Verify Privilege For Different Channels in openbmc-test-automation

Rahul Maheshwari rahulmaheshwari01 at gmail.com
Wed Jan 22 01:19:33 AEDT 2020


Sure. Thanks you.

On Tue, Jan 21, 2020 at 2:16 PM Tony Lee (李文富) <Tony.Lee at quantatw.com>
wrote:

> I'm sorry, we also do not have dual channel system currently.
> Once we have, it will be tested and updated for these two test cases.
>
> From: Rahul Maheshwari <rahulmaheshwari01 at gmail.com>
> Sent: Tuesday, January 21, 2020 1:21 PM
> To: Thomaiyar, Richard Marian <richard.marian.thomaiyar at linux.intel.com>
> Cc: Tony Lee (李文富) <Tony.Lee at quantatw.com>; openbmc at lists.ozlabs.org
> Subject: Re: Verify Privilege For Different Channels in
> openbmc-test-automation
>
> Thanks Richard for correcting. Yes, there is a need to update this test
> case.
>
> Tony
> We don't run this test case on our systems as we dont have dual channel
> system. Can you fix this test case?
>
> Thanks
> Rahul
>
> On Tue, Jan 21, 2020 at 10:29 AM Thomaiyar, Richard Marian <mailto:
> richard.marian.thomaiyar at linux.intel.com> wrote:
> Hi Tony / Rahul,
>
> 1. sel info 1  (I don't think sel info can get channel number, as sel is
> not based on channel numbers)
>
> 2. user list can be queried through channel number i.e. "user list 1"
> will query user privileges as per channel number 1 and "user list 3"
> will query user privileges as per channel number 3. But it doesn't
> determine the incoming channel number.
>
> i.e. if a system is having 2 LAN Channels, then LAN channel privilege is
> based on the IP address of those channels
>
> say channel 1 is having IP x.y.z.1 & channel 3 is having IP x.y.z.3  and
> channel 3 is with NoAccess
>
> then executing following command will pass
>
> ipmitool -I lanplus -H x.y.z.1 -U root -P 0penBmc user list 1
>
> ipmitool -I lanplus -H x.y.z.1 -U root -P 0penBmc user list 3
>
> Following command execution will fail
>
> ipmitool -I lanplus -H x.y.z.3 -U root -P 0penBmc user list 1 --> will
> fail if channel 3 is with NoAccess privilege for user root
>
> ipmitool -I lanplus -H x.y.z.3 -U root -P 0penBmc user list 1 --> will
> fail if channel 3 is with NoAccess privilege for user root
>
> Please update the test case accordingly.
>
> Regards,
>
> Richard
>
> On 1/21/2020 8:39 AM, Tony Lee (李文富) wrote:
> >> Are you saying that with NoAcess for channel x, you are able to get the
> IPMI
> >> response.
> > Yes.
> >
> >> please note: -H x.x.x.x  determines, which channel you are trying to
> >> communicate. Try the other IP address (because not sure, which channel
> is
> >> configured to what IP).
> > This is as I expected!
> > However, please look at the cases "Verify Administrator And No Access
> Privilege For Different Channels"
> > and "Verify Operator And User Privilege For Different Channels" in
> test_ipmi_user.robot.
> > For example: case "Verify Administrator And No Access Privilege For
> Different Channels" at the last two "Verify" steps:
> > '''
> > # Verify that user is able to run administrator level IPMI command with
> channel 1.
> > Verify IPMI Command  ${random_username}  ${valid_password}
> Administrator  1
> >
> > # Verify that user is unable to run IPMI command with channel 2.
> > Run IPMI Standard Command  sel info 2  expected_rc=${1}
> U=${random_username}  P=${valid_password}
> > '''
> >
> > In this case, first, there is only one IP address.
> > second, I can't find a description or SPEC about command like
> > "ipmitool -I lanplus -C 3 -p 623 -U YmRBwDUS -P 0penBmc1 -H x.x.x.x -L
> Administrator sel info 1"
> > which mean user is able to run IPMI command with channel 1.
> >
> > If the method for out-of-band communication using different channels is
> the same as you described,
> > do we need to fix these two cases?
> >
> >> Regards,
> >>
> >> Richard
> >>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20200121/449b24b9/attachment-0001.htm>


More information about the openbmc mailing list