* autoload.cc (SetUserObjectSecurity): Drop.

* pinfo.cc (pinfo::set_acl): Use NtSetSecurityObject instead of
	SetKernelObjectSecurity.
	* spawn.cc (spawn_guts): Use NtSetSecurityObject instead of
	SetUserObjectSecurity.
	* uinfo.cc (cygheap_user::init): Ditto.

winsup/cygwin/ChangeLog

@@ -1,3 +1,12 @@
+2007-07-19  Corinna Vinschen  <corinna@vinschen.de>
+
+	* autoload.cc (SetUserObjectSecurity): Drop.
+	* pinfo.cc (pinfo::set_acl): Use NtSetSecurityObject instead of
+	SetKernelObjectSecurity.
+	* spawn.cc (spawn_guts): Use NtSetSecurityObject instead of
+	SetUserObjectSecurity.
+	* uinfo.cc (cygheap_user::init): Ditto.
+
 2007-07-19  Corinna Vinschen  <corinna@vinschen.de>
 
 	* cygheap.h (init_cygheap::luid): Remove.

winsup/cygwin/autoload.cc

@@ -357,7 +357,6 @@ LoadDLLfunc (SendMessageA, 16, user32)
 LoadDLLfunc (SetClipboardData, 8, user32)
 LoadDLLfunc (SetProcessWindowStation, 4, user32)
 LoadDLLfunc (SetTimer, 16, user32)
-LoadDLLfunc (SetUserObjectSecurity, 12, user32)
 
 LoadDLLfunc (accept, 12, ws2_32)
 LoadDLLfunc (bind, 12, ws2_32)

winsup/cygwin/pinfo.cc

@@ -291,6 +291,7 @@ pinfo::set_acl()
 {
   PACL acl_buf = (PACL) alloca (1024);
   SECURITY_DESCRIPTOR sd;
+  NTSTATUS status;
 
   sec_acl (acl_buf, true, true, cygheap->user.sid (),
 	   well_known_world_sid, FILE_MAP_READ);
@@ -298,8 +299,8 @@ pinfo::set_acl()
     debug_printf ("InitializeSecurityDescriptor %E");
   else if (!SetSecurityDescriptorDacl (&sd, TRUE, acl_buf, FALSE))
     debug_printf ("SetSecurityDescriptorDacl %E");
-  else if (!SetKernelObjectSecurity (h, DACL_SECURITY_INFORMATION, &sd))
-    debug_printf ("SetKernelObjectSecurity %E");
+  else if ((status = NtSetSecurityObject (h, DACL_SECURITY_INFORMATION, &sd)))
+    debug_printf ("NtSetSecurityObject %lx", status);
 }
 
 const char *

winsup/cygwin/spawn.cc

@@ -34,6 +34,7 @@ details. */
 #include "environ.h"
 #include "cygtls.h"
 #include "winf.h"
+#include "ntdll.h"
 
 static suffix_info exe_suffixes[] =
 {
@@ -514,15 +515,18 @@ loop:
       /* allow the child to interact with our window station/desktop */
       HANDLE hwst, hdsk;
       SECURITY_INFORMATION dsi = DACL_SECURITY_INFORMATION;
+      NTSTATUS status;
       DWORD n;
       char wstname[1024];
       char dskname[1024];
 
       hwst = GetProcessWindowStation ();
-      SetUserObjectSecurity (hwst, &dsi, get_null_sd ());
+      if ((status = NtSetSecurityObject (hwst, dsi, get_null_sd ())))
+	system_printf ("NtSetSecurityObject, %lx", status);
       GetUserObjectInformation (hwst, UOI_NAME, wstname, 1024, &n);
       hdsk = GetThreadDesktop (GetCurrentThreadId ());
-      SetUserObjectSecurity (hdsk, &dsi, get_null_sd ());
+      if ((status = NtSetSecurityObject (hdsk, dsi, get_null_sd ())))
+	system_printf ("NtSetSecurityObject, %lx", status);
       GetUserObjectInformation (hdsk, UOI_NAME, dskname, 1024, &n);
       strcat (wstname, "\\");
       strcat (wstname, dskname);

winsup/cygwin/uinfo.cc

@@ -30,6 +30,7 @@ details. */
 #include "child_info.h"
 #include "environ.h"
 #include "pwdgrp.h"
+#include "ntdll.h"
 
 /* Initialize the part of cygheap_user that does not depend on files.
    The information is used in shared.cc for the user shared.
@@ -72,12 +73,15 @@ cygheap_user::init ()
   if (GetSecurityDescriptorDacl (psd, &acl_exists, &dacl.DefaultDacl, &dummy)
       && acl_exists && dacl.DefaultDacl)
     {
+      NTSTATUS status;
+
       /* Set the default DACL and the process DACL */
       if (!SetTokenInformation (hProcToken, TokenDefaultDacl, &dacl,
       				sizeof (dacl)))
 	system_printf ("SetTokenInformation (TokenDefaultDacl), %E");
-      if (!SetKernelObjectSecurity (hMainProc, DACL_SECURITY_INFORMATION, psd))
-	system_printf ("SetKernelObjectSecurity, %E");
+      if ((status = NtSetSecurityObject (hMainProc, DACL_SECURITY_INFORMATION,
+					 psd)))
+	system_printf ("NtSetSecurityObject, %lx", status);
     }
   else
     system_printf("Cannot get dacl, %E");