From fb4934fddc4641fbb5ea42605bd6d8f918645bfb Mon Sep 17 00:00:00 2001 From: OpenAI Date: Sat, 30 May 2026 15:22:50 +0000 Subject: [PATCH] tests: record AFP metadata rights negative smoke success Document the verified Linux smoke-suite result for the AFP Set File Information metadata rights gate. The suite now uses the existing ncpfs trustee utilities to grant NOPASSUSER only read/file-scan rights on the smoke file, then verifies that FinderInfo, Invisible, and System metadata writes are rejected with completion 0x8c while the SUPERVISOR positive path remains green. This records the intended WebSDK/NWAFP adapter semantics: AFP-specific xattrs remain the storage for FinderInfo and AFP-only metadata bits, but writes to those xattrs are still file metadata changes and must pass mars_nwe's NetWare Modify trustee policy instead of bypassing it. Tests: - afp_smoke_suite.sh --readonly-user NOPASSUSER --readonly-no-password --prepare-readonly-rights - FinderInfo negative Set File Information -> 0x8c - Invisible negative Set File Information -> 0x8c - System negative Set File Information -> 0x8c - final nwrevoke cleanup succeeds - suite summary failures=0 --- TODO.md | 8 ++++++++ tests/linux/README.md | 29 +++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) diff --git a/TODO.md b/TODO.md index 09e65bb..d239750 100644 --- a/TODO.md +++ b/TODO.md @@ -447,6 +447,14 @@ AFP Set File Information metadata-rights convergence: the suite uses the existing ncpfs `nwgrant`/`nwrevoke` trustee utilities to grant only read/file-scan rights (`[RF]` by default) before the negative probe and revoke the explicit trustee assignment afterwards. +- Runtime status: the negative smoke has been verified with `NOPASSUSER` as a + no-password test user. The suite temporarily granted `[RF]` on + `SYS:PUBLIC/pmdflts.ini`, confirmed FinderInfo, Invisible, and System Set + File Information requests are rejected with completion `0x8c`, and then + successfully revoked the temporary trustee assignment. The same run ended + with `failures=0`, preserved the final `TEXT/MARS` FinderInfo xattr, kept + `org.mars-nwe.afp.attributes` clear after the attribute cleanup probes, and + left the Modify timestamp at the expected smoke value. Endpoint order: diff --git a/tests/linux/README.md b/tests/linux/README.md index 9fc20f6..96cab19 100644 --- a/tests/linux/README.md +++ b/tests/linux/README.md @@ -120,6 +120,35 @@ path, and Modify timestamp uses `nw_utime_node()`, so the smoke suite should continue to pass for SUPERVISOR while non-supervisor negative coverage can later exercise the same policy gate. +A verified rights-negative smoke run with `--readonly-user NOPASSUSER`, +`--readonly-no-password`, and `--prepare-readonly-rights` completed with +`failures=0`. The setup used `nwgrant -r '[RF]'` for the no-password test +user so the file remained readable and searchable but lacked Modify rights. +The suite then verified that AFP Set File Information rejects FinderInfo, +Invisible, and System metadata writes with completion `0x8c` while the +SUPERVISOR positive path still succeeds: + +```text +AFP metadata Modify rights rejected: FinderInfo +AFP Set File Information returned expected completion 0x8c: subfunction=0x10 path=SYS:PUBLIC/pmdflts.ini bitmap=0x0020 +AFP metadata Modify rights rejected: Invisible +AFP Set File Information returned expected completion 0x8c: subfunction=0x10 path=SYS:PUBLIC/pmdflts.ini bitmap=0x0001 +AFP metadata Modify rights rejected: System +AFP Set File Information returned expected completion 0x8c: subfunction=0x10 path=SYS:PUBLIC/pmdflts.ini bitmap=0x0001 +``` + +The server log for the same run showed the common policy gate for all three +probes: + +```text +AFP 2.0 Set File Information rejected: no Modify rights for AFP metadata path='SYS:PUBLIC/pmdflts.ini' +``` + +The final `nwrevoke` cleanup returned successfully, and the final xattr/stat +checks remained intact. An initial pre-cleanup `nwrevoke` may report that no +explicit assignment existed yet; that is harmless as long as `nwgrant` and the +final cleanup both succeed. + A verified suite run after the FinderInfo payload-alignment fix completed with `failures=0` for `SYS:PUBLIC/pmdflts.ini`. The report covered Entry ID by path, Entry ID from NetWare handle, Get File Information, Scan File Information,