nwconn: gate AFP metadata writes with Modify rights
All checks were successful
Source release / source-package (push) Successful in 54s
All checks were successful
Source release / source-package (push) Successful in 54s
AFP Set File Information intentionally stores some Apple-specific metadata in mars_nwe-owned xattrs because FinderInfo and the narrow Invisible/System AFP bits do not have a complete NetWare-side representation yet. Those xattrs are storage details, however, and should not let the AFP adapter bypass the same NetWare policy that protects ordinary metadata changes. Add a small Modify-rights gate for AFP-specific metadata writes after the path-backed request has been resolved to a mars_nwe volume and Unix node. The check uses the existing trustee/effective-rights helper with TRUSTEE_M before writing FinderInfo or AFP-only attribute xattrs. Archive remains routed through the NetWare FILE_ATTR_A attribute helper, and Modify timestamp remains routed through nw_utime_node(), so their existing mars_nwe policy paths are unchanged. This keeps the WebSDK/NWAFP Set File Information handler as an Apple-facing adapter over existing mars_nwe access control rather than a parallel metadata writer. It also documents the convergence rule in TODO.md so later Create, Rename, and Delete work can continue to prefer existing NetWare helpers or thin wrappers over duplicated AFP-local file server logic. Tests: git diff --check TODO: add non-SUPERVISOR negative smoke coverage for missing Modify rights once a stable low-privilege test user and trustee setup are available.
This commit is contained in:
OpenAI
Mario Fetka
@@ -87,6 +87,17 @@ collected separately. Use `--stop-on-failure` for strict bisect-style runs; by
|
||||
default the script keeps going so one failing endpoint does not hide later AFP
|
||||
output from the report.
|
||||
|
||||
AFP metadata writes and NetWare Modify rights:
|
||||
|
||||
FinderInfo and AFP-only attribute metadata are stored in `org.mars-nwe.afp.*`
|
||||
xattrs, but those writes are still file metadata changes. The Set File
|
||||
Information handler now resolves the target through the normal mars_nwe path and
|
||||
checks the existing NetWare Modify trustee policy before updating FinderInfo or
|
||||
AFP-only Invisible/System metadata. Archive uses the existing NetWare attribute
|
||||
path, and Modify timestamp uses `nw_utime_node()`, so the smoke suite should
|
||||
continue to pass for SUPERVISOR while non-supervisor negative coverage can later
|
||||
exercise the same policy gate.
|
||||
|
||||
A verified suite run after the FinderInfo payload-alignment fix completed with
|
||||
`failures=0` for `SYS:PUBLIC/pmdflts.ini`. The report covered Entry ID by path,
|
||||
Entry ID from NetWare handle, Get File Information, Scan File Information,
|
||||
|
||||
Reference in New Issue
Block a user