summaryrefslogtreecommitdiff
path: root/lib/ipmi_user.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ipmi_user.c')
-rw-r--r--lib/ipmi_user.c1112
1 files changed, 513 insertions, 599 deletions
diff --git a/lib/ipmi_user.c b/lib/ipmi_user.c
index d7e5890..6074209 100644
--- a/lib/ipmi_user.c
+++ b/lib/ipmi_user.c
@@ -53,249 +53,293 @@ extern int verbose;
extern int csv_output;
-#define IPMI_PASSWORD_DISABLE_USER 0x00
-#define IPMI_PASSWORD_ENABLE_USER 0x01
-#define IPMI_PASSWORD_SET_PASSWORD 0x02
-#define IPMI_PASSWORD_TEST_PASSWORD 0x03
-
-/*
- * ipmi_get_user_access
+/* _ipmi_get_user_access - Get User Access for given channel. Results are stored
+ * into passed struct.
*
- * param intf [in]
- * param channel_number [in]
- * param user_id [in]
- * param user_access [out]
+ * @intf - IPMI interface
+ * @user_access_rsp - ptr to user_access_t with UID and Channel set
*
- * return 0 on succes
- * 1 on failure
+ * returns - negative number means error, positive is a ccode
*/
-static int
-ipmi_get_user_access(
- struct ipmi_intf *intf,
- uint8_t channel_number,
- uint8_t user_id,
- struct user_access_rsp *user_access)
+int
+_ipmi_get_user_access(struct ipmi_intf *intf,
+ struct user_access_t *user_access_rsp)
{
- struct ipmi_rs * rsp;
- struct ipmi_rq req;
- uint8_t msg_data[2];
-
- memset(&req, 0, sizeof(req));
- req.msg.netfn = IPMI_NETFN_APP; /* 0x06 */
- req.msg.cmd = IPMI_GET_USER_ACCESS; /* 0x44 */
- req.msg.data = msg_data;
+ struct ipmi_rq req = {0};
+ struct ipmi_rs *rsp;
+ uint8_t data[2];
+ if (user_access_rsp == NULL) {
+ return (-3);
+ }
+ data[0] = user_access_rsp->channel & 0x0F;
+ data[1] = user_access_rsp->user_id & 0x3F;
+ req.msg.netfn = IPMI_NETFN_APP;
+ req.msg.cmd = IPMI_GET_USER_ACCESS;
+ req.msg.data = data;
req.msg.data_len = 2;
-
-
- /* The channel number will remain constant throughout this function */
- msg_data[0] = channel_number;
- msg_data[1] = user_id;
-
rsp = intf->sendrecv(intf, &req);
-
if (rsp == NULL) {
- lprintf(LOG_ERR, "Get User Access command failed "
- "(channel %d, user %d)", channel_number, user_id);
- return -1;
- }
- if (rsp->ccode > 0) {
- lprintf(LOG_ERR, "Get User Access command failed "
- "(channel %d, user %d): %s", channel_number, user_id,
- val2str(rsp->ccode, completion_code_vals));
- return -1;
+ return (-1);
+ } else if (rsp->ccode != 0) {
+ return rsp->ccode;
+ } else if (rsp->data_len != 4) {
+ return (-2);
}
-
- memcpy(user_access,
- rsp->data,
- sizeof(struct user_access_rsp));
-
- return 0;
+ user_access_rsp->max_user_ids = rsp->data[0] & 0x3F;
+ user_access_rsp->enable_status = rsp->data[1] & 0xC0;
+ user_access_rsp->enabled_user_ids = rsp->data[1] & 0x3F;
+ user_access_rsp->fixed_user_ids = rsp->data[2] & 0x3F;
+ user_access_rsp->callin_callback = rsp->data[3] & 0x40;
+ user_access_rsp->link_auth = rsp->data[3] & 0x20;
+ user_access_rsp->ipmi_messaging = rsp->data[3] & 0x10;
+ user_access_rsp->privilege_limit = rsp->data[3] & 0x0F;
+ return rsp->ccode;
}
-
-
-/*
- * ipmi_get_user_name
+/* _ipmi_get_user_name - Fetch User Name for given User ID. User Name is stored
+ * into passed structure.
*
- * param intf [in]
- * param channel_number [in]
- * param user_id [in]
- * param user_name [out]
+ * @intf - ipmi interface
+ * @user_name - user_name_t struct with UID set
*
- * return 0 on succes
- * 1 on failure
+ * returns - negative number means error, positive is a ccode
*/
-static int
-ipmi_get_user_name(
- struct ipmi_intf *intf,
- uint8_t user_id,
- char *user_name)
+int
+_ipmi_get_user_name(struct ipmi_intf *intf, struct user_name_t *user_name_ptr)
{
- struct ipmi_rs * rsp;
- struct ipmi_rq req;
- uint8_t msg_data[1];
-
- memset(user_name, 0, 17);
-
- memset(&req, 0, sizeof(req));
- req.msg.netfn = IPMI_NETFN_APP; /* 0x06 */
- req.msg.cmd = IPMI_GET_USER_NAME; /* 0x45 */
- req.msg.data = msg_data;
+ struct ipmi_rq req = {0};
+ struct ipmi_rs *rsp;
+ uint8_t data[1];
+ if (user_name_ptr == NULL) {
+ return (-3);
+ }
+ data[0] = user_name_ptr->user_id & 0x3F;
+ req.msg.netfn = IPMI_NETFN_APP;
+ req.msg.cmd = IPMI_GET_USER_NAME;
+ req.msg.data = data;
req.msg.data_len = 1;
-
- msg_data[0] = user_id;
-
rsp = intf->sendrecv(intf, &req);
-
if (rsp == NULL) {
- lprintf(LOG_ERR, "Get User Name command failed (user %d)",
- user_id);
- return -1;
- }
- if (rsp->ccode > 0) {
- if (rsp->ccode == 0xcc)
- return 0;
- lprintf(LOG_ERR, "Get User Name command failed (user %d): %s",
- user_id, val2str(rsp->ccode, completion_code_vals));
- return -1;
+ return (-1);
+ } else if (rsp->ccode > 0) {
+ return rsp->ccode;
+ } else if (rsp->data_len != 16) {
+ return (-2);
}
-
- memcpy(user_name, rsp->data, 16);
-
- return 0;
+ memset(user_name_ptr->user_name, '\0', 17);
+ memcpy(user_name_ptr->user_name, rsp->data, 16);
+ return rsp->ccode;
}
+/* _ipmi_set_user_access - Set User Access for given channel.
+ *
+ * @intf - IPMI interface
+ * @user_access_req - ptr to user_access_t with desired User Access.
+ * @change_priv_limit_only - change User's privilege limit only
+ *
+ * returns - negative number means error, positive is a ccode
+ */
+int
+_ipmi_set_user_access(struct ipmi_intf *intf,
+ struct user_access_t *user_access_req,
+ uint8_t change_priv_limit_only)
+{
+ uint8_t data[4];
+ struct ipmi_rq req = {0};
+ struct ipmi_rs *rsp;
+ if (user_access_req == NULL) {
+ return (-3);
+ }
+ data[0] = change_priv_limit_only ? 0x00 : 0x80;
+ if (user_access_req->callin_callback) {
+ data[0] |= 0x40;
+ }
+ if (user_access_req->link_auth) {
+ data[0] |= 0x20;
+ }
+ if (user_access_req->ipmi_messaging) {
+ data[0] |= 0x10;
+ }
+ data[0] |= (user_access_req->channel & 0x0F);
+ data[1] = user_access_req->user_id & 0x3F;
+ data[2] = user_access_req->privilege_limit & 0x0F;
+ data[3] = user_access_req->session_limit & 0x0F;
+ req.msg.netfn = IPMI_NETFN_APP;
+ req.msg.cmd = IPMI_SET_USER_ACCESS;
+ req.msg.data = data;
+ req.msg.data_len = 4;
+ rsp = intf->sendrecv(intf, &req);
+ if (rsp == NULL) {
+ return (-1);
+ } else {
+ return rsp->ccode;
+ }
+}
+/* _ipmi_set_user_password - Set User Password command.
+ *
+ * @intf - IPMI interface
+ * @user_id - IPMI User ID
+ * @operation - which operation to perform(en/disable user, set/test password)
+ * @password - User Password
+ * @is_twenty_byte - 0 = store as 16byte, otherwise store as 20byte password
+ *
+ * returns - negative number means error, positive is a ccode
+ */
+int
+_ipmi_set_user_password(struct ipmi_intf *intf, uint8_t user_id,
+ uint8_t operation, const char *password,
+ uint8_t is_twenty_byte)
+{
+ struct ipmi_rq req = {0};
+ struct ipmi_rs *rsp;
+ uint8_t *data;
+ uint8_t data_len = (is_twenty_byte) ? 22 : 18;
+ data = malloc(sizeof(uint8_t) * data_len);
+ if (data == NULL) {
+ return (-4);
+ }
+ memset(data, 0, data_len);
+ data[0] = (is_twenty_byte) ? 0x80 : 0x00;
+ data[0] |= (0x0F & user_id);
+ data[1] = 0x03 & operation;
+ if (password != NULL) {
+ size_t copy_len = strlen(password);
+ if (copy_len > (data_len - 2)) {
+ copy_len = data_len - 2;
+ } else if (copy_len < 1) {
+ copy_len = 0;
+ }
+ strncpy((char *)(data + 2), password, copy_len);
+ }
+ req.msg.netfn = IPMI_NETFN_APP;
+ req.msg.cmd = IPMI_SET_USER_PASSWORD;
+ req.msg.data = data;
+ req.msg.data_len = data_len;
+ rsp = intf->sendrecv(intf, &req);
+ free(data);
+ data = NULL;
+ if (rsp == NULL) {
+ return (-1);
+ }
+ return rsp->ccode;
+}
static void
-dump_user_access(
- uint8_t user_id,
- const char * user_name,
- struct user_access_rsp * user_access)
+dump_user_access(const char *user_name,
+ struct user_access_t *user_access)
{
static int printed_header = 0;
-
- if (! printed_header)
- {
+ if (!printed_header) {
printf("ID Name Callin Link Auth IPMI Msg "
- "Channel Priv Limit\n");
+ "Channel Priv Limit\n");
printed_header = 1;
}
-
printf("%-4d%-17s%-8s%-11s%-11s%-s\n",
- user_id,
- user_name,
- user_access->no_callin_access? "false": "true ",
- user_access->link_auth_access? "true ": "false",
- user_access->ipmi_messaging_access? "true ": "false",
- val2str(user_access->channel_privilege_limit,
- ipmi_privlvl_vals));
+ user_access->user_id,
+ user_name,
+ user_access->callin_callback? "false": "true ",
+ user_access->link_auth? "true ": "false",
+ user_access->ipmi_messaging? "true ": "false",
+ val2str(user_access->privilege_limit,
+ ipmi_privlvl_vals));
}
static void
-dump_user_access_csv(
- uint8_t user_id,
- const char *user_name,
- struct user_access_rsp *user_access)
+dump_user_access_csv(const char *user_name,
+ struct user_access_t *user_access)
{
printf("%d,%s,%s,%s,%s,%s\n",
- user_id,
- user_name,
- user_access->no_callin_access? "false": "true",
- user_access->link_auth_access? "true": "false",
- user_access->ipmi_messaging_access? "true": "false",
- val2str(user_access->channel_privilege_limit,
- ipmi_privlvl_vals));
+ user_access->user_id,
+ user_name,
+ user_access->callin_callback? "false": "true",
+ user_access->link_auth? "true": "false",
+ user_access->ipmi_messaging? "true": "false",
+ val2str(user_access->privilege_limit,
+ ipmi_privlvl_vals));
}
+/* ipmi_print_user_list - List IPMI Users and their ACLs for given channel.
+ *
+ * @intf - IPMI interface
+ * @channel_number - IPMI channel
+ *
+ * returns - 0 on success, (-1) on error
+ */
static int
-ipmi_print_user_list(
- struct ipmi_intf *intf,
- uint8_t channel_number)
+ipmi_print_user_list(struct ipmi_intf *intf, uint8_t channel_number)
{
- /* This is where you were! */
- char user_name[17];
- struct user_access_rsp user_access;
+ struct user_access_t user_access = {0};
+ struct user_name_t user_name = {0};
+ int ccode = 0;
uint8_t current_user_id = 1;
-
-
- do
- {
- if (ipmi_get_user_access(intf,
- channel_number,
- current_user_id,
- &user_access))
- return -1;
-
-
- if (ipmi_get_user_name(intf,
- current_user_id,
- user_name))
- return -1;
-
- if ((current_user_id == 0) ||
- user_access.link_auth_access ||
- user_access.ipmi_messaging_access ||
- strcmp("", user_name))
- {
- if (csv_output)
- dump_user_access_csv(current_user_id,
- user_name, &user_access);
- else
- dump_user_access(current_user_id,
- user_name,
- &user_access);
+ do {
+ memset(&user_access, 0, sizeof(user_access));
+ user_access.user_id = current_user_id;
+ user_access.channel = channel_number;
+ ccode = _ipmi_get_user_access(intf, &user_access);
+ if (eval_ccode(ccode) != 0) {
+ return (-1);
+ }
+ memset(&user_name, 0, sizeof(user_name));
+ user_name.user_id = current_user_id;
+ ccode = _ipmi_get_user_name(intf, &user_name);
+ if (ccode == 0xCC) {
+ user_name.user_id = current_user_id;
+ memset(&user_name.user_name, '\0', 17);
+ } else if (eval_ccode(ccode) != 0) {
+ return (-1);
+ }
+ if (csv_output) {
+ dump_user_access_csv((char *)user_name.user_name,
+ &user_access);
+ } else {
+ dump_user_access((char *)user_name.user_name,
+ &user_access);
}
-
-
++current_user_id;
- } while((current_user_id <= user_access.maximum_ids) &&
- (current_user_id <= IPMI_UID_MAX)); /* Absolute maximum allowed by spec */
-
-
+ } while ((current_user_id <= user_access.max_user_ids)
+ && (current_user_id <= IPMI_UID_MAX));
return 0;
}
-
-
+/* ipmi_print_user_summary - print User statistics for given channel
+ *
+ * @intf - IPMI interface
+ * @channel_number - channel number
+ *
+ * returns - 0 on success, (-1) on error
+ */
static int
-ipmi_print_user_summary(
- struct ipmi_intf * intf,
- uint8_t channel_number)
+ipmi_print_user_summary(struct ipmi_intf *intf, uint8_t channel_number)
{
- struct user_access_rsp user_access;
-
- if (ipmi_get_user_access(intf,
- channel_number,
- 1,
- &user_access))
- return -1;
-
- if (csv_output)
- {
- printf("%d,%d,%d\n",
- user_access.maximum_ids,
- user_access.enabled_user_count,
- user_access.fixed_name_count);
+ struct user_access_t user_access = {0};
+ int ccode = 0;
+ user_access.channel = channel_number;
+ user_access.user_id = 1;
+ ccode = _ipmi_get_user_access(intf, &user_access);
+ if (eval_ccode(ccode) != 0) {
+ return (-1);
}
- else
- {
- printf("Maximum IDs : %d\n",
- user_access.maximum_ids);
- printf("Enabled User Count : %d\n",
- user_access.enabled_user_count);
- printf("Fixed Name Count : %d\n",
- user_access.fixed_name_count);
+ if (csv_output) {
+ printf("%" PRIu8 ",%" PRIu8 ",%" PRIu8 "\n",
+ user_access.max_user_ids,
+ user_access.enabled_user_ids,
+ user_access.fixed_user_ids);
+ } else {
+ printf("Maximum IDs : %" PRIu8 "\n",
+ user_access.max_user_ids);
+ printf("Enabled User Count : %" PRIu8 "\n",
+ user_access.enabled_user_ids);
+ printf("Fixed Name Count : %" PRIu8 "\n",
+ user_access.fixed_user_ids);
}
-
return 0;
}
-
-
/*
* ipmi_user_set_username
*/
@@ -343,125 +387,17 @@ ipmi_user_set_username(
return 0;
}
-static int
-ipmi_user_set_userpriv(
- struct ipmi_intf *intf,
- uint8_t channel,
- uint8_t user_id,
- const unsigned char privLevel)
-{
- struct ipmi_rs *rsp;
- struct ipmi_rq req;
- uint8_t msg_data[4] = {0, 0, 0, 0};
-
- memset(&req, 0, sizeof(req));
- req.msg.netfn = IPMI_NETFN_APP; /* 0x06 */
- req.msg.cmd = IPMI_SET_USER_ACCESS; /* 0x43 */
- req.msg.data = msg_data;
- req.msg.data_len = 4;
-
- /* The channel number will remain constant throughout this function */
- msg_data[0] = (channel & 0x0f);
- msg_data[1] = (user_id & 0x3f);
- msg_data[2] = (privLevel & 0x0f);
- msg_data[3] = 0;
-
- rsp = intf->sendrecv(intf, &req);
-
- if (rsp == NULL)
- {
- lprintf(LOG_ERR, "Set Privilege Level command failed (user %d)",
- user_id);
- return -1;
- }
- if (rsp->ccode > 0)
- {
- lprintf(LOG_ERR, "Set Privilege Level command failed (user %d): %s",
- user_id, val2str(rsp->ccode, completion_code_vals));
- return -1;
- }
-
- return 0;
-}
-
-/*
- * ipmi_user_set_password
- *
- * This function is responsible for 4 things
- * Enabling/Disabling users
- * Setting/Testing passwords
- */
-static int
-ipmi_user_set_password(
- struct ipmi_intf * intf,
- uint8_t user_id,
- uint8_t operation,
- const char *password,
- int is_twenty_byte_password)
-{
- struct ipmi_rs * rsp;
- struct ipmi_rq req;
- uint8_t msg_data[22];
-
- int password_length = (is_twenty_byte_password? 20 : 16);
-
- memset(&req, 0, sizeof(req));
- req.msg.netfn = IPMI_NETFN_APP; /* 0x06 */
- req.msg.cmd = IPMI_SET_USER_PASSWORD; /* 0x47 */
- req.msg.data = msg_data;
- req.msg.data_len = password_length + 2;
-
-
- /* The channel number will remain constant throughout this function */
- msg_data[0] = user_id;
-
- if (is_twenty_byte_password)
- msg_data[0] |= 0x80;
-
- msg_data[1] = operation;
-
- memset(msg_data + 2, 0, password_length);
-
- if (password != NULL)
- strncpy((char *)(msg_data + 2), password, password_length);
-
- rsp = intf->sendrecv(intf, &req);
-
- if (rsp == NULL) {
- lprintf(LOG_ERR, "Set User Password command failed (user %d)",
- user_id);
- return -1;
- }
- if (rsp->ccode > 0) {
- lprintf(LOG_ERR, "Set User Password command failed (user %d): %s",
- user_id, val2str(rsp->ccode, completion_code_vals));
- return rsp->ccode;
- }
-
- return 0;
-}
-
-
-
-/*
- * ipmi_user_test_password
- *
- * Call ipmi_user_set_password, and interpret the result
+/* ipmi_user_test_password - Call _ipmi_set_user_password() with operation bit
+ * set to test password and interpret result.
*/
static int
-ipmi_user_test_password(
- struct ipmi_intf * intf,
- uint8_t user_id,
- const char * password,
- int is_twenty_byte_password)
+ipmi_user_test_password(struct ipmi_intf *intf, uint8_t user_id,
+ const char *password, uint8_t is_twenty_byte_password)
{
- int ret;
-
- ret = ipmi_user_set_password(intf,
- user_id,
- IPMI_PASSWORD_TEST_PASSWORD,
- password,
- is_twenty_byte_password);
+ int ret = 0;
+ ret = _ipmi_set_user_password(intf, user_id,
+ IPMI_PASSWORD_TEST_PASSWORD, password,
+ is_twenty_byte_password);
switch (ret) {
case 0:
@@ -487,16 +423,40 @@ ipmi_user_test_password(
static void
print_user_usage(void)
{
- lprintf(LOG_NOTICE, "User Commands:");
- lprintf(LOG_NOTICE, " summary [<channel number>]");
- lprintf(LOG_NOTICE, " list [<channel number>]");
- lprintf(LOG_NOTICE, " set name <user id> <username>");
- lprintf(LOG_NOTICE, " set password <user id> [<password>]");
- lprintf(LOG_NOTICE, " disable <user id>");
- lprintf(LOG_NOTICE, " enable <user id>");
lprintf(LOG_NOTICE,
- " priv <user id> <privilege level> [<channel number>]");
- lprintf(LOG_NOTICE, " test <user id> <16|20> [<password]>\n");
+"User Commands:");
+ lprintf(LOG_NOTICE,
+" summary [<channel number>]");
+ lprintf(LOG_NOTICE,
+" list [<channel number>]");
+ lprintf(LOG_NOTICE,
+" set name <user id> <username>");
+ lprintf(LOG_NOTICE,
+" set password <user id> [<password> <16|20>]");
+ lprintf(LOG_NOTICE,
+" disable <user id>");
+ lprintf(LOG_NOTICE,
+" enable <user id>");
+ lprintf(LOG_NOTICE,
+" priv <user id> <privilege level> [<channel number>]");
+ lprintf(LOG_NOTICE,
+" Privilege levels:");
+ lprintf(LOG_NOTICE,
+" * 0x1 - Callback");
+ lprintf(LOG_NOTICE,
+" * 0x2 - User");
+ lprintf(LOG_NOTICE,
+" * 0x3 - Operator");
+ lprintf(LOG_NOTICE,
+" * 0x4 - Administrator");
+ lprintf(LOG_NOTICE,
+" * 0x5 - OEM Proprietary");
+ lprintf(LOG_NOTICE,
+" * 0xF - No Access");
+ lprintf(LOG_NOTICE, "");
+ lprintf(LOG_NOTICE,
+" test <user id> <16|20> [<password]>");
+ lprintf(LOG_NOTICE, "");
}
@@ -509,328 +469,282 @@ ipmi_user_build_password_prompt(uint8_t user_id)
return prompt;
}
-
-/*
- * ipmi_user_main
+/* ask_password - ask user for password
*
- * Upon entry to this function argv should contain our arguments
- * specific to this subcommand
+ * @user_id: User ID which will be built-in into text
+ *
+ * @returns pointer to char with password
*/
-int
-ipmi_user_main(struct ipmi_intf * intf, int argc, char ** argv)
+char *
+ask_password(uint8_t user_id)
{
- int retval = 0;
+ const char *password_prompt =
+ ipmi_user_build_password_prompt(user_id);
+# ifdef HAVE_GETPASSPHRASE
+ return getpassphrase(password_prompt);
+# else
+ return (char*)getpass(password_prompt);
+# endif
+}
- /*
- * Help
- */
- if (argc == 0 || strncmp(argv[0], "help", 4) == 0)
- {
+int
+ipmi_user_summary(struct ipmi_intf *intf, int argc, char **argv)
+{
+ /* Summary*/
+ uint8_t channel;
+ if (argc == 1) {
+ channel = 0x0E; /* Ask about the current channel */
+ } else if (argc == 2) {
+ if (is_ipmi_channel_num(argv[1], &channel) != 0) {
+ return (-1);
+ }
+ } else {
print_user_usage();
+ return (-1);
}
+ return ipmi_print_user_summary(intf, channel);
+}
- /*
- * Summary
- */
- else if (strncmp(argv[0], "summary", 7) == 0)
- {
- uint8_t channel;
-
- if (argc == 1)
- channel = 0x0E; /* Ask about the current channel */
- else if (argc == 2)
- {
- if (str2uchar(argv[1], &channel) != 0)
- {
- lprintf(LOG_ERR, "Invalid channel: %s", argv[1]);
- return (-1);
- }
- }
- else
- {
- print_user_usage();
- return -1;
+int
+ipmi_user_list(struct ipmi_intf *intf, int argc, char **argv)
+{
+ /* List */
+ uint8_t channel;
+ if (argc == 1) {
+ channel = 0x0E; /* Ask about the current channel */
+ } else if (argc == 2) {
+ if (is_ipmi_channel_num(argv[1], &channel) != 0) {
+ return (-1);
}
-
- retval = ipmi_print_user_summary(intf, channel);
+ } else {
+ print_user_usage();
+ return (-1);
}
+ return ipmi_print_user_list(intf, channel);
+}
-
- /*
- * List
- */
- else if (strncmp(argv[0], "list", 4) == 0)
- {
- uint8_t channel;
-
- if (argc == 1)
- channel = 0x0E; /* Ask about the current channel */
- else if (argc == 2)
- {
- if (str2uchar(argv[1], &channel) != 0)
- {
- lprintf(LOG_ERR, "Invalid channel: %s", argv[1]);
- return (-1);
- }
- }
- else
- {
- print_user_usage();
- return -1;
+int
+ipmi_user_test(struct ipmi_intf *intf, int argc, char **argv)
+{
+ /* Test */
+ char *password = NULL;
+ int password_length = 0;
+ uint8_t user_id = 0;
+ /* a little irritating, isn't it */
+ if (argc != 3 && argc != 4) {
+ print_user_usage();
+ return (-1);
+ }
+ if (is_ipmi_user_id(argv[1], &user_id)) {
+ return (-1);
+ }
+ if (str2int(argv[2], &password_length) != 0
+ || (password_length != 16 && password_length != 20)) {
+ lprintf(LOG_ERR,
+ "Given password length '%s' is invalid.",
+ argv[2]);
+ lprintf(LOG_ERR, "Expected value is either 16 or 20.");
+ return (-1);
+ }
+ if (argc == 3) {
+ /* We need to prompt for a password */
+ password = ask_password(user_id);
+ if (password == NULL) {
+ lprintf(LOG_ERR, "ipmitool: malloc failure");
+ return (-1);
}
-
- retval = ipmi_print_user_list(intf, channel);
+ } else {
+ password = argv[3];
}
+ return ipmi_user_test_password(intf,
+ user_id,
+ password,
+ password_length == 20);
+}
+int
+ipmi_user_priv(struct ipmi_intf *intf, int argc, char **argv)
+{
+ struct user_access_t user_access = {0};
+ int ccode = 0;
-
- /*
- * Test
- */
- else if (strncmp(argv[0], "test", 4) == 0)
- {
- // a little irritating, isn't it
- if (argc == 3 || argc == 4)
- {
- char * password = NULL;
- int password_length = 0;
- uint8_t user_id = 0;
- if (is_ipmi_user_id(argv[1], &user_id)) {
- return (-1);
- }
- if (str2int(argv[2], &password_length) != 0
- || (password_length != 16 && password_length != 20)) {
- lprintf(LOG_ERR,
- "Given password length '%s' is invalid.",
- argv[2]);
- lprintf(LOG_ERR, "Expected value is either 16 or 20.");
- return (-1);
- }
-
- if (argc == 3)
- {
- /* We need to prompt for a password */
-
- char * tmp;
- const char * password_prompt =
- ipmi_user_build_password_prompt(user_id);
-# ifdef HAVE_GETPASSPHRASE
- tmp = getpassphrase (password_prompt);
-# else
- tmp = (char*)getpass (password_prompt);
-# endif
- if (tmp != NULL) {
- password = strdup(tmp);
- tmp = NULL;
- }
- if (password == NULL) {
- lprintf(LOG_ERR, "ipmitool: malloc failure");
- return -1;
- }
- }
- else {
- password = strdup(argv[3]);
- }
-
-
- retval = ipmi_user_test_password(intf,
- user_id,
- password,
- password_length == 20);
- if (password != NULL) {
- free(password);
- password = NULL;
- }
- }
- else
- {
- print_user_usage();
- return -1;
+ if (argc != 3 && argc != 4) {
+ print_user_usage();
+ return (-1);
+ }
+ if (argc == 4) {
+ if (is_ipmi_channel_num(argv[3], &user_access.channel) != 0) {
+ return (-1);
}
+ } else {
+ /* Use channel running on */
+ user_access.channel = 0x0E;
}
+ if (is_ipmi_user_priv_limit(argv[2], &user_access.privilege_limit) != 0
+ || is_ipmi_user_id(argv[1], &user_access.user_id) != 0) {
+ return (-1);
+ }
+ ccode = _ipmi_set_user_access(intf, &user_access, 1);
+ if (eval_ccode(ccode) != 0) {
+ lprintf(LOG_ERR, "Set Privilege Level command failed (user %d)",
+ user_access.user_id);
+ return (-1);
+ } else {
+ printf("Set Privilege Level command successful (user %d)",
+ user_access.user_id);
+ return 0;
+ }
+}
- /*
- * Set
- */
- else if (strncmp(argv[0], "set", 3) == 0)
- {
- /*
- * Set Password
- */
- if ((argc >= 3) &&
- (strncmp("password", argv[1], 8) == 0))
- {
- char * password = NULL;
- uint8_t user_id = 0;
- if (is_ipmi_user_id(argv[2], &user_id)) {
- return (-1);
- }
-
- if (argc == 3)
- {
- /* We need to prompt for a password */
- char * tmp;
- const char * password_prompt =
- ipmi_user_build_password_prompt(user_id);
-# ifdef HAVE_GETPASSPHRASE
- tmp = getpassphrase (password_prompt);
-# else
- tmp = (char*)getpass (password_prompt);
-# endif
- if (tmp != NULL) {
- password = strdup(tmp);
- tmp = NULL;
- }
- if (password == NULL) {
- lprintf(LOG_ERR, "ipmitool: malloc failure");
- return -1;
- }
-# ifdef HAVE_GETPASSPHRASE
- tmp = getpassphrase (password_prompt);
-# else
- tmp = (char*)getpass (password_prompt);
-# endif
- if (tmp == NULL) {
- lprintf(LOG_ERR, "ipmitool: malloc failure");
- return (-1);
- }
- if (strlen(password) != strlen(tmp)
- || strncmp(password, tmp, strlen(tmp))) {
- lprintf(LOG_ERR, "Passwords do not match.");
- free(password);
- password = NULL;
- return -1;
- }
- tmp = NULL;
- } else {
- password = strdup(argv[3]);
- }
-
- if (password == NULL) {
- lprintf(LOG_ERR, "Unable to parse password argument.");
- return -1;
- }
- else if (strlen(password) > 20)
- {
- lprintf(LOG_ERR, "Password is too long (> 20 bytes)");
- return -1;
- }
+int
+ipmi_user_mod(struct ipmi_intf *intf, int argc, char **argv)
+{
+ /* Disable / Enable */
+ uint8_t user_id;
+ uint8_t operation;
- retval = ipmi_user_set_password(intf,
- user_id,
- IPMI_PASSWORD_SET_PASSWORD,
- password,
- strlen(password) > 16);
- if (password != NULL) {
- free(password);
- password = NULL;
- }
- }
+ if (argc != 2) {
+ print_user_usage();
+ return (-1);
+ }
+ if (is_ipmi_user_id(argv[1], &user_id)) {
+ return (-1);
+ }
+ operation = (strncmp(argv[0], "disable", 7) == 0) ?
+ IPMI_PASSWORD_DISABLE_USER : IPMI_PASSWORD_ENABLE_USER;
- /*
- * Set Name
- */
- else if ((argc >= 2) &&
- (strncmp("name", argv[1], 4) == 0))
- {
- uint8_t user_id = 0;
- if (argc != 4)
- {
- print_user_usage();
- return -1;
- }
- if (is_ipmi_user_id(argv[2], &user_id)) {
- return (-1);
- }
+ return _ipmi_set_user_password(intf, user_id, operation,
+ (char *)NULL, 0);
+}
- if (strlen(argv[3]) > 16)
- {
- lprintf(LOG_ERR, "Username is too long (> 16 bytes)");
- return -1;
- }
+int
+ipmi_user_password(struct ipmi_intf *intf, int argc, char **argv)
+{
+ char *password = NULL;
+ int ccode = 0;
+ uint8_t password_type = 16;
+ uint8_t user_id = 0;
+ if (is_ipmi_user_id(argv[2], &user_id)) {
+ return (-1);
+ }
- retval = ipmi_user_set_username(intf, user_id, argv[3]);
+ if (argc == 3) {
+ /* We need to prompt for a password */
+ char *tmp;
+ password = ask_password(user_id);
+ if (password == NULL) {
+ lprintf(LOG_ERR, "ipmitool: malloc failure");
+ return (-1);
}
- else
- {
- print_user_usage();
- return -1;
+ tmp = ask_password(user_id);
+ if (tmp == NULL) {
+ lprintf(LOG_ERR, "ipmitool: malloc failure");
+ return (-1);
}
- }
-
- else if (strncmp(argv[0], "priv", 4) == 0)
- {
- uint8_t user_id;
- uint8_t priv_level;
- uint8_t channel = 0x0e; /* Use channel running on */
-
- if (argc != 3 && argc != 4)
- {
- print_user_usage();
- return -1;
+ if (strlen(password) != strlen(tmp)
+ || strncmp(password, tmp, strlen(tmp))) {
+ lprintf(LOG_ERR, "Passwords do not match.");
+ return (-1);
}
-
- if (argc == 4)
- {
- if (str2uchar(argv[3], &channel) != 0)
- {
- lprintf(LOG_ERR, "Invalid channel: %s", argv[3]);
+ } else {
+ password = argv[3];
+ if (argc > 4) {
+ if ((str2uchar(argv[4], &password_type) != 0)
+ || (password_type != 16 && password_type != 20)) {
+ lprintf(LOG_ERR, "Invalid password length '%s'", argv[4]);
return (-1);
}
- channel = (channel & 0x0f);
+ } else {
+ password_type = 16;
}
-
- if (str2uchar(argv[2], &priv_level) != 0)
- {
- lprintf(LOG_ERR, "Invalid privilege level: %s", argv[2]);
- return (-1);
- }
- priv_level = (priv_level & 0x0f);
+ }
- if (is_ipmi_user_id(argv[1], &user_id)) {
- return (-1);
- }
+ if (password == NULL) {
+ lprintf(LOG_ERR, "Unable to parse password argument.");
+ return (-1);
+ } else if (strlen(password) > 20) {
+ lprintf(LOG_ERR, "Password is too long (> 20 bytes)");
+ return (-1);
+ }
- retval = ipmi_user_set_userpriv(intf,channel,user_id,priv_level);
+ ccode = _ipmi_set_user_password(intf, user_id,
+ IPMI_PASSWORD_SET_PASSWORD, password,
+ password_type > 16);
+ if (eval_ccode(ccode) != 0) {
+ lprintf(LOG_ERR, "Set User Password command failed (user %d)",
+ user_id);
+ return (-1);
+ } else {
+ printf("Set User Password command successful (user %d)\n",
+ user_id);
+ return 0;
}
+}
- /*
- * Disable / Enable
- */
- else if ((strncmp(argv[0], "disable", 7) == 0) ||
- (strncmp(argv[0], "enable", 6) == 0))
- {
- uint8_t user_id;
- uint8_t operation;
- char null_password[16]; /* Not used, but required */
+int
+ipmi_user_name(struct ipmi_intf *intf, int argc, char **argv)
+{
+ /* Set Name */
+ uint8_t user_id = 0;
+ if (argc != 4) {
+ print_user_usage();
+ return (-1);
+ }
+ if (is_ipmi_user_id(argv[2], &user_id)) {
+ return (-1);
+ }
+ if (strlen(argv[3]) > 16) {
+ lprintf(LOG_ERR, "Username is too long (> 16 bytes)");
+ return (-1);
+ }
- memset(null_password, 0, sizeof(null_password));
+ return ipmi_user_set_username(intf, user_id, argv[3]);
+}
- if (argc != 2)
- {
+/*
+ * ipmi_user_main
+ *
+ * Upon entry to this function argv should contain our arguments
+ * specific to this subcommand
+ */
+int
+ipmi_user_main(struct ipmi_intf *intf, int argc, char **argv)
+{
+ if (argc == 0) {
+ lprintf(LOG_ERR, "Not enough parameters given.");
+ print_user_usage();
+ return (-1);
+ }
+ if (strncmp(argv[0], "help", 4) == 0) {
+ /* Help */
+ print_user_usage();
+ return 0;
+ } else if (strncmp(argv[0], "summary", 7) == 0) {
+ return ipmi_user_summary(intf, argc, argv);
+ } else if (strncmp(argv[0], "list", 4) == 0) {
+ return ipmi_user_list(intf, argc, argv);
+ } else if (strncmp(argv[0], "test", 4) == 0) {
+ return ipmi_user_test(intf, argc, argv);
+ } else if (strncmp(argv[0], "set", 3) == 0) {
+ /* Set */
+ if ((argc >= 3)
+ && (strncmp("password", argv[1], 8) == 0)) {
+ return ipmi_user_password(intf, argc, argv);
+ } else if ((argc >= 2)
+ && (strncmp("name", argv[1], 4) == 0)) {
+ return ipmi_user_name(intf, argc, argv);
+ } else {
print_user_usage();
- return -1;
- }
-
- if (is_ipmi_user_id(argv[1], &user_id)) {
return (-1);
}
-
- operation = (strncmp(argv[0], "disable", 7) == 0) ?
- IPMI_PASSWORD_DISABLE_USER : IPMI_PASSWORD_ENABLE_USER;
-
- retval = ipmi_user_set_password(intf,
- user_id,
- operation,
- null_password,
- 0); /* This field is ignored */
- }
- else
- {
- retval = -1;
+ } else if (strncmp(argv[0], "priv", 4) == 0) {
+ return ipmi_user_priv(intf, argc, argv);
+ } else if ((strncmp(argv[0], "disable", 7) == 0)
+ || (strncmp(argv[0], "enable", 6) == 0)) {
+ return ipmi_user_mod(intf, argc, argv);
+ } else {
lprintf(LOG_ERR, "Invalid user command: '%s'\n", argv[0]);
print_user_usage();
+ return (-1);
}
-
- return retval;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-14 16:56:30 +0000