diff options
Diffstat (limited to 'lib/ipmi_user.c')
-rw-r--r-- | lib/ipmi_user.c | 1112 |
1 files changed, 513 insertions, 599 deletions
diff --git a/lib/ipmi_user.c b/lib/ipmi_user.c index d7e5890..6074209 100644 --- a/lib/ipmi_user.c +++ b/lib/ipmi_user.c @@ -53,249 +53,293 @@ extern int verbose; extern int csv_output; -#define IPMI_PASSWORD_DISABLE_USER 0x00 -#define IPMI_PASSWORD_ENABLE_USER 0x01 -#define IPMI_PASSWORD_SET_PASSWORD 0x02 -#define IPMI_PASSWORD_TEST_PASSWORD 0x03 - -/* - * ipmi_get_user_access +/* _ipmi_get_user_access - Get User Access for given channel. Results are stored + * into passed struct. * - * param intf [in] - * param channel_number [in] - * param user_id [in] - * param user_access [out] + * @intf - IPMI interface + * @user_access_rsp - ptr to user_access_t with UID and Channel set * - * return 0 on succes - * 1 on failure + * returns - negative number means error, positive is a ccode */ -static int -ipmi_get_user_access( - struct ipmi_intf *intf, - uint8_t channel_number, - uint8_t user_id, - struct user_access_rsp *user_access) +int +_ipmi_get_user_access(struct ipmi_intf *intf, + struct user_access_t *user_access_rsp) { - struct ipmi_rs * rsp; - struct ipmi_rq req; - uint8_t msg_data[2]; - - memset(&req, 0, sizeof(req)); - req.msg.netfn = IPMI_NETFN_APP; /* 0x06 */ - req.msg.cmd = IPMI_GET_USER_ACCESS; /* 0x44 */ - req.msg.data = msg_data; + struct ipmi_rq req = {0}; + struct ipmi_rs *rsp; + uint8_t data[2]; + if (user_access_rsp == NULL) { + return (-3); + } + data[0] = user_access_rsp->channel & 0x0F; + data[1] = user_access_rsp->user_id & 0x3F; + req.msg.netfn = IPMI_NETFN_APP; + req.msg.cmd = IPMI_GET_USER_ACCESS; + req.msg.data = data; req.msg.data_len = 2; - - - /* The channel number will remain constant throughout this function */ - msg_data[0] = channel_number; - msg_data[1] = user_id; - rsp = intf->sendrecv(intf, &req); - if (rsp == NULL) { - lprintf(LOG_ERR, "Get User Access command failed " - "(channel %d, user %d)", channel_number, user_id); - return -1; - } - if (rsp->ccode > 0) { - lprintf(LOG_ERR, "Get User Access command failed " - "(channel %d, user %d): %s", channel_number, user_id, - val2str(rsp->ccode, completion_code_vals)); - return -1; + return (-1); + } else if (rsp->ccode != 0) { + return rsp->ccode; + } else if (rsp->data_len != 4) { + return (-2); } - - memcpy(user_access, - rsp->data, - sizeof(struct user_access_rsp)); - - return 0; + user_access_rsp->max_user_ids = rsp->data[0] & 0x3F; + user_access_rsp->enable_status = rsp->data[1] & 0xC0; + user_access_rsp->enabled_user_ids = rsp->data[1] & 0x3F; + user_access_rsp->fixed_user_ids = rsp->data[2] & 0x3F; + user_access_rsp->callin_callback = rsp->data[3] & 0x40; + user_access_rsp->link_auth = rsp->data[3] & 0x20; + user_access_rsp->ipmi_messaging = rsp->data[3] & 0x10; + user_access_rsp->privilege_limit = rsp->data[3] & 0x0F; + return rsp->ccode; } - - -/* - * ipmi_get_user_name +/* _ipmi_get_user_name - Fetch User Name for given User ID. User Name is stored + * into passed structure. * - * param intf [in] - * param channel_number [in] - * param user_id [in] - * param user_name [out] + * @intf - ipmi interface + * @user_name - user_name_t struct with UID set * - * return 0 on succes - * 1 on failure + * returns - negative number means error, positive is a ccode */ -static int -ipmi_get_user_name( - struct ipmi_intf *intf, - uint8_t user_id, - char *user_name) +int +_ipmi_get_user_name(struct ipmi_intf *intf, struct user_name_t *user_name_ptr) { - struct ipmi_rs * rsp; - struct ipmi_rq req; - uint8_t msg_data[1]; - - memset(user_name, 0, 17); - - memset(&req, 0, sizeof(req)); - req.msg.netfn = IPMI_NETFN_APP; /* 0x06 */ - req.msg.cmd = IPMI_GET_USER_NAME; /* 0x45 */ - req.msg.data = msg_data; + struct ipmi_rq req = {0}; + struct ipmi_rs *rsp; + uint8_t data[1]; + if (user_name_ptr == NULL) { + return (-3); + } + data[0] = user_name_ptr->user_id & 0x3F; + req.msg.netfn = IPMI_NETFN_APP; + req.msg.cmd = IPMI_GET_USER_NAME; + req.msg.data = data; req.msg.data_len = 1; - - msg_data[0] = user_id; - rsp = intf->sendrecv(intf, &req); - if (rsp == NULL) { - lprintf(LOG_ERR, "Get User Name command failed (user %d)", - user_id); - return -1; - } - if (rsp->ccode > 0) { - if (rsp->ccode == 0xcc) - return 0; - lprintf(LOG_ERR, "Get User Name command failed (user %d): %s", - user_id, val2str(rsp->ccode, completion_code_vals)); - return -1; + return (-1); + } else if (rsp->ccode > 0) { + return rsp->ccode; + } else if (rsp->data_len != 16) { + return (-2); } - - memcpy(user_name, rsp->data, 16); - - return 0; + memset(user_name_ptr->user_name, '\0', 17); + memcpy(user_name_ptr->user_name, rsp->data, 16); + return rsp->ccode; } +/* _ipmi_set_user_access - Set User Access for given channel. + * + * @intf - IPMI interface + * @user_access_req - ptr to user_access_t with desired User Access. + * @change_priv_limit_only - change User's privilege limit only + * + * returns - negative number means error, positive is a ccode + */ +int +_ipmi_set_user_access(struct ipmi_intf *intf, + struct user_access_t *user_access_req, + uint8_t change_priv_limit_only) +{ + uint8_t data[4]; + struct ipmi_rq req = {0}; + struct ipmi_rs *rsp; + if (user_access_req == NULL) { + return (-3); + } + data[0] = change_priv_limit_only ? 0x00 : 0x80; + if (user_access_req->callin_callback) { + data[0] |= 0x40; + } + if (user_access_req->link_auth) { + data[0] |= 0x20; + } + if (user_access_req->ipmi_messaging) { + data[0] |= 0x10; + } + data[0] |= (user_access_req->channel & 0x0F); + data[1] = user_access_req->user_id & 0x3F; + data[2] = user_access_req->privilege_limit & 0x0F; + data[3] = user_access_req->session_limit & 0x0F; + req.msg.netfn = IPMI_NETFN_APP; + req.msg.cmd = IPMI_SET_USER_ACCESS; + req.msg.data = data; + req.msg.data_len = 4; + rsp = intf->sendrecv(intf, &req); + if (rsp == NULL) { + return (-1); + } else { + return rsp->ccode; + } +} +/* _ipmi_set_user_password - Set User Password command. + * + * @intf - IPMI interface + * @user_id - IPMI User ID + * @operation - which operation to perform(en/disable user, set/test password) + * @password - User Password + * @is_twenty_byte - 0 = store as 16byte, otherwise store as 20byte password + * + * returns - negative number means error, positive is a ccode + */ +int +_ipmi_set_user_password(struct ipmi_intf *intf, uint8_t user_id, + uint8_t operation, const char *password, + uint8_t is_twenty_byte) +{ + struct ipmi_rq req = {0}; + struct ipmi_rs *rsp; + uint8_t *data; + uint8_t data_len = (is_twenty_byte) ? 22 : 18; + data = malloc(sizeof(uint8_t) * data_len); + if (data == NULL) { + return (-4); + } + memset(data, 0, data_len); + data[0] = (is_twenty_byte) ? 0x80 : 0x00; + data[0] |= (0x0F & user_id); + data[1] = 0x03 & operation; + if (password != NULL) { + size_t copy_len = strlen(password); + if (copy_len > (data_len - 2)) { + copy_len = data_len - 2; + } else if (copy_len < 1) { + copy_len = 0; + } + strncpy((char *)(data + 2), password, copy_len); + } + req.msg.netfn = IPMI_NETFN_APP; + req.msg.cmd = IPMI_SET_USER_PASSWORD; + req.msg.data = data; + req.msg.data_len = data_len; + rsp = intf->sendrecv(intf, &req); + free(data); + data = NULL; + if (rsp == NULL) { + return (-1); + } + return rsp->ccode; +} static void -dump_user_access( - uint8_t user_id, - const char * user_name, - struct user_access_rsp * user_access) +dump_user_access(const char *user_name, + struct user_access_t *user_access) { static int printed_header = 0; - - if (! printed_header) - { + if (!printed_header) { printf("ID Name Callin Link Auth IPMI Msg " - "Channel Priv Limit\n"); + "Channel Priv Limit\n"); printed_header = 1; } - printf("%-4d%-17s%-8s%-11s%-11s%-s\n", - user_id, - user_name, - user_access->no_callin_access? "false": "true ", - user_access->link_auth_access? "true ": "false", - user_access->ipmi_messaging_access? "true ": "false", - val2str(user_access->channel_privilege_limit, - ipmi_privlvl_vals)); + user_access->user_id, + user_name, + user_access->callin_callback? "false": "true ", + user_access->link_auth? "true ": "false", + user_access->ipmi_messaging? "true ": "false", + val2str(user_access->privilege_limit, + ipmi_privlvl_vals)); } static void -dump_user_access_csv( - uint8_t user_id, - const char *user_name, - struct user_access_rsp *user_access) +dump_user_access_csv(const char *user_name, + struct user_access_t *user_access) { printf("%d,%s,%s,%s,%s,%s\n", - user_id, - user_name, - user_access->no_callin_access? "false": "true", - user_access->link_auth_access? "true": "false", - user_access->ipmi_messaging_access? "true": "false", - val2str(user_access->channel_privilege_limit, - ipmi_privlvl_vals)); + user_access->user_id, + user_name, + user_access->callin_callback? "false": "true", + user_access->link_auth? "true": "false", + user_access->ipmi_messaging? "true": "false", + val2str(user_access->privilege_limit, + ipmi_privlvl_vals)); } +/* ipmi_print_user_list - List IPMI Users and their ACLs for given channel. + * + * @intf - IPMI interface + * @channel_number - IPMI channel + * + * returns - 0 on success, (-1) on error + */ static int -ipmi_print_user_list( - struct ipmi_intf *intf, - uint8_t channel_number) +ipmi_print_user_list(struct ipmi_intf *intf, uint8_t channel_number) { - /* This is where you were! */ - char user_name[17]; - struct user_access_rsp user_access; + struct user_access_t user_access = {0}; + struct user_name_t user_name = {0}; + int ccode = 0; uint8_t current_user_id = 1; - - - do - { - if (ipmi_get_user_access(intf, - channel_number, - current_user_id, - &user_access)) - return -1; - - - if (ipmi_get_user_name(intf, - current_user_id, - user_name)) - return -1; - - if ((current_user_id == 0) || - user_access.link_auth_access || - user_access.ipmi_messaging_access || - strcmp("", user_name)) - { - if (csv_output) - dump_user_access_csv(current_user_id, - user_name, &user_access); - else - dump_user_access(current_user_id, - user_name, - &user_access); + do { + memset(&user_access, 0, sizeof(user_access)); + user_access.user_id = current_user_id; + user_access.channel = channel_number; + ccode = _ipmi_get_user_access(intf, &user_access); + if (eval_ccode(ccode) != 0) { + return (-1); + } + memset(&user_name, 0, sizeof(user_name)); + user_name.user_id = current_user_id; + ccode = _ipmi_get_user_name(intf, &user_name); + if (ccode == 0xCC) { + user_name.user_id = current_user_id; + memset(&user_name.user_name, '\0', 17); + } else if (eval_ccode(ccode) != 0) { + return (-1); + } + if (csv_output) { + dump_user_access_csv((char *)user_name.user_name, + &user_access); + } else { + dump_user_access((char *)user_name.user_name, + &user_access); } - - ++current_user_id; - } while((current_user_id <= user_access.maximum_ids) && - (current_user_id <= IPMI_UID_MAX)); /* Absolute maximum allowed by spec */ - - + } while ((current_user_id <= user_access.max_user_ids) + && (current_user_id <= IPMI_UID_MAX)); return 0; } - - +/* ipmi_print_user_summary - print User statistics for given channel + * + * @intf - IPMI interface + * @channel_number - channel number + * + * returns - 0 on success, (-1) on error + */ static int -ipmi_print_user_summary( - struct ipmi_intf * intf, - uint8_t channel_number) +ipmi_print_user_summary(struct ipmi_intf *intf, uint8_t channel_number) { - struct user_access_rsp user_access; - - if (ipmi_get_user_access(intf, - channel_number, - 1, - &user_access)) - return -1; - - if (csv_output) - { - printf("%d,%d,%d\n", - user_access.maximum_ids, - user_access.enabled_user_count, - user_access.fixed_name_count); + struct user_access_t user_access = {0}; + int ccode = 0; + user_access.channel = channel_number; + user_access.user_id = 1; + ccode = _ipmi_get_user_access(intf, &user_access); + if (eval_ccode(ccode) != 0) { + return (-1); } - else - { - printf("Maximum IDs : %d\n", - user_access.maximum_ids); - printf("Enabled User Count : %d\n", - user_access.enabled_user_count); - printf("Fixed Name Count : %d\n", - user_access.fixed_name_count); + if (csv_output) { + printf("%" PRIu8 ",%" PRIu8 ",%" PRIu8 "\n", + user_access.max_user_ids, + user_access.enabled_user_ids, + user_access.fixed_user_ids); + } else { + printf("Maximum IDs : %" PRIu8 "\n", + user_access.max_user_ids); + printf("Enabled User Count : %" PRIu8 "\n", + user_access.enabled_user_ids); + printf("Fixed Name Count : %" PRIu8 "\n", + user_access.fixed_user_ids); } - return 0; } - - /* * ipmi_user_set_username */ @@ -343,125 +387,17 @@ ipmi_user_set_username( return 0; } -static int -ipmi_user_set_userpriv( - struct ipmi_intf *intf, - uint8_t channel, - uint8_t user_id, - const unsigned char privLevel) -{ - struct ipmi_rs *rsp; - struct ipmi_rq req; - uint8_t msg_data[4] = {0, 0, 0, 0}; - - memset(&req, 0, sizeof(req)); - req.msg.netfn = IPMI_NETFN_APP; /* 0x06 */ - req.msg.cmd = IPMI_SET_USER_ACCESS; /* 0x43 */ - req.msg.data = msg_data; - req.msg.data_len = 4; - - /* The channel number will remain constant throughout this function */ - msg_data[0] = (channel & 0x0f); - msg_data[1] = (user_id & 0x3f); - msg_data[2] = (privLevel & 0x0f); - msg_data[3] = 0; - - rsp = intf->sendrecv(intf, &req); - - if (rsp == NULL) - { - lprintf(LOG_ERR, "Set Privilege Level command failed (user %d)", - user_id); - return -1; - } - if (rsp->ccode > 0) - { - lprintf(LOG_ERR, "Set Privilege Level command failed (user %d): %s", - user_id, val2str(rsp->ccode, completion_code_vals)); - return -1; - } - - return 0; -} - -/* - * ipmi_user_set_password - * - * This function is responsible for 4 things - * Enabling/Disabling users - * Setting/Testing passwords - */ -static int -ipmi_user_set_password( - struct ipmi_intf * intf, - uint8_t user_id, - uint8_t operation, - const char *password, - int is_twenty_byte_password) -{ - struct ipmi_rs * rsp; - struct ipmi_rq req; - uint8_t msg_data[22]; - - int password_length = (is_twenty_byte_password? 20 : 16); - - memset(&req, 0, sizeof(req)); - req.msg.netfn = IPMI_NETFN_APP; /* 0x06 */ - req.msg.cmd = IPMI_SET_USER_PASSWORD; /* 0x47 */ - req.msg.data = msg_data; - req.msg.data_len = password_length + 2; - - - /* The channel number will remain constant throughout this function */ - msg_data[0] = user_id; - - if (is_twenty_byte_password) - msg_data[0] |= 0x80; - - msg_data[1] = operation; - - memset(msg_data + 2, 0, password_length); - - if (password != NULL) - strncpy((char *)(msg_data + 2), password, password_length); - - rsp = intf->sendrecv(intf, &req); - - if (rsp == NULL) { - lprintf(LOG_ERR, "Set User Password command failed (user %d)", - user_id); - return -1; - } - if (rsp->ccode > 0) { - lprintf(LOG_ERR, "Set User Password command failed (user %d): %s", - user_id, val2str(rsp->ccode, completion_code_vals)); - return rsp->ccode; - } - - return 0; -} - - - -/* - * ipmi_user_test_password - * - * Call ipmi_user_set_password, and interpret the result +/* ipmi_user_test_password - Call _ipmi_set_user_password() with operation bit + * set to test password and interpret result. */ static int -ipmi_user_test_password( - struct ipmi_intf * intf, - uint8_t user_id, - const char * password, - int is_twenty_byte_password) +ipmi_user_test_password(struct ipmi_intf *intf, uint8_t user_id, + const char *password, uint8_t is_twenty_byte_password) { - int ret; - - ret = ipmi_user_set_password(intf, - user_id, - IPMI_PASSWORD_TEST_PASSWORD, - password, - is_twenty_byte_password); + int ret = 0; + ret = _ipmi_set_user_password(intf, user_id, + IPMI_PASSWORD_TEST_PASSWORD, password, + is_twenty_byte_password); switch (ret) { case 0: @@ -487,16 +423,40 @@ ipmi_user_test_password( static void print_user_usage(void) { - lprintf(LOG_NOTICE, "User Commands:"); - lprintf(LOG_NOTICE, " summary [<channel number>]"); - lprintf(LOG_NOTICE, " list [<channel number>]"); - lprintf(LOG_NOTICE, " set name <user id> <username>"); - lprintf(LOG_NOTICE, " set password <user id> [<password>]"); - lprintf(LOG_NOTICE, " disable <user id>"); - lprintf(LOG_NOTICE, " enable <user id>"); lprintf(LOG_NOTICE, - " priv <user id> <privilege level> [<channel number>]"); - lprintf(LOG_NOTICE, " test <user id> <16|20> [<password]>\n"); +"User Commands:"); + lprintf(LOG_NOTICE, +" summary [<channel number>]"); + lprintf(LOG_NOTICE, +" list [<channel number>]"); + lprintf(LOG_NOTICE, +" set name <user id> <username>"); + lprintf(LOG_NOTICE, +" set password <user id> [<password> <16|20>]"); + lprintf(LOG_NOTICE, +" disable <user id>"); + lprintf(LOG_NOTICE, +" enable <user id>"); + lprintf(LOG_NOTICE, +" priv <user id> <privilege level> [<channel number>]"); + lprintf(LOG_NOTICE, +" Privilege levels:"); + lprintf(LOG_NOTICE, +" * 0x1 - Callback"); + lprintf(LOG_NOTICE, +" * 0x2 - User"); + lprintf(LOG_NOTICE, +" * 0x3 - Operator"); + lprintf(LOG_NOTICE, +" * 0x4 - Administrator"); + lprintf(LOG_NOTICE, +" * 0x5 - OEM Proprietary"); + lprintf(LOG_NOTICE, +" * 0xF - No Access"); + lprintf(LOG_NOTICE, ""); + lprintf(LOG_NOTICE, +" test <user id> <16|20> [<password]>"); + lprintf(LOG_NOTICE, ""); } @@ -509,328 +469,282 @@ ipmi_user_build_password_prompt(uint8_t user_id) return prompt; } - -/* - * ipmi_user_main +/* ask_password - ask user for password * - * Upon entry to this function argv should contain our arguments - * specific to this subcommand + * @user_id: User ID which will be built-in into text + * + * @returns pointer to char with password */ -int -ipmi_user_main(struct ipmi_intf * intf, int argc, char ** argv) +char * +ask_password(uint8_t user_id) { - int retval = 0; + const char *password_prompt = + ipmi_user_build_password_prompt(user_id); +# ifdef HAVE_GETPASSPHRASE + return getpassphrase(password_prompt); +# else + return (char*)getpass(password_prompt); +# endif +} - /* - * Help - */ - if (argc == 0 || strncmp(argv[0], "help", 4) == 0) - { +int +ipmi_user_summary(struct ipmi_intf *intf, int argc, char **argv) +{ + /* Summary*/ + uint8_t channel; + if (argc == 1) { + channel = 0x0E; /* Ask about the current channel */ + } else if (argc == 2) { + if (is_ipmi_channel_num(argv[1], &channel) != 0) { + return (-1); + } + } else { print_user_usage(); + return (-1); } + return ipmi_print_user_summary(intf, channel); +} - /* - * Summary - */ - else if (strncmp(argv[0], "summary", 7) == 0) - { - uint8_t channel; - - if (argc == 1) - channel = 0x0E; /* Ask about the current channel */ - else if (argc == 2) - { - if (str2uchar(argv[1], &channel) != 0) - { - lprintf(LOG_ERR, "Invalid channel: %s", argv[1]); - return (-1); - } - } - else - { - print_user_usage(); - return -1; +int +ipmi_user_list(struct ipmi_intf *intf, int argc, char **argv) +{ + /* List */ + uint8_t channel; + if (argc == 1) { + channel = 0x0E; /* Ask about the current channel */ + } else if (argc == 2) { + if (is_ipmi_channel_num(argv[1], &channel) != 0) { + return (-1); } - - retval = ipmi_print_user_summary(intf, channel); + } else { + print_user_usage(); + return (-1); } + return ipmi_print_user_list(intf, channel); +} - - /* - * List - */ - else if (strncmp(argv[0], "list", 4) == 0) - { - uint8_t channel; - - if (argc == 1) - channel = 0x0E; /* Ask about the current channel */ - else if (argc == 2) - { - if (str2uchar(argv[1], &channel) != 0) - { - lprintf(LOG_ERR, "Invalid channel: %s", argv[1]); - return (-1); - } - } - else - { - print_user_usage(); - return -1; +int +ipmi_user_test(struct ipmi_intf *intf, int argc, char **argv) +{ + /* Test */ + char *password = NULL; + int password_length = 0; + uint8_t user_id = 0; + /* a little irritating, isn't it */ + if (argc != 3 && argc != 4) { + print_user_usage(); + return (-1); + } + if (is_ipmi_user_id(argv[1], &user_id)) { + return (-1); + } + if (str2int(argv[2], &password_length) != 0 + || (password_length != 16 && password_length != 20)) { + lprintf(LOG_ERR, + "Given password length '%s' is invalid.", + argv[2]); + lprintf(LOG_ERR, "Expected value is either 16 or 20."); + return (-1); + } + if (argc == 3) { + /* We need to prompt for a password */ + password = ask_password(user_id); + if (password == NULL) { + lprintf(LOG_ERR, "ipmitool: malloc failure"); + return (-1); } - - retval = ipmi_print_user_list(intf, channel); + } else { + password = argv[3]; } + return ipmi_user_test_password(intf, + user_id, + password, + password_length == 20); +} +int +ipmi_user_priv(struct ipmi_intf *intf, int argc, char **argv) +{ + struct user_access_t user_access = {0}; + int ccode = 0; - - /* - * Test - */ - else if (strncmp(argv[0], "test", 4) == 0) - { - // a little irritating, isn't it - if (argc == 3 || argc == 4) - { - char * password = NULL; - int password_length = 0; - uint8_t user_id = 0; - if (is_ipmi_user_id(argv[1], &user_id)) { - return (-1); - } - if (str2int(argv[2], &password_length) != 0 - || (password_length != 16 && password_length != 20)) { - lprintf(LOG_ERR, - "Given password length '%s' is invalid.", - argv[2]); - lprintf(LOG_ERR, "Expected value is either 16 or 20."); - return (-1); - } - - if (argc == 3) - { - /* We need to prompt for a password */ - - char * tmp; - const char * password_prompt = - ipmi_user_build_password_prompt(user_id); -# ifdef HAVE_GETPASSPHRASE - tmp = getpassphrase (password_prompt); -# else - tmp = (char*)getpass (password_prompt); -# endif - if (tmp != NULL) { - password = strdup(tmp); - tmp = NULL; - } - if (password == NULL) { - lprintf(LOG_ERR, "ipmitool: malloc failure"); - return -1; - } - } - else { - password = strdup(argv[3]); - } - - - retval = ipmi_user_test_password(intf, - user_id, - password, - password_length == 20); - if (password != NULL) { - free(password); - password = NULL; - } - } - else - { - print_user_usage(); - return -1; + if (argc != 3 && argc != 4) { + print_user_usage(); + return (-1); + } + if (argc == 4) { + if (is_ipmi_channel_num(argv[3], &user_access.channel) != 0) { + return (-1); } + } else { + /* Use channel running on */ + user_access.channel = 0x0E; } + if (is_ipmi_user_priv_limit(argv[2], &user_access.privilege_limit) != 0 + || is_ipmi_user_id(argv[1], &user_access.user_id) != 0) { + return (-1); + } + ccode = _ipmi_set_user_access(intf, &user_access, 1); + if (eval_ccode(ccode) != 0) { + lprintf(LOG_ERR, "Set Privilege Level command failed (user %d)", + user_access.user_id); + return (-1); + } else { + printf("Set Privilege Level command successful (user %d)", + user_access.user_id); + return 0; + } +} - /* - * Set - */ - else if (strncmp(argv[0], "set", 3) == 0) - { - /* - * Set Password - */ - if ((argc >= 3) && - (strncmp("password", argv[1], 8) == 0)) - { - char * password = NULL; - uint8_t user_id = 0; - if (is_ipmi_user_id(argv[2], &user_id)) { - return (-1); - } - - if (argc == 3) - { - /* We need to prompt for a password */ - char * tmp; - const char * password_prompt = - ipmi_user_build_password_prompt(user_id); -# ifdef HAVE_GETPASSPHRASE - tmp = getpassphrase (password_prompt); -# else - tmp = (char*)getpass (password_prompt); -# endif - if (tmp != NULL) { - password = strdup(tmp); - tmp = NULL; - } - if (password == NULL) { - lprintf(LOG_ERR, "ipmitool: malloc failure"); - return -1; - } -# ifdef HAVE_GETPASSPHRASE - tmp = getpassphrase (password_prompt); -# else - tmp = (char*)getpass (password_prompt); -# endif - if (tmp == NULL) { - lprintf(LOG_ERR, "ipmitool: malloc failure"); - return (-1); - } - if (strlen(password) != strlen(tmp) - || strncmp(password, tmp, strlen(tmp))) { - lprintf(LOG_ERR, "Passwords do not match."); - free(password); - password = NULL; - return -1; - } - tmp = NULL; - } else { - password = strdup(argv[3]); - } - - if (password == NULL) { - lprintf(LOG_ERR, "Unable to parse password argument."); - return -1; - } - else if (strlen(password) > 20) - { - lprintf(LOG_ERR, "Password is too long (> 20 bytes)"); - return -1; - } +int +ipmi_user_mod(struct ipmi_intf *intf, int argc, char **argv) +{ + /* Disable / Enable */ + uint8_t user_id; + uint8_t operation; - retval = ipmi_user_set_password(intf, - user_id, - IPMI_PASSWORD_SET_PASSWORD, - password, - strlen(password) > 16); - if (password != NULL) { - free(password); - password = NULL; - } - } + if (argc != 2) { + print_user_usage(); + return (-1); + } + if (is_ipmi_user_id(argv[1], &user_id)) { + return (-1); + } + operation = (strncmp(argv[0], "disable", 7) == 0) ? + IPMI_PASSWORD_DISABLE_USER : IPMI_PASSWORD_ENABLE_USER; - /* - * Set Name - */ - else if ((argc >= 2) && - (strncmp("name", argv[1], 4) == 0)) - { - uint8_t user_id = 0; - if (argc != 4) - { - print_user_usage(); - return -1; - } - if (is_ipmi_user_id(argv[2], &user_id)) { - return (-1); - } + return _ipmi_set_user_password(intf, user_id, operation, + (char *)NULL, 0); +} - if (strlen(argv[3]) > 16) - { - lprintf(LOG_ERR, "Username is too long (> 16 bytes)"); - return -1; - } +int +ipmi_user_password(struct ipmi_intf *intf, int argc, char **argv) +{ + char *password = NULL; + int ccode = 0; + uint8_t password_type = 16; + uint8_t user_id = 0; + if (is_ipmi_user_id(argv[2], &user_id)) { + return (-1); + } - retval = ipmi_user_set_username(intf, user_id, argv[3]); + if (argc == 3) { + /* We need to prompt for a password */ + char *tmp; + password = ask_password(user_id); + if (password == NULL) { + lprintf(LOG_ERR, "ipmitool: malloc failure"); + return (-1); } - else - { - print_user_usage(); - return -1; + tmp = ask_password(user_id); + if (tmp == NULL) { + lprintf(LOG_ERR, "ipmitool: malloc failure"); + return (-1); } - } - - else if (strncmp(argv[0], "priv", 4) == 0) - { - uint8_t user_id; - uint8_t priv_level; - uint8_t channel = 0x0e; /* Use channel running on */ - - if (argc != 3 && argc != 4) - { - print_user_usage(); - return -1; + if (strlen(password) != strlen(tmp) + || strncmp(password, tmp, strlen(tmp))) { + lprintf(LOG_ERR, "Passwords do not match."); + return (-1); } - - if (argc == 4) - { - if (str2uchar(argv[3], &channel) != 0) - { - lprintf(LOG_ERR, "Invalid channel: %s", argv[3]); + } else { + password = argv[3]; + if (argc > 4) { + if ((str2uchar(argv[4], &password_type) != 0) + || (password_type != 16 && password_type != 20)) { + lprintf(LOG_ERR, "Invalid password length '%s'", argv[4]); return (-1); } - channel = (channel & 0x0f); + } else { + password_type = 16; } - - if (str2uchar(argv[2], &priv_level) != 0) - { - lprintf(LOG_ERR, "Invalid privilege level: %s", argv[2]); - return (-1); - } - priv_level = (priv_level & 0x0f); + } - if (is_ipmi_user_id(argv[1], &user_id)) { - return (-1); - } + if (password == NULL) { + lprintf(LOG_ERR, "Unable to parse password argument."); + return (-1); + } else if (strlen(password) > 20) { + lprintf(LOG_ERR, "Password is too long (> 20 bytes)"); + return (-1); + } - retval = ipmi_user_set_userpriv(intf,channel,user_id,priv_level); + ccode = _ipmi_set_user_password(intf, user_id, + IPMI_PASSWORD_SET_PASSWORD, password, + password_type > 16); + if (eval_ccode(ccode) != 0) { + lprintf(LOG_ERR, "Set User Password command failed (user %d)", + user_id); + return (-1); + } else { + printf("Set User Password command successful (user %d)\n", + user_id); + return 0; } +} - /* - * Disable / Enable - */ - else if ((strncmp(argv[0], "disable", 7) == 0) || - (strncmp(argv[0], "enable", 6) == 0)) - { - uint8_t user_id; - uint8_t operation; - char null_password[16]; /* Not used, but required */ +int +ipmi_user_name(struct ipmi_intf *intf, int argc, char **argv) +{ + /* Set Name */ + uint8_t user_id = 0; + if (argc != 4) { + print_user_usage(); + return (-1); + } + if (is_ipmi_user_id(argv[2], &user_id)) { + return (-1); + } + if (strlen(argv[3]) > 16) { + lprintf(LOG_ERR, "Username is too long (> 16 bytes)"); + return (-1); + } - memset(null_password, 0, sizeof(null_password)); + return ipmi_user_set_username(intf, user_id, argv[3]); +} - if (argc != 2) - { +/* + * ipmi_user_main + * + * Upon entry to this function argv should contain our arguments + * specific to this subcommand + */ +int +ipmi_user_main(struct ipmi_intf *intf, int argc, char **argv) +{ + if (argc == 0) { + lprintf(LOG_ERR, "Not enough parameters given."); + print_user_usage(); + return (-1); + } + if (strncmp(argv[0], "help", 4) == 0) { + /* Help */ + print_user_usage(); + return 0; + } else if (strncmp(argv[0], "summary", 7) == 0) { + return ipmi_user_summary(intf, argc, argv); + } else if (strncmp(argv[0], "list", 4) == 0) { + return ipmi_user_list(intf, argc, argv); + } else if (strncmp(argv[0], "test", 4) == 0) { + return ipmi_user_test(intf, argc, argv); + } else if (strncmp(argv[0], "set", 3) == 0) { + /* Set */ + if ((argc >= 3) + && (strncmp("password", argv[1], 8) == 0)) { + return ipmi_user_password(intf, argc, argv); + } else if ((argc >= 2) + && (strncmp("name", argv[1], 4) == 0)) { + return ipmi_user_name(intf, argc, argv); + } else { print_user_usage(); - return -1; - } - - if (is_ipmi_user_id(argv[1], &user_id)) { return (-1); } - - operation = (strncmp(argv[0], "disable", 7) == 0) ? - IPMI_PASSWORD_DISABLE_USER : IPMI_PASSWORD_ENABLE_USER; - - retval = ipmi_user_set_password(intf, - user_id, - operation, - null_password, - 0); /* This field is ignored */ - } - else - { - retval = -1; + } else if (strncmp(argv[0], "priv", 4) == 0) { + return ipmi_user_priv(intf, argc, argv); + } else if ((strncmp(argv[0], "disable", 7) == 0) + || (strncmp(argv[0], "enable", 6) == 0)) { + return ipmi_user_mod(intf, argc, argv); + } else { lprintf(LOG_ERR, "Invalid user command: '%s'\n", argv[0]); print_user_usage(); + return (-1); } - - return retval; } |