Return the maximum privilege in open session command
This commit does the following:
- Set the maximum privilege role in the session instead of current privilege
in the implementation of the open session request/response.
- In open session response, return the maximum privilege of the session
instead of the current privilege level.
- Update RAKP12 and RAKP34 implementation
Tested: Checked the session setup works fine with ipmitool and freeipmi
utility ipmipower.
Change-Id: I41b63b91f08c2ed96856c4db41eedaa878c663e3
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>
diff --git a/command/open_session.cpp b/command/open_session.cpp
index 51da9e1..e3453f8 100644
--- a/command/open_session.cpp
+++ b/command/open_session.cpp
@@ -38,6 +38,22 @@
return outPayload;
}
+ session::Privilege priv;
+
+ // 0h in the requested maximum privilege role field indicates highest level
+ // matching proposed algorithms. The maximum privilege level the session
+ // can take is set to Administrator level. In the RAKP12 command sequence
+ // the session maximum privilege role is set again based on the user's
+ // permitted privilege level.
+ if (!request->maxPrivLevel)
+ {
+ priv = session::Privilege::ADMIN;
+ }
+ else
+ {
+ priv = static_cast<session::Privilege>(request->maxPrivLevel);
+ }
+
// Check for valid Confidentiality Algorithms
if (!cipher::crypt::Interface::isAlgorithmSupported(
static_cast<cipher::crypt::Algorithms>(request->confAlgo)))
@@ -54,8 +70,7 @@
session =
std::get<session::Manager&>(singletonPool)
.startSession(
- endian::from_ipmi<>(request->remoteConsoleSessionID),
- static_cast<session::Privilege>(request->maxPrivLevel),
+ endian::from_ipmi<>(request->remoteConsoleSessionID), priv,
static_cast<cipher::rakp_auth::Algorithms>(
request->authAlgo),
static_cast<cipher::integrity::Algorithms>(
@@ -73,7 +88,7 @@
response->messageTag = request->messageTag;
response->status_code = static_cast<uint8_t>(RAKP_ReturnCode::NO_ERROR);
- response->maxPrivLevel = static_cast<uint8_t>(session->curPrivLevel);
+ response->maxPrivLevel = static_cast<uint8_t>(session->reqMaxPrivLevel);
response->remoteConsoleSessionID = request->remoteConsoleSessionID;
response->managedSystemSessionID =
endian::to_ipmi<>(session->getBMCSessionID());