summaryrefslogtreecommitdiff
path: root/util/ilan.c
diff options
context:
space:
mode:
Diffstat (limited to 'util/ilan.c')
-rw-r--r--util/ilan.c47
1 files changed, 40 insertions, 7 deletions
diff --git a/util/ilan.c b/util/ilan.c
index a1ed76a..8415b07 100644
--- a/util/ilan.c
+++ b/util/ilan.c
@@ -305,7 +305,7 @@ extern char *get_sensor_type_desc(uchar stype); /*from ievents.c*/
/*
* Global variables
*/
-static char * progver = "2.93";
+static char * progver = "2.94";
static char * progname = "ilan";
static char fdebug = 0;
static char fipmilan = 0;
@@ -317,6 +317,7 @@ static char fAdjustPefNum = 0; /* =1 adjust pefnum to first empty index */
static char fUserPefNum = 0; /* =1 if user specified a valid pefnum value*/
static char freadonly = 1; /* =1 to only read LAN & PEF parameters */
static char fcanonical = 0; /* =1 to show only canonical output */
+static char flansecure = 0; /* =1 set lan security: no null, cipher0 off*/
static char bdelim = BCOLON; /* delimiter ':' or '|' if canonical output*/
static char ftestonly = 0;
static char fprivset = 0;
@@ -368,6 +369,9 @@ static uchar rggwymac[6] = {0xff,0,0,0,0,0};
static uchar rggwy2mac[6] = {0xff,0,0,0,0,0};
static uchar rgdestmac[6] = {0xff,0,0,0,0,0};
static uchar rgdhcpmac[6] = {0xff,0,0,0,0,0};
+static int nciphers = 16;
+static int ncipher0 = 0;
+static uchar rgciphers[16] = {0xff,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
static char rghostname[32] = {'\0'};
static uchar custPEF[20]; /* max used = 18 bytes */
static char rgcommunity[19] = "public"; /* default community */
@@ -774,7 +778,7 @@ SetPasswd(int unum, char *uname, char *upswd)
if ((unum != 1) && (uname == NULL)) {
; /* if no username, do not enable user */
} else {
- inputData[0] = (uchar)unum; /*user 1 = null user */
+ inputData[0] = (uchar)unum;
inputData[1] = 0x01; /*enable user*/
responseLength = sizeof(responseData);
status = ipmi_cmd(SET_USER_PASSWORD, inputData, 2, responseData,
@@ -786,7 +790,7 @@ SetPasswd(int unum, char *uname, char *upswd)
if (status != 0) ret = status;
}
- inputData[0] = (uchar)unum; /*user 1 = null user */
+ inputData[0] = (uchar)unum;
inputData[1] = 0x02; /*set password*/
psw_len = PSW_LEN; /*=16 change if 20-byte passwords supported */
memset(&inputData[2],0,psw_len);
@@ -888,7 +892,7 @@ static char *parse_priv(uchar c)
case 4: p = "Admin "; break;
case 5: p = "OEM "; break;
case 0x0f: p = "No access"; break;
- default: p = "Reserved";
+ default: p = "Reserved"; /*usually =0*/
}
return(p);
}
@@ -3666,7 +3670,6 @@ main(int argc, char **argv)
uchar bset;
int ndest = 4;
int idest;
- int nciphers = 16;
char mystr[80];
char fpefok = 1;
uchar * pc; int sz;
@@ -3676,7 +3679,7 @@ main(int argc, char **argv)
j = 0; freadonly = FLAG_INIT;
idx = argc; /*getopt loop counter*/
/* available opt chars: y O Q + = ~ _ */
- while ((c = getopt(argc, argv,"a:b:cdef:gh:i:j:klm:n:op:q:rstu:v:w:xy:z#::A:B:C:DEF:G:H:I:J:K:L:M:N:P:Q:R:S:T:U:V:X:YZ:?")) != EOF) {
+ while ((c = getopt(argc, argv,"a:b:cdef:gh:i:j:klm:n:op:q:rstu:v:w:xy:z#::A:B:C:DEF:G:H:I:J:K:L:M:N:OP:Q:R:S:T:U:V:X:YZ:?")) != EOF) {
switch(c) {
case 'a': /* alert dest number (usu 1 thru 4) */
alertnum = atob(optarg);
@@ -3787,6 +3790,7 @@ main(int argc, char **argv)
case 'x': fdebug = 1; break;
case 'z': flanstats = 1; break;
case 'D': lan_dhcp = 1; j++; break;
+ case 'O': flansecure = 1; j++; break;
case 'I': /* My BMC IP Address */
fset_ip |= MYIP;
atoip(rgmyip,optarg);
@@ -3919,6 +3923,7 @@ main(int argc, char **argv)
printf(" -D Use DHCP instead of static IP (-I for server)\n");
printf(" -K (Kontron) IPMI hostname to set\n");
printf(" -Q VLAN Priority (default =0)\n");
+ printf(" -O Force LAN security: no null user, cipher 0 off\n");
print_lan_opt_usage();
ret = ERR_USAGE;
goto do_exit;
@@ -4096,6 +4101,7 @@ main(int argc, char **argv)
/* set the lan_user appropriately */
if (myuser == NULL) { /* if no -u param */
if (ipmi_reserved_user(vend_id, 1)) lan_user = 2;
+ else if (flansecure) lan_user = 2;
else lan_user = 1; /*use default null user */
} else if (usernum != 0) lan_user = usernum; /*use -q specified usernum*/
/* else use default lan_user (=2) if -u and not -q */
@@ -4541,8 +4547,12 @@ main(int argc, char **argv)
|| ival == 192) {
printf("%d.%d.%d.%d",pc[0], pc[1], pc[2], pc[3]);
} else if (ival == 23) { /*Cipher Suites*/
- for (i = 1; i <= nciphers; i++) printf("%2d ",pc[i]);
+ for (i = 1; i <= nciphers; i++) {
+ if (pc[i] == 0) ncipher0 = pc[i];
+ printf("%2d ",pc[i]);
+ }
} else if (ival == 24) { /*Cipher Suite Privi Levels*/
+ j = 0;
for (i = 1; i < 9; i++) {
char c1, c2;
char *p;
@@ -4550,6 +4560,8 @@ main(int argc, char **argv)
c1 = p[0];
p = parse_priv((pc[i] & 0xf0) >> 4);
c2 = p[0];
+ rgciphers[j++] = (pc[i] & 0x0f);
+ rgciphers[j++] = ((pc[i] & 0xf0) >> 4);
if ((i*2) >= nciphers) c2 = ' ';
printf(" %c %c ",c1,c2);
if ((i*2) > nciphers) break;
@@ -4770,6 +4782,10 @@ main(int argc, char **argv)
if (fdebug) printf("SetChanAcc(lan/nonvol), ret = %d\n",ret);
if (ret != 0) { nerrs++; lasterr = ret; }
else ngood++;
+ if (flansecure) {
+ j = DisableUser(0); /*disable the default null user*/
+ printf("DisableUser(0), ret = %d\n",j);
+ }
ret = SetUser(lan_user,myuser,passwordData);
printf("SetUser(%d), ret = %d\n",lan_user,ret);
if (ret != 0) { nerrs++; lasterr = ret; }
@@ -4985,6 +5001,23 @@ main(int argc, char **argv)
else ngood++;
}
} /* end-else static IP */
+ if (flansecure) { /* disable cipher 0 */
+ char c1, c2;
+ memset(&LanRecord,0,12);
+ j = 1;
+ for (i = 0; i < nciphers; i+=2) {
+ c1 = rgciphers[i];
+ c2 = rgciphers[i+1];
+ /* 0x0f may be vendor-specific, 0x00 = Reserved/Unused */
+ if (i == ncipher0) c1 = 0x00;
+ if ((i+1) == ncipher0) c2 = 0x00;
+ LanRecord.data[j++] = (c2 << 4) | c1;
+ }
+ ret = SetLanEntry(24, &LanRecord, 9);
+ printf("SetLanEntry(24) disable cipher0, ret = %d\n",ret);
+ if (ret != 0) { nerrs++; lasterr = ret; }
+ else ngood++;
+ }
ret = SetupSerialOverLan(1); /*enable*/
SELprintf("SetupSerialOverLan: ret = %d\n",ret);
if (ret != 0) { nerrs++; lasterr = ret; }