diff options
Diffstat (limited to 'util/ilan.c')
-rw-r--r-- | util/ilan.c | 66 |
1 files changed, 55 insertions, 11 deletions
diff --git a/util/ilan.c b/util/ilan.c index a1ed76a..2458fbb 100644 --- a/util/ilan.c +++ b/util/ilan.c @@ -305,7 +305,7 @@ extern char *get_sensor_type_desc(uchar stype); /*from ievents.c*/ /* * Global variables */ -static char * progver = "2.93"; +static char * progver = "2.96"; static char * progname = "ilan"; static char fdebug = 0; static char fipmilan = 0; @@ -317,6 +317,7 @@ static char fAdjustPefNum = 0; /* =1 adjust pefnum to first empty index */ static char fUserPefNum = 0; /* =1 if user specified a valid pefnum value*/ static char freadonly = 1; /* =1 to only read LAN & PEF parameters */ static char fcanonical = 0; /* =1 to show only canonical output */ +static char flansecure = 0; /* =1 set lan security: no null, cipher0 off*/ static char bdelim = BCOLON; /* delimiter ':' or '|' if canonical output*/ static char ftestonly = 0; static char fprivset = 0; @@ -361,6 +362,8 @@ static uchar osmyip[4] = {0,0,0,0}; static uchar bmcmyip[4] = {0,0,0,0}; static uchar bmcdestip[4] = {0,0,0,0}; static uchar bmcdestmac[6]= {0xff,0,0,0,0,0}; +static uchar bmcgwyip[4] = {0,0,0,0}; +static uchar bmcgwymac[6]= {0xff,0,0,0,0,0}; static uchar bmcmymac[6] = {0xff,0,0,0,0,0}; static uchar rgmymac[6] = {0xff,0,0,0,0,0}; static uchar osmymac[6] = {0xff,0,0,0,0,0}; @@ -368,6 +371,9 @@ static uchar rggwymac[6] = {0xff,0,0,0,0,0}; static uchar rggwy2mac[6] = {0xff,0,0,0,0,0}; static uchar rgdestmac[6] = {0xff,0,0,0,0,0}; static uchar rgdhcpmac[6] = {0xff,0,0,0,0,0}; +static int nciphers = 16; +static int ncipher0 = 0; +static uchar rgciphers[16] = {0xff,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; static char rghostname[32] = {'\0'}; static uchar custPEF[20]; /* max used = 18 bytes */ static char rgcommunity[19] = "public"; /* default community */ @@ -774,7 +780,7 @@ SetPasswd(int unum, char *uname, char *upswd) if ((unum != 1) && (uname == NULL)) { ; /* if no username, do not enable user */ } else { - inputData[0] = (uchar)unum; /*user 1 = null user */ + inputData[0] = (uchar)unum; inputData[1] = 0x01; /*enable user*/ responseLength = sizeof(responseData); status = ipmi_cmd(SET_USER_PASSWORD, inputData, 2, responseData, @@ -786,7 +792,7 @@ SetPasswd(int unum, char *uname, char *upswd) if (status != 0) ret = status; } - inputData[0] = (uchar)unum; /*user 1 = null user */ + inputData[0] = (uchar)unum; inputData[1] = 0x02; /*set password*/ psw_len = PSW_LEN; /*=16 change if 20-byte passwords supported */ memset(&inputData[2],0,psw_len); @@ -888,7 +894,7 @@ static char *parse_priv(uchar c) case 4: p = "Admin "; break; case 5: p = "OEM "; break; case 0x0f: p = "No access"; break; - default: p = "Reserved"; + default: p = "Reserved"; /*usually =0*/ } return(p); } @@ -3666,7 +3672,6 @@ main(int argc, char **argv) uchar bset; int ndest = 4; int idest; - int nciphers = 16; char mystr[80]; char fpefok = 1; uchar * pc; int sz; @@ -3676,7 +3681,7 @@ main(int argc, char **argv) j = 0; freadonly = FLAG_INIT; idx = argc; /*getopt loop counter*/ /* available opt chars: y O Q + = ~ _ */ - while ((c = getopt(argc, argv,"a:b:cdef:gh:i:j:klm:n:op:q:rstu:v:w:xy:z#::A:B:C:DEF:G:H:I:J:K:L:M:N:P:Q:R:S:T:U:V:X:YZ:?")) != EOF) { + while ((c = getopt(argc, argv,"a:b:cdef:gh:i:j:klm:n:op:q:rstu:v:w:xy:z#::A:B:C:DEF:G:H:I:J:K:L:M:N:OP:Q:R:S:T:U:V:X:YZ:?")) != EOF) { switch(c) { case 'a': /* alert dest number (usu 1 thru 4) */ alertnum = atob(optarg); @@ -3787,6 +3792,7 @@ main(int argc, char **argv) case 'x': fdebug = 1; break; case 'z': flanstats = 1; break; case 'D': lan_dhcp = 1; j++; break; + case 'O': flansecure = 1; j++; break; case 'I': /* My BMC IP Address */ fset_ip |= MYIP; atoip(rgmyip,optarg); @@ -3919,7 +3925,8 @@ main(int argc, char **argv) printf(" -D Use DHCP instead of static IP (-I for server)\n"); printf(" -K (Kontron) IPMI hostname to set\n"); printf(" -Q VLAN Priority (default =0)\n"); - print_lan_opt_usage(); + printf(" -O Force LAN security: no null user, cipher 0 off\n"); + print_lan_opt_usage(0); ret = ERR_USAGE; goto do_exit; } /*end switch*/ @@ -4096,6 +4103,7 @@ main(int argc, char **argv) /* set the lan_user appropriately */ if (myuser == NULL) { /* if no -u param */ if (ipmi_reserved_user(vend_id, 1)) lan_user = 2; + else if (flansecure) lan_user = 2; else lan_user = 1; /*use default null user */ } else if (usernum != 0) lan_user = usernum; /*use -q specified usernum*/ /* else use default lan_user (=2) if -u and not -q */ @@ -4486,6 +4494,10 @@ main(int argc, char **argv) // if (pc[0] >= 30) memcpy(bparm7,pc,3); } else if (ival == 17) { /* num dest */ ndest = pc[0]; /* save the number of destinations */ + } else if (ival == 12) { /* gateway addr */ + if (IpIsValid(pc)) memcpy(bmcgwyip,pc,4); + } else if (ival == 13) { /* gateway mac */ + if (MacIsValid(pc)) memcpy(bmcgwymac,pc,MAC_LEN); } else if (ival == 19) { /* dest addr */ if (IpIsValid(&pc[3])) memcpy(bmcdestip,&pc[3],4); if (MacIsValid(&pc[7])) memcpy(bmcdestmac,&pc[7],MAC_LEN); @@ -4541,8 +4553,12 @@ main(int argc, char **argv) || ival == 192) { printf("%d.%d.%d.%d",pc[0], pc[1], pc[2], pc[3]); } else if (ival == 23) { /*Cipher Suites*/ - for (i = 1; i <= nciphers; i++) printf("%2d ",pc[i]); + for (i = 1; i <= nciphers; i++) { + if (pc[i] == 0) ncipher0 = pc[i]; + printf("%2d ",pc[i]); + } } else if (ival == 24) { /*Cipher Suite Privi Levels*/ + j = 0; for (i = 1; i < 9; i++) { char c1, c2; char *p; @@ -4550,6 +4566,8 @@ main(int argc, char **argv) c1 = p[0]; p = parse_priv((pc[i] & 0xf0) >> 4); c2 = p[0]; + rgciphers[j++] = (pc[i] & 0x0f); + rgciphers[j++] = ((pc[i] & 0xf0) >> 4); if ((i*2) >= nciphers) c2 = ' '; printf(" %c %c ",c1,c2); if ((i*2) > nciphers) break; @@ -4770,6 +4788,10 @@ main(int argc, char **argv) if (fdebug) printf("SetChanAcc(lan/nonvol), ret = %d\n",ret); if (ret != 0) { nerrs++; lasterr = ret; } else ngood++; + if (flansecure) { + j = DisableUser(0); /*disable the default null user*/ + printf("DisableUser(0), ret = %d\n",j); + } ret = SetUser(lan_user,myuser,passwordData); printf("SetUser(%d), ret = %d\n",lan_user,ret); if (ret != 0) { nerrs++; lasterr = ret; } @@ -4948,8 +4970,12 @@ main(int argc, char **argv) rggwyip[0], rggwyip[1], rggwyip[2], rggwyip[3], rggwymac[0], rggwymac[1], rggwymac[2], rggwymac[3], rggwymac[4], rggwymac[5]); - if (!SubnetIsSame(rgmyip,rggwyip,rgsubnet)) - printf("WARNING: IP Address and Gateway are not on the same subnet.\n"); + if (!SubnetIsSame(rgmyip,rggwyip,rgsubnet)) { + printf("WARNING: IP Address and Gateway are not on the same subnet," + " setting Gateway to previous value\n"); + memcpy(rggwyip,bmcgwyip,4); + memcpy(rggwymac,bmcgwymac,6); + } /* Set the Default Gateway IP & MAC */ memcpy(&LanRecord,rggwyip,4); @@ -4961,13 +4987,14 @@ main(int argc, char **argv) printf(" Warning: Gateway MAC address was not resolved! " "Check %s interface, use -i ethN, or use -H gwymac.\n", ifname); + memcpy(&LanRecord,bmcgwymac,6); } else { memcpy(&LanRecord,rggwymac,6); + } ret = SetLanEntry(13, &LanRecord, 6); printf("SetLanEntry(13), ret = %d\n",ret); if (ret != 0) { nerrs++; lasterr = ret; } else ngood++; - } } if (IpIsValid(rggwy2ip)) { if (!MacIsValid(rggwy2mac)) /* if gwy2 MAC not set by user */ @@ -4985,6 +5012,23 @@ main(int argc, char **argv) else ngood++; } } /* end-else static IP */ + if (flansecure) { /* disable cipher 0 */ + char c1, c2; + memset(&LanRecord,0,12); + j = 1; + for (i = 0; i < nciphers; i+=2) { + c1 = rgciphers[i]; + c2 = rgciphers[i+1]; + /* 0x0f may be vendor-specific, 0x00 = Reserved/Unused */ + if (i == ncipher0) c1 = 0x00; + if ((i+1) == ncipher0) c2 = 0x00; + LanRecord.data[j++] = (c2 << 4) | c1; + } + ret = SetLanEntry(24, &LanRecord, 9); + printf("SetLanEntry(24) disable cipher0, ret = %d\n",ret); + if (ret != 0) { nerrs++; lasterr = ret; } + else ngood++; + } ret = SetupSerialOverLan(1); /*enable*/ SELprintf("SetupSerialOverLan: ret = %d\n",ret); if (ret != 0) { nerrs++; lasterr = ret; } |