Fix privilege level for storage commands
Per the IPMI spec, the following commands require only User
privilege level:
Get FRU Inventory Area Info
Read FRU Data
Get SEL Info
Get SEL Entry
Get SEL Time
Tested:
Before:
ipmitool -I lanplus -L USER raw 0xa 0x10
Unable to send RAW command (channel=0x0 netfn=0xa lun=0x0 cmd=0x10 rsp=0xd4): Insufficient privilege level
ipmitool -I lanplus -L USER raw 0xa 0x11
Unable to send RAW command (channel=0x0 netfn=0xa lun=0x0 cmd=0x11 rsp=0xd4): Insufficient privilege level
ipmitool -I lanplus -L USER raw 0xa 0x40
Unable to send RAW command (channel=0x0 netfn=0xa lun=0x0 cmd=0x40 rsp=0xd4): Insufficient privilege level
ipmitool -I lanplus -L USER raw 0xa 0x43
Unable to send RAW command (channel=0x0 netfn=0xa lun=0x0 cmd=0x43 rsp=0xd4): Insufficient privilege level
ipmitool -I lanplus -L USER raw 0xa 0x48
Unable to send RAW command (channel=0x0 netfn=0xa lun=0x0 cmd=0x48 rsp=0xd4): Insufficient privilege level
After:
ipmitool -I lanplus -L USER raw 0xa 0x10
Unable to send RAW command (channel=0x0 netfn=0xa lun=0x0 cmd=0x10 rsp=0xc7): Request data length invalid
ipmitool -I lanplus -L USER raw 0xa 0x11
Unable to send RAW command (channel=0x0 netfn=0xa lun=0x0 cmd=0x11 rsp=0xc7): Request data length invalid
ipmitool -I lanplus -L USER raw 0xa 0x40
51 00 00 ff ff ff ff ff ff ee 2d 11 5d 02
ipmitool -I lanplus -L USER raw 0xa 0x43
Unable to send RAW command (channel=0x0 netfn=0xa lun=0x0 cmd=0x43 rsp=0xc7): Request data length invalid
ipmitool -I lanplus -L USER raw 0xa 0x48
1c 3e 11 5d
Change-Id: Icd1282eb3d1b3dff4b6f27c58660bbac704fe6de
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
diff --git a/src/storagecommands.cpp b/src/storagecommands.cpp
index 30c68d6..19d8dc5 100644
--- a/src/storagecommands.cpp
+++ b/src/storagecommands.cpp
@@ -1033,13 +1033,13 @@
ipmiPrintAndRegister(
NETFUN_STORAGE,
static_cast<ipmi_cmd_t>(IPMINetfnStorageCmds::ipmiCmdGetFRUInvAreaInfo),
- NULL, ipmiStorageGetFRUInvAreaInfo, PRIVILEGE_OPERATOR);
+ NULL, ipmiStorageGetFRUInvAreaInfo, PRIVILEGE_USER);
// <READ FRU Data>
ipmiPrintAndRegister(
NETFUN_STORAGE,
static_cast<ipmi_cmd_t>(IPMINetfnStorageCmds::ipmiCmdReadFRUData), NULL,
- ipmiStorageReadFRUData, PRIVILEGE_OPERATOR);
+ ipmiStorageReadFRUData, PRIVILEGE_USER);
// <WRITE FRU Data>
ipmiPrintAndRegister(
@@ -1049,13 +1049,13 @@
// <Get SEL Info>
ipmi::registerHandler(ipmi::prioOpenBmcBase, ipmi::netFnStorage,
- ipmi::storage::cmdGetSelInfo,
- ipmi::Privilege::Operator, ipmiStorageGetSELInfo);
+ ipmi::storage::cmdGetSelInfo, ipmi::Privilege::User,
+ ipmiStorageGetSELInfo);
// <Get SEL Entry>
ipmi::registerHandler(ipmi::prioOpenBmcBase, ipmi::netFnStorage,
- ipmi::storage::cmdGetSelEntry,
- ipmi::Privilege::Operator, ipmiStorageGetSELEntry);
+ ipmi::storage::cmdGetSelEntry, ipmi::Privilege::User,
+ ipmiStorageGetSELEntry);
// <Add SEL Entry>
ipmi::registerHandler(ipmi::prioOpenBmcBase, ipmi::netFnStorage,
@@ -1069,8 +1069,8 @@
// <Get SEL Time>
ipmi::registerHandler(ipmi::prioOpenBmcBase, ipmi::netFnStorage,
- ipmi::storage::cmdGetSelTime,
- ipmi::Privilege::Operator, ipmiStorageGetSELTime);
+ ipmi::storage::cmdGetSelTime, ipmi::Privilege::User,
+ ipmiStorageGetSELTime);
// <Set SEL Time>
ipmi::registerHandler(ipmi::prioOpenBmcBase, ipmi::netFnStorage,