From 47e7288769ac6e215a40e3a606c78adaebcfb266 Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Sun, 29 Nov 2015 20:26:48 +0100
Subject: [PATCH] Use correct gid value for Microsoft Account when /etc/group
 is in use

	* sec_acl.cc (get_posix_access): In case owner SID == group SID, when
	encountering the group entry, change the value of `id' accordingly.
	Explain why.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
---
 winsup/cygwin/ChangeLog  |  6 ++++++
 winsup/cygwin/sec_acl.cc | 14 ++++++++++++--
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 8bffa819e..4644d35cb 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,9 @@
+2015-11-29  Corinna Vinschen  <corinna@vinschen.de>
+
+	* sec_acl.cc (get_posix_access): In case owner SID == group SID, when
+	encountering the group entry, change the value of `id' accordingly.
+	Explain why.
+
 2015-11-28  Corinna Vinschen  <corinna@vinschen.de>
 
 	* gendef (sigdelayed): Save and restore content of the MXCSR register
diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc
index f632410ee..5b1705e86 100644
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@@ -811,6 +811,12 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
 		  if (owner_eq_group && !saw_group_obj)
 		    {
 		      type = GROUP_OBJ;
+		      /* Gid and uid are not necessarily the same even if the
+			 SID is the same: /etc/group is in use and the user got
+			 added to /etc/group using another gid than the uid.
+			 This is a border case but it happened and resetting id
+			 to gid is not much of a burden. */
+		      id = gid;
 		      if (ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE)
 			saw_group_obj = true;
 		    }
@@ -871,8 +877,12 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
 	      if (saw_def_user_obj)
 		{
 		  if (owner_eq_group && !saw_def_group_obj && attr & S_ISGID)
-		    type = GROUP_OBJ;	/* This needs post-processing in the
-					   following GROUP_OBJ handling... */
+		    {
+		      /* This needs post-processing in the following GROUP_OBJ
+		         handling...  Set id to ILLEGAL_GID to play it safe. */
+		      type = GROUP_OBJ;
+		      id = ILLEGAL_GID;
+		    }
 		  else
 		    type = USER;
 		}