diff options
Diffstat (limited to 'util/ilan.c')
-rw-r--r-- | util/ilan.c | 47 |
1 files changed, 40 insertions, 7 deletions
diff --git a/util/ilan.c b/util/ilan.c index a1ed76a..8415b07 100644 --- a/util/ilan.c +++ b/util/ilan.c @@ -305,7 +305,7 @@ extern char *get_sensor_type_desc(uchar stype); /*from ievents.c*/ /* * Global variables */ -static char * progver = "2.93"; +static char * progver = "2.94"; static char * progname = "ilan"; static char fdebug = 0; static char fipmilan = 0; @@ -317,6 +317,7 @@ static char fAdjustPefNum = 0; /* =1 adjust pefnum to first empty index */ static char fUserPefNum = 0; /* =1 if user specified a valid pefnum value*/ static char freadonly = 1; /* =1 to only read LAN & PEF parameters */ static char fcanonical = 0; /* =1 to show only canonical output */ +static char flansecure = 0; /* =1 set lan security: no null, cipher0 off*/ static char bdelim = BCOLON; /* delimiter ':' or '|' if canonical output*/ static char ftestonly = 0; static char fprivset = 0; @@ -368,6 +369,9 @@ static uchar rggwymac[6] = {0xff,0,0,0,0,0}; static uchar rggwy2mac[6] = {0xff,0,0,0,0,0}; static uchar rgdestmac[6] = {0xff,0,0,0,0,0}; static uchar rgdhcpmac[6] = {0xff,0,0,0,0,0}; +static int nciphers = 16; +static int ncipher0 = 0; +static uchar rgciphers[16] = {0xff,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; static char rghostname[32] = {'\0'}; static uchar custPEF[20]; /* max used = 18 bytes */ static char rgcommunity[19] = "public"; /* default community */ @@ -774,7 +778,7 @@ SetPasswd(int unum, char *uname, char *upswd) if ((unum != 1) && (uname == NULL)) { ; /* if no username, do not enable user */ } else { - inputData[0] = (uchar)unum; /*user 1 = null user */ + inputData[0] = (uchar)unum; inputData[1] = 0x01; /*enable user*/ responseLength = sizeof(responseData); status = ipmi_cmd(SET_USER_PASSWORD, inputData, 2, responseData, @@ -786,7 +790,7 @@ SetPasswd(int unum, char *uname, char *upswd) if (status != 0) ret = status; } - inputData[0] = (uchar)unum; /*user 1 = null user */ + inputData[0] = (uchar)unum; inputData[1] = 0x02; /*set password*/ psw_len = PSW_LEN; /*=16 change if 20-byte passwords supported */ memset(&inputData[2],0,psw_len); @@ -888,7 +892,7 @@ static char *parse_priv(uchar c) case 4: p = "Admin "; break; case 5: p = "OEM "; break; case 0x0f: p = "No access"; break; - default: p = "Reserved"; + default: p = "Reserved"; /*usually =0*/ } return(p); } @@ -3666,7 +3670,6 @@ main(int argc, char **argv) uchar bset; int ndest = 4; int idest; - int nciphers = 16; char mystr[80]; char fpefok = 1; uchar * pc; int sz; @@ -3676,7 +3679,7 @@ main(int argc, char **argv) j = 0; freadonly = FLAG_INIT; idx = argc; /*getopt loop counter*/ /* available opt chars: y O Q + = ~ _ */ - while ((c = getopt(argc, argv,"a:b:cdef:gh:i:j:klm:n:op:q:rstu:v:w:xy:z#::A:B:C:DEF:G:H:I:J:K:L:M:N:P:Q:R:S:T:U:V:X:YZ:?")) != EOF) { + while ((c = getopt(argc, argv,"a:b:cdef:gh:i:j:klm:n:op:q:rstu:v:w:xy:z#::A:B:C:DEF:G:H:I:J:K:L:M:N:OP:Q:R:S:T:U:V:X:YZ:?")) != EOF) { switch(c) { case 'a': /* alert dest number (usu 1 thru 4) */ alertnum = atob(optarg); @@ -3787,6 +3790,7 @@ main(int argc, char **argv) case 'x': fdebug = 1; break; case 'z': flanstats = 1; break; case 'D': lan_dhcp = 1; j++; break; + case 'O': flansecure = 1; j++; break; case 'I': /* My BMC IP Address */ fset_ip |= MYIP; atoip(rgmyip,optarg); @@ -3919,6 +3923,7 @@ main(int argc, char **argv) printf(" -D Use DHCP instead of static IP (-I for server)\n"); printf(" -K (Kontron) IPMI hostname to set\n"); printf(" -Q VLAN Priority (default =0)\n"); + printf(" -O Force LAN security: no null user, cipher 0 off\n"); print_lan_opt_usage(); ret = ERR_USAGE; goto do_exit; @@ -4096,6 +4101,7 @@ main(int argc, char **argv) /* set the lan_user appropriately */ if (myuser == NULL) { /* if no -u param */ if (ipmi_reserved_user(vend_id, 1)) lan_user = 2; + else if (flansecure) lan_user = 2; else lan_user = 1; /*use default null user */ } else if (usernum != 0) lan_user = usernum; /*use -q specified usernum*/ /* else use default lan_user (=2) if -u and not -q */ @@ -4541,8 +4547,12 @@ main(int argc, char **argv) || ival == 192) { printf("%d.%d.%d.%d",pc[0], pc[1], pc[2], pc[3]); } else if (ival == 23) { /*Cipher Suites*/ - for (i = 1; i <= nciphers; i++) printf("%2d ",pc[i]); + for (i = 1; i <= nciphers; i++) { + if (pc[i] == 0) ncipher0 = pc[i]; + printf("%2d ",pc[i]); + } } else if (ival == 24) { /*Cipher Suite Privi Levels*/ + j = 0; for (i = 1; i < 9; i++) { char c1, c2; char *p; @@ -4550,6 +4560,8 @@ main(int argc, char **argv) c1 = p[0]; p = parse_priv((pc[i] & 0xf0) >> 4); c2 = p[0]; + rgciphers[j++] = (pc[i] & 0x0f); + rgciphers[j++] = ((pc[i] & 0xf0) >> 4); if ((i*2) >= nciphers) c2 = ' '; printf(" %c %c ",c1,c2); if ((i*2) > nciphers) break; @@ -4770,6 +4782,10 @@ main(int argc, char **argv) if (fdebug) printf("SetChanAcc(lan/nonvol), ret = %d\n",ret); if (ret != 0) { nerrs++; lasterr = ret; } else ngood++; + if (flansecure) { + j = DisableUser(0); /*disable the default null user*/ + printf("DisableUser(0), ret = %d\n",j); + } ret = SetUser(lan_user,myuser,passwordData); printf("SetUser(%d), ret = %d\n",lan_user,ret); if (ret != 0) { nerrs++; lasterr = ret; } @@ -4985,6 +5001,23 @@ main(int argc, char **argv) else ngood++; } } /* end-else static IP */ + if (flansecure) { /* disable cipher 0 */ + char c1, c2; + memset(&LanRecord,0,12); + j = 1; + for (i = 0; i < nciphers; i+=2) { + c1 = rgciphers[i]; + c2 = rgciphers[i+1]; + /* 0x0f may be vendor-specific, 0x00 = Reserved/Unused */ + if (i == ncipher0) c1 = 0x00; + if ((i+1) == ncipher0) c2 = 0x00; + LanRecord.data[j++] = (c2 << 4) | c1; + } + ret = SetLanEntry(24, &LanRecord, 9); + printf("SetLanEntry(24) disable cipher0, ret = %d\n",ret); + if (ret != 0) { nerrs++; lasterr = ret; } + else ngood++; + } ret = SetupSerialOverLan(1); /*enable*/ SELprintf("SetupSerialOverLan: ret = %d\n",ret); if (ret != 0) { nerrs++; lasterr = ret; } |