Fix thinko in creating the {DEF_}CLASS_OBJ value on old-style ACLs

* sec_acl.cc (get_posix_access): Don't use GROUP_OBJ access to fix up
	CLASS_OBJ mask on old-style ACLs.  Fix a comment.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

winsup/cygwin/ChangeLog

@@ -1,3 +1,8 @@
+2015-04-14  Corinna Vinschen  <corinna@vinschen.de>
+
+	* sec_acl.cc (get_posix_access): Don't use GROUP_OBJ access to fix up
+	CLASS_OBJ mask on old-style ACLs.  Fix a comment.
+
 2015-04-12  Corinna Vinschen  <corinna@vinschen.de>
 
 	* sec_acl.cc (set_posix_access): Always make sure Admins have

winsup/cygwin/sec_acl.cc

@@ -739,11 +739,12 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
 	      if (!new_style)
 		{
 		  /* Fix up CLASS_OBJ value. */
-		  if (type & (USER | GROUP_OBJ | GROUP))
+		  if (type & (USER | GROUP))
 		    {
 		      has_class_perm = true;
-		      /* Accommodate Windows: Never add SYSTEM and Admins
+		      /* Accommodate Windows: Never add SYSTEM and Admins to
-			 perms to CLASS_OBJ perms. */
+			 CLASS_OBJ.  Unless (implicitely) if they are the
+			 GROUP_OBJ entry. */
 		      if (ace_sid != well_known_system_sid
 			  && ace_sid != well_known_admins_sid)
 			class_perm |= lacl[pos].a_perm;
@@ -774,11 +775,12 @@ get_posix_access (PSECURITY_DESCRIPTOR psd,
 	      if (!new_style)
 		{
 		  /* Fix up DEF_CLASS_OBJ value. */
-		  if (type & (USER | GROUP_OBJ | GROUP))
+		  if (type & (USER | GROUP))
 		    {
 		      has_def_class_perm = true;
-		      /* Accommodate Windows: Never add SYSTEM and Admins
+		      /* Accommodate Windows: Never add SYSTEM and Admins to
-			 perms to CLASS_OBJ perms. */
+			 CLASS_OBJ.  Unless (implicitely) if they are the
+			 GROUP_OBJ entry. */
 		      if (ace_sid != well_known_system_sid
 			  && ace_sid != well_known_admins_sid)
 		      def_class_perm |= lacl[pos].a_perm;