Fix minor spelling mistakes in responder/* Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

SECRETS: Support 0 as unlimited for the quotas Add a special value for all the quota-like settings that means 'no limit'. Because the responder also had a global limit on the size of the accepted body (64kiB), this patch also removes the hardcoded limit and instead keep track of the biggest quota value on startup. Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

SECRETS: Add a new option to control per-UID limits Adds a new option max_uid_secrets that allows to set a limit of secrets for this particular client so that the user cannot starve other users. Resolves: https://pagure.io/SSSD/sssd/issue/3363 Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

SECRETS: Use separate quotas for /kcm and /secrets hives This would differentiate between out-of-capacity errors for secrets and for KCM as they are two independent trees as far as sssd-secrets is concerned. The quotas for /kcm are also different in their defaults. For the /secrets hive, we presume a large amount of small secrets. For the /kcm hive, we presume a small amount of large secrets, because the secret is a ccache which contains multiple credentials. The operations are also passed in a struct quota from the local request context instead of local_context. The quota is assigned to the request context when the hive is selected. Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

SECRETS: Rename local_db_req.basedn to local_db_req.req_dn This will make it possible to reuse the basedn name later for the "hive" base DN in order to differentiate quotas for different hives. There is no functional change in this patch. Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

SECRETS: Store quotas in a per-hive configuration structure Adds two new structures to hold the quotas and associate a quota with a hive. This is just an internal change for now, but will allow us to read quota configuration from per-hive sections later. Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

UTIL: Remove fcntl.h from util/util.h fcntl.h is not used directly by util/util.h. The header file fcntl.h must be included in 49 files and after removing it from util.h it had to be added only to 7 missing file which were using either directly syscall fcntl or syscall open. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

SECRETS: Store ccaches in secrets for the KCM responder Adds a new "hive" to the secrets responder whose base path is /kcm. Only root can contact the /kcm hive, because the KCM responder only runs as root and it must impersonate other users and store ccaches on their behalf. Reviewed-by: Michal Židek <mzidek@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

SECRETS: Return a nicer error message on request with no PUT data I managed to create this pathological situation with the tcurl tool which didn't send any PUT data. The error in sssd-secrets was quite strange (ENOMEM). This patch just adds a safeguard sooner so that we return a graceful error. Reviewed-by: Michal Židek <mzidek@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

SECRETS: Create DB path before the operation itself This is a refactoring where instead of creating the ldb path in the operation itself, we create the ldb path when creating the local db request and pass the path to the operation. This would allow us to store different kind of objects in the secrets storage later. Reviewed-by: Michal Židek <mzidek@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

SECRETS: Add configurable payload size limit of a secret Resolves: https://fedorahosted.org/sssd/ticket/3169 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

SECRETS: Add a configurable limit of secrets that can be stored Related: https://fedorahosted.org/sssd/ticket/3169 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

SECRETS: Add DEBUG messages to the sssd-secrets provider Previously, it was not possible to follow the flow of the secrets responder or find out what went wrong on error. This patch adds DEBUG messages so that most failure cases have their own message. At the same time, running sssd-secrets with debug_level <= 3 does not emit any messages at all. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

SECRETS: Add a configurable depth limit for nested containers Resolves: https://fedorahosted.org/sssd/ticket/3168 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

SECRETS: Use a tmp_context on local_db_check_containers() Otherwise the struct ldb_dn will be hanging on the mem_ctx till it gets freed. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

SECRETS: Make functions from local.c static There's no reason for those functions to be exposed. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

SECRETS: Don't remove a container when it has children Let's return and log an error in case the container to be removed has children. The approach taken introduced at least one new search in every delete operation. As far as I understand searching in the BASE scope is quite cheap and that's the reason I decided to just do the search in the ONELEVEL scope when the requested to be deleted dn is for sure a container. Resolves: https://fedorahosted.org/sssd/ticket/3167 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

SECRETS: Search by the right type when checking containers We've been searching for the wrong type ("simple") in local_db_check_containers(), which always gives us a NULL result. Let's introduce the new LOCAL_CONTAINER_FILTER and do the search for the right type ("container") from now on. Resolves: https://fedorahosted.org/sssd/ticket/3137 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

SECRETS: Return ENOENT when_deleting a non-existent secret For this, just make use of the sysdb_error_to_errno() function. Resolves: https://fedorahosted.org/sssd/ticket/3125 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

SECRETS: Use sss_atomic_read/write for better readability sss_atomic_read_s and sss_atomic_write_s are macro-wrappers around sss_atomic_io_s but it's easier to follow the code with the read/write vairants used directly. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Fabiano Fidêncio <fabiano@fidencio.org>

Amend debug messages after failure of unlink Some messages did not have errno or name of problematic file. There was also improper use of negative value. The function strerror was called with -1 instead of errno Reviewed-by: Petr Čech <pcech@redhat.com>

SECRETS: Log message for failures with removing file Type: Unchecked return value Reported by coverity Reviewed-by: Petr Čech <pcech@redhat.com>

Secrets: Add local container entries support The protocol requires a user to creat a container efore trying to store an entry in it. Do the same in the local provider so that no surprises arise when admins route request to a remote storage server. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Local secrets provider Content-Type handling Properly handle and enforce ithe presence of the content-type header in the local and proxy providers to conform to the Custoida protocol. Avoids different behavior between the local provider and a remote server that may cause developers to have an application working against the local storage and then fail when the administrator configures a remote storage. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Secrets: Add Proxy backend Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Secrets: Add encryption at rest Generates a master key file if it doesn't exist and encrypts secrets using the master key contained in the file. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Add initial providers infrastructure. Also adds support for the basic LOCAL provider that stores data on the local machine. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>