diff options
author | Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> | 2018-09-06 07:11:07 +0530 |
---|---|---|
committer | Vernon Mauery <vernon.mauery@linux.intel.com> | 2018-12-03 16:43:39 +0000 |
commit | 472a37be3a4f6585fa2d30cdc69a27c38771c0bf (patch) | |
tree | dee5c93b48ebf4e24b3fd49bf211bbaf12b4fb69 | |
parent | d2563c52eea33c2e4575f34eddac564ba1a44d85 (diff) | |
download | phosphor-net-ipmid-472a37be3a4f6585fa2d30cdc69a27c38771c0bf.tar.gz phosphor-net-ipmid-472a37be3a4f6585fa2d30cdc69a27c38771c0bf.zip |
Command execution restriction based on privilege
Restrict IPMI command execution based on privilege of
the user session.
Unit test:
1. Verified the command execution as per the privilege
2. Executing higher privilege IPMI command fails
Change-Id: I5901f2b18f4f7ecb6311882de558f75b61836109
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
-rw-r--r-- | command_table.cpp | 33 |
1 files changed, 23 insertions, 10 deletions
diff --git a/command_table.cpp b/command_table.cpp index 90ff145..26859a5 100644 --- a/command_table.cpp +++ b/command_table.cpp @@ -1,5 +1,6 @@ #include "command_table.hpp" +#include "main.hpp" #include "message_handler.hpp" #include "message_parsers.hpp" #include "sessions_manager.hpp" @@ -95,20 +96,32 @@ std::vector<uint8_t> std::vector<uint8_t> response(message::parser::MAX_PAYLOAD_SIZE - 1); size_t respSize = commandData.size(); ipmi_ret_t ipmiRC = IPMI_CC_UNSPECIFIED_ERROR; - try + std::shared_ptr<session::Session> session = + std::get<session::Manager&>(singletonPool) + .getSession(handler.sessionID); + + if (session->curPrivLevel >= Entry::getPrivilege()) { - ipmiRC = functor(0, 0, reinterpret_cast<void*>(commandData.data()), - reinterpret_cast<void*>(response.data() + 1), - &respSize, NULL); + try + { + ipmiRC = functor(0, 0, reinterpret_cast<void*>(commandData.data()), + reinterpret_cast<void*>(response.data() + 1), + &respSize, NULL); + } + // IPMI command handlers can throw unhandled exceptions, catch those + // and return sane error code. + catch (const std::exception& e) + { + std::cerr << "E> Unspecified error for command 0x" << std::hex + << command.command << " - " << e.what() << "\n"; + respSize = 0; + // fall through + } } - // IPMI command handlers can throw unhandled exceptions, catch those - // and return sane error code. - catch (const std::exception& e) + else { - std::cerr << "E> Unspecified error for command 0x" << std::hex - << command.command << " - " << e.what() << "\n"; respSize = 0; - // fall through + ipmiRC = IPMI_CC_INSUFFICIENT_PRIVILEGE; } /* * respSize gets you the size of the response data for the IPMI command. The |