From 2c901ac4713ea113402b0e92516468d36fae327b Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Thu, 31 Jan 2019 14:12:30 -0500 Subject: [PATCH] Enable SMM user for web access SMM may not allow a new user to access web. Make the user_access extensible and use that to have web privilege follow the ipmi privilege. Change-Id: Ib08e0064b3fb402de833a159c471e28579520a5d --- pyghmi/ipmi/command.py | 7 +++++-- pyghmi/ipmi/oem/generic.py | 4 ++++ pyghmi/ipmi/oem/lenovo/handler.py | 5 +++++ pyghmi/ipmi/oem/lenovo/nextscale.py | 9 +++++++++ 4 files changed, 23 insertions(+), 2 deletions(-) diff --git a/pyghmi/ipmi/command.py b/pyghmi/ipmi/command.py index 956139a3..235a06b8 100644 --- a/pyghmi/ipmi/command.py +++ b/pyghmi/ipmi/command.py @@ -1586,6 +1586,9 @@ class Command(object): 'proprietary': 5, 'no_access': 0x0F, } + self.oem_init() + self._oem.set_user_access( + uid, channel, callback, link_auth, ipmi_msg, privilege_level) data = [b, uid & 0b00111111, privilege_levels[privilege_level] & 0b00001111, 0] response = self.raw_command(netfn=0x06, command=0x43, data=data) @@ -1824,11 +1827,11 @@ class Command(object): if channel is None: channel = self.get_network_channel() self.set_user_name(uid, name) + self.set_user_password(uid, password=password) + self.set_user_password(uid, mode='enable', password=password) self.set_user_access(uid, channel, callback=callback, link_auth=link_auth, ipmi_msg=ipmi_msg, privilege_level=privilege_level) - self.set_user_password(uid, password=password) - self.set_user_password(uid, mode='enable', password=password) return True def user_delete(self, uid, channel=None): diff --git a/pyghmi/ipmi/oem/generic.py b/pyghmi/ipmi/oem/generic.py index e4ad26c7..43f7e7d5 100644 --- a/pyghmi/ipmi/oem/generic.py +++ b/pyghmi/ipmi/oem/generic.py @@ -316,6 +316,10 @@ class OEMHandler(object): """ raise exc.UnsupportedFunctionality() + def set_user_access(self, uid, channel, callback, link_auth, ipmi_msg, + privilege_level): + return # Nothing to do + def set_alert_ipv6_destination(self, ip, destination, channel): """Set an IPv6 alert destination diff --git a/pyghmi/ipmi/oem/lenovo/handler.py b/pyghmi/ipmi/oem/lenovo/handler.py index 82548146..6924f316 100755 --- a/pyghmi/ipmi/oem/lenovo/handler.py +++ b/pyghmi/ipmi/oem/lenovo/handler.py @@ -326,6 +326,11 @@ class OEMHandler(generic.OEMHandler): return True return None + def set_user_access(self, uid, channel, callback, link_auth, ipmi_msg, + privilege_level): + if self.is_fpc and self._fpc_variant == 2: + self.smmhandler.set_user_priv(uid, privilege_level) + @property def is_fpc(self): """True if the target is a Lenovo nextscale fan power controller diff --git a/pyghmi/ipmi/oem/lenovo/nextscale.py b/pyghmi/ipmi/oem/lenovo/nextscale.py index 417efe2e..7b410158 100644 --- a/pyghmi/ipmi/oem/lenovo/nextscale.py +++ b/pyghmi/ipmi/oem/lenovo/nextscale.py @@ -251,6 +251,15 @@ class SMMClient(object): self.password = ipmicmd.ipmi_session.password self._wc = None + def set_user_priv(self, uid, priv): + if priv.lower() == 'administrator': + rsp = self.ipmicmd.xraw_command(netfn=6, command=0x46, data=(uid,)) + username = bytes(rsp['data']).rstrip(b'\x00') + self.wc.request( + 'POST', '/data', b'set=user({0},1,{1},511,,4,15,0)'.format( + uid, username)) + rsp = self.wc.getresponse() + def reseat_bay(self, bay): self.ipmicmd.xraw_command(netfn=0x32, command=0xa4, data=[int(bay), 2])