SECRETS: Add a configurable limit of secrets that can be stored

Related:
https://fedorahosted.org/sssd/ticket/3169

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

5 files changed, 65 insertions, 0 deletions

diff --git a/src/responder/secrets/local.c b/src/responder/secrets/local.c
index 295001c16..f6c936f81 100644
--- a/src/responder/secrets/local.c
+++ b/src/responder/secrets/local.c
@@ -30,6 +30,7 @@ struct local_context {
     struct ldb_context *ldb;
     struct sec_data master_key;
     int containers_nest_level;
+    int max_secrets;
 };
 
 static int local_decrypt(struct local_context *lctx, TALLOC_CTX *mem_ctx,
@@ -413,6 +414,42 @@ static int local_db_check_containers_nest_level(struct local_context *lctx,
     return EOK;
 }
 
+static int local_db_check_number_of_secrets(TALLOC_CTX *mem_ctx,
+                                            struct local_context *lctx)
+{
+    TALLOC_CTX *tmp_ctx;
+    static const char *attrs[] = { NULL };
+    struct ldb_result *res = NULL;
+    struct ldb_dn *dn;
+    int ret;
+
+    tmp_ctx = talloc_new(mem_ctx);
+    if (!tmp_ctx) return ENOMEM;
+
+    dn = ldb_dn_new(tmp_ctx, lctx->ldb, "cn=secrets");
+    if (!dn) {
+        ret = ENOMEM;
+        goto done;
+    }
+
+    ret = ldb_search(lctx->ldb, tmp_ctx, &res, dn, LDB_SCOPE_SUBTREE,
+                     attrs, LOCAL_SIMPLE_FILTER);
+    if (res->count >= lctx->max_secrets) {
+        DEBUG(SSSDBG_OP_FAILURE,
+              "Cannot store any more secrets as the maximum allowed limit (%d) "
+              "has been reached\n", lctx->max_secrets);
+
+        ret = ERR_SEC_INVALID_TOO_MANY_SECRETS;
+        goto done;
+    }
+
+    ret = EOK;
+
+done:
+    talloc_free(tmp_ctx);
+    return ret;
+}
+
 static int local_db_put_simple(TALLOC_CTX *mem_ctx,
                                struct local_context *lctx,
                                const char *req_path,
@@ -447,6 +484,14 @@ static int local_db_put_simple(TALLOC_CTX *mem_ctx,
         goto done;
     }
 
+    ret = local_db_check_number_of_secrets(msg, lctx);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_OP_FAILURE,
+              "local_db_check_number_of_secrets failed [%d]: %s\n",
+              ret, sss_strerror(ret));
+        goto done;
+    }
+
     ret = local_encrypt(lctx, msg, secret, enctype, &enc_secret);
     if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE,
@@ -927,6 +972,7 @@ int local_secrets_provider_handle(struct sec_ctx *sctx,
     }
 
     lctx->containers_nest_level = sctx->containers_nest_level;
+    lctx->max_secrets = sctx->max_secrets;
 
     lctx->master_key.data = talloc_size(lctx, MKEY_SIZE);
     if (!lctx->master_key.data) return ENOMEM;
diff --git a/src/responder/secrets/providers.c b/src/responder/secrets/providers.c
index 8cbc6152b..5f4b0fcc8 100644
--- a/src/responder/secrets/providers.c
+++ b/src/responder/secrets/providers.c
@@ -182,6 +182,8 @@ static struct sec_http_status_format_table {
       "The server encountered an internal error." },
     { 504, "Gateway timeout",
       "No response from a proxy server." },
+    { 507, "Insufficient Storage",
+      "The server is unable to store the resource needed to complete the request." },
 };
 
 int sec_http_status_reply(TALLOC_CTX *mem_ctx, struct sec_data *reply,
@@ -352,6 +354,8 @@ enum sec_http_status_codes sec_errno_to_http_status(errno_t err)
         return STATUS_409;
     case ERR_SEC_NO_PROXY:
         return STATUS_504;
+    case ERR_SEC_INVALID_TOO_MANY_SECRETS:
+        return STATUS_507;
     default:
         return STATUS_500;
     }
diff --git a/src/responder/secrets/secsrv.c b/src/responder/secrets/secsrv.c
index 4bbc1dc90..4c0824bb5 100644
--- a/src/responder/secrets/secsrv.c
+++ b/src/responder/secrets/secsrv.c
@@ -30,6 +30,7 @@
 
 #define DEFAULT_SEC_FD_LIMIT 2048
 #define DEFAULT_SEC_CONTAINERS_NEST_LEVEL 4
+#define DEFAULT_SEC_MAX_SECRETS 1024
 
 static int sec_get_config(struct sec_ctx *sctx)
 {
@@ -58,6 +59,18 @@ static int sec_get_config(struct sec_ctx *sctx)
         goto fail;
     }
 
+    ret = confdb_get_int(sctx->rctx->cdb,
+                         sctx->rctx->confdb_service_path,
+                         CONFDB_SEC_MAX_SECRETS,
+                         DEFAULT_SEC_MAX_SECRETS,
+                         &sctx->max_secrets);
+
+    if (ret != EOK) {
+        DEBUG(SSSDBG_FATAL_FAILURE,
+              "Failed to get maximum number of entries\n");
+        goto fail;
+    }
+
     ret = confdb_get_int(sctx->rctx->cdb, sctx->rctx->confdb_service_path,
                          CONFDB_RESPONDER_CLI_IDLE_TIMEOUT,
                          CONFDB_RESPONDER_CLI_IDLE_DEFAULT_TIMEOUT,
diff --git a/src/responder/secrets/secsrv.h b/src/responder/secrets/secsrv.h
index 8ef89ab2e..972d34265 100644
--- a/src/responder/secrets/secsrv.h
+++ b/src/responder/secrets/secsrv.h
@@ -39,6 +39,7 @@ struct sec_ctx {
     struct resp_ctx *rctx;
     int fd_limit;
     int containers_nest_level;
+    int max_secrets;
 
     struct provider_handle **providers;
 };
diff --git a/src/responder/secrets/secsrv_private.h b/src/responder/secrets/secsrv_private.h
index ef7e299d5..4129fe60b 100644
--- a/src/responder/secrets/secsrv_private.h
+++ b/src/responder/secrets/secsrv_private.h
@@ -48,6 +48,7 @@ enum sec_http_status_codes {
     STATUS_409,
     STATUS_500,
     STATUS_504,
+    STATUS_507,
 };
 
 struct sec_proto_ctx {