commit 99b878493c8864e284bf8970134c7847af65b05b
author Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> Thu Dec 06 21:35:43 2018 +0530
committer Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> Thu Dec 06 21:37:10 2018 +0530
tree 90d259c2fdc747026c7597f25b1f754d98d1dfda
parent 472a37be3a4f6585fa2d30cdc69a27c38771c0bf

Revert "W/A for CI test case - Accept empty user name"

This reverts commit d2563c52eea33c2e4575f34eddac564ba1a44d85.

As CI test cases are updated to work with mandatory
-U options, this commit is reverted. Going forward in order
to establish a RMCP+ session, user name with -U option is
mandatory

Change-Id: I2e1405562f0c20d34b2fcd5a2bba668c87cc7f06
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>

command/rakp12.cpp

diff --git a/command/rakp12.cpp b/command/rakp12.cpp
index 5596725..5384ab3 100644
--- a/command/rakp12.cpp
+++ b/command/rakp12.cpp
@@ -125,84 +125,77 @@
     session->reqMaxPrivLevel = request->req_max_privilege_level;
     session->curPrivLevel = static_cast<session::Privilege>(
         request->req_max_privilege_level & session::reqMaxPrivMask);
-
-    // TODO: W/A code added to allow CI test cases to pass.
-    // Once test cases are updated to add -U option, the following
-    // code has to be removed.
-    // For the time being allow "" user with 0penBmc as password
-    if (request->user_name_len != 0)
+    if (((request->req_max_privilege_level & userNameOnlyLookupMask) !=
+         userNameOnlyLookup) ||
+        (request->user_name_len == 0))
     {
-        if (((request->req_max_privilege_level & userNameOnlyLookupMask) !=
-             userNameOnlyLookup) ||
-            (request->user_name_len == 0))
-        {
-            // Skip privilege based lookup for security purpose
-            response->rmcpStatusCode =
-                static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
-            return outPayload;
-        }
-
-        // Perform user name based lookup
-        std::string userName(request->user_name, request->user_name_len);
-        std::string passwd;
-        uint8_t userId = ipmi::ipmiUserGetUserId(userName);
-        if (userId == ipmi::invalidUserId)
-        {
-            response->rmcpStatusCode =
-                static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
-            return outPayload;
-        }
-        // check user is enabled before proceeding.
-        bool userEnabled = false;
-        ipmi::ipmiUserCheckEnabled(userId, userEnabled);
-        if (!userEnabled)
-        {
-            response->rmcpStatusCode =
-                static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
-            return outPayload;
-        }
-        // Get the user password for RAKP message authenticate
-        passwd = ipmi::ipmiUserGetPassword(userName);
-        if (passwd.empty())
-        {
-            response->rmcpStatusCode =
-                static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
-            return outPayload;
-        }
-        ipmi::PrivAccess userAccess{};
-        ipmi::ChannelAccess chAccess{};
-        // TODO Replace with proper calls.
-        uint8_t chNum = static_cast<uint8_t>(ipmi::EChannelID::chanLan1);
-        // Get channel based access information
-        if ((ipmi::ipmiUserGetPrivilegeAccess(userId, chNum, userAccess) !=
-             IPMI_CC_OK) ||
-            (ipmi::getChannelAccessData(chNum, chAccess) != IPMI_CC_OK))
-        {
-            response->rmcpStatusCode =
-                static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
-            return outPayload;
-        }
-        session->chNum = chNum;
-        // minimum privilege of Channel / User / requested has to be used
-        // as session current privilege level
-        uint8_t minPriv = 0;
-        if (chAccess.privLimit < userAccess.privilege)
-        {
-            minPriv = chAccess.privLimit;
-        }
-        else
-        {
-            minPriv = userAccess.privilege;
-        }
-        if (session->curPrivLevel > static_cast<session::Privilege>(minPriv))
-        {
-            session->curPrivLevel = static_cast<session::Privilege>(minPriv);
-        }
-
-        std::fill(authAlgo->userKey.data(),
-                  authAlgo->userKey.data() + authAlgo->userKey.size(), 0);
-        std::copy_n(passwd.c_str(), passwd.size(), authAlgo->userKey.data());
+        // Skip privilege based lookup for security purpose
+        response->rmcpStatusCode =
+            static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
+        return outPayload;
     }
+
+    // Perform user name based lookup
+    std::string userName(request->user_name, request->user_name_len);
+    std::string passwd;
+    uint8_t userId = ipmi::ipmiUserGetUserId(userName);
+    if (userId == ipmi::invalidUserId)
+    {
+        response->rmcpStatusCode =
+            static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
+        return outPayload;
+    }
+    // check user is enabled before proceeding.
+    bool userEnabled = false;
+    ipmi::ipmiUserCheckEnabled(userId, userEnabled);
+    if (!userEnabled)
+    {
+        response->rmcpStatusCode =
+            static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
+        return outPayload;
+    }
+    // Get the user password for RAKP message authenticate
+    passwd = ipmi::ipmiUserGetPassword(userName);
+    if (passwd.empty())
+    {
+        response->rmcpStatusCode =
+            static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
+        return outPayload;
+    }
+    ipmi::PrivAccess userAccess{};
+    ipmi::ChannelAccess chAccess{};
+    // TODO Replace with proper calls.
+    uint8_t chNum = static_cast<uint8_t>(ipmi::EChannelID::chanLan1);
+    // Get channel based access information
+    if ((ipmi::ipmiUserGetPrivilegeAccess(userId, chNum, userAccess) !=
+         IPMI_CC_OK) ||
+        (ipmi::getChannelAccessData(chNum, chAccess) != IPMI_CC_OK))
+    {
+        response->rmcpStatusCode =
+            static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
+        return outPayload;
+    }
+    session->chNum = chNum;
+    // minimum privilege of Channel / User / requested has to be used
+    // as session current privilege level
+    uint8_t minPriv = 0;
+    if (chAccess.privLimit < userAccess.privilege)
+    {
+        minPriv = chAccess.privLimit;
+    }
+    else
+    {
+        minPriv = userAccess.privilege;
+    }
+    if (session->curPrivLevel > static_cast<session::Privilege>(minPriv))
+    {
+        session->curPrivLevel = static_cast<session::Privilege>(minPriv);
+    }
+
+    std::fill(authAlgo->userKey.data(),
+              authAlgo->userKey.data() + authAlgo->userKey.size(), 0);
+    std::copy_n(passwd.c_str(), passwd.size(), authAlgo->userKey.data());
+
     // Copy the Managed System Random Number to the Authentication Algorithm
     std::copy_n(iter, cipher::rakp_auth::BMC_RANDOM_NUMBER_LEN,
                 authAlgo->bmcRandomNum.begin());

command/session_cmds.cpp

diff --git a/command/session_cmds.cpp b/command/session_cmds.cpp
index bbc1459..5c74d28 100644
--- a/command/session_cmds.cpp
+++ b/command/session_cmds.cpp
@@ -41,18 +41,6 @@
         return outPayload;
     }
 
-    // TODO: W/A code added to allow CI test cases to pass.
-    // Once test cases are updated to add -U option, the following
-    // code has to be removed
-    if (session->userName.empty())
-    {
-        // update current privilege of the session.
-        session->curPrivLevel =
-            static_cast<session::Privilege>(reqPrivilegeLevel);
-        response->newPrivLevel = reqPrivilegeLevel;
-        return outPayload;
-    }
-
     uint8_t userId = ipmi::ipmiUserGetUserId(session->userName);
     if (userId == ipmi::invalidUserId)
     {