diff options
author | Ed Tanous <edtanous@google.com> | 2022-07-01 03:44:25 +0300 |
---|---|---|
committer | Ed Tanous <ed@tanous.net> | 2022-12-28 22:38:37 +0300 |
commit | 618c14b4d77bd89c6b2e421bce0576e357b5a33b (patch) | |
tree | 002619c03a4c25c9598978a7f97268b9b48c71f4 | |
parent | 93f7a0d6a328037147d610a97a4dbeedc38414ef (diff) | |
download | bmcweb-618c14b4d77bd89c6b2e421bce0576e357b5a33b.tar.xz |
Fix some use-after-move issues
This diff looks bad. The only thing that changed functionally is
changing:
password(std::move(password)), roleId(std::move(roleId))
in the labmda capture to
password, roldId
because password and roleid are getting used later. Unfortunately,
clang decides to rearrange this whole lambda.
Tested: Passes cppcheck.
'''
curl -vvvv --insecure --user root:0penBmc -X PATCH -d '{"Password": "0penBmc1"}' https://192.168.7.2/redfish/v1/AccountService/Accounts/root
'''
Succeeds at patching the root password.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I97b10a40d0b271b211bf4e6c09888d3cd568a3d0
-rw-r--r-- | redfish-core/lib/account_service.hpp | 156 |
1 files changed, 77 insertions, 79 deletions
diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp index 3a8ffbc9a4..58b3362e6e 100644 --- a/redfish-core/lib/account_service.hpp +++ b/redfish-core/lib/account_service.hpp @@ -1163,58 +1163,56 @@ inline void handleLDAPPatch(nlohmann::json& input, inline void updateUserProperties(std::shared_ptr<bmcweb::AsyncResp> asyncResp, const std::string& username, - std::optional<std::string> password, - std::optional<bool> enabled, - std::optional<std::string> roleId, - std::optional<bool> locked) + const std::optional<std::string>& password, + const std::optional<bool>& enabled, + const std::optional<std::string>& roleId, + const std::optional<bool>& locked) { sdbusplus::message::object_path tempObjPath(rootUserDbusPath); tempObjPath /= username; std::string dbusObjectPath(tempObjPath); dbus::utility::checkDbusPathExists( - dbusObjectPath, - [dbusObjectPath, username, password(std::move(password)), - roleId(std::move(roleId)), enabled, locked, - asyncResp{std::move(asyncResp)}](int rc) { - if (rc <= 0) - { - messages::resourceNotFound(asyncResp->res, "ManagerAccount", - username); - return; - } - - if (password) - { - int retval = pamUpdatePassword(username, *password); - - if (retval == PAM_USER_UNKNOWN) + dbusObjectPath, [dbusObjectPath, username, password, roleId, enabled, + locked, asyncResp{std::move(asyncResp)}](int rc) { + if (rc <= 0) { messages::resourceNotFound(asyncResp->res, "ManagerAccount", username); - } - else if (retval == PAM_AUTHTOK_ERR) - { - // If password is invalid - messages::propertyValueFormatError(asyncResp->res, *password, - "Password"); - BMCWEB_LOG_ERROR << "pamUpdatePassword Failed"; - } - else if (retval != PAM_SUCCESS) - { - messages::internalError(asyncResp->res); return; } - else + + if (password) { - messages::success(asyncResp->res); + int retval = pamUpdatePassword(username, *password); + + if (retval == PAM_USER_UNKNOWN) + { + messages::resourceNotFound(asyncResp->res, "ManagerAccount", + username); + } + else if (retval == PAM_AUTHTOK_ERR) + { + // If password is invalid + messages::propertyValueFormatError(asyncResp->res, + *password, "Password"); + BMCWEB_LOG_ERROR << "pamUpdatePassword Failed"; + } + else if (retval != PAM_SUCCESS) + { + messages::internalError(asyncResp->res); + return; + } + else + { + messages::success(asyncResp->res); + } } - } - if (enabled) - { - crow::connections::systemBus->async_method_call( - [asyncResp](const boost::system::error_code ec) { + if (enabled) + { + crow::connections::systemBus->async_method_call( + [asyncResp](const boost::system::error_code ec) { if (ec) { BMCWEB_LOG_ERROR << "D-Bus responses error: " << ec; @@ -1223,25 +1221,25 @@ inline void updateUserProperties(std::shared_ptr<bmcweb::AsyncResp> asyncResp, } messages::success(asyncResp->res); return; - }, - "xyz.openbmc_project.User.Manager", dbusObjectPath, - "org.freedesktop.DBus.Properties", "Set", - "xyz.openbmc_project.User.Attributes", "UserEnabled", - dbus::utility::DbusVariantType{*enabled}); - } + }, + "xyz.openbmc_project.User.Manager", dbusObjectPath, + "org.freedesktop.DBus.Properties", "Set", + "xyz.openbmc_project.User.Attributes", "UserEnabled", + dbus::utility::DbusVariantType{*enabled}); + } - if (roleId) - { - std::string priv = getPrivilegeFromRoleId(*roleId); - if (priv.empty()) + if (roleId) { - messages::propertyValueNotInList(asyncResp->res, *roleId, - "RoleId"); - return; - } + std::string priv = getPrivilegeFromRoleId(*roleId); + if (priv.empty()) + { + messages::propertyValueNotInList(asyncResp->res, *roleId, + "RoleId"); + return; + } - crow::connections::systemBus->async_method_call( - [asyncResp](const boost::system::error_code ec) { + crow::connections::systemBus->async_method_call( + [asyncResp](const boost::system::error_code ec) { if (ec) { BMCWEB_LOG_ERROR << "D-Bus responses error: " << ec; @@ -1249,27 +1247,27 @@ inline void updateUserProperties(std::shared_ptr<bmcweb::AsyncResp> asyncResp, return; } messages::success(asyncResp->res); - }, - "xyz.openbmc_project.User.Manager", dbusObjectPath, - "org.freedesktop.DBus.Properties", "Set", - "xyz.openbmc_project.User.Attributes", "UserPrivilege", - dbus::utility::DbusVariantType{priv}); - } + }, + "xyz.openbmc_project.User.Manager", dbusObjectPath, + "org.freedesktop.DBus.Properties", "Set", + "xyz.openbmc_project.User.Attributes", "UserPrivilege", + dbus::utility::DbusVariantType{priv}); + } - if (locked) - { - // admin can unlock the account which is locked by - // successive authentication failures but admin should - // not be allowed to lock an account. - if (*locked) + if (locked) { - messages::propertyValueNotInList(asyncResp->res, "true", - "Locked"); - return; - } + // admin can unlock the account which is locked by + // successive authentication failures but admin should + // not be allowed to lock an account. + if (*locked) + { + messages::propertyValueNotInList(asyncResp->res, "true", + "Locked"); + return; + } - crow::connections::systemBus->async_method_call( - [asyncResp](const boost::system::error_code ec) { + crow::connections::systemBus->async_method_call( + [asyncResp](const boost::system::error_code ec) { if (ec) { BMCWEB_LOG_ERROR << "D-Bus responses error: " << ec; @@ -1278,13 +1276,13 @@ inline void updateUserProperties(std::shared_ptr<bmcweb::AsyncResp> asyncResp, } messages::success(asyncResp->res); return; - }, - "xyz.openbmc_project.User.Manager", dbusObjectPath, - "org.freedesktop.DBus.Properties", "Set", - "xyz.openbmc_project.User.Attributes", - "UserLockedForFailedAttempt", - dbus::utility::DbusVariantType{*locked}); - } + }, + "xyz.openbmc_project.User.Manager", dbusObjectPath, + "org.freedesktop.DBus.Properties", "Set", + "xyz.openbmc_project.User.Attributes", + "UserLockedForFailedAttempt", + dbus::utility::DbusVariantType{*locked}); + } }); } |