Use newer x/sys/windows SecurityAttributes struct

This struct now has a properly typed member, so use the properly typed functions with it. Also update the vendor directory and hope nothing explodes. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-09 12:21:53 -05:00 · 2019-09-30 17:07:47 +02:00 · 2019-09-30 17:07:47 +02:00 · c3a0a37446
commit c3a0a37446
parent 4e0836f01b
3 changed files with 6 additions and 21 deletions
--- a/builder/dockerfile/internals_windows.go
+++ b/builder/dockerfile/internals_windows.go
@ -12,7 +12,6 @@ import (
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/docker/docker/pkg/system"
 	"github.com/pkg/errors"
 	"golang.org/x/sys/windows"
 )
@ -31,13 +30,7 @@ func getAccountIdentity(builder *Builder, accountName string, ctrRootPath string
 		sid, err := windows.StringToSid(accountName)
 		if err == nil {
-			accountSid, err := sid.String()
+			return idtools.Identity{SID: sid.String()}, nil
 			if err != nil {
 				return idtools.Identity{SID: ""}, errors.Wrapf(err, "error converting SID to string")
 			}
 			return idtools.Identity{SID: accountSid}, nil
 		}
 	}
@ -46,13 +39,7 @@ func getAccountIdentity(builder *Builder, accountName string, ctrRootPath string
 	// If this is a SID that is built-in and hence the same across all systems then use that.
 	if err == nil && (accType == windows.SidTypeAlias || accType == windows.SidTypeWellKnownGroup) {
-		accountSid, err := sid.String()
+		return idtools.Identity{SID: sid.String()}, nil
 		if err != nil {
 			return idtools.Identity{SID: ""}, errors.Wrapf(err, "error converting SID to string")
 		}
 		return idtools.Identity{SID: accountSid}, nil
 	}
 	// Check if the account name is one unique to containers.
--- a/daemon/debugtrap_windows.go
+++ b/daemon/debugtrap_windows.go
@ -5,7 +5,6 @@ import (
 	"os"
 	"unsafe"
 	winio "github.com/Microsoft/go-winio"
 	"github.com/docker/docker/pkg/signal"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/windows"
@ -17,7 +16,7 @@ func (d *Daemon) setupDumpStackTrap(root string) {
 	// signaled. ACL'd to builtin administrators and local system
 	event := "Global\\stackdump-" + fmt.Sprint(os.Getpid())
 	ev, _ := windows.UTF16PtrFromString(event)
-	sd, err := winio.SddlToSecurityDescriptor("D:P(A;;GA;;;BA)(A;;GA;;;SY)")
+	sd, err := windows.SecurityDescriptorFromString("D:P(A;;GA;;;BA)(A;;GA;;;SY)")
 	if err != nil {
 		logrus.Errorf("failed to get security descriptor for debug stackdump event %s: %s", event, err.Error())
 		return
@ -25,7 +24,7 @@ func (d *Daemon) setupDumpStackTrap(root string) {
 	var sa windows.SecurityAttributes
 	sa.Length = uint32(unsafe.Sizeof(sa))
 	sa.InheritHandle = 1
-	sa.SecurityDescriptor = uintptr(unsafe.Pointer(&sd[0]))
+	sa.SecurityDescriptor = sd
 	h, err := windows.CreateEvent(&sa, 0, 0, ev)
 	if h == 0 || err != nil {
 		logrus.Errorf("failed to create debug stackdump event %s: %s", event, err.Error())
--- a/pkg/system/filesys_windows.go
+++ b/pkg/system/filesys_windows.go
@ -11,7 +11,6 @@ import (
 	"time"
 	"unsafe"
 	winio "github.com/Microsoft/go-winio"
 	"golang.org/x/sys/windows"
 )
@ -103,13 +102,13 @@ func mkdirall(path string, applyACL bool, sddl string) error {
 // and Local System.
 func mkdirWithACL(name string, sddl string) error {
 	sa := windows.SecurityAttributes{Length: 0}
-	sd, err := winio.SddlToSecurityDescriptor(sddl)
+	sd, err := windows.SecurityDescriptorFromString(sddl)
 	if err != nil {
 		return &os.PathError{Op: "mkdir", Path: name, Err: err}
 	}
 	sa.Length = uint32(unsafe.Sizeof(sa))
 	sa.InheritHandle = 1
-	sa.SecurityDescriptor = uintptr(unsafe.Pointer(&sd[0]))
+	sa.SecurityDescriptor = sd
 	namep, err := windows.UTF16PtrFromString(name)
 	if err != nil {