Cygwin: get/set security descriptors using FILE_OPEN_NO_RECALL

Add FILE_OPEN_NO_RECALL to NtOpenFile calls trying to fetch
or write file security descriptors so as not to recall them
from offline storage inadvertently.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

winsup/cygwin/sec/base.cc

@@ -65,7 +65,8 @@ get_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd,
 			   fh ? pc.init_reopen_attr (attr, fh)
 			      : pc.get_object_attr (attr, sec_none_nih),
 			   &io, FILE_SHARE_VALID_FLAGS,
-			   FILE_OPEN_FOR_BACKUP_INTENT
+			   FILE_OPEN_NO_RECALL
+			   | FILE_OPEN_FOR_BACKUP_INTENT
 			   | pc.is_known_reparse_point ()
 			   ? FILE_OPEN_REPARSE_POINT : 0);
       if (!NT_SUCCESS (status))
@@ -129,7 +130,8 @@ get_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd,
 				  NULL, NULL);
       status = NtOpenFile (&fh, READ_CONTROL, &attr, &io,
 			   FILE_SHARE_VALID_FLAGS,
-			   FILE_OPEN_FOR_BACKUP_INTENT
+			   FILE_OPEN_NO_RECALL
+			   | FILE_OPEN_FOR_BACKUP_INTENT
 			   | FILE_OPEN_REPARSE_POINT);
       if (!NT_SUCCESS (status))
 	{
@@ -234,7 +236,8 @@ set_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd, bool is_chown)
 				  : pc.get_object_attr (attr, sec_none_nih),
 			       &io,
 			       FILE_SHARE_VALID_FLAGS,
-			       FILE_OPEN_FOR_BACKUP_INTENT
+			       FILE_OPEN_NO_RECALL
+			       | FILE_OPEN_FOR_BACKUP_INTENT
 			       | pc.is_known_reparse_point ()
 			       ? FILE_OPEN_REPARSE_POINT : 0);
 	  if (!NT_SUCCESS (status))