Enable SMM user for web access

SMM may not allow a new user to access web. Make the user_access extensible and use that to have web privilege follow the ipmi privilege. Change-Id: Ib08e0064b3fb402de833a159c471e28579520a5d
2025-02-26 15:21:05 +00:00 · 2019-01-31 14:12:30 -05:00 · 2019-01-31 14:12:30 -05:00 · 2c901ac471
commit 2c901ac471
parent c0d8e2a12c
4 changed files with 23 additions and 2 deletions
--- a/pyghmi/ipmi/command.py
+++ b/pyghmi/ipmi/command.py
@ -1586,6 +1586,9 @@ class Command(object):
            'proprietary': 5,
            'no_access': 0x0F,
        }
+        self.oem_init()
+        self._oem.set_user_access(
+            uid, channel, callback, link_auth, ipmi_msg, privilege_level)
        data = [b, uid & 0b00111111,
                privilege_levels[privilege_level] & 0b00001111, 0]
        response = self.raw_command(netfn=0x06, command=0x43, data=data)
@ -1824,11 +1827,11 @@ class Command(object):
        if channel is None:
            channel = self.get_network_channel()
        self.set_user_name(uid, name)
+        self.set_user_password(uid, password=password)
+        self.set_user_password(uid, mode='enable', password=password)
        self.set_user_access(uid, channel, callback=callback,
                             link_auth=link_auth, ipmi_msg=ipmi_msg,
                             privilege_level=privilege_level)
-        self.set_user_password(uid, password=password)
-        self.set_user_password(uid, mode='enable', password=password)
        return True

    def user_delete(self, uid, channel=None):
--- a/pyghmi/ipmi/oem/generic.py
+++ b/pyghmi/ipmi/oem/generic.py
@ -316,6 +316,10 @@ class OEMHandler(object):
        """
        raise exc.UnsupportedFunctionality()

+    def set_user_access(self, uid, channel, callback, link_auth, ipmi_msg,
+                        privilege_level):
+        return  # Nothing to do
+
    def set_alert_ipv6_destination(self, ip, destination, channel):
        """Set an IPv6 alert destination

--- a/pyghmi/ipmi/oem/lenovo/handler.py
+++ b/pyghmi/ipmi/oem/lenovo/handler.py
@ -326,6 +326,11 @@ class OEMHandler(generic.OEMHandler):
            return True
        return None

+    def set_user_access(self, uid, channel, callback, link_auth, ipmi_msg,
+                        privilege_level):
+        if self.is_fpc and  self._fpc_variant == 2:
+            self.smmhandler.set_user_priv(uid, privilege_level)
+
    @property
    def is_fpc(self):
        """True if the target is a Lenovo nextscale fan power controller
--- a/pyghmi/ipmi/oem/lenovo/nextscale.py
+++ b/pyghmi/ipmi/oem/lenovo/nextscale.py
@ -251,6 +251,15 @@ class SMMClient(object):
        self.password = ipmicmd.ipmi_session.password
        self._wc = None

+    def set_user_priv(self, uid, priv):
+        if priv.lower() == 'administrator':
+            rsp = self.ipmicmd.xraw_command(netfn=6, command=0x46, data=(uid,))
+            username = bytes(rsp['data']).rstrip(b'\x00')
+            self.wc.request(
+                'POST', '/data', b'set=user({0},1,{1},511,,4,15,0)'.format(
+                    uid, username))
+            rsp = self.wc.getresponse()
+
    def reseat_bay(self, bay):
        self.ipmicmd.xraw_command(netfn=0x32, command=0xa4,
                                  data=[int(bay), 2])