diff options
| author | Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> | 2019-01-16 12:15:44 +0530 |
|---|---|---|
| committer | Tom Joseph <tomjoseph@in.ibm.com> | 2019-01-29 06:38:21 +0000 |
| commit | d5a4f45e1ef5408876069af570e7b0d006c5b5db (patch) | |
| tree | b8009e8113330b6ced3b2401e7d008033c164936 /command | |
| parent | 5f1dd316fca522a8b32547ef2466714c62e1d7d6 (diff) | |
| download | phosphor-net-ipmid-d5a4f45e1ef5408876069af570e7b0d006c5b5db.tar.gz phosphor-net-ipmid-d5a4f45e1ef5408876069af570e7b0d006c5b5db.zip | |
Fix: Set proper session privilege for RAKP 1
As per Set session privilege level command in IPMI specification
when creating a session through Activate command / RAKP 1 message, it
must be established with CALLBACK privilege if requested for callback.
All other sessions are initialy set to USER privilege, regardless of
the requested maximum privilege.
Unit-Test:
Verified the ipmi session establishement through -L command for user
with USER privilege, and verified that Get Device ID not executed,
when established for callback user privilege.
Change-Id: I8196b8e857b726773f6727ec5dd3b835f8759cde
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Diffstat (limited to 'command')
| -rw-r--r-- | command/rakp12.cpp | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/command/rakp12.cpp b/command/rakp12.cpp index 2854716..17a7483 100644 --- a/command/rakp12.cpp +++ b/command/rakp12.cpp @@ -124,10 +124,19 @@ std::vector<uint8_t> RAKP12(const std::vector<uint8_t>& inPayload, static_cast<uint8_t>(RAKP_ReturnCode::INSUFFICIENT_RESOURCE); return outPayload; } - + // As stated in Set Session Privilege Level command in IPMI Spec, when + // creating a session through Activate command / RAKP 1 message, it must be + // established with CALLBACK privilege if requested for callback. All other + // sessions are initialy set to USER privilege, regardless of the requested + // maximum privilege. + session->curPrivLevel = session::Privilege::CALLBACK; + if (static_cast<session::Privilege>(request->req_max_privilege_level & + session::reqMaxPrivMask) > + session::Privilege::CALLBACK) + { + session->curPrivLevel = session::Privilege::USER; + } session->reqMaxPrivLevel = request->req_max_privilege_level; - session->curPrivLevel = static_cast<session::Privilege>( - request->req_max_privilege_level & session::reqMaxPrivMask); if (request->user_name_len == 0) { // Bail out, if user name is not specified. @@ -178,8 +187,8 @@ std::vector<uint8_t> RAKP12(const std::vector<uint8_t>& inPayload, return outPayload; } session->chNum = chNum; - // minimum privilege of Channel / User / requested has to be used - // as session current privilege level + // minimum privilege of Channel / User / session::privilege::USER/CALLBACK / + // has to be used as session current privilege level uint8_t minPriv = 0; if (chAccess.privLimit < userAccess.privilege) { |
