blob: 3b9fa0ec633a9c9b2d380496cc4feef07c751ccf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
#include "session_cmds.hpp"
#include "endian.hpp"
#include "main.hpp"
#include <ipmid/api.h>
#include <user_channel/channel_layer.hpp>
#include <user_channel/user_layer.hpp>
namespace command
{
std::vector<uint8_t>
setSessionPrivilegeLevel(const std::vector<uint8_t>& inPayload,
const message::Handler& handler)
{
std::vector<uint8_t> outPayload(sizeof(SetSessionPrivLevelResp));
auto request =
reinterpret_cast<const SetSessionPrivLevelReq*>(inPayload.data());
auto response =
reinterpret_cast<SetSessionPrivLevelResp*>(outPayload.data());
response->completionCode = IPMI_CC_OK;
uint8_t reqPrivilegeLevel = request->reqPrivLevel;
auto session = std::get<session::Manager&>(singletonPool)
.getSession(handler.sessionID);
if (reqPrivilegeLevel == 0) // Just return present privilege level
{
response->newPrivLevel = static_cast<uint8_t>(session->curPrivLevel);
return outPayload;
}
if (reqPrivilegeLevel > (static_cast<uint8_t>(session->reqMaxPrivLevel) &
session::reqMaxPrivMask))
{
// Requested level exceeds Channel and/or User Privilege Limit
response->completionCode = IPMI_CC_EXCEEDS_USER_PRIV;
return outPayload;
}
uint8_t userId = ipmi::ipmiUserGetUserId(session->userName);
if (userId == ipmi::invalidUserId)
{
response->completionCode = IPMI_CC_UNSPECIFIED_ERROR;
return outPayload;
}
ipmi::PrivAccess userAccess{};
ipmi::ChannelAccess chAccess{};
if ((ipmi::ipmiUserGetPrivilegeAccess(userId, session->chNum, userAccess) !=
IPMI_CC_OK) ||
(ipmi::getChannelAccessData(session->chNum, chAccess) != IPMI_CC_OK))
{
response->completionCode = IPMI_CC_INVALID_PRIV_LEVEL;
return outPayload;
}
// Use the minimum privilege of user or channel
uint8_t minPriv = 0;
if (chAccess.privLimit < userAccess.privilege)
{
minPriv = chAccess.privLimit;
}
else
{
minPriv = userAccess.privilege;
}
if (reqPrivilegeLevel > minPriv)
{
// Requested level exceeds Channel and/or User Privilege Limit
response->completionCode = IPMI_CC_EXCEEDS_USER_PRIV;
}
else
{
// update current privilege of the session.
session->curPrivLevel =
static_cast<session::Privilege>(reqPrivilegeLevel);
response->newPrivLevel = reqPrivilegeLevel;
}
return outPayload;
}
std::vector<uint8_t> closeSession(const std::vector<uint8_t>& inPayload,
const message::Handler& handler)
{
std::vector<uint8_t> outPayload(sizeof(CloseSessionResponse));
auto request =
reinterpret_cast<const CloseSessionRequest*>(inPayload.data());
auto response = reinterpret_cast<CloseSessionResponse*>(outPayload.data());
response->completionCode = IPMI_CC_OK;
auto bmcSessionID = endian::from_ipmi(request->sessionID);
// Session 0 is needed to handle session setup, so session zero is never
// closed
if (bmcSessionID == session::SESSION_ZERO)
{
response->completionCode = IPMI_CC_INVALID_SESSIONID;
}
else
{
auto status = std::get<session::Manager&>(singletonPool)
.stopSession(bmcSessionID);
if (!status)
{
response->completionCode = IPMI_CC_INVALID_SESSIONID;
}
}
return outPayload;
}
} // namespace command
|
