From: Todd C. Miller Date: Fri, 24 Feb 2012 20:17:48 +0000 (-0500) Subject: When adding gids to the LDAP filter, only add the primary gid once. X-Git-Tag: SUDO_1_8_5~1^2~190 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4f9da8fdaa1f04c1e759b1241780ed00ba162556;p=sudo When adding gids to the LDAP filter, only add the primary gid once. This is consistent with the space computation/allocation. From Eric Lakin --- diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c index 04afd87bb..a46ba1519 100644 --- a/plugins/sudoers/ldap.c +++ b/plugins/sudoers/ldap.c @@ -1166,6 +1166,8 @@ sudo_ldap_build_pass1(struct passwd *pw) (void) strlcat(buf, ")", sz); } for (i = 0; i < grlist->ngids; i++) { + if (pw->pw_gid == grlist->gids[i]) + continue; (void) snprintf(gidbuf, sizeof(gidbuf), "%u", (unsigned int)grlist->gids[i]); (void) strlcat(buf, "(sudoUser=%#", sz);