| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Skip IPMI Payload type commands, if IPMI messaging is disabled
for the user.
Tested-by:
Verified that commands are not executed through RMCP+ when
IPMI Messaging is disabled for the user through Set
Channel Acess command. Verified the reverse too.
Change-Id: Ibcfd2a18ccc8b0c498eb06ffb56363b94a735b5e
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of querying the user & channel access for every time
cache the same during session creation, and use it for
enforcements.
Tested-by:
Verified that RMCP+ session establishment works as expected
including INSUFFICIENT_PRIVILEGE error.
Change-Id: Ib5a05bd07cc9aabf2625a18090fd905d93489b24
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
| |
|
|
|
|
|
| |
Installs into bin instead of sbin per guidelines.
Signed-off-by: Patrick Venture <venture@google.com>
Change-Id: I6ce824eb1be11356c0b902f90bdc6e8c2ede950c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to the IPMI spec,No of possible active session is
one byte - BIT5-BIT0 so 63 is the max active session we can have.
- 15 was chosen as it seems to be reasonable.
Tested: Able to establish the 14 LAN sessions and 1 reserved for
sessionless connection.
Get session Info command should provide 15 as max no of ipmi session
Signed-off-by: Suryakanth Sekar <suryakanth.sekar@linux.intel.com>
Change-Id: I1bc2003502f35c1d15de18cdf2874cd6ce74006e
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Don't allow user to establish session with NOACCESS
user privilege.
Tested-by:
1. Updated the user privilege to NO_ACCESS and verified
RMCP+ session establishement errors out.
Change-Id: I787a787a3198a7e0550ac01962e69aab0041cccf
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Invalid length error check added for disable payload command
Tested:
1. Verified negative case by providing improper length
ipmitool -I lanplus -H x.x.x.x -U root -P 0penBmc raw 6 0x49 0x11 0x01
0x00 0x00 0x00 0x00 0x00 0x00
2. Verified normal case works fine.
Change-Id: I1d0dfcadb2dbaf4f538597fbff236540127a3667
Signed-off-by: Sumanth Bhat <sumanth.bhat@intel.com>
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Handle channel number input in Get Channel authentication
capabilities command. Validate input params, and return
data accordingly
Tested:
1. Verifid RMCP+ successful session establishement
2. ipmitool -I lanplus -H x.x.x.x -U root -P 0penBmc raw 6 0x38 1 4
with response
01 80 04 02 00 00 00 00
3. Verified negative tests like invalid length, invalid field,
invalid channel number (Sessionless)
Change-Id: Id8b4068b94ead281f00282fd709a3f7944887201
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
| |
Now that all the provider libraries are only loaded by the main ipmid
queue, there are no callers for the event object, so it can be removed.
The same goes for the event loop; all users of the sd_event object have
been replaced with boost::asio, so it can be removed.
Change-Id: Id271c4960a2c5386d6163cc9baecdc368e5e328f
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The dbus call to the main ipmid queue was up to this point synchronous,
which means it blocks all other networking and execution until the main
queue returns (which may be on the order of seconds for some commands).
This is an unacceptable delay, especially when this queue is responsible
for timely updates of SOL traffic.
This turns the call into an asynchronous one by leveraging shared
pointers and an optional action on destruction. So as long as a
reference to the Handler object exists, it will live on, waiting to send
its response. Once the async dbus call has returned and set the reply in
the Handler, it will drop the reference to the shared pointer and the
destructor will send out the response over the channel.
Tested-by: Run multiple sessions at the same time while monitoring dbus
traffic. See that the requests and responses may be
interleaved instead of serial.
Change-Id: I16fca8dc3d13624eeb1592ec36d1a9af6575f115
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
| |
To be able to support asynchronous dbus calls, the main bus object
should be an sdbusplus::asio::connection.
Change-Id: Ib7d3474eb32505d2326f0d6db9566528a58ccd03
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
All ipmi processing is now done in the main ipmi queue
(phosphor-host-ipmid) and messages are passed via dbus. This removes the
handler registration for providers and just passes the message along to
the main queue instead of executing the provider in-situ. This makes the
net-ipmid more like the bt-bridge or kcs-bridge that are simple channel
handlers that move messages from a medium to the queue.
Change-Id: Icc9d580fd5546505c95acf0bea47c70e09809b7d
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
|
| |
phosphor-host-ipmid now exposes a library along with headers for
interfacing with the ipmi daemon. Compile and link against the new
library.
Change-Id: Ifb914004df2b73cff913bf653db14ff2e710434f
Signed-off-by: William A. Kennington III <wak@google.com>
|
| |
|
|
|
|
|
|
| |
Use the defaults in the pkg check where the default error message is
sufficient to identify which package is missing.
Change-Id: I9222c872ae76c7fce1d05fde9fcbf14563fda447
Signed-off-by: Patrick Venture <venture@google.com>
|
| |
|
|
|
|
|
|
| |
With libuserlayer splitting out the channel code into a separate
library, this needs to be linked in as well.
Change-Id: I23c7e3837b119e4a7906e4a0754eeba0a57abd64
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit does the following:
- Set the maximum privilege role in the session instead of current privilege
in the implementation of the open session request/response.
- In open session response, return the maximum privilege of the session
instead of the current privilege level.
- Update RAKP12 and RAKP34 implementation
Tested: Checked the session setup works fine with ipmitool and freeipmi
utility ipmipower.
Change-Id: I41b63b91f08c2ed96856c4db41eedaa878c663e3
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>
|
| |
|
|
|
| |
Change-Id: I2159e6c9b59b13962b387043572d25e07ddad9cb
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>
|
| |
|
|
|
| |
Change-Id: I9340c9da524831a68192424c68efc7a4910407d7
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>
|
| |
|
|
|
| |
Change-Id: Ifd2542725d7e14e96b05b0eded9a5e6d0062d73e
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
The message::Handler class was directly manipulating a bunch of stuff
on behalf of the message::Message class. This change moves more of the
changes into the message::Message class so it can manage its own data.
Change-Id: I5d31f6c3c5760207408238d048853e36a60c73e0
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
|
| |
The IPMI SOL console was using sd_event-based timers directly (without
any abstraction). This moves to a much higher level abstraction that is
very easy to use: asio timers.
Change-Id: Id5df76a1918cdfae420e01884d664234810b7abd
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
| |
Rewrite the SOL console sockets use boost::asio. This reduces code size
and ties better into the main asio io loop.
Change-Id: Ia79b9aa3fa3c7ce1ddd9b609b032160a88394f8c
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
| |
Replacing the raw socket code with boost::asio sockets once again
provides a simple API with fewer lines of code.
Change-Id: Ibdd4b5ecbead947128200f17025c351d9b3ec859
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As per Set session privilege level command in IPMI specification
when creating a session through Activate command / RAKP 1 message, it
must be established with CALLBACK privilege if requested for callback.
All other sessions are initialy set to USER privilege, regardless of
the requested maximum privilege.
Unit-Test:
Verified the ipmi session establishement through -L command for user
with USER privilege, and verified that Get Device ID not executed,
when established for callback user privilege.
Change-Id: I8196b8e857b726773f6727ec5dd3b835f8759cde
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Return 0 as session id, for non active payload instance instead
of failure error code. This is as per IPMI specification
Get Payload Instance Info command.
Unit-test:
1. Verified the reponse of
ipmitool -I lanplus -H 127.0.0.1 -U root -P 0penBmc raw 6 0x4B 1 1
with session id 0, when no SOL is session is active, and with proper
session id, when SOL session is active
Change-Id: I41e5378606f8f4d4c15f1bb07fd635098b837f4a
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RAKP message 1 must match exact privilege, when Username/privilege
lookup bit is set as per IPMI specification. This fixes the bug
of allowing session setup if the requested privilege is less than
user privilege, which is allowed for name-only lookup.
Unit-test:
After creating a user with operator privilege verified that following
command works
ipmitool -I lanplus -H xx.xx.xx.xx -U <user> -P <passord> raw 6 1 -L user
following command failed to estabilish session
ipmitool -I lanplus -H xx.xx.xx.xx -U <user> -P <passord> raw 6 1 -L user+
Change-Id: I90a2f841b3190e95bb23ba2a368aa134c7a7aea9
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
| |
|
|
|
|
|
|
|
| |
boost::asio provides a signal handling interface that looks familiar to
the rest of its async API. This will allow the event loop to cleanly
shut down upon receipt of SIGTERM or SIGINT.
Change-Id: I6a888a0bb0206e885da9e0fcf4856b96ec93a461
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
| |
This is part of a cleanup and standardization effort of code to get
existing code up to date.
Change-Id: I0c982ef8d7afa2f56a9cd204bb8ac3112769641c
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Abstract unix sockets start with the nul-charater, but are not nul
terminated. In fact, the nul-character has no meaning in the path.
According to the man page unix(7),
abstract: an abstract socket address is distinguished (from a pathname
socket) by the fact that sun_path[0] is a null byte ('\0').
The socket's address in this namespace is given by the
additional bytes in sun_path that are covered by the
specified length of the address structure. (Null bytes in
the name have no special significance.)
This means that when calling bind/connect, the size of the sockaddr
structure is not sizeof(sockaddr_un), it is sizeof(sockaddr_un) -
sizeof(sun_path) + (path_len)
Change-Id: I61f967d9215afb00e9e5c22f535f5c252b41d3af
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Support for privilege based lookup, with user name is added.
Still NULL user name is not supported for user/privilege based
lookup for security reasons
Unit-Test:
Verified ipmitool session with -L <privielge>+ and also verified
that RAKP12 fails, when requested privilege is more than the user
privilege.
ipmitool -I lanplus -H xx.xx.xx.xx -U root -P 0penBmc -L Administrator+
raw 6 1
Change-Id: Ia97d4f3091c5ca7e3b688188ce1690c17fce9891
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
| |
Replacing the event loop with asio provides for more flexibility and
less code than the sd_event model. Intially, this will require the loop
to handle both sd_events with a wrapper, but after all the sd_event
sources are replaced with asio event sources the wrapper can be removed.
Change-Id: Icf020c6c26a214bb1239641733c89603501c0c49
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit d2563c52eea33c2e4575f34eddac564ba1a44d85.
As CI test cases are updated to work with mandatory
-U options, this commit is reverted. Going forward in order
to establish a RMCP+ session, user name with -U option is
mandatory
Change-Id: I2e1405562f0c20d34b2fcd5a2bba668c87cc7f06
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Restrict IPMI command execution based on privilege of
the user session.
Unit test:
1. Verified the command execution as per the privilege
2. Executing higher privilege IPMI command fails
Change-Id: I5901f2b18f4f7ecb6311882de558f75b61836109
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
W/A code added for CI Test cases to pass, which uses empty
user name with 0penBmc as password. The following code
allows the same to keep the test case going.
This commit has to be removed once test cases are updated to
include "-U root" option.
Unit-Test:
1. Verfied by issuing
ipmitool -I lanplus -C 3 -H X.X.X.X -P 0penBmc raw 6 1
Change-Id: I9e9d6ead0630a553efbd66d6bbee3ddb7eef527e
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
| |
|
|
|
|
|
|
| |
In main, wrapping the raw sd_bus object with an sdbusplus class makes
deals with the unref problem automatically.
Change-Id: I7d21c21bc09cc96e2d4b07d1b51b6f82239e0793
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
| |
Change-Id: Id0e482705e8fda39270ec2e6c3534f81d11797b3
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
| |
session objects were being created and held by shared_ptr objects and
then shared via reference. This is dangerous and sidesteps the whole
point of a shared_ptr, which is to share reference-counted ownership.
This replaces the usage with a shared_ptr, which shows shared ownership.
Change-Id: Ie22d812a6d260d606201eca6a9011e773c89e487
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
| |
Messages were being created and held by unique_ptr objects and then
shared via reference. This is dangerous and sidesteps the whole point of
a unique_ptr, which is to enforce single ownership. This replaces the
usage with a shared_ptr, which denotes shared ownership.
Change-Id: I19ed2693f5a0f5ce47d720ed255fa05bdf3844f8
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Implementation of RMCP login support with appropriate
privilege level.
Unit Test:
1. Verified that user is able to login without any issues
2. Privilege of the user is minimum of requested, user & channel
3. Unable to set higher privilege using Set session commands
Change-Id: I5e9ef21dfc1f1b50aa815562a3a65d90c434877c
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
| |
Defining the sudo API's for returning channel
index for self channel. This API returns LAN1
for net-ipmi.
Change-Id: Icefd5d949e94d4399adaffdad102ccb18c1b7cdc
Signed-off-by: ssekar <suryakanth.sekar@intel.com>
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
std::rand is insecure. Add a simple openssl-crypto wrapper for a similar
interface that can replace it.
Tested-by: Run ipmitool six times in parallel to see that five
independent sessions are created and the sixth one causes the
BMC to dump the session list on the console. Note that the
session numbers are still random.
Change-Id: I0b387f1343abefc45be0d62cf9af45fbd5563047
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
| |
The Session class is a fairly simple class, no need for an external cpp
file; make it all header-only and allow the compiler to do its job.
Change-Id: Ibbe7e963762926ec04c75ab187a5b8045de851f4
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
| |
main doesn't currently use any arguments, so no point in even declaring
them.
Change-Id: Ibc7ad06a7f6d92a407493141f77fa3c953933c0e
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
| |
The documentation says sd_bus_default_system() is preferred over
sd_bus_open_system() because all the calls to sd_bus_default_system()
will use the same resources, whereas the sd_bus_open_system() will
create a new connection and consume more resources for every call.
Change-Id: Ifc6a62cf9d35df3615d1133ef5c8f115ff462d98
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This adds a few more files to the ignore list:
vi swap files
cscope artifacts
patch orig and rej
~ temp copies
Change-Id: I33e1e6f9b378b87492846c1c52b3474f83eec4b5
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove the local timer class, migrating to the sdbusplus/timer.hpp class
for now. As the project moves toward the single ipmi execution queue the
timers will all go away anyway in preference to the asio timers.
Tested-by: making changes to the network via rmcp+ with ipmitool. This
should make use of the networkTimer variable that was
changed from the internal timer class to the sdbusplus timer
class.
Change-Id: I4a86e3b9c1f3cfefee1e112229dcb63aa5119f2f
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Following the example of openbmc/openbmc#3364, adding -flto to CXX flags
in order to reduce overall library and binary sizes.
Ref:
https://gcc.gnu.org/wiki/LinkTimeOptimization
Change-Id: Iad0c9ccf5c0409321da4aaef21882eb7171e14b0
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[command/guid.cpp:37]: (style) The scope of the variable 'rc' can be
reduced.
[socket_channel.hpp:44]: (performance) Variable 'timeout' is assigned
in constructor body. Consider performing initialization in
initialization list.
[sd_event_loop.cpp:107]: (style) The scope of the variable 'instance'
can be reduced.
[sd_event_loop.cpp:108]: (style) The scope of the variable 'rc' can be
reduced.
[sd_event_loop.cpp:142]: (style) The scope of the variable 'instance'
can be reduced.
[sd_event_loop.cpp:304]: (style) The scope of the variable 'rc' can be
reduced.
Change-Id: Id090cb217ea7ed9019f1b8d39ebebd6bb73113b1
Signed-off-by: Patrick Venture <venture@google.com>
|
| |
|
|
|
|
|
|
|
|
| |
Update code to remove mapbox-style interface usages.
Tested-by: run ipmitool to start a remote connection. See that sessions
can be started, same as before change.
Change-Id: Ifc1a30069b6dc4e2d3706e1ca93f6b965552a051
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
| |
For external header files, us the system path include style to fit with
the standard coding style of the project.
Change-Id: Iba08b6b5adf20ebf7cebdb2d39aaad84463e3ff3
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
All of the instances of getSession and startSession were assigning the
result to a local shared_ptr via lock on the weak_ptr. It doesn't make
sense to demote the shared_ptr (from the sessionsMap) to a weak_ptr via
the return, only to promote to a shared_ptr again via lock.
Tested-by: running ipmitool -H a.b.c.d -P 0penBmc -I lanplus mc info
Sessions start and stop, same as before.
Change-Id: Ic10779285891d73ee51115f16ed0000b38d1c52a
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
