archive
/
tailscale
mirror of https://github.com/tailscale/tailscale/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

drive: don't allow DELETE on read-only shares

Browse Source 
Fixes tailscale/corp#19646

Signed-off-by: Percy Wegmann <percy@tailscale.com>
pull/11949/head
Percy Wegmann 1 month ago
parent 7455e027e9
commit a3de105f0e
No known key found for this signature in database
GPG Key ID: 29D8CDEB4C13D48B
2 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File

32
drive/driveimpl/drive_test.go
Unescape Escape View File

@ -88,11 +88,33 @@ func TestFileManipulation(t *testing.T) {
s.checkFileContents(remote1, share11, file112)
s.addShare(remote1, share12, drive.PermissionReadOnly)
s.writeFile("writing file to read-only remote should fail", remote1, share12, file111, "hello world", false)
s.writeFile("writing file to non-existent remote should fail", "non-existent", share11, file111, "hello world", false)
s.writeFile("writing file to non-existent share should fail", remote1, "non-existent", file111, "hello world", false)
}
func TestPermissions(t *testing.T) {
s := newSystem(t)
s.addRemote(remote1)
s.addShare(remote1, share12, drive.PermissionReadOnly)
s.writeFile("writing file to read-only remote should fail", remote1, share12, file111, "hello world", false)
if err := s.client.Mkdir(path.Join(remote1, share12), 0644); err == nil {
t.Error("making directory on read-only remote should fail")
}
// Now, write file directly to file system so that we can test permissions
// on other operations.
s.write(remote1, share12, file111, "hello world")
if err := s.client.Remove(pathTo(remote1, share12, file111)); err == nil {
t.Error("deleting file from read-only remote should fail")
}
if err := s.client.Rename(pathTo(remote1, share12, file111), pathTo(remote1, share12, file112), true); err == nil {
t.Error("moving file on read-only remote should fail")
}
}
type local struct {
l net.Listener
fs *FileSystemForLocal
@ -324,6 +346,14 @@ func (s *system) read(remoteName, shareName, name string) string {
return string(b)
}
func (s *system) write(remoteName, shareName, name, contents string) {
filename := filepath.Join(s.remotes[remoteName].shares[shareName], name)
err := os.WriteFile(filename, []byte(contents), 0644)
if err != nil {
s.t.Fatalf("failed to WriteFile: %s", err)
}
}
func (s *system) readViaWebDAV(remoteName, shareName, name string) string {
path := pathTo(remoteName, shareName, name)
b, err := s.client.Read(path)

1
drive/driveimpl/remote_impl.go
Unescape Escape View File

@ -380,6 +380,7 @@ var writeMethods = map[string]bool{
"MKCOL": true,
"MOVE": true,
"PROPPATCH": true,
"DELETE": true,
}
// canSudo checks wether we can sudo -u the configured executable as the

Write Preview
Loading…
Cancel
Save