Merge tag 'upstream/1.8.14'

Upstream version 1.8.14
author: Jörg Frings-Fürst <debian@jff-webhosting.net> 2014-07-23 15:03:01 +0200
committer: Jörg Frings-Fürst <debian@jff-webhosting.net> 2014-07-23 15:03:01 +0200
commit: 777af8a8761d05c30588abec7444b143fe7393f0 (patch)
tree: 5a135c37eaa9ac94772819a28ce5beedd18e5c4a /lib/ipmi_channel.c
parent: c3445516ecd58e97de483cf4b7fafcc1104890d7 (diff)
parent: b32d92e890caac903491116e9d817aa780c0323b (diff)
1 files changed, 903 insertions, 0 deletions
diff --git a/lib/ipmi_channel.c b/lib/ipmi_channel.c
new file mode 100644
index 0000000..43db338
--- /dev/null
+++ b/lib/ipmi_channel.c
@@ -0,0 +1,903 @@
+/* -*-mode: C; indent-tabs-mode: t; -*-
+ * Copyright (c) 2003 Sun Microsystems, Inc.  All Rights Reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * Redistribution of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 
+ * Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 
+ * Neither the name of Sun Microsystems, Inc. or the names of
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * 
+ * This software is provided "AS IS," without a warranty of any kind.
+ * ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES,
+ * INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A
+ * PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED.
+ * SUN MICROSYSTEMS, INC. ("SUN") AND ITS LICENSORS SHALL NOT BE LIABLE
+ * FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING
+ * OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES.  IN NO EVENT WILL
+ * SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA,
+ * OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR
+ * PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF
+ * LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <errno.h>
+#include <unistd.h>
+#include <signal.h>
+
+#include <ipmitool/ipmi.h>
+#include <ipmitool/ipmi_intf.h>
+#include <ipmitool/helper.h>
+#include <ipmitool/log.h>
+#include <ipmitool/ipmi_lanp.h>
+#include <ipmitool/ipmi_channel.h>
+#include <ipmitool/ipmi_strings.h>
+#include <ipmitool/ipmi_constants.h>
+
+extern int csv_output;
+extern int verbose;
+
+void printf_channel_usage (void);
+
+/**
+ * ipmi_1_5_authtypes
+ *
+ * Create a string describing the supported authentication types as 
+ * specificed by the parameter n
+ */
+static const char *
+ipmi_1_5_authtypes(uint8_t n)
+{
+	uint32_t i;
+	static char supportedTypes[128];
+
+	bzero(supportedTypes, 128);
+
+	for (i = 0; ipmi_authtype_vals[i].val != 0; i++) {
+		if (n & ipmi_authtype_vals[i].val) {
+			strcat(supportedTypes, ipmi_authtype_vals[i].str);
+			strcat(supportedTypes, " ");
+		}
+	}
+
+	return supportedTypes;
+}
+
+
+
+/**
+ * ipmi_get_channel_auth_cap
+ *
+ * return 0 on success
+ *        -1 on failure
+ */
+int
+ipmi_get_channel_auth_cap(struct ipmi_intf * intf,
+			  uint8_t channel,
+			  uint8_t priv)
+{
+	struct ipmi_rs * rsp;
+	struct ipmi_rq req;
+	struct get_channel_auth_cap_rsp auth_cap;
+	uint8_t msg_data[2];
+
+	msg_data[0] = channel | 0x80; // Ask for IPMI v2 data as well
+	msg_data[1] = priv;
+
+	memset(&req, 0, sizeof(req));
+	req.msg.netfn    = IPMI_NETFN_APP;            // 0x06
+	req.msg.cmd      = IPMI_GET_CHANNEL_AUTH_CAP; // 0x38
+	req.msg.data     = msg_data;
+	req.msg.data_len = 2;
+
+	rsp = intf->sendrecv(intf, &req);
+
+	if ((rsp == NULL) || (rsp->ccode > 0))	{
+		/*
+		 * It's very possible that this failed because we asked for IPMI v2 data
+		 * Ask again, without requesting IPMI v2 data
+		 */
+		msg_data[0] &= 0x7F;
+		
+		rsp = intf->sendrecv(intf, &req);
+		if (rsp == NULL) {
+			lprintf(LOG_ERR, "Unable to Get Channel Authentication Capabilities");
+			return -1;
+		}
+		if (rsp->ccode > 0) {
+			lprintf(LOG_ERR, "Get Channel Authentication Capabilities failed: %s",
+				val2str(rsp->ccode, completion_code_vals));
+			return -1;
+		}
+	}
+
+	memcpy(&auth_cap, rsp->data, sizeof(struct get_channel_auth_cap_rsp));
+
+	printf("Channel number             : %d\n",
+		   auth_cap.channel_number);
+	printf("IPMI v1.5  auth types      : %s\n",
+		   ipmi_1_5_authtypes(auth_cap.enabled_auth_types));
+
+	if (auth_cap.v20_data_available)
+		printf("KG status                  : %s\n",
+			   (auth_cap.kg_status) ? "non-zero" : "default (all zeroes)");
+
+	printf("Per message authentication : %sabled\n",
+		   (auth_cap.per_message_auth) ? "dis" : "en");
+	printf("User level authentication  : %sabled\n",
+		   (auth_cap.user_level_auth) ? "dis" : "en");
+
+	printf("Non-null user names exist  : %s\n",
+		   (auth_cap.non_null_usernames) ? "yes" : "no");
+	printf("Null user names exist      : %s\n",
+		   (auth_cap.null_usernames) ? "yes" : "no");
+	printf("Anonymous login enabled    : %s\n",
+		   (auth_cap.anon_login_enabled) ? "yes" : "no");
+
+	if (auth_cap.v20_data_available) {
+		printf("Channel supports IPMI v1.5 : %s\n",
+			   (auth_cap.ipmiv15_support) ? "yes" : "no");
+		printf("Channel supports IPMI v2.0 : %s\n",
+			   (auth_cap.ipmiv20_support) ? "yes" : "no");
+	}
+
+	/*
+	 * If there is support for an OEM authentication type, there is some
+	 * information.
+	 */
+	if (auth_cap.enabled_auth_types & IPMI_1_5_AUTH_TYPE_BIT_OEM) {
+		printf("IANA Number for OEM        : %d\n",
+			   auth_cap.oem_id[0]      | 
+			   auth_cap.oem_id[1] << 8 | 
+			   auth_cap.oem_id[2] << 16);
+		printf("OEM Auxiliary Data         : 0x%x\n",
+			   auth_cap.oem_aux_data);
+	}
+
+	return 0;
+}
+
+
+
+/**
+ * ipmi_get_channel_info
+ *
+ * returns 0 on success
+ *         -1 on failure
+ *
+ */
+int
+ipmi_get_channel_info(struct ipmi_intf * intf, uint8_t channel)
+{
+	struct ipmi_rs * rsp;
+	struct ipmi_rq req;
+	uint8_t rqdata[2];
+	uint8_t medium;
+	struct get_channel_info_rsp   channel_info;
+	struct get_channel_access_rsp channel_access;
+
+	memset(&req, 0, sizeof(req));
+	req.msg.netfn = IPMI_NETFN_APP;        // 0x06
+	req.msg.cmd   = IPMI_GET_CHANNEL_INFO; // 0x42
+	req.msg.data = &channel;
+	req.msg.data_len = 1;
+
+	rsp = intf->sendrecv(intf, &req);
+	if (rsp == NULL) {
+		lprintf(LOG_ERR, "Unable to Get Channel Info");
+		return -1;
+	}
+	if (rsp->ccode > 0) {
+		lprintf(LOG_ERR, "Get Channel Info failed: %s",
+			val2str(rsp->ccode, completion_code_vals));
+		return -1;
+	}
+
+	memcpy(&channel_info, rsp->data, sizeof(struct get_channel_info_rsp));
+
+	printf("Channel 0x%x info:\n", channel_info.channel_number);
+
+	printf("  Channel Medium Type   : %s\n",
+		   val2str(channel_info.channel_medium, ipmi_channel_medium_vals));
+
+	printf("  Channel Protocol Type : %s\n",
+		   val2str(channel_info.channel_protocol, ipmi_channel_protocol_vals));
+
+	printf("  Session Support       : ");
+	switch (channel_info.session_support) {
+		case 0x0:
+			printf("session-less\n");
+			break;
+		case 0x1:
+			printf("single-session\n");
+			break;
+		case 0x2:
+			printf("multi-session\n");
+			break;
+		case 0x3:
+		default:
+			printf("session-based\n");
+			break;
+	}
+
+	printf("  Active Session Count  : %d\n",
+		   channel_info.active_sessions);
+
+	printf("  Protocol Vendor ID    : %d\n",
+		   channel_info.vendor_id[0]      |
+		   channel_info.vendor_id[1] << 8 |
+		   channel_info.vendor_id[2] << 16);
+
+
+	/* only proceed if this is LAN channel */
+	medium = ipmi_get_channel_medium(intf, channel);
+	if (medium != IPMI_CHANNEL_MEDIUM_LAN &&
+	    medium != IPMI_CHANNEL_MEDIUM_LAN_OTHER) {
+		return 0;
+	}
+
+	memset(&req, 0, sizeof(req));
+	rqdata[0] = channel & 0xf;
+
+	/* get volatile settings */
+
+	rqdata[1] = 0x80; /* 0x80=active */
+	req.msg.netfn = IPMI_NETFN_APP;          // 0x06
+	req.msg.cmd   = IPMI_GET_CHANNEL_ACCESS; // 0x41
+	req.msg.data = rqdata;
+	req.msg.data_len = 2;
+
+	rsp = intf->sendrecv(intf, &req);
+	if (rsp == NULL) {
+		lprintf(LOG_ERR, "Unable to Get Channel Access (volatile)");
+		return -1;
+	}
+	if (rsp->ccode > 0) {
+		lprintf(LOG_ERR, "Get Channel Access (volatile) failed: %s",
+			val2str(rsp->ccode, completion_code_vals));
+		return -1;
+	}
+
+	memcpy(&channel_access, rsp->data, sizeof(struct get_channel_access_rsp));
+
+
+	printf("  Volatile(active) Settings\n");
+	printf("    Alerting            : %sabled\n",
+		   (channel_access.alerting) ? "dis" : "en");
+	printf("    Per-message Auth    : %sabled\n",
+		   (channel_access.per_message_auth) ? "dis" : "en");
+	printf("    User Level Auth     : %sabled\n",
+		   (channel_access.user_level_auth) ? "dis" : "en");
+
+	printf("    Access Mode         : ");
+	switch (channel_access.access_mode) {
+		case 0:
+			printf("disabled\n");
+			break;
+		case 1:
+			printf("pre-boot only\n");
+			break;
+		case 2:
+			printf("always available\n");
+			break;
+		case 3:
+			printf("shared\n");
+			break;
+		default:
+			printf("unknown\n");
+			break;
+	}
+
+	/* get non-volatile settings */
+
+	rqdata[1] = 0x40; /* 0x40=non-volatile */
+	rsp = intf->sendrecv(intf, &req);
+	if (rsp == NULL) {
+		lprintf(LOG_ERR, "Unable to Get Channel Access (non-volatile)");
+		return -1;
+	}
+	if (rsp->ccode > 0) {
+		lprintf(LOG_ERR, "Get Channel Access (non-volatile) failed: %s",
+			val2str(rsp->ccode, completion_code_vals));
+		return -1;
+	}
+
+	memcpy(&channel_access, rsp->data, sizeof(struct get_channel_access_rsp));
+
+	printf("  Non-Volatile Settings\n");
+	printf("    Alerting            : %sabled\n",
+		   (channel_access.alerting) ? "dis" : "en");
+	printf("    Per-message Auth    : %sabled\n",
+		   (channel_access.per_message_auth) ? "dis" : "en");
+	printf("    User Level Auth     : %sabled\n",
+		   (channel_access.user_level_auth) ? "dis" : "en");
+
+	printf("    Access Mode         : ");
+	switch (channel_access.access_mode) {
+		case 0:
+			printf("disabled\n");
+			break;
+		case 1:
+			printf("pre-boot only\n");
+			break;
+		case 2:
+			printf("always available\n");
+			break;
+		case 3:
+			printf("shared\n");
+			break;
+		default:
+			printf("unknown\n");
+			break;
+	}
+
+	return 0;
+}
+
+static int
+ipmi_get_user_access(struct ipmi_intf * intf, uint8_t channel, uint8_t userid)
+{
+	struct ipmi_rs * rsp;
+	struct ipmi_rq req1, req2;
+	uint8_t rqdata[2];
+	struct get_user_access_rsp user_access;
+	int curr_uid, max_uid = 0, init = 1;
+
+	curr_uid = userid ? : 1;
+
+	memset(&req1, 0, sizeof(req1));
+	req1.msg.netfn = IPMI_NETFN_APP;
+	req1.msg.cmd = IPMI_GET_USER_ACCESS;
+	req1.msg.data = rqdata;
+	req1.msg.data_len = 2;
+
+	memset(&req2, 0, sizeof(req2));
+	req2.msg.netfn = IPMI_NETFN_APP;
+	req2.msg.cmd = IPMI_GET_USER_NAME;
+	req2.msg.data = rqdata;
+	req2.msg.data_len = 1;
+
+	do
+	{
+		rqdata[0] = channel & 0xf;
+		rqdata[1] = curr_uid & 0x3f;
+
+		rsp = intf->sendrecv(intf, &req1);
+		if (rsp == NULL) {
+			lprintf(LOG_ERR, "Unable to Get User Access (channel %d id %d)",
+				rqdata[0], rqdata[1]);
+			return -1;
+		}
+		if (rsp->ccode > 0) {
+			lprintf(LOG_ERR, "Get User Access (channel %d id %d) failed: %s",
+				rqdata[0], rqdata[1],
+				val2str(rsp->ccode, completion_code_vals));
+			return -1;
+		}
+
+		memcpy(&user_access, rsp->data, sizeof(struct get_user_access_rsp));
+
+		rqdata[0] = curr_uid & 0x3f;
+
+		rsp = intf->sendrecv(intf, &req2);
+		if (rsp == NULL) {
+			lprintf(LOG_ERR, "Unable to Get User Name (id %d)", rqdata[0]);
+			return -1;
+		}
+		if (rsp->ccode > 0) {
+			lprintf(LOG_ERR, "Get User Name (id %d) failed: %s",
+				rqdata[0], val2str(rsp->ccode, completion_code_vals));
+			return -1;
+		}
+
+		if (init) {
+			printf("Maximum User IDs     : %d\n", user_access.max_user_ids);
+			printf("Enabled User IDs     : %d\n", user_access.enabled_user_ids);
+			max_uid = user_access.max_user_ids;
+			init = 0;
+		}
+
+		printf("\n");
+		printf("User ID              : %d\n", curr_uid);
+		printf("User Name            : %s\n", rsp->data);
+		printf("Fixed Name           : %s\n",
+		       (curr_uid <= user_access.fixed_user_ids) ? "Yes" : "No");
+		printf("Access Available     : %s\n",
+		       (user_access.callin_callback) ? "callback" : "call-in / callback");
+		printf("Link Authentication  : %sabled\n",
+		       (user_access.link_auth) ? "en" : "dis");
+		printf("IPMI Messaging       : %sabled\n",
+		       (user_access.ipmi_messaging) ? "en" : "dis");
+		printf("Privilege Level      : %s\n",
+		       val2str(user_access.privilege_limit, ipmi_privlvl_vals));
+
+		curr_uid ++;
+
+	} while (!userid && curr_uid <= max_uid);
+
+	return 0;
+}
+
+static int
+ipmi_set_user_access(struct ipmi_intf * intf, int argc, char ** argv)
+{
+	uint8_t channel, privilege_limit, userid;
+	struct ipmi_rs * rsp;
+	struct ipmi_rq req;
+	uint8_t rqdata[2];
+	struct get_user_access_rsp user_access;
+	struct set_user_access_data set_access;
+	int i;
+
+	if ((argc < 3) || (strncmp(argv[0], "help", 4) == 0)) {
+		printf_channel_usage();
+		return 0;
+	}
+
+	if (str2uchar(argv[0], &channel) != 0) {
+		lprintf(LOG_ERR, "Numeric value expected, but '%s' given.", argv[0]);
+		return (-1);
+	}
+	if (str2uchar(argv[1], &userid) != 0) {
+		lprintf(LOG_ERR, "Numeric value expected, but '%s' given.", argv[1]);
+		return (-1);
+	}
+
+	memset(&req, 0, sizeof(req));
+	req.msg.netfn = IPMI_NETFN_APP;
+	req.msg.cmd = IPMI_GET_USER_ACCESS;
+	req.msg.data = rqdata;
+	req.msg.data_len = 2;
+
+	rqdata[0] = channel & 0xf;
+	rqdata[1] = userid & 0x3f;
+
+	rsp = intf->sendrecv(intf, &req);
+	if (rsp == NULL) {
+		lprintf(LOG_ERR, "Unable to Get User Access (channel %d id %d)",
+			rqdata[0], rqdata[1]);
+		return -1;
+	}
+	if (rsp->ccode > 0) {
+		lprintf(LOG_ERR, "Get User Access (channel %d id %d) failed: %s",
+			rqdata[0], rqdata[1],
+			val2str(rsp->ccode, completion_code_vals));
+		return -1;
+	}
+
+	memcpy(&user_access, rsp->data, sizeof(struct get_user_access_rsp));
+
+	memset(&set_access, 0, sizeof(set_access));
+	set_access.change_bits = 1;
+	set_access.callin_callback = user_access.callin_callback;
+	set_access.link_auth = user_access.link_auth;
+	set_access.ipmi_messaging = user_access.ipmi_messaging;
+	set_access.channel = channel;
+	set_access.user_id = userid;
+	set_access.privilege_limit = user_access.privilege_limit;
+	set_access.session_limit = 0;
+
+	for (i = 2; i < argc; i ++)
+	{
+		if (strncmp(argv[i], "callin=", 7) == 0) {
+			set_access.callin_callback = !(strncmp (argv[i]+7, "off", 3));
+		}
+		else if (strncmp(argv[i], "link=", 5) == 0) {
+			set_access.link_auth = strncmp (argv[i]+5, "off", 3);
+		}
+		else if (strncmp(argv[i], "ipmi=", 5) == 0) {
+			set_access.ipmi_messaging = strncmp (argv[i]+5, "off", 3);
+		}
+		else if (strncmp(argv[i], "privilege=", 10) == 0) {
+			if (str2uchar(argv[i]+10, &privilege_limit) != 0) {
+				lprintf(LOG_ERR, "Numeric value expected, but '%s' given.", argv[i]+10);
+				return (-1);
+			}
+			set_access.privilege_limit = privilege_limit;
+		}
+		else {
+			printf ("Invalid option: %s\n", argv [i]);
+			return -1;
+		}
+	}
+
+	memset(&req, 0, sizeof(req));
+	req.msg.netfn = IPMI_NETFN_APP;
+	req.msg.cmd = IPMI_SET_USER_ACCESS;
+	req.msg.data = (uint8_t *) &set_access;
+	req.msg.data_len = 4;
+
+	rsp = intf->sendrecv(intf, &req);
+	if (rsp == NULL) {
+		lprintf(LOG_ERR, "Unable to Set User Access (channel %d id %d)",
+			set_access.channel, set_access.user_id);
+		return -1;
+	}
+	if (rsp->ccode > 0) {
+		lprintf(LOG_ERR, "Set User Access (channel %d id %d) failed: %s",
+			set_access.channel, set_access.user_id,
+			val2str(rsp->ccode, completion_code_vals));
+		return -1;
+	}
+
+	return 0;
+}
+
+
+static const char *
+iana_string(uint32_t iana)
+{
+	static char s[10];
+
+	if (iana)
+	{
+		sprintf(s, "%06x", iana);
+		return s;
+	}
+	else
+		return "N/A";
+}
+
+
+static int
+ipmi_get_channel_cipher_suites(struct ipmi_intf * intf,
+			       const char * payload_type,
+			       uint8_t channel)
+{
+	struct ipmi_rs * rsp;
+	struct ipmi_rq req;
+
+	uint8_t  oem_record;
+	uint8_t  rqdata[3];
+	uint32_t iana;
+	uint8_t  auth_alg, integrity_alg, crypt_alg;
+	uint8_t  cipher_suite_id;
+	uint8_t  list_index = 0;
+	uint8_t  cipher_suite_data[1024]; // 0x40 sets * 16 bytes per set
+	uint16_t offset = 0;
+	uint16_t cipher_suite_data_length = 0; // how much was returned, total
+
+	memset(cipher_suite_data, 0, sizeof(cipher_suite_data));
+	
+	memset(&req, 0, sizeof(req));
+	req.msg.netfn = IPMI_NETFN_APP;                 // 0x06
+	req.msg.cmd   = IPMI_GET_CHANNEL_CIPHER_SUITES; // 0x54
+	req.msg.data = rqdata;
+	req.msg.data_len = 3;
+
+	rqdata[0] = channel;
+	rqdata[1] = ((strncmp(payload_type, "ipmi", 4) == 0)? 0: 1);
+	rqdata[2] = 0x80; // Always ask for cipher suite format
+
+	rsp = intf->sendrecv(intf, &req);
+	if (rsp == NULL) {
+		lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites");
+		return -1;
+	}
+	if (rsp->ccode > 0) {
+		lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
+			val2str(rsp->ccode, completion_code_vals));
+		return -1;
+	}
+
+
+	// Grab the returned channel number once.  We assume it's the same
+	// in future calls.
+	if (rsp->data_len >= 1)
+		channel = rsp->data[0];
+		
+	while ((rsp->data_len > 1) && (rsp->data_len == 17) && (list_index < 0x3F))
+	{
+		//
+		// We got back cipher suite data -- store it.
+		//printf("copying data to offset %d\n", offset);
+		//printbuf(rsp->data + 1, rsp->data_len - 1, "this is the data");
+		memcpy(cipher_suite_data + offset, rsp->data + 1, rsp->data_len - 1);
+		offset += rsp->data_len - 1;
+		
+		//
+		// Increment our list for the next call
+		//
+		++list_index;
+		rqdata[2] =  (rqdata[2] & 0x80) + list_index; 
+
+		rsp = intf->sendrecv(intf, &req);
+		if (rsp == NULL) {
+			lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites");
+			return -1;
+		}
+		if (rsp->ccode > 0) {
+			lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
+					val2str(rsp->ccode, completion_code_vals));
+			return -1;
+		}
+	}
+
+	/* Copy last chunk */
+	if(rsp->data_len > 1)
+	{
+		//
+		// We got back cipher suite data -- store it.
+		//printf("copying data to offset %d\n", offset);
+		//printbuf(rsp->data + 1, rsp->data_len - 1, "this is the data");
+		memcpy(cipher_suite_data + offset, rsp->data + 1, rsp->data_len - 1);
+		offset += rsp->data_len - 1;
+	}
+
+	//
+	// We can chomp on all our data now.
+	//
+	cipher_suite_data_length = offset;
+	offset = 0;
+
+	if (! csv_output)
+		printf("ID   IANA    Auth Alg        Integrity Alg   Confidentiality Alg\n");
+	
+	while (offset < cipher_suite_data_length)
+	{
+		if (cipher_suite_data[offset++] == 0xC0)
+		{
+			oem_record = 0; // standard type
+			iana       = 0;
+
+			// Verify that we have at least a full record left
+			if ((cipher_suite_data_length - offset) < 4) // id + 3 algs
+			{
+				lprintf(LOG_ERR, "Incomplete data record in cipher suite data");
+				return -1;
+			}
+			
+			cipher_suite_id = cipher_suite_data[offset++];
+				
+		}
+		else if (cipher_suite_data[offset++] == 0xC1)
+		{
+			oem_record = 1; // OEM record type    
+
+			// Verify that we have at least a full record left
+			if ((cipher_suite_data_length - offset) < 4) // id + iana + 3 algs
+			{
+				lprintf(LOG_ERR, "Incomplete data record in cipher suite data");
+				return -1;
+			}
+
+			cipher_suite_id = cipher_suite_data[offset++];
+
+			//
+			// Grab the IANA
+			//
+			iana =
+				cipher_suite_data[offset]            | 
+				(cipher_suite_data[offset + 1] << 8) | 
+				(cipher_suite_data[offset + 2] << 16);
+			offset += 3;
+		}
+		else
+		{
+			lprintf(LOG_ERR, "Bad start of record byte in cipher suite data");
+			return -1;
+		}
+
+		//
+		// Grab the algorithms for this cipher suite.  I guess we can't be
+		// sure of what order they'll come in.  Also, I suppose we default
+		// to the NONE algorithm if one were absent.  This part of the spec is
+		// poorly written -- I have read the errata document.  For now, I'm only
+		// allowing one algorithm per type (auth, integrity, crypt) because I
+		// don't I understand how it could be otherwise.
+		//
+		auth_alg      = IPMI_AUTH_RAKP_NONE;
+		integrity_alg = IPMI_INTEGRITY_NONE;
+		crypt_alg     = IPMI_CRYPT_NONE;
+		
+		while (((cipher_suite_data[offset] & 0xC0) != 0xC0) &&
+			   ((cipher_suite_data_length - offset) > 0))
+		{
+			switch (cipher_suite_data[offset] & 0xC0)
+			{
+			case 0x00:
+				// Authentication algorithm specifier
+				auth_alg = cipher_suite_data[offset++] & 0x3F;
+				break;
+			case 0x40:
+				// Interity algorithm specifier
+				integrity_alg = cipher_suite_data[offset++] & 0x3F;
+				break;
+			case 0x80:
+				// Confidentiality algorithm specifier
+				crypt_alg = cipher_suite_data[offset++] & 0x3F;
+				break;
+			}
+		}
+
+
+		//
+		// We have everything we need to spit out a cipher suite record
+		//
+		printf((csv_output? "%d,%s,%s,%s,%s\n" :
+			"%-4d %-7s %-15s %-15s %-15s\n"),
+		       cipher_suite_id,
+		       iana_string(iana),
+		       val2str(auth_alg, ipmi_auth_algorithms),
+		       val2str(integrity_alg, ipmi_integrity_algorithms),
+		       val2str(crypt_alg, ipmi_encryption_algorithms));
+	}
+	
+	
+	return 0;
+}
+
+
+
+uint8_t
+ipmi_get_channel_medium(struct ipmi_intf * intf, uint8_t channel)
+{
+	struct ipmi_rs * rsp;
+	struct ipmi_rq req;
+	struct get_channel_info_rsp info;
+
+	memset(&req, 0, sizeof(req));
+	req.msg.netfn = IPMI_NETFN_APP;
+	req.msg.cmd = IPMI_GET_CHANNEL_INFO;
+	req.msg.data = &channel;
+	req.msg.data_len = 1;
+
+	rsp = intf->sendrecv(intf, &req);
+	if (rsp == NULL) {
+		lprintf(LOG_ERR, "Get Channel Info command failed");
+		return 0;
+	}
+	if (rsp->ccode > 0) {
+		if (rsp->ccode == 0xcc)
+			return IPMI_CHANNEL_MEDIUM_RESERVED;
+		lprintf(LOG_INFO, "Get Channel Info command failed: %s",
+		       val2str(rsp->ccode, completion_code_vals));
+		return IPMI_CHANNEL_MEDIUM_RESERVED;
+	}
+
+	memcpy(&info, rsp->data, sizeof(struct get_channel_info_rsp));
+
+	lprintf(LOG_DEBUG, "Channel type: %s",
+		val2str(info.channel_medium, ipmi_channel_medium_vals));
+
+	return info.channel_medium;
+}
+
+uint8_t
+ipmi_current_channel_medium(struct ipmi_intf * intf)
+{
+	return ipmi_get_channel_medium(intf, 0xE);
+}
+
+void
+printf_channel_usage()
+{
+	lprintf(LOG_NOTICE, "Channel Commands: authcap   <channel number> <max privilege>");
+	lprintf(LOG_NOTICE, "                  getaccess <channel number> [user id]");
+	lprintf(LOG_NOTICE, "                  setaccess <channel number> "
+		"<user id> [callin=on|off] [ipmi=on|off] [link=on|off] [privilege=level]");
+	lprintf(LOG_NOTICE, "                  info      [channel number]");
+	lprintf(LOG_NOTICE, "                  getciphers <ipmi | sol> [channel]\n");
+	lprintf(LOG_NOTICE, "Possible privilege levels are:");
+	lprintf(LOG_NOTICE, "   1   Callback level");
+	lprintf(LOG_NOTICE, "   2   User level");
+	lprintf(LOG_NOTICE, "   3   Operator level");
+	lprintf(LOG_NOTICE, "   4   Administrator level");
+	lprintf(LOG_NOTICE, "   5   OEM Proprietary level");
+	lprintf(LOG_NOTICE, "  15   No access");
+}
+
+
+int
+ipmi_channel_main(struct ipmi_intf * intf, int argc, char ** argv)
+{
+	int retval = 0;
+	uint8_t channel, priv = 0;
+
+	if ((argc == 0) || (strncmp(argv[0], "help", 4) == 0))
+	{
+		printf_channel_usage();
+	}
+	else if (strncmp(argv[0], "authcap", 7) == 0)
+	{
+		if (argc != 3) {
+			printf_channel_usage();
+			return (-1);
+		} else {
+			if (str2uchar(argv[1], &channel) != 0) {
+				lprintf(LOG_ERR, "Numeric value expected, but '%s' given.", argv[1]);
+				return (-1);
+			}
+			if (str2uchar(argv[2], &priv) != 0) {
+				lprintf(LOG_ERR, "Numeric value expected, but '%s' given.", argv[2]);
+				return (-1);
+			}
+			retval = ipmi_get_channel_auth_cap(intf, channel, priv);
+		}
+	}
+	else if (strncmp(argv[0], "getaccess", 10) == 0)
+	{
+		if ((argc < 2) || (argc > 3))
+			printf_channel_usage();
+		else {
+			uint8_t ch = 0;
+			uint8_t id = 0;
+			if (str2uchar(argv[1], &ch) != 0) {
+				lprintf(LOG_ERR, "Numeric value expected, but '%s' given.", argv[1]);
+				return (-1);
+			}
+			if (argc == 3) {
+				if (str2uchar(argv[2], &id) != 0) {
+					lprintf(LOG_ERR, "Numeric value expected, but '%s' given.", argv[2]);
+					return (-1);
+				}
+			}
+			retval = ipmi_get_user_access(intf, ch, id);
+		}
+	}
+	else if (strncmp(argv[0], "setaccess", 9) == 0)
+	{
+		retval = ipmi_set_user_access(intf, argc-1, &(argv[1]));
+	}
+	else if (strncmp(argv[0], "info", 4) == 0)
+	{
+		if (argc > 2)
+			printf_channel_usage();
+		else {
+			uint8_t ch = 0xe;
+			if (argc == 2) {
+				if (str2uchar(argv[1], &ch) != 0) {
+					lprintf(LOG_ERR, "Numeric value expected, but '%s' given.", argv[1]);
+					return (-1);
+				}
+			}
+			retval = ipmi_get_channel_info(intf, ch);
+		}
+	}
+
+	// it channel getciphers <ipmi | sol> [channel] 
+	else if (strncmp(argv[0], "getciphers", 10) == 0)
+	{
+		if ((argc < 2) || (argc > 3)  ||
+		    (strncmp(argv[1], "ipmi", 4) && strncmp(argv[1], "sol",  3)))
+			printf_channel_usage();
+		else
+		{
+			uint8_t ch = 0xe;
+			if (argc == 3) {
+				if (str2uchar(argv[2], &ch) != 0) {
+					lprintf(LOG_ERR, "Numeric value expected, but '%s' given.", argv[2]);
+					return (-1);
+				}
+			}
+			retval = ipmi_get_channel_cipher_suites(intf,
+								argv[1], // ipmi | sol
+								ch);
+		}
+	}
+	else
+	{
+		printf("Invalid CHANNEL command: %s\n", argv[0]);
+		printf_channel_usage();
+		retval = -1;
+	}
+
+	return retval;
+}
author	Jörg Frings-Fürst <debian@jff-webhosting.net>	2014-07-23 15:03:01 +0200
committer	Jörg Frings-Fürst <debian@jff-webhosting.net>	2014-07-23 15:03:01 +0200
commit	777af8a8761d05c30588abec7444b143fe7393f0 (patch)
tree	5a135c37eaa9ac94772819a28ce5beedd18e5c4a /lib/ipmi_channel.c
parent	c3445516ecd58e97de483cf4b7fafcc1104890d7 (diff)
parent	b32d92e890caac903491116e9d817aa780c0323b (diff)