diff options
| author | Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> | 2016-12-20 10:16:47 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-07-27 10:32:21 +0200 |
| commit | 555f43b491f40e0237b8677565a748b929092bee (patch) | |
| tree | 35205299655b680bcdd25b60991e955935ff0f66 | |
| parent | 9759333b3dd404c6787ef0186984c5d4256eb5bb (diff) | |
| download | sssd-555f43b491f40e0237b8677565a748b929092bee.tar.gz sssd-555f43b491f40e0237b8677565a748b929092bee.tar.xz sssd-555f43b491f40e0237b8677565a748b929092bee.zip | |
CONFIG: Add session_recording section
Add information on "session_recording" config section, having three
options: "scope", "users", and "groups".
The section is intended for disabling session recording ("scope = none",
default), enabling session recording for all users ("scope = all"), and
enabling it for some specific users and/or groups ("scope = some",
"users = <users>", "groups = <groups>").
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
| -rw-r--r-- | src/confdb/confdb.h | 6 | ||||
| -rwxr-xr-x | src/config/SSSDConfigTest.py | 6 | ||||
| -rw-r--r-- | src/config/cfg_rules.ini | 10 | ||||
| -rw-r--r-- | src/config/etc/sssd.api.conf | 6 |
4 files changed, 26 insertions, 2 deletions
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 2ba1bc47e..377335837 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -162,6 +162,12 @@ #define CONFDB_IFP_USER_ATTR_LIST "user_attributes" #define CONFDB_IFP_WILDCARD_LIMIT "wildcard_limit" +/* Session Recording */ +#define CONFDB_SESSION_RECORDING_CONF_ENTRY "config/session_recording" +#define CONFDB_SESSION_RECORDING_SCOPE "scope" +#define CONFDB_SESSION_RECORDING_USERS "users" +#define CONFDB_SESSION_RECORDING_GROUPS "groups" + /* Domains */ #define CONFDB_DOMAIN_PATH_TMPL "config/domain/%s" #define CONFDB_DOMAIN_BASEDN "cn=domain,cn=config" diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index 4f87c5257..5f3ff3958 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -1417,7 +1417,8 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase): 'ssh', 'pac', 'ifp', - 'secrets'] + 'secrets', + 'session_recording'] for section in control_list: self.assertTrue(sssdconfig.has_section(section), "Section [%s] missing" % @@ -1511,7 +1512,8 @@ class SSSDConfigTestSSSDConfig(unittest.TestCase): 'ssh', 'pac', 'ifp', - 'secrets'] + 'secrets', + 'session_recording'] service_list = sssdconfig.list_services() for service in control_list: self.assertTrue(service in service_list, diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 464346771..4537d0fe8 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -10,6 +10,7 @@ section = pac section = ifp section = secrets section = kcm +section = session_recording section_re = ^secrets/users/[0-9]\+$ section_re = ^domain/[^/\@]\+$ section_re = ^domain/[^/\@]\+/[^/\@]\+$ @@ -294,6 +295,15 @@ option = socket_path option = ccache_storage option = responder_idle_timeout +# Session recording +[rule/allowed_session_recording_options] +validator = ini_allowed_options +section_re = ^session_recording$ + +option = scope +option = users +option = groups + [rule/allowed_domain_options] validator = ini_allowed_options section_re = ^\(domain\|application\)/[^/]\+$ diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index 48d3b53f6..ef910f0df 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -121,6 +121,12 @@ cacert = str, None, false cert = str, None, false key = str, None, false +[session_recording] +# Session recording service +scope = str, None, false +users = list, str, false +groups = list, str, false + [provider] #Available provider types id_provider = str, None, true |