Add channel access mode check for ipmi commands.
Check the channel access mode and reject the
network ipmi commands, if its disabled.
Tested:
- Disabled channel access mode and network
ipmi commands fails over the same lan channel.
#ipmitool raw 0x06 0x40 0x03 0x80 0x44
- Set channel access mode to always available and ipmi
commands works fine over same lan channel.
#ipmitool raw 0x06 0x40 0x03 0x82 0x44
- Set non-volatile channel access mode to disabled,
reset bmc and ipmi commands fails over same lan channel.
#ipmitool raw 0x06 0x40 0x03 0x40 0x44
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
Change-Id: I44da4e8388b56e5ab7be3aa0e5d20b803a984668
diff --git a/command/rakp12.cpp b/command/rakp12.cpp
index 4a56bf0..9a31dfe 100644
--- a/command/rakp12.cpp
+++ b/command/rakp12.cpp
@@ -17,6 +17,12 @@
namespace command
{
+bool isChannelAccessModeEnabled(const uint8_t accessMode)
+{
+ return accessMode !=
+ static_cast<uint8_t>(ipmi::EChannelAccessMode::disabled);
+}
+
std::vector<uint8_t> RAKP12(const std::vector<uint8_t>& inPayload,
const message::Handler& handler)
{
@@ -197,6 +203,14 @@
static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
return outPayload;
}
+ if (!isChannelAccessModeEnabled(session->sessionChannelAccess.accessMode))
+ {
+ phosphor::logging::log<phosphor::logging::level::ERR>(
+ "Channel access mode disabled.");
+ response->rmcpStatusCode =
+ static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
+ return outPayload;
+ }
if (session->sessionUserPrivAccess.privilege >
static_cast<uint8_t>(session::Privilege::OEM))
{