Lines Matching +full:random +full:- +full:access
13 #include <phosphor-logging/lg2.hpp>
45 if (inPayload.size() < (sizeof(*request) - userNameMaxLen)) in RAKP12()
55 if (endian::from_ipmi(request->managedSystemSessionID) == in RAKP12()
59 response->rmcpStatusCode = in RAKP12()
68 endian::from_ipmi(request->managedSystemSessionID)); in RAKP12()
73 response->rmcpStatusCode = in RAKP12()
79 sizeof(RAKP1request) - (userNameMaxLen - request->user_name_len); in RAKP12()
83 if (request->user_name_len > userNameMaxLen || in RAKP12()
86 response->rmcpStatusCode = in RAKP12()
92 session->userName.assign(request->user_name, request->user_name_len); in RAKP12()
95 session->updateLastTransactionTime(); in RAKP12()
97 auto rcSessionID = endian::to_ipmi(session->getRCSessionID()); in RAKP12()
98 auto bmcSessionID = endian::to_ipmi(session->getBMCSessionID()); in RAKP12()
99 auto authAlgo = session->getAuthAlgo(); in RAKP12()
102 * Generate Key Authentication Code - RAKP 2 in RAKP12()
104 * 1) Remote Console Session ID - 4 bytes in RAKP12()
105 * 2) Managed System Session ID - 4 bytes in RAKP12()
106 * 3) Remote Console Random Number - 16 bytes in RAKP12()
107 * 4) Managed System Random Number - 16 bytes in RAKP12()
108 * 5) Managed System GUID - 16 bytes in RAKP12()
109 * 6) Requested Privilege Level - 1 byte in RAKP12()
110 * 7) User Name Length Byte - 1 byte (0 for 'null' username) in RAKP12()
111 * 8) User Name - variable (absent for 'null' username) in RAKP12()
118 sizeof(request->req_max_privilege_level) + in RAKP12()
119 sizeof(request->user_name_len) + session->userName.size()); in RAKP12()
133 // Copy the Remote Console Random Number from the RAKP1 request to the in RAKP12()
136 reinterpret_cast<const uint8_t*>(request->remote_console_random_number), in RAKP12()
138 authAlgo->rcRandomNum.begin()); in RAKP12()
140 std::copy(authAlgo->rcRandomNum.begin(), authAlgo->rcRandomNum.end(), iter); in RAKP12()
143 // Generate the Managed System Random Number in RAKP12()
148 response->rmcpStatusCode = in RAKP12()
158 request->req_max_privilege_level & session::reqMaxPrivMask) > in RAKP12()
161 response->rmcpStatusCode = in RAKP12()
165 session->currentPrivilege(static_cast<uint8_t>(session::Privilege::USER)); in RAKP12()
167 session->reqMaxPrivLevel = in RAKP12()
168 static_cast<session::Privilege>(request->req_max_privilege_level); in RAKP12()
169 if (request->user_name_len == 0) in RAKP12()
173 response->rmcpStatusCode = in RAKP12()
180 std::string userName(request->user_name, request->user_name_len); in RAKP12()
185 response->rmcpStatusCode = in RAKP12()
195 response->rmcpStatusCode = in RAKP12()
204 response->rmcpStatusCode = in RAKP12()
214 "Authentication failed - user already locked out, user id: {ID}", in RAKP12()
217 response->rmcpStatusCode = in RAKP12()
225 // Get channel based access information in RAKP12()
227 userId, chNum, session->sessionUserPrivAccess) != IPMI_CC_OK) || in RAKP12()
228 (ipmi::getChannelAccessData(chNum, session->sessionChannelAccess) != in RAKP12()
231 response->rmcpStatusCode = in RAKP12()
236 if (!isChannelAccessModeEnabled(session->sessionChannelAccess.accessMode)) in RAKP12()
238 lg2::error("Channel access mode disabled."); in RAKP12()
239 response->rmcpStatusCode = in RAKP12()
244 if (session->sessionUserPrivAccess.privilege > in RAKP12()
247 response->rmcpStatusCode = in RAKP12()
252 session->channelNum(chNum); in RAKP12()
253 session->userID(userId); in RAKP12()
257 if (session->sessionChannelAccess.privLimit < in RAKP12()
258 session->sessionUserPrivAccess.privilege) in RAKP12()
260 minPriv = session->sessionChannelAccess.privLimit; in RAKP12()
264 minPriv = session->sessionUserPrivAccess.privilege; in RAKP12()
266 if (session->currentPrivilege() > minPriv) in RAKP12()
268 session->currentPrivilege(static_cast<uint8_t>(minPriv)); in RAKP12()
272 if (((request->req_max_privilege_level & userNameOnlyLookupMask) == in RAKP12()
274 ((request->req_max_privilege_level & session::reqMaxPrivMask) != in RAKP12()
275 session->sessionUserPrivAccess.privilege)) in RAKP12()
278 response->rmcpStatusCode = in RAKP12()
285 std::fill(authAlgo->userKey.data(), in RAKP12()
286 authAlgo->userKey.data() + authAlgo->userKey.size(), 0); in RAKP12()
287 std::copy_n(passwd.c_str(), passwd.size(), authAlgo->userKey.data()); in RAKP12()
289 // Copy the Managed System Random Number to the Authentication Algorithm in RAKP12()
291 authAlgo->bmcRandomNum.begin()); in RAKP12()
300 std::copy_n(&(request->req_max_privilege_level), in RAKP12()
301 sizeof(request->req_max_privilege_level), iter); in RAKP12()
302 std::advance(iter, sizeof(request->req_max_privilege_level)); in RAKP12()
305 std::copy_n(&(request->user_name_len), sizeof(request->user_name_len), in RAKP12()
307 std::advance(iter, sizeof(request->user_name_len)); in RAKP12()
309 std::copy_n(session->userName.data(), session->userName.size(), iter); in RAKP12()
311 // Generate Key Exchange Authentication Code - RAKP2 in RAKP12()
312 auto output = authAlgo->generateHMAC(input); in RAKP12()
314 response->messageTag = request->messageTag; in RAKP12()
315 response->rmcpStatusCode = static_cast<uint8_t>(RAKP_ReturnCode::NO_ERROR); in RAKP12()
316 response->reserved = 0; in RAKP12()
317 response->remoteConsoleSessionID = rcSessionID; in RAKP12()
319 // Copy Managed System Random Number to the Response in RAKP12()
320 std::copy(authAlgo->bmcRandomNum.begin(), authAlgo->bmcRandomNum.end(), in RAKP12()
321 response->managed_system_random_number); in RAKP12()
324 std::copy_n(guid.data(), guid.size(), response->managed_system_guid); in RAKP12()