From 63a87c815a3b539fff5a16c7e86f9adffacadc1e Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Thu, 19 Jul 2007 09:06:54 +0000
Subject: 	* autoload.cc (SetSecurityDescriptorControl): Drop. 	*
 security.cc (alloc_sd): Set security descriptor control flag without 
 calling SetSecurityDescriptorControl function. 	* wincap.h
 (wincapc::has_dacl_protect): Rename from 
 has_security_descriptor_control. 	* wincap.cc: Ditto throughout.

---
 winsup/cygwin/ChangeLog   |  9 +++++++++
 winsup/cygwin/autoload.cc |  2 --
 winsup/cygwin/security.cc | 12 ++++--------
 winsup/cygwin/wincap.cc   | 20 ++++++++++----------
 winsup/cygwin/wincap.h    |  4 ++--
 5 files changed, 25 insertions(+), 22 deletions(-)

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 7f824b4b2..8b0b4ea05 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,12 @@
+2007-07-19  Corinna Vinschen  <corinna@vinschen.de>
+
+	* autoload.cc (SetSecurityDescriptorControl): Drop.
+	* security.cc (alloc_sd): Set security descriptor control flag without
+	calling SetSecurityDescriptorControl function.
+	* wincap.h (wincapc::has_dacl_protect): Rename from
+	has_security_descriptor_control.
+	* wincap.cc: Ditto throughout.
+
 2007-07-19  Corinna Vinschen  <corinna@vinschen.de>
 
 	* autoload.cc (SetUserObjectSecurity): Drop.
diff --git a/winsup/cygwin/autoload.cc b/winsup/cygwin/autoload.cc
index 0f076f66f..6c5c06162 100644
--- a/winsup/cygwin/autoload.cc
+++ b/winsup/cygwin/autoload.cc
@@ -298,8 +298,6 @@ wsock_init ()
 
 LoadDLLprime (ws2_32, _wsock_init)
 
-LoadDLLfunc (SetSecurityDescriptorControl, 12, advapi32)
-
 /* 127 == ERROR_PROC_NOT_FOUND */
 LoadDLLfuncEx2 (DsGetDcNameA, 24, netapi32, 1, 127)
 LoadDLLfunc (NetApiBufferFree, 4, netapi32)
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index d76bbb1d8..df4953a44 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -1631,14 +1631,10 @@ alloc_sd (__uid32_t uid, __gid32_t gid, int attribute,
       return NULL;
     }
 
-  /*
-   * We set the SE_DACL_PROTECTED flag here to prevent the DACL from being
-   * modified by inheritable ACEs.
-   * This flag as well as the SetSecurityDescriptorControl call are available
-   * only since Win2K.
-   */
-  if (wincap.has_security_descriptor_control ())
-    SetSecurityDescriptorControl (&sd, SE_DACL_PROTECTED, SE_DACL_PROTECTED);
+  /* We set the SE_DACL_PROTECTED flag here to prevent the DACL from being
+   * modified by inheritable ACEs.  This flag is available since Win2K.  */
+  if (wincap.has_dacl_protect ())
+    sd.Control |= SE_DACL_PROTECTED;
 
   /* Create owner for local security descriptor. */
   if (!SetSecurityDescriptorOwner (&sd, owner_sid, FALSE))
diff --git a/winsup/cygwin/wincap.cc b/winsup/cygwin/wincap.cc
index ef4376801..b970aa8c3 100644
--- a/winsup/cygwin/wincap.cc
+++ b/winsup/cygwin/wincap.cc
@@ -18,7 +18,7 @@ static NO_COPY wincaps wincap_unknown = {
   heapslop:0x0,
   max_sys_priv:SE_CHANGE_NOTIFY_PRIVILEGE,
   is_server:false,
-  has_security_descriptor_control:false,
+  has_dacl_protect:false,
   has_ip_helper_lib:false,
   has_broken_if_oper_status:false,
   has_physical_mem_access:true,
@@ -47,7 +47,7 @@ static NO_COPY wincaps wincap_nt4 = {
   heapslop:0x0,
   max_sys_priv:SE_CHANGE_NOTIFY_PRIVILEGE,
   is_server:false,
-  has_security_descriptor_control:false,
+  has_dacl_protect:false,
   has_ip_helper_lib:false,
   has_broken_if_oper_status:false,
   has_physical_mem_access:true,
@@ -76,7 +76,7 @@ static NO_COPY wincaps wincap_nt4sp4 = {
   heapslop:0x0,
   max_sys_priv:SE_CHANGE_NOTIFY_PRIVILEGE,
   is_server:false,
-  has_security_descriptor_control:false,
+  has_dacl_protect:false,
   has_ip_helper_lib:true,
   has_broken_if_oper_status:true,
   has_physical_mem_access:true,
@@ -105,7 +105,7 @@ static NO_COPY wincaps wincap_2000 = {
   heapslop:0x0,
   max_sys_priv:SE_MANAGE_VOLUME_PRIVILEGE,
   is_server:false,
-  has_security_descriptor_control:true,
+  has_dacl_protect:true,
   has_ip_helper_lib:true,
   has_broken_if_oper_status:false,
   has_physical_mem_access:true,
@@ -134,7 +134,7 @@ static NO_COPY wincaps wincap_2000sp4 = {
   heapslop:0x0,
   max_sys_priv:SE_CREATE_GLOBAL_PRIVILEGE,
   is_server:false,
-  has_security_descriptor_control:true,
+  has_dacl_protect:true,
   has_ip_helper_lib:true,
   has_broken_if_oper_status:false,
   has_physical_mem_access:true,
@@ -163,7 +163,7 @@ static NO_COPY wincaps wincap_xp = {
   heapslop:0x0,
   max_sys_priv:SE_MANAGE_VOLUME_PRIVILEGE,
   is_server:false,
-  has_security_descriptor_control:true,
+  has_dacl_protect:true,
   has_ip_helper_lib:true,
   has_broken_if_oper_status:false,
   has_physical_mem_access:true,
@@ -192,7 +192,7 @@ static NO_COPY wincaps wincap_xpsp1 = {
   heapslop:0x0,
   max_sys_priv:SE_MANAGE_VOLUME_PRIVILEGE,
   is_server:false,
-  has_security_descriptor_control:true,
+  has_dacl_protect:true,
   has_ip_helper_lib:true,
   has_broken_if_oper_status:false,
   has_physical_mem_access:true,
@@ -221,7 +221,7 @@ static NO_COPY wincaps wincap_xpsp2 = {
   heapslop:0x0,
   max_sys_priv:SE_CREATE_GLOBAL_PRIVILEGE,
   is_server:false,
-  has_security_descriptor_control:true,
+  has_dacl_protect:true,
   has_ip_helper_lib:true,
   has_broken_if_oper_status:false,
   has_physical_mem_access:true,
@@ -250,7 +250,7 @@ static NO_COPY wincaps wincap_2003 = {
   heapslop:0x4,
   max_sys_priv:SE_CREATE_GLOBAL_PRIVILEGE,
   is_server:true,
-  has_security_descriptor_control:true,
+  has_dacl_protect:true,
   has_ip_helper_lib:true,
   has_broken_if_oper_status:false,
   has_physical_mem_access:false,
@@ -279,7 +279,7 @@ static NO_COPY wincaps wincap_vista = {
   heapslop:0x4,
   max_sys_priv:SE_CREATE_SYMBOLIC_LINK_PRIVILEGE,
   is_server:false,
-  has_security_descriptor_control:true,
+  has_dacl_protect:true,
   has_ip_helper_lib:true,
   has_broken_if_oper_status:false,
   has_physical_mem_access:false,
diff --git a/winsup/cygwin/wincap.h b/winsup/cygwin/wincap.h
index 903e531ca..55dc19cdb 100644
--- a/winsup/cygwin/wincap.h
+++ b/winsup/cygwin/wincap.h
@@ -17,7 +17,7 @@ struct wincaps
   DWORD    heapslop;
   DWORD    max_sys_priv;
   unsigned is_server                                    : 1;
-  unsigned has_security_descriptor_control              : 1;
+  unsigned has_dacl_protect                             : 1;
   unsigned has_ip_helper_lib                            : 1;
   unsigned has_broken_if_oper_status                    : 1;
   unsigned has_physical_mem_access                      : 1;
@@ -62,7 +62,7 @@ public:
   DWORD IMPLEMENT (heapslop)
   DWORD IMPLEMENT (max_sys_priv)
   bool  IMPLEMENT (is_server)
-  bool  IMPLEMENT (has_security_descriptor_control)
+  bool  IMPLEMENT (has_dacl_protect)
   bool  IMPLEMENT (has_ip_helper_lib)
   bool  IMPLEMENT (has_broken_if_oper_status)
   bool  IMPLEMENT (has_physical_mem_access)
-- 
cgit v1.2.3