-/* $OpenBSD: uidswap.c,v 1.29 2006/06/08 14:45:49 markus Exp $ */
+/* $OpenBSD: uidswap.c,v 1.35 2006/08/03 03:34:42 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#include "includes.h"
+#include <sys/param.h>
+#include <errno.h>
+#include <pwd.h>
+#include <string.h>
+#include <unistd.h>
+#include <stdarg.h>
+
+#include <grp.h>
+
#include "log.h"
#include "uidswap.h"
#include "xmalloc.h"
fatal("setgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
#endif
+#ifdef __APPLE__
+ /*
+ * OS X requires initgroups after setgid to opt back into
+ * memberd support for >16 supplemental groups.
+ */
+ if (initgroups(pw->pw_name, pw->pw_gid) < 0)
+ fatal("initgroups %.100s %u: %.100s",
+ pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
+#endif
+
#if defined(HAVE_SETRESUID) && !defined(BROKEN_SETRESUID)
if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0)
fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));