From 793d1dcd2317817cb98a0c544ea6b59d54f6107f Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Fri, 30 Aug 2019 09:29:16 -0400 Subject: [PATCH] Add SMM password policy to bmc configuration The SMM has a number of account policies. Provide these using the same vocabulary as XCC account policies. Change-Id: I0fa12f252468aaab8952763b6824a97aea666e19 --- pyghmi/ipmi/oem/lenovo/handler.py | 4 +++ pyghmi/ipmi/oem/lenovo/nextscale.py | 40 +++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/pyghmi/ipmi/oem/lenovo/handler.py b/pyghmi/ipmi/oem/lenovo/handler.py index 63491e90..2091b2e3 100755 --- a/pyghmi/ipmi/oem/lenovo/handler.py +++ b/pyghmi/ipmi/oem/lenovo/handler.py @@ -941,11 +941,15 @@ class OEMHandler(generic.OEMHandler): def get_bmc_configuration(self): if self.has_xcc: return self.immhandler.get_bmc_configuration() + if self.is_fpc: + return self.smmhandler.get_bmc_configuration() return super(OEMHandler, self).get_bmc_configuration() def set_bmc_configuration(self, changeset): if self.has_xcc: return self.immhandler.set_bmc_configuration(changeset) + if self.is_fpc: + return self.smmhandler.set_bmc_configuration(changeset) return super(OEMHandler, self).set_bmc_configuration(changeset) def get_system_configuration(self, hideadvanced): diff --git a/pyghmi/ipmi/oem/lenovo/nextscale.py b/pyghmi/ipmi/oem/lenovo/nextscale.py index 50e55d5b..041795f4 100644 --- a/pyghmi/ipmi/oem/lenovo/nextscale.py +++ b/pyghmi/ipmi/oem/lenovo/nextscale.py @@ -254,6 +254,45 @@ class SMMClient(object): def clear_bmc_configuration(self): self.ipmicmd.xraw_command(0x32, 0xad) + rulemap = { + 'password_reuse_count': 'passwordReuseCheckNum', + 'password_change_interval': 'passwordChangeInterval', + 'password_expiration': 'passwordDurationDays', + 'password_login_failures': 'passwordFailAllowdNum', + 'password_min_length': 'passwordMinLength', + 'password_lockout_period': 'passwordLockoutTimePeriod', + } + + def get_bmc_configuration(self): + settings = {} + self.wc.request( + 'POST', '/data', + ('get=passwordMinLength,passwordForceChange,passwordDurationDays,' + 'passwordExpireWarningDays,passwordChangeInterval,' + 'passwordReuseCheckNum,passwordFailAllowdNum,passwordLockoutTimePeriod')) + rsp = self.wc.getresponse() + rspbody = rsp.read() + accountinfo = fromstring(rspbody) + for rule in self.rulemap: + settings[rule] = {'value': int( + accountinfo.find(self.rulemap[rule]).text)} + return settings + + + def set_bmc_configuration(self, changeset): + for key in changeset: + if (isinstance(changeset[key], str) or + isinstance(changeset[key], unicode)): + changeset[key] = {'value': changeset[key]} + rules = [] + if key.lower() in self.rulemap: + rules.append('{0}:{1}'.format( + self.rulemap[key.lower()], changeset[key]['value'])) + if rules: + rules = 'set={0}'.format(','.join(rules)) + self.wc.request('POST', '/data', rules) + self.wc.getresponse().read() + def set_user_priv(self, uid, priv): if priv.lower() == 'administrator': rsp = self.ipmicmd.xraw_command(netfn=6, command=0x46, data=(uid,)) @@ -262,6 +301,7 @@ class SMMClient(object): 'POST', '/data', b'set=user({0},1,{1},511,,4,15,0)'.format( uid, username)) rsp = self.wc.getresponse() + rsp.read() def reseat_bay(self, bay): self.ipmicmd.xraw_command(netfn=0x32, command=0xa4,