Based on current crypto alogrithms, one could rank cipher suites along
these lines:
17 > 3 >> all the rest
17 and 3 are the only cipher suites that implement any sort of
confidentiality alogorithm that is secure. In addition, any hmac-md5 or
md5 integrity algorithm used in integrity is weak at best and dangerous
for authentication.
This could possibly be enabled in a simpler mechanism by simply checking
for 17 and then choosing it before falling back to 3, but the way this
is implemented, it makes it easy to change the list of acceptable
algorithms from two to three or more items.
Resolvesipmitool/ipmitool#29
Signed-off-by: Vernon Mauery <vernon.mauery@intel.com>
Remove all direct comparisons to 'NULL' for pointers.
Replace them with boolean-like 'if (ptr)' and 'if (!ptr)'.
This makes conditions shorter and easier to read.
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
Make code better readable by replacing `if (rsp->ccode > 0)`
and 'if (rsp->ccode != 0)' with just `if (rsp->ccode)` as
rsp->ccode is anyway an unsigned byte and can't be negative.
Also replace 'if (rsp->ccode == 0)' with 'if (!rsp->ccode)'.
All these changes make lines shorter and easier to read as
a non-zero ccode is an indication of some failure, and so !ccode
naturally reads as 'no error'.
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
Commit implements `Enable status` which shows/is in alignment with (22.27) Get
User Access Command and displays User ID Enable/Disable status of given User ID
at given channel.
Commit adds a work-around for some BMCs which return ccode 0xCC when user is
disabled. However, this isn't reason to stop listing users as this ccode is
perceived as being "normal".
When 0xCC is returned, empty user name will be printed instead of bailing out.
Commit hooks ipmi_user_priv() to _ipmi_set_user_access(). Later got extended for
'change_priv_limit_only', because of the former.
Commit removes ipmi_user_set_userpriv(), because it's not used anywhere.
Commit is a re-work of 'channel getaccess' and 'channel setaccess'. These are
using _ipmi_* now. Also, bitfields and two structs are replaced by one unified
struct.
