Skip to content

fix(win32): use file handles for checking/modifying DACLs #9109

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mgallien merged 2 commits into from
Nov 21, 2025
Merged

fix(win32): use file handles for checking/modifying DACLs #9109

mgallien merged 2 commits into from
Nov 21, 2025

Conversation

@nilsding
Copy link
Member

@nilsding nilsding commented Nov 20, 2025

GetFileSecurityW/SetFileSecurityW can not deal with long paths, even with the special \\?\ prefix.

Since CreateFileW can deal with those paths just fine, refactor the handling of DACLs to make use of a file handle returned by it with GetSecurityInfo/SetSecurityInfo.

This change also resolves an issue seen in #8860 where the access denied ACE would be present more than once.

@nilsding nilsding added this to the 4.0.2 milestone Nov 20, 2025
@nilsding nilsding self-assigned this Nov 20, 2025
@nilsding
Copy link
Member Author

nilsding commented Nov 20, 2025

/backport to stable-4.0

mgallien
mgallien reviewed Nov 20, 2025
View reviewed changes
@nilsding
fix(win32): use file handles for checking/modifying DACLs
3c73225 
`GetFileSecurityW`/`SetFileSecurityW` can not deal with long paths, even
with the special `\\?\` prefix.

Since `CreateFileW` can deal with those paths just fine, refactor the
handling of DACLs to make use of `GetSecurityInfo`/`SetSecurityInfo`.

This change also resolves an issue seen in #8860 where the access denied
ACE would be present more than once.

Signed-off-by: Jyrki Gadinger <nilsding@nilsding.org>
@nilsding
refactor(win32): add specialised unique_ptr variants for HANDLEs and …
4efedfb 
…Win32 buffers

Apparently std::unique_ptr can be made to work with `HANDLE`s and
whatever buffers allocated from the Win32 API need to be freed.  This
allows for much cleaner and safer code.

Some related articles on that topic from "The Old New Thing" blog:
- "Confusing gotcha: PSECURITY_DESCRIPTOR is not a pointer to a
  SECURITY_DESCRIPTOR" (23rd of December 2015)
  https://devblogs.microsoft.com/oldnewthing/20151223-00/?p=92701
- "Why are HANDLE return values so inconsistent?" (2nd of March 2004)
  https://devblogs.microsoft.com/oldnewthing/20040302-00/?p=40443

Signed-off-by: Jyrki Gadinger <nilsding@nilsding.org>
@nilsding nilsding force-pushed the bugfix/noid/max-path-readonly-check branch from 5ce80af to 4efedfb Compare November 21, 2025 10:45
@github-actions
Copy link

github-actions bot commented Nov 21, 2025

Artifact containing the AppImage: nextcloud-appimage-pr-9109.zip

Digest: sha256:4d5a209cfdb6212cfe17b72363b50d83c66a3390abd4ecc426bc253b341fdc86

To test this change/fix you can download the above artifact file, unzip it, and run it.

Please make sure to quit your existing Nextcloud app and backup your data.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 21, 2025

Quality Gate Failed Quality Gate failed

Failed conditions
93 New Code Smells (required ≤ 0)
D Maintainability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

@mgallien mgallien merged commit 7ce3b84 into master Nov 21, 2025
21 of 22 checks passed
@mgallien mgallien deleted the bugfix/noid/max-path-readonly-check branch November 21, 2025 15:26
@backportbot backportbot bot mentioned this pull request Nov 21, 2025
Merged
@mgallien mgallien modified the milestones: 4.0.2, 4.1.0 Nov 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mgallien mgallien mgallien approved these changes

@Aiiaiiio Aiiaiiio Awaiting requested review from Aiiaiiio Aiiaiiio is a code owner

@camilasan camilasan Awaiting requested review from camilasan camilasan is a code owner

@i2h3 i2h3 Awaiting requested review from i2h3 i2h3 is a code owner

Assignees

@nilsding nilsding

Labels

3. to review os: 🚪 Windows

Projects

None yet

Milestone

4.1.0

Development

Successfully merging this pull request may close these issues.

3 participants

@nilsding @mgallien