Here's the ipmiconsole patch, this time against the cvs trunk. Had a
bit of trouble yesterday checking out the latest version, since it turns
out savannah went through a server OS upgrade and it messed up the cvs
config. I found someone who could help on IRC, so it's working again
now.
I'll now be working on the bmc-config utility.
--Levi
Index: ipmiconsole.8.in
===================================================================
RCS file: /sources/freeipmi/freeipmi/ipmiconsole/ipmiconsole.8.in,v
retrieving revision 1.13
diff -u -5 -r1.13 ipmiconsole.8.in
--- ipmiconsole.8.in 29 Apr 2007 16:54:10 -0000 1.13
+++ ipmiconsole.8.in 2 May 2007 16:51:22 -0000
@@ -67,15 +67,15 @@
Prompt for password to avoid possibility of listing it in process
lists.
.TP
.I "-k, --k-g str"
Specify the K_g BMC key to use for authentication. If not specified, a
-NULL key is assumed.
+NULL key is assumed. The key may be entered in hex by prefixing with '0x'.
.TP
.I "-K, --k-g-prompt"
Prompt for K_g to avoid possibility of listing it in process
-lists.
+lists. The key may be entered in hex by prefixing with '0x'.
.TP
.I "-l, --privilege str"
Specify the privilege type to use. The currently available privilege
types are "user", "operator", and "admin". If not specified, a
privilege of "admin" is assumed. The privilege must be atleast the
Index: ipmiconsole.conf.5.in
===================================================================
RCS file: /sources/freeipmi/freeipmi/ipmiconsole/ipmiconsole.conf.5.in,v
retrieving revision 1.4
diff -u -5 -r1.4 ipmiconsole.conf.5.in
--- ipmiconsole.conf.5.in 9 Mar 2007 02:44:46 -0000 1.4
+++ ipmiconsole.conf.5.in 2 May 2007 16:51:22 -0000
@@ -70,11 +70,11 @@
.TP
.I password str
Specify the default password to use.
.TP
.I k_g str
-Specify the BMC key (K_g) to use.
+Specify the BMC key (K_g) to use. Prefix with '0x' to enter the key in hex.
.TP
.I privilege str
Specify the default privilege type to use.
.B Ipmiconsole
currently supports the following privilege types: "user", "operator",
Index: src/ipmiconsole/Makefile.am
===================================================================
RCS file: /sources/freeipmi/freeipmi/ipmiconsole/src/ipmiconsole/Makefile.am,v
retrieving revision 1.3
diff -u -5 -r1.3 Makefile.am
--- src/ipmiconsole/Makefile.am 16 Feb 2007 18:00:01 -0000 1.3
+++ src/ipmiconsole/Makefile.am 2 May 2007 16:51:22 -0000
@@ -17,14 +17,18 @@
ipmiconsole_CPPFLAGS = -I$(srcdir)/../libipmiconsole \
-I$(srcdir)/../../../common/src
ipmiconsole_LDADD = ../../../common/src/libllnlcommon.la \
+ ../../../common/src/libipmicommon.la \
../libipmiconsole/libipmiconsole.la
../../../common/src/libllnlcommon.la: force-dependency-check
$(MAKE) -C $(dir $@) $(notdir $@)
+../../../common/src/libipmicommon.la: force-dependency-check
+ $(MAKE) -C $(dir $@) $(notdir $@)
+
../libipmiconsole/libipmiconsole.la: force-dependency-check
$(MAKE) -C $(dir $@) $(notdir $@)
force-dependency-check:
Index: src/ipmiconsole/ipmiconsole.c
===================================================================
RCS file: /sources/freeipmi/freeipmi/ipmiconsole/src/ipmiconsole/ipmiconsole.c,v
retrieving revision 1.11
diff -u -5 -r1.11 ipmiconsole.c
--- src/ipmiconsole/ipmiconsole.c 31 Mar 2007 04:03:06 -0000 1.11
+++ src/ipmiconsole/ipmiconsole.c 2 May 2007 16:51:22 -0000
@@ -322,11 +322,11 @@
exit(1);
}
ipmi_config.username = strlen(conf->username) ? conf->username : NULL;
ipmi_config.password = strlen(conf->password) ? conf->password : NULL;
- ipmi_config.k_g = strlen(conf->k_g) ? conf->k_g : NULL;
+ ipmi_config.k_g = conf->k_g_configured ? conf->k_g : NULL;
ipmi_config.privilege_level = conf->privilege;
ipmi_config.cipher_suite_id = conf->cipher_suite_id;
protocol_config.session_timeout_len = -1;
protocol_config.retransmission_timeout_len = -1;
Index: src/ipmiconsole/ipmiconsole_config.c
===================================================================
RCS file:
/sources/freeipmi/freeipmi/ipmiconsole/src/ipmiconsole/ipmiconsole_config.c,v
retrieving revision 1.10
diff -u -5 -r1.10 ipmiconsole_config.c
--- src/ipmiconsole/ipmiconsole_config.c 26 Apr 2007 03:23:59 -0000
1.10
+++ src/ipmiconsole/ipmiconsole_config.c 2 May 2007 16:51:22 -0000
@@ -46,10 +46,11 @@
#include "ipmiconsole_config.h"
#include "conffile.h"
#include "error.h"
#include "secure.h"
+#include "ipmi-common.h"
extern struct ipmiconsole_config *conf;
static void
_config_default(void)
@@ -66,10 +67,13 @@
#endif /* NDEBUG */
conf->config_file = IPMICONSOLE_CONFIG_FILE_DEFAULT;
conf->privilege = -1;
conf->cipher_suite_id = -1;
+
+ memset(conf->k_g, '\0', IPMI_MAX_K_G_LENGTH);
+ conf->k_g_configured = 0;
}
static void
_usage(void)
{
@@ -113,10 +117,11 @@
char options[100];
char *pw;
char *kg;
char *ptr;
int c;
+ int rv;
#if HAVE_GETOPT_LONG
struct option long_options[] =
{
{"help", 0, NULL, 'H'},
@@ -208,28 +213,32 @@
err_exit("password too long");
strcpy(conf->password, pw);
conf->password_set_on_cmdline++;
break;
case 'k': /* --k-g */
- if (strlen(optarg) > IPMI_MAX_K_G_LENGTH)
- err_exit("Command Line Error: K_g too long");
- strcpy(conf->k_g, optarg);
- conf->k_g_set_on_cmdline++;
+ if ((rv = parse_kg(conf->k_g, IPMI_MAX_K_G_LENGTH, optarg)) < 0)
+ err_exit("Command Line Error: Invalid K_g");
+ if (rv > 0)
+ {
+ conf->k_g_configured++;
+ conf->k_g_set_on_cmdline++;
+ }
if (optarg)
{
int n;
n = strlen(optarg);
secure_memset(optarg, '\0', n);
}
break;
case 'K': /* --k-g-prompt */
- if (!(kg = getpass("K_g: ")))
- err_exit("getpass: %s", strerror(errno));
- if (strlen(kg) > IPMI_MAX_K_G_LENGTH)
- err_exit("K_g too long");
- strcpy(conf->k_g, kg);
- conf->k_g_set_on_cmdline++;
+ if ((rv = parse_kg(conf->k_g, IPMI_MAX_K_G_LENGTH, kg)) < 0)
+ err_exit("K_g invalid");
+ if (rv > 0)
+ {
+ conf->k_g_configured++;
+ conf->k_g_set_on_cmdline++;
+ }
break;
case 'l': /* --privilege */
if (!strcasecmp(optarg, "user"))
conf->privilege = IPMICONSOLE_PRIVILEGE_USER;
else if (!strcasecmp(optarg, "operator"))
@@ -363,17 +372,20 @@
void *option_ptr,
int option_data,
void *app_ptr,
int app_data)
{
+ int rv;
+
if (conf->k_g_set_on_cmdline)
return 0;
- if (strlen(data->string) > IPMI_MAX_K_G_LENGTH)
- err_exit("Config File Error: K_g too long");
+ if ((rv = parse_kg(conf->k_g, IPMI_MAX_K_G_LENGTH, data->string)) < 0)
+ err_exit("Config File Error: K_g invalid");
+ if (rv > 0)
+ conf->k_g_configured = 1;
- strcpy(conf->k_g, data->string);
return 0;
}
static int
_cb_privilege(conffile_t cf,
Index: src/ipmiconsole/ipmiconsole_config.h
===================================================================
RCS file:
/sources/freeipmi/freeipmi/ipmiconsole/src/ipmiconsole/ipmiconsole_config.h,v
retrieving revision 1.6
diff -u -5 -r1.6 ipmiconsole_config.h
--- src/ipmiconsole/ipmiconsole_config.h 26 Apr 2007 03:23:59 -0000
1.6
+++ src/ipmiconsole/ipmiconsole_config.h 2 May 2007 16:51:22 -0000
@@ -51,11 +51,11 @@
char *config_file;
char hostname[MAXHOSTNAMELEN+1];
char username[IPMI_MAX_USER_NAME_LENGTH+1];
char password[IPMI_2_0_MAX_PASSWORD_LENGTH+1];
- char k_g[IPMI_MAX_K_G_LENGTH+1];
+ char k_g[IPMI_MAX_K_G_LENGTH];
int privilege;
int cipher_suite_id;
int dont_steal;
int deactivate;
int lock_memory;
@@ -64,10 +64,11 @@
int hostname_set_on_cmdline;
int username_set_on_cmdline;
int password_set_on_cmdline;
int k_g_set_on_cmdline;
+ int k_g_configured;
int privilege_set_on_cmdline;
int cipher_suite_id_set_on_cmdline;
int dont_steal_set_on_cmdline;
int deactivate_set_on_cmdline;
int lock_memory_set_on_cmdline;
Index: src/libipmiconsole/ipmiconsole.c
===================================================================
RCS file:
/sources/freeipmi/freeipmi/ipmiconsole/src/libipmiconsole/ipmiconsole.c,v
retrieving revision 1.7
diff -u -5 -r1.7 ipmiconsole.c
--- src/libipmiconsole/ipmiconsole.c 31 Mar 2007 04:03:06 -0000 1.7
+++ src/libipmiconsole/ipmiconsole.c 2 May 2007 16:51:22 -0000
@@ -393,11 +393,10 @@
|| (hostname && strlen(hostname) > MAXHOSTNAMELEN)
|| !ipmi_config
|| !protocol_config
|| (ipmi_config->username && strlen(ipmi_config->username) >
IPMI_MAX_USER_NAME_LENGTH)
|| (ipmi_config->password && strlen(ipmi_config->password) >
IPMI_2_0_MAX_PASSWORD_LENGTH)
- || (ipmi_config->k_g && strlen(ipmi_config->k_g) > IPMI_MAX_K_G_LENGTH)
|| (ipmi_config->privilege_level >= 0
&& (ipmi_config->privilege_level != IPMICONSOLE_PRIVILEGE_USER
&& ipmi_config->privilege_level != IPMICONSOLE_PRIVILEGE_OPERATOR
&& ipmi_config->privilege_level != IPMICONSOLE_PRIVILEGE_ADMIN))
|| (ipmi_config->cipher_suite_id >= IPMI_CIPHER_SUITE_ID_MIN
@@ -439,12 +438,16 @@
strcpy((char *)c->username, ipmi_config->username);
if (ipmi_config->password)
strcpy((char *)c->password, ipmi_config->password);
- if (ipmi_config->k_g)
- strcpy((char *)c->k_g, ipmi_config->k_g);
+ /* k_g is a fixed-length binary chunk that may contain nulls */
+ if (ipmi_config->k_g)
+ {
+ memcpy(c->k_g, ipmi_config->k_g, IPMI_MAX_K_G_LENGTH);
+ c->k_g_configured = 1;
+ }
if (ipmi_config->privilege_level >= 0)
{
if (ipmi_config->privilege_level == IPMICONSOLE_PRIVILEGE_USER)
c->privilege_level = IPMI_PRIVILEGE_LEVEL_USER;
Index: src/libipmiconsole/ipmiconsole.h
===================================================================
RCS file:
/sources/freeipmi/freeipmi/ipmiconsole/src/libipmiconsole/ipmiconsole.h,v
retrieving revision 1.8
diff -u -5 -r1.8 ipmiconsole.h
--- src/libipmiconsole/ipmiconsole.h 31 Mar 2007 04:03:06 -0000 1.8
+++ src/libipmiconsole/ipmiconsole.h 2 May 2007 16:51:22 -0000
@@ -163,11 +163,11 @@
* 20 bytes.
*
* k_g
*
* BMC Key for 2-key authentication. Pass NULL ptr to use password
- * as BMC key. Maximum length of 20 bytes.
+ * as BMC key. Length of 20 bytes.
*
* privilege_level
*
* privilege level to authenticate with.
*
Index: src/libipmiconsole/ipmiconsole_defs.h
===================================================================
RCS file:
/sources/freeipmi/freeipmi/ipmiconsole/src/libipmiconsole/ipmiconsole_defs.h,v
retrieving revision 1.7
diff -u -5 -r1.7 ipmiconsole_defs.h
--- src/libipmiconsole/ipmiconsole_defs.h 28 Apr 2007 00:32:58 -0000
1.7
+++ src/libipmiconsole/ipmiconsole_defs.h 2 May 2007 16:51:22 -0000
@@ -366,11 +366,12 @@
/* Configuration Parameters */
char hostname[MAXHOSTNAMELEN+1];
uint8_t username[IPMI_MAX_USER_NAME_LENGTH+1];
uint8_t password[IPMI_2_0_MAX_PASSWORD_LENGTH+1];
- uint8_t k_g[IPMI_MAX_K_G_LENGTH+1];
+ uint8_t k_g[IPMI_MAX_K_G_LENGTH];
+ uint8_t k_g_configured;
uint8_t privilege_level;
uint8_t cipher_suite_id;
unsigned int session_timeout_len;
unsigned int retransmission_timeout_len;
Index: src/libipmiconsole/ipmiconsole_processing.c
===================================================================
RCS file:
/sources/freeipmi/freeipmi/ipmiconsole/src/libipmiconsole/ipmiconsole_processing.c,v
retrieving revision 1.8
diff -u -5 -r1.8 ipmiconsole_processing.c
--- src/libipmiconsole/ipmiconsole_processing.c 31 Mar 2007 04:03:06 -0000
1.8
+++ src/libipmiconsole/ipmiconsole_processing.c 2 May 2007 16:51:23 -0000
@@ -1762,12 +1762,12 @@
{
c->errnum = IPMICONSOLE_ERR_USERNAME_INVALID;
return -1;
}
- if ((!strlen((char *)c->k_g) && authentication_status_k_g)
- || (strlen((char *)c->k_g) && !authentication_status_k_g))
+ if ((!c->k_g_configured && authentication_status_k_g)
+ || (c->k_g_configured && !authentication_status_k_g))
{
c->errnum = IPMICONSOLE_ERR_K_G_INVALID;
return -1;
}
@@ -1841,11 +1841,11 @@
if (c->workaround_flags & IPMICONSOLE_WORKAROUND_INTEL_2_0
&& s->authentication_algorithm ==
IPMI_AUTHENTICATION_ALGORITHM_RAKP_HMAC_MD5
&& password_len > IPMI_1_5_MAX_PASSWORD_LENGTH)
password_len = IPMI_1_5_MAX_PASSWORD_LENGTH;
- if (strlen((char *)c->k_g))
+ if (c->k_g_configured)
k_g = (uint8_t *)c->k_g;
else
k_g = NULL;
if ((managed_system_random_number_len = Fiid_obj_get_data(c,
@@ -1866,11 +1866,11 @@
s->integrity_algorithm,
s->confidentiality_algorithm,
password,
password_len,
k_g,
- (k_g) ? strlen((char *)k_g) : 0,
+ (k_g) ? IPMI_MAX_K_G_LENGTH : 0,
s->remote_console_random_number,
IPMI_REMOTE_CONSOLE_RANDOM_NUMBER_LENGTH,
managed_system_random_number,
IPMI_MANAGED_SYSTEM_RANDOM_NUMBER_LENGTH,
s->name_only_lookup,
_______________________________________________
Freeipmi-devel mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/freeipmi-devel
