Fix minor spelling mistakes in responder/* Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

secrets: always add Content-Length header If custodia server does not reply with Content-Length header, curl may wait for non-existing body of http reply if such body does not exist (for example during POST operation when creating a container). Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

secrets: use tcurl in proxy provider We switch from http-parser to libcurl for an http client. This gaves us many features for free such as tls and http basic authentication support instead of implementing it on our own. Resolves: https://pagure.io/SSSD/sssd/issue/3192 Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

SECRETS: Store ccaches in secrets for the KCM responder Adds a new "hive" to the secrets responder whose base path is /kcm. Only root can contact the /kcm hive, because the KCM responder only runs as root and it must impersonate other users and store ccaches on their behalf. Reviewed-by: Michal Židek <mzidek@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

SECRETS: Add configurable payload size limit of a secret Resolves: https://fedorahosted.org/sssd/ticket/3169 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

SECRETS: Add a configurable limit of secrets that can be stored Related: https://fedorahosted.org/sssd/ticket/3169 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

SECRETS: Use HTTP error code 504 when a proxy server cannot be reached Previously, a generic 500 error code was returned. This patch adds a new error message on a failure to contact the proxy server and returns 504, "Gateway timeout" instead. Resolves: https://fedorahosted.org/sssd/ticket/3212 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

SECRETS: Add DEBUG messages to the sssd-secrets provider Previously, it was not possible to follow the flow of the secrets responder or find out what went wrong on error. This patch adds DEBUG messages so that most failure cases have their own message. At the same time, running sssd-secrets with debug_level <= 3 does not emit any messages at all. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

SECRETS: Add a configurable depth limit for nested containers Resolves: https://fedorahosted.org/sssd/ticket/3168 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

SECRETS: Make internal function static Reviewed-by: Pavel Březina <pbrezina@redhat.com>

Secrets: Fix format string body->length has type size_t and not long unsigned. size_t does not have the same size on 64 bit and 32 bit platform src/responder/secrets/providers.c: In function 'sec_http_reply_with_body': src/responder/secrets/providers.c:204:25: error: format '%lu' expects argument of type 'long unsigned int', but argument 6 has type 'size_t {aka unsigned int}' [-Werror=format=] "HTTP/1.1 %d %s\r\n" "Content-Type: %s\r\n" "Content-Length: %lu\r\n" ^ Reviewed-by: Sumit Bose <sbose@redhat.com>

Local secrets provider Content-Type handling Properly handle and enforce ithe presence of the content-type header in the local and proxy providers to conform to the Custoida protocol. Avoids different behavior between the local provider and a remote server that may cause developers to have an application working against the local storage and then fail when the administrator configures a remote storage. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Secrets: Add Proxy backend Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Add initial providers infrastructure. Also adds support for the basic LOCAL provider that stores data on the local machine. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>