drive: don't allow DELETE on read-only shares

Fixes tailscale/corp#19646 Signed-off-by: Percy Wegmann <percy@tailscale.com> (cherry picked from commit 2648d475d7) Signed-off-by: Percy Wegmann <percy@tailscale.com>
VERSION.txt: this is v1.64.2
2024-05-01 12:42:49 -05:00 · 2024-04-17 13:08:36 +00:00 · 2024-04-15 17:10:28 +00:00 · 2024-04-15 09:49:54 -07:00 · 2024-04-11 17:29:54 +00:00
4 changed files with 50 additions and 5 deletions
--- a/VERSION.txt
+++ b/VERSION.txt
@@ -1 +1 @@
-1.63.0
+1.64.2
--- a/drive/driveimpl/drive_test.go
+++ b/drive/driveimpl/drive_test.go
@@ -82,12 +82,33 @@ func TestFileManipulation(t *testing.T) {
 	s.checkFileContents(remote1, share11, file111)

 	s.addShare(remote1, share12, drive.PermissionReadOnly)
-	s.writeFile("writing file to read-only remote should fail", remote1, share12, file111, "hello world", false)
-
 	s.writeFile("writing file to non-existent remote should fail", "non-existent", share11, file111, "hello world", false)
 	s.writeFile("writing file to non-existent share should fail", remote1, "non-existent", file111, "hello world", false)
 }

+func TestPermissions(t *testing.T) {
+	s := newSystem(t)
+
+	s.addRemote(remote1)
+	s.addShare(remote1, share12, drive.PermissionReadOnly)
+
+	s.writeFile("writing file to read-only remote should fail", remote1, share12, file111, "hello world", false)
+	if err := s.client.Mkdir(path.Join(remote1, share12), 0644); err == nil {
+		t.Error("making directory on read-only remote should fail")
+	}
+
+	// Now, write file directly to file system so that we can test permissions
+	// on other operations.
+	s.write(remote1, share12, file111, "hello world")
+	if err := s.client.Remove(pathTo(remote1, share12, file111)); err == nil {
+		t.Error("deleting file from read-only remote should fail")
+	}
+	if err := s.client.Rename(pathTo(remote1, share12, file111), pathTo(remote1, share12, "another"), true); err == nil {
+		t.Error("moving file on read-only remote should fail")
+	}
+
+}
+
 type local struct {
 	l  net.Listener
 	fs *FileSystemForLocal
@@ -308,6 +329,14 @@ func (s *system) read(remoteName, shareName, name string) string {
 	return string(b)
 }

+func (s *system) write(remoteName, shareName, name, contents string) {
+	filename := filepath.Join(s.remotes[remoteName].shares[shareName], name)
+	err := os.WriteFile(filename, []byte(contents), 0644)
+	if err != nil {
+		s.t.Fatalf("failed to WriteFile: %s", err)
+	}
+}
+
 func (s *system) readViaWebDAV(remoteName, shareName, name string) string {
 	path := pathTo(remoteName, shareName, name)
 	b, err := s.client.Read(path)
--- a/drive/driveimpl/remote_impl.go
+++ b/drive/driveimpl/remote_impl.go
@@ -380,6 +380,7 @@ var writeMethods = map[string]bool{
 	"MKCOL":     true,
 	"MOVE":      true,
 	"PROPPATCH": true,
+	"DELETE":    true,
 }

 // canSudo checks wether we can sudo -u the configured executable as the
--- a/wgengine/router/router_linux.go
+++ b/wgengine/router/router_linux.go
@@ -469,7 +469,7 @@ func (r *linuxRouter) UpdateMagicsockPort(port uint16, network string) error {
 // reflect the new mode, and r.snatSubnetRoutes is updated to reflect
 // the current state of subnet SNATing.
 func (r *linuxRouter) setNetfilterMode(mode preftype.NetfilterMode) error {
-	if distro.Get() == distro.Synology {
+	if !platformCanNetfilter() {
 		mode = netfilterOff
 	}

@@ -1396,11 +1396,26 @@ func normalizeCIDR(cidr netip.Prefix) string {
 	return cidr.Masked().String()
 }

+// platformCanNetfilter reports whether the current distro/environment supports
+// running iptables/nftables commands.
+func platformCanNetfilter() bool {
+	switch distro.Get() {
+	case distro.Synology:
+		// Synology doesn't support iptables or nftables. Attempting to run it
+		// just blocks for a long time while it logs about failures.
+		//
+		// See https://github.com/tailscale/tailscale/issues/11737 for one such
+		// prior regression where we tried to run iptables on Synology.
+		return false
+	}
+	return true
+}
+
 // cleanUp removes all the rules and routes that were added by the linux router.
 // The function calls cleanUp for both iptables and nftables since which ever
 // netfilter runner is used, the cleanUp function for the other one doesn't do anything.
 func cleanUp(logf logger.Logf, interfaceName string) {
-	if interfaceName != "userspace-networking" {
+	if interfaceName != "userspace-networking" && platformCanNetfilter() {
 		linuxfw.IPTablesCleanUp(logf)
 		linuxfw.NfTablesCleanUp(logf)
 	}
Author	SHA1	Message	Date
Percy Wegmann	9300c8effe	drive: don't allow DELETE on read-only shares Fixes tailscale/corp#19646 Signed-off-by: Percy Wegmann <percy@tailscale.com> (cherry picked from commit `2648d475d7`) Signed-off-by: Percy Wegmann <percy@tailscale.com>	2024-05-01 12:42:49 -05:00
Jenny Zhang	ede81e2669	VERSION.txt: this is v1.64.2 Signed-off-by: Jenny Zhang <jz@tailscale.com>	2024-04-17 13:08:36 +00:00
Jenny Zhang	02a96c8d7c	VERSION.txt: this is v1.64.1 Signed-off-by: Jenny Zhang <jz@tailscale.com>	2024-04-15 17:10:28 +00:00
Brad Fitzpatrick	ab4f9d2514	wgengine/router: don't attempt route cleanup on Synology Trying to run iptables/nftables on Synology pauses for minutes with lots of errors and ultimately does nothing as it's not used and we lack permissions. This fixes a regression from `db760d0bac` (#11601) that landed between Synology testing on unstable 1.63.110 and 1.64.0 being cut. Fixes #11737 Change-Id: Iaf9563363b8e45319a9b6fe94c8d5ffaecc9ccef Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit `952e06aa46`)	2024-04-15 09:49:54 -07:00
Jenny Zhang	78dc8622d7	VERSION.txt: this is v1.64.0 Signed-off-by: Jenny Zhang <jz@tailscale.com>	2024-04-11 17:29:54 +00:00
@@ -1 +1 @@
 .63.0
 .64.2