* security.h (class cygpsid): New class.

(class cygsid): Use cygpsid as base. Remove members psid, get_id,
	get_uid, get_gid, string, debug_printf and the == and != operators.
	(cygsidlist::clear_supp): Only do work if setgroups has been called.
	* sec_helper.cc: Define sid_auth NO_COPY.
	(cygpsid::operator==): New operator.
	(cygpsid::get_id): New function.
	(cygpsid::string): New function.
	(cygsid::string): Delete.
	(cygsid::get_id): Delete.
	* pwdgrp.h: Change arguments of internal_getpwsid,
	internal_getgrsid and internal_getgroups to cygpsid.
	* passwd.cc (internal_getpwsid): Change argument from cygsid to cygpsid.
	* grp.cc (internal_getgrsid): Ditto.
	(internal_getgroups): Ditto.

winsup/cygwin/security.h

@@ -20,8 +20,40 @@ details. */
 
 #define NO_SID ((PSID)NULL)
 
-class cygsid {
+class cygpsid {
+protected:
   PSID psid;
+public:
+  cygpsid () {}
+  cygpsid (PSID nsid) { psid = nsid; }
+  operator const PSID () { return psid; }
+  const PSID operator= (PSID nsid) { return psid = nsid;}
+  __uid32_t get_id (BOOL search_grp, int *type = NULL);
+  int get_uid () { return get_id (FALSE); }
+  int get_gid () { return get_id (TRUE); }
+
+  char *string (char *nsidstr) const;
+
+  bool operator== (const PSID nsid) const
+    {
+      if (!psid || !nsid)
+	return nsid == psid;
+      return EqualSid (psid, nsid);
+    }
+  bool operator!= (const PSID nsid) const
+    { return !(*this == nsid); }
+  bool operator== (const char *nsidstr) const;
+  bool operator!= (const char *nsidstr) const
+    { return !(*this == nsidstr); }
+
+  void debug_print (const char *prefix = NULL) const
+    {
+      char buf[256];
+      debug_printf ("%s %s", prefix ?: "", string (buf) ?: "NULL");
+    }
+};
+
+class cygsid : public cygpsid {
   char sbuf[MAX_SID_LEN];
 
   const PSID getfromstr (const char *nsidstr);
@@ -50,7 +82,7 @@ public:
   inline const PSID operator= (const char *nsidstr)
     { return getfromstr (nsidstr); }
 
-  inline cygsid () : psid ((PSID) sbuf) {}
+  inline cygsid () : cygpsid ((PSID) sbuf) {}
   inline cygsid (const PSID nsid) { *this = nsid; }
   inline cygsid (const char *nstrsid) { *this = nstrsid; }
 
@@ -58,34 +90,6 @@ public:
 
   BOOL getfrompw (const struct passwd *pw);
   BOOL getfromgr (const struct __group32 *gr);
-
-  __uid32_t get_id (BOOL search_grp, int *type = NULL);
-  inline int get_uid () { return get_id (FALSE); }
-  inline int get_gid () { return get_id (TRUE); }
-
-  char *string (char *nsidstr) const;
-
-  inline BOOL operator== (const PSID nsid) const
-    {
-      if (!psid || !nsid)
-	return nsid == psid;
-      return EqualSid (psid, nsid);
-    }
-  inline BOOL operator== (const char *nsidstr) const
-    {
-      cygsid nsid (nsidstr);
-      return *this == nsid;
-    }
-  inline BOOL operator!= (const PSID nsid) const
-    { return !(*this == nsid); }
-  inline BOOL operator!= (const char *nsidstr) const
-    { return !(*this == nsidstr); }
-
-  void debug_print (const char *prefix = NULL) const
-    {
-      char buf[256];
-      debug_printf ("%s %s", prefix ?: "", string (buf) ?: "NULL");
-    }
 };
 
 typedef enum { cygsidlist_empty, cygsidlist_alloc, cygsidlist_auto } cygsidlist_type;
@@ -171,8 +175,11 @@ public:
     }
   void clear_supp ()
     {
-      sgsids.free_sids ();
-      ischanged = TRUE;
+      if (issetgroups ())
+        {
+	  sgsids.free_sids ();
+	  ischanged = TRUE;
+	}
     }
   void update_pgrp (const PSID sid)
     {
@@ -222,6 +229,8 @@ BOOL __stdcall add_access_denied_ace (PACL acl, int offset, DWORD attributes, PS
 void set_security_attribute (int attribute, PSECURITY_ATTRIBUTES psa,
 			     void *sd_buf, DWORD sd_buf_size);
 
+bool get_sids_info (cygpsid, cygpsid, __uid32_t * , __gid32_t *);
+
 /* Try a subauthentication. */
 HANDLE subauth (struct passwd *pw);
 /* Try creating a token directly. */