[netipmid] Fix: validate user lockout status
User lockout validation must happen after reading the password
and not before it. This was causing RMCP+ session establishment
failure. This fixes the same
Tested:
1. Verified RMCP+ session establishment when users are not locked
out.
2. Enabled user lockout feature property, and tried to login
after failed login attempts. Able to see RMCP+ session establishment
failed as expected.
Change-Id: Ie4651dfed330a2769114562e031c4263a429da8f
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
diff --git a/command/rakp12.cpp b/command/rakp12.cpp
index 63eb46a..172c83e 100644
--- a/command/rakp12.cpp
+++ b/command/rakp12.cpp
@@ -164,6 +164,14 @@
static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
return outPayload;
}
+ // Get the user password for RAKP message authenticate
+ passwd = ipmi::ipmiUserGetPassword(userName);
+ if (passwd.empty())
+ {
+ response->rmcpStatusCode =
+ static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
+ return outPayload;
+ }
// Check whether user is already locked for failed attempts
if (!ipmi::ipmiUserPamAuthenticate(userName, passwd))
{
@@ -174,14 +182,6 @@
static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
return outPayload;
}
- // Get the user password for RAKP message authenticate
- passwd = ipmi::ipmiUserGetPassword(userName);
- if (passwd.empty())
- {
- response->rmcpStatusCode =
- static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
- return outPayload;
- }
// TODO Replace with proper calls.
uint8_t chNum = static_cast<uint8_t>(ipmi::EChannelID::chanLan1);
// Get channel based access information