[newlib-cygwin] Use correct gid value for Microsoft Account when /etc/group is in use

Sun, 29 Nov 2015 11:27:51 -0800 

https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=47e7288769ac6e215a40e3a606c78adaebcfb266

commit 47e7288769ac6e215a40e3a606c78adaebcfb266
Author: Corinna Vinschen <[email protected]>
Date:   Sun Nov 29 20:26:48 2015 +0100

    Use correct gid value for Microsoft Account when /etc/group is in use
    
        * sec_acl.cc (get_posix_access): In case owner SID == group SID, when
        encountering the group entry, change the value of `id' accordingly.
        Explain why.
    
    Signed-off-by: Corinna Vinschen <[email protected]>

Diff:
---
 winsup/cygwin/ChangeLog  |  6 ++++++
 winsup/cygwin/sec_acl.cc | 14 ++++++++++++--
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 8bffa81..4644d35 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,9 @@
+2015-11-29  Corinna Vinschen  <[email protected]>
+
+       * sec_acl.cc (get_posix_access): In case owner SID == group SID, when
+       encountering the group entry, change the value of `id' accordingly.
+       Explain why.
+
 2015-11-28  Corinna Vinschen  <[email protected]>
 
        * gendef (sigdelayed): Save and restore content of the MXCSR register
diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc
index f632410..5b1705e 100644
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@@ -811,6 +811,12 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
                  if (owner_eq_group && !saw_group_obj)
                    {
                      type = GROUP_OBJ;
+                     /* Gid and uid are not necessarily the same even if the
+                        SID is the same: /etc/group is in use and the user got
+                        added to /etc/group using another gid than the uid.
+                        This is a border case but it happened and resetting id
+                        to gid is not much of a burden. */
+                     id = gid;
                      if (ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE)
                        saw_group_obj = true;
                    }
@@ -871,8 +877,12 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
              if (saw_def_user_obj)
                {
                  if (owner_eq_group && !saw_def_group_obj && attr & S_ISGID)
-                   type = GROUP_OBJ;   /* This needs post-processing in the
-                                          following GROUP_OBJ handling... */
+                   {
+                     /* This needs post-processing in the following GROUP_OBJ
+                        handling...  Set id to ILLEGAL_GID to play it safe. */
+                     type = GROUP_OBJ;
+                     id = ILLEGAL_GID;
+                   }
                  else
                    type = USER;
                }

Reply via email to