let ga_init() fail gracefully if getgrouplist does

Apparently getgrouplist() can fail on OSX for when passed a non-existent
group name. Other platforms seem to return a group list consisting of
the numeric gid passed to the function.

This makes ga_init() handle this failure case gracefully, where it will
return success but with an empty group list array.

bz3848; ok dtucker@

diff --git a/groupaccess.c b/groupaccess.c
index b85782472b8503e06a2f1be88c6c14cf4ca47adb..046d0e6bcaf9565b4dcb84546cb5eaf721fdf647 100644 (file)
--- a/groupaccess.c
+++ b/groupaccess.c
@@ -63,6 +63,14 @@ ga_init(const char *user, gid_t base)
 
        groups_bygid = xcalloc(ngroups, sizeof(*groups_bygid));
        while (getgrouplist(user, base, groups_bygid, &ngroups) == -1) {
+               if (ngroups <= ongroups) {
+                       error("getgrouplist(\"%s\", %ld): failed",
+                           user, (long)base);
+                       free(groups_bygid);
+                       groups_bygid = NULL;
+                       ngroups = 0;
+                       return 0;
+               }
                if (retry++ > 0) {
                        fatal("getgrouplist(\"%s\", %ld): groups list too big "
                            "(have %ld, need %ld)", user, (long)base,