From cc8e5b56ab3d08e1f820d4b72f94bdaebb57cbd0 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Mon, 14 Apr 2014 15:55:26 -0400 Subject: [PATCH] Auto degrade sessions to operator when admin is forbidden In certain circumstances, the account desired for use with pyghmi will be merely operator. Accomodate this without configuration required by going for admin and then falling back to operator by default. For now try to go no lower than operator. It would be conceivable to go down to user, but most everything one would want a service processor for at that point isn't feasible anyway. Change-Id: I775aee5db0ca5b8f18bebc2210d342e3d629016d --- pyghmi/ipmi/private/session.py | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/pyghmi/ipmi/private/session.py b/pyghmi/ipmi/private/session.py index 052d9473..8737854a 100644 --- a/pyghmi/ipmi/private/session.py +++ b/pyghmi/ipmi/private/session.py @@ -323,6 +323,7 @@ class Session(object): else: self.iterwaiters.append(onlogon) return + self.privlevel = 4 self.maxtimeout = 3 # be aggressive about giving up on initial packet self.incommand = False self.initialized = True @@ -387,11 +388,6 @@ class Session(object): # I picked 'xCAT' minus 1 so that a hexdump of packet # would show xCAT self.localsid = 2017673555 - - # NOTE(jbjohnso): for the moment, assume admin access - # TODO(jbjohnso): make flexible - self.privlevel = 4 - self.confalgo = 0 self.aeskey = None self.integrityalgo = 0 @@ -1069,7 +1065,10 @@ class Session(object): self.onlogon({'error': errstr}) return -9 self.allowedpriv = data[2] - # TODO(jbjohnso): enable lower priv access (e.g. operator/user) + # NOTE(jbjohnso): At this point, the BMC has no idea about what user + # shall be used. As such, the allowedpriv field is actually + # not particularly useful. got_rakp2 is a good place to + # gracefully detect and downgrade privilege for retry localsid = struct.unpack("