python-ipmi icon indicating copy to clipboard operation
python-ipmi copied to clipboard
verified publisher icon kontron

Set rmcp session privilege level in session activation

Open canteuni opened this issue 1 year ago • 1 comments

The issue

After PR #144 was merged, I tried to connect to a BMC using an "OPERATOR" user with interface "rmcp", but I kept getting error messages such as :

CompletionCodeError cc=0x86 desc=requested maximum privilege level exceeds user and/or channel privilege limit

It works perfectly with interface "ipmitool".

The cause

I think this error comes from the _activate_session method in pyipmi/interfaces/rmcp.py, which uses a hardcoded Session.PRIV_LEVEL_ADMINISTRATOR by default. If the BMC user only has "OPERATOR" privilege for example, trying to establish a session with maximum privilege requested set to "ADMINISTRATOR" it will result in an "Insufficient privilege" IPMI error.

I have also added an example of set_priv_level usage in the README and in the examples/ folder to show how it is supposed to be used.

canteuni avatar Apr 16 '24 13:04 canteuni

Coverage Status

coverage: 69.565%. remained the same when pulling 689bf977c7a8b5a13f275fb4bfbaa1fd5474fa3f on canteuni:set_rmcp_session_privilege_level into 3e018e31bf5b9f976796580e312da43d385c2305 on kontron:master.

coveralls avatar Apr 16 '24 13:04 coveralls

Hi @hthiery , will you have the time to look at this ? No pressure of course, I can provide additional details if needed.

canteuni avatar May 28 '24 14:05 canteuni

Looks reasonable .. I merged it

hthiery avatar May 31 '24 06:05 hthiery

thanks

hthiery avatar May 31 '24 06:05 hthiery