Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-net-ipmid / 7e5d38d2fb51fc746624ff2f2b3701cea245a8fb^! / . / command / rakp12.cpp
commit7e5d38d2fb51fc746624ff2f2b3701cea245a8fb[log] [tgz]
authorRichard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>Sat Mar 02 22:11:41 2019 +0530
committerTom Joseph <tomjoseph@in.ibm.com>Mon Mar 25 11:56:41 2019 +0000
tree54ce91e11925fde20cd7bfc178177281726208bc
parentb9631f8edf351990ed19f8708ded88be6d24c31b [diff] [blame]
RAKP12: Don't allow user with NOACCESS priv.

Don't allow user to establish session with NOACCESS
user privilege.

Tested-by:
1. Updated the user privilege to NO_ACCESS and verified
RMCP+ session establishement errors out.

Change-Id: I787a787a3198a7e0550ac01962e69aab0041cccf
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>

diff --git a/command/rakp12.cpp b/command/rakp12.cpp
index 59ca9e3..a8d5171 100644
--- a/command/rakp12.cpp
+++ b/command/rakp12.cpp

@@ -187,6 +187,12 @@
             static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
         return outPayload;
     }
+    if (userAccess.privilege > static_cast<uint8_t>(session::Privilege::OEM))
+    {
+        response->rmcpStatusCode =
+            static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
+        return outPayload;
+    }
     session->chNum = chNum;
     // minimum privilege of Channel / User / session::privilege::USER/CALLBACK /
     // has to be used as session current privilege level