diff options
| author | Ed Tanous <edtanous@google.com> | 2021-06-15 01:28:56 +0300 |
|---|---|---|
| committer | Ed Tanous <edtanous@google.com> | 2021-06-16 01:18:05 +0300 |
| commit | 432a890cfca335e565b770b1604ed4e547c5a732 (patch) | |
| tree | b6e3cb5fbacce2b0c58944a8428366e5eec5594c /include/vm_websocket.hpp | |
| parent | f9a6708c4c6490257e2eb6a8c04458f500902476 (diff) | |
| download | bmcweb-432a890cfca335e565b770b1604ed4e547c5a732.tar.xz | |
Remove ambiguous privileges constructor
There are a number of endpoints that assume that a given routes
privileges are governed by a single set of privileges, instead of
multiple sets ORed together. To handle this, there were two overloads
of the privileges() method, one that took a vector of Privileges, and
one that took an initializer_list of const char*. Unfortunately, this
leads some code in AccountService to pick the wrong overload when it's
called like this
.privileges( {{"ConfigureUsers"}, {"ConfigureManager"},
{"ConfigureSelf"}})
This is supposed to be "User must have ConfigureUsers, or
ConfigureManager, or ConfigureSelf". Currently, because it selects the
wrong overload, it computes to "User must have ConfigureUsers AND
ConfigureManager AND ConfigureSelf.
The double braces are supposed to cause this to form a vector of
Privileges, but it appears that the initializer list gets consumed, and
the single invocation of initializer list is called. Interestingly,
trying to put in a privileges overload of
intializer_list<initializer_list<const char*>> causes the compilation to
fail with an ambiguous call error, which is what I would've expected to
see previously in this case, but alas, I'm only a novice when it comes
to how the C++ standard works in these edge cases. This is likely due
in part to the fact that they were templates of an unused template param
(seemingly copied from the previous method) and SFINAE rules around
templates.
This commit functionally removes one of the privileges overloads, and
adds a second set of braces to every privileges call that previously had
a single set of braces. Previous code will not compile now, which is
IMO a good thing.
This likely popped up in the Node class removal, because the Node class
explicitly constructs a vector of Privilege objects, ensuing it can hit
the right overload
Tested:
Ran Redfish service validator
Tested the specific use case outlined on discord with:
Creating a new user with operator privilege:
```
redfishtool -S Always -u root -p 0penBmc -vvvvvvvvv -r 192.168.7.2
AccountService adduser foo mysuperPass1 Operator
```
Then attempting to list accounts:
```
curl -vvvv --insecure --user foo:mysuperPass1
https://192.168.7.2/redfish/v1/AccountService/Accounts/foo
```
Which succeeded and returned the account in question.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I83e62b70e97f56dc57d43b9081f333a02fe85495
Diffstat (limited to 'include/vm_websocket.hpp')
| -rw-r--r-- | include/vm_websocket.hpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/vm_websocket.hpp b/include/vm_websocket.hpp index a175f0a82f..02f958a180 100644 --- a/include/vm_websocket.hpp +++ b/include/vm_websocket.hpp @@ -156,7 +156,7 @@ static std::shared_ptr<Handler> handler; inline void requestRoutes(App& app) { BMCWEB_ROUTE(app, "/vm/0/0") - .privileges({"ConfigureComponents", "ConfigureManager"}) + .privileges({{"ConfigureComponents", "ConfigureManager"}}) .websocket() .onopen([](crow::websocket::Connection& conn, const std::shared_ptr<bmcweb::AsyncResp>&) { |