MB-28630: Try to catch std::bad_function_call during privilege check

trondn · trondn · commit b3629c96831c · 2018-03-13T10:33:04.000Z
The std::bad_function_call is thrown when a std::function is called but no function is specified (whithout any sensible context for us to locate where it comes from). My gut feeling tells me this is because the system is in a hosed state (most likely cookie corruption), but in order to try to locate where it is being thrown we need to start narrowing the places to look. Change-Id: I8fdbab0f0baf0eeecf38e910b70153624de15ef2 Reviewed-on: http://review.couchbase.org/90844 Tested-by: Build Bot <build@couchbase.com> Reviewed-by: Dave Rigby <daver@couchbase.com>
diff --git a/daemon/mcbp_privileges.cc b/daemon/mcbp_privileges.cc
@@ -21,6 +21,27 @@
 
 using namespace cb::rbac;
 
+PrivilegeAccess McbpPrivilegeChains::invoke(protocol_binary_command command,
+                                            Cookie& cookie) {
+    auto& chain = commandChains[command];
+    if (chain.empty()) {
+        return cb::rbac::PrivilegeAccess::Fail;
+    } else {
+        try {
+            return chain.invoke(cookie);
+        } catch (const std::bad_function_call&) {
+            LOG_WARNING(
+                    "{}: bad_function_call caught while evaluating access "
+                    "control for opcode: {:x}",
+                    cookie.getConnection().getId(),
+                    command);
+            // Let the connection catch the exception and shut down the
+            // connection
+            throw;
+        }
+    }
+}
+
 template <Privilege T>
 static PrivilegeAccess require(Cookie& cookie) {
     return cookie.getConnection().checkPrivilege(T, cookie);
diff --git a/daemon/mcbp_privileges.h b/daemon/mcbp_privileges.h
@@ -48,14 +48,7 @@ class McbpPrivilegeChains {
      *         Stale - the authentication context is out of date
      */
     cb::rbac::PrivilegeAccess invoke(protocol_binary_command command,
-                                     Cookie& cookie) {
-        auto& chain = commandChains[command];
-        if (chain.empty()) {
-            return cb::rbac::PrivilegeAccess::Fail;
-        } else {
-            return chain.invoke(cookie);
-        }
-    }
+                                     Cookie& cookie);
 
 protected:
     /*
