Verify Privilege For Different Channels in openbmc-test-automation
Thomaiyar, Richard Marian
richard.marian.thomaiyar at linux.intel.com
Tue Jan 21 02:18:12 AEDT 2020
Are you saying that with NoAcess for channel x, you are able to get the
IPMI response.
please note: -H x.x.x.x determines, which channel you are trying to
communicate. Try the other IP address (because not sure, which channel
is configured to what IP).
Regards,
Richard
On 1/20/2020 8:11 AM, Tony Lee (李文富) wrote:
> Yes, It also is working.
> I think this lan print command doesn't represent running IPMI command with channel 1. It get channel 1 info with the LAN channel.
> Thanks for your kind help. I'll check with Richard regarding this problem.
>
> Regards,
> Tony
>
> From: Rahul Maheshwari <rahulmaheshwari01 at gmail.com>
> Sent: Friday, January 17, 2020 7:02 PM
> To: Tony Lee (李文富) <Tony.Lee at quantatw.com>
> Cc: openbmc at lists.ozlabs.org
> Subject: Re: Verify Privilege For Different Channels in openbmc-test-automation
>
> That seem to be an issue. Can you also check output for below lan print command? If that also is working, check with Richard regarding this problem.
>
> ipmitool -I lanplus -C 3 -p 623 -U DD -P 0penBmc1 -H x.x.x.x lan print 1
>
> On Fri, Jan 17, 2020 at 11:09 AM Tony Lee (李文富) <mailto:Tony.Lee at quantatw.com> wrote:
> Got it. Another question, at the last two "Verify" steps.
> Can the user run out-of-band IPMI commands with the specified channel?
> (e.g ipmitool -I lanplus -C 3 -p 623 -U YmRBwDUS -P 0penBmc1 -H x.x.x.x -L Administrator sel info 1)
>
> Is there a description or SPEC about it? It doesn't work on my system.
> For example:
> I created a user name DD and gave it different privilege for different channels.
>
> ipmitool user list 1
> ID Name Callin Link Auth IPMI Msg Channel Priv Limit
> 1 root false true true ADMINISTRATOR
> ...
> ...
> 6 DD true false false NO ACCESS
>
> ipmitool user list 2
> ID Name Callin Link Auth IPMI Msg Channel Priv Limit
> 1 root false true true ADMINISTRATOR
> ...
> ...
> 6 DD true false true ADMINISTRATOR
>
> As expected, it should not work if user run out-of-band IPMI commands with the channel 1.
> Howerver it still work.
> $ipmitool -I lanplus -C 3 -p 623 -U DD -P 0penBmc1 -H x.x.x.x sel info 1
>
> SEL Information
> Version : 1.5 (v1.5, v2 compliant)
> Entries : 6
> Free Space : 0 bytes
> Percent Used : 100%
> Last Add Time : 01/06/1970 00:13:18
> Last Del Time : Not Available
> Overflow : false
> Supported Cmds : 'Reserve'
>
> Thanks
> Best Regards,
> Tony
>
> From: Rahul Maheshwari <mailto:rahulmaheshwari01 at gmail.com>
> Sent: Thursday, January 16, 2020 7:15 PM
> To: Tony Lee (李文富) <mailto:Tony.Lee at quantatw.com>
> Subject: Re: Verify Privilege For Different Channels in openbmc-test-automation
>
> Hi Tony
> These test cases are expected to fail if your system's BMC has only one LAN channel support. In case of your BMC has 2 LAN channel support, then these tests should pass.
>
> Thanks
> Rahul
>
> On Tue, Jan 14, 2020 at 2:52 PM Tony Lee (李文富) <mailto:mailto:Tony.Lee at quantatw.com> wrote:
> Hi Rahul,
>
> I meet with difficulties for the cases "Verify Administrator And No Access Privilege For Different Channels" and
> "Verify Operator And User Privilege For Different Channels" in test_ipmi_user.robot.
>
> Refer to https://github.com/openbmc/openbmc-test-automation/issues/1523
> According to Richard's comment: "Channel command privilege are working as per the channel (but at this point of time this differentiation can't be made due to architecture limitations, but ok to write test case and mark it as failed, rather than skipping the same)"
>
> Are these two cases be expected to fail?
>
> Thanks
> Best Regards,
> Tony
More information about the openbmc
mailing list