From 3bba43b894c850f0914c778aec0a41fbccbc74b6 Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Mon, 9 Mar 2020 12:41:31 +0100
Subject: [PATCH 1/2] pkg/system: deprecate SetNamedSecurityInfo,
 GetSecurityDescriptorDacl

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 pkg/system/syscall_windows.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/system/syscall_windows.go b/pkg/system/syscall_windows.go
index e81fe3c300..33bd5d9a82 100644
--- a/pkg/system/syscall_windows.go
+++ b/pkg/system/syscall_windows.go
@@ -136,6 +136,7 @@ func HasWin32KSupport() bool {
 	return ntuserApiset.Load() == nil
 }
 
+// Deprecated: use golang.org/x/sys/windows.SetNamedSecurityInfo()
 func SetNamedSecurityInfo(objectName *uint16, objectType uint32, securityInformation uint32, sidOwner *windows.SID, sidGroup *windows.SID, dacl *byte, sacl *byte) (result error) {
 	r0, _, _ := syscall.Syscall9(procSetNamedSecurityInfo.Addr(), 7, uintptr(unsafe.Pointer(objectName)), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(sidOwner)), uintptr(unsafe.Pointer(sidGroup)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), 0, 0)
 	if r0 != 0 {
@@ -144,6 +145,7 @@ func SetNamedSecurityInfo(objectName *uint16, objectType uint32, securityInforma
 	return
 }
 
+// Deprecated: uses golang.org/x/sys/windows.SecurityDescriptorFromString() and golang.org/x/sys/windows.SECURITY_DESCRIPTOR.DACL()
 func GetSecurityDescriptorDacl(securityDescriptor *byte, daclPresent *uint32, dacl **byte, daclDefaulted *uint32) (result error) {
 	r1, _, e1 := syscall.Syscall6(procGetSecurityDescriptorDacl.Addr(), 4, uintptr(unsafe.Pointer(securityDescriptor)), uintptr(unsafe.Pointer(daclPresent)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(daclDefaulted)), 0, 0)
 	if r1 == 0 {

From 70a4d886cdcd57f7259cda667a7fa97c3e2d0b7e Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Mon, 9 Mar 2020 12:42:08 +0100
Subject: [PATCH 2/2] builder: fixPermissionsWindows(): use
 golang.org/x/sys/windows

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 builder/dockerfile/copy_windows.go | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/builder/dockerfile/copy_windows.go b/builder/dockerfile/copy_windows.go
index b7475187fe..3f0ea32426 100644
--- a/builder/dockerfile/copy_windows.go
+++ b/builder/dockerfile/copy_windows.go
@@ -67,21 +67,17 @@ func fixPermissionsWindows(source, destination, SID string) error {
 	sddlString := system.SddlAdministratorsLocalSystem
 	sddlString += "(A;OICI;GRGWGXRCWDSD;;;" + SID + ")"
 
-	securityDescriptor, err := winio.SddlToSecurityDescriptor(sddlString)
+	securityDescriptor, err := windows.SecurityDescriptorFromString(sddlString)
 	if err != nil {
 		return err
 	}
 
-	var daclPresent uint32
-	var daclDefaulted uint32
-	var dacl *byte
-
-	err = system.GetSecurityDescriptorDacl(&securityDescriptor[0], &daclPresent, &dacl, &daclDefaulted)
+	dacl, _, err := securityDescriptor.DACL()
 	if err != nil {
 		return err
 	}
 
-	return system.SetNamedSecurityInfo(windows.StringToUTF16Ptr(destination), windows.SE_FILE_OBJECT, windows.OWNER_SECURITY_INFORMATION|windows.DACL_SECURITY_INFORMATION, sid, nil, dacl, nil)
+	return windows.SetNamedSecurityInfo(destination, windows.SE_FILE_OBJECT, windows.OWNER_SECURITY_INFORMATION|windows.DACL_SECURITY_INFORMATION, sid, nil, dacl, nil)
 }
 
 func validateCopySourcePath(imageSource *imageMount, origPath, platform string) error {