Fix for Callback privilege
Issue: Not returning proper error when user privilege is Callback
Returning proper error codes.
Tested:
Command: ipmitool raw 0x06 0x40 0x3 0x42 0x41 //SetChannelAccess
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x40 rsp=0xcc): Invalid data field in request
Command: ipmitool raw 0x06 0x40 0x3 0x42 0xc2 //SetChannelAccess
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x40 rsp=0x83): Unknown (0x83)
Command: ipmitool user priv 2 0x01 1
Response: IPMI command failed: Invalid data field in request
Set Privilege Level command failed (user 2)
Command: ipmitool raw 0x06 0x38 1 1 //Get Channel Auth Capabilities
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x38 rsp=0xcc): Invalid data field in request
Command: ipmitool raw 0x06 0x40 0x1 0x42 0x81 //SetChannelAccess
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x40 rsp=0xcc): Invalid data field in request
Command: ipmitool raw 0x06 0x43 0x1 2 1 0 //Set User Access Command
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x43 rsp=0xcc): Invalid data field in request
Command: ipmitool raw 0x06 0x43 0x2 1 2 0 //Set User Access Command
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x43 rsp=0xff): Unspecified error
Command: ipmitool raw 0x06 0x42 0x02 //Get Channel Info Command
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x42 rsp=0x82): Unknown (0x82)
Command: ipmitool raw 0x06 0x4E 0x02 //Get Channel Payload Support
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x4e rsp=0xff): Unspecified error
Command: ipmitool raw 0x06 0x4E 0x0F //Get Channel Payload Support
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x4e rsp=0xcc): Invalid data field in request
Command: ipmitool raw 0x06 0x4F 0x02 0x00 //Get Channel Payload Version
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x4f rsp=0xcc): Invalid data field in request
Command: ipmitool raw 0x06 0x4C 0x02 0x01 0x02 0x00 0x00 0x00
//Set User Payload Access
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x4c rsp=0xcc): Invalid data field in request
Command: ipmitool raw 0x06 0x44 0x02 0x02 //Get User Access Command
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x44 rsp=0xcc): Invalid data field in request
Command: ipmitool raw 0x06 0x44 0x01 0x11 //Get User Access Command
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x44 rsp=0xc9): Parameter out of range
Command: ipmitool raw 0x06 0x4D 0x02 0x02 //Get User Payload Access
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x4d rsp=0xcc): Invalid data field in request
Command: ipmitool raw 0x06 0x40 0x3 0x44 0x43
// set channel access for Non-volatile priv limit
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x40 rsp=0x83): Unknown (0x83)
Command: ipmitool raw 0x06 0x40 0x1 0x85 0x82
// set channel access for volatile priv limit
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x40 rsp=0x83): Unknown (0x83)
Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: I4ff6fb5ae9a604e6b38fb92c249416605ec27cb5
diff --git a/user_channel/usercommands.cpp b/user_channel/usercommands.cpp
index 34687d5..36c6ebc 100644
--- a/user_channel/usercommands.cpp
+++ b/user_channel/usercommands.cpp
@@ -131,16 +131,25 @@
std::optional<uint8_t> sessionLimit)
{
uint8_t sessLimit = sessionLimit.value_or(0);
- uint8_t chNum =
- convertCurrentChannelNum(static_cast<uint8_t>(channel), ctx->channel);
- if (reserved1 != 0 || reserved2 != 0 || sessLimit != 0 ||
- (!isValidChannel(chNum)) ||
- (!ipmiUserIsValidPrivilege(static_cast<uint8_t>(privilege))) ||
- (EChannelSessSupported::none == getChannelSessionSupport(chNum)))
+ if (reserved1 || reserved2 || sessLimit ||
+ !ipmiUserIsValidPrivilege(static_cast<uint8_t>(privilege)))
{
log<level::DEBUG>("Set user access - Invalid field in request");
return ipmi::responseInvalidFieldRequest();
}
+
+ uint8_t chNum =
+ convertCurrentChannelNum(static_cast<uint8_t>(channel), ctx->channel);
+ if (!isValidChannel(chNum))
+ {
+ log<level::DEBUG>("Set user access - Invalid channel request");
+ return ipmi::response(invalidChannel);
+ }
+ if (getChannelSessionSupport(chNum) == EChannelSessSupported::none)
+ {
+ log<level::DEBUG>("Set user access - No support on channel");
+ return ipmi::response(ccActionNotSupportedForChannel);
+ }
if (!ipmiUserIsValidUserId(static_cast<uint8_t>(userId)))
{
log<level::DEBUG>("Set user access - Parameter out of range");
@@ -202,12 +211,18 @@
{
uint8_t chNum =
convertCurrentChannelNum(static_cast<uint8_t>(channel), ctx->channel);
- if (reserved1 != 0 || reserved2 != 0 || (!isValidChannel(chNum)) ||
- (EChannelSessSupported::none == getChannelSessionSupport(chNum)))
+
+ if (reserved1 || reserved2 || !isValidChannel(chNum))
{
log<level::DEBUG>("Get user access - Invalid field in request");
return ipmi::responseInvalidFieldRequest();
}
+
+ if (getChannelSessionSupport(chNum) == EChannelSessSupported::none)
+ {
+ log<level::DEBUG>("Get user access - No support on channel");
+ return ipmi::response(ccActionNotSupportedForChannel);
+ }
if (!ipmiUserIsValidUserId(static_cast<uint8_t>(userId)))
{
log<level::DEBUG>("Get user access - Parameter out of range");
@@ -450,15 +465,22 @@
bool extData, uint4_t privLevel,
uint4_t reserved2)
{
-
uint8_t channel =
convertCurrentChannelNum(static_cast<uint8_t>(chNum), ctx->channel);
if (reserved1 || reserved2 || !isValidChannel(channel) ||
- !isValidPrivLimit(static_cast<uint8_t>(privLevel)) ||
- (EChannelSessSupported::none == getChannelSessionSupport(channel)))
+ !isValidPrivLimit(static_cast<uint8_t>(privLevel)))
{
- return ipmi::response(ccInvalidFieldRequest);
+ log<level::DEBUG>(
+ "Get channel auth capabilities - Invalid field in request");
+ return ipmi::responseInvalidFieldRequest();
+ }
+
+ if (getChannelSessionSupport(channel) == EChannelSessSupported::none)
+ {
+ log<level::DEBUG>(
+ "Get channel auth capabilities - No support on channel");
+ return ipmi::response(ccActionNotSupportedForChannel);
}
constexpr bool extDataSupport = true; // true for IPMI 2.0 extensions
@@ -532,25 +554,27 @@
uint8_t oemPayloadEnables2Reserved)
{
+ auto chNum =
+ convertCurrentChannelNum(static_cast<uint8_t>(channel), ctx->channel);
// Validate the reserved args. Only SOL payload is supported as on date.
if (reserved || stdPayload0ipmiReserved || stdPayload2 || stdPayload3 ||
stdPayload4 || stdPayload5 || stdPayload6 || stdPayload7 ||
oemPayload0 || oemPayload1 || oemPayload2 || oemPayload3 ||
oemPayload4 || oemPayload5 || oemPayload6 || oemPayload7 ||
- stdPayloadEnables2Reserved || oemPayloadEnables2Reserved)
+ stdPayloadEnables2Reserved || oemPayloadEnables2Reserved ||
+ !isValidChannel(chNum))
{
return ipmi::responseInvalidFieldRequest();
}
- auto chNum =
- convertCurrentChannelNum(static_cast<uint8_t>(channel), ctx->channel);
- if ((operation != enableOperation && operation != disableOperation) ||
- (!isValidChannel(chNum)) ||
- (getChannelSessionSupport(chNum) == EChannelSessSupported::none))
+ if ((operation != enableOperation && operation != disableOperation))
{
return ipmi::responseInvalidFieldRequest();
}
-
+ if (getChannelSessionSupport(chNum) == EChannelSessSupported::none)
+ {
+ return ipmi::response(ccActionNotSupportedForChannel);
+ }
if (!ipmiUserIsValidUserId(static_cast<uint8_t>(userId)))
{
return ipmi::responseParmOutOfRange();
@@ -627,11 +651,15 @@
{
uint8_t chNum =
convertCurrentChannelNum(static_cast<uint8_t>(channel), ctx->channel);
- if (reserved1 != 0 || reserved2 != 0 || (!isValidChannel(chNum)) ||
- (getChannelSessionSupport(chNum) == EChannelSessSupported::none))
+
+ if (reserved1 || reserved2 || !isValidChannel(chNum))
{
return ipmi::responseInvalidFieldRequest();
}
+ if (getChannelSessionSupport(chNum) == EChannelSessSupported::none)
+ {
+ return ipmi::response(ccActionNotSupportedForChannel);
+ }
if (!ipmiUserIsValidUserId(static_cast<uint8_t>(userId)))
{
return ipmi::responseParmOutOfRange();