de4121c73894af9711e6f34763dfb3d9462c55d7 - openbmc/phosphor-net-ipmid

commit	de4121c73894af9711e6f34763dfb3d9462c55d7	[log] [tgz]
author	Tang Yiwei <tangyiwei.2022@bytedance.com>	Tue May 17 18:21:03 2022 +0800
committer	Xinnan Xie <xiexinnan@bytedance.com>	Wed Jul 19 15:37:31 2023 +0800
tree	55f404a6b92baabc0d5a08eaa181f46579215be3
parent	11c483510b6cd62976e2b0d9a138150a3a8a73d4 [diff]

Add privilege check in activate payload

When a user's privilege is lower than sol privilege level, payload
activate and deactivate command will be executed failed with this user.
Refer to ipmi spec v2.0 Appendix G, The configuration parameters for a
given payload type determine the privilege level required to activate
and deactivate the payload.

Tested:
1. Check sol privilege level
```
~# ipmitool -I lanplus -H $ip -U $username -P $password sol activate
[SOL Session operational.  Use ~? for help]
SOL session closed by BMC
```
~# ipmitool -I lanplus -H $ip -U $username -P $password sol info
```
Info: SOL parameter 'Nonvolatile Bitrate (5)' not supported
Info: SOL parameter 'Volatile Bitrate (6)' not supported
Set in progress                 : set-complete
Enabled                         : true
Force Encryption                : false
Force Authentication            : false
Privilege Level                 : ADMINISTRATOR
Character Accumulate Level (ms) : 60
Character Send Threshold        : 96
Retry Count                     : 7
Retry Interval (ms)             : 500
Volatile Bit Rate (kbps)        : IPMI-Over-Serial-Setting
Non-Volatile Bit Rate (kbps)    : IPMI-Over-Serial-Setting
Payload Channel                 : 1 (0x01)
Payload Port                    : 623
```

2. Set the privilege of user to 'Operator', run 'sol activate'
and 'sol deactivate'
```
~# ipmitool -I lanplus -H $ip -U $username -P $password sol activate -L OPERATOR
Error activating SOL payload: Insufficient privilege level
~# ipmitool -I lanplus -H $ip -U $username -P $password sol deactivate -L OPERATOR
Error de-activating SOL payload: Insufficient privilege level
```
3. Set the privilege of user to 'ReadOnly', run 'sol activate'
and 'sol deactivate'
```
~# ipmitool -I lanplus -H $ip -U $username -P $password sol activate -L USER
Error activating SOL payload: Insufficient privilege level
~# ipmitool -I lanplus -H $ip -U $username -P $password sol deactivate -L USER
Error de-activating SOL payload: Insufficient privilege level
```
4. Create new users test1 and test2 with 'ReadOnly' privilege,
set sol privilege to 'ReadOnly', run 'sol activate' with test1
```
~# ipmitool -I lanplus -H $ip -U $username -P $password sol set privilege-level user
~# ipmitool -I lanplus -H $ip -U test1 -P $password sol activate -L USER
[SOL Session operational.  Use ~? for help]
```
On another console, deactivate session owned by test1
```
~# ipmitool -I lanplus -H $ip -U test2 -P $password sol deactivate -L USER
Error de-activating SOL payload: Insufficient privilege level
~# ipmitool -I lanplus -H $ip -U test1 -P $password sol deactivate -L USER
```
Session owned by test1 cannot be deactivated by test2, can be
deactivated by test1

Signed-off-by: Tang Yiwei <tangyiwei.2022@bytedance.com>
Change-Id: Ie5ca60c9891140614b701392c94245e916cd97ab

command/payload_cmds.cpp[diff]

1 file changed

tree: 55f404a6b92baabc0d5a08eaa181f46579215be3

README.md

To Build

To build this package, do the following steps:

    1. ./bootstrap.sh
    2. ./configure ${CONFIGURE_FLAGS}
    3. make

To clean the repository run `./bootstrap.sh clean`.