Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot use non-admin account: Invalid privilege level user #16

Open
shalak opened this issue Oct 14, 2024 · 3 comments
Open

Cannot use non-admin account: Invalid privilege level user #16

shalak opened this issue Oct 14, 2024 · 3 comments

Comments

@shalak
Copy link

shalak commented Oct 14, 2024

I'm trying to use a read-only IPMI account with this addon, like this:

image 
2024/10/14 14:42:26 [error] 206#206: *1 FastCGI sent in stderr: "PHP message: Error occurred when running "ipmitool -H 10.0.0.13 -p 623 -U MY_USER -P #### -L user -I lanplus bmc info".
Invalid privilege level  user
Error: Unable to establish IPMI v2 / RMCP+ session" while reading response header from upstream, client: 172.30.32.1, server: _, request: "GET /?host=10.0.0.13&port=623&user=MY_USER&password=MY_PASS&interface=lanplus&extra=-L+user HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "localhost:9595"

However, when I SSH into my "real" HassOS and docker exec -it addon_304fecf0_ipmi-server bash and from inside the addon I run /usr/sbin/ipmitool -H 10.0.0.13 -p 623 -U MY_USER -P MY_PASS -L user -I lanplus bmc info - it works OK.

Any ideas on how to fix this?
@shalak
Copy link
Author

shalak commented Oct 14, 2024

Huh, this double-whitespace seemed suspicius:

Invalid privilege level  user
                       ^^

So, when I went with -Luser instead of -L user in the integration configuration window, it worked OK.

I guess there's some shell-quoting happening on the PHP side and the command ends up as ${cmd} "-L" " user". My suggestion is to not quote params that are explicitly given in the "Addon extra params".

@ateodorescu
Copy link
Owner

I'm using a library to run the commands. Here is the code that creates the command line.
It's good that you tested various scenarios and found one that works for you.

@shalak
Copy link
Author

shalak commented Oct 15, 2024
edited
Loading

So basically, you're passing the whole extra as one param, thus resulting in some weird behavior by the library. My suggestion is to split it over whitespace (excluding quotation). Like this:

diff --git a/ipmi-server/rootfs/app/src/Controller/IpmiController.php b/ipmi-server/rootfs/app/src/Controller/IpmiController.php
index db1aa6b..93830cc 100644
--- a/ipmi-server/rootfs/app/src/Controller/IpmiController.php
+++ b/ipmi-server/rootfs/app/src/Controller/IpmiController.php
@@ -204,7 +204,8 @@ class IpmiController
         }
 
         if (!empty($extra)) {
-            $cmd[] = $extra;
+            $extra_cmd = str_getcsv($extra, ' ', '"', '');
+            $cmd = array_merge($cmd, $extra_cmd);
         }
 
         return $cmd;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shalak @ateodorescu