Fix merging group perms into owner perms in owner == group case

* sec_acl.cc (set_posix_access): Move merging group perms into owner
        perms in case of owner == group after mask has been computed.  Take
        mask into account when doing so to avoid unnecessary ACCESS_DENIED_ACE.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

winsup/cygwin/ChangeLog

@@ -1,3 +1,9 @@
+2015-04-16  Corinna Vinschen  <corinna@vinschen.de>
+
+	* sec_acl.cc (set_posix_access): Move merging group perms into owner
+	perms in case of owner == group after mask has been computed.  Take
+	mask into account when doing so to avoid unnecessary ACCESS_DENIED_ACE.
+
 2015-04-16  Corinna Vinschen  <corinna@vinschen.de>
 
 	* sec_acl.cc (get_posix_access): Only set saw_group_obj flag if we saw

winsup/cygwin/sec_acl.cc

@@ -274,11 +274,6 @@ set_posix_access (mode_t attr, uid_t uid, gid_t gid,
       tmp_idx = searchace (aclbufp, nentries, def | OTHER_OBJ);
       other_obj = aclbufp[tmp_idx].a_perm;
 
-      /* Do we potentially chmod a file with owner SID == group SID?  If so,
-	 make sure the owner perms are always >= group perms. */
-      if (!def && owner_eq_group)
-	  aclbufp[0].a_perm |= group_obj;
-
       /* ... class_obj.  Create Cygwin ACE.  Only the S_ISGID attribute gets
 	 inherited. */
       access = CYG_ACE_ISBITS_TO_WIN (def ? attr & S_ISGID : attr);
@@ -300,6 +295,11 @@ set_posix_access (mode_t attr, uid_t uid, gid_t gid,
 				  inherit))
 	return NULL;
 
+      /* Do we potentially chmod a file with owner SID == group SID?  If so,
+	 make sure the owner perms are always >= group perms. */
+      if (!def && owner_eq_group)
+	  aclbufp[0].a_perm |= group_obj & class_obj;
+
       /* This loop has two runs, the first w/ check_types == (USER_OBJ | USER),
 	 the second w/ check_types == (GROUP_OBJ | GROUP).  Each run creates
 	 first the deny, then the allow ACEs for the current types. */