On (30/09/16 16:55), fidencio wrote:
URL:
https://github.com/SSSD/sssd/pull/33
Author: fidencio
Title: #33: SECRETS: Some small misc fixes + fixing #3168
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd
https://github.com/SSSD/sssd
git fetch ghsssd pull/33/head:pr33
git checkout pr33
From 06a0a81193d6bbe3a0932c8b584433f3cc13fa51 Mon Sep 17 00:00:00
2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio(a)redhat.com>
Date: Sun, 25 Sep 2016 20:49:16 +0200
Subject: [PATCH 1/6] CONFIG: Add secrets responder to the allowed sections
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The regular expression used is quite specific for the two cases we
support:
- [secrets]
- [secrets/users/$uid]
It could be done a bit more generic, but the way it's right now it can
easily catch errors like: [secrets/usrs/$uid] or [secrets/].
Related:
https://fedorahosted.org/sssd/ticket/3207
Signed-off-by: Fabiano FidĂȘncio <fidencio(a)redhat.com>
---
src/config/cfg_rules.ini | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index 01be0c6..023ceac 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -8,6 +8,7 @@ section = autofs
section = ssh
section = pac
section = ifp
+section_re = ^secrets\(/users/\([0-9]\+\)\?\)\?$
section_re = ^domain/.*$
Is it expected that section the name "secrets/users/"
is allowed.
Which of following section should be allowed?
sh# cat /etc/sssd/conf.d/10_secrets.conf
[secrets
description = temp
[secrets/users]
description = temp
[secrets/users/]
description = temp
[secrets/users/$uid]
description = temp
[secrets/users/0]
description = temp
[secrets/users/1]
description = temp
[secrets/users/1000]
description = temp
LS