1 files changed, 24 insertions, 12 deletions

diff --git a/tunnel/firewall/helpers.go b/tunnel/firewall/helpers.go
index abb2684c..04e5c664 100644
--- a/tunnel/firewall/helpers.go
+++ b/tunnel/firewall/helpers.go
@@ -71,8 +71,9 @@ func wrapErr(err error) error {
 	return fmt.Errorf("Firewall error at %s:%d: %v", file, line, err)
 }
 
-func getCurrentProcessSecurityDescriptor() (*wtFwpByteBlob, error) {
-	processToken, err := windows.OpenCurrentProcessToken()
+func getCurrentProcessSecurityDescriptor() (*windows.SECURITY_DESCRIPTOR, error) {
+	var processToken windows.Token
+	err := windows.OpenProcessToken(windows.GetCurrentProcess(), windows.TOKEN_QUERY, &processToken)
 	if err != nil {
 		return nil, wrapErr(err)
 	}
@@ -99,21 +100,32 @@ func getCurrentProcessSecurityDescriptor() (*wtFwpByteBlob, error) {
 		return nil, wrapErr(windows.ERROR_NO_SUCH_GROUP)
 	}
 
-	access := &wtExplicitAccess{
-		accessPermissions: cFWP_ACTRL_MATCH_FILTER,
-		accessMode:        cGRANT_ACCESS,
-		trustee: wtTrustee{
-			trusteeForm: cTRUSTEE_IS_SID,
-			trusteeType: cTRUSTEE_IS_GROUP,
-			sid:         sid,
+	access := []windows.EXPLICIT_ACCESS{{
+		AccessPermissions: cFWP_ACTRL_MATCH_FILTER,
+		AccessMode:        windows.GRANT_ACCESS,
+		Trustee: windows.TRUSTEE{
+			TrusteeForm:  windows.TRUSTEE_IS_SID,
+			TrusteeType:  windows.TRUSTEE_IS_GROUP,
+			TrusteeValue: windows.TrusteeValueFromSID(sid),
 		},
+	}}
+	dacl, err := windows.ACLFromEntries(access, nil)
+	if err != nil {
+		return nil, wrapErr(err)
+	}
+	sd, err := windows.NewSecurityDescriptor()
+	if err != nil {
+		return nil, wrapErr(err)
+	}
+	err = sd.SetDACL(dacl, true, false)
+	if err != nil {
+		return nil, wrapErr(err)
 	}
-	blob := &wtFwpByteBlob{}
-	err = buildSecurityDescriptor(nil, nil, 1, access, 0, nil, nil, &blob.size, &blob.data)
+	sd, err = sd.ToSelfRelative()
 	if err != nil {
 		return nil, wrapErr(err)
 	}
-	return blob, nil
+	return sd, nil
 }
 
 func getCurrentProcessAppID() (*wtFwpByteBlob, error) {