search

kontron / python-ipmi

A pure python IPMI library
GNU Lesser General Public License v2.1
187 stars 75 forks source link

Set rmcp session privilege level in session activation #168

Closed canteuni closed 4 months ago

canteuni commented 5 months ago

The issue

After PR #144 was merged, I tried to connect to a BMC using an "OPERATOR" user with interface "rmcp", but I kept getting error messages such as :

CompletionCodeError cc=0x86 desc=requested maximum privilege level exceeds user and/or channel privilege limit

It works perfectly with interface "ipmitool".

The cause

I think this error comes from the _activate_session method in pyipmi/interfaces/rmcp.py, which uses a hardcoded Session.PRIV_LEVEL_ADMINISTRATOR by default. If the BMC user only has "OPERATOR" privilege for example, trying to establish a session with maximum privilege requested set to "ADMINISTRATOR" it will result in an "Insufficient privilege" IPMI error.

I have also added an example of set_priv_level usage in the README and in the examples/ folder to show how it is supposed to be used.

coveralls commented 5 months ago

Coverage Status

coverage: 69.565%. remained the same when pulling 689bf977c7a8b5a13f275fb4bfbaa1fd5474fa3f on canteuni:set_rmcp_session_privilege_level into 3e018e31bf5b9f976796580e312da43d385c2305 on kontron:master.

canteuni commented 4 months ago

Hi @hthiery , will you have the time to look at this ? No pressure of course, I can provide additional details if needed.

hthiery commented 4 months ago

Looks reasonable .. I merged it

hthiery commented 4 months ago

thanks