Hello,
attached patch adds new '-y' option, which allows user to specify kg key
with non-printable characters.
I've chosen new option instead of parsing '-k' and detecting '0x' prefix
(like FreeIPMI), because some users might have real keys starting
literally with '0x'.
Unfortunately, you can't specify non-printable chars using IPMI_KGKEY
env. variable, so 0x prefix detection or new option for hex-encoded
IPMI_KGKEY must be added.
Jan
Index: doc/ipmitool.1
===================================================================
RCS file: /cvsroot/ipmitool/ipmitool/doc/ipmitool.1,v
retrieving revision 1.37
diff -u -r1.37 ipmitool.1
--- doc/ipmitool.1 13 Jan 2009 20:32:54 -0000 1.37
+++ doc/ipmitool.1 14 Jan 2009 14:17:45 -0000
@@ -27,6 +27,7 @@
[\fB\-O\fR <\fIsel oem\fP>]
[\fB\-C\fR <\fIciphersuite\fP>]
[\fB\-K\fR|\fB\-k\fR <\fIkg_key\fP>]
+ [\fB\-y\fR <\fIhex_kg_key\fP>]
[\fB\-e\fR <\fIesc_char\fP>]
<\fIcommand\fP>
.SH "DESCRIPTION"
@@ -64,6 +65,13 @@
\fB\-k\fR <\fIkey\fP>
Use supplied Kg key for IPMIv2 authentication. The default is not to
use any Kg key.
+.TP
+\fB\-y\fR <\fIhex key\fP>
+Use supplied Kg key for IPMIv2 authentication. The key is expected in
+hexadecimal format and can be used to specify keys with non-printable
+characters. E.g. '-k PASSWORD' and '-y 50415353574F5244' are
+equivalent.
+The default is not to use any Kg key.
.TP
\fB\-C\fR <\fIciphersuite\fP>
The remote server authentication, integrity, and encryption algorithms
Index: lib/ipmi_main.c
===================================================================
RCS file: /cvsroot/ipmitool/ipmitool/lib/ipmi_main.c,v
retrieving revision 1.20
diff -u -r1.20 ipmi_main.c
--- lib/ipmi_main.c 13 Jan 2009 19:53:04 -0000 1.20
+++ lib/ipmi_main.c 14 Jan 2009 14:17:45 -0000
@@ -73,7 +73,7 @@
#endif
#ifdef ENABLE_ALL_OPTIONS
-# define OPTION_STRING "I:hVvcgsEKao:H:d:P:f:U:p:C:L:A:t:T:m:S:l:b:B:e:k:O:"
+# define OPTION_STRING "I:hVvcgsEKao:H:d:P:f:U:p:C:L:A:t:T:m:S:l:b:B:e:k:y:O:"
#else
# define OPTION_STRING "I:hVvcH:f:U:p:d:S:"
#endif
@@ -230,6 +230,7 @@
lprintf(LOG_NOTICE, " -e char Set SOL escape character");
lprintf(LOG_NOTICE, " -C ciphersuite Cipher suite to be used by
lanplus interface");
lprintf(LOG_NOTICE, " -k key Use Kg key for IPMIv2
authentication");
+ lprintf(LOG_NOTICE, " -y hex_key Use hexadecimal-encoded Kg
key for IPMIv2 authentication");
lprintf(LOG_NOTICE, " -L level Remote session privilege
level [default=ADMINISTRATOR]");
lprintf(LOG_NOTICE, " Append a '+' to use
name/privilege lookup in RAKP1");
lprintf(LOG_NOTICE, " -A authtype Force use of auth type NONE,
PASSWORD, MD2, MD5 or OEM");
@@ -253,6 +254,67 @@
ipmi_cmd_print(cmdlist);
}
+/* ipmi_parse_hex - convert hexadecimal numbers to ascii string
+ * Input string must be composed of two-characer hexadecimal
numbers.
+ * There is no separator between the numbers. Each number
results in one character
+ * of the converted string.
+ *
+ * Example: ipmi_parse_hex("50415353574F5244") returns
'PASSWORD'
+ *
+ * @param str: input string. It must contain only even number of
'0'-'9','a'-'f' and 'A-F' characters.
+ * @returns converted ascii string
+ * @returns NULL on error
+ */
+static unsigned char *
+ipmi_parse_hex(const char *str)
+{
+ const char * p;
+ unsigned char * out, *q;
+ unsigned char b = 0;
+ int shift = 4;
+
+ if (strlen(str) == 0)
+ return NULL;
+
+ if (strlen(str) % 2 != 0) {
+ lprintf(LOG_ERR, "Number of hex_kg characters is not even");
+ return NULL;
+ }
+
+ if (strlen(str) > (IPMI_KG_BUFFER_SIZE-1)*2) {
+ lprintf(LOG_ERR, "Kg key is too long");
+ return NULL;
+ }
+
+ out = calloc(IPMI_KG_BUFFER_SIZE, sizeof(unsigned char));
+ if (out == NULL) {
+ lprintf(LOG_ERR, "malloc failure");
+ return NULL;
+ }
+
+ for (p = str, q = out; *p; p++) {
+ if (!isxdigit(*p)) {
+ lprintf(LOG_ERR, "Kg_hex is not hexadecimal number");
+ free(out);
+ return NULL;
+ }
+
+ if (*p < 'A') /* it must be 0-9 */
+ b = *p - '0';
+ else /* it's A-F or a-f */
+ b = (*p | 0x20) - 'a' + 10; /* convert to lowercase and
to 10-15 */
+
+ *q = *q + b << shift;
+ if (shift)
+ shift = 0;
+ else {
+ shift = 4;
+ q++;
+ }
+ }
+
+ return out;
+}
/* ipmi_parse_options - helper function to handle parsing command line
options
*
@@ -288,7 +350,7 @@
char * progname = NULL;
char * oemtype = NULL;
char * sdrcache = NULL;
- char * kgkey = NULL;
+ unsigned char * kgkey = NULL;
char * seloem = NULL;
int port = 0;
int devnum = 0;
@@ -402,6 +464,12 @@
lprintf(LOG_WARN, "Unable to read kgkey from
environment");
}
break;
+ case 'y':
+ kgkey = ipmi_parse_hex(optarg);
+ if (kgkey == NULL) {
+ goto out_free;
+ }
+ break;
case 'U':
username = strdup(optarg);
if (username == NULL) {
------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Ipmitool-devel mailing list
Ipmitool-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipmitool-devel
