From 5f9c8e2a8726a320619242b14802b7ac2a05161c Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Thu, 19 Jul 2007 08:36:32 +0000
Subject: [PATCH] 	* autoload.cc (SetUserObjectSecurity): Drop. 	*
 pinfo.cc (pinfo::set_acl): Use NtSetSecurityObject instead of 
 SetKernelObjectSecurity. 	* spawn.cc (spawn_guts): Use
 NtSetSecurityObject instead of 	SetUserObjectSecurity. 	* uinfo.cc
 (cygheap_user::init): Ditto.

---
 winsup/cygwin/ChangeLog   | 9 +++++++++
 winsup/cygwin/autoload.cc | 1 -
 winsup/cygwin/pinfo.cc    | 5 +++--
 winsup/cygwin/spawn.cc    | 8 ++++++--
 winsup/cygwin/uinfo.cc    | 8 ++++++--
 5 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 2a879fb54..7f824b4b2 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,12 @@
+2007-07-19  Corinna Vinschen  <corinna@vinschen.de>
+
+	* autoload.cc (SetUserObjectSecurity): Drop.
+	* pinfo.cc (pinfo::set_acl): Use NtSetSecurityObject instead of
+	SetKernelObjectSecurity.
+	* spawn.cc (spawn_guts): Use NtSetSecurityObject instead of
+	SetUserObjectSecurity.
+	* uinfo.cc (cygheap_user::init): Ditto.
+
 2007-07-19  Corinna Vinschen  <corinna@vinschen.de>
 
 	* cygheap.h (init_cygheap::luid): Remove.
diff --git a/winsup/cygwin/autoload.cc b/winsup/cygwin/autoload.cc
index 82ecf46c2..0f076f66f 100644
--- a/winsup/cygwin/autoload.cc
+++ b/winsup/cygwin/autoload.cc
@@ -357,7 +357,6 @@ LoadDLLfunc (SendMessageA, 16, user32)
 LoadDLLfunc (SetClipboardData, 8, user32)
 LoadDLLfunc (SetProcessWindowStation, 4, user32)
 LoadDLLfunc (SetTimer, 16, user32)
-LoadDLLfunc (SetUserObjectSecurity, 12, user32)
 
 LoadDLLfunc (accept, 12, ws2_32)
 LoadDLLfunc (bind, 12, ws2_32)
diff --git a/winsup/cygwin/pinfo.cc b/winsup/cygwin/pinfo.cc
index 6e6a85c1d..8c4702dfd 100644
--- a/winsup/cygwin/pinfo.cc
+++ b/winsup/cygwin/pinfo.cc
@@ -291,6 +291,7 @@ pinfo::set_acl()
 {
   PACL acl_buf = (PACL) alloca (1024);
   SECURITY_DESCRIPTOR sd;
+  NTSTATUS status;
 
   sec_acl (acl_buf, true, true, cygheap->user.sid (),
 	   well_known_world_sid, FILE_MAP_READ);
@@ -298,8 +299,8 @@ pinfo::set_acl()
     debug_printf ("InitializeSecurityDescriptor %E");
   else if (!SetSecurityDescriptorDacl (&sd, TRUE, acl_buf, FALSE))
     debug_printf ("SetSecurityDescriptorDacl %E");
-  else if (!SetKernelObjectSecurity (h, DACL_SECURITY_INFORMATION, &sd))
-    debug_printf ("SetKernelObjectSecurity %E");
+  else if ((status = NtSetSecurityObject (h, DACL_SECURITY_INFORMATION, &sd)))
+    debug_printf ("NtSetSecurityObject %lx", status);
 }
 
 const char *
diff --git a/winsup/cygwin/spawn.cc b/winsup/cygwin/spawn.cc
index 69a904314..604376880 100644
--- a/winsup/cygwin/spawn.cc
+++ b/winsup/cygwin/spawn.cc
@@ -34,6 +34,7 @@ details. */
 #include "environ.h"
 #include "cygtls.h"
 #include "winf.h"
+#include "ntdll.h"
 
 static suffix_info exe_suffixes[] =
 {
@@ -514,15 +515,18 @@ loop:
       /* allow the child to interact with our window station/desktop */
       HANDLE hwst, hdsk;
       SECURITY_INFORMATION dsi = DACL_SECURITY_INFORMATION;
+      NTSTATUS status;
       DWORD n;
       char wstname[1024];
       char dskname[1024];
 
       hwst = GetProcessWindowStation ();
-      SetUserObjectSecurity (hwst, &dsi, get_null_sd ());
+      if ((status = NtSetSecurityObject (hwst, dsi, get_null_sd ())))
+	system_printf ("NtSetSecurityObject, %lx", status);
       GetUserObjectInformation (hwst, UOI_NAME, wstname, 1024, &n);
       hdsk = GetThreadDesktop (GetCurrentThreadId ());
-      SetUserObjectSecurity (hdsk, &dsi, get_null_sd ());
+      if ((status = NtSetSecurityObject (hdsk, dsi, get_null_sd ())))
+	system_printf ("NtSetSecurityObject, %lx", status);
       GetUserObjectInformation (hdsk, UOI_NAME, dskname, 1024, &n);
       strcat (wstname, "\\");
       strcat (wstname, dskname);
diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc
index c582b629e..a6d8c41b3 100644
--- a/winsup/cygwin/uinfo.cc
+++ b/winsup/cygwin/uinfo.cc
@@ -30,6 +30,7 @@ details. */
 #include "child_info.h"
 #include "environ.h"
 #include "pwdgrp.h"
+#include "ntdll.h"
 
 /* Initialize the part of cygheap_user that does not depend on files.
    The information is used in shared.cc for the user shared.
@@ -72,12 +73,15 @@ cygheap_user::init ()
   if (GetSecurityDescriptorDacl (psd, &acl_exists, &dacl.DefaultDacl, &dummy)
       && acl_exists && dacl.DefaultDacl)
     {
+      NTSTATUS status;
+
       /* Set the default DACL and the process DACL */
       if (!SetTokenInformation (hProcToken, TokenDefaultDacl, &dacl,
       				sizeof (dacl)))
 	system_printf ("SetTokenInformation (TokenDefaultDacl), %E");
-      if (!SetKernelObjectSecurity (hMainProc, DACL_SECURITY_INFORMATION, psd))
-	system_printf ("SetKernelObjectSecurity, %E");
+      if ((status = NtSetSecurityObject (hMainProc, DACL_SECURITY_INFORMATION,
+					 psd)))
+	system_printf ("NtSetSecurityObject, %lx", status);
     }
   else
     system_printf("Cannot get dacl, %E");