diff options
author | Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> | 2019-03-03 15:13:33 +0530 |
---|---|---|
committer | Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> | 2019-04-02 08:30:10 +0000 |
commit | 8af90ebcc552e243ae85aa9e9da1a00fbecab56c (patch) | |
tree | 874d2e02dc32e1ee71359b90427f03275da6b62b | |
parent | 992e53c775079d70346ef9f380fd2347b3905183 (diff) | |
download | phosphor-net-ipmid-master.tar.gz phosphor-net-ipmid-master.zip |
Skip IPMI Payload type commands, if IPMI messaging is disabled
for the user.
Tested-by:
Verified that commands are not executed through RMCP+ when
IPMI Messaging is disabled for the user through Set
Channel Acess command. Verified the reverse too.
Change-Id: Ibcfd2a18ccc8b0c498eb06ffb56363b94a735b5e
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
-rw-r--r-- | message_handler.cpp | 32 |
1 files changed, 23 insertions, 9 deletions
diff --git a/message_handler.cpp b/message_handler.cpp index a45c13c..e2aafb3 100644 --- a/message_handler.cpp +++ b/message_handler.cpp @@ -90,17 +90,31 @@ void Handler::executeCommand() auto command = inMessage->getCommand(); if (inMessage->payloadType == PayloadType::IPMI) { - if (inMessage->payload.size() < - (sizeof(LAN::header::Request) + sizeof(LAN::trailer::Request))) + auto session = + std::get<session::Manager&>(singletonPool).getSession(sessionID); + // Process PayloadType::IPMI only if ipmi is enabled or for sessionless + // or for session establisbment command + if (this->sessionID == session::SESSION_ZERO || + session->sessionUserPrivAccess.ipmiEnabled) { - return; + if (inMessage->payload.size() < + (sizeof(LAN::header::Request) + sizeof(LAN::trailer::Request))) + { + return; + } + + auto start = + inMessage->payload.begin() + sizeof(LAN::header::Request); + auto end = inMessage->payload.end() - sizeof(LAN::trailer::Request); + std::vector<uint8_t> inPayload(start, end); + std::get<command::Table&>(singletonPool) + .executeCommand(command, inPayload, shared_from_this()); + } + else + { + std::vector<uint8_t> payload{IPMI_CC_INSUFFICIENT_PRIVILEGE}; + outPayload = std::move(payload); } - - auto start = inMessage->payload.begin() + sizeof(LAN::header::Request); - auto end = inMessage->payload.end() - sizeof(LAN::trailer::Request); - std::vector<uint8_t> inPayload(start, end); - std::get<command::Table&>(singletonPool) - .executeCommand(command, inPayload, shared_from_this()); } else { |