From 91f97d2f23843f73a868b9b691fc1c9e2eaa27b8 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Wed, 21 Feb 2018 21:09:57 -0700
Subject: [PATCH] In array_to_member_list() use the correct type for netgroups
 and user groups.

---
 plugins/sudoers/ldap_common.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/plugins/sudoers/ldap_common.c b/plugins/sudoers/ldap_common.c
index 2fdebcb43..097568b13 100644
--- a/plugins/sudoers/ldap_common.c
+++ b/plugins/sudoers/ldap_common.c
@@ -136,6 +136,22 @@ array_to_member_list(void *a, sudo_ldap_iter_t iter)
 	    /* Empty RunAsUser means run as the invoking user. */
 	    m->type = MYSELF;
 	    break;
+	case '+':
+	    m->type = NETGROUP;
+	    m->name = strdup(val);
+	    if (m->name == NULL) {
+		free(m);
+		goto bad;
+	    }
+	    break;
+	case '%':
+	    m->type = USERGROUP;
+	    m->name = strdup(val);
+	    if (m->name == NULL) {
+		free(m);
+		goto bad;
+	    }
+	    break;
 	case 'A':
 	    if (strcmp(val, "ALL") == 0) {
 		m->type = ALL;