From 4526858adb58736066a0b2cf2dc793ddfe671b2b Mon Sep 17 00:00:00 2001
From: ikerexxe <ipedrosa@redhat.com>
Date: Tue, 4 Aug 2020 15:39:51 +0200
Subject: [PATCH] config: allow prompting options in configuration

False warnings were logged after enabling prompting options in
configuration file. This change modifies the configuration rules to
allow prompting options.

Resolves:
https://github.com/SSSD/sssd/issues/5259

Reviewed-by: Sumit Bose <sbose@redhat.com>
---
 src/config/cfg_rules.ini | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index 2874ea048..2d4e7b51d 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -14,6 +14,10 @@ section = session_recording
 section_re = ^secrets/users/[0-9]\+$
 section_re = ^secrets/secrets$
 section_re = ^secrets/kcm$
+section_re = ^prompting/password$
+section_re = ^prompting/password/[^/\@]\+$
+section_re = ^prompting/2fa$
+section_re = ^prompting/2fa/[^/\@]\+$
 section_re = ^domain/[^/\@]\+$
 section_re = ^domain/[^/\@]\+/[^/\@]\+$
 section_re = ^application/[^/\@]\+$
@@ -332,6 +336,36 @@ option = scope
 option = users
 option = groups
 
+# Prompting during authentication
+[rule/allowed_prompting_password_options]
+validator = ini_allowed_options
+section_re = ^prompting/password$
+
+option = password_prompt
+
+[rule/allowed_prompting_2fa_options]
+validator = ini_allowed_options
+section_re = ^prompting/2fa$
+
+option = single_prompt
+option = first_prompt
+option = second_prompt
+
+[rule/allowed_prompting_password_subsec_options]
+validator = ini_allowed_options
+section_re = ^prompting/password/[^/\@]\+$
+
+option = password_prompt
+
+[rule/allowed_prompting_2fa_subsec_options]
+validator = ini_allowed_options
+section_re = ^prompting/2fa/[^/\@]\+$
+
+option = single_prompt
+option = first_prompt
+option = second_prompt
+
+
 [rule/allowed_domain_options]
 validator = ini_allowed_options
 section_re = ^\(domain\|application\)/[^/]\+$
-- 
2.21.3