From 9a61b4f4e9213608653852ba2388fa89663029c3 Mon Sep 17 00:00:00 2001
From: Tom Joseph <tomjoseph@in.ibm.com>
Date: Mon, 11 Jul 2016 06:56:11 -0500
Subject: Whitelist IPMI commands based on Restricted mode

Whitelisting of IPMI commands is done to ensure that in restricted
mode only whitelisted commands are executed. Commands that are not
whitelisted is restricted and insufficient privilege is returned as the
completion code.

When the server is deployed it would be set to restricted mode. In this
scenario certain IPMI commands need to be restricted which would not be
added to the whitelist.

Change-Id: I90b8124e34263c4ffc5bcf06a28a7e88231aaf40
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>
---
 generate_whitelist.sh | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100755 generate_whitelist.sh

(limited to 'generate_whitelist.sh')

diff --git a/generate_whitelist.sh b/generate_whitelist.sh
new file mode 100755
index 0000000..e0dded3
--- /dev/null
+++ b/generate_whitelist.sh
@@ -0,0 +1,27 @@
+#/bin/sh
+
+# Ensure some files have been passed.
+if [ "x$*" == "x" ]; then
+    echo "Usage: $0 [whitelist_files+]" >&2
+    exit -1
+fi
+
+cat << EOF
+#include <ipmiwhitelist.H>
+
+const std::vector<netfncmd_pair> whitelist = {
+
+EOF
+
+# Output each row of whitelist vector.
+# Concatenate all the passed files.
+# Remove comments and empty lines.
+# Sort the list [numerically].
+# Remove any duplicates.
+# Turn "a:b //<NetFn>:<Command>" -> "{ a, b }, //<NetFn>:<Command>"
+cat $* | sed "s/#.*//" | sed '/^$/d' | sort -n | uniq | sed "s/^/    { /" | \
+    sed "s/\:\(....\)\(.*\)/ , \1 }, \2/"
+
+cat << EOF
+};
+EOF
-- 
cgit v1.2.1