Imported Upstream version 2.9.6upstream/2.9.6

author: Jörg Frings-Fürst <debian@jff-webhosting.net> 2015-04-29 15:44:44 +0200
committer: Jörg Frings-Fürst <debian@jff-webhosting.net> 2015-04-29 15:44:44 +0200
commit: b18f5bf2db0fba2e7e539f68645836036d940d26 (patch)
tree: 23c4dd8f3d273f34ef9bbe1799d1958685559915 /util/ilan.c
parent: a7f89980e5b3f4b9a74c70dbc5ffe8aabd28be28 (diff)
1 files changed, 55 insertions, 11 deletions
diff --git a/util/ilan.c b/util/ilan.c
index a1ed76a..2458fbb 100644
--- a/util/ilan.c
+++ b/util/ilan.c
@@ -305,7 +305,7 @@ extern char *get_sensor_type_desc(uchar stype);  /*from ievents.c*/
 /*
  * Global variables 
  */
-static char * progver   = "2.93";
+static char * progver   = "2.96";
 static char * progname  = "ilan";
 static char   fdebug    = 0;
 static char   fipmilan  = 0;
@@ -317,6 +317,7 @@ static char   fAdjustPefNum = 0;  /* =1 adjust pefnum to first empty index */
 static char   fUserPefNum = 0;    /* =1 if user specified a valid pefnum value*/
 static char   freadonly = 1;      /* =1 to only read LAN & PEF parameters */
 static char   fcanonical = 0;     /* =1 to show only canonical output */
+static char   flansecure = 0;     /* =1 set lan security: no null, cipher0 off*/
 static char   bdelim = BCOLON;    /* delimiter ':' or '|' if canonical output*/
 static char   ftestonly = 0;
 static char   fprivset  = 0;
@@ -361,6 +362,8 @@ static uchar  osmyip[4]    = {0,0,0,0};
 static uchar  bmcmyip[4]   = {0,0,0,0};
 static uchar  bmcdestip[4] = {0,0,0,0};
 static uchar  bmcdestmac[6]= {0xff,0,0,0,0,0};
+static uchar  bmcgwyip[4]   = {0,0,0,0};
+static uchar  bmcgwymac[6]= {0xff,0,0,0,0,0};
 static uchar  bmcmymac[6]  = {0xff,0,0,0,0,0};
 static uchar  rgmymac[6]   = {0xff,0,0,0,0,0};
 static uchar  osmymac[6]   = {0xff,0,0,0,0,0};
@@ -368,6 +371,9 @@ static uchar  rggwymac[6]  = {0xff,0,0,0,0,0};
 static uchar  rggwy2mac[6] = {0xff,0,0,0,0,0};
 static uchar  rgdestmac[6] = {0xff,0,0,0,0,0};
 static uchar  rgdhcpmac[6] = {0xff,0,0,0,0,0};
+static int    nciphers = 16;
+static int    ncipher0 = 0;
+static uchar  rgciphers[16] = {0xff,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
 static char   rghostname[32] = {'\0'};
 static uchar  custPEF[20];   /* max used = 18 bytes */
 static char   rgcommunity[19] = "public";  /* default community */
@@ -774,7 +780,7 @@ SetPasswd(int unum, char *uname, char *upswd)
 	if ((unum != 1) && (uname == NULL)) {
 	   ;  /* if no username, do not enable user */
 	} else {
-           inputData[0] = (uchar)unum;  /*user 1 = null user */
+           inputData[0] = (uchar)unum;  
            inputData[1] = 0x01;  /*enable user*/
 	   responseLength = sizeof(responseData);
            status = ipmi_cmd(SET_USER_PASSWORD, inputData, 2, responseData, 
@@ -786,7 +792,7 @@ SetPasswd(int unum, char *uname, char *upswd)
 	   if (status != 0) ret = status;
 	}
 
-         inputData[0] = (uchar)unum;  /*user 1 = null user */
+         inputData[0] = (uchar)unum;  
          inputData[1] = 0x02;  /*set password*/
 	 psw_len = PSW_LEN;   /*=16 change if 20-byte passwords supported */
          memset(&inputData[2],0,psw_len);
@@ -888,7 +894,7 @@ static char *parse_priv(uchar c)
 		case 4:    p = "Admin "; break;
 		case 5:    p = "OEM   "; break;
 		case 0x0f: p = "No access"; break;
-		default:   p = "Reserved";
+		default:   p = "Reserved"; /*usually =0*/
 	}
 	return(p);
 }
@@ -3666,7 +3672,6 @@ main(int argc, char **argv)
    uchar bset;
    int ndest = 4;
    int idest;
-   int nciphers = 16;
    char mystr[80];
    char fpefok = 1;
    uchar * pc; int sz; 
@@ -3676,7 +3681,7 @@ main(int argc, char **argv)
    j = 0; freadonly = FLAG_INIT;
    idx = argc;  /*getopt loop counter*/
    /* available opt chars: y O Q + = ~ _ */
-   while ((c = getopt(argc, argv,"a:b:cdef:gh:i:j:klm:n:op:q:rstu:v:w:xy:z#::A:B:C:DEF:G:H:I:J:K:L:M:N:P:Q:R:S:T:U:V:X:YZ:?")) != EOF) {
+   while ((c = getopt(argc, argv,"a:b:cdef:gh:i:j:klm:n:op:q:rstu:v:w:xy:z#::A:B:C:DEF:G:H:I:J:K:L:M:N:OP:Q:R:S:T:U:V:X:YZ:?")) != EOF) {
       switch(c) {
           case 'a':      /* alert dest number (usu 1 thru 4) */
 		    alertnum = atob(optarg);
@@ -3787,6 +3792,7 @@ main(int argc, char **argv)
           case 'x': fdebug = 1;     break;
           case 'z': flanstats = 1;     break;
           case 'D': lan_dhcp = 1; j++;  break;
+          case 'O': flansecure = 1; j++; break;
           case 'I':      /* My BMC IP Address */
 		fset_ip |= MYIP;
 		atoip(rgmyip,optarg);
@@ -3919,7 +3925,8 @@ main(int argc, char **argv)
              printf("      -D  Use DHCP instead of static IP (-I for server)\n");
              printf("      -K  (Kontron) IPMI hostname to set\n");
              printf("      -Q  VLAN Priority (default =0)\n");
-	     print_lan_opt_usage();
+             printf("      -O  Force LAN security: no null user, cipher 0 off\n");
+	     print_lan_opt_usage(0);
 	     ret = ERR_USAGE;
              goto do_exit;
       } /*end switch*/
@@ -4096,6 +4103,7 @@ main(int argc, char **argv)
    /* set the lan_user appropriately */
    if (myuser == NULL) {  /* if no -u param */
       if (ipmi_reserved_user(vend_id, 1)) lan_user = 2; 
+      else if (flansecure) lan_user = 2;
       else lan_user = 1;   /*use default null user */
    } else if (usernum != 0) lan_user = usernum;  /*use -q specified usernum*/
    /* else use default lan_user (=2) if -u and not -q */  
@@ -4486,6 +4494,10 @@ main(int argc, char **argv)
 	    //   if (pc[0] >= 30) memcpy(bparm7,pc,3);
 	    } else if (ival == 17)  {  /* num dest */
 		ndest = pc[0];  /* save the number of destinations */
+	    } else if (ival == 12)  {  /* gateway addr */
+                if (IpIsValid(pc)) memcpy(bmcgwyip,pc,4);
+	    } else if (ival == 13)  {  /* gateway mac */
+		if (MacIsValid(pc)) memcpy(bmcgwymac,pc,MAC_LEN);
 	    } else if (ival == 19)  {  /* dest addr */
                 if (IpIsValid(&pc[3])) memcpy(bmcdestip,&pc[3],4);
 		if (MacIsValid(&pc[7])) memcpy(bmcdestmac,&pc[7],MAC_LEN);
@@ -4541,8 +4553,12 @@ main(int argc, char **argv)
 		    || ival == 192) {
 		   printf("%d.%d.%d.%d",pc[0], pc[1], pc[2], pc[3]);
 	  	} else if (ival == 23) { /*Cipher Suites*/
-		   for (i = 1; i <= nciphers; i++) printf("%2d ",pc[i]);
+		   for (i = 1; i <= nciphers; i++) {
+			if (pc[i] == 0) ncipher0 = pc[i];
+			printf("%2d ",pc[i]);
+		   }
 	  	} else if (ival == 24) { /*Cipher Suite Privi Levels*/
+		   j = 0;
 		   for (i = 1; i < 9; i++) {
 			char c1, c2;
 			char *p;
@@ -4550,6 +4566,8 @@ main(int argc, char **argv)
 			c1 = p[0];
 			p = parse_priv((pc[i] & 0xf0) >> 4);
 			c2 = p[0];
+			rgciphers[j++] = (pc[i] & 0x0f);
+			rgciphers[j++] = ((pc[i] & 0xf0) >> 4);
 			if ((i*2) >= nciphers) c2 = ' ';
 			printf(" %c  %c ",c1,c2);
 			if ((i*2) > nciphers) break;
@@ -4770,6 +4788,10 @@ main(int argc, char **argv)
              if (fdebug) printf("SetChanAcc(lan/nonvol), ret = %d\n",ret);
 	     if (ret != 0) { nerrs++; lasterr = ret; }
 	     else ngood++;
+             if (flansecure) {
+	        j = DisableUser(0); /*disable the default null user*/
+                printf("DisableUser(0), ret = %d\n",j);
+             }
 	     ret = SetUser(lan_user,myuser,passwordData);
              printf("SetUser(%d), ret = %d\n",lan_user,ret);
 	     if (ret != 0) { nerrs++; lasterr = ret; }
@@ -4948,8 +4970,12 @@ main(int argc, char **argv)
 		rggwyip[0], rggwyip[1], rggwyip[2], rggwyip[3],
 		rggwymac[0], rggwymac[1], rggwymac[2], rggwymac[3], 
 		rggwymac[4], rggwymac[5]);
-	    if (!SubnetIsSame(rgmyip,rggwyip,rgsubnet)) 
-               printf("WARNING: IP Address and Gateway are not on the same subnet.\n");
+	    if (!SubnetIsSame(rgmyip,rggwyip,rgsubnet)) {
+               printf("WARNING: IP Address and Gateway are not on the same subnet,"
+		" setting Gateway to previous value\n");
+	       memcpy(rggwyip,bmcgwyip,4);
+	       memcpy(rggwymac,bmcgwymac,6);
+	    }
 
 	    /* Set the Default Gateway IP & MAC */
 	    memcpy(&LanRecord,rggwyip,4);
@@ -4961,13 +4987,14 @@ main(int argc, char **argv)
 		printf("  Warning: Gateway MAC address was not resolved! "
 			"Check %s interface, use -i ethN, or use -H gwymac.\n",
 			ifname);
+		memcpy(&LanRecord,bmcgwymac,6);
 	    } else {
 		memcpy(&LanRecord,rggwymac,6);
+	    }
 		ret = SetLanEntry(13, &LanRecord, 6);
 		printf("SetLanEntry(13), ret = %d\n",ret);
 	        if (ret != 0) { nerrs++; lasterr = ret; }
 	        else ngood++;
-	    }
 	  }
           if (IpIsValid(rggwy2ip)) { 
 	    if (!MacIsValid(rggwy2mac)) /* if gwy2 MAC not set by user */
@@ -4985,6 +5012,23 @@ main(int argc, char **argv)
 	    else ngood++;
 	  }
 	 } /* end-else static IP */
+         if (flansecure) {  /* disable cipher 0 */
+            char c1, c2;
+	    memset(&LanRecord,0,12);
+	    j = 1;
+	    for (i = 0; i < nciphers; i+=2) {
+		c1 = rgciphers[i];
+		c2 = rgciphers[i+1];
+		/* 0x0f may be vendor-specific, 0x00 = Reserved/Unused */
+		if (i == ncipher0)     c1 = 0x00; 
+		if ((i+1) == ncipher0) c2 = 0x00;
+		LanRecord.data[j++] = (c2 << 4) | c1;
+	    }
+            ret = SetLanEntry(24, &LanRecord, 9);
+	    printf("SetLanEntry(24) disable cipher0, ret = %d\n",ret);
+	    if (ret != 0) { nerrs++; lasterr = ret; }
+	    else ngood++;
+	 }
 	 ret = SetupSerialOverLan(1); /*enable*/
 	 SELprintf("SetupSerialOverLan: ret = %d\n",ret);
 	 if (ret != 0) { nerrs++; lasterr = ret; }
author	Jörg Frings-Fürst <debian@jff-webhosting.net>	2015-04-29 15:44:44 +0200
committer	Jörg Frings-Fürst <debian@jff-webhosting.net>	2015-04-29 15:44:44 +0200
commit	b18f5bf2db0fba2e7e539f68645836036d940d26 (patch)
tree	23c4dd8f3d273f34ef9bbe1799d1958685559915 /util/ilan.c
parent	a7f89980e5b3f4b9a74c70dbc5ffe8aabd28be28 (diff)