From a249a0821fc38580249ecfd38bd05d8fb6a7b95d Mon Sep 17 00:00:00 2001
From: Yong Li <yong.b.li@linux.intel.com>
Date: Tue, 29 Oct 2019 13:37:17 +0800
Subject: Limit the set bmc global command to system interface only

Only accept command from system interface, to align with the IPMI spec.

Tested:
In UEFI the comand works:
cmdtool.efi 20 18 2e 9
00

The command will fail if execute through network:
ipmitool -H $BMCIP  -Uroot -P 0penBmc -I lanplus raw 6 0x2e 9
Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0 cmd=0x2e rsp=0xd5):
Command not supported in present state

Signed-off-by: Yong Li <yong.b.li@linux.intel.com>
Change-Id: I4e65cdf88fbc9364532ae04da3a7219f432dee6b
---
 systemintfcmds.cpp | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/systemintfcmds.cpp b/systemintfcmds.cpp
index 9ec65d1..7b2536a 100644
--- a/systemintfcmds.cpp
+++ b/systemintfcmds.cpp
@@ -106,6 +106,24 @@ ipmi::RspType<> ipmiAppSetBMCGlobalEnable(
     bool systemEventLogEnable, uint1_t reserved, bool OEM0Enabled,
     bool OEM1Enabled, bool OEM2Enabled)
 {
+    ipmi::ChannelInfo chInfo;
+
+    if (ipmi::getChannelInfo(ctx->channel, chInfo) != ipmi::ccSuccess)
+    {
+        phosphor::logging::log<phosphor::logging::level::ERR>(
+            "Failed to get Channel Info",
+            phosphor::logging::entry("CHANNEL=%d", ctx->channel));
+        return ipmi::responseUnspecifiedError();
+    }
+
+    if (chInfo.mediumType !=
+        static_cast<uint8_t>(ipmi::EChannelMediumType::systemInterface))
+    {
+        phosphor::logging::log<phosphor::logging::level::ERR>(
+            "Error - supported only in system interface");
+        return ipmi::responseCommandNotAvailable();
+    }
+
     // Recv Message Queue and SEL are enabled by default.
     // Event Message buffer are disabled by default (not supported).
     // Any request that try to change the mask will be rejected
-- 
cgit v1.2.1