From 908f9b653b602b5161152d97a7213c6024b1ffb7 Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Fri, 24 May 2002 14:44:05 +0000
Subject: [PATCH] 	* security.cc (create_token): Call __sec_user()
 instead of 	sec_user() to remove dependence on allow_ntsec. Verify that 
 the returned sd is non-null.

---
 winsup/cygwin/ChangeLog   | 6 ++++++
 winsup/cygwin/security.cc | 9 +++++----
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index e54c5b2b1..4afbb3832 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,9 @@
+2002-05-22  Pierre Humblet <pierre.humblet@ieee.org>
+
+	* security.cc (create_token): Call __sec_user() instead of
+	sec_user() to remove dependence on allow_ntsec. Verify that
+	the returned sd is non-null.
+
 2002-05-25  Robert Collins   <rbtcollins@hotmail.com>
 
 	* gmon.c (fake_sbrk): Correctly return -1 on failed malloc's.
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index 4d6309073..a5d5fa766 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -854,10 +854,11 @@ create_token (cygsid &usersid, cygsid &pgrpsid)
   else
     {
       /* Set security descriptor and primary group */
-      psa = sec_user (sa_buf, usersid);
-      if (!SetSecurityDescriptorGroup (
-                   (PSECURITY_DESCRIPTOR) psa->lpSecurityDescriptor,
-                   special_pgrp?pgrpsid:well_known_null_sid, FALSE))
+      psa = __sec_user (sa_buf, usersid, TRUE);
+      if (psa->lpSecurityDescriptor && 
+	  !SetSecurityDescriptorGroup (
+	      (PSECURITY_DESCRIPTOR) psa->lpSecurityDescriptor,
+	      special_pgrp?pgrpsid:well_known_null_sid, FALSE))
           debug_printf ("SetSecurityDescriptorGroup %E");
       /* Convert to primary token. */
       if (!DuplicateTokenEx (token, MAXIMUM_ALLOWED, psa,