Verify Privilege For Different Channels in openbmc-test-automation

Tony Lee (李文富) Tony.Lee at quantatw.com
Fri Jan 17 16:39:21 AEDT 2020


Got it. Another question, at the last two "Verify" steps. 
Can the user run out-of-band IPMI commands with the specified channel?
(e.g ipmitool -I lanplus -C 3 -p 623 -U YmRBwDUS -P 0penBmc1 -H x.x.x.x -L Administrator sel info 1)

Is there a description or SPEC about it? It doesn't work on my system.
For example:
I created a user name DD and gave it different privilege for different channels.

ipmitool user list 1
ID  Name	     Callin  Link Auth	IPMI Msg   Channel Priv Limit
1   root             false   true       true       ADMINISTRATOR
...
...
6   DD               true    false      false      NO ACCESS

ipmitool user list 2
ID  Name	     Callin  Link Auth	IPMI Msg   Channel Priv Limit
1   root             false   true       true       ADMINISTRATOR
...
...
6   DD               true    false      true       ADMINISTRATOR

As expected, it should not work if user run out-of-band IPMI commands with the channel 1.
Howerver it still work.
$ipmitool -I lanplus -C 3 -p 623 -U DD -P 0penBmc1 -H x.x.x.x sel info 1

SEL Information
Version          : 1.5 (v1.5, v2 compliant)
Entries          : 6
Free Space       : 0 bytes 
Percent Used     : 100%
Last Add Time    : 01/06/1970 00:13:18
Last Del Time    : Not Available
Overflow         : false
Supported Cmds   : 'Reserve'

Thanks
Best Regards,
Tony

From: Rahul Maheshwari <rahulmaheshwari01 at gmail.com> 
Sent: Thursday, January 16, 2020 7:15 PM
To: Tony Lee (李文富) <Tony.Lee at quantatw.com>
Subject: Re: Verify Privilege For Different Channels in openbmc-test-automation

Hi Tony
These test cases are expected to fail if your system's BMC has only one LAN channel support. In case of your BMC has 2 LAN channel support, then these tests should pass.

Thanks
Rahul

On Tue, Jan 14, 2020 at 2:52 PM Tony Lee (李文富) <mailto:Tony.Lee at quantatw.com> wrote:
Hi Rahul,

I meet with difficulties for the cases "Verify Administrator And No Access Privilege For Different Channels" and
"Verify Operator And User Privilege For Different Channels" in test_ipmi_user.robot.

Refer to https://github.com/openbmc/openbmc-test-automation/issues/1523
According to Richard's comment: "Channel command privilege are working as per the channel (but at this point of time this differentiation can't be made due to architecture limitations, but ok to write test case and mark it as failed, rather than skipping the same)"

Are these two cases be expected to fail?

Thanks
Best Regards,
Tony


More information about the openbmc mailing list