user_mgmt: set priv-user as the default privilege
Due to wrong interpretation of the IPMI spec there appeared the
`no-access` privilege in the OpenBMC. In fact that's just a state
of disabled/unconfigured channel and shouldn't be used as a
valid user's privilege.
This commit is a part of the patch set removing `priv-noaccess` from
OpenBMC. It changes the default privilege for newly created users
from `priv-noaccess` to `priv-user`.
This doesn't affect the previously created users with the set privilege
level, and it's highly recommended that their privelege is changed
manually from `priv-noaccess` to some valid privilege. Alternatively,
those pre-existing users could just be deleted and re-created as needed.
Tested: New users created by IPMI command have `USER` privilege by
default.
Command: ipmitool user set name <user id> <username>
Response: // User created successfully
Command: ipmitool user list
Response: // The channel privilege level for this new user
contains `USER`.
Change-Id: I4b99551448245d3a9ed0882f581784a0ee35e3d8
Signed-off-by: Alexander Filippov <a.filippov@yadro.com>
diff --git a/user_channel/user_mgmt.cpp b/user_channel/user_mgmt.cpp
index f516d83..326035e 100644
--- a/user_channel/user_mgmt.cpp
+++ b/user_channel/user_mgmt.cpp
@@ -1058,7 +1058,8 @@
auto method = bus.new_method_call(
getUserServiceName().c_str(), userMgrObjBasePath,
userMgrInterface, createUserMethod);
- method.append(userName.c_str(), availableGroups, "", false);
+ method.append(userName.c_str(), availableGroups,
+ ipmiPrivIndex[PRIVILEGE_USER], false);
auto reply = bus.call(method);
}
catch (const sdbusplus::exception_t& e)
@@ -1073,6 +1074,11 @@
std::memcpy(userInfo->userName,
static_cast<const void*>(userName.data()), userName.size());
userInfo->userInSystem = true;
+ for (size_t chIndex = 0; chIndex < ipmiMaxChannels; chIndex++)
+ {
+ userInfo->userPrivAccess[chIndex].privilege =
+ static_cast<uint8_t>(PRIVILEGE_USER);
+ }
}
else if (oldUser != userName && validUser)
{