Question of ipmi command "Set User Access" in phosphor-host-ipmid
Thomaiyar, Richard Marian
richard.marian.thomaiyar at linux.intel.com
Thu May 28 20:21:27 AEST 2020
Hi Tony,
Yes, that's correct. We already support channel configuration using
json(channel_config.json under phosphor-ipmi-config), and sync channel
can be identified by the first LAN medium channel number - else we can
add one more configuration as well).
I am ok if you want to go ahead and fix it, else will try to fix the
same in couple of weeks.
Regards,
Richard
On 5/28/2020 1:39 PM, Tony Lee (李文富) wrote:
> Hi Richard,
>
> So, it need to check the request channel number before setting the dbus
> because it has to be in sync with system user privilege level.
>
> Since my LAN1 and the request channel number are both 2.
> Once we can get LAN1 channel number dynamically
> https://github.com/openbmc/phosphor-host-ipmid/blob/master/user_channel/user_mgmt.cpp#L512
>
> This issue will be solved right?
>
>> From: Thomaiyar, Richard Marian <richard.marian.thomaiyar at linux.intel.com>
>> Sent: Tuesday, May 26, 2020 12:28 AM
>> To: Tony Lee (李文富) <Tony.Lee at quantatw.com>
>> Cc: openbmc at lists.ozlabs.org
>> Subject: Re: Question of ipmi command "Set User Access" in
>> phosphor-host-ipmid
>>
>> Hi Tony,
>>
>> Only IPMI offers channel based user level privilege as of now, Redfish uses
>> single privilege across all channels. OpenBMC user management is designed to
>> have single user level privilege. IPMI is designed to bind one of the channel
>> privilege user to the user management, and rest maintain in it's own database.
>> LAN 1 is used for that sync.
>>
>> Note: Discussion started in Redfish forum to have a channel based restriction,
>> but it's not yet materialized and requires more takers.
>>
>> Regards,
>>
>> Richard
>>
>> On 5/25/2020 12:58 PM, Tony Lee (李文富) wrote:
>>> In the process of creating an user,
>>> I used the ipmi command "ipmitool priv <user id> <privilege level>
>> [<channel number>]".
>>> The "UserPrivilege" of the user I created in dbus is empty. Because my LAN
>> channel number is not 1.
>>>
>> https://github.com/openbmc/phosphor-host-ipmid/blob/master/user_chann
>> e
>>> l/user_mgmt.cpp#L878
>>>
>>> Why did it need to check the request channel number before setting the
>> dbus?
>>> I can't find the related restriction of it in "Set User Access Command" in IPMI
>> SPEC.
>>> Thanks
>>> Best Regards,
>>> Tony
More information about the openbmc
mailing list