Enable clang-tidy and apply fixes

Enable clang-tidy, fix the compile issue and fix the clang-tidy issues.

Signed-off-by: Lei YU <yulei.sh@bytedance.com>
Change-Id: I6250c6519a725c07b0cd10abe464fda9

Enable clang-tidy and apply fixes

Enable clang-tidy, fix the compile issue and fix the clang-tidy issues.

Signed-off-by: Lei YU <yulei.sh@bytedance.com>
Change-Id: I6250c6519a725c07b0cd10abe464fda97a2aebd7

show more ...

clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda forma

clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda formatting also changed, so we have made changes to the
organization default style format to better handle lambda formatting.

See I5e08687e696dd240402a2780158664b7113def0e for updated style.
See Iea0776aaa7edd483fa395e23de25ebf5a6288f71 for clang-18 enablement.

Change-Id: I8d0072c279e4de87dc001190845d0ca6da233345
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

sdbusplus: use shorter type aliases

The sdbusplus headers provide shortened aliases for many types.
Switch to using them to provide better code clarity and shorter
lines. Possible replacements are

sdbusplus: use shorter type aliases

The sdbusplus headers provide shortened aliases for many types.
Switch to using them to provide better code clarity and shorter
lines. Possible replacements are for:
* bus_t
* exception_t
* manager_t
* match_t
* message_t
* object_t
* slot_t

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ic68a12ef7c12222b1300981282161c971b561dc1

show more ...

Update to latest clang-format

Refer:https://github.com/openbmc/docs/blob/ac5d544553934f8083c61c5986a1420261bc8a4c/style/cpp/.clang-format

Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id:

Update to latest clang-format

Refer:https://github.com/openbmc/docs/blob/ac5d544553934f8083c61c5986a1420261bc8a4c/style/cpp/.clang-format

Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: I1e06864afc29ce7de463e62fa2a0eb6f70e8fd93

show more ...

Be more proactive at removing stale sessions

The maximum number of sessions is set to limit total resources that
netipmid is allowed to use. But it also opens a door to DoS attacks that
would use up

Be more proactive at removing stale sessions

The maximum number of sessions is set to limit total resources that
netipmid is allowed to use. But it also opens a door to DoS attacks that
would use up all the sessions and then never close them. This new
mechanism will allow extra sessions, especially if they are short and
active. As the number of sessions grows beyond the desired maximum, the
reaping time becomes shorter and shorter to ensure that only actual
active sessions are kept.

This introduces a variable max idle time that starts at 60s, according
to the IPMI spec, for up to the desired maximum number of sessions per
channel (currently 15). Beyond 15 sessions, The idle time is reduced
proportionally to the inverse^3 of the number of sessions beyond the
desired maximum.

Some sample maximum idle times for active sessions this new scheme:
Idle time for up to 15 sessions stays at 60s
Idle time for 16 sessions is reduced to 7.5s
Idle time for 20 sessions is reduced to 277ms
Idle time for 24 sessions is reduced to 60ms

For sessions in setup, the idle times are calculated the same as for
active sessions, but use the full session count (active and setup) and
are limited to a maximum idle time of 3 seconds.

One other feature added is to schedule session cleaning when a Close
Session command is received. Without this, sessions that are in the
shutDownPending state would live on for much longer than needed. Really,
the session only needs to live long enough to prepare the response
message, but curretly there is no mechanism to remove just that one
session from that context.

Tested: Open lots of sessions and wait for them to get reaped
$ for ((i=0; i<16; i++)); do \
ipmitool -C 17 -I lanplus -H $HOST -U $USR -P $PW sensor list & \
done
$ for ((i=0; i<10; i++)); do \
ipmitool -C 17 -I lanplus -H $HOST -U $USR -P $PW mc info & \
done

In this case, the first 16 sessions will open just fine, but with
a slightly shorted idle time (no problems). The next ten sessions
may or may not all get to open, because the number of setup
sessions open simultaneously will severely limit the idle time of
the setup sessions, causing some of them to fail to fully open.

Change-Id: Iae2e68c7192f3f5a2cafa8e825aa025454405c84
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

show more ...

netipmid: Manage and expose session object

Session (RMCP+) is managed by net-ipmid directly, but
session commands has to be supported in both LAN & other
session-less interfaces. In order to make se

netipmid: Manage and expose session object

Session (RMCP+) is managed by net-ipmid directly, but
session commands has to be supported in both LAN & other
session-less interfaces. In order to make session commands
to work in other interfaces, session objects must be
exposed as D-Bus objects, so that ipmi-providers can
query the same.

Tested:
1. Verified that RMCP+ session are perfectly working
2. Verified RMCP+ session establishment fails for wrong
password
3. Verified that session privilege level are maintained
and access are restricted accordingly
4. Verified session timeout and sessions are destroyed
accordingly after timeout
5. verified max session count working behavior
6. verified ipmi-providers responding with proper response for this
(or D-Bus objects are exposed correctly during session creation,
session deletion,session update,
(like privilege, - say even set session privilege level command)
7.Session objects are created dynamically.

Change-Id: I78a8449359877ef6cc4cd8161d8c67e6e54eb52b
Signed-off-by: Suryakanth Sekar <suryakanth.sekar@linux.intel.com>

show more ...

Cache the user & channel acces in session

Instead of querying the user & channel access for every time
cache the same during session creation, and use it for
enforcements.

Tested-by:
Verified that

Cache the user & channel acces in session

Instead of querying the user & channel access for every time
cache the same during session creation, and use it for
enforcements.

Tested-by:
Verified that RMCP+ session establishment works as expected
including INSUFFICIENT_PRIVILEGE error.

Change-Id: Ib5a05bd07cc9aabf2625a18090fd905d93489b24
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>

show more ...

Return the maximum privilege in open session command

This commit does the following:

- Set the maximum privilege role in the session instead of current privilege
in the implementation of the open

Return the maximum privilege in open session command

This commit does the following:

- Set the maximum privilege role in the session instead of current privilege
in the implementation of the open session request/response.

- In open session response, return the maximum privilege of the session
instead of the current privilege level.

- Update RAKP12 and RAKP34 implementation

Tested: Checked the session setup works fine with ipmitool and freeipmi
utility ipmipower.

Change-Id: I41b63b91f08c2ed96856c4db41eedaa878c663e3
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>

show more ...

RMCP+ login support with privilege

Implementation of RMCP login support with appropriate
privilege level.

Unit Test:
1. Verified that user is able to login without any issues
2. Privilege of the us

RMCP+ login support with privilege

Implementation of RMCP login support with appropriate
privilege level.

Unit Test:
1. Verified that user is able to login without any issues
2. Privilege of the user is minimum of requested, user & channel
3. Unable to set higher privilege using Set session commands

Change-Id: I5e9ef21dfc1f1b50aa815562a3a65d90c434877c
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>

show more ...

netipmid: use libcrypto prng instead of insecure std::rand

std::rand is insecure. Add a simple openssl-crypto wrapper for a similar
interface that can replace it.

Tested-by: Run ipmitool six times

netipmid: use libcrypto prng instead of insecure std::rand

std::rand is insecure. Add a simple openssl-crypto wrapper for a similar
interface that can replace it.

Tested-by: Run ipmitool six times in parallel to see that five
independent sessions are created and the sixth one causes the
BMC to dump the session list on the console. Note that the
session numbers are still random.

Change-Id: I0b387f1343abefc45be0d62cf9af45fbd5563047
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

show more ...

netipmid: make session a header-only situation

The Session class is a fairly simple class, no need for an external cpp
file; make it all header-only and allow the compiler to do its job.

Change-Id:

netipmid: make session a header-only situation

The Session class is a fairly simple class, no need for an external cpp
file; make it all header-only and allow the compiler to do its job.

Change-Id: Ibbe7e963762926ec04c75ab187a5b8045de851f4
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

show more ...

netipmid: apply clang-format rules

Lots of whitespace change. Let clang-format do its job and keep the code
looking nice.

Change-Id: Idfcad1a99cab8170d55a06163de8ad3f420b68b7
Signed-off-by: Vernon

netipmid: apply clang-format rules

Lots of whitespace change. Let clang-format do its job and keep the code
looking nice.

Change-Id: Idfcad1a99cab8170d55a06163de8ad3f420b68b7
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

show more ...

Support username for IPMI default user account

The current support in IPMI is for the nameless account, which has
no username and only password associated with the account. In
ipmitool for the namel

Support username for IPMI default user account

The current support in IPMI is for the nameless account, which has
no username and only password associated with the account. In
ipmitool for the nameless account -U option is not needed. There are
management scripts which take a parameter for -U option and fails
if -U option is not supported by ipmitool option. This patch is to
support "admin" username for the default account. Once full fledged
user account management is in place, this change can be removed.

Change-Id: Idad73c0d04f189af66f2365424a68a637fe0e476
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>

show more ...

Correct doxygen syntax in phosphor-net-ipmid

Resolves openbmc/openbmc#1147

Change-Id: I57ab1b09ec1bf308cc3d97cd30b2d18564beb38b
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>

Add socket channel property to session to send SOL packets.

Change-Id: I7bbdb9c23434aa6936c47796f296b2b08892a30e
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>

Provide API to check if the confidentiality algo is enabled for the session.

Change-Id: Ia0585907191a921d7081e855e19d7a5fa9771c6b
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>

Provide API to check if integrity algorithm is enabled for the session.

Change-Id: I6d57b5d964c9cbcf361ab97667fb43ae7fe03b6f
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>

Initialise the in/out sequence numbers

Change-Id: Iff887dddca1df013ea0fa1ac452ad9d2c04c5d12
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>

Modify the session data to handle the Confidentiality algo

Change-Id: I1be4bb4349a5dfe0a512017cc5ed8f80e5ab14d9
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>

Correct the aligment for a long line

Change-Id: I38e0eacc702b5415acc97f6f0148312f246e577a
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>

Session data modified to handle integrity algo

Change-Id: I3ebc8f2e1599b01e3cfb89c2ab17651d549a7ca1
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>

Representation of an IPMI session

IPMI session class encapsulates the details regarding an IPMI session.
It includes the details of the remote session id, BMC session id
Cipher suites, session state

Representation of an IPMI session

IPMI session class encapsulates the details regarding an IPMI session.
It includes the details of the remote session id, BMC session id
Cipher suites, session state information.

Change-Id: Iffae0e05f33d1b3aa32cc17e5a3c1368d53c1d38
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>

show more ...