Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-net-ipmid / 4021b1f7a1db46b6e467539371321513864534d4^! / . / command / open_session.cpp
commit4021b1f7a1db46b6e467539371321513864534d4[log] [tgz]
authorTom Joseph <tomjoseph@in.ibm.com>Tue Feb 12 10:10:12 2019 +0530
committerTom Joseph <tomjoseph@in.ibm.com>Tue Feb 12 23:37:27 2019 +0530
tree0f3b5a7ff75a36663ac039aa462abe15fed83c55
parentb882dbb2b01be1e00a48e5292107dbdee110ab24 [diff] [blame]
Return the maximum privilege in open session command

This commit does the following:

- Set the maximum privilege role in the session instead of current privilege
  in the implementation of the open session request/response.

- In open session response, return the maximum privilege of the session
  instead of the current privilege level.

- Update RAKP12 and RAKP34 implementation

Tested: Checked the session setup works fine with ipmitool and freeipmi
utility ipmipower.

Change-Id: I41b63b91f08c2ed96856c4db41eedaa878c663e3
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>

diff --git a/command/open_session.cpp b/command/open_session.cpp
index 51da9e1..e3453f8 100644
--- a/command/open_session.cpp
+++ b/command/open_session.cpp

@@ -38,6 +38,22 @@
         return outPayload;
     }
 
+    session::Privilege priv;
+
+    // 0h in the requested maximum privilege role field indicates highest level
+    // matching proposed algorithms. The maximum privilege level the session
+    // can take is set to Administrator level. In the RAKP12 command sequence
+    // the session maximum privilege role is set again based on the user's
+    // permitted privilege level.
+    if (!request->maxPrivLevel)
+    {
+        priv = session::Privilege::ADMIN;
+    }
+    else
+    {
+        priv = static_cast<session::Privilege>(request->maxPrivLevel);
+    }
+
     // Check for valid Confidentiality Algorithms
     if (!cipher::crypt::Interface::isAlgorithmSupported(
             static_cast<cipher::crypt::Algorithms>(request->confAlgo)))
@@ -54,8 +70,7 @@
         session =
             std::get<session::Manager&>(singletonPool)
                 .startSession(
-                    endian::from_ipmi<>(request->remoteConsoleSessionID),
-                    static_cast<session::Privilege>(request->maxPrivLevel),
+                    endian::from_ipmi<>(request->remoteConsoleSessionID), priv,
                     static_cast<cipher::rakp_auth::Algorithms>(
                         request->authAlgo),
                     static_cast<cipher::integrity::Algorithms>(
@@ -73,7 +88,7 @@
 
     response->messageTag = request->messageTag;
     response->status_code = static_cast<uint8_t>(RAKP_ReturnCode::NO_ERROR);
-    response->maxPrivLevel = static_cast<uint8_t>(session->curPrivLevel);
+    response->maxPrivLevel = static_cast<uint8_t>(session->reqMaxPrivLevel);
     response->remoteConsoleSessionID = request->remoteConsoleSessionID;
     response->managedSystemSessionID =
         endian::to_ipmi<>(session->getBMCSessionID());