From 76fcd9e5cf0b9f51f990915b0f92be36814d085c Mon Sep 17 00:00:00 2001
From: Arne Juul <arnej@verizonmedia.com>
Date: Fri, 27 Aug 2021 09:32:30 +0000
Subject: use getgrouplist and also change supplementary groups

---
 configd/src/apps/su/main.cpp | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/configd/src/apps/su/main.cpp b/configd/src/apps/su/main.cpp
index 095bbdb6844..09bac09ff01 100644
--- a/configd/src/apps/su/main.cpp
+++ b/configd/src/apps/su/main.cpp
@@ -28,6 +28,10 @@ int main(int argc, char** argv)
     gid_t g = p->pw_gid;
     uid_t u = p->pw_uid;
 
+    gid_t grouplist[256];
+    int group_arr_sz = 256;
+    int ggl = getgrouplist(username, g, grouplist, &group_arr_sz);
+
     gid_t oldg = getgid();
     uid_t oldu = getuid();
 
@@ -36,7 +40,11 @@ int main(int argc, char** argv)
         return 1;
     }
     size_t listsize = 1;
-    gid_t grouplist[1] = { g };
+    if (ggl > 0) {
+        listsize = group_arr_sz;
+    } else {
+        grouplist[0] = g;
+    }
     if ((g != oldg || u != oldu) && setgroups(listsize, grouplist) != 0) {
         perror("FATAL error: could not setgroups");
         return 1;
-- 
cgit v1.2.3


From 1a469dac6684ad13257c83110f0c0b0f821a1ca6 Mon Sep 17 00:00:00 2001
From: Arne Juul <arnej@verizonmedia.com>
Date: Mon, 30 Aug 2021 20:37:35 +0000
Subject: try to make it work on Mac OS X also

---
 configd/src/apps/su/main.cpp | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/configd/src/apps/su/main.cpp b/configd/src/apps/su/main.cpp
index 09bac09ff01..92767710fee 100644
--- a/configd/src/apps/su/main.cpp
+++ b/configd/src/apps/su/main.cpp
@@ -30,7 +30,16 @@ int main(int argc, char** argv)
 
     gid_t grouplist[256];
     int group_arr_sz = 256;
+#ifdef __APPLE__
+    int mac_gid = g;
+    int mac_groups[256];
+    int ggl = getgrouplist(username, mac_gid, mac_groups, &group_arr_sz);
+    for (int i = 0; i < group_arr_sz; ++i) {
+        grouplist[i] = (gid_t) mac_groups[i];
+    }
+#else
     int ggl = getgrouplist(username, g, grouplist, &group_arr_sz);
+#endif
 
     gid_t oldg = getgid();
     uid_t oldu = getuid();
@@ -40,7 +49,7 @@ int main(int argc, char** argv)
         return 1;
     }
     size_t listsize = 1;
-    if (ggl > 0) {
+    if (ggl >= 0) {
         listsize = group_arr_sz;
     } else {
         grouplist[0] = g;
-- 
cgit v1.2.3


From 62bcc067edffe1a6e711b496cfb8d0000d67ce01 Mon Sep 17 00:00:00 2001
From: Arne Juul <arnej@verizonmedia.com>
Date: Tue, 31 Aug 2021 06:12:42 +0000
Subject: only access mac_groups when getgrouplist was successful

---
 configd/src/apps/su/main.cpp | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/configd/src/apps/su/main.cpp b/configd/src/apps/su/main.cpp
index 92767710fee..f61faf01fee 100644
--- a/configd/src/apps/su/main.cpp
+++ b/configd/src/apps/su/main.cpp
@@ -34,8 +34,12 @@ int main(int argc, char** argv)
     int mac_gid = g;
     int mac_groups[256];
     int ggl = getgrouplist(username, mac_gid, mac_groups, &group_arr_sz);
-    for (int i = 0; i < group_arr_sz; ++i) {
-        grouplist[i] = (gid_t) mac_groups[i];
+    if (ggl < 0) {
+        group_arr_sz = 0;
+    } else {
+        for (int i = 0; i < group_arr_sz; ++i) {
+            grouplist[i] = (gid_t) mac_groups[i];
+        }
     }
 #else
     int ggl = getgrouplist(username, g, grouplist, &group_arr_sz);
@@ -49,7 +53,7 @@ int main(int argc, char** argv)
         return 1;
     }
     size_t listsize = 1;
-    if (ggl >= 0) {
+    if (ggl >= 0 && group_arr_sz > 0) {
         listsize = group_arr_sz;
     } else {
         grouplist[0] = g;
-- 
cgit v1.2.3