URL: https://github.com/SSSD/sssd/pull/226 Author: mzidek-rh Title: #226: Config check regex Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/226/head:pr226 git checkout pr226
From 66db2e496ef61111740cc8748090e3f37f9e1ce1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C5=BDidek?= <[email protected]> Date: Tue, 4 Apr 2017 18:01:02 +0200 Subject: [PATCH 1/3] VALIDATORS: Add subdomain section Add separate rule for subdomain sections. Resolves: https://pagure.io/SSSD/sssd/issue/3356 --- src/config/cfg_rules.ini | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index e47ff33..4b30e8f 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -11,7 +11,8 @@ section = ifp section = secrets section = kcm section_re = ^secrets/users/[0-9]\+$ -section_re = ^domain/.*$ +section_re = ^domain/[^/\@]\+$ +section_re = ^domain/[^/\@]\+/[^/\@]\+$ section_re = ^application/.*$ [rule/allowed_sssd_options] @@ -698,3 +699,17 @@ validator = ini_allowed_options section_re = ^application/.*$ option = inherit_from + +[rule/allowed_subdomain_options] +validator = ini_allowed_options +section_re = ^domain/[^/\@]\+/[^/\@]\+$ + +option = ldap_search_base +option = ldap_user_search_base +option = ldap_group_search_base +option = ldap_netgroup_search_base +option = ldap_service_search_base +option = ad_server +option = ad_backup_server +option = ad_site +option = use_fully_qualified_names From 4cf233b3321cf764e70c3b686058ffcec6de9634 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C5=BDidek?= <[email protected]> Date: Tue, 4 Apr 2017 19:07:12 +0200 Subject: [PATCH 2/3] VALIDATORS: Remove application section domain Application domains can use the same options as normal domains section with one more additional option. We could either duplicate all options from the domain section also in the application domain section + add the one additional aoption or add this one option to the domain section even though it is not meant to be used there to avoid duplication of all domain options in the rule for application section. It would be could to enhance the validators in libini to allow something like 'include' section in order to avoid this issue in the future. Resolves: https://pagure.io/SSSD/sssd/issue/3356 --- src/config/cfg_rules.ini | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 4b30e8f..a30fe57 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -694,10 +694,7 @@ option = ldap_user_uid_number option = ldap_user_uuid option = ldap_use_tokengroups -[rule/allowed_application_options] -validator = ini_allowed_options -section_re = ^application/.*$ - +# For application domains option = inherit_from [rule/allowed_subdomain_options] From ee115dd979ad44dfe6557c4072ac648dfac98c48 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C5=BDidek?= <[email protected]> Date: Tue, 4 Apr 2017 20:06:40 +0200 Subject: [PATCH 3/3] VALIDATORS: Escape spcial regex chars The rule allowed_domain_options did not work because of bad regex. Resolves: https://pagure.io/SSSD/sssd/issue/3356 --- src/config/cfg_rules.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index a30fe57..628f2e0 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -295,7 +295,7 @@ option = responder_idle_timeout [rule/allowed_domain_options] validator = ini_allowed_options -section_re = ^(domain|application)/.*$ +section_re = ^\(domain\|application\)/.*$ option = debug option = debug_level
_______________________________________________ sssd-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
