From 8af90ebcc552e243ae85aa9e9da1a00fbecab56c Mon Sep 17 00:00:00 2001
From: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Date: Sun, 3 Mar 2019 15:13:33 +0530
Subject: Skip IPMI Payload commands - IPMI Mesg disabled

Skip IPMI Payload type commands, if IPMI messaging is disabled
for the user.

Tested-by:
Verified that commands are not executed through RMCP+ when
IPMI Messaging is disabled for the user through Set
Channel Acess command. Verified the reverse too.

Change-Id: Ibcfd2a18ccc8b0c498eb06ffb56363b94a735b5e
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
---
 message_handler.cpp | 32 +++++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 9 deletions(-)

diff --git a/message_handler.cpp b/message_handler.cpp
index a45c13c..e2aafb3 100644
--- a/message_handler.cpp
+++ b/message_handler.cpp
@@ -90,17 +90,31 @@ void Handler::executeCommand()
     auto command = inMessage->getCommand();
     if (inMessage->payloadType == PayloadType::IPMI)
     {
-        if (inMessage->payload.size() <
-            (sizeof(LAN::header::Request) + sizeof(LAN::trailer::Request)))
+        auto session =
+            std::get<session::Manager&>(singletonPool).getSession(sessionID);
+        // Process PayloadType::IPMI only if ipmi is enabled or for sessionless
+        // or for session establisbment command
+        if (this->sessionID == session::SESSION_ZERO ||
+            session->sessionUserPrivAccess.ipmiEnabled)
         {
-            return;
+            if (inMessage->payload.size() <
+                (sizeof(LAN::header::Request) + sizeof(LAN::trailer::Request)))
+            {
+                return;
+            }
+
+            auto start =
+                inMessage->payload.begin() + sizeof(LAN::header::Request);
+            auto end = inMessage->payload.end() - sizeof(LAN::trailer::Request);
+            std::vector<uint8_t> inPayload(start, end);
+            std::get<command::Table&>(singletonPool)
+                .executeCommand(command, inPayload, shared_from_this());
+        }
+        else
+        {
+            std::vector<uint8_t> payload{IPMI_CC_INSUFFICIENT_PRIVILEGE};
+            outPayload = std::move(payload);
         }
-
-        auto start = inMessage->payload.begin() + sizeof(LAN::header::Request);
-        auto end = inMessage->payload.end() - sizeof(LAN::trailer::Request);
-        std::vector<uint8_t> inPayload(start, end);
-        std::get<command::Table&>(singletonPool)
-            .executeCommand(command, inPayload, shared_from_this());
     }
     else
     {
-- 
cgit v1.2.1