Optimize the response value of ipmiSetUserPassword method

ipmiCCPasswdFailMismatch has been declared in usercommands.hpp, so
there is no need to declare a static variable.

Signed-off-by: George Li

Optimize the response value of ipmiSetUserPassword method

ipmiCCPasswdFailMismatch has been declared in usercommands.hpp, so
there is no need to declare a static variable.

Signed-off-by: George Liu <liuxiwei@ieisystem.com>
Change-Id: I1989c4674392544aaf736823c8b5f9b2ac7acefa

show more ...

Remove unused variables

Using clang-tidy, it was detected that some variables are no longer
in use. This commit remove unused variables.

Signed-off-by: George Liu <liuxiwei@ieisystem.com>
Change-Id

Remove unused variables

Using clang-tidy, it was detected that some variables are no longer
in use. This commit remove unused variables.

Signed-off-by: George Liu <liuxiwei@ieisystem.com>
Change-Id: I382e6ce07e66dc5ad082be9b36d217a037e609b5

show more ...

clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda forma

clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda formatting also changed, so we have made changes to the
organization default style format to better handle lambda formatting.

See I5e08687e696dd240402a2780158664b7113def0e for updated style.
See Iea0776aaa7edd483fa395e23de25ebf5a6288f71 for clang-18 enablement.

Change-Id: I01547e98d27910919e09ebf7907c86292a6c825d
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

user_channel: switch to lg2

Signed-off-by: George Liu <liuxiwei@ieisystem.com>
Change-Id: I80149836f196f01eb09cc874f74eec0d787b5ac5

convert channel_mgmt.cpp to use lg2

Change-Id: I4bd78d3aa3bf3c5717fcf3e2a9186888587456d1
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

Refactor to call the getProperty method

Uniformly use the getProperty method of utils.hpp to obtain values

Signed-off-by: George Liu <liuxiwei@ieisystem.com>
Change-Id: I9eae6bba6806215b51090637a7e

Refactor to call the getProperty method

Uniformly use the getProperty method of utils.hpp to obtain values

Signed-off-by: George Liu <liuxiwei@ieisystem.com>
Change-Id: I9eae6bba6806215b51090637a7e42c8c8d90be87

show more ...

user_mgmt: Fix incorrect log description

The entry method in log debug should be getManagedObjectsMethod
instead of getSubTree.

Signed-off-by: George Liu <liuxiwei@ieisystem.com>
Change-Id: I1dfdbd

user_mgmt: Fix incorrect log description

The entry method in log debug should be getManagedObjectsMethod
instead of getSubTree.

Signed-off-by: George Liu <liuxiwei@ieisystem.com>
Change-Id: I1dfdbd67412284f385466b56a67e86026ec97be1

show more ...

Remove libmapper dependency

After this commit is merged [1], phosphor-ipmi-host no longer depends
on libmapper. This commit removes the dependence on libmapper.

[1] https://gerrit.openbmc.org/c/ope

Remove libmapper dependency

After this commit is merged [1], phosphor-ipmi-host no longer depends
on libmapper. This commit removes the dependence on libmapper.

[1] https://gerrit.openbmc.org/c/openbmc/phosphor-host-ipmid/+/69082

Signed-off-by: George Liu <liuxiwei@ieisystem.com>
Change-Id: Iacf20716b3dd02f0c3173eb6c1fcb39d416f72a6

show more ...

BugFix: user name contains invalid characters

There is an typo in the policy "[a-zA-z_]" configuration.
It it should be "[a-zA-Z_]"

Tested: Create a username contains invalid characters like: ^, [,

BugFix: user name contains invalid characters

There is an typo in the policy "[a-zA-z_]" configuration.
It it should be "[a-zA-Z_]"

Tested: Create a username contains invalid characters like: ^, [, or ].

Before: invalid character can be added as username
ipmitool user list 1
ID Name Callin
4 ^test true
5 [test true
7 ]test true
8 _test true

After: error will be returned once user name has invalid character.
ipmitool user set name 4 ^test4
Set User Name command failed (user 4, name ^test4): Unspecified error

Change-Id: I28a7f36f10b44b59909536214e6688c1895ac14f
Signed-off-by: nichanghao.nch <nichanghao@linux.alibaba.com>

show more ...

Fix the bugs found in static analysis

This commit fixes the following static analyzer reported issues:

Operands don't affect result
some conditions are not required to check as its always true

Fix the bugs found in static analysis

This commit fixes the following static analyzer reported issues:

Operands don't affect result
some conditions are not required to check as its always true
Unsigned compared against 0
Unchecked return value from library
Uninitialized scalar variable

Change-Id: I0b1fd426794bb88f6eafcc817cef5dd2f655e1ba
Signed-off-by: PavanKumarIntel <pavanx.kumar.martha@intel.com>

show more ...

user_channel: strlen isn't constexpr

Change-Id: Id08b03dc487a1c772fa39459cc4e6e3138675910
Signed-off-by: Peter Foley <pefoley@google.com>

clang-format: copy latest and re-format

clang-format-17 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest

clang-format: copy latest and re-format

clang-format-17 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest .clang-format from the docs repository and reformat the
repository.

Change-Id: Ic5fd073faa7391d3f0b37787d6a9c7688c9a3253
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

ipmid: Update sdbuspp namespaces

Fixed all errors when we remove
`SDBUSPP_REMOVE_DEPRECATED_NAMESPACE` in sdbusplus.

Change-Id: I5607585b2709faa7aee347d26e458ef769ca1626
Signed-off-by: Willy Tu <wl

ipmid: Update sdbuspp namespaces

Fixed all errors when we remove
`SDBUSPP_REMOVE_DEPRECATED_NAMESPACE` in sdbusplus.

Change-Id: I5607585b2709faa7aee347d26e458ef769ca1626
Signed-off-by: Willy Tu <wltu@google.com>

show more ...

treewide: Fix various compiler warnings

LTO is currently hiding these warnings.

Change-Id: I09560dfbb150f43d58f472e7592fc0c072e3cc29
Signed-off-by: William A. Kennington III <wak@google.com>

clang-format: copy latest and re-format

clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest

clang-format: copy latest and re-format

clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest .clang-format from the docs repository and reformat the
repository.

Change-Id: I44441096113929ce96eb1439e2932e6ff3c87f27
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

Revoking the GetUserAccess privilege for Operator

In IPMITOOL, operator can see all the accounts for "user list 3" command. This
poses a security issue. It not consistent with Redfish beheviour wher

Revoking the GetUserAccess privilege for Operator

In IPMITOOL, operator can see all the accounts for "user list 3" command. This
poses a security issue. It not consistent with Redfish beheviour where the
Operator user is unable to view other users. This change revokes the Operator
to see other users over IPMITOOL.

Tested: Operator unable to view the users through IPMI
ipmitool -I lanplus -H <ip-address> -U <userid> -P <password> -L Operator -C 17 user list 3
IPMI command failed: Insufficient privilege level

Change-Id: I5b200a85662a05bfdf1fce395e7acff6bbf1a22e
Signed-off-by: Ankita Prasad <ankita.prasad@intel.com>

show more ...

channel-config: reduce logspam

If a channel isn't configured in the channel_config, it is initialized
with `isChValid = false`, which effectively disables it. Unfortunately,
the code was also emitt

channel-config: reduce logspam

If a channel isn't configured in the channel_config, it is initialized
with `isChValid = false`, which effectively disables it. Unfortunately,
the code was also emitting a warning log for every possible channel.
On Bletchley I was observing tens of these log messages every few
seconds, which is not particularly helpful. Delete the logspam.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ie130c8eb891476e26f25cafce94cb6522bc3a66e

show more ...

Revert "user_mgmt: Fix SEGV on 64bit"

This reverts commit 05703adfe2bf70945d2befa8a7beda4ce5e5182a.

Due to we found that root cause about SEGV on 64bit and after modify
in pam-ipmit then SEGV on 64

Revert "user_mgmt: Fix SEGV on 64bit"

This reverts commit 05703adfe2bf70945d2befa8a7beda4ce5e5182a.

Due to we found that root cause about SEGV on 64bit and after modify
in pam-ipmit then SEGV on 64bit will not happen anymore.

Thus, we submitted this commit in gerrit in pam-ipmi as below:
https://gerrit.openbmc.org/c/openbmc/pam-ipmi/+/58579

Root cause:
There is default ipmi_pass file be created and encrypted in 32bit
environment from pam-ipmi original design before.
According the failed message, we found that PAM_AUTHTOK_ERR return
from update_pass_special_file() function that cause ipmid got bad
authentication token. Seems this file cannot be used in 64bit
environment by default that will cause ipmitool user set password
got failed.

Solution:
According current pam-ipmi design that already consider if this file
does not exist then BMC will create it once a user in the ipmi group
has been added. There should not be any file there by default.
Thus, there is no need for this file.
Without install this file by default then ipmitool command successful.

Thus, this default ipmi_pass file that will cause SEGV in host-ipmid on
64 bit project. After remove this default file, SEGV crash issue in
host-ipmid symptom was gone.

BTW, there is another issue we found that
“ipmitool user set password 1 0penBmc0” command failed.
Due to pam-ipmi still use size_t structure, but host-ipmid already
change to use uint32_t structure for MetaPassStruct.

Thus, we need to revert your commit and remove ipmi_pass file in
pam-ipmi for fixing two issues.

Verified:
root@evb-npcm845:~# ipmitool user set password 1 0penBmc0
Set User Password command successful (user 1)

Signed-off-by: Tim Lee <timlee660101@gmail.com>
Change-Id: I03ba57a9006694a09b75c16d897377b1b57051e5

show more ...

user_mgmt: Discard no-access privilege

Due wrong interpretation of the IPMI spec there is appeared the
`no-access` privilege in the OpenBMC. But it's a state of unconfigured
channel and shouldn't be

user_mgmt: Discard no-access privilege

Due wrong interpretation of the IPMI spec there is appeared the
`no-access` privilege in the OpenBMC. But it's a state of unconfigured
channel and shouldn't be used as the valid user's privilege.

This commit is a part of the patch set removing `priv-noaccess` from
OpenBMC. This makes `ipmid` discarding the attempts to set
`priv-noaccess` privilege for existing users.

Tested:
Command: ipmitool user priv <user id> 0xF
Response: IPMI command failed: Invalid data field in request
Command: ipmitool channel setaccesss <channel id> <user id> privilege=0xF
Response: IPMI command failed: Invalid data field in request

Change-Id: Id1c65d83e94e6f7f161afd26840331db7ca0c745
Signed-off-by: Alexander Filippov <a.filippov@yadro.com>

show more ...

user_mgmt: set priv-user as the default privilege

Due to wrong interpretation of the IPMI spec there appeared the
`no-access` privilege in the OpenBMC. In fact that's just a state
of disabled/unconf

user_mgmt: set priv-user as the default privilege

Due to wrong interpretation of the IPMI spec there appeared the
`no-access` privilege in the OpenBMC. In fact that's just a state
of disabled/unconfigured channel and shouldn't be used as a
valid user's privilege.

This commit is a part of the patch set removing `priv-noaccess` from
OpenBMC. It changes the default privilege for newly created users
from `priv-noaccess` to `priv-user`.

This doesn't affect the previously created users with the set privilege
level, and it's highly recommended that their privelege is changed
manually from `priv-noaccess` to some valid privilege. Alternatively,
those pre-existing users could just be deleted and re-created as needed.

Tested: New users created by IPMI command have `USER` privilege by
default.
Command: ipmitool user set name <user id> <username>
Response: // User created successfully
Command: ipmitool user list
Response: // The channel privilege level for this new user
contains `USER`.

Change-Id: I4b99551448245d3a9ed0882f581784a0ee35e3d8
Signed-off-by: Alexander Filippov <a.filippov@yadro.com>

show more ...

channel_mgmt: Handle uncaught exception in syncNetworkChannelConfig

convertToPrivLimitIndex() throws std::invalid_argument exception when
the argument is not a valid privilege string, which is not h

channel_mgmt: Handle uncaught exception in syncNetworkChannelConfig

convertToPrivLimitIndex() throws std::invalid_argument exception when
the argument is not a valid privilege string, which is not handled
in syncNetworkChannelConfig(). This patch fixes it by skipping the
interface when it throws to prevent the ipmi-host service from
crashing.

Tested:
phosphor-ipmi-host is not crashed after manually setting the
MaxPrivilege of an interface to an invalid empty string in
phosphor-networkd.

Change-Id: Ib0361495f1751997fd8fb7e19d9f133888f426d0
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>

show more ...

user_mgmt: Fix SEGV on 64bit

The password management code takes a file off disk and interprets it
as a C struct. This is neither endian safe, 32/64 bit safe nor safe
against C struct alignment rules

user_mgmt: Fix SEGV on 64bit

The password management code takes a file off disk and interprets it
as a C struct. This is neither endian safe, 32/64 bit safe nor safe
against C struct alignment rules.

Fix the SEGV on 64bit by switching from size_t to uint32_t.

Signed-off-by: Anton Blanchard <anton@ozlabs.org>
Change-Id: Ibabd947284441ec141a9d2d3800f1ae95a0a7906

show more ...

sdbusplus: use shorter type aliases

The sdbusplus headers provide shortened aliases for many types.
Switch to using them to provide better code clarity and shorter
lines. Possible replacements are

sdbusplus: use shorter type aliases

The sdbusplus headers provide shortened aliases for many types.
Switch to using them to provide better code clarity and shorter
lines. Possible replacements are for:
* bus_t
* exception_t
* manager_t
* match_t
* message_t
* object_t
* slot_t

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ibd2a0b512bfb7caf65bfab64b271d194da520aac

show more ...

Fix project name misspelling

Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: I11a2565cdf424fc98a193fe722643efdf8ae9424

meson: Expose libchannellayer and libuserlayer

Since other repos need to depend on channellayer and userlayer (for
example: phosphor-net-ipmi, and plan to switch to meson), it is
necessary to expose

meson: Expose libchannellayer and libuserlayer

Since other repos need to depend on channellayer and userlayer (for
example: phosphor-net-ipmi, and plan to switch to meson), it is
necessary to expose libchannellayer and libuserlayer for other repos
to depend on.

Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: I6af6064be71f5a7390940b929d20f4c9e138f60a

show more ...