mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-25 19:15:34 +00:00
drive: don't allow DELETE on read-only shares
Fixes tailscale/corp#19646 Signed-off-by: Percy Wegmann <percy@tailscale.com>
This commit is contained in:
parent
7455e027e9
commit
2648d475d7
@ -88,11 +88,33 @@ func TestFileManipulation(t *testing.T) {
|
||||
s.checkFileContents(remote1, share11, file112)
|
||||
|
||||
s.addShare(remote1, share12, drive.PermissionReadOnly)
|
||||
s.writeFile("writing file to read-only remote should fail", remote1, share12, file111, "hello world", false)
|
||||
s.writeFile("writing file to non-existent remote should fail", "non-existent", share11, file111, "hello world", false)
|
||||
s.writeFile("writing file to non-existent share should fail", remote1, "non-existent", file111, "hello world", false)
|
||||
}
|
||||
|
||||
func TestPermissions(t *testing.T) {
|
||||
s := newSystem(t)
|
||||
|
||||
s.addRemote(remote1)
|
||||
s.addShare(remote1, share12, drive.PermissionReadOnly)
|
||||
|
||||
s.writeFile("writing file to read-only remote should fail", remote1, share12, file111, "hello world", false)
|
||||
if err := s.client.Mkdir(path.Join(remote1, share12), 0644); err == nil {
|
||||
t.Error("making directory on read-only remote should fail")
|
||||
}
|
||||
|
||||
// Now, write file directly to file system so that we can test permissions
|
||||
// on other operations.
|
||||
s.write(remote1, share12, file111, "hello world")
|
||||
if err := s.client.Remove(pathTo(remote1, share12, file111)); err == nil {
|
||||
t.Error("deleting file from read-only remote should fail")
|
||||
}
|
||||
if err := s.client.Rename(pathTo(remote1, share12, file111), pathTo(remote1, share12, file112), true); err == nil {
|
||||
t.Error("moving file on read-only remote should fail")
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
type local struct {
|
||||
l net.Listener
|
||||
fs *FileSystemForLocal
|
||||
@ -324,6 +346,14 @@ func (s *system) read(remoteName, shareName, name string) string {
|
||||
return string(b)
|
||||
}
|
||||
|
||||
func (s *system) write(remoteName, shareName, name, contents string) {
|
||||
filename := filepath.Join(s.remotes[remoteName].shares[shareName], name)
|
||||
err := os.WriteFile(filename, []byte(contents), 0644)
|
||||
if err != nil {
|
||||
s.t.Fatalf("failed to WriteFile: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
func (s *system) readViaWebDAV(remoteName, shareName, name string) string {
|
||||
path := pathTo(remoteName, shareName, name)
|
||||
b, err := s.client.Read(path)
|
||||
|
@ -380,6 +380,7 @@ func (s *userServer) run() error {
|
||||
"MKCOL": true,
|
||||
"MOVE": true,
|
||||
"PROPPATCH": true,
|
||||
"DELETE": true,
|
||||
}
|
||||
|
||||
// canSudo checks wether we can sudo -u the configured executable as the
|
||||
|
Loading…
Reference in New Issue
Block a user