Verify Privilege For Different Channels in openbmc-test-automation

Tony Lee (李文富) Tony.Lee at quantatw.com
Tue Jan 21 14:09:16 AEDT 2020


> Are you saying that with NoAcess for channel x, you are able to get the IPMI
> response.
Yes.

> please note: -H x.x.x.x  determines, which channel you are trying to
> communicate. Try the other IP address (because not sure, which channel is
> configured to what IP).
This is as I expected!
However, please look at the cases "Verify Administrator And No Access Privilege For Different Channels"
and "Verify Operator And User Privilege For Different Channels" in test_ipmi_user.robot.
For example: case "Verify Administrator And No Access Privilege For Different Channels" at the last two "Verify" steps:
'''
# Verify that user is able to run administrator level IPMI command with channel 1.
Verify IPMI Command  ${random_username}  ${valid_password}  Administrator  1

# Verify that user is unable to run IPMI command with channel 2.
Run IPMI Standard Command  sel info 2  expected_rc=${1}  U=${random_username}  P=${valid_password}
'''

In this case, first, there is only one IP address.
second, I can't find a description or SPEC about command like 
"ipmitool -I lanplus -C 3 -p 623 -U YmRBwDUS -P 0penBmc1 -H x.x.x.x -L Administrator sel info 1"
which mean user is able to run IPMI command with channel 1.

If the method for out-of-band communication using different channels is the same as you described,
do we need to fix these two cases?

> Regards,
> 
> Richard
> 


More information about the openbmc mailing list