Fix: Set proper session privilege for RAKP 1 As per Set session privilege level command in IPMI specification when creating a session through Activate command / RAKP 1 message, it must be established with CALLBACK privilege if requested for callback. All other sessions are initialy set to USER privilege, regardless of the requested maximum privilege. Unit-Test: Verified the ipmi session establishement through -L command for user with USER privilege, and verified that Get Device ID not executed, when established for callback user privilege. Change-Id: I8196b8e857b726773f6727ec5dd3b835f8759cde Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>

commit: d5a4f45e1ef5408876069af570e7b0d006c5b5db [log] [tgz]
author: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> Wed Jan 16 12:15:44 2019 +0530
committer: Tom Joseph <tomjoseph@in.ibm.com> Tue Jan 29 06:38:21 2019 +0000
tree: b8009e8113330b6ced3b2401e7d008033c164936
parent: 5f1dd316fca522a8b32547ef2466714c62e1d7d6 [diff]
diff --git a/command/rakp12.cpp b/command/rakp12.cpp
index 2854716..17a7483 100644
--- a/command/rakp12.cpp
+++ b/command/rakp12.cpp

@@ -124,10 +124,19 @@
             static_cast<uint8_t>(RAKP_ReturnCode::INSUFFICIENT_RESOURCE);
         return outPayload;
     }
-
+    // As stated in Set Session Privilege Level command in IPMI Spec, when
+    // creating a session through Activate command / RAKP 1 message, it must be
+    // established with CALLBACK privilege if requested for callback. All other
+    // sessions are initialy set to USER privilege, regardless of the requested
+    // maximum privilege.
+    session->curPrivLevel = session::Privilege::CALLBACK;
+    if (static_cast<session::Privilege>(request->req_max_privilege_level &
+                                        session::reqMaxPrivMask) >
+        session::Privilege::CALLBACK)
+    {
+        session->curPrivLevel = session::Privilege::USER;
+    }
     session->reqMaxPrivLevel = request->req_max_privilege_level;
-    session->curPrivLevel = static_cast<session::Privilege>(
-        request->req_max_privilege_level & session::reqMaxPrivMask);
     if (request->user_name_len == 0)
     {
         // Bail out, if user name is not specified.
@@ -178,8 +187,8 @@
         return outPayload;
     }
     session->chNum = chNum;
-    // minimum privilege of Channel / User / requested has to be used
-    // as session current privilege level
+    // minimum privilege of Channel / User / session::privilege::USER/CALLBACK /
+    // has to be used as session current privilege level
     uint8_t minPriv = 0;
     if (chAccess.privLimit < userAccess.privilege)
     {
commit	d5a4f45e1ef5408876069af570e7b0d006c5b5db	[log] [tgz]
author	Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>	Wed Jan 16 12:15:44 2019 +0530
committer	Tom Joseph <tomjoseph@in.ibm.com>	Tue Jan 29 06:38:21 2019 +0000
tree	b8009e8113330b6ced3b2401e7d008033c164936
parent	5f1dd316fca522a8b32547ef2466714c62e1d7d6 [diff]