* uinfo.cc (cygheap_user::init): Fix formatting in debug output.

(struct cyg_USER_INFO_24): Define temporarily.  Explain why.
	(pwdgrp::fetch_account_from_windows): Handle sane primary group
	setting for Microsoft Accounts.  Explain why.
	* wincap.h (wincaps::has_microsoft_accounts): New element.
	* wincap.cc: Implement above element throughout.

winsup/cygwin/ChangeLog

@@ -1,3 +1,12 @@
+2014-05-08  Corinna Vinschen  <corinna@vinschen.de>
+
+	* uinfo.cc (cygheap_user::init): Fix formatting in debug output.
+	(struct cyg_USER_INFO_24): Define temporarily.  Explain why.
+	(pwdgrp::fetch_account_from_windows): Handle sane primary group
+	setting for Microsoft Accounts.  Explain why.
+	* wincap.h (wincaps::has_microsoft_accounts): New element.
+	* wincap.cc: Implement above element throughout.
+
 2014-05-08  Corinna Vinschen  <corinna@vinschen.de>
 
 	* grp.cc (gr_ent::enumerate_caches): Fix copy/paste bug introducing

winsup/cygwin/uinfo.cc

@@ -85,7 +85,7 @@ cygheap_user::init ()
   status = NtSetInformationToken (hProcToken, TokenOwner, &effec_cygsid,
 				  sizeof (cygsid));
   if (!NT_SUCCESS (status))
-    debug_printf ("NtSetInformationToken(TokenOwner), %y", status);
+    debug_printf ("NtSetInformationToken (TokenOwner), %y", status);
 
   /* Standard way to build a security descriptor with the usual DACL */
   PSECURITY_ATTRIBUTES sa_buf = (PSECURITY_ATTRIBUTES) alloca (1024);
@@ -1162,6 +1162,19 @@ fetch_posix_offset (PDS_DOMAIN_TRUSTSW td, cyg_ldap *cldap)
   return td->PosixOffset;
 }
 
+/* CV 2014-05-08: USER_INFO_24 is not yet defined in Mingw64, but will be in
+   the next release.  For the time being, define the structure here with
+   another name which won't collide with the upcoming correct definition
+   in lmaccess.h. */
+struct cyg_USER_INFO_24
+{
+  BOOL   usri24_internet_identity;
+  DWORD  usri24_flags;
+  LPWSTR usri24_internet_provider_name;
+  LPWSTR usri24_internet_principal_name;
+  PSID   usri24_user_sid;
+};
+
 char *
 pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
 {
@@ -1564,6 +1577,25 @@ pwdgrp::fetch_account_from_windows (fetch_user_arg_t &arg, cyg_ldap *pldap)
 		    }
 		  /* Set comment variable for below attribute loop. */
 		  comment = ui->usri4_comment;
+		  /* Logging in with a Microsoft Account, the user's primary
+		     group SID is the user's SID.  Security sensitive tools
+		     expecting tight file permissions choke on that.  We need
+		     an explicit primary group which is not identical to the
+		     user account.  Unfortunately, while the default primary
+		     group of the account in SAM is still "None", "None" is not
+		     in the user token group list.  So, what we do here is to
+		     use "Users" as a sane default primary group instead. */
+		  if (wincap.has_microsoft_accounts ())
+		    {
+		      struct cyg_USER_INFO_24 *ui24;
+		      nas = NetUserGetInfo (NULL, name, 24, (PBYTE *) &ui24);
+		      if (nas == NERR_Success)
+			{
+			  if (ui24->usri24_internet_identity)
+			    gid = DOMAIN_ALIAS_RID_USERS;
+			  NetApiBufferFree (ui24);
+			}
+		    }
 		}
 	      else /* acc_type == SidTypeAlias */
 		{

winsup/cygwin/wincap.cc

@@ -2,7 +2,7 @@
 		capability class to the appropriate values.
 
    Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011,
-   2012, 2013 Red Hat, Inc.
+   2012, 2013, 2014 Red Hat, Inc.
 
 This file is part of Cygwin.
 
@@ -49,6 +49,7 @@ wincaps wincap_xpsp2 __attribute__((section (".cygwin_dll_common"), shared)) = {
   has_pipe_reject_remote_clients:false,
   terminate_thread_frees_stack:false,
   has_precise_system_time:false,
+  has_microsoft_accounts:false,
 };
 
 wincaps wincap_2003 __attribute__((section (".cygwin_dll_common"), shared)) = {
@@ -77,6 +78,7 @@ wincaps wincap_2003 __attribute__((section (".cygwin_dll_common"), shared)) = {
   has_pipe_reject_remote_clients:false,
   terminate_thread_frees_stack:false,
   has_precise_system_time:false,
+  has_microsoft_accounts:false,
 };
 
 wincaps wincap_vista __attribute__((section (".cygwin_dll_common"), shared)) = {
@@ -105,6 +107,7 @@ wincaps wincap_vista __attribute__((section (".cygwin_dll_common"), shared)) = {
   has_pipe_reject_remote_clients:true,
   terminate_thread_frees_stack:true,
   has_precise_system_time:false,
+  has_microsoft_accounts:false,
 };
 
 wincaps wincap_7 __attribute__((section (".cygwin_dll_common"), shared)) = {
@@ -133,6 +136,7 @@ wincaps wincap_7 __attribute__((section (".cygwin_dll_common"), shared)) = {
   has_pipe_reject_remote_clients:true,
   terminate_thread_frees_stack:true,
   has_precise_system_time:false,
+  has_microsoft_accounts:false,
 };
 
 wincaps wincap_8 __attribute__((section (".cygwin_dll_common"), shared)) = {
@@ -161,6 +165,7 @@ wincaps wincap_8 __attribute__((section (".cygwin_dll_common"), shared)) = {
   has_pipe_reject_remote_clients:true,
   terminate_thread_frees_stack:true,
   has_precise_system_time:true,
+  has_microsoft_accounts:true,
 };
 
 wincapc wincap __attribute__((section (".cygwin_dll_common"), shared));

winsup/cygwin/wincap.h

@@ -1,7 +1,7 @@
 /* wincap.h: Header for OS capability class.
 
    Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011,
-   2012, 2013 Red Hat, Inc.
+   2012, 2013, 2014 Red Hat, Inc.
 
 This file is part of Cygwin.
 
@@ -39,6 +39,7 @@ struct wincaps
   unsigned has_pipe_reject_remote_clients		: 1;
   unsigned terminate_thread_frees_stack			: 1;
   unsigned has_precise_system_time			: 1;
+  unsigned has_microsoft_accounts			: 1;
 };
 
 class wincapc
@@ -89,6 +90,7 @@ public:
   bool	IMPLEMENT (has_pipe_reject_remote_clients)
   bool	IMPLEMENT (terminate_thread_frees_stack)
   bool	IMPLEMENT (has_precise_system_time)
+  bool	IMPLEMENT (has_microsoft_accounts)
 
 #undef IMPLEMENT
 };