Verify Privilege For Different Channels in openbmc-test-automation

Rahul Maheshwari rahulmaheshwari01 at gmail.com
Tue Jan 21 16:21:11 AEDT 2020 

Thanks Richard for correcting. Yes, there is a need to update this test
case.

Tony
We don't run this test case on our systems as we dont have dual channel
system. Can you fix this test case?

Thanks
Rahul

On Tue, Jan 21, 2020 at 10:29 AM Thomaiyar, Richard Marian <
richard.marian.thomaiyar at linux.intel.com> wrote:

> Hi Tony / Rahul,
>
> 1. sel info 1  (I don't think sel info can get channel number, as sel is
> not based on channel numbers)
>
> 2. user list can be queried through channel number i.e. "user list 1"
> will query user privileges as per channel number 1 and "user list 3"
> will query user privileges as per channel number 3. But it doesn't
> determine the incoming channel number.
>
> i.e. if a system is having 2 LAN Channels, then LAN channel privilege is
> based on the IP address of those channels
>
> say channel 1 is having IP x.y.z.1 & channel 3 is having IP x.y.z.3  and
> channel 3 is with NoAccess
>
> then executing following command will pass
>
> ipmitool -I lanplus -H x.y.z.1 -U root -P 0penBmc user list 1
>
> ipmitool -I lanplus -H x.y.z.1 -U root -P 0penBmc user list 3
>
> Following command execution will fail
>
> ipmitool -I lanplus -H x.y.z.3 -U root -P 0penBmc user list 1 --> will
> fail if channel 3 is with NoAccess privilege for user root
>
> ipmitool -I lanplus -H x.y.z.3 -U root -P 0penBmc user list 1 --> will
> fail if channel 3 is with NoAccess privilege for user root
>
> Please update the test case accordingly.
>
> Regards,
>
> Richard
>
> On 1/21/2020 8:39 AM, Tony Lee (李文富) wrote:
> >> Are you saying that with NoAcess for channel x, you are able to get the
> IPMI
> >> response.
> > Yes.
> >
> >> please note: -H x.x.x.x  determines, which channel you are trying to
> >> communicate. Try the other IP address (because not sure, which channel
> is
> >> configured to what IP).
> > This is as I expected!
> > However, please look at the cases "Verify Administrator And No Access
> Privilege For Different Channels"
> > and "Verify Operator And User Privilege For Different Channels" in
> test_ipmi_user.robot.
> > For example: case "Verify Administrator And No Access Privilege For
> Different Channels" at the last two "Verify" steps:
> > '''
> > # Verify that user is able to run administrator level IPMI command with
> channel 1.
> > Verify IPMI Command  ${random_username}  ${valid_password}
> Administrator  1
> >
> > # Verify that user is unable to run IPMI command with channel 2.
> > Run IPMI Standard Command  sel info 2  expected_rc=${1}
> U=${random_username}  P=${valid_password}
> > '''
> >
> > In this case, first, there is only one IP address.
> > second, I can't find a description or SPEC about command like
> > "ipmitool -I lanplus -C 3 -p 623 -U YmRBwDUS -P 0penBmc1 -H x.x.x.x -L
> Administrator sel info 1"
> > which mean user is able to run IPMI command with channel 1.
> >
> > If the method for out-of-band communication using different channels is
> the same as you described,
> > do we need to fix these two cases?
> >
> >> Regards,
> >>
> >> Richard
> >>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20200121/88a09fa2/attachment.htm>

More information about the openbmc mailing list