mirror of
https://github.com/restic/restic.git
synced 2024-12-23 00:07:25 +00:00
fs: fix error handling for retried get/set of security descriptor
The retry code path did not filter `ERROR_NOT_SUPPORTED`. Just call the original function a second time to correctly follow the low privilege code path.
This commit is contained in:
parent
6fbfccc2d3
commit
9c70794886
1 changed files with 2 additions and 8 deletions
|
@ -59,10 +59,7 @@ func GetSecurityDescriptor(filePath string) (securityDescriptor *[]byte, err err
|
||||||
if !useLowerPrivileges && isHandlePrivilegeNotHeldError(err) {
|
if !useLowerPrivileges && isHandlePrivilegeNotHeldError(err) {
|
||||||
// If ERROR_PRIVILEGE_NOT_HELD is encountered, fallback to backups/restores using lower non-admin privileges.
|
// If ERROR_PRIVILEGE_NOT_HELD is encountered, fallback to backups/restores using lower non-admin privileges.
|
||||||
lowerPrivileges.Store(true)
|
lowerPrivileges.Store(true)
|
||||||
sd, err = getNamedSecurityInfoLow(filePath)
|
return GetSecurityDescriptor(filePath)
|
||||||
if err != nil {
|
|
||||||
return nil, fmt.Errorf("get low-level named security info failed with: %w", err)
|
|
||||||
}
|
|
||||||
} else if errors.Is(err, windows.ERROR_NOT_SUPPORTED) {
|
} else if errors.Is(err, windows.ERROR_NOT_SUPPORTED) {
|
||||||
return nil, nil
|
return nil, nil
|
||||||
} else {
|
} else {
|
||||||
|
@ -123,10 +120,7 @@ func SetSecurityDescriptor(filePath string, securityDescriptor *[]byte) error {
|
||||||
if !useLowerPrivileges && isHandlePrivilegeNotHeldError(err) {
|
if !useLowerPrivileges && isHandlePrivilegeNotHeldError(err) {
|
||||||
// If ERROR_PRIVILEGE_NOT_HELD is encountered, fallback to backups/restores using lower non-admin privileges.
|
// If ERROR_PRIVILEGE_NOT_HELD is encountered, fallback to backups/restores using lower non-admin privileges.
|
||||||
lowerPrivileges.Store(true)
|
lowerPrivileges.Store(true)
|
||||||
err = setNamedSecurityInfoLow(filePath, dacl)
|
return SetSecurityDescriptor(filePath, securityDescriptor)
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("set low-level named security info failed with: %w", err)
|
|
||||||
}
|
|
||||||
} else {
|
} else {
|
||||||
return fmt.Errorf("set named security info failed with: %w", err)
|
return fmt.Errorf("set named security info failed with: %w", err)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue