Currently openipmi expects that the privilege level in the
open session response equals the privilege which was requested.
This is wrong, because it is legal to request a lower privilege
level than allowed for a user:
According to IPMI v2.0 spec the RCMP+ Open Session Response
contains the
Certainly a needed patch, but why do this check at all (other than FYI)?
Even if the privilege is detected wrong here, it should not abort, but
proceed.
If the privilege is wrong, the target firmware will reject it.
Andy
-Original Message-
From: Arnd Hannemann
On Thu, 2012-07-26 at 06:41 -0700, Andy Cress wrote:
Certainly a needed patch, but why do this check at all (other than FYI)?
Even if the privilege is detected wrong here, it should not abort, but
proceed.
If the privilege is wrong, the target firmware will reject it.
I do a similar
Currently openipmi expects that the privilege level in the
open session response equals the privilege which was requested.
This is wrong, because it is legal to request a lower privilege
level than allowed for a user:
According to IPMI v2.0 spec the RCMP+ Open Session Response
contains the
Al,
This is in the open session logic (once).
If the session requires a higher privilege level, it should request a
higher privilege level.
Either the firmware will allow the session open with the requested
privilege or it won't.
I don't understand your reference to 'random IPMI commands'.
On Thu, 2012-07-26 at 07:21 -0700, Andy Cress wrote:
Al,
This is in the open session logic (once).
If the session requires a higher privilege level, it should request a
higher privilege level.
Either the firmware will allow the session open with the requested
privilege or it won't.
I