* sec_helper.cc (security_descriptor::free): If sd_size is 0, call

	LocalFree instead of ::free.

	* sec_acl.cc: Throughout replace old ACE flag definitions with current
	definitions as used in MSDN man pages.
	* security.cc: Ditto.

	* fhandler.cc (fhandler_base::open): Make sure file has really been
	just created before fixing file permissions.  Add S_JUSTCREATED
	attribute to set_file_attribute call.
	* fhandler_disk_file.cc (fhandler_disk_file::mkdir): Always create dir
	with default security descriptor and fix descriptor afterwards.
	Add S_JUSTCREATED flag to set_file_attribute call.
	* fhandler_socket.cc (fhandler_socket::bind): Ditto for AF_LOCAL
	socket files.
	* path.cc (symlink_worker): Ditto for symlinks.
	* security.cc (get_file_sd): Call GetSecurityInfo rather than
	NtQuerySecurityObject.  Explain why.  Change error handling accordingly.
	(alloc_sd): Skip non-inherited, non-standard entries in ACL if
	S_JUSTCREATED attribute is set.  Explain why.  Minor format fixes.
	* security.h (S_JUSTCREATED): New define.
	(security_descriptor::operator=): New operator.

1 files changed, 5 insertions, 0 deletions

diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h
index d0cb226a9..4ef1a528b 100644
--- a/winsup/cygwin/security.h
+++ b/winsup/cygwin/security.h
@@ -14,6 +14,10 @@ details. */
 
 #include <accctrl.h>
 
+/* Special file attribute set, for instance, in open() and mkdir() to
+   flag that a file has just been created.  Used in alloc_sd, see there. */
+#define S_JUSTCREATED 0x80000000
+
 #define DEFAULT_UID DOMAIN_USER_RID_ADMIN
 #define UNKNOWN_UID 400 /* Non conflicting number */
 #define UNKNOWN_GID 401
@@ -279,6 +283,7 @@ public:
   }
   inline operator const PSECURITY_DESCRIPTOR () { return psd; }
   inline operator PSECURITY_DESCRIPTOR *() { return &psd; }
+  inline void operator =(PSECURITY_DESCRIPTOR nsd) { psd = nsd; }
 };
 
 class user_groups {