commit | 02650d53027326ed9b24a58b23596a74e5456654 | [log] [tgz] |
---|---|---|
author | Ayushi Smriti <smriti.ayushi@intel.com> | Wed May 15 11:59:09 2019 +0000 |
committer | smriti.ayushi <smriti.ayushi@linux.intel.com> | Sun Jun 09 07:34:01 2019 +0000 |
tree | dd13b303b303242bfddf25a4773392923ce08889 | |
parent | ea1c401c4bac43d6070bf7d515df08f8bf57c0a2 [diff] |
User-mgmt: Add IPMI user pam authenticate check API PAM user authentication check must be performed, before any RMCP+ session establishment, as this will be able to check whether user is already locked out, due to failed attempt. This patch introduces the pam user check API, which will be used by netipmid daemon. Tested: Verified the API call check and making sure it works. Real testing is performed by including the same in phosphor-ipmi-net for RMCP+ session establishment both for user locked for failed attempt and normal case. Commands used- Created new user using ipmitool ipmitool user set name 2 testuser ipmitool user enable 2 ipmitool user set password 2 pas1tes2 ipmitool user priv 2 4 3 ipmitool user list 3 //New user entry can be seen listed ipmitool channel getaccess 3 2 //For getting channel access ipmitool channel setaccess 3 2 ipmi=on priviledge=4 Normal Case: ipmitool -I lanplus -U testuser -P pas1tes2 -H <bmc ip> raw 6 1 //Command 23 00 00 00 02 bf 57 01 00 7b 00 00 00 00 00 //Response Negative Case: busctl set-property xyz.openbmc_project.User.Manager /xyz/openbmc_project/user xyz.openbmc_project.User.AccountPolicy MaxLoginAttemptBeforeLockout q 3 Tried 3 failed login attempts from webpage, and then tried to establish IPMI RMCP+ as expected, session establishment failed. wait for the timeout or unlock the user using- busctl set-property xyz.openbmc_project.User.Manager /xyz/openbmc_project/user/sayushi xyz.openbmc_project.User.Attributes UserLockedForFailedAttempt b false busctl get-property xyz.openbmc_project.User.Manager /xyz/openbmc_project/user/sayushi xyz.openbmc_project.User.Attributes UserLockedForFailedAttempt b false //Command b false //Response After this RMCP+ session will be established as usual. Change-Id: I5ee2dc0848944a12f682f0775930091d32508bde Signed-off-by: Ayushi Smriti <smriti.ayushi@linux.intel.com>
To build this package, do the following steps:
1. ./bootstrap.sh 2. ./configure ${CONFIGURE_FLAGS} 3. make
To clean the repository run ./bootstrap.sh clean
.