summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--command/rakp12.cpp19
1 files changed, 14 insertions, 5 deletions
diff --git a/command/rakp12.cpp b/command/rakp12.cpp
index 2854716..17a7483 100644
--- a/command/rakp12.cpp
+++ b/command/rakp12.cpp
@@ -124,10 +124,19 @@ std::vector<uint8_t> RAKP12(const std::vector<uint8_t>& inPayload,
static_cast<uint8_t>(RAKP_ReturnCode::INSUFFICIENT_RESOURCE);
return outPayload;
}
-
+ // As stated in Set Session Privilege Level command in IPMI Spec, when
+ // creating a session through Activate command / RAKP 1 message, it must be
+ // established with CALLBACK privilege if requested for callback. All other
+ // sessions are initialy set to USER privilege, regardless of the requested
+ // maximum privilege.
+ session->curPrivLevel = session::Privilege::CALLBACK;
+ if (static_cast<session::Privilege>(request->req_max_privilege_level &
+ session::reqMaxPrivMask) >
+ session::Privilege::CALLBACK)
+ {
+ session->curPrivLevel = session::Privilege::USER;
+ }
session->reqMaxPrivLevel = request->req_max_privilege_level;
- session->curPrivLevel = static_cast<session::Privilege>(
- request->req_max_privilege_level & session::reqMaxPrivMask);
if (request->user_name_len == 0)
{
// Bail out, if user name is not specified.
@@ -178,8 +187,8 @@ std::vector<uint8_t> RAKP12(const std::vector<uint8_t>& inPayload,
return outPayload;
}
session->chNum = chNum;
- // minimum privilege of Channel / User / requested has to be used
- // as session current privilege level
+ // minimum privilege of Channel / User / session::privilege::USER/CALLBACK /
+ // has to be used as session current privilege level
uint8_t minPriv = 0;
if (chAccess.privLimit < userAccess.privilege)
{
OpenPOWER on IntegriCloud