When adding gids to the LDAP filter, only add the primary gid once.

author Todd C. Miller <Todd.Miller@courtesan.com>

Fri, 24 Feb 2012 20:17:48 +0000 (15:17 -0500)

committer Todd C. Miller <Todd.Miller@courtesan.com>

Fri, 24 Feb 2012 20:17:48 +0000 (15:17 -0500)
author Todd C. Miller <Todd.Miller@courtesan.com>
Fri, 24 Feb 2012 20:17:48 +0000 (15:17 -0500)
committer Todd C. Miller <Todd.Miller@courtesan.com>
Fri, 24 Feb 2012 20:17:48 +0000 (15:17 -0500)
diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c

index 04afd87bb27c27291688fce400d3b805ab4de8c9..a46ba1519032eb858c2652e99cad89015edaa220 100644 (file)
--- a/plugins/sudoers/ldap.c
+++ b/plugins/sudoers/ldap.c
@@ -1166,6 +1166,8 @@ sudo_ldap_build_pass1(struct passwd *pw)
             (void) strlcat(buf, ")", sz);
         }
         for (i = 0; i < grlist->ngids; i++) {
+           if (pw->pw_gid == grlist->gids[i])
+               continue;
             (void) snprintf(gidbuf, sizeof(gidbuf), "%u",
                 (unsigned int)grlist->gids[i]);
             (void) strlcat(buf, "(sudoUser=%#", sz);
author	Todd C. Miller <Todd.Miller@courtesan.com>
	Fri, 24 Feb 2012 20:17:48 +0000 (15:17 -0500)
committer	Todd C. Miller <Todd.Miller@courtesan.com>
	Fri, 24 Feb 2012 20:17:48 +0000 (15:17 -0500)