MGM: Allow handling the new token 't' flag via the eos acl command. Fixes EOS-6528

esindril · esindril · commit 1fddf9accb8b · 2025-10-30T14:44:58.000+01:00
diff --git a/console/commands/helpers/AclHelper.cc b/console/commands/helpers/AclHelper.cc
@@ -78,7 +78,7 @@ AclHelper::CheckId(const std::string& id)
 bool
 AclHelper::CheckFlags(const std::string& flags)
 {
-  static const std::string allowed_chars = "!+-rwoxmduqcaAX";
+  static const std::string allowed_chars = "!+-rwoxmduqcatAX";
   return flags.find_first_not_of(allowed_chars) == std::string::npos;
 }
 
diff --git a/mgm/proc/user/AclCmd.cc b/mgm/proc/user/AclCmd.cc
@@ -282,7 +282,7 @@ Rule AclCmd::GetRuleFromString(const std::string& single_acl)
   auto acl_delimiter = single_acl.rfind(':');
   ret.first = std::string(single_acl.begin(),
                           single_acl.begin() + acl_delimiter);
-  unsigned short rule_int = 0;
+  unsigned long rule_int = 0;
 
   for (auto i = acl_delimiter + 1, size = single_acl.length(); i < size; ++i) {
     switch (single_acl.at(i)) {
@@ -330,6 +330,10 @@ Rule AclCmd::GetRuleFromString(const std::string& single_acl)
       rule_int = rule_int | AclCmd::SysAttr;
       break;
 
+    case 't':
+      rule_int = rule_int | AclCmd::Token;
+      break;
+
     case '+' :
       // There are only two + flags in current acl permissions +d and +u
       i++;
@@ -419,7 +423,7 @@ AclCmd::GenerateRuleMap(const std::string& acl_string, RuleMap& rmap)
 bool AclCmd::GetRuleBitmask(const std::string& input, bool set)
 {
   bool lambda_happen = false;
-  unsigned short int ret = 0, add_ret = 0, rm_ret = 0;
+  unsigned long ret = 0, add_ret = 0, rm_ret = 0;
   auto add_lambda = [&](AclCmd::ACLPos pos) {
     add_ret = add_ret | pos;
     ret = ret | pos;
@@ -522,6 +526,11 @@ bool AclCmd::GetRuleBitmask(const std::string& input, bool set)
       continue;
     }
 
+    if (*flag == 't') {
+      curr_lambda(AclCmd::Token);
+      continue;
+    }
+
     if (*flag == 'c') {
       curr_lambda(AclCmd::C);
       continue;
@@ -695,7 +704,7 @@ AclCmd::CheckCorrectId(const std::string& id) const
 //------------------------------------------------------------------------------
 void AclCmd::ApplyRule(RuleMap& rules, size_t pos)
 {
-  unsigned short temp_rule = 0;
+  unsigned long temp_rule = 0;
 
   if (!mSet) {
     auto it = std::find_if(rules.begin(),
@@ -757,7 +766,7 @@ AclCmd::GenerateAclString(const RuleMap& rmap)
 // Convert ACL bitmask to string representation
 //------------------------------------------------------------------------------
 std::string
-AclCmd::AclBitmaskToString(const unsigned short int in)
+AclCmd::AclBitmaskToString(const unsigned long int in)
 {
   std::string ret = "";
 
@@ -785,6 +794,10 @@ AclCmd::AclBitmaskToString(const unsigned short int in)
     ret.append("X");
   }
 
+  if (in & AclCmd::Token) {
+    ret.append("t");
+  }
+
   if (in & AclCmd::M) {
     ret.append("m");
   }
diff --git a/mgm/proc/user/AclCmd.hh b/mgm/proc/user/AclCmd.hh
@@ -28,8 +28,8 @@
 
 EOSMGMNAMESPACE_BEGIN
 
-typedef std::pair<std::string, unsigned short> Rule;
-//typedef std::unordered_map<std::string, unsigned short> RuleMap;
+typedef std::pair<std::string, unsigned long> Rule;
+//typedef std::unordered_map<std::string, unsigned long> RuleMap;
 // We use a list as we need to be able to insert at any position
 typedef std::list<Rule> RuleMap;
 
@@ -195,15 +195,15 @@ public:
   //----------------------------------------------------------------------------
   //! Return mAddRule result after GetRuleBitmask call.
   //----------------------------------------------------------------------------
-  unsigned short GetAddRule()
+  unsigned long GetAddRule()
   {
     return mAddRule;
   }
 
   //----------------------------------------------------------------------------
   //! Return mRmRule result after GetRuleBitmask call.
   //----------------------------------------------------------------------------
-  unsigned short GetRmRule()
+  unsigned long  GetRmRule()
   {
     return mRmRule;
   }
@@ -227,13 +227,14 @@ private:
     nW = 1 << 13,      // 8192 - !w
     nX = 1 << 14,      //16384 - !x
     A  = 1 << 15,      //32768 -  a
-    SysAcl  = 1 << 16, //65536  -  A
-    SysAttr = 1 << 17  //131072 -  X
+    SysAcl  = 1 << 16, //65536  - A
+    SysAttr = 1 << 17, //131072 - X
+    Token   = 1 << 18  //262144 - t
   };
 
   std::string mId; ///< Rule identifier extracted from command line
   ///< ACL rule bitmasks for adding and removing
-  unsigned short mAddRule, mRmRule;
+  unsigned long mAddRule, mRmRule;
   bool mSet; ///< Rule is set operations i.e contains =
 
   //----------------------------------------------------------------------------
@@ -289,7 +290,7 @@ private:
   //!
   //! @return std::string representation of ACL
   //----------------------------------------------------------------------------
-  static std::string AclBitmaskToString(const unsigned short in);
+  static std::string AclBitmaskToString(const unsigned long in);
 
   std::string mErr; ///< Command error output string
 

Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,7 @@ AclHelper::CheckId(const std::string& id)`
`78`	`78`	`bool`
`79`	`79`	`AclHelper::CheckFlags(const std::string& flags)`
`80`	`80`	`{`
`81`		`- static const std::string allowed_chars = "!+-rwoxmduqcaAX";`
	`81`	`+ static const std::string allowed_chars = "!+-rwoxmduqcatAX";`
`82`	`82`	`return flags.find_first_not_of(allowed_chars) == std::string::npos;`
`83`	`83`	`}`
`84`	`84`