From d5a4f45e1ef5408876069af570e7b0d006c5b5db Mon Sep 17 00:00:00 2001 From: Richard Marian Thomaiyar Date: Wed, 16 Jan 2019 12:15:44 +0530 Subject: Fix: Set proper session privilege for RAKP 1 As per Set session privilege level command in IPMI specification when creating a session through Activate command / RAKP 1 message, it must be established with CALLBACK privilege if requested for callback. All other sessions are initialy set to USER privilege, regardless of the requested maximum privilege. Unit-Test: Verified the ipmi session establishement through -L command for user with USER privilege, and verified that Get Device ID not executed, when established for callback user privilege. Change-Id: I8196b8e857b726773f6727ec5dd3b835f8759cde Signed-off-by: Richard Marian Thomaiyar --- command/rakp12.cpp | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/command/rakp12.cpp b/command/rakp12.cpp index 2854716..17a7483 100644 --- a/command/rakp12.cpp +++ b/command/rakp12.cpp @@ -124,10 +124,19 @@ std::vector RAKP12(const std::vector& inPayload, static_cast(RAKP_ReturnCode::INSUFFICIENT_RESOURCE); return outPayload; } - + // As stated in Set Session Privilege Level command in IPMI Spec, when + // creating a session through Activate command / RAKP 1 message, it must be + // established with CALLBACK privilege if requested for callback. All other + // sessions are initialy set to USER privilege, regardless of the requested + // maximum privilege. + session->curPrivLevel = session::Privilege::CALLBACK; + if (static_cast(request->req_max_privilege_level & + session::reqMaxPrivMask) > + session::Privilege::CALLBACK) + { + session->curPrivLevel = session::Privilege::USER; + } session->reqMaxPrivLevel = request->req_max_privilege_level; - session->curPrivLevel = static_cast( - request->req_max_privilege_level & session::reqMaxPrivMask); if (request->user_name_len == 0) { // Bail out, if user name is not specified. @@ -178,8 +187,8 @@ std::vector RAKP12(const std::vector& inPayload, return outPayload; } session->chNum = chNum; - // minimum privilege of Channel / User / requested has to be used - // as session current privilege level + // minimum privilege of Channel / User / session::privilege::USER/CALLBACK / + // has to be used as session current privilege level uint8_t minPriv = 0; if (chAccess.privLimit < userAccess.privilege) { -- cgit v1.2.1