 	            --param "man.authors.section.enabled" "0" \
 	            --stringparam "man.output.base.dir" "" \
+	            --stringparam vendordir "$(VENDORDIR)" \
 	            --param "man.output.in.separate.dir" "1" \
-	            -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl $<
+	            -nonet $(top_builddir)/man/shadow-man.xsl $<
 
 clean-local:
 	rm -rf man1 man3 man5 man8

man/shadow-man.xsl

@@ -0,0 +1,9 @@
+<?xml version='1.0'?>
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:ss="http://docbook.sf.net/xmlns/string.subst/1.0" version="1.0">
+  <xsl:import href="http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl"/>
+  <xsl:param name="vendordir"/>
+
+  <xsl:param name="man.string.subst.map.local.pre">
+    <ss:substitution oldstring="%vendordir%" newstring="{$vendordir}" />
+  </xsl:param>
+</xsl:stylesheet>