From 76af0fd66a60fa7d8aacbce4e8fcc26c59e995a1 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Fri, 30 Sep 2022 09:18:08 -0400 Subject: [PATCH] Extend IPMI privilege to redfish role The XCC conservatively holds back administrator from IPMI access. If an IPMI request comes in, add a corresponding redfish to make the user actually have the requested role. Change-Id: I4c360388fa487256df382f0f4afc74cd1d1f69a1 --- pyghmi/ipmi/oem/lenovo/handler.py | 4 ++++ pyghmi/ipmi/oem/lenovo/imm.py | 14 ++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/pyghmi/ipmi/oem/lenovo/handler.py b/pyghmi/ipmi/oem/lenovo/handler.py index 3d3817ae..ddc58876 100755 --- a/pyghmi/ipmi/oem/lenovo/handler.py +++ b/pyghmi/ipmi/oem/lenovo/handler.py @@ -1316,6 +1316,10 @@ class OEMHandler(generic.OEMHandler): return True return False + def set_user_access(self, uid, channel, callback, link_auth, ipmi_msg, privilege_level): + if self.has_xcc: + self.immhandler.set_user_access(uid, privilege_level) + def process_zero_fru(self, zerofru): if (self.oemid['manufacturer_id'] == 19046 and self.oemid['product_id'] == 13616): diff --git a/pyghmi/ipmi/oem/lenovo/imm.py b/pyghmi/ipmi/oem/lenovo/imm.py index a365895e..2cb48ef1 100644 --- a/pyghmi/ipmi/oem/lenovo/imm.py +++ b/pyghmi/ipmi/oem/lenovo/imm.py @@ -883,6 +883,20 @@ class XCCClient(IMMClient): self.ipmicmd.ipmi_session.register_keepalive(self.keepalive, None) self.adp_referer = None + def set_user_access(self, uid, privilege_level): + uid = uid - 1 + role = None + if privilege_level == 'administrator': + role = 'Administrator' + elif privilege_level == 'operator': + role = 'Operator' + elif privileg_level == 'user': + role = 'ReadOnly' + if role: + self.grab_redfish_response_with_status( + '/redfish/v1/AccountService/Accounts/{0}'.format(uid), + {'RoleId': role}, method='PATCH') + def reseat(self): rsp = self.wc.grab_json_response_with_status( '/api/providers/virt_reseat', '{}')