From e26cf1c5d71a4f63eb23a075a555868bdbe3970f Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Thu, 16 Apr 2015 22:27:49 +0200
Subject: [PATCH] Fix merging group perms into owner perms in owner == group
 case

        * sec_acl.cc (set_posix_access): Move merging group perms into owner
        perms in case of owner == group after mask has been computed.  Take
        mask into account when doing so to avoid unnecessary ACCESS_DENIED_ACE.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
---
 winsup/cygwin/ChangeLog  |  6 ++++++
 winsup/cygwin/sec_acl.cc | 10 +++++-----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index bd5ea550a..2ecafa0ba 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,9 @@
+2015-04-16  Corinna Vinschen  <corinna@vinschen.de>
+
+	* sec_acl.cc (set_posix_access): Move merging group perms into owner
+	perms in case of owner == group after mask has been computed.  Take
+	mask into account when doing so to avoid unnecessary ACCESS_DENIED_ACE.
+
 2015-04-16  Corinna Vinschen  <corinna@vinschen.de>
 
 	* sec_acl.cc (get_posix_access): Only set saw_group_obj flag if we saw
diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc
index 1855bb625..b25e9b337 100644
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@@ -274,11 +274,6 @@ set_posix_access (mode_t attr, uid_t uid, gid_t gid,
       tmp_idx = searchace (aclbufp, nentries, def | OTHER_OBJ);
       other_obj = aclbufp[tmp_idx].a_perm;
 
-      /* Do we potentially chmod a file with owner SID == group SID?  If so,
-	 make sure the owner perms are always >= group perms. */
-      if (!def && owner_eq_group)
-	  aclbufp[0].a_perm |= group_obj;
-
       /* ... class_obj.  Create Cygwin ACE.  Only the S_ISGID attribute gets
 	 inherited. */
       access = CYG_ACE_ISBITS_TO_WIN (def ? attr & S_ISGID : attr);
@@ -300,6 +295,11 @@ set_posix_access (mode_t attr, uid_t uid, gid_t gid,
 				  inherit))
 	return NULL;
 
+      /* Do we potentially chmod a file with owner SID == group SID?  If so,
+	 make sure the owner perms are always >= group perms. */
+      if (!def && owner_eq_group)
+	  aclbufp[0].a_perm |= group_obj & class_obj;
+
       /* This loop has two runs, the first w/ check_types == (USER_OBJ | USER),
 	 the second w/ check_types == (GROUP_OBJ | GROUP).  Each run creates
 	 first the deny, then the allow ACEs for the current types. */