SECRETS: Support 0 as unlimited for the quotas Add a special value for all the quota-like settings that means 'no limit'. Because the responder also had a global limit on the size of the accepted body (64kiB), this patch also removes the hardcoded limit and instead keep track of the biggest quota value on startup. Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

SECRETS: Add a new option to control per-UID limits Adds a new option max_uid_secrets that allows to set a limit of secrets for this particular client so that the user cannot starve other users. Resolves: https://pagure.io/SSSD/sssd/issue/3363 Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

SECRETS: Use separate quotas for /kcm and /secrets hives This would differentiate between out-of-capacity errors for secrets and for KCM as they are two independent trees as far as sssd-secrets is concerned. The quotas for /kcm are also different in their defaults. For the /secrets hive, we presume a large amount of small secrets. For the /kcm hive, we presume a small amount of large secrets, because the secret is a ccache which contains multiple credentials. The operations are also passed in a struct quota from the local request context instead of local_context. The quota is assigned to the request context when the hive is selected. Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

SECRETS: Store quotas in a per-hive configuration structure Adds two new structures to hold the quotas and associate a quota with a hive. This is just an internal change for now, but will allow us to read quota configuration from per-hive sections later. Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

SECRETS: Do not link with c-ares Since we started using libcurl for the proxy provider, there is no point in initializing or linking against c-ares. If we want to explicitly use a resolver in the future, we should use libcurl callbacks. Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

SECRETS: Remove unused declarations Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

SECRETS: Add configurable payload size limit of a secret Resolves: https://fedorahosted.org/sssd/ticket/3169 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

SECRETS: Add a configurable limit of secrets that can be stored Related: https://fedorahosted.org/sssd/ticket/3169 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

SECRETS: Add a configurable depth limit for nested containers Resolves: https://fedorahosted.org/sssd/ticket/3168 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Secrets: Add Proxy backend Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Secrets: Add initial responder code for secrets service Start implementing the Secrets Service Reponder core. This commit implements stratup and basic conenction handling and HTTP parsing (using the http-parser library). Signed-off-by: Simo Sorce <simo@redhat.com> Related: https://fedorahosted.org/sssd/ticket/2913 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>