[Openipmi-developer] [PATCH RFC] lanserv: Ignore user allowed_auths if it's zero

Tue, 28 Mar 2017 14:18:12 -0700 

Per-user allowed_auths are stored in the persistence file, but there's
no way to change them from their defaults, which is 0 (no allowed auths)
for users which are not in lan.conf (ie: for users which are added using
the IPMI interface). Ignoring user allowed_auths when they are 0 will
cause ipmi_sim to use the per-privilege allowed_auths for the user's
privilege level instead.

Signed-off-by: Alan Ott <[email protected]>
---
 lanserv/lanserv_ipmi.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c
index 67bf74a..d6eeb1f 100644
--- a/lanserv/lanserv_ipmi.c
+++ b/lanserv/lanserv_ipmi.c
@@ -665,7 +665,7 @@ handle_get_session_challenge(lanserv_data_t *lan, msg_t 
*msg)
        return;
     }
 
-    if (!(user->allowed_auths & (1 << authtype))) {
+    if (user->allowed_auths && !(user->allowed_auths & (1 << authtype))) {
        lan->sysinfo->log(lan->sysinfo, SESSION_CHALLENGE_FAILED, msg,
                 "Session challenge failed: Invalid authorization type");
        return_err(lan, msg, NULL, IPMI_INVALID_DATA_FIELD_CC);
@@ -895,14 +895,14 @@ handle_temp_session(lanserv_data_t *lan, msg_t *msg)
                 "Activate session failed: Invalid user idx: 0x%x", user_idx);
        return;
     }
-    if (! (user->allowed_auths & (1 << auth))) {
+    if (user->allowed_auths && ! (user->allowed_auths & (1 << auth))) {
        lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg,
                 "Activate session failed: Requested auth %d was invalid for"
                 " user 0x%x",
                 auth, user_idx);
        return;
     }
-    if (! (user->allowed_auths & (1 << msg->authtype))) {
+    if (user->allowed_auths && ! (user->allowed_auths & (1 << msg->authtype))) 
{
        lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg,
                 "Activate session failed: Message auth %d was invalid for"
                 " user 0x%x",
-- 
2.5.0


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openipmi-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openipmi-developer

Reply via email to