From c320bde1e6bd252c0f1b7e180265d6a28b85438b Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@redhat.com>
Date: Thu, 4 Jun 2015 13:45:59 -0700
Subject: [PATCH] mds/MDSAuthCap: fix uid and gid types

int64_t for uid, so we can do a negative "none" value.
gid_t (uint32_t) for gid.

Signed-off-by: Sage Weil <sage@redhat.com>
---
 src/mds/MDSAuthCaps.cc | 17 +++++++++--------
 src/mds/MDSAuthCaps.h  | 15 ++++++++-------
 2 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/src/mds/MDSAuthCaps.cc b/src/mds/MDSAuthCaps.cc
index afb1f8a02fb2c..52f7a231bb82c 100644
--- a/src/mds/MDSAuthCaps.cc
+++ b/src/mds/MDSAuthCaps.cc
@@ -36,6 +36,7 @@ struct MDSCapParser : qi::grammar<Iterator, MDSAuthCaps()>
   {
     using qi::char_;
     using qi::int_;
+    using qi::uint_;
     using qi::lexeme;
     using qi::alnum;
     using qi::_val;
@@ -54,9 +55,9 @@ struct MDSCapParser : qi::grammar<Iterator, MDSAuthCaps()>
 
     // match := [path=<path>] [uid=<uid> [gids=<gid>[,<gid>...]]
     path %= (spaces >> lit("path") >> lit('=') >> (quoted_path | unquoted_path));
-    uid %= (spaces >> lit("uid") >> lit('=') >> int_);
-    intlist %= (int_ % lit(','));
-    gidlist %= -(spaces >> lit("gids") >> lit('=') >> intlist);
+    uid %= (spaces >> lit("uid") >> lit('=') >> uint_);
+    uintlist %= (uint_ % lit(','));
+    gidlist %= -(spaces >> lit("gids") >> lit('=') >> uintlist);
     match = -(
 	     (uid >> gidlist)[_val = phoenix::construct<MDSCapMatch>(_1, _2)] |
 	     (path >> uid >> gidlist)[_val = phoenix::construct<MDSCapMatch>(_1, _2, _3)] |
@@ -79,9 +80,9 @@ struct MDSCapParser : qi::grammar<Iterator, MDSAuthCaps()>
   qi::rule<Iterator, string()> quoted_path, unquoted_path;
   qi::rule<Iterator, MDSCapSpec()> capspec;
   qi::rule<Iterator, string()> path;
-  qi::rule<Iterator, int()> uid;
-  qi::rule<Iterator, std::vector<int>() > intlist;
-  qi::rule<Iterator, std::vector<int>() > gidlist;
+  qi::rule<Iterator, uint32_t()> uid;
+  qi::rule<Iterator, std::vector<uint32_t>() > uintlist;
+  qi::rule<Iterator, std::vector<uint32_t>() > gidlist;
   qi::rule<Iterator, MDSCapMatch()> match;
   qi::rule<Iterator, MDSCapGrant()> grant;
   qi::rule<Iterator, std::vector<MDSCapGrant>()> grants;
@@ -115,7 +116,7 @@ bool MDSCapMatch::match(const std::string &target_path,
  * This is true if any of the 'grant' clauses in the capability match the
  * requested path + op.
  */
-bool MDSAuthCaps::is_capable(const std::string &path, int uid, unsigned mask) const
+bool MDSAuthCaps::is_capable(const std::string &path, uid_t uid, unsigned mask) const
 {
   for (std::vector<MDSCapGrant>::const_iterator i = grants.begin();
        i != grants.end();
@@ -187,7 +188,7 @@ ostream &operator<<(ostream &out, const MDSCapMatch &match)
     out << "uid=" << match.uid;
     if (!match.gids.empty()) {
       out << " gids=";
-      for (std::vector<int>::const_iterator p = match.gids.begin();
+      for (std::vector<gid_t>::const_iterator p = match.gids.begin();
 	   p != match.gids.end();
 	   ++p) {
 	if (p != match.gids.begin())
diff --git a/src/mds/MDSAuthCaps.h b/src/mds/MDSAuthCaps.h
index 7e0d64d45a54c..a51e74db572b7 100644
--- a/src/mds/MDSAuthCaps.h
+++ b/src/mds/MDSAuthCaps.h
@@ -19,6 +19,7 @@
 #include <vector>
 #include <string>
 #include <sstream>
+#include "include/types.h"
 
 // unix-style capabilities
 enum {
@@ -50,18 +51,18 @@ struct MDSCapSpec {
 
 // conditions before we are allowed to do it
 struct MDSCapMatch {
-  static const int MDS_AUTH_UID_ANY = -1;
+  static const int64_t MDS_AUTH_UID_ANY = -1;
   static const std::string MDS_AUTH_PATH_ROOT;
 
-  int uid;           // Require UID to be equal to this, if !=MDS_AUTH_UID_ANY
-  std::vector<int> gids;  // Use these GIDs
-  std::string path;  // Require path to be child of this (may be "/" for any)
+  int64_t uid;          // Require UID to be equal to this, if !=MDS_AUTH_UID_ANY
+  std::vector<gid_t> gids;  // Use these GIDs
+  std::string path;     // Require path to be child of this (may be "/" for any)
 
   MDSCapMatch() : uid(MDS_AUTH_UID_ANY), path(MDS_AUTH_PATH_ROOT) {}
-  MDSCapMatch(int uid_, std::vector<int>& gids_)
+  MDSCapMatch(int64_t uid_, std::vector<gid_t>& gids_)
     : uid(uid_), gids(gids_), path(MDS_AUTH_PATH_ROOT) {}
   MDSCapMatch(std::string path_) : uid(MDS_AUTH_UID_ANY), path(path_) {}
-  MDSCapMatch(std::string path_, int uid_, std::vector<int>& gids_)
+  MDSCapMatch(std::string path_, int64_t uid_, std::vector<gid_t>& gids_)
     : uid(uid_), gids(gids_), path(path_) {}
   
   bool is_match_all() const
@@ -92,7 +93,7 @@ public:
   bool parse(const std::string &str, std::ostream *err);
 
   bool allow_all() const;
-  bool is_capable(const std::string &path, int uid, unsigned mask) const;
+  bool is_capable(const std::string &path, uid_t uid, unsigned mask) const;
 
   friend std::ostream &operator<<(std::ostream &out, const MDSAuthCaps &cap);
 };
-- 
2.39.5