From a4dd5c36780312a3dc717b4eefcb28ad4a3f0303 Mon Sep 17 00:00:00 2001 From: OpenAI Date: Sat, 30 May 2026 17:55:44 +0000 Subject: [PATCH] tests: record AFP trustee access privileges smoke success --- TODO.md | 25 ++++++++++++++++++++++--- tests/linux/README.md | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+), 3 deletions(-) diff --git a/TODO.md b/TODO.md index c3794ae..a6f76ed 100644 --- a/TODO.md +++ b/TODO.md @@ -418,9 +418,11 @@ Refactor/wrapper follow-up: `st_atime`/`utime()` path, and Create/Backup through the existing `nwarchive.c` metadata helpers. - Normalize Get/Scan File Information so each field comes from the existing - mars_nwe source of truth where possible: NetWare attributes, effective rights, - file size, timestamps, owner information, archive date/time, FinderInfo, - resource-fork size, and Entry ID/CNID metadata. + mars_nwe source of truth where possible: NetWare attributes, file size, + timestamps, owner information, archive date/time, FinderInfo, resource-fork + size, and Entry ID/CNID metadata. AccessPrivileges are now derived from + `tru_get_eff_rights()` instead of static AFP masks and have readonly smoke + coverage under a temporary `[RF]` trustee assignment. - Revisit Scan File Information after the resolver work and prefer mars_nwe's existing directory/search machinery over the current AFP-local directory walk for search attributes, namespace filtering, and multi-record replies. @@ -550,3 +552,20 @@ bitmap `0x0800`, both for epoch `1700000000` with the returned AFP date `user.org.mars-nwe.netware.fileinfo=0x01036e57aab90000000000000000`, while Access Date/Time remained on the normal file `atime` path and did not create an AFP metadata xattr. + +AFP Get/Scan AccessPrivileges convergence: + +- AFP Get File Information and AFP Scan File Information now use the same + trustee/effective-rights source when filling the WebSDK AccessPrivileges + word. The old static file/directory masks have been replaced with mapping + from `tru_get_eff_rights()` to Read, Write, Open, Create, Delete, Parental, + Search, and Modify File Status Flags. +- File-level readonly attributes still suppress write/delete style AFP + privileges for file replies, while directories expose directory-appropriate + parental/search/status bits based on the effective trustee rights. +- Runtime status: the AFP smoke suite verified the mapping with + `--readonly-user NOPASSUSER --readonly-no-password --prepare-readonly-rights`. + The suite granted `[RF]` on `SYS:PUBLIC/pmdflts.ini`, confirmed the readonly + Get File Information probe reported `rights=0x0500`, checked that Read was + set and Write/Modify Status were clear, then revoked the temporary trustee + assignment. The same run ended with `failures=0`. diff --git a/tests/linux/README.md b/tests/linux/README.md index 519cf86..6ccb5ab 100644 --- a/tests/linux/README.md +++ b/tests/linux/README.md @@ -459,6 +459,46 @@ The server replies with the read-only AFP file information record currently implemented by mars_nwe: Entry ID, Parent ID, attributes, data/resource fork lengths, offspring count, fixed long/short names, and access rights. + +### AFP Get/Scan AccessPrivileges smoke + +AFP Get File Information and AFP Scan File Information now derive the +`AccessPrivileges` word from mars_nwe trustee/effective-rights state instead +of returning the old static compatibility masks. The WebSDK AccessPrivileges +bits exposed by the smoke helpers are: + +```text +0x0100 Read +0x0200 Write +0x0400 Open +0x0800 Create +0x1000 Delete +0x2000 Parental +0x4000 Search +0x8000 Modify File Status Flags +``` + +The AFP smoke suite exercises this with the same readonly trustee setup used by +the metadata negative tests. With `--readonly-user NOPASSUSER`, +`--readonly-no-password`, and `--prepare-readonly-rights`, the suite grants +`[RF]` on `SYS:PUBLIC/pmdflts.ini` and verifies that Get File Information +reports readable/openable rights while write and modify-status rights are not +set: + +```sh +./afp_file_info_smoke \ + --expect-rights-set 0x0100 \ + --expect-rights-clear 0x9200 \ + -S MARS -U NOPASSUSER -n \ + SYS:PUBLIC/pmdflts.ini +``` + +Runtime status: the trustee-derived AccessPrivileges smoke run is verified +with `failures=0`. The report showed the Supervisor Get/Scan replies returning +`rights=0x9f00`, while the readonly `NOPASSUSER` probe returned `rights=0x0500` +under the temporary `[RF]` trustee assignment and satisfied the set/clear mask +checks. + Useful smoke cases for a standard MARS-NWE `SYS` volume are: ```sh