# This script should be placed in the ldm rc.d/ directory, say:
#   /opt/ltsp/i386/usr/lib/ldm/rc.d/S20-restrictUser

# get lts.conf vars (not needed - should already be sourced)
#. /usr/lib/ltsp/ltsp_config

if [ -n "${LDM_USER_ALLOW}" ]; then
  # Username entered in greeter (not needed in newer versions of LDM)
  [ -z "${LDM_USERNAME}" ] && LDM_USERNAME=$(ssh -X -S ${LDM_SOCKET} ${LDM_SERVER} 'echo $USER')

  # Look for matching user in allowed users
  MATCH=
  IFS=,
  for i in ${LDM_USER_ALLOW}; do
    [ "${i}" = "${LDM_USERNAME}" ] && MATCH=1 
  done
  IFS=

  if [ -z "${MATCH}" ]; then
     # Try to prompt user
     if [ -x "/usr/bin/zenity" ]; then
       /usr/bin/zenity --error --text="User ${LDM_USERNAME} is not allowed to log into this workstation." --title="Access Denied"
     else
       xmessage -center "User ${LDM_USERNAME} is not allowed to log into this workstation." -title "Access Denied"
     fi
     /bin/kill -9 ${PPID}
  fi
fi
