URL: https://github.com/SSSD/sssd/pull/53 Author: fidencio Title: #53: Fixes in the config API related to secrets responder Action: opened
PR body: """ Those fixes were suggested by Lukaš in the following thread: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org/message/ZMJSE5ZSICLPNN5M6OOWNRWMG7LBQQIH/ Changes: 28fa419 (Fabiano Fidêncio, 11 minutes ago) SECRETS: Add allowed_sec_users_options There are options (the proxying related ones) that only apply to the secrets' subsections. In order to make config API able to catch those, let's create a new section called allowed_sec_users_options) and move there these proxying options. Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> 2aed214 (Fabiano Fidêncio, 2 hours ago) SECRETS: Fix secrets rule in the allowed sections We have been matching an invalid subsection of the secrets' section, like: [secrets/users] Let's ensure that we only match the following cases: [secrets] [secrets/users/[0-9]+?] Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/53/head:pr53 git checkout pr53
From 2aed214ba17ab7cf3a1393383d1c0b30489eb67e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Mon, 17 Oct 2016 17:07:56 +0200 Subject: [PATCH 1/2] SECRETS: Fix secrets rule in the allowed sections MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We have been matching an invalid subsection of the secrets' section, like: [secrets/users] Let's ensure that we only match the following cases: [secrets] [secrets/users/[0-9]+?] Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/config/cfg_rules.ini | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index b6316be..5a4394d 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -8,7 +8,7 @@ section = autofs section = ssh section = pac section = ifp -section_re = ^secrets\(/users/\([0-9]\+\)\?\)\?$ +section_re = ^secrets\(/users/[0-9]\+\?\)\?$ section_re = ^domain/.*$ [rule/allowed_sssd_options] @@ -212,7 +212,7 @@ option = user_attributes [rule/allowed_sec_options] validator = ini_allowed_options -section_re = ^secrets\(/users/\([0-9]\+\)\?\)\?$ +section_re = ^secrets\(/users/[0-9]\+\?\)\?$ option = timeout option = debug From 28fa41957d1382216f319620f4a5615a0082c0c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Mon, 17 Oct 2016 18:58:50 +0200 Subject: [PATCH 2/2] SECRETS: Add allowed_sec_users_options MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There are options (the proxying related ones) that only apply to the secrets' subsections. In order to make config API able to catch those, let's create a new section called allowed_sec_users_options) and move there these proxying options. Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/config/cfg_rules.ini | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 5a4394d..49beae6 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -210,9 +210,10 @@ option = description option = allowed_uids option = user_attributes +# Secrets service [rule/allowed_sec_options] validator = ini_allowed_options -section_re = ^secrets\(/users/[0-9]\+\?\)\?$ +section_re = ^secrets$ option = timeout option = debug @@ -225,11 +226,14 @@ option = reconnection_retries option = fd_limit option = client_idle_timeout option = description - -# Secrets service option = provider option = containers_nest_level option = max_secrets + +[rule/allowed_sec_users_options] +validator = ini_allowed_options +section_re = ^secrets/users/[0-9]\+\?$ + # Secrets service - proxy option = proxy_url option = auth_type
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org