Levi, As I'm looking at the code now, I think I can hammer out permsgauth support in the tools pretty quick. Gimme a day or so.
Al On Thu, 2007-04-19 at 15:51 -0700, Al Chu wrote: > Hi Levi, > > On Thu, 2007-04-19 at 13:21 -0600, Levi Pearson wrote: > > I'd like to work with the core developers so that any fixes and new > > features we make are acceptable to you, so we don't have to maintain a > > separate branch. > > Sounds good. Glad to have additional support from others. > > > With ipmiconsole, I discovered that the internal handling of the Kg key > > is done with string manipulation functions, and that there is also an > > off-by-one error. > > I thought I had caught every corner case. But perhaps not :-) Just > point me in the right direction, I'd be glad to get it fixed. > > > I'd like the ability to enter the key in hexadecimal > > and have it treated as a 20-byte binary field instead of a string, which > > matches how the key is handled in the Dell utilities. > > I faced a similar issue/dilemma early on. Honestly, I went with strings > b/c it was easier. Perhaps a patch for bmc-config, ipmipower, and > ipmiconsole would be best. Not sure how to do it for bmc-config. > Perhaps two options. One for strings and one for hex?? Hmmm... > comments anyone else? > > > I'd also like to integrate libfreeipmi with conman, and I'd appreciate > > hearing if anything has been done in that direction yet. > > Chris Dunlap (author of Conman) sits down the hall from me. There is > support w/ ipmiconsole (in a soon to be released Conman), where Conman > runs it in a separate process. Conman 2.0 is planned for integration > with libipmiconsole (which uses libfreeipmi). I'm unsure of the > timeline. How about starting a thread in the conman mailing list, and > we can discuss it more in there along w/ Chris. > > > With the exception of ipmipower and ipmiconsole, the FreeIPMI utilities > > have issues dealing with having Per-Message Authentication and > > User-Level Authentication disabled. > > I could have swore it did. But looking through the code in FreeIPMI 2.0 > and 3.0, it doesn't seem to be there. > > > nor does there seem to be an option to change it in bmc-config yet. > > It should be supported for you guys. The fields to configure it are: > > Volatile_Enable_User_Level_Auth Yes > Volatile_Enable_Per_Message_Auth Yes > > and there are non-volatile equivalents too. > > Do you not see these when you run bmc-config --checkout? It's possible > Dell did not make them readable/writeable. > > Do you have to run ipmipower with the --check-unexpected-authcode > option? I'm wondering if these Dells have the same problems that led me > to write that workaround. > > > I've done some investigation into the best place to put checks for those > > options. Right now, it seems like the best way would be to have > > ipmi_cmd_get_channel_authentication_capabilities set some flags or new > > struct members in the ipmi_device_t that is passed to it. Then, > > ipmi_lan_open_session could change the authentication type in the > > ipmi_device_t to NONE after it finishes authenticating the session (if > > the appropriate flags are set, of course, and barring the need for the > > workaround present in ipmipower). Any thoughts on this? > > I admit I haven't looked at this code in quite some time, so I could be > wrong on the best approach. I thikn the best way is to add two things > into the ipmi_device_t. > > 1) flag indicating per_msg_auth set/unset > 2) a "state" variable indicating what state the lan session is in. (i.e. > get auth caps, get session challenge, activate session, set session > privilege, fully activated session, close session). This could be a set > of enums in ipmi-udm-device.h. > > Then, within _ipmi_lan_cmd_send(), depending on the flags and state, use > a different authentication type/password/etc as needed. > > Then in ipmi_lan_cmd(), based on the flags and state, adjust the check > authentication field appropriately. > > Sound good? > > I might be able to find time to do it soon. But given I haven't looked > at this in awhile, you might be ahead of me in finishing it :-) > > Since I would consider this a bug rather than a feature, I think it > should go into the 0.3.X line and released in 0.3.3 as a bug fix. Same > with the new options for a hex based input. > > > We'd also like some more extensive PEF configuration options in > > bmc-config, but I haven't looked into that with any detail yet. > > Bala is currently working on an ipmi-pef tool for PEF configuration. It > was supposed to be done quite some time ago, but other projects of his > have taken him away from it. He thinks he'll be able to work on it full > time starting Friday. Perhaps if workload can be split, and you have > time, you guys could collaborate on it? I'll let Bala speak on the > mailing list concerning that. > > Thanks, > Al > > > Anyway, thanks for the excellent software, and let me know what you > > think about my ideas above. > > > > --Levi > > > > > > > > _______________________________________________ > > Freeipmi-devel mailing list > > [email protected] > > http://lists.gnu.org/mailman/listinfo/freeipmi-devel -- Albert Chu [EMAIL PROTECTED] 925-422-5311 Computer Scientist High Performance Systems Division Lawrence Livermore National Laboratory _______________________________________________ Freeipmi-devel mailing list [email protected] http://lists.gnu.org/mailman/listinfo/freeipmi-devel
