Fix reading/writing Samba ACLs using RFC2307 mapping

When using RFC2307 uid/gid-mapping on Samba shares, the POSIX ACL contains
the Windows SIDs.  When writing back such an ACL we have to map the
Windows SIDs back to the corresponding Samba SIDs representing the UNIX
uid/gid value.  When reading Samba SIDs, make sure never to evaluate a
UNIX user account as group.

	* sec_acl.cc (set_posix_access): Convert Windows SIDs to
	RFC2307-mapped Sambe UNIX SIDs.
	* sec_helper.cc (cygpsid::get_id): Skip UNIX user accounts when
	trying to evaluate a SID as group.  Skip UNIX group accounts when
	trying to evaluate a SID as user.
	* cygheap.h (cygheap_ugid_cache::reverse_get): New method to
	get nfs id from cygwin id.
	(cygheap_ugid_cache::reverse_get_uid): Wrapper for uids.
	(cygheap_ugid_cache::reverse_get_gid): Wrapper for gids.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

1 files changed, 9 insertions, 0 deletions

diff --git a/winsup/cygwin/cygheap.h b/winsup/cygwin/cygheap.h
index fd848144f..c394e7fd2 100644
--- a/winsup/cygwin/cygheap.h
+++ b/winsup/cygwin/cygheap.h
@@ -508,6 +508,13 @@ class cygheap_ugid_cache
 	  return _map[i].cyg_id;
       return (uint32_t) -1;
     }
+    uint32_t reverse_get (uint32_t id) const
+    {
+      for (uint32_t i = 0; i < _cnt; ++i)
+	if (_map[i].cyg_id == id)
+	  return _map[i].nfs_id;
+      return (uint32_t) -1;
+    }
     void add (uint32_t nfs_id, uint32_t cyg_id)
     {
       if (_cnt >= _max)
@@ -523,6 +530,8 @@ class cygheap_ugid_cache
 public:
   uid_t get_uid (uid_t uid) const { return uids.get (uid); }
   gid_t get_gid (gid_t gid) const { return gids.get (gid); }
+  uid_t reverse_get_uid (uid_t uid) const { return uids.reverse_get (uid); }
+  gid_t reverse_get_gid (gid_t gid) const { return gids.reverse_get (gid); }
   void add_uid (uid_t nfs_uid, uid_t cyg_uid) { uids.add (nfs_uid, cyg_uid); }
   void add_gid (gid_t nfs_gid, gid_t cyg_gid) { gids.add (nfs_gid, cyg_gid); }
 };