URL: https://github.com/SSSD/sssd/pull/226 Author: mzidek-rh Title: #226: Config check regex Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/226/head:pr226 git checkout pr226
From 74d1382e98852723e1611341020faef193aa85e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C5=BDidek?= <[email protected]> Date: Tue, 4 Apr 2017 18:01:02 +0200 Subject: [PATCH 1/4] VALIDATORS: Update domain section regex Update the domain section regex to catch special characters in domain name as a mistake. Resolves: https://pagure.io/SSSD/sssd/issue/3334 --- src/config/cfg_rules.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index e47ff33..13e4adc 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -11,7 +11,7 @@ section = ifp section = secrets section = kcm section_re = ^secrets/users/[0-9]\+$ -section_re = ^domain/.*$ +section_re = ^domain/[0-9A-Za-z.]\+$ section_re = ^application/.*$ [rule/allowed_sssd_options] From 0590988a1396b7291cfb45aa112c61d069c43a5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C5=BDidek?= <[email protected]> Date: Tue, 4 Apr 2017 19:01:57 +0200 Subject: [PATCH 2/4] VALIDATORS: Add subdomain section Add separate rule for subdomain sections. Resolves: https://pagure.io/SSSD/sssd/issue/3334 --- src/config/cfg_rules.ini | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 13e4adc..81b023a 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -12,6 +12,7 @@ section = secrets section = kcm section_re = ^secrets/users/[0-9]\+$ section_re = ^domain/[0-9A-Za-z.]\+$ +section_re = ^domain/[0-9A-Za-z.]\+/[0-9A-Za-z.]\+$ section_re = ^application/.*$ [rule/allowed_sssd_options] @@ -698,3 +699,17 @@ validator = ini_allowed_options section_re = ^application/.*$ option = inherit_from + +[rule/allowed_subdomain_options] +validator = ini_allowed_options +section_re = ^domain/[0-9A-Za-z.]\+/[0-9A-Za-z.]\+$ + +option = ldap_search_base +option = ldap_user_search_base +option = ldap_group_search_base +option = ldap_netgroup_search_base +option = ldap_service_search_base +option = ad_server +option = ad_backup_server +option = ad_site +option = use_fully_qualified_names From 1745646e8086a97d48626c929aae360bf2c2f732 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C5=BDidek?= <[email protected]> Date: Tue, 4 Apr 2017 19:07:12 +0200 Subject: [PATCH 3/4] VALIDATORS: Remove application section domain Application domains can use the same options as normal domains section with one more additional option. We could either duplicate all options from the domain section also in the application domain section + add the one additional aoption or add this one option to the domain section even though it is not meant to be used there to avoid duplication of all domain options in the rule for application section. It would be could to enhance the validators in libini to allow something like 'include' section in order to avoid this issue in the future. Resolves: https://pagure.io/SSSD/sssd/issue/3356 --- src/config/cfg_rules.ini | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 81b023a..3f04dc5 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -694,10 +694,7 @@ option = ldap_user_uid_number option = ldap_user_uuid option = ldap_use_tokengroups -[rule/allowed_application_options] -validator = ini_allowed_options -section_re = ^application/.*$ - +# For application domains option = inherit_from [rule/allowed_subdomain_options] From 5c25ce8b889cf2f0d134d3ebee343020d7daba70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C5=BDidek?= <[email protected]> Date: Tue, 4 Apr 2017 20:06:40 +0200 Subject: [PATCH 4/4] VALIDATORS: Escape spcial regex chars The rule allowed_domain_options did not work because of bad regex. Resolves: https://pagure.io/SSSD/sssd/issue/3356 --- src/config/cfg_rules.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 3f04dc5..8b3f34a 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -295,7 +295,7 @@ option = responder_idle_timeout [rule/allowed_domain_options] validator = ini_allowed_options -section_re = ^(domain|application)/.*$ +section_re = ^\(domain\|application\)/.*$ option = debug option = debug_level
_______________________________________________ sssd-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
