Use newer x/sys/windows SecurityAttributes struct

zx2c4 · thaJeztah · commit c3a0a3744636 · 2019-10-02T21:12:23.000+02:00
This struct now has a properly typed member, so use the properly typed
functions with it.

Also update the vendor directory and hope nothing explodes.

Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
Signed-off-by: Sebastiaan van Stijn &lt;github@gone.nl&gt;
diff --git a/builder/dockerfile/internals_windows.go b/builder/dockerfile/internals_windows.go
@@ -12,7 +12,6 @@ import (
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/docker/docker/pkg/system"
-	"github.com/pkg/errors"
 	"golang.org/x/sys/windows"
 )
 
@@ -31,13 +30,7 @@ func getAccountIdentity(builder *Builder, accountName string, ctrRootPath string
 		sid, err := windows.StringToSid(accountName)
 
 		if err == nil {
-			accountSid, err := sid.String()
-
-			if err != nil {
-				return idtools.Identity{SID: ""}, errors.Wrapf(err, "error converting SID to string")
-			}
-
-			return idtools.Identity{SID: accountSid}, nil
+			return idtools.Identity{SID: sid.String()}, nil
 		}
 	}
 
@@ -46,13 +39,7 @@ func getAccountIdentity(builder *Builder, accountName string, ctrRootPath string
 
 	// If this is a SID that is built-in and hence the same across all systems then use that.
 	if err == nil && (accType == windows.SidTypeAlias || accType == windows.SidTypeWellKnownGroup) {
-		accountSid, err := sid.String()
-
-		if err != nil {
-			return idtools.Identity{SID: ""}, errors.Wrapf(err, "error converting SID to string")
-		}
-
-		return idtools.Identity{SID: accountSid}, nil
+		return idtools.Identity{SID: sid.String()}, nil
 	}
 
 	// Check if the account name is one unique to containers.
diff --git a/daemon/debugtrap_windows.go b/daemon/debugtrap_windows.go
@@ -5,7 +5,6 @@ import (
 	"os"
 	"unsafe"
 
-	winio "github.com/Microsoft/go-winio"
 	"github.com/docker/docker/pkg/signal"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/windows"
@@ -17,15 +16,15 @@ func (d *Daemon) setupDumpStackTrap(root string) {
 	// signaled. ACL'd to builtin administrators and local system
 	event := "Global\\stackdump-" + fmt.Sprint(os.Getpid())
 	ev, _ := windows.UTF16PtrFromString(event)
-	sd, err := winio.SddlToSecurityDescriptor("D:P(A;;GA;;;BA)(A;;GA;;;SY)")
+	sd, err := windows.SecurityDescriptorFromString("D:P(A;;GA;;;BA)(A;;GA;;;SY)")
 	if err != nil {
 		logrus.Errorf("failed to get security descriptor for debug stackdump event %s: %s", event, err.Error())
 		return
 	}
 	var sa windows.SecurityAttributes
 	sa.Length = uint32(unsafe.Sizeof(sa))
 	sa.InheritHandle = 1
-	sa.SecurityDescriptor = uintptr(unsafe.Pointer(&sd[0]))
+	sa.SecurityDescriptor = sd
 	h, err := windows.CreateEvent(&sa, 0, 0, ev)
 	if h == 0 || err != nil {
 		logrus.Errorf("failed to create debug stackdump event %s: %s", event, err.Error())
diff --git a/pkg/system/filesys_windows.go b/pkg/system/filesys_windows.go
@@ -11,7 +11,6 @@ import (
 	"time"
 	"unsafe"
 
-	winio "github.com/Microsoft/go-winio"
 	"golang.org/x/sys/windows"
 )
 
@@ -103,13 +102,13 @@ func mkdirall(path string, applyACL bool, sddl string) error {
 // and Local System.
 func mkdirWithACL(name string, sddl string) error {
 	sa := windows.SecurityAttributes{Length: 0}
-	sd, err := winio.SddlToSecurityDescriptor(sddl)
+	sd, err := windows.SecurityDescriptorFromString(sddl)
 	if err != nil {
 		return &os.PathError{Op: "mkdir", Path: name, Err: err}
 	}
 	sa.Length = uint32(unsafe.Sizeof(sa))
 	sa.InheritHandle = 1
-	sa.SecurityDescriptor = uintptr(unsafe.Pointer(&sd[0]))
+	sa.SecurityDescriptor = sd
 
 	namep, err := windows.UTF16PtrFromString(name)
 	if err != nil {
