SECRETS: Add configurable payload size limit of a secret Resolves: https://fedorahosted.org/sssd/ticket/3169 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

SECRETS: Add a configurable limit of secrets that can be stored Related: https://fedorahosted.org/sssd/ticket/3169 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

SECRETS: Use HTTP error code 504 when a proxy server cannot be reached Previously, a generic 500 error code was returned. This patch adds a new error message on a failure to contact the proxy server and returns 504, "Gateway timeout" instead. Resolves: https://fedorahosted.org/sssd/ticket/3212 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

SECRETS: Add DEBUG messages to the sssd-secrets provider Previously, it was not possible to follow the flow of the secrets responder or find out what went wrong on error. This patch adds DEBUG messages so that most failure cases have their own message. At the same time, running sssd-secrets with debug_level <= 3 does not emit any messages at all. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

SECRETS: Add a configurable depth limit for nested containers Resolves: https://fedorahosted.org/sssd/ticket/3168 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

SECRETS: Make internal function static Reviewed-by: Pavel Březina <pbrezina@redhat.com>

Secrets: Fix format string body->length has type size_t and not long unsigned. size_t does not have the same size on 64 bit and 32 bit platform src/responder/secrets/providers.c: In function 'sec_http_reply_with_body': src/responder/secrets/providers.c:204:25: error: format '%lu' expects argument of type 'long unsigned int', but argument 6 has type 'size_t {aka unsigned int}' [-Werror=format=] "HTTP/1.1 %d %s\r\n" "Content-Type: %s\r\n" "Content-Length: %lu\r\n" ^ Reviewed-by: Sumit Bose <sbose@redhat.com>

Local secrets provider Content-Type handling Properly handle and enforce ithe presence of the content-type header in the local and proxy providers to conform to the Custoida protocol. Avoids different behavior between the local provider and a remote server that may cause developers to have an application working against the local storage and then fail when the administrator configures a remote storage. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Secrets: Add Proxy backend Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Add initial providers infrastructure. Also adds support for the basic LOCAL provider that stores data on the local machine. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>