Add test to exercise the bug that prevented the group specified via

"sudo -g" from matching when a Runas_Alias was used in the user or
group portion of a Runas_Spec.

MANIFEST

@@ -1080,6 +1080,8 @@ plugins/sudoers/regress/testsudoers/test2.out.ok
 plugins/sudoers/regress/testsudoers/test2.sh
 plugins/sudoers/regress/testsudoers/test20.out.ok
 plugins/sudoers/regress/testsudoers/test20.sh
+plugins/sudoers/regress/testsudoers/test21.out.ok
+plugins/sudoers/regress/testsudoers/test21.sh
 plugins/sudoers/regress/testsudoers/test3.out.ok
 plugins/sudoers/regress/testsudoers/test3.sh
 plugins/sudoers/regress/testsudoers/test4.out.ok

plugins/sudoers/regress/testsudoers/passwd

@@ -0,0 +1,6 @@
+root:*:0:0:Charlie &:/root:/bin/sh
+daemon:*:1:1:The devil himself:/root:/sbin/nologin
+operator:*:2:5:System &:/operator:/sbin/nologin
+bin:*:3:7:Binaries Commands and Source:/:/sbin/nologin
+admin:*:1000:20:Admin user:/home/admin:/bin/sh
+nobody:*:32767:32767:Unprivileged user:/nonexistent:/sbin/nologin

plugins/sudoers/regress/testsudoers/test21.out.ok

@@ -0,0 +1,10 @@
+Parses OK
+
+Entries for user admin:
+
+ALL = (USERALIAS : GROUPALIAS) /bin/ls
+	host  matched
+	runas matched
+	cmnd  allowed
+
+Command allowed

plugins/sudoers/regress/testsudoers/test21.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+#
+# Verify that a Runas_Alias works in both user and group lists.
+# This tests a bug fixed in sudo 1.9.14.
+#
+
+: ${TESTSUDOERS=testsudoers}
+
+exec 2>&1
+
+# The user in USERALIAS must *not* belong to the group in GROUPALIAS
+# in the group or passwd file in order to reproduce the bug.
+$TESTSUDOERS -u root -g bin -p ${TESTDIR}/passwd -P ${TESTDIR}/group \
+    admin /bin/ls <<'EOF'
+Runas_Alias USERALIAS = root
+Runas_Alias GROUPALIAS = bin
+admin ALL = (USERALIAS : GROUPALIAS) /bin/ls
+EOF
+
+exit 0