Verify Privilege For Different Channels in openbmc-test-automation

Rahul Maheshwari rahulmaheshwari01 at gmail.com
Fri Jan 17 22:01:45 AEDT 2020


That seem to be an issue. Can you also check output for below lan print
command? If that also is working, check with Richard regarding this problem.

ipmitool -I lanplus -C 3 -p 623 -U DD -P 0penBmc1 -H x.x.x.x lan print 1

On Fri, Jan 17, 2020 at 11:09 AM Tony Lee (李文富) <Tony.Lee at quantatw.com>
wrote:

> Got it. Another question, at the last two "Verify" steps.
> Can the user run out-of-band IPMI commands with the specified channel?
> (e.g ipmitool -I lanplus -C 3 -p 623 -U YmRBwDUS -P 0penBmc1 -H x.x.x.x -L
> Administrator sel info 1)
>
> Is there a description or SPEC about it? It doesn't work on my system.
> For example:
> I created a user name DD and gave it different privilege for different
> channels.
>
> ipmitool user list 1
> ID  Name             Callin  Link Auth  IPMI Msg   Channel Priv Limit
> 1   root             false   true       true       ADMINISTRATOR
> ...
> ...
> 6   DD               true    false      false      NO ACCESS
>
> ipmitool user list 2
> ID  Name             Callin  Link Auth  IPMI Msg   Channel Priv Limit
> 1   root             false   true       true       ADMINISTRATOR
> ...
> ...
> 6   DD               true    false      true       ADMINISTRATOR
>
> As expected, it should not work if user run out-of-band IPMI commands with
> the channel 1.
> Howerver it still work.
> $ipmitool -I lanplus -C 3 -p 623 -U DD -P 0penBmc1 -H x.x.x.x sel info 1
>
> SEL Information
> Version          : 1.5 (v1.5, v2 compliant)
> Entries          : 6
> Free Space       : 0 bytes
> Percent Used     : 100%
> Last Add Time    : 01/06/1970 00:13:18
> Last Del Time    : Not Available
> Overflow         : false
> Supported Cmds   : 'Reserve'
>
> Thanks
> Best Regards,
> Tony
>
> From: Rahul Maheshwari <rahulmaheshwari01 at gmail.com>
> Sent: Thursday, January 16, 2020 7:15 PM
> To: Tony Lee (李文富) <Tony.Lee at quantatw.com>
> Subject: Re: Verify Privilege For Different Channels in
> openbmc-test-automation
>
> Hi Tony
> These test cases are expected to fail if your system's BMC has only one
> LAN channel support. In case of your BMC has 2 LAN channel support, then
> these tests should pass.
>
> Thanks
> Rahul
>
> On Tue, Jan 14, 2020 at 2:52 PM Tony Lee (李文富) <mailto:
> Tony.Lee at quantatw.com> wrote:
> Hi Rahul,
>
> I meet with difficulties for the cases "Verify Administrator And No Access
> Privilege For Different Channels" and
> "Verify Operator And User Privilege For Different Channels" in
> test_ipmi_user.robot.
>
> Refer to https://github.com/openbmc/openbmc-test-automation/issues/1523
> According to Richard's comment: "Channel command privilege are working as
> per the channel (but at this point of time this differentiation can't be
> made due to architecture limitations, but ok to write test case and mark it
> as failed, rather than skipping the same)"
>
> Are these two cases be expected to fail?
>
> Thanks
> Best Regards,
> Tony
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20200117/537b9d72/attachment-0001.htm>


More information about the openbmc mailing list