Skip IPMI Payload commands - IPMI Mesg disabled
Skip IPMI Payload type commands, if IPMI messaging is disabled
for the user.
Tested-by:
Verified that commands are not executed through RMCP+ when
IPMI Messaging is disabled for the user through Set
Channel Acess command. Verified the reverse too.
Change-Id: Ibcfd2a18ccc8b0c498eb06ffb56363b94a735b5e
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
diff --git a/message_handler.cpp b/message_handler.cpp
index a45c13c..e2aafb3 100644
--- a/message_handler.cpp
+++ b/message_handler.cpp
@@ -90,17 +90,31 @@
auto command = inMessage->getCommand();
if (inMessage->payloadType == PayloadType::IPMI)
{
- if (inMessage->payload.size() <
- (sizeof(LAN::header::Request) + sizeof(LAN::trailer::Request)))
+ auto session =
+ std::get<session::Manager&>(singletonPool).getSession(sessionID);
+ // Process PayloadType::IPMI only if ipmi is enabled or for sessionless
+ // or for session establisbment command
+ if (this->sessionID == session::SESSION_ZERO ||
+ session->sessionUserPrivAccess.ipmiEnabled)
{
- return;
- }
+ if (inMessage->payload.size() <
+ (sizeof(LAN::header::Request) + sizeof(LAN::trailer::Request)))
+ {
+ return;
+ }
- auto start = inMessage->payload.begin() + sizeof(LAN::header::Request);
- auto end = inMessage->payload.end() - sizeof(LAN::trailer::Request);
- std::vector<uint8_t> inPayload(start, end);
- std::get<command::Table&>(singletonPool)
- .executeCommand(command, inPayload, shared_from_this());
+ auto start =
+ inMessage->payload.begin() + sizeof(LAN::header::Request);
+ auto end = inMessage->payload.end() - sizeof(LAN::trailer::Request);
+ std::vector<uint8_t> inPayload(start, end);
+ std::get<command::Table&>(singletonPool)
+ .executeCommand(command, inPayload, shared_from_this());
+ }
+ else
+ {
+ std::vector<uint8_t> payload{IPMI_CC_INSUFFICIENT_PRIVILEGE};
+ outPayload = std::move(payload);
+ }
}
else
{