TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2024-11-25 19:15:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

drive: don't allow DELETE on read-only shares

Browse Source 
Fixes tailscale/corp#19646

Signed-off-by: Percy Wegmann <percy@tailscale.com>
This commit is contained in:
Percy Wegmann 2024-04-30 20:31:49 -05:00 committed by Percy Wegmann
parent 7455e027e9
commit 2648d475d7
2 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
drive/driveimpl/drive_test.go
View File

@ -88,11 +88,33 @@ func TestFileManipulation(t *testing.T) {
s.checkFileContents(remote1, share11, file112) s.checkFileContents(remote1, share11, file112)
s.addShare(remote1, share12, drive.PermissionReadOnly) s.addShare(remote1, share12, drive.PermissionReadOnly)
s.writeFile("writing file to read-only remote should fail", remote1, share12, file111, "hello world", false)
s.writeFile("writing file to non-existent remote should fail", "non-existent", share11, file111, "hello world", false) s.writeFile("writing file to non-existent remote should fail", "non-existent", share11, file111, "hello world", false)
s.writeFile("writing file to non-existent share should fail", remote1, "non-existent", file111, "hello world", false) s.writeFile("writing file to non-existent share should fail", remote1, "non-existent", file111, "hello world", false)
} }
func TestPermissions(t *testing.T) {
s := newSystem(t)
s.addRemote(remote1)
s.addShare(remote1, share12, drive.PermissionReadOnly)
s.writeFile("writing file to read-only remote should fail", remote1, share12, file111, "hello world", false)
if err := s.client.Mkdir(path.Join(remote1, share12), 0644); err == nil {
t.Error("making directory on read-only remote should fail")
}
// Now, write file directly to file system so that we can test permissions
// on other operations.
s.write(remote1, share12, file111, "hello world")
if err := s.client.Remove(pathTo(remote1, share12, file111)); err == nil {
t.Error("deleting file from read-only remote should fail")
}
if err := s.client.Rename(pathTo(remote1, share12, file111), pathTo(remote1, share12, file112), true); err == nil {
t.Error("moving file on read-only remote should fail")
}
}
type local struct { type local struct {
l net.Listener l net.Listener
fs *FileSystemForLocal fs *FileSystemForLocal
@ -324,6 +346,14 @@ func (s *system) read(remoteName, shareName, name string) string {
return string(b) return string(b)
} }
func (s *system) write(remoteName, shareName, name, contents string) {
filename := filepath.Join(s.remotes[remoteName].shares[shareName], name)
err := os.WriteFile(filename, []byte(contents), 0644)
if err != nil {
s.t.Fatalf("failed to WriteFile: %s", err)
}
}
func (s *system) readViaWebDAV(remoteName, shareName, name string) string { func (s *system) readViaWebDAV(remoteName, shareName, name string) string {
path := pathTo(remoteName, shareName, name) path := pathTo(remoteName, shareName, name)
b, err := s.client.Read(path) b, err := s.client.Read(path)

1
drive/driveimpl/remote_impl.go
View File

@ -380,6 +380,7 @@ func (s *userServer) run() error {
"MKCOL": true, "MKCOL": true,
"MOVE": true, "MOVE": true,
"PROPPATCH": true, "PROPPATCH": true,
"DELETE": true,
} }
// canSudo checks wether we can sudo -u the configured executable as the // canSudo checks wether we can sudo -u the configured executable as the