From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Tue, 1 Jan 2008 21:25:23 +0000 (+0000)
Subject: When building up a query don't list groups in the aux group vector
X-Git-Tag: SUDO_1_7_0~275
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a7fb2f3e369a258489ac07e1e574383633a04d52;p=sudo

When building up a query don't list groups in the aux group vector
that are the same as the passwd file group.  On most systems the
first gid in the group vector is the same as the passwd entry gid.
---

diff --git a/ldap.c b/ldap.c
index 530ff92c5..f36bd7850 100644
--- a/ldap.c
+++ b/ldap.c
@@ -578,6 +578,8 @@ sudo_ldap_build_pass1(pw)
     if ((grp = sudo_getgrgid(pw->pw_gid)) != NULL)
 	sz += 12 + strlen(grp->gr_name);	/* primary group */
     for (i = 0; i < user_ngroups; i++) {
+	if (user_groups[i] == pw->pw_gid)
+	    continue;
 	if ((grp = sudo_getgrgid(user_groups[i])) != NULL)
 	    sz += 12 + strlen(grp->gr_name);	/* supplementary group */
     }
@@ -597,6 +599,8 @@ sudo_ldap_build_pass1(pw)
 
     /* Append supplementary groups */
     for (i = 0; i < user_ngroups; i++) {
+	if (user_groups[i] == pw->pw_gid)
+	    continue;
 	if ((grp = sudo_getgrgid(user_groups[i])) != NULL) {
 	    (void) strlcat(buf, "(sudoUser=%", sz);
 	    (void) strlcat(buf, grp->gr_name, sz);