From 981a24365f122e202f9381265c0da2274ee2a136 Mon Sep 17 00:00:00 2001 From: Duncan Laurie Date: Tue, 12 Sep 2006 23:23:28 +0000 Subject: [PATCH] add support for name+privilege lookup for lanplus sessions --- ipmitool/include/ipmitool/ipmi_intf.h | 2 ++ ipmitool/lib/ipmi_main.c | 11 ++++++++++- ipmitool/src/plugins/ipmi_intf.c | 9 +++++++++ ipmitool/src/plugins/lanplus/lanplus.c | 6 ++---- 4 files changed, 23 insertions(+), 5 deletions(-) diff --git a/ipmitool/include/ipmitool/ipmi_intf.h b/ipmitool/include/ipmitool/ipmi_intf.h index 2e712d0..0ea1847 100644 --- a/ipmitool/include/ipmitool/ipmi_intf.h +++ b/ipmitool/include/ipmitool/ipmi_intf.h @@ -106,6 +106,7 @@ struct ipmi_session { uint8_t integrity_alg; uint8_t crypt_alg; uint8_t max_priv_level; + uint8_t lookupbit; uint32_t console_id; uint32_t bmc_id; @@ -190,6 +191,7 @@ void ipmi_intf_session_set_hostname(struct ipmi_intf * intf, char * hostname); void ipmi_intf_session_set_username(struct ipmi_intf * intf, char * username); void ipmi_intf_session_set_password(struct ipmi_intf * intf, char * password); void ipmi_intf_session_set_privlvl(struct ipmi_intf * intf, uint8_t privlvl); +void ipmi_intf_session_set_lookupbit(struct ipmi_intf * intf, uint8_t lookupbit); void ipmi_intf_session_set_cipher_suite_id(struct ipmi_intf * intf, uint8_t cipher_suite_id); void ipmi_intf_session_set_sol_escape_char(struct ipmi_intf * intf, char sol_escape_char); void ipmi_intf_session_set_kgkey(struct ipmi_intf * intf, char * kgkey); diff --git a/ipmitool/lib/ipmi_main.c b/ipmitool/lib/ipmi_main.c index e954e04..6804d47 100644 --- a/ipmitool/lib/ipmi_main.c +++ b/ipmitool/lib/ipmi_main.c @@ -228,6 +228,7 @@ ipmi_option_usage(const char * progname, struct ipmi_cmd * cmdlist, struct ipmi_ lprintf(LOG_NOTICE, " -C ciphersuite Cipher suite to be used by lanplus interface"); lprintf(LOG_NOTICE, " -k key Use Kg key for IPMIv2 authentication"); lprintf(LOG_NOTICE, " -L level Remote session privilege level [default=ADMINISTRATOR]"); + lprintf(LOG_NOTICE, " Append a '+' to use name/privilege lookup in RAKP1"); lprintf(LOG_NOTICE, " -A authtype Force use of auth type NONE, PASSWORD, MD2, MD5 or OEM"); lprintf(LOG_NOTICE, " -P password Remote session password"); lprintf(LOG_NOTICE, " -E Read password from IPMI_PASSWORD environment variable"); @@ -269,6 +270,7 @@ ipmi_main(int argc, char ** argv, uint8_t target_channel = 0; uint8_t target_lun = 0; uint8_t my_addr = 0; + uint8_t lookupbit = 0x10; /* use name-only lookup by default */ int authtype = -1; char * tmp = NULL; char * hostname = NULL; @@ -447,9 +449,15 @@ ipmi_main(int argc, char ** argv, } break; case 'L': + i = strlen(optarg); + if ((i > 0) && (optarg[i-1] == '+')) { + lookupbit = 0; + optarg[i-1] = 0; + } privlvl = str2val(optarg, ipmi_privlvl_vals); - if (privlvl == 0xFF) + if (privlvl == 0xFF) { lprintf(LOG_WARN, "Invalid privilege level %s", optarg); + } break; case 'A': authtype = str2val(optarg, ipmi_authtype_session_vals); @@ -564,6 +572,7 @@ ipmi_main(int argc, char ** argv, ipmi_intf_session_set_privlvl(intf, IPMI_SESSION_PRIV_ADMIN); /* default */ + ipmi_intf_session_set_lookupbit(intf, lookupbit); ipmi_intf_session_set_sol_escape_char(intf, sol_escape_char); ipmi_intf_session_set_cipher_suite_id(intf, cipher_suite_id); diff --git a/ipmitool/src/plugins/ipmi_intf.c b/ipmitool/src/plugins/ipmi_intf.c index 75c0b20..380ffda 100644 --- a/ipmitool/src/plugins/ipmi_intf.c +++ b/ipmitool/src/plugins/ipmi_intf.c @@ -212,6 +212,15 @@ ipmi_intf_session_set_privlvl(struct ipmi_intf * intf, uint8_t level) intf->session->privlvl = level; } +void +ipmi_intf_session_set_lookupbit(struct ipmi_intf * intf, uint8_t lookupbit) +{ + if (intf->session == NULL) + return; + + intf->session->v2_data.lookupbit = lookupbit; +} + void ipmi_intf_session_set_cipher_suite_id(struct ipmi_intf * intf, uint8_t cipher_suite_id) { diff --git a/ipmitool/src/plugins/lanplus/lanplus.c b/ipmitool/src/plugins/lanplus/lanplus.c index 74473d7..81e7dab 100644 --- a/ipmitool/src/plugins/lanplus/lanplus.c +++ b/ipmitool/src/plugins/lanplus/lanplus.c @@ -2893,10 +2893,8 @@ ipmi_lanplus_rakp1(struct ipmi_intf * intf) /* * Requested maximum privilege level. */ - msg[24] = 0x10; /* We will specify a name-only lookup */ - msg[24] |= session->privlvl; + msg[24] = session->privlvl | session->v2_data.lookupbit; session->v2_data.requested_role = msg[24]; - msg[25] = 0; /* reserved */ msg[26] = 0; /* reserved */ @@ -2929,7 +2927,7 @@ ipmi_lanplus_rakp1(struct ipmi_intf * intf) } session->v2_data.session_state = LANPLUS_STATE_RAKP_2_RECEIVED; - + if (verbose) lanplus_dump_rakp2_message(rsp, session->v2_data.auth_alg);