Auto degrade sessions to operator when admin is forbidden

In certain circumstances, the account desired for use with pyghmi will be merely operator. Accomodate this without configuration required by going for admin and then falling back to operator by default. For now try to go no lower than operator. It would be conceivable to go down to user, but most everything one would want a service processor for at that point isn't feasible anyway. Change-Id: I775aee5db0ca5b8f18bebc2210d342e3d629016d
2025-01-16 04:38:19 +00:00 · 2014-04-14 15:55:26 -04:00 · 2014-04-14 15:55:26 -04:00 · cc8e5b56ab
commit cc8e5b56ab
parent 8fe8d11459
1 changed files with 11 additions and 6 deletions
--- a/pyghmi/ipmi/private/session.py
+++ b/pyghmi/ipmi/private/session.py
@ -323,6 +323,7 @@ class Session(object):
                else:
                    self.iterwaiters.append(onlogon)
            return
+        self.privlevel = 4
        self.maxtimeout = 3  # be aggressive about giving up on initial packet
        self.incommand = False
        self.initialized = True
@ -387,11 +388,6 @@ class Session(object):
        #                 I picked 'xCAT' minus 1 so that a hexdump of packet
        #                 would show xCAT
        self.localsid = 2017673555
-
-        # NOTE(jbjohnso): for the moment, assume admin access
-        # TODO(jbjohnso): make flexible
-        self.privlevel = 4
-
        self.confalgo = 0
        self.aeskey = None
        self.integrityalgo = 0
@ -1069,7 +1065,10 @@ class Session(object):
            self.onlogon({'error': errstr})
            return -9
        self.allowedpriv = data[2]
-        # TODO(jbjohnso): enable lower priv access (e.g. operator/user)
+        # NOTE(jbjohnso): At this point, the BMC has no idea about what user
+        # shall be used.  As such, the allowedpriv field is actually
+        # not particularly useful.  got_rakp2 is a good place to
+        # gracefully detect and downgrade privilege for retry
        localsid = struct.unpack("<I", struct.pack("4B", *data[4:8]))[0]
        if self.localsid != localsid:
            return -9
@ -1103,6 +1102,12 @@ class Session(object):
        if data[0] != self.rmcptag:  # ignore mismatched tags for retry logic
            return -9
        if data[1] != 0:  # if not successful, consider next move
+            if data[1] == 9 and self.privlevel == 4:
+                # Here the situation is likely that the peer didn't want
+                # us to use Operator.  Degrade to operator and try again
+                self.privlevel = 3
+                self.login()
+                return
            if data[1] == 2:  # invalid sessionid 99% of the time means a retry
                             # scenario invalidated an in-flight transaction
                return