clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda forma

clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda formatting also changed, so we have made changes to the
organization default style format to better handle lambda formatting.

See I5e08687e696dd240402a2780158664b7113def0e for updated style.
See Iea0776aaa7edd483fa395e23de25ebf5a6288f71 for clang-18 enablement.

Change-Id: I01547e98d27910919e09ebf7907c86292a6c825d
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

user_channel: switch to lg2

Signed-off-by: George Liu <liuxiwei@ieisystem.com>
Change-Id: I80149836f196f01eb09cc874f74eec0d787b5ac5

user_mgmt: Fix incorrect log description

The entry method in log debug should be getManagedObjectsMethod
instead of getSubTree.

Signed-off-by: George Liu <liuxiwei@ieisystem.com>
Change-Id: I1dfdbd

user_mgmt: Fix incorrect log description

The entry method in log debug should be getManagedObjectsMethod
instead of getSubTree.

Signed-off-by: George Liu <liuxiwei@ieisystem.com>
Change-Id: I1dfdbd67412284f385466b56a67e86026ec97be1

show more ...

BugFix: user name contains invalid characters

There is an typo in the policy "[a-zA-z_]" configuration.
It it should be "[a-zA-Z_]"

Tested: Create a username contains invalid characters like: ^, [,

BugFix: user name contains invalid characters

There is an typo in the policy "[a-zA-z_]" configuration.
It it should be "[a-zA-Z_]"

Tested: Create a username contains invalid characters like: ^, [, or ].

Before: invalid character can be added as username
ipmitool user list 1
ID Name Callin
4 ^test true
5 [test true
7 ]test true
8 _test true

After: error will be returned once user name has invalid character.
ipmitool user set name 4 ^test4
Set User Name command failed (user 4, name ^test4): Unspecified error

Change-Id: I28a7f36f10b44b59909536214e6688c1895ac14f
Signed-off-by: nichanghao.nch <nichanghao@linux.alibaba.com>

show more ...

clang-format: copy latest and re-format

clang-format-17 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest

clang-format: copy latest and re-format

clang-format-17 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest .clang-format from the docs repository and reformat the
repository.

Change-Id: Ic5fd073faa7391d3f0b37787d6a9c7688c9a3253
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

ipmid: Update sdbuspp namespaces

Fixed all errors when we remove
`SDBUSPP_REMOVE_DEPRECATED_NAMESPACE` in sdbusplus.

Change-Id: I5607585b2709faa7aee347d26e458ef769ca1626
Signed-off-by: Willy Tu <wl

ipmid: Update sdbuspp namespaces

Fixed all errors when we remove
`SDBUSPP_REMOVE_DEPRECATED_NAMESPACE` in sdbusplus.

Change-Id: I5607585b2709faa7aee347d26e458ef769ca1626
Signed-off-by: Willy Tu <wltu@google.com>

show more ...

clang-format: copy latest and re-format

clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest

clang-format: copy latest and re-format

clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest .clang-format from the docs repository and reformat the
repository.

Change-Id: I44441096113929ce96eb1439e2932e6ff3c87f27
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

user_mgmt: Discard no-access privilege

Due wrong interpretation of the IPMI spec there is appeared the
`no-access` privilege in the OpenBMC. But it's a state of unconfigured
channel and shouldn't be

user_mgmt: Discard no-access privilege

Due wrong interpretation of the IPMI spec there is appeared the
`no-access` privilege in the OpenBMC. But it's a state of unconfigured
channel and shouldn't be used as the valid user's privilege.

This commit is a part of the patch set removing `priv-noaccess` from
OpenBMC. This makes `ipmid` discarding the attempts to set
`priv-noaccess` privilege for existing users.

Tested:
Command: ipmitool user priv <user id> 0xF
Response: IPMI command failed: Invalid data field in request
Command: ipmitool channel setaccesss <channel id> <user id> privilege=0xF
Response: IPMI command failed: Invalid data field in request

Change-Id: Id1c65d83e94e6f7f161afd26840331db7ca0c745
Signed-off-by: Alexander Filippov <a.filippov@yadro.com>

show more ...

user_mgmt: set priv-user as the default privilege

Due to wrong interpretation of the IPMI spec there appeared the
`no-access` privilege in the OpenBMC. In fact that's just a state
of disabled/unconf

user_mgmt: set priv-user as the default privilege

Due to wrong interpretation of the IPMI spec there appeared the
`no-access` privilege in the OpenBMC. In fact that's just a state
of disabled/unconfigured channel and shouldn't be used as a
valid user's privilege.

This commit is a part of the patch set removing `priv-noaccess` from
OpenBMC. It changes the default privilege for newly created users
from `priv-noaccess` to `priv-user`.

This doesn't affect the previously created users with the set privilege
level, and it's highly recommended that their privelege is changed
manually from `priv-noaccess` to some valid privilege. Alternatively,
those pre-existing users could just be deleted and re-created as needed.

Tested: New users created by IPMI command have `USER` privilege by
default.
Command: ipmitool user set name <user id> <username>
Response: // User created successfully
Command: ipmitool user list
Response: // The channel privilege level for this new user
contains `USER`.

Change-Id: I4b99551448245d3a9ed0882f581784a0ee35e3d8
Signed-off-by: Alexander Filippov <a.filippov@yadro.com>

show more ...

sdbusplus: use shorter type aliases

The sdbusplus headers provide shortened aliases for many types.
Switch to using them to provide better code clarity and shorter
lines. Possible replacements are

sdbusplus: use shorter type aliases

The sdbusplus headers provide shortened aliases for many types.
Switch to using them to provide better code clarity and shorter
lines. Possible replacements are for:
* bus_t
* exception_t
* manager_t
* match_t
* message_t
* object_t
* slot_t

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ibd2a0b512bfb7caf65bfab64b271d194da520aac

show more ...

Fix project name misspelling

Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: I11a2565cdf424fc98a193fe722643efdf8ae9424

cleanup: Remove all warning errors for the Meson build support

Remove all the build warning to prepare for the meson build.
Meson build will be in
https://gerrit.openbmc-project.xyz/c/openbmc/phosph

cleanup: Remove all warning errors for the Meson build support

Remove all the build warning to prepare for the meson build.
Meson build will be in
https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-host-ipmid/+/47748

Tested:
Ipmi command works fine the cleanup.
```
$ systemctl status phosphor-ipmi-host
● phosphor-ipmi-host.service - Phosphor Inband IPMI
Loaded: loaded (/lib/systemd/system/phosphor-ipmi-host.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 1970-01-08 21:20:56 UTC; 21s ago
Main PID: 24987 (ipmid)
CGroup: /system.slice/phosphor-ipmi-host.service
└─24987 /tmp/ipmid

Jan 08 21:20:56 $HOST ipmid[24987]: Registering OEM:[0X002B79], Cmd:[0X30] for Ethstats Commands
Jan 08 21:20:56 $HOST ipmid[24987]: Registering OEM:[0X00C2CF], Cmd:[0X30] for Ethstats Commands
Jan 08 21:20:56 $HOST ipmid[24987]: Registering OEM:[0X002B79], Cmd:[0X32] for Sys Commands
Jan 08 21:20:56 $HOST ipmid[24987]: Registering OEM:[0X002B79], Cmd:[0X02] for I2C
Jan 08 21:20:56 $HOST ipmid[24987]: Registering OEM:[0X00C2CF], Cmd:[0X02] for I2C
Jan 08 21:20:56 $HOST ipmid[24987]: I2C_WHITELIST_CHECK is disabled, do not populate whitelist
Jan 08 21:20:56 $HOST ipmid[24987]: Registering OEM:[0X00C2CF], Cmd:[0X04] for Manual Zone Control
Jan 08 21:20:56 $HOST systemd[1]: Started Phosphor Inband IPMI.
Jan 08 21:20:56 $HOST ipmid[24987]: Loading whitelist filter
Jan 08 21:20:56 $HOST ipmid[24987]: Set restrictedMode = true
(reverse-i-search)`ipmi': systemctl status phosphor-^Cmi-host

$ ipmitool mc info
Device ID : 32
Device Revision : 1
Firmware Revision : 0.00
IPMI Version : 2.0
Manufacturer ID : 7244
Manufacturer Name : Quanta Computer Inc.
Product ID : 14426 (0x385a)
Product Name : Unknown (0x385A)
Device Available : yes
Provides Device SDRs : yes
Additional Device Support :
Sensor Device
SEL Device
FRU Inventory Device
Chassis Device
Aux Firmware Rev Info :
0x00
0x00
0x00
0x00
```

Change-Id: I372c9433a274bc633a24d213b7a1bc205531e33d
Signed-off-by: Willy Tu <wltu@google.com>

show more ...

user_mgmt: Fix for user privilege race condition

The ipmid and netipmid processes cache IPMI user data in a shared file.
The current implementation has coherency and consistency problems:

Coherence

user_mgmt: Fix for user privilege race condition

The ipmid and netipmid processes cache IPMI user data in a shared file.
The current implementation has coherency and consistency problems:

Coherence: If a user account is created and immediately enabled with
IPMI commands, the updated data may not be propagated to netipmid. This
condition can last indefinitely, so the cache is not coherent. The
problem is caused by a lock that doesn't work and allows both processes
to register signal handlers that write to the file.

Consistency: This cache scheme does not have a strict (or linearizable)
consistency model. The ipmid and netipmid processes have an inconsistent
view of the user database until changes propagate to netipmid. Cache
file reads are controlled by mtime comparisons with a one-second
granularity.

So mitigated the second problem by using the full 10ms resolution of
mtime. Now a new user is ready to use much faster than a client can
submit two commands.

Mitigating the second (consistency) problem does not fix the first
problem. It might hide it, but the result will still depend on
non-deterministic timing of DBus signals and mtime granularity.

To fix the coherency problem, changed sigHndlrLock to use a different
file that isn't closed after each operation. Closing a POSIX file lock
releases the lock.

Tested:
1. Verified using IPMI commands by creating multiple users continuously.
Successfully created all users and able to perform RMCPP with that user.

Command: ipmitool user set name <used id> <username>
Response: //User created successfully
Command: ipmitool user set password <used id> <password>
Response: Set User Password command successful <user name>
Command: ipmitool channel setaccess <channel#> <user id> link=on ipmi=on
callin=on privilege=4
Response: Set User Access (channel<number > id <user id>) successful.
Command: ipmitool raw 0x6 0x43 0x9<channel #> <user id> 0x4 0x0
// Set User Access Command
Response: //Success
Command: ipmitool user enable <user id>
Response: //Success
Command: ipmitool -H <BMC IP> -U <user name> -P <password> -C 17 -I
lanplus raw 0x06 0x01
Response: <device ID> //Success

Signed-off-by: Luke Phillips <lucas.phillips@intel.com>
Signed-off-by: Jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: If5ede3b0f97a2ba2b33cf358a9aaaf93d765d359

show more ...

Enable encoding/decoding object paths

Any string used to form a Dbus object path needs to be encoded.
This commit enables encoding the User Name before using it in the
Object path and enables decodi

Enable encoding/decoding object paths

Any string used to form a Dbus object path needs to be encoded.
This commit enables encoding the User Name before using it in the
Object path and enables decoding while converting it back to User
Name to display to the user.
This commit replaces string computation of User Name with
object_path.filename() function which decodes and gives the User
Name string.

Tested:
- ipmitool user set name "_test_123"
- Successfully created /xyz/openbmc_project/user/_test_123
Object Path
- ipmitool user list 3
Displayed the user _test_123

- busctl call xyz.openbmc_project.User.Manager
/xyz/openbmc_project/user xyz.openbmc_project.User.Manager
CreateUser sassb _test_6566 4 "ipmi" "redfish" "ssh" "web"
priv-admin true
- Successfully created /xyz/openbmc_project/user/test_6566
Object Path
- ipmitool user list 3
Displayed "_teste66" which implies successfull decode of
object path.

Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
Change-Id: I75d479cfa4888c5db31ae551bdcc504106bf25fa

show more ...

catch exceptions as const

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ic2b49715c7b81ac5bcfc12ff2d3b4c593cd95ce7

exception: switch to public sdbus exception

SdBusError was intended to be a private error type inside sdbusplus.
Switch all catch locations to use the general sdbusplus::exception type.

Signed-off-

exception: switch to public sdbus exception

SdBusError was intended to be a private error type inside sdbusplus.
Switch all catch locations to use the general sdbusplus::exception type.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I3b5d83511afdf17b2911502279087e57a59b9945

show more ...

Use SecureString where there is data to be cleansed

SecureString has quite a few places it should be used in the user
management code.

Tested: ran set password, test password, and other commands

C

Use SecureString where there is data to be cleansed

SecureString has quite a few places it should be used in the user
management code.

Tested: ran set password, test password, and other commands

Change-Id: Ia53bc914d25f7965c3e72d5cf18346e0fa9339b9
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

show more ...

Restructure pam conversation function(Klockwork fix)

Altered return values form the function. With the earlier
implementation, the function returned PAM_AUTH_ERR on failure scenarios
which is incorr

Restructure pam conversation function(Klockwork fix)

Altered return values form the function. With the earlier
implementation, the function returned PAM_AUTH_ERR on failure scenarios
which is incorrect. Replaced PAM_AUTH_ERR with PAM_CONV_ERR and
PAM_BUF_ERR at respetive places.

Added a check for number of messages received by the conversation
function capped at PAM_MAX_NUM_MSG.

Added a check for password size, which is capped at PAM_MAX_RESP_SIZE
as the bytes in the password greater than this limit would be discarded
by PAM.

Though pam_response structure and response, which are dynamically
allocated by the pam conversation function are the responsibility of the
caller to free them, with the current implemention, there is a possibility of
memory leak when numMsg would be zero or if PAM_PROMPT_ECHO_OFF
message never arrived.
This commit fixes the possible memory leak by allocating only on
receiving PAM_PROMPT_ECHO_OFF message.

Tested:
- ipmitool tool command passed with correct credentials:
- With Correct Creds: ipmitool -I lanplus -H x.x.x.x -C 17 -U root -P
0penBmc raw 0x00 0x01
Reply : 01 00 03 70
- With Incorrect Creds: ipmitool -I lanplus -H x.x.x.x -C 17 -U root
-P 0pen raw 0x00 0x01
Reply : Error: Unable to establish IPMI session

Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
Change-Id: I670c3316eec01993a5cd0d79d1d6be248cf64328

show more ...

Move SecureString class to ipmid/types.hpp

SecureString class doesn't have access in user_library to use in
other files

Tested:
Added class to ipmid/types.hpp from user_channel/user_mgmt.hpp
Build

Move SecureString class to ipmid/types.hpp

SecureString class doesn't have access in user_library to use in
other files

Tested:
Added class to ipmid/types.hpp from user_channel/user_mgmt.hpp
Build got successful.

Signed-off-by: Snehalatha Venkatesh <snehalathax.v@intel.com>
Change-Id: I5e0c4bb0744113e70540b272f16a5116421048fb

show more ...

Fix for ipmid crash with SetUserPassword

Issue: SetUserPassword with a short password causes ipmid to crash

Fix: Adjust clear sensitive data

Tested:
1. Verified using ipmitool commands
Command: ip

Fix for ipmid crash with SetUserPassword

Issue: SetUserPassword with a short password causes ipmid to crash

Fix: Adjust clear sensitive data

Tested:
1. Verified using ipmitool commands
Command: ipmitool user set password 3 a
Response: IPMI command failed: Invalid data field in request
Set User Password command failed (user 3)
Command: ipmitool user set password 3 asdf1234
Response: Set User Password command successful (user 3)
2. IPMID did not crash wth the changes

Signed-off-by: Snehalatha Venkatesh <snehalathax.v@intel.com>
Change-Id: Ib9462ed6f79a8ef8592e579521526c9f3e7c79b0

show more ...

Permit assignment the IPMI management channel via JSON

phosphor-ipmi-host hard codes Channel 1 as the LAN NIC responsible for
managing and updating IPMI, Redfish, and web server access
permissions.

Permit assignment the IPMI management channel via JSON

phosphor-ipmi-host hard codes Channel 1 as the LAN NIC responsible for
managing and updating IPMI, Redfish, and web server access
permissions. Systems that do not have an lan-802.3 channel type
configured for IPMI Channel 1 have no way of assigning permissions
that flow to phosphor-user-manager. The inability to update
permissions within phosphor-user-manaager ultimaltely flows to Redfish
and HTTPS access.

The changes in this commit provide flexibility in assigning the IPMI
channel used to propagate permission changes to
phosphor-user-manager. A new boolean keyword, is_managment_nic, is
added. This entry is added to the JSON file, channel_config.json by
default, to announce which lan-802.3 IPMI channel is to be used to
assign IPMI permissions used by phosphor-user-manager. Only one
channel can have this ability. If the keyword is missing in the JSON
file, the code falls back to using Channel 1.

Tested:
Fully testing this change requires using code that dynamically
disables Channel 1. The SUT only has a single NIC, which is not
assigned to Channel 1.

Fully reprogrammed SPI to enter a pristine state.
Created a new user, channel 3, id 2, privilege=4

Confirmed LAN "ipmitool raw 6 1" succeeds
Confirmed Web access to new user account
Confirmed Redfish acess to new user account
Confirmed BMC console "ipmitool raw 6 1" succeeds

Used BMC console ipmitool to change user permissions from 4 to
15 (i.e. no access)

Confirmed LAN "ipmitool raw 6 1" succeeds
Confirmed Web access to new user account fails
Confirmed Redfish acess to new user account fails
Confirmed BMC console "ipmitool raw 6 1" fails

Used BMC console ipmitool to change user permissions from 15 to
4 (i.e. admin)

All of the prior tests work as expected.

Change-Id: I5f6941fefc4f80742e404de1f22ba10cbedf5d5d
Signed-off-by: Johnathan Mantey <johnathanx.mantey@intel.com>

show more ...

Clear security sensitive data

As password is sensitive data Clear after use.

Tested:
Verified using ipmitool commands
Command: ipmitool user set password 5 asdf1234 //Set user password
Response: Se

Clear security sensitive data

As password is sensitive data Clear after use.

Tested:
Verified using ipmitool commands
Command: ipmitool user set password 5 asdf1234 //Set user password
Response: Set User Password command successful (user 5)
Command: ipmitool raw 6 0x47 5 2 0x30 0x70 0x65 0x6e 0x42 0x6d 0x63
0x31 0 0 0 0 0 0 0 0 //set user password - set password
Response: //Success
Command: ipmitool raw 6 0x47 5 3 0x30 0x70 0x65 0x6e 0x42 0x6d 0x63
0x31 0 0 0 0 0 0 0 0 //set user password - test password
Response: //Success

Signed-off-by: Jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: I06196233ac5468534bd10fd34f99f7d35fd7b971

show more ...

user_channel: Rewriting ipmiUserSetUserName API

Rewriting ipmiUserSetUserName API

Tested:
Verified using ipmitool commands.
Command: ipmitool user set name 4 user4
Response: //Success
Command: i

user_channel: Rewriting ipmiUserSetUserName API

Rewriting ipmiUserSetUserName API

Tested:
Verified using ipmitool commands.
Command: ipmitool user set name 4 user4
Response: //Success
Command: ipmitool user set password 4 asdf1234
Response: Set User Password command successful (user 4)
Command: ipmitool user priv 4 0x03 1
Response: Set Privilege Level command successful (user 4)
Command: ipmitool user set name 14 user13asdfghkjlqwert
Response: Username is too long (> 16 bytes)
Command: ipmitool -I lanplus -C 3 -p 623 -U root -P <password> -H
<BMC-IP> user set name 8 WIJGueNKd
Response: //Success
Command: ipmitool user list 1 //User list for channel 1
1 root false true true ADMINISTRATOR
2 user2 true false false USER
3 user3 true false false NO ACCESS
4 user4 true false false OPERATOR
5 WIJGueNK true false false NO ACCESS
6 WIJGueNKb true false false NO ACCESS
7 WIJGueNKc true false false NO ACCESS
8 WIJGueNKd true false false NO ACCESS
9 true false false NO ACCESS
10 true false false NO ACCESS

Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: I41c091f6d9aaf54326295d1e80e16db521b2e23d

show more ...

Fix for Callback privilege

Issue: Not returning proper error when user privilege is Callback

Returning proper error codes.

Tested:
Command: ipmitool raw 0x06 0x40 0x3 0x42 0x41 //SetChannelAcce

Fix for Callback privilege

Issue: Not returning proper error when user privilege is Callback

Returning proper error codes.

Tested:
Command: ipmitool raw 0x06 0x40 0x3 0x42 0x41 //SetChannelAccess
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x40 rsp=0xcc): Invalid data field in request
Command: ipmitool raw 0x06 0x40 0x3 0x42 0xc2 //SetChannelAccess
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x40 rsp=0x83): Unknown (0x83)
Command: ipmitool user priv 2 0x01 1
Response: IPMI command failed: Invalid data field in request
Set Privilege Level command failed (user 2)
Command: ipmitool raw 0x06 0x38 1 1 //Get Channel Auth Capabilities
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x38 rsp=0xcc): Invalid data field in request
Command: ipmitool raw 0x06 0x40 0x1 0x42 0x81 //SetChannelAccess
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x40 rsp=0xcc): Invalid data field in request
Command: ipmitool raw 0x06 0x43 0x1 2 1 0 //Set User Access Command
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x43 rsp=0xcc): Invalid data field in request
Command: ipmitool raw 0x06 0x43 0x2 1 2 0 //Set User Access Command
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x43 rsp=0xff): Unspecified error
Command: ipmitool raw 0x06 0x42 0x02 //Get Channel Info Command
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x42 rsp=0x82): Unknown (0x82)
Command: ipmitool raw 0x06 0x4E 0x02 //Get Channel Payload Support
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x4e rsp=0xff): Unspecified error
Command: ipmitool raw 0x06 0x4E 0x0F //Get Channel Payload Support
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x4e rsp=0xcc): Invalid data field in request
Command: ipmitool raw 0x06 0x4F 0x02 0x00 //Get Channel Payload Version
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x4f rsp=0xcc): Invalid data field in request
Command: ipmitool raw 0x06 0x4C 0x02 0x01 0x02 0x00 0x00 0x00
//Set User Payload Access
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x4c rsp=0xcc): Invalid data field in request
Command: ipmitool raw 0x06 0x44 0x02 0x02 //Get User Access Command
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x44 rsp=0xcc): Invalid data field in request
Command: ipmitool raw 0x06 0x44 0x01 0x11 //Get User Access Command
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x44 rsp=0xc9): Parameter out of range
Command: ipmitool raw 0x06 0x4D 0x02 0x02 //Get User Payload Access
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x4d rsp=0xcc): Invalid data field in request
Command: ipmitool raw 0x06 0x40 0x3 0x44 0x43
// set channel access for Non-volatile priv limit
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x40 rsp=0x83): Unknown (0x83)
Command: ipmitool raw 0x06 0x40 0x1 0x85 0x82
// set channel access for volatile priv limit
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x40 rsp=0x83): Unknown (0x83)

Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: I4ff6fb5ae9a604e6b38fb92c249416605ec27cb5

show more ...

user_channel:Change fun ret&cmd cc as per New Std

Modified ipmi function return status code and
command completion codes as per new standard.

Tested:
verified using ipmitool commands.
1. create new

user_channel:Change fun ret&cmd cc as per New Std

Modified ipmi function return status code and
command completion codes as per new standard.

Tested:
verified using ipmitool commands.
1. create new user
Command : ipmitool user set name 5 user5
Response: //user created successfully
Command: ipmitool user set password 5 0penBmc\' //set password
Response: Set User Password command successful (user 5)

2. Set password
Command : ipmitool user set password 5 0penBmc\'
Response: Set User Password command successful (user 5)

3. set channel access
Command: ipmitool channel setaccess 1 5 callin=on ipmi=on link=on
privilege=4
Response: Set User Access (channel 1 id 5) successful.

4. get channel access
Command: ipmitool channel getaccess 1 5
Response:
Maximum User IDs : 15
Enabled User IDs : 5

User ID : 5
User Name : user5
Fixed Name : No
Access Available : call-in / callback
Link Authentication : enabled
IPMI Messaging : enabled
Privilege Level : ADMINISTRATOR
Enable Status : disabled

5. User list
Command: ipmitool user list 1
Response:
ID Name Callin Link Auth IPMI Msg Channel Priv Limit
1 root false true true ADMINISTRATOR
2 putty_operator true true true OPERATOR
3 ipmi_admin true true true ADMINISTRATOR
4 user2 false true true OPERATOR
5 user5 true true true ADMINISTRATOR
6 true false false NO ACCESS
7 true false false NO ACCESS
8 true false false NO ACCESS
9 true false false NO ACCESS
10 true false false NO ACCESS
11 true false false NO ACCESS
12 true false false NO ACCESS
13 true false false NO ACCESS
14 true false false NO ACCESS
15 true false false NO ACCESS

Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Signed-off-by: NITIN SHARMA <nitin1x.sharma@intel.com>
Change-Id: I5f2c32f50edc2de204ac361364e21a61a4bcf237

show more ...