From ac5bc7c2f97eae7ebfe3526f1b1b0e4ebfcb82f4 Mon Sep 17 00:00:00 2001
From: Michael Eischer <michael.eischer@fau.de>
Date: Mon, 26 Aug 2024 19:36:43 +0200
Subject: [PATCH] fs: fix error handling for retried get/set of security
 descriptor

The retry code path did not filter `ERROR_NOT_SUPPORTED`. Just call the
original function a second time to correctly follow the low privilege
code path.
---
 internal/fs/sd_windows.go | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/internal/fs/sd_windows.go b/internal/fs/sd_windows.go
index bccf74992..0004f1809 100644
--- a/internal/fs/sd_windows.go
+++ b/internal/fs/sd_windows.go
@@ -59,10 +59,7 @@ func GetSecurityDescriptor(filePath string) (securityDescriptor *[]byte, err err
 		if !useLowerPrivileges && isHandlePrivilegeNotHeldError(err) {
 			// If ERROR_PRIVILEGE_NOT_HELD is encountered, fallback to backups/restores using lower non-admin privileges.
 			lowerPrivileges.Store(true)
-			sd, err = getNamedSecurityInfoLow(filePath)
-			if err != nil {
-				return nil, fmt.Errorf("get low-level named security info failed with: %w", err)
-			}
+			return GetSecurityDescriptor(filePath)
 		} else if errors.Is(err, windows.ERROR_NOT_SUPPORTED) {
 			return nil, nil
 		} else {
@@ -123,10 +120,7 @@ func SetSecurityDescriptor(filePath string, securityDescriptor *[]byte) error {
 		if !useLowerPrivileges && isHandlePrivilegeNotHeldError(err) {
 			// If ERROR_PRIVILEGE_NOT_HELD is encountered, fallback to backups/restores using lower non-admin privileges.
 			lowerPrivileges.Store(true)
-			err = setNamedSecurityInfoLow(filePath, dacl)
-			if err != nil {
-				return fmt.Errorf("set low-level named security info failed with: %w", err)
-			}
+			return SetSecurityDescriptor(filePath, securityDescriptor)
 		} else {
 			return fmt.Errorf("set named security info failed with: %w", err)
 		}