From 8c7f3e791ca2ba86cef977b17a9943509ae49c77 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Fri, 2 Mar 2018 11:12:14 -0700
Subject: [PATCH] Add missing support for converting LOG_INPUT/LOG_OUTPUT tags
 and expand support for NOMAIL tags.

---
 plugins/sudoers/ldap_util.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/plugins/sudoers/ldap_util.c b/plugins/sudoers/ldap_util.c
index 196b0bff3..e7ace9469 100644
--- a/plugins/sudoers/ldap_util.c
+++ b/plugins/sudoers/ldap_util.c
@@ -442,12 +442,17 @@ sudo_ldap_role_to_priv(const char *cn, void *hosts, void *runasusers,
 				cmndspec->tags.nopasswd = op == false;
 			    } else if (strcmp(var, "sudoedit_follow") == 0) {
 				cmndspec->tags.follow = op == true;
+			    } else if (strcmp(var, "log_input") == 0) {
+				cmndspec->tags.log_input = op == true;
+			    } else if (strcmp(var, "log_output") == 0) {
+				cmndspec->tags.log_output = op == true;
 			    } else if (strcmp(var, "noexec") == 0) {
 				cmndspec->tags.noexec = op == true;
 			    } else if (strcmp(var, "setenv") == 0) {
 				cmndspec->tags.setenv = op == true;
 			    } else if (strcmp(var, "mail_all_cmnds") == 0 ||
-				strcmp(var, "mail_always") == 0) {
+				strcmp(var, "mail_always") == 0 ||
+				strcmp(var, "mail_no_perms") == 0) {
 				cmndspec->tags.send_mail = op == true;
 			    } else {
 				handled = false;
-- 
2.40.0