From a17cd35d6d69ad771d4c5f7a8cab3570075502be Mon Sep 17 00:00:00 2001
From: Zebediah Figura <z.figura12@gmail.com>
Date: Tue, 20 Apr 2021 14:35:00 -0500
Subject: [PATCH] server: Map a SD group to Unix group modes if the SD owner is
 present anywhere in the current user's token.

Instead of requiring the SD owner to match the token user.

Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=44691
Signed-off-by: Zebediah Figura <z.figura12@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
---
 dlls/advapi32/tests/security.c | 4 ++--
 server/file.c                  | 9 ++++-----
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 08b73495aaa..299a340dcf3 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -8365,10 +8365,10 @@ static void test_group_as_file_owner(void)
 
     sprintf(path, "%s\\testdir\\subdir", temp_path);
     ret = CreateDirectoryA(path, NULL);
-    todo_wine ok(ret, "got error %u\n", GetLastError());
+    ok(ret, "got error %u\n", GetLastError());
 
     ret = RemoveDirectoryA(path);
-    todo_wine ok(ret, "got error %u\n", GetLastError());
+    ok(ret, "got error %u\n", GetLastError());
     sprintf(path, "%s\\testdir", temp_path);
     ret = RemoveDirectoryA(path);
     ok(ret, "got error %u\n", GetLastError());
diff --git a/server/file.c b/server/file.c
index 9a072e6c64e..aff4d9e09e1 100644
--- a/server/file.c
+++ b/server/file.c
@@ -473,7 +473,6 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
     mode_t mode;
     int present;
     const ACL *dacl = sd_get_dacl( sd, &present );
-    const SID *user = token_get_user( current->process->token );
     if (present && dacl)
     {
         const ACE_HEADER *ace = (const ACE_HEADER *)(dacl + 1);
@@ -496,8 +495,8 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
                     {
                         bits_to_set &= ~((mode << 6) | (mode << 3) | mode); /* all */
                     }
-                    else if ((security_equal_sid( user, owner ) &&
-                              token_sid_present( current->process->token, sid, TRUE )))
+                    else if (token_sid_present( current->process->token, owner, TRUE ) &&
+                             token_sid_present( current->process->token, sid, TRUE ))
                     {
                         bits_to_set &= ~((mode << 6) | (mode << 3));  /* user + group */
                     }
@@ -516,8 +515,8 @@ mode_t sd_to_mode( const struct security_descriptor *sd, const SID *owner )
                         new_mode |= mode & bits_to_set;
                         bits_to_set &= ~mode;
                     }
-                    else if ((security_equal_sid( user, owner ) &&
-                              token_sid_present( current->process->token, sid, FALSE )))
+                    else if (token_sid_present( current->process->token, owner, FALSE ) &&
+                             token_sid_present( current->process->token, sid, FALSE ))
                     {
                         mode = (mode << 6) | (mode << 3);  /* user + group */
                         new_mode |= mode & bits_to_set;