Support privilege based lookup with user name

Support for privilege based lookup, with user name is added.
Still NULL user name is not supported for user/privilege based
lookup for security reasons

Unit-Test:
Verified ipmitool session with -L <privielge>+ and also verified
that RAKP12 fails, when requested privilege is more than the user
privilege.
ipmitool -I lanplus -H xx.xx.xx.xx -U root -P 0penBmc -L Administrator+
raw 6 1

Change-Id: Ia97d4f3091c5ca7e3b688188ce1690c17fce9891
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
diff --git a/command/rakp12.cpp b/command/rakp12.cpp
index 5384ab3..cd7dd68 100644
--- a/command/rakp12.cpp
+++ b/command/rakp12.cpp
@@ -125,11 +125,10 @@
     session->reqMaxPrivLevel = request->req_max_privilege_level;
     session->curPrivLevel = static_cast<session::Privilege>(
         request->req_max_privilege_level & session::reqMaxPrivMask);
-    if (((request->req_max_privilege_level & userNameOnlyLookupMask) !=
-         userNameOnlyLookup) ||
-        (request->user_name_len == 0))
+    if (request->user_name_len == 0)
     {
-        // Skip privilege based lookup for security purpose
+        // Bail out, if user name is not specified.
+        // Yes, NULL user name is not supported for security reasons.
         response->rmcpStatusCode =
             static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
         return outPayload;
@@ -191,6 +190,19 @@
     {
         session->curPrivLevel = static_cast<session::Privilege>(minPriv);
     }
+    // For username / privilege lookup, fail with UNAUTH_NAME, if requested
+    // max privilege is greater than the user privilege.
+    if (((request->req_max_privilege_level & userNameOnlyLookupMask) ==
+         userNamePrivLookup) &&
+        ((request->req_max_privilege_level & session::reqMaxPrivMask) >
+         userAccess.privilege))
+    {
+        std::cerr
+            << "Username/Privilege lookup failed for requested privilege\n";
+        response->rmcpStatusCode =
+            static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
+        return outPayload;
+    }
 
     std::fill(authAlgo->userKey.data(),
               authAlgo->userKey.data() + authAlgo->userKey.size(), 0);