| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of querying the user & channel access for every time
cache the same during session creation, and use it for
enforcements.
Tested-by:
Verified that RMCP+ session establishment works as expected
including INSUFFICIENT_PRIVILEGE error.
Change-Id: Ib5a05bd07cc9aabf2625a18090fd905d93489b24
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Don't allow user to establish session with NOACCESS
user privilege.
Tested-by:
1. Updated the user privilege to NO_ACCESS and verified
RMCP+ session establishement errors out.
Change-Id: I787a787a3198a7e0550ac01962e69aab0041cccf
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit does the following:
- Set the maximum privilege role in the session instead of current privilege
in the implementation of the open session request/response.
- In open session response, return the maximum privilege of the session
instead of the current privilege level.
- Update RAKP12 and RAKP34 implementation
Tested: Checked the session setup works fine with ipmitool and freeipmi
utility ipmipower.
Change-Id: I41b63b91f08c2ed96856c4db41eedaa878c663e3
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As per Set session privilege level command in IPMI specification
when creating a session through Activate command / RAKP 1 message, it
must be established with CALLBACK privilege if requested for callback.
All other sessions are initialy set to USER privilege, regardless of
the requested maximum privilege.
Unit-Test:
Verified the ipmi session establishement through -L command for user
with USER privilege, and verified that Get Device ID not executed,
when established for callback user privilege.
Change-Id: I8196b8e857b726773f6727ec5dd3b835f8759cde
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RAKP message 1 must match exact privilege, when Username/privilege
lookup bit is set as per IPMI specification. This fixes the bug
of allowing session setup if the requested privilege is less than
user privilege, which is allowed for name-only lookup.
Unit-test:
After creating a user with operator privilege verified that following
command works
ipmitool -I lanplus -H xx.xx.xx.xx -U <user> -P <passord> raw 6 1 -L user
following command failed to estabilish session
ipmitool -I lanplus -H xx.xx.xx.xx -U <user> -P <passord> raw 6 1 -L user+
Change-Id: I90a2f841b3190e95bb23ba2a368aa134c7a7aea9
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
| |
|
|
|
|
|
|
| |
This is part of a cleanup and standardization effort of code to get
existing code up to date.
Change-Id: I0c982ef8d7afa2f56a9cd204bb8ac3112769641c
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Support for privilege based lookup, with user name is added.
Still NULL user name is not supported for user/privilege based
lookup for security reasons
Unit-Test:
Verified ipmitool session with -L <privielge>+ and also verified
that RAKP12 fails, when requested privilege is more than the user
privilege.
ipmitool -I lanplus -H xx.xx.xx.xx -U root -P 0penBmc -L Administrator+
raw 6 1
Change-Id: Ia97d4f3091c5ca7e3b688188ce1690c17fce9891
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit d2563c52eea33c2e4575f34eddac564ba1a44d85.
As CI test cases are updated to work with mandatory
-U options, this commit is reverted. Going forward in order
to establish a RMCP+ session, user name with -U option is
mandatory
Change-Id: I2e1405562f0c20d34b2fcd5a2bba668c87cc7f06
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
W/A code added for CI Test cases to pass, which uses empty
user name with 0penBmc as password. The following code
allows the same to keep the test case going.
This commit has to be removed once test cases are updated to
include "-U root" option.
Unit-Test:
1. Verfied by issuing
ipmitool -I lanplus -C 3 -H X.X.X.X -P 0penBmc raw 6 1
Change-Id: I9e9d6ead0630a553efbd66d6bbee3ddb7eef527e
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Implementation of RMCP login support with appropriate
privilege level.
Unit Test:
1. Verified that user is able to login without any issues
2. Privilege of the user is minimum of requested, user & channel
3. Unable to set higher privilege using Set session commands
Change-Id: I5e9ef21dfc1f1b50aa815562a3a65d90c434877c
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
All of the instances of getSession and startSession were assigning the
result to a local shared_ptr via lock on the weak_ptr. It doesn't make
sense to demote the shared_ptr (from the sessionsMap) to a weak_ptr via
the return, only to promote to a shared_ptr again via lock.
Tested-by: running ipmitool -H a.b.c.d -P 0penBmc -I lanplus mc info
Sessions start and stop, same as before.
Change-Id: Ic10779285891d73ee51115f16ed0000b38d1c52a
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
| |
Lots of whitespace change. Let clang-format do its job and keep the code
looking nice.
Change-Id: Idfcad1a99cab8170d55a06163de8ad3f420b68b7
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The current support in IPMI is for the nameless account, which has
no username and only password associated with the account. In
ipmitool for the nameless account -U option is not needed. There are
management scripts which take a parameter for -U option and fails
if -U option is not supported by ipmitool option. This patch is to
support "admin" username for the default account. Once full fledged
user account management is in place, this change can be removed.
Change-Id: Idad73c0d04f189af66f2365424a68a637fe0e476
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>
|
| |
|
|
|
|
|
|
|
|
| |
net-ipmid is noisy in terms of journal logging. A small step towards
cleaning that up.
Partially Resolves openbmc/openbmc#2507
Change-Id: I78e0286fb37086373c86dca276c0948f4595cb0a
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GUID is used in the IPMI session setup steps RAKP12 and RAKP34.
The GUID is read from the DBUS property. It is observed that
when the host is booting, reading the GUID takes a significant
delay and the session setup fails with ipmitool. Since GUID doesn't
change for a machine, it is safe to cache GUID in the netipmid and
speed up the session setup.
Resolves openbmc/openbmc#1812
Resolves openbmc/openbmc#2245
Resolves openbmc/openbmc#2246
Change-Id: I78c993b3e5ef8b6764457c8fdb3ecb985b965c0c
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>
|
| |
|
|
|
|
|
| |
Resolves openbmc/openbmc#857
Change-Id: I0b7ca6665dd89629838a238d77aff67fec1818c7
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>
|
|
|
Change-Id: Ibe7309651d022de6bd6c7b561493fd085d0e27c0
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>
|
