Parse "ALL" as a command correctly.

diff --git a/plugins/sudoers/ldap_util.c b/plugins/sudoers/ldap_util.c
index 35e7d76ce36c4574b92c3dbc9d9dc8b6dc97992f..06770d4a45176f8716b0dee915af443fe75c96e9 100644 (file)
--- a/plugins/sudoers/ldap_util.c
+++ b/plugins/sudoers/ldap_util.c
@@ -324,29 +324,33 @@ sudo_ldap_role_to_priv(const char *cn, void *hosts, void *runasusers,
        cmndspec->timeout = UNSPEC;
 
        /* Fill in member. */
-       m->type = COMMAND;
        m->negated = negated;
-       m->name = (char *)c;
+       if (strcmp(cmnd, "ALL") == 0) {
+           m->type = ALL;
+       } else {
+           m->type = COMMAND;
+           m->name = (char *)c;
 
-       /* Fill in command with optional digest. */
-       if (sudo_ldap_extract_digest(&cmnd, &digest) != NULL) {
-           if ((c->digest = malloc(sizeof(*c->digest))) == NULL) {
-               free_member(m);
-               goto oom;
+           /* Fill in command with optional digest. */
+           if (sudo_ldap_extract_digest(&cmnd, &digest) != NULL) {
+               if ((c->digest = malloc(sizeof(*c->digest))) == NULL) {
+                   free_member(m);
+                   goto oom;
+               }
+               *c->digest = digest;
            }
-           *c->digest = digest;
-       }
-       if ((args = strpbrk(cmnd, " \t")) != NULL) {
-           *args++ = '\0';
-           if ((c->args = strdup(args)) == NULL) {
+           if ((args = strpbrk(cmnd, " \t")) != NULL) {
+               *args++ = '\0';
+               if ((c->args = strdup(args)) == NULL) {
+                   free_member(m);
+                   goto oom;
+               }
+           }
+           if ((c->cmnd = strdup(cmnd)) == NULL) {
                free_member(m);
                goto oom;
            }
        }
-       if ((c->cmnd = strdup(cmnd)) == NULL) {
-           free_member(m);
-           goto oom;
-       }
        cmndspec->cmnd = m;
 
        if (prev_cmndspec != NULL) {