From cd48ef5071741443e3b84e100a4d4d28e3578e4f Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Mon, 25 Jan 2021 15:14:05 +0200 Subject: [PATCH] sudo runas: do not add '%' to external groups in IPA MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When IPA allows to add AD users and groups directly to sudo rules (FreeIPA 4.9.1 or later), external groups will already have '%' prefix. Thus, we don't need to add additional '%'. Resolves: https://github.com/SSSD/sssd/issues/5475 Signed-off-by: Alexander Bokovoy Reviewed-by: Pavel Březina --- src/providers/ipa/ipa_sudo_conversion.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/providers/ipa/ipa_sudo_conversion.c b/src/providers/ipa/ipa_sudo_conversion.c index cfb41d8b0..1bfee096d 100644 --- a/src/providers/ipa/ipa_sudo_conversion.c +++ b/src/providers/ipa/ipa_sudo_conversion.c @@ -939,6 +939,12 @@ convert_runasextusergroup(TALLOC_CTX *mem_ctx, const char *value, bool *skip_entry) { + if (value == NULL) + return NULL; + + if (value[0] == '%') + return talloc_strdup(mem_ctx, value); + return talloc_asprintf(mem_ctx, "%%%s", value); } -- 2.21.3