From 4526858adb58736066a0b2cf2dc793ddfe671b2b Mon Sep 17 00:00:00 2001
From: ikerexxe <ipedrosa@redhat.com>
Date: Tue, 4 Aug 2020 15:39:51 +0200
Subject: [PATCH] config: allow prompting options in configuration
False warnings were logged after enabling prompting options in
configuration file. This change modifies the configuration rules to
allow prompting options.
Resolves:
https://github.com/SSSD/sssd/issues/5259
Reviewed-by: Sumit Bose <sbose@redhat.com>
---
src/config/cfg_rules.ini | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index 2874ea048..2d4e7b51d 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -14,6 +14,10 @@ section = session_recording
section_re = ^secrets/users/[0-9]\+$
section_re = ^secrets/secrets$
section_re = ^secrets/kcm$
+section_re = ^prompting/password$
+section_re = ^prompting/password/[^/\@]\+$
+section_re = ^prompting/2fa$
+section_re = ^prompting/2fa/[^/\@]\+$
section_re = ^domain/[^/\@]\+$
section_re = ^domain/[^/\@]\+/[^/\@]\+$
section_re = ^application/[^/\@]\+$
@@ -332,6 +336,36 @@ option = scope
option = users
option = groups
+# Prompting during authentication
+[rule/allowed_prompting_password_options]
+validator = ini_allowed_options
+section_re = ^prompting/password$
+
+option = password_prompt
+
+[rule/allowed_prompting_2fa_options]
+validator = ini_allowed_options
+section_re = ^prompting/2fa$
+
+option = single_prompt
+option = first_prompt
+option = second_prompt
+
+[rule/allowed_prompting_password_subsec_options]
+validator = ini_allowed_options
+section_re = ^prompting/password/[^/\@]\+$
+
+option = password_prompt
+
+[rule/allowed_prompting_2fa_subsec_options]
+validator = ini_allowed_options
+section_re = ^prompting/2fa/[^/\@]\+$
+
+option = single_prompt
+option = first_prompt
+option = second_prompt
+
+
[rule/allowed_domain_options]
validator = ini_allowed_options
section_re = ^\(domain\|application\)/[^/]\+$
--
2.21.3