From d3f004683968fca36df199fd93ff9f08f81305da Mon Sep 17 00:00:00 2001
From: luyf5 <luyf5@lenovo.com>
Date: Mon, 30 Aug 2021 14:40:45 +0800
Subject: [PATCH] Allow Confluent to create users with KVM bit

Fixes a bug when Confluent creates the IPMI user - it was not setting
the KVM bit and the created users do not have permission to launch the
console.

Change-Id: I324cffecb5b973eafa31c108db9d89caa93100a0
---
 pyghmi/ipmi/command.py            | 10 ++++++++++
 pyghmi/ipmi/oem/generic.py        | 12 ++++++++++++
 pyghmi/ipmi/oem/lenovo/handler.py | 16 ++++++++++++++++
 3 files changed, 38 insertions(+)

diff --git a/pyghmi/ipmi/command.py b/pyghmi/ipmi/command.py
index acea5358..f8b7680d 100644
--- a/pyghmi/ipmi/command.py
+++ b/pyghmi/ipmi/command.py
@@ -1654,6 +1654,9 @@ class Command(object):
         response = self.raw_command(netfn=0x06, command=0x43, data=data)
         if 'error' in response:
             raise Exception(response['error'])
+        # Set KVM and VMedia Allowed if is administrator
+        if privilege_level == 'administrator':
+            self.set_extended_privilleges(uid)
         return True
 
     def get_user_access(self, uid, channel=None):
@@ -2074,3 +2077,10 @@ class Command(object):
     def apply_license(self, filename, progress=None, data=None):
         self.oem_init()
         return self._oem.apply_license(filename, progress, data)
+
+    def set_extended_privilleges(self, uid):
+        """Set user extended privillege as 'KVM & VMedia Allowed'
+
+        """
+        self.oem_init()
+        return self._oem.set_oem_extended_privilleges(uid)
diff --git a/pyghmi/ipmi/oem/generic.py b/pyghmi/ipmi/oem/generic.py
index 6bb176d9..3c13a85f 100644
--- a/pyghmi/ipmi/oem/generic.py
+++ b/pyghmi/ipmi/oem/generic.py
@@ -384,3 +384,15 @@ class OEMHandler(object):
 
     def get_user_expiration(self, uid):
         return None
+
+    def set_oem_extended_privilleges(self, uid):
+        """Set user extended privillege as 'KVM & VMedia Allowed'
+
+        |KVM & VMedia Not Allowed	0x00 0x00 0x00 0x00
+        |KVM Only Allowed	0x01 0x00 0x00 0x00
+        |VMedia Only Allowed	0x02  0x00 0x00 0x00
+        |KVM & VMedia Allowed	0x03 0x00 0x00 0x00
+
+        :param uid: User ID.
+        """
+        return False
diff --git a/pyghmi/ipmi/oem/lenovo/handler.py b/pyghmi/ipmi/oem/lenovo/handler.py
index 480b8c26..b31b5630 100755
--- a/pyghmi/ipmi/oem/lenovo/handler.py
+++ b/pyghmi/ipmi/oem/lenovo/handler.py
@@ -1106,3 +1106,19 @@ class OEMHandler(generic.OEMHandler):
         if self.has_xcc:
             return self.immhandler.apply_license(filename, progress, data)
         return super(OEMHandler, self).apply_license(filename, progress, data)
+
+    def set_oem_extended_privilleges(self, uid):
+        """Set user extended privillege as 'KVM & VMedia Allowed'
+
+        |KVM & VMedia Not Allowed	0x00 0x00 0x00 0x00
+        |KVM Only Allowed	0x01 0x00 0x00 0x00
+        |VMedia Only Allowed	0x02  0x00 0x00 0x00
+        |KVM & VMedia Allowed	0x03 0x00 0x00 0x00
+
+        :param uid: User ID.
+        """
+        if self.has_tsm:
+            self.ipmicmd.xraw_command(netfn=0x32, command=0xa3, data=(
+                uid, 0x03, 0x00, 0x00, 0x00))
+            return True
+        return False