1
0
Fork 0
mirror of https://github.com/restic/restic.git synced 2024-12-23 00:07:25 +00:00

fs: fix error handling for retried get/set of security descriptor

The retry code path did not filter `ERROR_NOT_SUPPORTED`. Just call the
original function a second time to correctly follow the low privilege
code path.
This commit is contained in:
Michael Eischer 2024-08-26 19:36:43 +02:00
parent 6fbfccc2d3
commit 9c70794886

View file

@ -59,10 +59,7 @@ func GetSecurityDescriptor(filePath string) (securityDescriptor *[]byte, err err
if !useLowerPrivileges && isHandlePrivilegeNotHeldError(err) { if !useLowerPrivileges && isHandlePrivilegeNotHeldError(err) {
// If ERROR_PRIVILEGE_NOT_HELD is encountered, fallback to backups/restores using lower non-admin privileges. // If ERROR_PRIVILEGE_NOT_HELD is encountered, fallback to backups/restores using lower non-admin privileges.
lowerPrivileges.Store(true) lowerPrivileges.Store(true)
sd, err = getNamedSecurityInfoLow(filePath) return GetSecurityDescriptor(filePath)
if err != nil {
return nil, fmt.Errorf("get low-level named security info failed with: %w", err)
}
} else if errors.Is(err, windows.ERROR_NOT_SUPPORTED) { } else if errors.Is(err, windows.ERROR_NOT_SUPPORTED) {
return nil, nil return nil, nil
} else { } else {
@ -123,10 +120,7 @@ func SetSecurityDescriptor(filePath string, securityDescriptor *[]byte) error {
if !useLowerPrivileges && isHandlePrivilegeNotHeldError(err) { if !useLowerPrivileges && isHandlePrivilegeNotHeldError(err) {
// If ERROR_PRIVILEGE_NOT_HELD is encountered, fallback to backups/restores using lower non-admin privileges. // If ERROR_PRIVILEGE_NOT_HELD is encountered, fallback to backups/restores using lower non-admin privileges.
lowerPrivileges.Store(true) lowerPrivileges.Store(true)
err = setNamedSecurityInfoLow(filePath, dacl) return SetSecurityDescriptor(filePath, securityDescriptor)
if err != nil {
return fmt.Errorf("set low-level named security info failed with: %w", err)
}
} else { } else {
return fmt.Errorf("set named security info failed with: %w", err) return fmt.Errorf("set named security info failed with: %w", err)
} }