Re: [Openipmi-developer] Better connection error handling in openipmi?

Tue, 24 Sep 2013 21:25:37 -0700 

> > With RMCP+, there is EINVAL, originatiing from
> >
> >         if (memcmp(data+40, integ_data, rinfo->key_len) != 0)
> >         return EINVAL;
> >
> > in rakp_hmac_c2().
> >
> > I suggest to replace this EINVAL with something other, to let
> > application detect and handle invalid login credentials. Maybe EACCES,
> > or some specific error code.
> >
> >
> > Other very questionable EINVAL is where ''Requested authentication not
> > supported' message is logged in auth_cap_done().  Some better value
> > could be returned here, maybe ENOTSUP.
> >
> > What do you think?
>
> I'm fine with changing both of these.
>
> -corey

Hi

Attached is a patch that I currently have in my tree to detect bad password 
errors.

For the rest, I currently only have dirty fixes (i.e. that fixes this 
hardware by breaking other). I will submit clean patches if/when those are 
ready.

Nikita

From 0a7446b178fe091acdc244301063e2b0e112244c Mon Sep 17 00:00:00 2001
From: Nikita Yushchenko <[email protected]>
Date: Thu, 29 Aug 2013 10:18:44 +0400
Subject: [PATCH] lib/rakp.c: return EKEYREJECTED error if authentication fails

Signed-off-by: Nikita Yushchenko <[email protected]>
---
 lib/rakp.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/lib/rakp.c b/lib/rakp.c
index 6afd750..d4ffeef 100644
--- a/lib/rakp.c
+++ b/lib/rakp.c
@@ -482,7 +482,7 @@ rakp_hmac_c2(rakp_info_t   *info,
 	return EINVAL;
     HMAC(rinfo->evp_md, p, rinfo->key_len, idata, 58+idata[57], integ_data, &ilen);
     if (memcmp(data+40, integ_data, rinfo->key_len) != 0)
-	return EINVAL;
+	return EKEYREJECTED;
 
     /* Now generate the SIK */
     p = ipmi_rmcpp_auth_get_my_rand(info->ainfo, &plen);
-- 
1.7.2.5


------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
_______________________________________________
Openipmi-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openipmi-developer

Reply via email to