URL: https://github.com/SSSD/sssd/pull/5476 Author: abbra Title: #5476: sudo runas: do not add '%' to external groups in IPA Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5476/head:pr5476 git checkout pr5476
From 3b9ad323d25cf8a20f1beafbe33a4bb37c307ff3 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy <aboko...@redhat.com> Date: Mon, 25 Jan 2021 15:14:05 +0200 Subject: [PATCH] sudo runas: do not add '%' to external groups in IPA When IPA allows to add AD users and groups directly to sudo rules (FreeIPA 4.9.1 or later), external groups will already have '%' prefix. Thus, we don't need to add additional '%'. Fixes: https://github.com/SSSD/sssd/issues/5475 Signed-off-by: Alexander Bokovoy <aboko...@redhat.com> --- src/providers/ipa/ipa_sudo_conversion.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/providers/ipa/ipa_sudo_conversion.c b/src/providers/ipa/ipa_sudo_conversion.c index cfb41d8b02..1bfee096d0 100644 --- a/src/providers/ipa/ipa_sudo_conversion.c +++ b/src/providers/ipa/ipa_sudo_conversion.c @@ -939,6 +939,12 @@ convert_runasextusergroup(TALLOC_CTX *mem_ctx, const char *value, bool *skip_entry) { + if (value == NULL) + return NULL; + + if (value[0] == '%') + return talloc_strdup(mem_ctx, value); + return talloc_asprintf(mem_ctx, "%%%s", value); }
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
