From: Radoslaw Zarzynski Date: Fri, 20 May 2016 14:44:41 +0000 (+0200) Subject: rgw: int -> uint32_t transition for perm and perm_mask. X-Git-Tag: v11.0.0~283^2~8 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=db648ebcdecdf8c80e36c0022a0e35c6c342a6a2;p=ceph.git rgw: int -> uint32_t transition for perm and perm_mask. This patch doesn't affect data structures. Changes were made to the upper layers only. We rely there on the same assumption like in case of req_state::perm_mask and RGWSubUser::perm_mask that already are uint32_t. The assumption is presence of an implicit conversion between int and uint32_t. Signed-off-by: Radoslaw Zarzynski --- diff --git a/src/rgw/rgw_acl.cc b/src/rgw/rgw_acl.cc index f43e87b0feb3..6af5639eb081 100644 --- a/src/rgw/rgw_acl.cc +++ b/src/rgw/rgw_acl.cc @@ -47,8 +47,8 @@ void RGWAccessControlList::add_grant(ACLGrant *grant) _add_grant(grant); } -int RGWAccessControlList::get_perm(const RGWIdentityApplier& auth_identity, - const int perm_mask) +uint32_t RGWAccessControlList::get_perm(const RGWIdentityApplier& auth_identity, + const uint32_t perm_mask) { ldout(cct, 5) << "Searching permissions for identity=" << auth_identity << " mask=" << perm_mask << dendl; @@ -56,12 +56,13 @@ int RGWAccessControlList::get_perm(const RGWIdentityApplier& auth_identity, return perm_mask & auth_identity.get_perms_from_aclspec(acl_user_map); } -int RGWAccessControlList::get_group_perm(ACLGroupTypeEnum group, int perm_mask) +uint32_t RGWAccessControlList::get_group_perm(ACLGroupTypeEnum group, + const uint32_t perm_mask) { ldout(cct, 5) << "Searching permissions for group=" << (int)group << " mask=" << perm_mask << dendl; - map::iterator iter = acl_group_map.find((uint32_t)group); + const auto iter = acl_group_map.find((uint32_t)group); if (iter != acl_group_map.end()) { ldout(cct, 5) << "Found permission: " << iter->second << dendl; return iter->second & perm_mask; @@ -70,8 +71,8 @@ int RGWAccessControlList::get_group_perm(ACLGroupTypeEnum group, int perm_mask) return 0; } -int RGWAccessControlList::get_referer_perm(const std::string http_referer, - const int perm_mask) +uint32_t RGWAccessControlList::get_referer_perm(const std::string http_referer, + const uint32_t perm_mask) { ldout(cct, 5) << "Searching permissions for referer=" << http_referer << " mask=" << perm_mask << dendl; @@ -93,11 +94,11 @@ int RGWAccessControlList::get_referer_perm(const std::string http_referer, } } -int RGWAccessControlPolicy::get_perm(const RGWIdentityApplier& auth_identity, - const int perm_mask, - const char * const http_referer) +uint32_t RGWAccessControlPolicy::get_perm(const RGWIdentityApplier& auth_identity, + const uint32_t perm_mask, + const char * const http_referer) { - int perm = acl.get_perm(auth_identity, perm_mask); + uint32_t perm = acl.get_perm(auth_identity, perm_mask); if (auth_identity.is_owner_of(owner.get_id())) { perm |= perm_mask & (RGW_PERM_READ_ACP | RGW_PERM_WRITE_ACP); @@ -130,13 +131,13 @@ int RGWAccessControlPolicy::get_perm(const RGWIdentityApplier& auth_identity, } bool RGWAccessControlPolicy::verify_permission(const RGWIdentityApplier& auth_identity, - const int user_perm_mask, - const int perm, + const uint32_t user_perm_mask, + const uint32_t perm, const char * const http_referer) { - int test_perm = perm | RGW_PERM_READ_OBJS | RGW_PERM_WRITE_OBJS; + uint32_t test_perm = perm | RGW_PERM_READ_OBJS | RGW_PERM_WRITE_OBJS; - int policy_perm = get_perm(auth_identity, test_perm, http_referer); + uint32_t policy_perm = get_perm(auth_identity, test_perm, http_referer); /* the swift WRITE_OBJS perm is equivalent to the WRITE obj, just convert those bits. Note that these bits will only be set on @@ -149,7 +150,7 @@ bool RGWAccessControlPolicy::verify_permission(const RGWIdentityApplier& auth_id policy_perm |= (RGW_PERM_READ | RGW_PERM_READ_ACP); } - int acl_perm = policy_perm & perm & user_perm_mask; + uint32_t acl_perm = policy_perm & perm & user_perm_mask; ldout(cct, 10) << " identity=" << auth_identity << " requested perm (type)=" << perm diff --git a/src/rgw/rgw_acl.h b/src/rgw/rgw_acl.h index f10998beb861..fb02758f06f7 100644 --- a/src/rgw/rgw_acl.h +++ b/src/rgw/rgw_acl.h @@ -49,8 +49,8 @@ protected: public: ACLPermission() : flags(0) {} ~ACLPermission() {} - int get_permissions() const { return flags; } - void set_permissions(int perm) { flags = perm; } + uint32_t get_permissions() const { return flags; } + void set_permissions(uint32_t perm) { flags = perm; } void encode(bufferlist& bl) const { ENCODE_START(2, 2, bl); @@ -184,18 +184,18 @@ public: ACLGroupTypeEnum uri_to_group(string& uri); - void set_canon(const rgw_user& _id, const string& _name, const int perm) { + void set_canon(const rgw_user& _id, const string& _name, const uint32_t perm) { type.set(ACL_TYPE_CANON_USER); id = _id; name = _name; permission.set_permissions(perm); } - void set_group(ACLGroupTypeEnum _group, int perm) { + void set_group(ACLGroupTypeEnum _group, const uint32_t perm) { type.set(ACL_TYPE_GROUP); group = _group; permission.set_permissions(perm); } - void set_referer(const std::string& _url_spec, int perm) { + void set_referer(const std::string& _url_spec, const uint32_t perm) { type.set(ACL_TYPE_REFERER); url_spec = _url_spec; permission.set_permissions(perm); @@ -205,11 +205,11 @@ WRITE_CLASS_ENCODER(ACLGrant) struct ACLReferer { std::string url_spec; - int perm; + uint32_t perm; ACLReferer() : perm(0) {} ACLReferer(const std::string& url_spec, - const int perm) + const uint32_t perm) : url_spec(url_spec), perm(perm) { } @@ -255,6 +255,8 @@ class RGWAccessControlList { protected: CephContext *cct; + /* FIXME: in the feature we should consider switching to uint32_t also + * in data structures. */ map acl_user_map; map acl_group_map; list referer_list; @@ -270,10 +272,10 @@ public: virtual ~RGWAccessControlList() {} - int get_perm(const RGWIdentityApplier& auth_identity, - int perm_mask); - int get_group_perm(ACLGroupTypeEnum group, int perm_mask); - int get_referer_perm(const std::string http_referer, int perm_mask); + uint32_t get_perm(const RGWIdentityApplier& auth_identity, + uint32_t perm_mask); + uint32_t get_group_perm(ACLGroupTypeEnum group, uint32_t perm_mask); + uint32_t get_referer_perm(const std::string http_referer, uint32_t perm_mask); void encode(bufferlist& bl) const { ENCODE_START(4, 3, bl); bool maps_initialized = true; @@ -376,13 +378,13 @@ public: acl.set_ctx(ctx); } - int get_perm(const RGWIdentityApplier& auth_identity, - int perm_mask, - const char * http_referer); - int get_group_perm(ACLGroupTypeEnum group, int perm_mask); + uint32_t get_perm(const RGWIdentityApplier& auth_identity, + uint32_t perm_mask, + const char * http_referer); + uint32_t get_group_perm(ACLGroupTypeEnum group, uint32_t perm_mask); bool verify_permission(const RGWIdentityApplier& auth_identity, - int user_perm_mask, - int perm, + uint32_t user_perm_mask, + uint32_t perm, const char * http_referer = nullptr); void encode(bufferlist& bl) const { diff --git a/src/rgw/rgw_acl_swift.cc b/src/rgw/rgw_acl_swift.cc index 7f0759213b2b..8bbb90d6bedc 100644 --- a/src/rgw/rgw_acl_swift.cc +++ b/src/rgw/rgw_acl_swift.cc @@ -99,7 +99,7 @@ static bool normalize_referer_urlspec(string& url_spec, bool& is_negative) void RGWAccessControlPolicy_SWIFT::add_grants(RGWRados * const store, const std::vector& uids, - const int perm) + const uint32_t perm) { for (const auto& uid : uids) { ldout(cct, 20) << "trying to add grant for ACL uid=" << uid << dendl; @@ -189,7 +189,7 @@ void RGWAccessControlPolicy_SWIFT::to_str(string& read, string& write) for (iter = m.begin(); iter != m.end(); ++iter) { ACLGrant& grant = iter->second; - int perm = grant.get_permission().get_permissions(); + const uint32_t perm = grant.get_permission().get_permissions(); rgw_user id; if (!grant.get_id(id)) { if (grant.get_group() != ACL_GROUP_ALL_USERS) @@ -212,7 +212,7 @@ void RGWAccessControlPolicy_SWIFT::to_str(string& read, string& write) void RGWAccessControlPolicy_SWIFTAcct::add_grants(RGWRados * const store, const std::vector& uids, - const int perm) + const uint32_t perm) { for (const auto& uid : uids) { ACLGrant grant; @@ -292,7 +292,7 @@ void RGWAccessControlPolicy_SWIFTAcct::to_str(std::string& acl_str) const /* Parition the grant map into three not-overlapping groups. */ for (const auto& item : get_acl().get_grant_map()) { const ACLGrant& grant = item.second; - const int perm = grant.get_permission().get_permissions(); + const uint32_t perm = grant.get_permission().get_permissions(); rgw_user id; if (!grant.get_id(id)) { diff --git a/src/rgw/rgw_acl_swift.h b/src/rgw/rgw_acl_swift.h index 01596aa13dc1..d249bebeffe2 100644 --- a/src/rgw/rgw_acl_swift.h +++ b/src/rgw/rgw_acl_swift.h @@ -21,7 +21,7 @@ public: void add_grants(RGWRados *store, const std::vector& uids, - int perm); + uint32_t perm); bool create(RGWRados *store, const rgw_user& id, const std::string& name, @@ -40,7 +40,7 @@ public: void add_grants(RGWRados *store, const std::vector& uids, - int perm); + uint32_t perm); bool create(RGWRados *store, const rgw_user& id, const std::string& name, diff --git a/src/rgw/rgw_auth.cc b/src/rgw/rgw_auth.cc index a89dedcb011c..e73b541cfc0f 100644 --- a/src/rgw/rgw_auth.cc +++ b/src/rgw/rgw_auth.cc @@ -38,7 +38,7 @@ rgw_auth_transform_old_authinfo(req_state * const s) is_admin(is_admin) { } - int get_perms_from_aclspec(const aclspec_t& aclspec) const { + uint32_t get_perms_from_aclspec(const aclspec_t& aclspec) const { return rgw_perms_from_aclspec_default_strategy(id, aclspec); } @@ -50,7 +50,7 @@ rgw_auth_transform_old_authinfo(req_state * const s) return id == acct_id; } - int get_perm_mask() const { + uint32_t get_perm_mask() const { return perm_mask; } @@ -75,8 +75,9 @@ rgw_auth_transform_old_authinfo(req_state * const s) } -int rgw_perms_from_aclspec_default_strategy(const rgw_user& uid, - const RGWIdentityApplier::aclspec_t& aclspec) +uint32_t rgw_perms_from_aclspec_default_strategy( + const rgw_user& uid, + const RGWIdentityApplier::aclspec_t& aclspec) { dout(5) << "Searching permissions for uid=" << uid << dendl; @@ -92,9 +93,9 @@ int rgw_perms_from_aclspec_default_strategy(const rgw_user& uid, /* RGWRemoteAuthApplier */ -int RGWRemoteAuthApplier::get_perms_from_aclspec(const aclspec_t& aclspec) const +uint32_t RGWRemoteAuthApplier::get_perms_from_aclspec(const aclspec_t& aclspec) const { - int perm = 0; + uint32_t perm = 0; /* For backward compatibility with ACLOwner. */ perm |= rgw_perms_from_aclspec_default_strategy(info.acct_user, @@ -213,7 +214,7 @@ void RGWRemoteAuthApplier::load_acct_info(RGWUserInfo& user_info) const /* /* static declaration */ const std::string RGWLocalAuthApplier::NO_SUBUSER; -int RGWLocalAuthApplier::get_perms_from_aclspec(const aclspec_t& aclspec) const +uint32_t RGWLocalAuthApplier::get_perms_from_aclspec(const aclspec_t& aclspec) const { return rgw_perms_from_aclspec_default_strategy(user_info.user_id, aclspec); } @@ -430,7 +431,7 @@ RGWKeystoneAuthEngine::get_acl_strategy(const KeystoneToken& token) const /* Lambda will obtain a copy of (not a reference to!) allowed_items. */ return [allowed_items](const RGWIdentityApplier::aclspec_t& aclspec) { - int perm = 0; + uint32_t perm = 0; for (const auto& allowed_item : allowed_items) { const auto iter = aclspec.find(allowed_item); diff --git a/src/rgw/rgw_auth.h b/src/rgw/rgw_auth.h index 67abdfe80b14..09538fda4a83 100644 --- a/src/rgw/rgw_auth.h +++ b/src/rgw/rgw_auth.h @@ -29,7 +29,7 @@ public: * XXX: implementation is responsible for giving the real semantic to the * items in @aclspec. That is, their meaning may depend on particular auth * engine that was used. */ - virtual int get_perms_from_aclspec(const aclspec_t& aclspec) const = 0; + virtual uint32_t get_perms_from_aclspec(const aclspec_t& aclspec) const = 0; /* Verify whether a given identity *can be treated as* an admin of * the rgw_user (account in Swift's terminology) specified in @uid. */ @@ -42,7 +42,7 @@ public: /* Return the permission mask that is used to narrow down the set of * operations allowed for a given identity. This method reflects the idea * of subuser tied to RGWUserInfo. */ - virtual int get_perm_mask() const = 0; + virtual uint32_t get_perm_mask() const = 0; virtual bool is_anonymous() const final { /* If the identity owns the anonymous account (rgw_user), it's considered @@ -61,8 +61,9 @@ inline std::ostream& operator<<(std::ostream& out, std::unique_ptr rgw_auth_transform_old_authinfo(req_state * const s); -int rgw_perms_from_aclspec_default_strategy(const rgw_user& uid, - const RGWIdentityApplier::aclspec_t& aclspec); +uint32_t rgw_perms_from_aclspec_default_strategy( + const rgw_user& uid, + const RGWIdentityApplier::aclspec_t& aclspec); /* Interface for classes applying changes to request state/RADOS store imposed @@ -128,7 +129,7 @@ public: }; using aclspec_t = RGWIdentityApplier::aclspec_t; - typedef std::function acl_strategy_t; + typedef std::function acl_strategy_t; protected: /* Read-write is intensional here due to RGWUserInfo creation process. */ @@ -155,10 +156,10 @@ public: info(info) { } - virtual int get_perms_from_aclspec(const aclspec_t& aclspec) const override; + virtual uint32_t get_perms_from_aclspec(const aclspec_t& aclspec) const override; virtual bool is_admin_of(const rgw_user& uid) const override; virtual bool is_owner_of(const rgw_user& uid) const override; - virtual int get_perm_mask() const { return info.perm_mask; } + virtual uint32_t get_perm_mask() const { return info.perm_mask; } virtual std::string to_str() const override; virtual void load_acct_info(RGWUserInfo& user_info) const override; /* out */ @@ -198,10 +199,10 @@ public: } - virtual int get_perms_from_aclspec(const aclspec_t& aclspec) const override; + virtual uint32_t get_perms_from_aclspec(const aclspec_t& aclspec) const override; virtual bool is_admin_of(const rgw_user& uid) const override; virtual bool is_owner_of(const rgw_user& uid) const override; - virtual int get_perm_mask() const override { + virtual uint32_t get_perm_mask() const override { return get_perm_mask(subuser, user_info); } virtual std::string to_str() const override; diff --git a/src/rgw/rgw_auth_decoimpl.h b/src/rgw/rgw_auth_decoimpl.h index 07081746cc4e..3a051e02b187 100644 --- a/src/rgw/rgw_auth_decoimpl.h +++ b/src/rgw/rgw_auth_decoimpl.h @@ -21,7 +21,7 @@ public: decoratee(decoratee) { } - virtual int get_perms_from_aclspec(const aclspec_t& aclspec) const override { + virtual uint32_t get_perms_from_aclspec(const aclspec_t& aclspec) const override { return decoratee.get_perms_from_aclspec(aclspec); } @@ -33,7 +33,7 @@ public: return decoratee.is_owner_of(uid); } - virtual int get_perm_mask() const override { + virtual uint32_t get_perm_mask() const override { return decoratee.get_perm_mask(); } @@ -63,7 +63,7 @@ public: decoratee(std::move(decoratee)) { } - virtual int get_perms_from_aclspec(const aclspec_t& aclspec) const override { + virtual uint32_t get_perms_from_aclspec(const aclspec_t& aclspec) const override { return decoratee->get_perms_from_aclspec(aclspec); } @@ -75,7 +75,7 @@ public: return decoratee->is_owner_of(uid); } - virtual int get_perm_mask() const override { + virtual uint32_t get_perm_mask() const override { return decoratee->get_perm_mask(); }