mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-29 04:55:31 +00:00
drive: don't allow DELETE on read-only shares
Fixes tailscale/corp#19646 Signed-off-by: Percy Wegmann <percy@tailscale.com>
This commit is contained in:
parent
7455e027e9
commit
2648d475d7
@ -88,11 +88,33 @@ func TestFileManipulation(t *testing.T) {
|
|||||||
s.checkFileContents(remote1, share11, file112)
|
s.checkFileContents(remote1, share11, file112)
|
||||||
|
|
||||||
s.addShare(remote1, share12, drive.PermissionReadOnly)
|
s.addShare(remote1, share12, drive.PermissionReadOnly)
|
||||||
s.writeFile("writing file to read-only remote should fail", remote1, share12, file111, "hello world", false)
|
|
||||||
s.writeFile("writing file to non-existent remote should fail", "non-existent", share11, file111, "hello world", false)
|
s.writeFile("writing file to non-existent remote should fail", "non-existent", share11, file111, "hello world", false)
|
||||||
s.writeFile("writing file to non-existent share should fail", remote1, "non-existent", file111, "hello world", false)
|
s.writeFile("writing file to non-existent share should fail", remote1, "non-existent", file111, "hello world", false)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestPermissions(t *testing.T) {
|
||||||
|
s := newSystem(t)
|
||||||
|
|
||||||
|
s.addRemote(remote1)
|
||||||
|
s.addShare(remote1, share12, drive.PermissionReadOnly)
|
||||||
|
|
||||||
|
s.writeFile("writing file to read-only remote should fail", remote1, share12, file111, "hello world", false)
|
||||||
|
if err := s.client.Mkdir(path.Join(remote1, share12), 0644); err == nil {
|
||||||
|
t.Error("making directory on read-only remote should fail")
|
||||||
|
}
|
||||||
|
|
||||||
|
// Now, write file directly to file system so that we can test permissions
|
||||||
|
// on other operations.
|
||||||
|
s.write(remote1, share12, file111, "hello world")
|
||||||
|
if err := s.client.Remove(pathTo(remote1, share12, file111)); err == nil {
|
||||||
|
t.Error("deleting file from read-only remote should fail")
|
||||||
|
}
|
||||||
|
if err := s.client.Rename(pathTo(remote1, share12, file111), pathTo(remote1, share12, file112), true); err == nil {
|
||||||
|
t.Error("moving file on read-only remote should fail")
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
type local struct {
|
type local struct {
|
||||||
l net.Listener
|
l net.Listener
|
||||||
fs *FileSystemForLocal
|
fs *FileSystemForLocal
|
||||||
@ -324,6 +346,14 @@ func (s *system) read(remoteName, shareName, name string) string {
|
|||||||
return string(b)
|
return string(b)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (s *system) write(remoteName, shareName, name, contents string) {
|
||||||
|
filename := filepath.Join(s.remotes[remoteName].shares[shareName], name)
|
||||||
|
err := os.WriteFile(filename, []byte(contents), 0644)
|
||||||
|
if err != nil {
|
||||||
|
s.t.Fatalf("failed to WriteFile: %s", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func (s *system) readViaWebDAV(remoteName, shareName, name string) string {
|
func (s *system) readViaWebDAV(remoteName, shareName, name string) string {
|
||||||
path := pathTo(remoteName, shareName, name)
|
path := pathTo(remoteName, shareName, name)
|
||||||
b, err := s.client.Read(path)
|
b, err := s.client.Read(path)
|
||||||
|
@ -380,6 +380,7 @@ func (s *userServer) run() error {
|
|||||||
"MKCOL": true,
|
"MKCOL": true,
|
||||||
"MOVE": true,
|
"MOVE": true,
|
||||||
"PROPPATCH": true,
|
"PROPPATCH": true,
|
||||||
|
"DELETE": true,
|
||||||
}
|
}
|
||||||
|
|
||||||
// canSudo checks wether we can sudo -u the configured executable as the
|
// canSudo checks wether we can sudo -u the configured executable as the
|
||||||
|
Loading…
Reference in New Issue
Block a user