close
Skip to content

fix(win32): use file handles for checking/modifying DACLs#9109

Merged
mgallien merged 2 commits into
masterfrom
bugfix/noid/max-path-readonly-check
Nov 21, 2025
Merged

fix(win32): use file handles for checking/modifying DACLs#9109
mgallien merged 2 commits into
masterfrom
bugfix/noid/max-path-readonly-check

Conversation

@nilsding
Copy link
Copy Markdown
Member

@nilsding nilsding commented Nov 20, 2025

GetFileSecurityW/SetFileSecurityW can not deal with long paths, even with the special \\?\ prefix.

Since CreateFileW can deal with those paths just fine, refactor the handling of DACLs to make use of a file handle returned by it with GetSecurityInfo/SetSecurityInfo.

This change also resolves an issue seen in #8860 where the access denied ACE would be present more than once.

@nilsding nilsding added this to the 4.0.2 milestone Nov 20, 2025
@nilsding nilsding self-assigned this Nov 20, 2025
@nilsding
Copy link
Copy Markdown
Member Author

nilsding commented Nov 20, 2025

/backport to stable-4.0

mgallien
mgallien reviewed Nov 20, 2025
View reviewed changes
Comment thread src/common/filesystembase.cpp Outdated
@nilsding
fix(win32): use file handles for checking/modifying DACLs
3c73225 
`GetFileSecurityW`/`SetFileSecurityW` can not deal with long paths, even
with the special `\\?\` prefix.

Since `CreateFileW` can deal with those paths just fine, refactor the
handling of DACLs to make use of `GetSecurityInfo`/`SetSecurityInfo`.

This change also resolves an issue seen in #8860 where the access denied
ACE would be present more than once.

Signed-off-by: Jyrki Gadinger <nilsding@nilsding.org>
@nilsding
refactor(win32): add specialised unique_ptr variants for HANDLEs and …
4efedfb 
…Win32 buffers

Apparently std::unique_ptr can be made to work with `HANDLE`s and
whatever buffers allocated from the Win32 API need to be freed.  This
allows for much cleaner and safer code.

Some related articles on that topic from "The Old New Thing" blog:
- "Confusing gotcha: PSECURITY_DESCRIPTOR is not a pointer to a
  SECURITY_DESCRIPTOR" (23rd of December 2015)
  https://devblogs.microsoft.com/oldnewthing/20151223-00/?p=92701
- "Why are HANDLE return values so inconsistent?" (2nd of March 2004)
  https://devblogs.microsoft.com/oldnewthing/20040302-00/?p=40443

Signed-off-by: Jyrki Gadinger <nilsding@nilsding.org>
@nilsding nilsding force-pushed the bugfix/noid/max-path-readonly-check branch from 5ce80af to 4efedfb Compare November 21, 2025 10:45
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Nov 21, 2025

Artifact containing the AppImage: nextcloud-appimage-pr-9109.zip

Digest: sha256:4d5a209cfdb6212cfe17b72363b50d83c66a3390abd4ecc426bc253b341fdc86

To test this change/fix you can download the above artifact file, unzip it, and run it.

Please make sure to quit your existing Nextcloud app and backup your data.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Nov 21, 2025

Quality Gate Failed Quality Gate failed

Failed conditions
BERJAYA 93 New Code Smells (required ≤ 0)
BERJAYA D Maintainability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

BERJAYA Catch issues before they fail your Quality Gate with our IDE extension BERJAYA SonarQube for IDE

@mgallien mgallien merged commit 7ce3b84 into master Nov 21, 2025
21 of 22 checks passed
@mgallien mgallien deleted the bugfix/noid/max-path-readonly-check branch November 21, 2025 15:26
@backportbot backportbot Bot mentioned this pull request Nov 21, 2025
Merged
@mgallien mgallien modified the milestones: 4.0.2, 4.1.0 Nov 24, 2025
@nilsding nilsding mentioned this pull request Feb 25, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mgallien mgallien mgallien approved these changes

@Aiiaiiio Aiiaiiio Awaiting requested review from Aiiaiiio

@camilasan camilasan Awaiting requested review from camilasan camilasan is a code owner

@i2h3 i2h3 Awaiting requested review from i2h3 i2h3 is a code owner

Assignees

@nilsding nilsding

Labels

3. to review os: 🚪 Windows

Projects

None yet

Milestone

33.0.0

Development

Successfully merging this pull request may close these issues.

2 participants

@nilsding @mgallien