Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-host-ipmid / 29b9f31d55cff3cebd7f95ab05dc8fc8acfb2828^! / . / user_channel / usercommands.cpp
commit29b9f31d55cff3cebd7f95ab05dc8fc8acfb2828[log] [tgz]
authorAyushi Smriti <smriti.ayushi@linux.intel.com>Fri Sep 24 12:29:23 2021 +0530
committersmriti.ayushi <smriti.ayushi@linux.intel.com>Thu Sep 30 08:23:36 2021 +0000
tree87d5a6461aaa6c3c07f5c3333da2b504134d02b2
parentb3f74ace5c6d83d2b6f888ebe5dbaca98c233e21 [diff] [blame]
Fix: Set User Password cmd fails with 0xc7 CC

Issue: Set User Password command (47h) fails with 0xc7 req data length
invalid CC on disable/enable user operation.
According to the IPMI spec, the 'password data' req bytes in Set User
Password cmd need not be present if the operation is ‘disable user’ or
‘enable user’.

This change adds proper checks to address the above issue.

Tested:
Executed set user password cmd and verified success response

previous:
root@intel-obmc:~# ipmitool raw 0x06 0x47 0x02 0x00
Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0 cmd=0x47
rsp=0xc7): Request data length invalid
root@intel-obmc:~# ipmitool raw 0x06 0x47 0x02 0x01
Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0 cmd=0x47
rsp=0xc7): Request data length invalid

After fix:
root@intel-obmc:~# ipmitool raw 0x06 0x47 0x02 0x00

root@intel-obmc:~# ipmitool raw 0x06 0x47 0x02 0x01

Change-Id: Idad719e75abb37d6aebff510ea2339a93bea84dd
Signed-off-by: Ayushi Smriti <smriti.ayushi@linux.intel.com>

diff --git a/user_channel/usercommands.cpp b/user_channel/usercommands.cpp
index 52a9aef..7af38b9 100644
--- a/user_channel/usercommands.cpp
+++ b/user_channel/usercommands.cpp

@@ -281,16 +281,21 @@
         return ipmi::responseInvalidFieldRequest();
     }
 
-    if (pwLen20 && userPassword.size() != maxIpmi20PasswordSize)
+    static constexpr uint2_t opDisableUser = 0x00;
+    static constexpr uint2_t opEnableUser = 0x01;
+    static constexpr uint2_t opSetPassword = 0x02;
+    static constexpr uint2_t opTestPassword = 0x03;
+
+    // If set / test password operation then password size has to be 16 or 20
+    // bytes based on the password size bit
+    if (((operation == opSetPassword) || (operation == opTestPassword)) &&
+        ((pwLen20 && (userPassword.size() != maxIpmi20PasswordSize)) ||
+         (!pwLen20 && (userPassword.size() != maxIpmi15PasswordSize))))
     {
         log<level::DEBUG>("Invalid Length");
         return ipmi::responseReqDataLenInvalid();
     }
-    else if (!pwLen20 && userPassword.size() != maxIpmi15PasswordSize)
-    {
-        log<level::DEBUG>("Invalid Length");
-        return ipmi::responseReqDataLenInvalid();
-    }
+
     size_t passwordLength = userPassword.size();
 
     uint8_t userId = static_cast<uint8_t>(id);
@@ -301,10 +306,6 @@
         return ipmi::responseParmOutOfRange();
     }
 
-    static constexpr uint2_t opDisableUser = 0x00;
-    static constexpr uint2_t opEnableUser = 0x01;
-    static constexpr uint2_t opSetPassword = 0x02;
-    static constexpr uint2_t opTestPassword = 0x03;
     if (operation == opSetPassword)
     {
         // turn the non-nul terminated SecureBuffer into a SecureString