Verify Privilege For Different Channels in openbmc-test-automation
Tony Lee (李文富)
Tony.Lee at quantatw.com
Mon Jan 20 13:41:02 AEDT 2020
Yes, It also is working.
I think this lan print command doesn't represent running IPMI command with channel 1. It get channel 1 info with the LAN channel.
Thanks for your kind help. I'll check with Richard regarding this problem.
Regards,
Tony
From: Rahul Maheshwari <rahulmaheshwari01 at gmail.com>
Sent: Friday, January 17, 2020 7:02 PM
To: Tony Lee (李文富) <Tony.Lee at quantatw.com>
Cc: openbmc at lists.ozlabs.org
Subject: Re: Verify Privilege For Different Channels in openbmc-test-automation
That seem to be an issue. Can you also check output for below lan print command? If that also is working, check with Richard regarding this problem.
ipmitool -I lanplus -C 3 -p 623 -U DD -P 0penBmc1 -H x.x.x.x lan print 1
On Fri, Jan 17, 2020 at 11:09 AM Tony Lee (李文富) <mailto:Tony.Lee at quantatw.com> wrote:
Got it. Another question, at the last two "Verify" steps.
Can the user run out-of-band IPMI commands with the specified channel?
(e.g ipmitool -I lanplus -C 3 -p 623 -U YmRBwDUS -P 0penBmc1 -H x.x.x.x -L Administrator sel info 1)
Is there a description or SPEC about it? It doesn't work on my system.
For example:
I created a user name DD and gave it different privilege for different channels.
ipmitool user list 1
ID Name Callin Link Auth IPMI Msg Channel Priv Limit
1 root false true true ADMINISTRATOR
...
...
6 DD true false false NO ACCESS
ipmitool user list 2
ID Name Callin Link Auth IPMI Msg Channel Priv Limit
1 root false true true ADMINISTRATOR
...
...
6 DD true false true ADMINISTRATOR
As expected, it should not work if user run out-of-band IPMI commands with the channel 1.
Howerver it still work.
$ipmitool -I lanplus -C 3 -p 623 -U DD -P 0penBmc1 -H x.x.x.x sel info 1
SEL Information
Version : 1.5 (v1.5, v2 compliant)
Entries : 6
Free Space : 0 bytes
Percent Used : 100%
Last Add Time : 01/06/1970 00:13:18
Last Del Time : Not Available
Overflow : false
Supported Cmds : 'Reserve'
Thanks
Best Regards,
Tony
From: Rahul Maheshwari <mailto:rahulmaheshwari01 at gmail.com>
Sent: Thursday, January 16, 2020 7:15 PM
To: Tony Lee (李文富) <mailto:Tony.Lee at quantatw.com>
Subject: Re: Verify Privilege For Different Channels in openbmc-test-automation
Hi Tony
These test cases are expected to fail if your system's BMC has only one LAN channel support. In case of your BMC has 2 LAN channel support, then these tests should pass.
Thanks
Rahul
On Tue, Jan 14, 2020 at 2:52 PM Tony Lee (李文富) <mailto:mailto:Tony.Lee at quantatw.com> wrote:
Hi Rahul,
I meet with difficulties for the cases "Verify Administrator And No Access Privilege For Different Channels" and
"Verify Operator And User Privilege For Different Channels" in test_ipmi_user.robot.
Refer to https://github.com/openbmc/openbmc-test-automation/issues/1523
According to Richard's comment: "Channel command privilege are working as per the channel (but at this point of time this differentiation can't be made due to architecture limitations, but ok to write test case and mark it as failed, rather than skipping the same)"
Are these two cases be expected to fail?
Thanks
Best Regards,
Tony
More information about the openbmc
mailing list