Revert "W/A for CI test case - Accept empty user name"
This reverts commit d2563c52eea33c2e4575f34eddac564ba1a44d85.
As CI test cases are updated to work with mandatory
-U options, this commit is reverted. Going forward in order
to establish a RMCP+ session, user name with -U option is
mandatory
Change-Id: I2e1405562f0c20d34b2fcd5a2bba668c87cc7f06
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
diff --git a/command/rakp12.cpp b/command/rakp12.cpp
index 5596725..5384ab3 100644
--- a/command/rakp12.cpp
+++ b/command/rakp12.cpp
@@ -125,84 +125,77 @@
session->reqMaxPrivLevel = request->req_max_privilege_level;
session->curPrivLevel = static_cast<session::Privilege>(
request->req_max_privilege_level & session::reqMaxPrivMask);
-
- // TODO: W/A code added to allow CI test cases to pass.
- // Once test cases are updated to add -U option, the following
- // code has to be removed.
- // For the time being allow "" user with 0penBmc as password
- if (request->user_name_len != 0)
+ if (((request->req_max_privilege_level & userNameOnlyLookupMask) !=
+ userNameOnlyLookup) ||
+ (request->user_name_len == 0))
{
- if (((request->req_max_privilege_level & userNameOnlyLookupMask) !=
- userNameOnlyLookup) ||
- (request->user_name_len == 0))
- {
- // Skip privilege based lookup for security purpose
- response->rmcpStatusCode =
- static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
- return outPayload;
- }
-
- // Perform user name based lookup
- std::string userName(request->user_name, request->user_name_len);
- std::string passwd;
- uint8_t userId = ipmi::ipmiUserGetUserId(userName);
- if (userId == ipmi::invalidUserId)
- {
- response->rmcpStatusCode =
- static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
- return outPayload;
- }
- // check user is enabled before proceeding.
- bool userEnabled = false;
- ipmi::ipmiUserCheckEnabled(userId, userEnabled);
- if (!userEnabled)
- {
- response->rmcpStatusCode =
- static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
- return outPayload;
- }
- // Get the user password for RAKP message authenticate
- passwd = ipmi::ipmiUserGetPassword(userName);
- if (passwd.empty())
- {
- response->rmcpStatusCode =
- static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
- return outPayload;
- }
- ipmi::PrivAccess userAccess{};
- ipmi::ChannelAccess chAccess{};
- // TODO Replace with proper calls.
- uint8_t chNum = static_cast<uint8_t>(ipmi::EChannelID::chanLan1);
- // Get channel based access information
- if ((ipmi::ipmiUserGetPrivilegeAccess(userId, chNum, userAccess) !=
- IPMI_CC_OK) ||
- (ipmi::getChannelAccessData(chNum, chAccess) != IPMI_CC_OK))
- {
- response->rmcpStatusCode =
- static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
- return outPayload;
- }
- session->chNum = chNum;
- // minimum privilege of Channel / User / requested has to be used
- // as session current privilege level
- uint8_t minPriv = 0;
- if (chAccess.privLimit < userAccess.privilege)
- {
- minPriv = chAccess.privLimit;
- }
- else
- {
- minPriv = userAccess.privilege;
- }
- if (session->curPrivLevel > static_cast<session::Privilege>(minPriv))
- {
- session->curPrivLevel = static_cast<session::Privilege>(minPriv);
- }
-
- std::fill(authAlgo->userKey.data(),
- authAlgo->userKey.data() + authAlgo->userKey.size(), 0);
- std::copy_n(passwd.c_str(), passwd.size(), authAlgo->userKey.data());
+ // Skip privilege based lookup for security purpose
+ response->rmcpStatusCode =
+ static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
+ return outPayload;
}
+
+ // Perform user name based lookup
+ std::string userName(request->user_name, request->user_name_len);
+ std::string passwd;
+ uint8_t userId = ipmi::ipmiUserGetUserId(userName);
+ if (userId == ipmi::invalidUserId)
+ {
+ response->rmcpStatusCode =
+ static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
+ return outPayload;
+ }
+ // check user is enabled before proceeding.
+ bool userEnabled = false;
+ ipmi::ipmiUserCheckEnabled(userId, userEnabled);
+ if (!userEnabled)
+ {
+ response->rmcpStatusCode =
+ static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
+ return outPayload;
+ }
+ // Get the user password for RAKP message authenticate
+ passwd = ipmi::ipmiUserGetPassword(userName);
+ if (passwd.empty())
+ {
+ response->rmcpStatusCode =
+ static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
+ return outPayload;
+ }
+ ipmi::PrivAccess userAccess{};
+ ipmi::ChannelAccess chAccess{};
+ // TODO Replace with proper calls.
+ uint8_t chNum = static_cast<uint8_t>(ipmi::EChannelID::chanLan1);
+ // Get channel based access information
+ if ((ipmi::ipmiUserGetPrivilegeAccess(userId, chNum, userAccess) !=
+ IPMI_CC_OK) ||
+ (ipmi::getChannelAccessData(chNum, chAccess) != IPMI_CC_OK))
+ {
+ response->rmcpStatusCode =
+ static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
+ return outPayload;
+ }
+ session->chNum = chNum;
+ // minimum privilege of Channel / User / requested has to be used
+ // as session current privilege level
+ uint8_t minPriv = 0;
+ if (chAccess.privLimit < userAccess.privilege)
+ {
+ minPriv = chAccess.privLimit;
+ }
+ else
+ {
+ minPriv = userAccess.privilege;
+ }
+ if (session->curPrivLevel > static_cast<session::Privilege>(minPriv))
+ {
+ session->curPrivLevel = static_cast<session::Privilege>(minPriv);
+ }
+
+ std::fill(authAlgo->userKey.data(),
+ authAlgo->userKey.data() + authAlgo->userKey.size(), 0);
+ std::copy_n(passwd.c_str(), passwd.size(), authAlgo->userKey.data());
+
// Copy the Managed System Random Number to the Authentication Algorithm
std::copy_n(iter, cipher::rakp_auth::BMC_RANDOM_NUMBER_LEN,
authAlgo->bmcRandomNum.begin());