rgw: int -> uint32_t transition for perm and perm_mask.

This patch doesn't affect data structures. Changes were made
to the upper layers only. We rely there on the same assumption
like in case of req_state::perm_mask and RGWSubUser::perm_mask
that already are uint32_t. The assumption is presence of an
implicit conversion between int and uint32_t.

Signed-off-by: Radoslaw Zarzynski <rzarzynski@mirantis.com>

diff --git a/src/rgw/rgw_acl.cc b/src/rgw/rgw_acl.cc
index f43e87b0feb396432de6022ed5cadfee3dc94d64..6af5639eb081979d16c280fb9b6b9dee3bded6fb 100644 (file)
--- a/src/rgw/rgw_acl.cc
+++ b/src/rgw/rgw_acl.cc
@@ -47,8 +47,8 @@ void RGWAccessControlList::add_grant(ACLGrant *grant)
   _add_grant(grant);
 }
 
-int RGWAccessControlList::get_perm(const RGWIdentityApplier& auth_identity,
-                                   const int perm_mask)
+uint32_t RGWAccessControlList::get_perm(const RGWIdentityApplier& auth_identity,
+                                        const uint32_t perm_mask)
 {
   ldout(cct, 5) << "Searching permissions for identity=" << auth_identity
                 << " mask=" << perm_mask << dendl;
@@ -56,12 +56,13 @@ int RGWAccessControlList::get_perm(const RGWIdentityApplier& auth_identity,
   return perm_mask & auth_identity.get_perms_from_aclspec(acl_user_map);
 }
 
-int RGWAccessControlList::get_group_perm(ACLGroupTypeEnum group, int perm_mask)
+uint32_t RGWAccessControlList::get_group_perm(ACLGroupTypeEnum group,
+                                              const uint32_t perm_mask)
 {
   ldout(cct, 5) << "Searching permissions for group=" << (int)group
                 << " mask=" << perm_mask << dendl;
 
-  map<uint32_t, int>::iterator iter = acl_group_map.find((uint32_t)group);
+  const auto iter = acl_group_map.find((uint32_t)group);
   if (iter != acl_group_map.end()) {
     ldout(cct, 5) << "Found permission: " << iter->second << dendl;
     return iter->second & perm_mask;
@@ -70,8 +71,8 @@ int RGWAccessControlList::get_group_perm(ACLGroupTypeEnum group, int perm_mask)
   return 0;
 }
 
-int RGWAccessControlList::get_referer_perm(const std::string http_referer,
-                                           const int perm_mask)
+uint32_t RGWAccessControlList::get_referer_perm(const std::string http_referer,
+                                                const uint32_t perm_mask)
 {
   ldout(cct, 5) << "Searching permissions for referer=" << http_referer
                 << " mask=" << perm_mask << dendl;
@@ -93,11 +94,11 @@ int RGWAccessControlList::get_referer_perm(const std::string http_referer,
   }
 }
 
-int RGWAccessControlPolicy::get_perm(const RGWIdentityApplier& auth_identity,
-                                     const int perm_mask,
-                                     const char * const http_referer)
+uint32_t RGWAccessControlPolicy::get_perm(const RGWIdentityApplier& auth_identity,
+                                          const uint32_t perm_mask,
+                                          const char * const http_referer)
 {
-  int perm = acl.get_perm(auth_identity, perm_mask);
+  uint32_t perm = acl.get_perm(auth_identity, perm_mask);
 
   if (auth_identity.is_owner_of(owner.get_id())) {
     perm |= perm_mask & (RGW_PERM_READ_ACP | RGW_PERM_WRITE_ACP);
@@ -130,13 +131,13 @@ int RGWAccessControlPolicy::get_perm(const RGWIdentityApplier& auth_identity,
 }
 
 bool RGWAccessControlPolicy::verify_permission(const RGWIdentityApplier& auth_identity,
-                                               const int user_perm_mask,
-                                               const int perm,
+                                               const uint32_t user_perm_mask,
+                                               const uint32_t perm,
                                                const char * const http_referer)
 {
-  int test_perm = perm | RGW_PERM_READ_OBJS | RGW_PERM_WRITE_OBJS;
+  uint32_t test_perm = perm | RGW_PERM_READ_OBJS | RGW_PERM_WRITE_OBJS;
 
-  int policy_perm = get_perm(auth_identity, test_perm, http_referer);
+  uint32_t policy_perm = get_perm(auth_identity, test_perm, http_referer);
 
   /* the swift WRITE_OBJS perm is equivalent to the WRITE obj, just
      convert those bits. Note that these bits will only be set on
@@ -149,7 +150,7 @@ bool RGWAccessControlPolicy::verify_permission(const RGWIdentityApplier& auth_id
     policy_perm |= (RGW_PERM_READ | RGW_PERM_READ_ACP);
   }
    
-  int acl_perm = policy_perm & perm & user_perm_mask;
+  uint32_t acl_perm = policy_perm & perm & user_perm_mask;
 
   ldout(cct, 10) << " identity=" << auth_identity
                  << " requested perm (type)=" << perm

diff --git a/src/rgw/rgw_acl.h b/src/rgw/rgw_acl.h
index f10998beb8612d77c976fa1dc03708f9b6cfa25e..fb02758f06f7b0d6120d22b6288d19329607de8f 100644 (file)
--- a/src/rgw/rgw_acl.h
+++ b/src/rgw/rgw_acl.h
@@ -49,8 +49,8 @@ protected:
 public:
   ACLPermission() : flags(0) {}
   ~ACLPermission() {}
-  int get_permissions() const { return flags; }
-  void set_permissions(int perm) { flags = perm; }
+  uint32_t get_permissions() const { return flags; }
+  void set_permissions(uint32_t perm) { flags = perm; }
 
   void encode(bufferlist& bl) const {
     ENCODE_START(2, 2, bl);
@@ -184,18 +184,18 @@ public:
 
   ACLGroupTypeEnum uri_to_group(string& uri);
   
-  void set_canon(const rgw_user& _id, const string& _name, const  int perm) {
+  void set_canon(const rgw_user& _id, const string& _name, const uint32_t perm) {
     type.set(ACL_TYPE_CANON_USER);
     id = _id;
     name = _name;
     permission.set_permissions(perm);
   }
-  void set_group(ACLGroupTypeEnum _group, int perm) {
+  void set_group(ACLGroupTypeEnum _group, const uint32_t perm) {
     type.set(ACL_TYPE_GROUP);
     group = _group;
     permission.set_permissions(perm);
   }
-  void set_referer(const std::string& _url_spec, int perm) {
+  void set_referer(const std::string& _url_spec, const uint32_t perm) {
     type.set(ACL_TYPE_REFERER);
     url_spec = _url_spec;
     permission.set_permissions(perm);
@@ -205,11 +205,11 @@ WRITE_CLASS_ENCODER(ACLGrant)
 
 struct ACLReferer {
   std::string url_spec;
-  int perm;
+  uint32_t perm;
 
   ACLReferer() : perm(0) {}
   ACLReferer(const std::string& url_spec,
-             const int perm)
+             const uint32_t perm)
     : url_spec(url_spec),
       perm(perm) {
   }
@@ -255,6 +255,8 @@ class RGWAccessControlList
 {
 protected:
   CephContext *cct;
+  /* FIXME: in the feature we should consider switching to uint32_t also
+   * in data structures. */
   map<string, int> acl_user_map;
   map<uint32_t, int> acl_group_map;
   list<ACLReferer> referer_list;
@@ -270,10 +272,10 @@ public:
 
   virtual ~RGWAccessControlList() {}
 
-  int get_perm(const RGWIdentityApplier& auth_identity,
-               int perm_mask);
-  int get_group_perm(ACLGroupTypeEnum group, int perm_mask);
-  int get_referer_perm(const std::string http_referer, int perm_mask);
+  uint32_t get_perm(const RGWIdentityApplier& auth_identity,
+                    uint32_t perm_mask);
+  uint32_t get_group_perm(ACLGroupTypeEnum group, uint32_t perm_mask);
+  uint32_t get_referer_perm(const std::string http_referer, uint32_t perm_mask);
   void encode(bufferlist& bl) const {
     ENCODE_START(4, 3, bl);
     bool maps_initialized = true;
@@ -376,13 +378,13 @@ public:
     acl.set_ctx(ctx);
   }
 
-  int get_perm(const RGWIdentityApplier& auth_identity,
-               int perm_mask,
-               const char * http_referer);
-  int get_group_perm(ACLGroupTypeEnum group, int perm_mask);
+  uint32_t get_perm(const RGWIdentityApplier& auth_identity,
+                    uint32_t perm_mask,
+                    const char * http_referer);
+  uint32_t get_group_perm(ACLGroupTypeEnum group, uint32_t perm_mask);
   bool verify_permission(const RGWIdentityApplier& auth_identity,
-                         int user_perm_mask,
-                         int perm,
+                         uint32_t user_perm_mask,
+                         uint32_t perm,
                          const char * http_referer = nullptr);
 
   void encode(bufferlist& bl) const {

diff --git a/src/rgw/rgw_acl_swift.cc b/src/rgw/rgw_acl_swift.cc
index 7f0759213b2b7e7d38948bd4f7ad35cca044178a..8bbb90d6bedc919e122c5772db56be1b8fcbf5a5 100644 (file)
--- a/src/rgw/rgw_acl_swift.cc
+++ b/src/rgw/rgw_acl_swift.cc
@@ -99,7 +99,7 @@ static bool normalize_referer_urlspec(string& url_spec, bool& is_negative)
 
 void RGWAccessControlPolicy_SWIFT::add_grants(RGWRados * const store,
                                               const std::vector<std::string>& uids,
-                                              const int perm)
+                                              const uint32_t perm)
 {
   for (const auto& uid : uids) {
     ldout(cct, 20) << "trying to add grant for ACL uid=" << uid << dendl;
@@ -189,7 +189,7 @@ void RGWAccessControlPolicy_SWIFT::to_str(string& read, string& write)
 
   for (iter = m.begin(); iter != m.end(); ++iter) {
     ACLGrant& grant = iter->second;
-    int perm = grant.get_permission().get_permissions();
+    const uint32_t perm = grant.get_permission().get_permissions();
     rgw_user id;
     if (!grant.get_id(id)) {
       if (grant.get_group() != ACL_GROUP_ALL_USERS)
@@ -212,7 +212,7 @@ void RGWAccessControlPolicy_SWIFT::to_str(string& read, string& write)
 
 void RGWAccessControlPolicy_SWIFTAcct::add_grants(RGWRados * const store,
                                                   const std::vector<std::string>& uids,
-                                                  const int perm)
+                                                  const uint32_t perm)
 {
   for (const auto& uid : uids) {
     ACLGrant grant;
@@ -292,7 +292,7 @@ void RGWAccessControlPolicy_SWIFTAcct::to_str(std::string& acl_str) const
   /* Parition the grant map into three not-overlapping groups. */
   for (const auto& item : get_acl().get_grant_map()) {
     const ACLGrant& grant = item.second;
-    const int perm = grant.get_permission().get_permissions();
+    const uint32_t perm = grant.get_permission().get_permissions();
 
     rgw_user id;
     if (!grant.get_id(id)) {

diff --git a/src/rgw/rgw_acl_swift.h b/src/rgw/rgw_acl_swift.h
index 01596aa13dc1a16478e2c16e2eda1a5f1a11803d..d249bebeffe24dd4ef70c6ec60da6f38452114f5 100644 (file)
--- a/src/rgw/rgw_acl_swift.h
+++ b/src/rgw/rgw_acl_swift.h
@@ -21,7 +21,7 @@ public:
 
   void add_grants(RGWRados *store,
                   const std::vector<std::string>& uids,
-                  int perm);
+                  uint32_t perm);
   bool create(RGWRados *store,
               const rgw_user& id,
               const std::string& name,
@@ -40,7 +40,7 @@ public:
 
   void add_grants(RGWRados *store,
                   const std::vector<std::string>& uids,
-                  int perm);
+                  uint32_t perm);
   bool create(RGWRados *store,
               const rgw_user& id,
               const std::string& name,

diff --git a/src/rgw/rgw_auth.cc b/src/rgw/rgw_auth.cc
index a89dedcb011c529764218be42600cbb62dbde177..e73b541cfc0f8eb3444b84f89c592e091d950cae 100644 (file)
--- a/src/rgw/rgw_auth.cc
+++ b/src/rgw/rgw_auth.cc
@@ -38,7 +38,7 @@ rgw_auth_transform_old_authinfo(req_state * const s)
         is_admin(is_admin) {
     }
 
-    int get_perms_from_aclspec(const aclspec_t& aclspec) const {
+    uint32_t get_perms_from_aclspec(const aclspec_t& aclspec) const {
       return rgw_perms_from_aclspec_default_strategy(id, aclspec);
     }
 
@@ -50,7 +50,7 @@ rgw_auth_transform_old_authinfo(req_state * const s)
       return id == acct_id;
     }
 
-    int get_perm_mask() const {
+    uint32_t get_perm_mask() const {
       return perm_mask;
     }
 
@@ -75,8 +75,9 @@ rgw_auth_transform_old_authinfo(req_state * const s)
 }
 
 
-int rgw_perms_from_aclspec_default_strategy(const rgw_user& uid,
-                                            const RGWIdentityApplier::aclspec_t& aclspec)
+uint32_t rgw_perms_from_aclspec_default_strategy(
+  const rgw_user& uid,
+  const RGWIdentityApplier::aclspec_t& aclspec)
 {
   dout(5) << "Searching permissions for uid=" << uid <<  dendl;
 
@@ -92,9 +93,9 @@ int rgw_perms_from_aclspec_default_strategy(const rgw_user& uid,
 
 
 /* RGWRemoteAuthApplier */
-int RGWRemoteAuthApplier::get_perms_from_aclspec(const aclspec_t& aclspec) const
+uint32_t RGWRemoteAuthApplier::get_perms_from_aclspec(const aclspec_t& aclspec) const
 {
-  int perm = 0;
+  uint32_t perm = 0;
 
   /* For backward compatibility with ACLOwner. */
   perm |= rgw_perms_from_aclspec_default_strategy(info.acct_user,
@@ -213,7 +214,7 @@ void RGWRemoteAuthApplier::load_acct_info(RGWUserInfo& user_info) const      /*
 /* static declaration */
 const std::string RGWLocalAuthApplier::NO_SUBUSER;
 
-int RGWLocalAuthApplier::get_perms_from_aclspec(const aclspec_t& aclspec) const
+uint32_t RGWLocalAuthApplier::get_perms_from_aclspec(const aclspec_t& aclspec) const
 {
   return rgw_perms_from_aclspec_default_strategy(user_info.user_id, aclspec);
 }
@@ -430,7 +431,7 @@ RGWKeystoneAuthEngine::get_acl_strategy(const KeystoneToken& token) const
 
   /* Lambda will obtain a copy of (not a reference to!) allowed_items. */
   return [allowed_items](const RGWIdentityApplier::aclspec_t& aclspec) {
-    int perm = 0;
+    uint32_t perm = 0;
 
     for (const auto& allowed_item : allowed_items) {
       const auto iter = aclspec.find(allowed_item);

diff --git a/src/rgw/rgw_auth.h b/src/rgw/rgw_auth.h
index 67abdfe80b142bf8a994c9535417662830a318bc..09538fda4a83a86c44fde4103aa27dc2e982bf67 100644 (file)
--- a/src/rgw/rgw_auth.h
+++ b/src/rgw/rgw_auth.h
@@ -29,7 +29,7 @@ public:
    * XXX: implementation is responsible for giving the real semantic to the
    * items in @aclspec. That is, their meaning may depend on particular auth
    * engine that was used. */
-  virtual int get_perms_from_aclspec(const aclspec_t& aclspec) const = 0;
+  virtual uint32_t get_perms_from_aclspec(const aclspec_t& aclspec) const = 0;
 
   /* Verify whether a given identity *can be treated as* an admin of
    * the rgw_user (account in Swift's terminology) specified in @uid. */
@@ -42,7 +42,7 @@ public:
   /* Return the permission mask that is used to narrow down the set of
    * operations allowed for a given identity. This method reflects the idea
    * of subuser tied to RGWUserInfo. */
-  virtual int get_perm_mask() const = 0;
+  virtual uint32_t get_perm_mask() const = 0;
 
   virtual bool is_anonymous() const final {
     /* If the identity owns the anonymous account (rgw_user), it's considered
@@ -61,8 +61,9 @@ inline std::ostream& operator<<(std::ostream& out,
 std::unique_ptr<RGWIdentityApplier>
 rgw_auth_transform_old_authinfo(req_state * const s);
 
-int rgw_perms_from_aclspec_default_strategy(const rgw_user& uid,
-                                            const RGWIdentityApplier::aclspec_t& aclspec);
+uint32_t rgw_perms_from_aclspec_default_strategy(
+  const rgw_user& uid,
+  const RGWIdentityApplier::aclspec_t& aclspec);
 
 
 /* Interface for classes applying changes to request state/RADOS store imposed
@@ -128,7 +129,7 @@ public:
   };
 
   using aclspec_t = RGWIdentityApplier::aclspec_t;
-  typedef std::function<int(const aclspec_t&)> acl_strategy_t;
+  typedef std::function<uint32_t(const aclspec_t&)> acl_strategy_t;
 
 protected:
   /* Read-write is intensional here due to RGWUserInfo creation process. */
@@ -155,10 +156,10 @@ public:
       info(info) {
   }
 
-  virtual int get_perms_from_aclspec(const aclspec_t& aclspec) const override;
+  virtual uint32_t get_perms_from_aclspec(const aclspec_t& aclspec) const override;
   virtual bool is_admin_of(const rgw_user& uid) const override;
   virtual bool is_owner_of(const rgw_user& uid) const override;
-  virtual int get_perm_mask() const { return info.perm_mask; }
+  virtual uint32_t get_perm_mask() const { return info.perm_mask; }
   virtual std::string to_str() const override;
   virtual void load_acct_info(RGWUserInfo& user_info) const override; /* out */
 
@@ -198,10 +199,10 @@ public:
   }
 
 
-  virtual int get_perms_from_aclspec(const aclspec_t& aclspec) const override;
+  virtual uint32_t get_perms_from_aclspec(const aclspec_t& aclspec) const override;
   virtual bool is_admin_of(const rgw_user& uid) const override;
   virtual bool is_owner_of(const rgw_user& uid) const override;
-  virtual int get_perm_mask() const override {
+  virtual uint32_t get_perm_mask() const override {
     return get_perm_mask(subuser, user_info);
   }
   virtual std::string to_str() const override;

diff --git a/src/rgw/rgw_auth_decoimpl.h b/src/rgw/rgw_auth_decoimpl.h
index 07081746cc4e53eb2205c96f0d11e2d530e01137..3a051e02b187fd3a45e31bda4cc21c71b2fa4832 100644 (file)
--- a/src/rgw/rgw_auth_decoimpl.h
+++ b/src/rgw/rgw_auth_decoimpl.h
@@ -21,7 +21,7 @@ public:
       decoratee(decoratee) {
   }
 
-  virtual int get_perms_from_aclspec(const aclspec_t& aclspec) const override {
+  virtual uint32_t get_perms_from_aclspec(const aclspec_t& aclspec) const override {
     return decoratee.get_perms_from_aclspec(aclspec);
   }
 
@@ -33,7 +33,7 @@ public:
     return decoratee.is_owner_of(uid);
   }
 
-  virtual int get_perm_mask() const override {
+  virtual uint32_t get_perm_mask() const override {
     return decoratee.get_perm_mask();
   }
 
@@ -63,7 +63,7 @@ public:
       decoratee(std::move(decoratee)) {
   }
 
-  virtual int get_perms_from_aclspec(const aclspec_t& aclspec) const override {
+  virtual uint32_t get_perms_from_aclspec(const aclspec_t& aclspec) const override {
     return decoratee->get_perms_from_aclspec(aclspec);
   }
 
@@ -75,7 +75,7 @@ public:
     return decoratee->is_owner_of(uid);
   }
 
-  virtual int get_perm_mask() const override {
+  virtual uint32_t get_perm_mask() const override {
     return decoratee->get_perm_mask();
   }