Fix bmcweb crash problem when no-auth
This change is similiar as https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/49465 After insecure-disable-auth=enabled. it is not needed to do login and establish session before request. GET/PATCH /redfish/v1/AccountService/Accounts/<accountname>. (no matter account exist or not) It won't get any status code and cause the bmcweb service crashed. Solutions: Add #ifndef BMCWEB_INSECURE_DISABLE_AUTHENTICATION and [[maybe_unused]] const crow::Request& req Test: GET / PATCH with authless https://<bmcip>/redfish/v1/AccountService/Accounts/TestAccount Return 200 { "@odata.id": "/redfish/v1/AccountService/Accounts/TestAccount", "@odata.type": "#ManagerAccount.v1_4_0.ManagerAccount", "AccountTypes": [ "Redfish" ], "Description": "User Account", "Enabled": true, "Id": "TestAccount", "Links": { "Role": { "@odata.id": "/redfish/v1/AccountService/Roles/Administrator" } }, "Locked": false, "Locked@Redfish.AllowableValues": [ "false" ], "Name": "User Account", "Password": null, "PasswordChangeRequired": false, "RoleId": "Administrator", "UserName": "TestAccount" } GET nonexistent account https://<bmcip >/redfish/v1/AccountService/Accounts/TestAccountsss { "error": { "@Message.ExtendedInfo": [ { "@odata.type": "#Message.v1_1_1.Message", "Message": "The requested resource of type ManagerAccount named TestAccountsss was not found.", "MessageArgs": [ "ManagerAccount", "TestAccountsss" ], "MessageId": "Base.1.8.1.ResourceNotFound", "MessageSeverity": "Critical", "Resolution": "Provide a valid resource identifier and resubmit the request." } ], "code": "Base.1.8.1.ResourceNotFound", "message": "The requested resource of type ManagerAccount named TestAccountsss was not found." } } Signed-off-by:JunLin Chen <Jun-Lin.Chen@quantatw.com> Change-Id: Ic00020ac07950347973b54d49dacd44c4d4571b7 Signed-off-by:
Tony Lee <tony.lee@quantatw.com> Signed-off-by:
Ed Tanous <edtanous@google.com>
Loading
Please register or sign in to comment