Adding Def user creation using Intel OEM command
New Def user is created based on given username and pwd
Tested: New user is created successfully using this cmd.
ipmitool -I LAN raw OEMNefn Cmd <16 bytes username><20 bytes Pwd>
new username and password is set in user id 2 on top of def user
Added more restriction like works only in LAN,system interface
should not available,LAN should be configured in static and
user 2 should not enabled or configured previously.
Command work only with user created with callback priv by default
Change-Id: I77809e18fbef8e82ae2ba27527698e7fa5c5fd85
Signed-off-by: Suryakanth Sekar <suryakanth.sekar@linux.intel.com>
diff --git a/CMakeLists.txt b/CMakeLists.txt
index a5521d6..891e1d3 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -40,6 +40,7 @@
include_directories (${CMAKE_BINARY_DIR}/phosphor-logging-src)
link_directories (${CMAKE_BINARY_DIR}/phosphor-logging-src/.libs)
include_directories (${CMAKE_BINARY_DIR}/phosphor-ipmi-host/include)
+ include_directories (${CMAKE_BINARY_DIR}/ipmid/user_channel)
include_directories (${CMAKE_BINARY_DIR}) # link_directories
# (${CMAKE_BINARY_DIR}/sdbusplus-
# src/.libs)
@@ -85,5 +86,7 @@
target_link_libraries (zinteloemcmds ipmid)
target_link_libraries (zinteloemcmds sdbusplus)
target_link_libraries (zinteloemcmds phosphor_logging)
+target_link_libraries (zinteloemcmds -luserlayer)
+target_link_libraries (zinteloemcmds -lchannellayer)
install (TARGETS zinteloemcmds DESTINATION lib/ipmid-providers)
diff --git a/include/oemcommands.hpp b/include/oemcommands.hpp
index 3255da1..06a3caa 100644
--- a/include/oemcommands.hpp
+++ b/include/oemcommands.hpp
@@ -16,6 +16,7 @@
#pragma once
+#include <user_channel/user_layer.hpp>
enum class IPMINetfnIntelOEMGeneralCmd
{
cmdSetBIOSID = 0x26,
@@ -25,6 +26,7 @@
cmdSendEmbeddedFWUpdStatus = 0x44,
cmdSetPowerRestoreDelay = 0x54,
cmdGetPowerRestoreDelay = 0x55,
+ cmdSetOEMUser2Activation = 0x5A,
cmdSetShutdownPolicy = 0x60,
cmdGetShutdownPolicy = 0x62,
cmdSetFanConfig = 0x89,
@@ -143,6 +145,7 @@
// 2: host serial port 1 normal spend, port 2 high speed
// 3: host serial port 1 and 2 high speed
static constexpr const uint8_t HostSerialCfgParamMax = 3;
+static constexpr uint8_t ipmiDefaultUserId = 2;
static constexpr const uint8_t selEvtTargetMask = 0xF0;
static constexpr const uint8_t selEvtTargetShift = 4;
diff --git a/src/oemcommands.cpp b/src/oemcommands.cpp
index 2f46f13..2af6a0a 100644
--- a/src/oemcommands.cpp
+++ b/src/oemcommands.cpp
@@ -32,6 +32,7 @@
#include <oemcommands.hpp>
#include <phosphor-logging/log.hpp>
#include <sdbusplus/bus.hpp>
+#include <sdbusplus/message/types.hpp>
#include <string>
#include <variant>
#include <vector>
@@ -42,6 +43,12 @@
sdbusplus::bus::bus dbus(ipmid_get_sd_bus_connection()); // from ipmid/api.h
static constexpr size_t maxFRUStringLength = 0x3F;
+static constexpr auto ethernetIntf =
+ "xyz.openbmc_project.Network.EthernetInterface";
+static constexpr auto networkIPIntf = "xyz.openbmc_project.Network.IP";
+static constexpr auto networkService = "xyz.openbmc_project.Network";
+static constexpr auto networkRoot = "/xyz/openbmc_project/network";
+
// return code: 0 successful
int8_t getChassisSerialNumber(sdbusplus::bus::bus& bus, std::string& serial)
{
@@ -599,6 +606,191 @@
return IPMI_CC_OK;
}
+/** @brief implementation for check the DHCP or not in IPv4
+ * @param[in] Channel - Channel number
+ * @returns true or false.
+ */
+static bool isDHCPEnabled(uint8_t Channel)
+{
+ try
+ {
+ auto ethdevice = getChannelName(Channel);
+ if (ethdevice.empty())
+ {
+ return false;
+ }
+ auto ethIP = ethdevice + "/ipv4";
+ auto ethernetObj =
+ getDbusObject(dbus, networkIPIntf, networkRoot, ethIP);
+ auto value = getDbusProperty(dbus, networkService, ethernetObj.first,
+ networkIPIntf, "Origin");
+ if (sdbusplus::message::variant_ns::get<std::string>(value) ==
+ "xyz.openbmc_project.Network.IP.AddressOrigin.DHCP")
+ {
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
+ catch (sdbusplus::exception_t& e)
+ {
+ phosphor::logging::log<phosphor::logging::level::ERR>(e.description());
+ return true;
+ }
+}
+
+/** @brief implementes for check the DHCP or not in IPv6
+ * @param[in] Channel - Channel number
+ * @returns true or false.
+ */
+static bool isDHCPIPv6Enabled(uint8_t Channel)
+{
+
+ try
+ {
+ auto ethdevice = getChannelName(Channel);
+ if (ethdevice.empty())
+ {
+ return false;
+ }
+ auto ethIP = ethdevice + "/ipv6";
+ auto objectInfo =
+ getDbusObject(dbus, networkIPIntf, networkRoot, ethIP);
+ auto properties = getAllDbusProperties(dbus, objectInfo.second,
+ objectInfo.first, networkIPIntf);
+ if (sdbusplus::message::variant_ns::get<std::string>(
+ properties["Origin"]) ==
+ "xyz.openbmc_project.Network.IP.AddressOrigin.DHCP")
+ {
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
+ catch (sdbusplus::exception_t& e)
+ {
+ phosphor::logging::log<phosphor::logging::level::ERR>(e.description());
+ return true;
+ }
+}
+
+/** @brief implementes the creating of default new user
+ * @param[in] userName - new username in 16 bytes.
+ * @param[in] userPassword - new password in 20 bytes
+ * @returns ipmi completion code.
+ */
+ipmi::RspType<> ipmiOEMSetUser2Activation(
+ std::array<uint8_t, ipmi::ipmiMaxUserName>& userName,
+ std::array<uint8_t, ipmi::maxIpmi20PasswordSize>& userPassword)
+{
+ bool userState = false;
+ // Check for System Interface not exist and LAN should be static
+ for (uint8_t channel = 0; channel < maxIpmiChannels; channel++)
+ {
+ ChannelInfo chInfo;
+ try
+ {
+ getChannelInfo(channel, chInfo);
+ }
+ catch (sdbusplus::exception_t& e)
+ {
+ phosphor::logging::log<phosphor::logging::level::ERR>(
+ "ipmiOEMSetUser2Activation: Failed to get Channel Info",
+ phosphor::logging::entry("MSG: %s", e.description()));
+ return ipmi::response(ipmi::ccUnspecifiedError);
+ }
+ if (chInfo.mediumType ==
+ static_cast<uint8_t>(EChannelMediumType::systemInterface))
+ {
+ phosphor::logging::log<phosphor::logging::level::ERR>(
+ "ipmiOEMSetUser2Activation: system interface exist .");
+ return ipmi::response(ipmi::ccCommandNotAvailable);
+ }
+ else
+ {
+
+ if (chInfo.mediumType ==
+ static_cast<uint8_t>(EChannelMediumType::lan8032))
+ {
+ if (isDHCPIPv6Enabled(channel) || isDHCPEnabled(channel))
+ {
+ phosphor::logging::log<phosphor::logging::level::ERR>(
+ "ipmiOEMSetUser2Activation: DHCP enabled .");
+ return ipmi::response(ipmi::ccCommandNotAvailable);
+ }
+ }
+ }
+ }
+ uint8_t maxChUsers = 0, enabledUsers = 0, fixedUsers = 0;
+ if (ipmi::ccSuccess ==
+ ipmiUserGetAllCounts(maxChUsers, enabledUsers, fixedUsers))
+ {
+ if (enabledUsers > 1)
+ {
+ phosphor::logging::log<phosphor::logging::level::ERR>(
+ "ipmiOEMSetUser2Activation: more than one user is enabled.");
+ return ipmi::response(ipmi::ccCommandNotAvailable);
+ }
+ // Check the user 2 is enabled or not
+ ipmiUserCheckEnabled(ipmiDefaultUserId, userState);
+ if (userState == true)
+ {
+ phosphor::logging::log<phosphor::logging::level::ERR>(
+ "ipmiOEMSetUser2Activation: user 2 already enabled .");
+ return ipmi::response(ipmi::ccCommandNotAvailable);
+ }
+ }
+ else
+ {
+ return ipmi::response(ipmi::ccUnspecifiedError);
+ }
+
+#if BYTE_ORDER == LITTLE_ENDIAN
+ PrivAccess privAccess = {PRIVILEGE_ADMIN, true, true, true, 0};
+#endif
+#if BYTE_ORDER == BIG_ENDIAN
+ PrivAccess privAccess = {0, true, true, true, PRIVILEGE_ADMIN};
+#endif
+
+ if (ipmi::ccSuccess ==
+ ipmiUserSetUserName(ipmiDefaultUserId,
+ reinterpret_cast<const char*>(userName.data())))
+ {
+ if (ipmi::ccSuccess ==
+ ipmiUserSetUserPassword(
+ ipmiDefaultUserId,
+ reinterpret_cast<const char*>(userPassword.data())))
+ {
+ if (ipmi::ccSuccess ==
+ ipmiUserSetPrivilegeAccess(
+ ipmiDefaultUserId,
+ static_cast<uint8_t>(ipmi::EChannelID::chanLan1),
+ privAccess, true))
+ {
+ phosphor::logging::log<phosphor::logging::level::INFO>(
+ "ipmiOEMSetUser2Activation: user created successfully ");
+ return ipmi::responseSuccess();
+ }
+ }
+ // we need to delete the default user id which added in this command as
+ // password / priv setting is failed.
+ ipmiUserSetUserName(ipmiDefaultUserId, "");
+ phosphor::logging::log<phosphor::logging::level::ERR>(
+ "ipmiOEMSetUser2Activation: password / priv setting is failed.");
+ }
+ else
+ {
+ phosphor::logging::log<phosphor::logging::level::ERR>(
+ "ipmiOEMSetUser2Activation: Setting username failed.");
+ }
+
+ return ipmi::response(ipmi::ccCommandNotAvailable);
+}
+
namespace ledAction
{
using namespace sdbusplus::xyz::openbmc_project::Led::server;
@@ -1249,6 +1441,13 @@
static_cast<ipmi_cmd_t>(
IPMINetfnIntelOEMGeneralCmd::cmdGetPowerRestoreDelay),
NULL, ipmiOEMGetPowerRestoreDelay, PRIVILEGE_USER);
+
+ ipmi::registerHandler(
+ ipmi::prioOpenBmcBase, ipmi::netFnOemOne,
+ static_cast<ipmi::Cmd>(
+ IPMINetfnIntelOEMGeneralCmd::cmdSetOEMUser2Activation),
+ ipmi::Privilege::Callback, ipmiOEMSetUser2Activation);
+
ipmiPrintAndRegister(
netfnIntcOEMGeneral,
static_cast<ipmi_cmd_t>(