Add privilege level for each IPMI command
Change-Id: I07f160c6ea83dc91f46e21f263c4cf994aff081d
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>
diff --git a/apphandler.cpp b/apphandler.cpp
index 394f716..f551d4f 100644
--- a/apphandler.cpp
+++ b/apphandler.cpp
@@ -643,37 +643,56 @@
void register_netfn_app_functions()
{
+ // <Get BT Interface Capabilities>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_APP, IPMI_CMD_GET_CAP_BIT);
- ipmi_register_callback(NETFUN_APP, IPMI_CMD_GET_CAP_BIT, NULL, ipmi_app_get_bt_capabilities);
+ ipmi_register_callback(NETFUN_APP, IPMI_CMD_GET_CAP_BIT, NULL, ipmi_app_get_bt_capabilities,
+ PRIVILEGE_USER);
+ // <Wildcard Command>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_APP, IPMI_CMD_WILDCARD);
- ipmi_register_callback(NETFUN_APP, IPMI_CMD_WILDCARD, NULL, ipmi_app_wildcard_handler);
+ ipmi_register_callback(NETFUN_APP, IPMI_CMD_WILDCARD, NULL, ipmi_app_wildcard_handler,
+ PRIVILEGE_USER);
+ // <Reset Watchdog Timer>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_APP, IPMI_CMD_RESET_WD);
- ipmi_register_callback(NETFUN_APP, IPMI_CMD_RESET_WD, NULL, ipmi_app_reset_watchdog);
+ ipmi_register_callback(NETFUN_APP, IPMI_CMD_RESET_WD, NULL, ipmi_app_reset_watchdog,
+ PRIVILEGE_OPERATOR);
+ // <Set Watchdog Timer>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_APP, IPMI_CMD_SET_WD);
- ipmi_register_callback(NETFUN_APP, IPMI_CMD_SET_WD, NULL, ipmi_app_set_watchdog);
+ ipmi_register_callback(NETFUN_APP, IPMI_CMD_SET_WD, NULL, ipmi_app_set_watchdog,
+ PRIVILEGE_OPERATOR);
+ // <Get Device ID>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_APP, IPMI_CMD_GET_DEVICE_ID);
- ipmi_register_callback(NETFUN_APP, IPMI_CMD_GET_DEVICE_ID, NULL, ipmi_app_get_device_id);
+ ipmi_register_callback(NETFUN_APP, IPMI_CMD_GET_DEVICE_ID, NULL, ipmi_app_get_device_id,
+ PRIVILEGE_USER);
+ // <Get Self Test Results>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_APP, IPMI_CMD_GET_SELF_TEST_RESULTS);
- ipmi_register_callback(NETFUN_APP, IPMI_CMD_GET_SELF_TEST_RESULTS, NULL, ipmi_app_get_self_test_results);
+ ipmi_register_callback(NETFUN_APP, IPMI_CMD_GET_SELF_TEST_RESULTS, NULL,
+ ipmi_app_get_self_test_results, PRIVILEGE_USER);
+ // <Get Device GUID>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_APP, IPMI_CMD_GET_DEVICE_GUID);
- ipmi_register_callback(NETFUN_APP, IPMI_CMD_GET_DEVICE_GUID, NULL, ipmi_app_get_device_guid);
+ ipmi_register_callback(NETFUN_APP, IPMI_CMD_GET_DEVICE_GUID, NULL, ipmi_app_get_device_guid,
+ PRIVILEGE_USER);
+ // <Set ACPI Power State>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_APP, IPMI_CMD_SET_ACPI);
- ipmi_register_callback(NETFUN_APP, IPMI_CMD_SET_ACPI, NULL, ipmi_app_set_acpi_power_state);
+ ipmi_register_callback(NETFUN_APP, IPMI_CMD_SET_ACPI, NULL, ipmi_app_set_acpi_power_state,
+ PRIVILEGE_ADMIN);
+ // <Set Channel Access>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_APP,
IPMI_CMD_SET_CHAN_ACCESS);
ipmi_register_callback(NETFUN_APP, IPMI_CMD_SET_CHAN_ACCESS, NULL,
- ipmi_set_channel_access);
+ ipmi_set_channel_access, PRIVILEGE_ADMIN);
+ // <Get Channel Info Command>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_APP, IPMI_CMD_GET_CHAN_INFO);
- ipmi_register_callback(NETFUN_APP, IPMI_CMD_GET_CHAN_INFO, NULL, ipmi_app_channel_info);
+ ipmi_register_callback(NETFUN_APP, IPMI_CMD_GET_CHAN_INFO, NULL, ipmi_app_channel_info,
+ PRIVILEGE_USER);
return;
}
diff --git a/chassishandler.cpp b/chassishandler.cpp
index 6d5a5fd..4332f81 100644
--- a/chassishandler.cpp
+++ b/chassishandler.cpp
@@ -1040,22 +1040,34 @@
void register_netfn_chassis_functions()
{
+ // <Wildcard Command>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_CHASSIS, IPMI_CMD_WILDCARD);
- ipmi_register_callback(NETFUN_CHASSIS, IPMI_CMD_WILDCARD, NULL, ipmi_chassis_wildcard);
+ ipmi_register_callback(NETFUN_CHASSIS, IPMI_CMD_WILDCARD, NULL, ipmi_chassis_wildcard,
+ PRIVILEGE_USER);
+ // Get Chassis Capabilities
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_CHASSIS, IPMI_CMD_GET_CHASSIS_CAP);
- ipmi_register_callback(NETFUN_CHASSIS, IPMI_CMD_GET_CHASSIS_CAP, NULL, ipmi_get_chassis_cap);
+ ipmi_register_callback(NETFUN_CHASSIS, IPMI_CMD_GET_CHASSIS_CAP, NULL, ipmi_get_chassis_cap,
+ PRIVILEGE_USER);
+ // <Get System Boot Options>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_CHASSIS, IPMI_CMD_GET_SYS_BOOT_OPTIONS);
- ipmi_register_callback(NETFUN_CHASSIS, IPMI_CMD_GET_SYS_BOOT_OPTIONS, NULL, ipmi_chassis_get_sys_boot_options);
+ ipmi_register_callback(NETFUN_CHASSIS, IPMI_CMD_GET_SYS_BOOT_OPTIONS, NULL,
+ ipmi_chassis_get_sys_boot_options, PRIVILEGE_OPERATOR);
+ // <Get Chassis Status>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_CHASSIS, IPMI_CMD_CHASSIS_STATUS);
- ipmi_register_callback(NETFUN_CHASSIS, IPMI_CMD_CHASSIS_STATUS, NULL, ipmi_get_chassis_status);
+ ipmi_register_callback(NETFUN_CHASSIS, IPMI_CMD_CHASSIS_STATUS, NULL, ipmi_get_chassis_status,
+ PRIVILEGE_USER);
+ // <Chassis Control>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_CHASSIS, IPMI_CMD_CHASSIS_CONTROL);
- ipmi_register_callback(NETFUN_CHASSIS, IPMI_CMD_CHASSIS_CONTROL, NULL, ipmi_chassis_control);
+ ipmi_register_callback(NETFUN_CHASSIS, IPMI_CMD_CHASSIS_CONTROL, NULL, ipmi_chassis_control,
+ PRIVILEGE_OPERATOR);
+ // <Set System Boot Options>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n", NETFUN_CHASSIS, IPMI_CMD_SET_SYS_BOOT_OPTIONS);
- ipmi_register_callback(NETFUN_CHASSIS, IPMI_CMD_SET_SYS_BOOT_OPTIONS, NULL, ipmi_chassis_set_sys_boot_options);
+ ipmi_register_callback(NETFUN_CHASSIS, IPMI_CMD_SET_SYS_BOOT_OPTIONS, NULL,
+ ipmi_chassis_set_sys_boot_options, PRIVILEGE_OPERATOR);
}
diff --git a/dcmihandler.cpp b/dcmihandler.cpp
index 5775a35..19187ba 100644
--- a/dcmihandler.cpp
+++ b/dcmihandler.cpp
@@ -33,8 +33,10 @@
void register_netfn_dcmi_functions()
{
+ // <Get Power Limit>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_GRPEXT, IPMI_CMD_DCMI_GET_POWER);
- ipmi_register_callback(NETFUN_GRPEXT, IPMI_CMD_DCMI_GET_POWER, NULL, ipmi_dcmi_get_power_limit);
+ ipmi_register_callback(NETFUN_GRPEXT, IPMI_CMD_DCMI_GET_POWER, NULL, ipmi_dcmi_get_power_limit,
+ PRIVILEGE_USER);
return;
}
-// 956379
\ No newline at end of file
+// 956379
diff --git a/globalhandler.cpp b/globalhandler.cpp
index 34b244f..304867c 100644
--- a/globalhandler.cpp
+++ b/globalhandler.cpp
@@ -93,11 +93,15 @@
void register_netfn_global_functions()
{
+ // Cold Reset
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_APP, IPMI_CMD_COLD_RESET);
- ipmi_register_callback(NETFUN_APP, IPMI_CMD_COLD_RESET, NULL, ipmi_global_cold_reset);
+ ipmi_register_callback(NETFUN_APP, IPMI_CMD_COLD_RESET, NULL, ipmi_global_cold_reset,
+ PRIVILEGE_ADMIN);
+ // <Warm Reset>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_APP, IPMI_CMD_WARM_RESET);
- ipmi_register_callback(NETFUN_APP, IPMI_CMD_WARM_RESET, NULL, ipmi_global_warm_reset);
+ ipmi_register_callback(NETFUN_APP, IPMI_CMD_WARM_RESET, NULL, ipmi_global_warm_reset,
+ PRIVILEGE_ADMIN);
return;
}
diff --git a/groupext.cpp b/groupext.cpp
index ba43794..6891d75 100644
--- a/groupext.cpp
+++ b/groupext.cpp
@@ -24,8 +24,10 @@
void register_netfn_groupext_functions()
{
+ // <Group Extension Command>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_GRPEXT, GRPEXT_GET_GROUP_CMD);
- ipmi_register_callback(NETFUN_GRPEXT, GRPEXT_GET_GROUP_CMD, NULL, ipmi_groupext);
+ ipmi_register_callback(NETFUN_GRPEXT, GRPEXT_GET_GROUP_CMD, NULL, ipmi_groupext,
+ PRIVILEGE_USER);
return;
}
diff --git a/host-ipmid/ipmid-api.h b/host-ipmid/ipmid-api.h
index 6bd991f..ded1a6d 100644
--- a/host-ipmid/ipmid-api.h
+++ b/host-ipmid/ipmid-api.h
@@ -7,6 +7,21 @@
extern "C" {
#endif
+/*
+ * Specifies the minimum privilege level required to execute the command
+ * This means the command can be executed at a given privilege level or higher
+ * privilege level. Those commands which can be executed via system interface
+ * only should use SYSTEM_INTERFACE
+ */
+enum CommandPrivilege {
+ PRIVILEGE_CALLBACK = 0x01,
+ PRIVILEGE_USER,
+ PRIVILEGE_OPERATOR,
+ PRIVILEGE_ADMIN,
+ PRIVILEGE_OEM,
+ SYSTEM_INTERFACE = 0xFF,
+};
+
// length of Completion Code and its ALWAYS _1_
#define IPMI_CC_LEN 1
@@ -46,6 +61,8 @@
// Plugin function return the status code
typedef unsigned char ipmi_ret_t;
+typedef enum CommandPrivilege ipmi_cmd_privilege_t;
+
// This is the callback handler that the plugin registers with IPMID. IPMI
// function router will then make a call to this callback handler with the
// necessary arguments of netfn, cmd, request, response, size and context.
@@ -55,8 +72,9 @@
// This is the constructor function that is called into by each plugin handlers.
// When ipmi sets up the callback handlers, a call is made to this with
// information of netfn, cmd, callback handler pointer and context data.
-void ipmi_register_callback(ipmi_netfn_t, ipmi_cmd_t,
- ipmi_context_t, ipmid_callback_t);
+void ipmi_register_callback(ipmi_netfn_t, ipmi_cmd_t, ipmi_context_t, ipmid_callback_t,
+ ipmi_cmd_privilege_t);
+
unsigned short get_sel_reserve_id(void);
diff --git a/ipmid.cpp b/ipmid.cpp
index 84d37ea..0c9db6f 100644
--- a/ipmid.cpp
+++ b/ipmid.cpp
@@ -108,8 +108,8 @@
// Method that gets called by shared libraries to get their command handlers registered
-void ipmi_register_callback(ipmi_netfn_t netfn, ipmi_cmd_t cmd,
- ipmi_context_t context, ipmid_callback_t handler)
+void ipmi_register_callback(ipmi_netfn_t netfn, ipmi_cmd_t cmd, ipmi_context_t context,
+ ipmid_callback_t handler, ipmi_cmd_privilege_t priv)
{
// Pack NetFn and Command in one.
auto netfn_and_cmd = std::make_pair(netfn, cmd);
diff --git a/sensorhandler.cpp b/sensorhandler.cpp
index 457849e..a40196c 100644
--- a/sensorhandler.cpp
+++ b/sensorhandler.cpp
@@ -49,7 +49,6 @@
uint8_t indication[2];
} __attribute__ ((packed)) ;
-
// Use a lookup table to find the interface name of a specific sensor
// This will be used until an alternative is found. this is the first
// step for mapping IPMI
@@ -249,7 +248,6 @@
return 0;
}
-
uint8_t dbus_to_sensor_type(char *p) {
sensorTypemap_t *s = g_SensorTypeMap;
@@ -453,17 +451,25 @@
void register_netfn_sen_functions()
{
+ // <Wildcard Command>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_SENSOR, IPMI_CMD_WILDCARD);
- ipmi_register_callback(NETFUN_SENSOR, IPMI_CMD_WILDCARD, NULL, ipmi_sen_wildcard);
+ ipmi_register_callback(NETFUN_SENSOR, IPMI_CMD_WILDCARD, NULL, ipmi_sen_wildcard,
+ PRIVILEGE_USER);
+ // <Get Sensor Type>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_SENSOR, IPMI_CMD_GET_SENSOR_TYPE);
- ipmi_register_callback(NETFUN_SENSOR, IPMI_CMD_GET_SENSOR_TYPE, NULL, ipmi_sen_get_sensor_type);
+ ipmi_register_callback(NETFUN_SENSOR, IPMI_CMD_GET_SENSOR_TYPE, NULL, ipmi_sen_get_sensor_type,
+ PRIVILEGE_USER);
+ // <Set Sensor Reading and Event Status>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_SENSOR, IPMI_CMD_SET_SENSOR);
- ipmi_register_callback(NETFUN_SENSOR, IPMI_CMD_SET_SENSOR, NULL, ipmi_sen_set_sensor);
+ ipmi_register_callback(NETFUN_SENSOR, IPMI_CMD_SET_SENSOR, NULL, ipmi_sen_set_sensor,
+ PRIVILEGE_OPERATOR);
+ // <Get Sensor Reading>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_SENSOR, IPMI_CMD_GET_SENSOR_READING);
- ipmi_register_callback(NETFUN_SENSOR, IPMI_CMD_GET_SENSOR_READING, NULL, ipmi_sen_get_sensor_reading);
+ ipmi_register_callback(NETFUN_SENSOR, IPMI_CMD_GET_SENSOR_READING, NULL,
+ ipmi_sen_get_sensor_reading, PRIVILEGE_USER);
return;
}
diff --git a/sensorhandler.h b/sensorhandler.h
index e8e46a5..ca27b39 100644
--- a/sensorhandler.h
+++ b/sensorhandler.h
@@ -24,4 +24,5 @@
int set_sensor_dbus_state_s(uint8_t , const char *, const char *);
int set_sensor_dbus_state_y(uint8_t , const char *, const uint8_t);
int find_openbmc_path(const char *, const uint8_t , dbus_interface_t *);
+
#endif
diff --git a/storagehandler.cpp b/storagehandler.cpp
index 41d76b8..e02dd19 100644
--- a/storagehandler.cpp
+++ b/storagehandler.cpp
@@ -232,23 +232,35 @@
void register_netfn_storage_functions()
{
+ // <Wildcard Command>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_STORAGE, IPMI_CMD_WILDCARD);
- ipmi_register_callback(NETFUN_STORAGE, IPMI_CMD_WILDCARD, nullptr, ipmi_storage_wildcard);
+ ipmi_register_callback(NETFUN_STORAGE, IPMI_CMD_WILDCARD, NULL, ipmi_storage_wildcard,
+ PRIVILEGE_USER);
+ // <Get SEL Time>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_STORAGE, IPMI_CMD_GET_SEL_TIME);
- ipmi_register_callback(NETFUN_STORAGE, IPMI_CMD_GET_SEL_TIME, nullptr, ipmi_storage_get_sel_time);
+ ipmi_register_callback(NETFUN_STORAGE, IPMI_CMD_GET_SEL_TIME, NULL, ipmi_storage_get_sel_time,
+ PRIVILEGE_USER);
+ // <Set SEL Time>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_STORAGE, IPMI_CMD_SET_SEL_TIME);
- ipmi_register_callback(NETFUN_STORAGE, IPMI_CMD_SET_SEL_TIME, nullptr, ipmi_storage_set_sel_time);
+ ipmi_register_callback(NETFUN_STORAGE, IPMI_CMD_SET_SEL_TIME, NULL, ipmi_storage_set_sel_time,
+ PRIVILEGE_OPERATOR);
+ // <Get SEL Info>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_STORAGE, IPMI_CMD_GET_SEL_INFO);
- ipmi_register_callback(NETFUN_STORAGE, IPMI_CMD_GET_SEL_INFO, nullptr, ipmi_storage_get_sel_info);
+ ipmi_register_callback(NETFUN_STORAGE, IPMI_CMD_GET_SEL_INFO, NULL, ipmi_storage_get_sel_info,
+ PRIVILEGE_USER);
+ // <Reserve SEL>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_STORAGE, IPMI_CMD_RESERVE_SEL);
- ipmi_register_callback(NETFUN_STORAGE, IPMI_CMD_RESERVE_SEL, nullptr, ipmi_storage_reserve_sel);
+ ipmi_register_callback(NETFUN_STORAGE, IPMI_CMD_RESERVE_SEL, NULL, ipmi_storage_reserve_sel,
+ PRIVILEGE_USER);
+ // <Add SEL Entry>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_STORAGE, IPMI_CMD_ADD_SEL);
- ipmi_register_callback(NETFUN_STORAGE, IPMI_CMD_ADD_SEL, nullptr, ipmi_storage_add_sel);
+ ipmi_register_callback(NETFUN_STORAGE, IPMI_CMD_ADD_SEL, NULL, ipmi_storage_add_sel,
+ PRIVILEGE_OPERATOR);
return;
}
diff --git a/systemintfcmds.cpp b/systemintfcmds.cpp
index d920f95..f9a2dda 100644
--- a/systemintfcmds.cpp
+++ b/systemintfcmds.cpp
@@ -93,17 +93,19 @@
// <Read Event Message Buffer>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_APP, IPMI_CMD_READ_EVENT);
- ipmi_register_callback(NETFUN_APP, IPMI_CMD_READ_EVENT, NULL, ipmi_app_read_event);
+ ipmi_register_callback(NETFUN_APP, IPMI_CMD_READ_EVENT, NULL, ipmi_app_read_event,
+ SYSTEM_INTERFACE);
// <Set BMC Global Enables>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_APP,
IPMI_CMD_SET_BMC_GLOBAL_ENABLES);
ipmi_register_callback(NETFUN_APP, IPMI_CMD_SET_BMC_GLOBAL_ENABLES, NULL,
- ipmi_app_set_bmc_global_enables);
+ ipmi_app_set_bmc_global_enables, SYSTEM_INTERFACE);
// <Get Message Flags>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_APP, IPMI_CMD_GET_MSG_FLAGS);
- ipmi_register_callback(NETFUN_APP, IPMI_CMD_GET_MSG_FLAGS, NULL, ipmi_app_get_msg_flags);
+ ipmi_register_callback(NETFUN_APP, IPMI_CMD_GET_MSG_FLAGS, NULL, ipmi_app_get_msg_flags,
+ SYSTEM_INTERFACE);
return;
}
diff --git a/transporthandler.cpp b/transporthandler.cpp
index 8ee2dbe..9cbae11 100644
--- a/transporthandler.cpp
+++ b/transporthandler.cpp
@@ -382,14 +382,20 @@
void register_netfn_transport_functions()
{
+ // <Wildcard Command>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_TRANSPORT, IPMI_CMD_WILDCARD);
- ipmi_register_callback(NETFUN_TRANSPORT, IPMI_CMD_WILDCARD, NULL, ipmi_transport_wildcard);
+ ipmi_register_callback(NETFUN_TRANSPORT, IPMI_CMD_WILDCARD, NULL, ipmi_transport_wildcard,
+ PRIVILEGE_USER);
+ // <Set LAN Configuration Parameters>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_TRANSPORT, IPMI_CMD_SET_LAN);
- ipmi_register_callback(NETFUN_TRANSPORT, IPMI_CMD_SET_LAN, NULL, ipmi_transport_set_lan);
+ ipmi_register_callback(NETFUN_TRANSPORT, IPMI_CMD_SET_LAN, NULL, ipmi_transport_set_lan,
+ PRIVILEGE_ADMIN);
+ // <Get LAN Configuration Parameters>
printf("Registering NetFn:[0x%X], Cmd:[0x%X]\n",NETFUN_TRANSPORT, IPMI_CMD_GET_LAN);
- ipmi_register_callback(NETFUN_TRANSPORT, IPMI_CMD_GET_LAN, NULL, ipmi_transport_get_lan);
+ ipmi_register_callback(NETFUN_TRANSPORT, IPMI_CMD_GET_LAN, NULL, ipmi_transport_get_lan,
+ PRIVILEGE_OPERATOR);
return;
}