summaryrefslogtreecommitdiff
path: root/src/plugins/lanplus
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/lanplus')
-rw-r--r--src/plugins/lanplus/Makefile.in649
-rw-r--r--src/plugins/lanplus/README.lanplus74
-rw-r--r--src/plugins/lanplus/README.sol76
-rw-r--r--src/plugins/lanplus/asf.h19
-rw-r--r--src/plugins/lanplus/lanplus.c362
-rw-r--r--src/plugins/lanplus/lanplus.h7
-rw-r--r--src/plugins/lanplus/lanplus_crypt.c52
-rw-r--r--src/plugins/lanplus/lanplus_crypt.h8
-rw-r--r--src/plugins/lanplus/lanplus_crypt_impl.c60
-rw-r--r--src/plugins/lanplus/lanplus_crypt_impl.h7
-rw-r--r--src/plugins/lanplus/lanplus_dump.h7
-rw-r--r--src/plugins/lanplus/rmcp.h18
12 files changed, 406 insertions, 933 deletions
diff --git a/src/plugins/lanplus/Makefile.in b/src/plugins/lanplus/Makefile.in
deleted file mode 100644
index d24775b..0000000
--- a/src/plugins/lanplus/Makefile.in
+++ /dev/null
@@ -1,649 +0,0 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# Copyright (c) 2003 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# Redistribution of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#
-# Redistribution in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# Neither the name of Sun Microsystems, Inc. or the names of
-# contributors may be used to endorse or promote products derived
-# from this software without specific prior written permission.
-#
-# This software is provided "AS IS," without a warranty of any kind.
-# ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES,
-# INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A
-# PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED.
-# SUN MICROSYSTEMS, INC. ("SUN") AND ITS LICENSORS SHALL NOT BE LIABLE
-# FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING
-# OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL
-# SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA,
-# OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR
-# PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF
-# LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
-# EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
-
-VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-target_triplet = @target@
-subdir = src/plugins/lanplus
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/depcomp
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-LTLIBRARIES = $(noinst_LTLIBRARIES)
-libintf_lanplus_la_DEPENDENCIES = $(top_builddir)/lib/libipmitool.la
-am_libintf_lanplus_la_OBJECTS = lanplus.lo lanplus_strings.lo \
- lanplus_crypt.lo lanplus_dump.lo lanplus_crypt_impl.lo
-libintf_lanplus_la_OBJECTS = $(am_libintf_lanplus_la_OBJECTS)
-AM_V_lt = $(am__v_lt_@AM_V@)
-am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 =
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__depfiles_maybe = depfiles
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
- $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
- $(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_@AM_V@)
-am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
-am__v_CC_0 = @echo " CC " $@;
-am__v_CC_1 =
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_@AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo " CCLD " $@;
-am__v_CCLD_1 =
-SOURCES = $(libintf_lanplus_la_SOURCES)
-DIST_SOURCES = $(libintf_lanplus_la_SOURCES)
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-ARCH = @ARCH@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-BASEDIR = @BASEDIR@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DISTRO = @DISTRO@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-INTF_BMC = @INTF_BMC@
-INTF_BMC_LIB = @INTF_BMC_LIB@
-INTF_DUMMY = @INTF_DUMMY@
-INTF_DUMMY_LIB = @INTF_DUMMY_LIB@
-INTF_FREE = @INTF_FREE@
-INTF_FREE_LIB = @INTF_FREE_LIB@
-INTF_IMB = @INTF_IMB@
-INTF_IMB_LIB = @INTF_IMB_LIB@
-INTF_LAN = @INTF_LAN@
-INTF_LANPLUS = @INTF_LANPLUS@
-INTF_LANPLUS_LIB = @INTF_LANPLUS_LIB@
-INTF_LAN_LIB = @INTF_LAN_LIB@
-INTF_LIPMI = @INTF_LIPMI@
-INTF_LIPMI_LIB = @INTF_LIPMI_LIB@
-INTF_OPEN = @INTF_OPEN@
-INTF_OPEN_LIB = @INTF_OPEN_LIB@
-INTF_SERIAL = @INTF_SERIAL@
-INTF_SERIAL_LIB = @INTF_SERIAL_LIB@
-INTF_USB = @INTF_USB@
-INTF_USB_LIB = @INTF_USB_LIB@
-IPMITOOL_INTF_LIB = @IPMITOOL_INTF_LIB@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OS = @OS@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-POW_LIB = @POW_LIB@
-PSTAMP = @PSTAMP@
-RANLIB = @RANLIB@
-RPMBUILD = @RPMBUILD@
-RPM_RELEASE = @RPM_RELEASE@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_configure_args = @ac_configure_args@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target = @target@
-target_alias = @target_alias@
-target_cpu = @target_cpu@
-target_os = @target_os@
-target_vendor = @target_vendor@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-MAINTAINERCLEANFILES = Makefile.in
-AM_CPPFLAGS = -I$(top_srcdir)/include
-EXTRA_LTLIBRARIES = libintf_lanplus.la
-noinst_LTLIBRARIES = @INTF_LANPLUS_LIB@
-libintf_lanplus_la_LIBADD = $(top_builddir)/lib/libipmitool.la
-libintf_lanplus_la_SOURCES = \
- rmcp.h asf.h \
- lanplus.c lanplus.h \
- lanplus_strings.c \
- lanplus_crypt.c lanplus_crypt.h \
- lanplus_dump.h lanplus_dump.c \
- lanplus_crypt_impl.h lanplus_crypt_impl.c
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .c .lo .o .obj
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/plugins/lanplus/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --foreign src/plugins/lanplus/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-clean-noinstLTLIBRARIES:
- -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
- @list='$(noinst_LTLIBRARIES)'; \
- locs=`for p in $$list; do echo $$p; done | \
- sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
- sort -u`; \
- test -z "$$locs" || { \
- echo rm -f $${locs}; \
- rm -f $${locs}; \
- }
-
-libintf_lanplus.la: $(libintf_lanplus_la_OBJECTS) $(libintf_lanplus_la_DEPENDENCIES) $(EXTRA_libintf_lanplus_la_DEPENDENCIES)
- $(AM_V_CCLD)$(LINK) $(libintf_lanplus_la_OBJECTS) $(libintf_lanplus_la_LIBADD) $(LIBS)
-
-mostlyclean-compile:
- -rm -f *.$(OBJEXT)
-
-distclean-compile:
- -rm -f *.tab.c
-
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lanplus.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lanplus_crypt.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lanplus_crypt_impl.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lanplus_dump.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lanplus_strings.Plo@am__quote@
-
-.c.o:
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-am
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
-check: check-am
-all-am: Makefile $(LTLIBRARIES)
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
- -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
- mostlyclean-am
-
-distclean: distclean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
- distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am:
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-
-.MAKE: install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-noinstLTLIBRARIES cscopelist-am ctags \
- ctags-am distclean distclean-compile distclean-generic \
- distclean-libtool distclean-tags distdir dvi dvi-am html \
- html-am info info-am install install-am install-data \
- install-data-am install-dvi install-dvi-am install-exec \
- install-exec-am install-html install-html-am install-info \
- install-info-am install-man install-pdf install-pdf-am \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags tags-am uninstall uninstall-am
-
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/src/plugins/lanplus/README.lanplus b/src/plugins/lanplus/README.lanplus
new file mode 100644
index 0000000..4406d5b
--- /dev/null
+++ b/src/plugins/lanplus/README.lanplus
@@ -0,0 +1,74 @@
+This interface exists to provide a means of connecting to an IPMIv2 enabled
+BMC. In some places, the IPMIv2 specification is either unclear or
+inconsistent, and interpretations of the intent of the specification had to
+be made at the discretion of the implementor. The purpose of this
+document is to make those decisions clear so that 1) they can be reviewed
+by others and 2) so that the rationale for those decisions can be made
+clear.
+
+* Though it's not stated explicitly with which algorithm the K1 and K2 keys
+should be generated, we chose to use the authentication algorithm. The
+specification states that K1 and K2 are generated with an HMAC algorithm,
+and all of the authentication algorithms (except for "none") are HMAC
+algorithms, whereas the integrity algorithms are not all HMAC. See section
+13.32 for details about K1 and K2, and section
+
+
+* The IPMIv2 specification describes a key, Kg, that is the "BMC key".
+This key functions as a global key that is required to be known in addition
+to the user's key, by authenticating users. If the BMC has a null Kg, the
+users key, Kuid, is used in its place in algorithms where Kg is required,
+per the specification section 13.33. A user can obtain the status of Kg by
+querying the BMC with the Get Channel Authentication Capabilities command.
+Currently, this implementation does not provide a way for a user to specify
+Kg for BMCs that require it.
+
+
+* The specification is unclear as to which key is used for HMAC based
+integrity checking. One the one hand, section 13.28.4 states explicitly
+that HMAC integrity algorithms use the session integrity key as the HMAC
+key. Confusing that matter is a statement in section 13.32 regarding the
+creation of additional keying material. In this section it is stated that
+"all keying material for the RSP integrity and confidentiality algorithms
+will be generated by processing a pre-defined set of constants using HMAC
+per [RFC2104], keyed by sik". And "For the mandatory-to-implement
+integrity and confidentiality algorithms defined in this specification,
+processing the first two (2) constants will generate the require amount of
+keying material." We decided to use K1 as our HMAC key for the generation
+of authentication codes (integrity checking). Furthermore, we are using
+all 20 bytes of K1.
+
+
+* IPMIv2 compliant BMCs are supposed to support 20 byte passwords, as well
+store metadata describing whether the password was stored as a 16 byte or
+20 byte class password. We do not currently support 20 byte passwords. It
+should be noted that there are obvious mistakes in the SET USER PASSWORD
+command specification, as it mentions the ability to query for 16/20 byte
+password status, but the packet format does not support this.
+
+
+* The IPMIv2 specification describes a type of login called a "role only
+login." This feature allows a user to login providing only a requested
+privilege level and a password. We do not currently support this feature.
+Supporting this feature would only require the ability to specify
+username/privilege lookups in the RAKP 1 message sent from ipmitool. We
+currently specify the use of username only lookups for authentication.
+
+
+* In the IPMIv2 packet description in table 13-8 of the IPMv2
+specification, there are two fields that are rather ambiguous in meaning.
+The fields are "Pad Length" and "Next Header". Although neither field is
+listed as belonging to the IPMIv2 packet format, we include/expect them
+both in our IPMIv2 packets. Are rationale is 1) the Next Headers field's
+comment states what the value of that field should be for IPMIv2, and 2)
+for the most part the ASF and IPMIv2 fields seem to parallel each other,
+and we feel that the Pad Length and Next Header fields were left out of the
+IPMIv2 column by mistake.
+
+
+* The GET CHANNEL CIPHER SUITES command documentation seems to have
+mistakes. The "start of record" byte is stated to be either 0x30 or 0x31,
+whereas the detailed description in table 22-18 leads us to believe that
+this byte should really be 0xC0 or 0xC1. Also the description of bits 5:0
+in the start of record byte should probably be 00_0000 rather than 00_000.
+
diff --git a/src/plugins/lanplus/README.sol b/src/plugins/lanplus/README.sol
new file mode 100644
index 0000000..4c64e2a
--- /dev/null
+++ b/src/plugins/lanplus/README.sol
@@ -0,0 +1,76 @@
+This document was last updated for release 1.8.8.
+
+This document explains how Serial Over Lan is implemented on in the
+ipmitool IPMI client. Obviously, the code itself is authoritative, but
+this document should serve as a good starting point.
+
+Serial Over Lan (SOL) is defined in the IPMI v2 specification published by
+Intel and available at http://www.intel.com/design/servers/ipmi/. SOL
+functionality is built on top of the RMCP+ protocol as an additional
+payload type (type 1).
+
+The high end SOL logic is implemented in src/ipmitool/lib/ipmi_sol.c. SOL
+sessions are begun in ipmitool using the "sol activate" command. This
+command maps directly to the IPMI Activate Payload command. It first
+verifies that an RMCP+ session (lanplus interface) is being used to
+establish the session. Although the spec allows for a SOL connection to be
+established on a port different than the RMCP+ port that the "activate
+payload" command issued, ipmitool does not support this.
+
+Once a session has been established (the activate payload command
+succeeds), ipmitool simply loops over a select() on user input and data
+returned from the BMC. All user input is first filtered so that special
+escape sequences can suspend or deactivate the SOL session and so that data
+can be broken into chunks no greater than N bytes. This maximum is
+specified by the BMC in the response to the Activate Payload command.
+
+User input to the BMC is handled in ipmitool/src/plugins/lanplus/lanplus.c.
+Every SOL packet (with one exception) traveling in either direction causes
+the recipient to return an acknowledgement packet, though acks themself are
+not acknowledged. The transport layer in lanplus.c handles the logic
+regarding acks, partial acks, sequence numbers. SOL acknowledgements
+packets be acks, partial acks (the remote destination processed only some
+of the data), and nacks (requests to stop sending packets). Nacks are not
+honored by ipmitool.
+
+Note that one way that SOL communication differs from standard IPMI
+commands, is that it is not simply a request response protocol. Packets
+may be returned asynchronously from the BMC. When establishing a SOL
+session, ipmitool registers a callback for asynchronously received data.
+This call back simply prints text returned from the BMC.
+
+Once a user has chosen to exit the SOL session (with ~.) ipmitool sends the
+IPMI SOL Deactivate command to the BMC.
+
+The standard code path for SOL logic follows:
+ ipmi_sol_main (ipmi_sol.c):
+
+ ipmi_sol_activate (ipmi_sol.c):
+ Argument validation
+ Creation and dispatch of IPMI Activate Payload command
+
+ ipmi_sol_red_pill (ipmi_sol.c):
+ Loop on select() for user input and data returned from the BMC
+ Periodic dispatch of "keep alive" packet to the BMC.
+ Send user input to the BMC and BMC data to the console.
+
+ processSolUserInput (ipmi_sol.c):
+ Process possible escape sequences (~., ~B, etc.)
+ Send (with retries) user data to the BMC
+ Partial creation of packet payload
+
+ ipmi_lanplus_send_sol (lanplus.c):
+ Completion of packet payload
+ Send (with retries) of SOL packet
+
+ ipmi_lanplus_send_payload (lanplus.c):
+ Creation of RMCP+ packet
+ Details general to all V2 packet processing, as
+ well as a some logic to handle ack reception.
+
+ is_sol_partial_ack (lanplus.c):
+ Determine whether a data needs to be resent
+
+ ipmi_lanplus_recv_sol (lanplus.c):
+ Handle data received by the BMC. Ack as appropriate.
+
diff --git a/src/plugins/lanplus/asf.h b/src/plugins/lanplus/asf.h
index 7a30418..6453363 100644
--- a/src/plugins/lanplus/asf.h
+++ b/src/plugins/lanplus/asf.h
@@ -30,8 +30,7 @@
* EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
*/
-#ifndef IPMI_ASF_H
-#define IPMI_ASF_H
+#pragma once
#include <ipmitool/helper.h>
#include "lanplus.h"
@@ -41,20 +40,6 @@
#define ASF_TYPE_PING 0x80
#define ASF_TYPE_PONG 0x40
-static const struct valstr asf_type_vals[] __attribute__((unused)) = {
- { 0x10, "Reset" },
- { 0x11, "Power-up" },
- { 0x12, "Unconditional Power-down" },
- { 0x13, "Power Cycle" },
- { 0x40, "Presence Pong" },
- { 0x41, "Capabilities Response" },
- { 0x42, "System State Response" },
- { 0x80, "Presence Ping" },
- { 0x81, "Capabilities Request" },
- { 0x82, "System State Request" },
- { 0x00, NULL }
-};
-
/* ASF message header */
#ifdef HAVE_PRAGMA_PACK
#pragma pack(1)
@@ -71,5 +56,3 @@ struct asf_hdr {
#endif
int handle_asf(struct ipmi_intf * intf, uint8_t * data, int data_len);
-
-#endif /* IPMI_ASF_H */
diff --git a/src/plugins/lanplus/lanplus.c b/src/plugins/lanplus/lanplus.c
index a0e388c..ed41380 100644
--- a/src/plugins/lanplus/lanplus.c
+++ b/src/plugins/lanplus/lanplus.c
@@ -29,7 +29,6 @@
* LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
* EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
*/
-#define _GNU_SOURCE
#include <stdlib.h>
#include <stdio.h>
@@ -103,15 +102,14 @@ static void getIpmiPayloadWireRep(
uint8_t rq_seq,
uint8_t curr_seq);
static void getSolPayloadWireRep(
- struct ipmi_intf * intf,
uint8_t * msg,
struct ipmi_v2_payload * payload);
static void read_open_session_response(struct ipmi_rs * rsp, int offset);
static void read_rakp2_message(struct ipmi_rs * rsp, int offset, uint8_t alg);
static void read_rakp4_message(struct ipmi_rs * rsp, int offset, uint8_t alg);
-static void read_session_data(struct ipmi_rs * rsp, int * offset, struct ipmi_session *s);
-static void read_session_data_v15(struct ipmi_rs * rsp, int * offset, struct ipmi_session *s);
-static void read_session_data_v2x(struct ipmi_rs * rsp, int * offset, struct ipmi_session *s);
+static void read_session_data(struct ipmi_rs * rsp, int * offset);
+static void read_session_data_v15(struct ipmi_rs * rsp, int * offset);
+static void read_session_data_v2x(struct ipmi_rs * rsp, int * offset);
static void read_ipmi_response(struct ipmi_rs * rsp, int * offset);
static void read_sol_packet(struct ipmi_rs * rsp, int * offset);
static struct ipmi_rs * ipmi_lanplus_recv_sol(struct ipmi_intf * intf);
@@ -119,7 +117,6 @@ static struct ipmi_rs * ipmi_lanplus_send_sol(
struct ipmi_intf * intf,
struct ipmi_v2_payload * payload);
static int check_sol_packet_for_new_data(
- struct ipmi_intf * intf,
struct ipmi_rs *rsp);
static void ack_sol_packet(
struct ipmi_intf * intf,
@@ -164,141 +161,115 @@ extern int verbose;
* returns 0 on success
* 1 on failure
*/
-int lanplus_get_requested_ciphers(int cipher_suite_id,
- uint8_t * auth_alg,
- uint8_t * integrity_alg,
- uint8_t * crypt_alg)
+int
+lanplus_get_requested_ciphers(enum cipher_suite_ids cipher_suite_id,
+ uint8_t *auth_alg,
+ uint8_t *integrity_alg,
+ uint8_t *crypt_alg)
{
-#ifdef HAVE_CRYPTO_SHA256
- if ((cipher_suite_id < 0) || (cipher_suite_id > 17)) {
- return 1;
- }
-#else
- if ((cipher_suite_id < 0) || (cipher_suite_id > 14))
- return 1;
-#endif /* HAVE_CRYPTO_SHA256 */
/* See table 22-19 for the source of the statement */
switch (cipher_suite_id)
{
- case 0:
+ case IPMI_LANPLUS_CIPHER_SUITE_0:
*auth_alg = IPMI_AUTH_RAKP_NONE;
*integrity_alg = IPMI_INTEGRITY_NONE;
*crypt_alg = IPMI_CRYPT_NONE;
break;
- case 1:
+ case IPMI_LANPLUS_CIPHER_SUITE_1:
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1;
*integrity_alg = IPMI_INTEGRITY_NONE;
*crypt_alg = IPMI_CRYPT_NONE;
break;
- case 2:
+ case IPMI_LANPLUS_CIPHER_SUITE_2:
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1;
*integrity_alg = IPMI_INTEGRITY_HMAC_SHA1_96;
*crypt_alg = IPMI_CRYPT_NONE;
break;
- case 3:
+ case IPMI_LANPLUS_CIPHER_SUITE_3:
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1;
*integrity_alg = IPMI_INTEGRITY_HMAC_SHA1_96;
*crypt_alg = IPMI_CRYPT_AES_CBC_128;
break;
- case 4:
+ case IPMI_LANPLUS_CIPHER_SUITE_4:
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1;
*integrity_alg = IPMI_INTEGRITY_HMAC_SHA1_96;
*crypt_alg = IPMI_CRYPT_XRC4_128;
break;
- case 5:
+ case IPMI_LANPLUS_CIPHER_SUITE_5:
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1;
*integrity_alg = IPMI_INTEGRITY_HMAC_SHA1_96;
*crypt_alg = IPMI_CRYPT_XRC4_40;
break;
- case 6:
+ case IPMI_LANPLUS_CIPHER_SUITE_6:
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
*integrity_alg = IPMI_INTEGRITY_NONE;
*crypt_alg = IPMI_CRYPT_NONE;
break;
- case 7:
+ case IPMI_LANPLUS_CIPHER_SUITE_7:
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
*integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128;
*crypt_alg = IPMI_CRYPT_NONE;
break;
- case 8:
+ case IPMI_LANPLUS_CIPHER_SUITE_8:
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
*integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128;
*crypt_alg = IPMI_CRYPT_AES_CBC_128;
break;
- case 9:
+ case IPMI_LANPLUS_CIPHER_SUITE_9:
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
*integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128;
*crypt_alg = IPMI_CRYPT_XRC4_128;
break;
- case 10:
+ case IPMI_LANPLUS_CIPHER_SUITE_10:
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
*integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128;
*crypt_alg = IPMI_CRYPT_XRC4_40;
break;
- case 11:
+ case IPMI_LANPLUS_CIPHER_SUITE_11:
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
*integrity_alg = IPMI_INTEGRITY_MD5_128;
*crypt_alg = IPMI_CRYPT_NONE;
break;
- case 12:
+ case IPMI_LANPLUS_CIPHER_SUITE_12:
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
*integrity_alg = IPMI_INTEGRITY_MD5_128;
*crypt_alg = IPMI_CRYPT_AES_CBC_128;
break;
- case 13:
+ case IPMI_LANPLUS_CIPHER_SUITE_13:
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
*integrity_alg = IPMI_INTEGRITY_MD5_128;
*crypt_alg = IPMI_CRYPT_XRC4_128;
break;
- case 14:
+ case IPMI_LANPLUS_CIPHER_SUITE_14:
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
*integrity_alg = IPMI_INTEGRITY_MD5_128;
*crypt_alg = IPMI_CRYPT_XRC4_40;
break;
#ifdef HAVE_CRYPTO_SHA256
- case 15:
+ case IPMI_LANPLUS_CIPHER_SUITE_15:
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA256;
*integrity_alg = IPMI_INTEGRITY_NONE;
*crypt_alg = IPMI_CRYPT_NONE;
break;
- case 16:
+ case IPMI_LANPLUS_CIPHER_SUITE_16:
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA256;
*integrity_alg = IPMI_INTEGRITY_HMAC_SHA256_128;
*crypt_alg = IPMI_CRYPT_NONE;
break;
- case 17:
+ case IPMI_LANPLUS_CIPHER_SUITE_17:
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA256;
*integrity_alg = IPMI_INTEGRITY_HMAC_SHA256_128;
*crypt_alg = IPMI_CRYPT_AES_CBC_128;
break;
#endif /* HAVE_CRYPTO_SHA256 */
+ case IPMI_LANPLUS_CIPHER_SUITE_RESERVED:
+ default:
+ return 1;
}
return 0;
}
-
-
-/*
- * Reverse the order of arbitrarily long strings of bytes
- */
-void lanplus_swap(
- uint8_t * buffer,
- int length)
-{
- int i;
- uint8_t temp;
-
- for (i =0; i < length/2; ++i)
- {
- temp = buffer[i];
- buffer[i] = buffer[length - 1 - i];
- buffer[length - 1 - i] = temp;
- }
-}
-
-
-
static const struct valstr plus_payload_types_vals[] = {
{ IPMI_PAYLOAD_TYPE_IPMI, "IPMI (0)" }, // IPMI Message
{ IPMI_PAYLOAD_TYPE_SOL, "SOL (1)" }, // SOL (Serial over LAN)
@@ -320,7 +291,7 @@ ipmi_req_add_entry(struct ipmi_intf * intf, struct ipmi_rq * req, uint8_t req_se
struct ipmi_rq_entry * e;
e = malloc(sizeof(struct ipmi_rq_entry));
- if (e == NULL) {
+ if (!e) {
lprintf(LOG_ERR, "ipmitool: malloc failure");
return NULL;
}
@@ -331,7 +302,7 @@ ipmi_req_add_entry(struct ipmi_intf * intf, struct ipmi_rq * req, uint8_t req_se
e->intf = intf;
e->rq_seq = req_seq;
- if (ipmi_req_entries == NULL)
+ if (!ipmi_req_entries)
ipmi_req_entries = e;
else
ipmi_req_entries_tail->next = e;
@@ -523,7 +494,7 @@ ipmi_lan_recv_packet(struct ipmi_intf * intf)
* asf.data[f:a]= 0x000000000000
*/
static int
-ipmi_handle_pong(struct ipmi_intf * intf, struct ipmi_rs * rsp)
+ipmi_handle_pong(struct ipmi_rs *rsp)
{
struct rmcp_pong {
struct rmcp_hdr rmcp;
@@ -533,7 +504,7 @@ ipmi_handle_pong(struct ipmi_intf * intf, struct ipmi_rs * rsp)
uint8_t sup_entities;
uint8_t sup_interact;
uint8_t reserved[6];
- } * pong;
+ } *pong;
if (!rsp)
return -1;
@@ -595,7 +566,7 @@ ipmiv2_lan_ping(struct ipmi_intf * intf)
int rv;
data = malloc(len);
- if (data == NULL) {
+ if (!data) {
lprintf(LOG_ERR, "ipmitool: malloc failure");
return -1;
}
@@ -644,7 +615,7 @@ ipmi_lan_poll_single(struct ipmi_intf * intf)
rsp = ipmi_lan_recv_packet(intf);
/* check if no packet has come */
- if (rsp == NULL) {
+ if (!rsp) {
return NULL;
}
@@ -653,7 +624,7 @@ ipmi_lan_poll_single(struct ipmi_intf * intf)
if (rmcp_rsp->class == RMCP_CLASS_ASF) {
/* might be ping response packet */
- rv = ipmi_handle_pong(intf, rsp);
+ rv = ipmi_handle_pong(rsp);
return (rv <= 0) ? NULL : rsp;
}
@@ -683,7 +654,7 @@ ipmi_lan_poll_single(struct ipmi_intf * intf)
* -------------------------------------------------------------------
*/
- read_session_data(rsp, &offset, intf->session);
+ read_session_data(rsp, &offset);
/*
* Skip packets that are not intended for this session
@@ -764,14 +735,12 @@ ipmi_lan_poll_single(struct ipmi_intf * intf)
entry = ipmi_req_lookup_entry(rsp->payload.ipmi_response.rq_seq,
rsp->payload.ipmi_response.cmd);
- if (entry == NULL) {
+ if (!entry) {
lprintf(LOG_INFO, "IPMI Request Match NOT FOUND");
/* read one more packet */
return (struct ipmi_rs *)1;
};
- uint8_t target_cmd = entry->req.msg.target_cmd;
-
lprintf(LOG_DEBUG+2, "IPMI Request Match found");
if (entry->bridging_level) {
@@ -791,12 +760,6 @@ ipmi_lan_poll_single(struct ipmi_intf * intf)
printbuf(&rsp->data[offset], (rsp->data_len-offset-1),
"bridge command response");
/*
- * decrement payload size
- * (cks2 for outer Send Message)
- */
- payload_size--;
-
- /*
* need to make a loop for embedded bridged response
*/
loop++;
@@ -819,9 +782,12 @@ ipmi_lan_poll_single(struct ipmi_intf * intf)
* rsp->data_len becomes the length of that data
*/
extra_data_length = payload_size - (offset - payload_start) - 1;
- if (extra_data_length) {
+ if (extra_data_length > 0) {
rsp->data_len = extra_data_length;
memmove(rsp->data, rsp->data + offset, extra_data_length);
+ offset = 0;
+ payload_start = 0;
+ payload_size = extra_data_length;
} else {
rsp->data_len = 0;
}
@@ -873,7 +839,7 @@ ipmi_lan_poll_single(struct ipmi_intf * intf)
}
read_sol_packet(rsp, &offset);
extra_data_length = payload_size - (offset - payload_start);
- if (rsp && extra_data_length) {
+ if (extra_data_length > 0) {
rsp->data_len = extra_data_length;
memmove(rsp->data, rsp->data + offset, extra_data_length);
} else {
@@ -990,7 +956,7 @@ read_open_session_response(struct ipmi_rs * rsp, int offset)
*
* param rsp [in/out] reading from the data variable and writing to the rakp 2
* section
- * param offset [in] tells us where hte rakp2 payload starts
+ * param offset [in] tells us where the rakp2 payload starts
* param auth_alg [in] describes the authentication algorithm was agreed upon in
* the open session request/response phase. We need to know that here so
* that we know how many bytes (if any) to read fromt the packet.
@@ -1011,31 +977,19 @@ read_rakp2_message(
/* RAKP response code */
rsp->payload.rakp2_message.rakp_return_code = rsp->data[offset + 1];
- /* Console session ID */
- memcpy(&(rsp->payload.rakp2_message.console_id),
- rsp->data + offset + 4,
- 4);
- #if WORDS_BIGENDIAN
- rsp->payload.rakp2_message.console_id =
- BSWAP_32(rsp->payload.rakp2_message.console_id);
- #endif
+ /* Console session ID */
+ rsp->payload.rakp2_message.console_id = ipmi32toh(&rsp->data[offset + 4]);
- /* BMC random number */
- memcpy(&(rsp->payload.rakp2_message.bmc_rand),
- rsp->data + offset + 8,
- 16);
- #if WORDS_BIGENDIAN
- lanplus_swap(rsp->payload.rakp2_message.bmc_rand, 16);
- #endif
+ /* BMC random number */
+ memcpy(&(rsp->payload.rakp2_message.bmc_rand),
+ array_letoh(&rsp->data[offset + 8], 16),
+ 16);
+
+ /* BMC GUID */
+ memcpy(&(rsp->payload.rakp2_message.bmc_guid),
+ array_letoh(&rsp->data[offset + 24], 16),
+ 16);
- /* BMC GUID */
- memcpy(&(rsp->payload.rakp2_message.bmc_guid),
- rsp->data + offset + 24,
- 16);
- #if WORDS_BIGENDIAN
- lanplus_swap(rsp->payload.rakp2_message.bmc_guid, 16);
- #endif
-
/* Key exchange authentication code */
switch (auth_alg)
{
@@ -1089,7 +1043,7 @@ read_rakp2_message(
*
* param rsp [in/out] reading from the data variable and writing to the rakp
* 4 section
- * param offset [in] tells us where hte rakp4 payload starts
+ * param offset [in] tells us where the rakp4 payload starts
* param integrity_alg [in] describes the authentication algorithm was
* agreed upon in the open session request/response phase. We need
* to know that here so that we know how many bytes (if any) to read
@@ -1111,16 +1065,9 @@ read_rakp4_message(
/* RAKP response code */
rsp->payload.rakp4_message.rakp_return_code = rsp->data[offset + 1];
- /* Console session ID */
- memcpy(&(rsp->payload.rakp4_message.console_id),
- rsp->data + offset + 4,
- 4);
- #if WORDS_BIGENDIAN
- rsp->payload.rakp4_message.console_id =
- BSWAP_32(rsp->payload.rakp4_message.console_id);
- #endif
+ /* Console session ID */
+ rsp->payload.rakp4_message.console_id = ipmi32toh(&rsp->data[offset + 4]);
-
/* Integrity check value */
switch (auth_alg)
{
@@ -1178,21 +1125,19 @@ read_rakp4_message(
* param offset [in/out] should point to the beginning of the session when
* this function is called. The offset will be adjusted to
* point to the end of the session when this function exits.
- * param session holds our session state
*/
void
read_session_data(
struct ipmi_rs * rsp,
- int * offset,
- struct ipmi_session * s)
+ int * offset)
{
/* We expect to read different stuff depending on the authtype */
rsp->session.authtype = rsp->data[*offset];
if (rsp->session.authtype == IPMI_SESSION_AUTHTYPE_RMCP_PLUS)
- read_session_data_v2x(rsp, offset, s);
+ read_session_data_v2x(rsp, offset);
else
- read_session_data_v15(rsp, offset, s);
+ read_session_data_v15(rsp, offset);
}
@@ -1218,8 +1163,7 @@ read_session_data(
void
read_session_data_v2x(
struct ipmi_rs * rsp,
- int * offset,
- struct ipmi_session * s)
+ int * offset)
{
rsp->session.authtype = rsp->data[(*offset)++];
@@ -1231,25 +1175,15 @@ read_session_data_v2x(
rsp->session.payloadtype = rsp->data[(*offset)++] & 0x3F;
/* Session ID */
- memcpy(&rsp->session.id, rsp->data + *offset, 4);
+ rsp->session.id = ipmi32toh(&rsp->data[*offset]);
*offset += 4;
- #if WORDS_BIGENDIAN
- rsp->session.id = BSWAP_32(rsp->session.id);
- #endif
-
/* Ignored, so far */
- memcpy(&rsp->session.seq, rsp->data + *offset, 4);
+ rsp->session.seq = ipmi32toh(&rsp->data[*offset]);
*offset += 4;
- #if WORDS_BIGENDIAN
- rsp->session.seq = BSWAP_32(rsp->session.seq);
- #endif
- memcpy(&rsp->session.msglen, rsp->data + *offset, 2);
+ rsp->session.msglen = ipmi16toh(&rsp->data[*offset]);
*offset += 2;
- #if WORDS_BIGENDIAN
- rsp->session.msglen = BSWAP_16(rsp->session.msglen);
- #endif
}
@@ -1257,7 +1191,7 @@ read_session_data_v2x(
/*
* read_session_data_v15
*
- * Initialize the ipmi_rsp from the session header of the packet.
+ * Initialize the ipmi_rsp from the session header of the packet.
*
* The offset should point the first byte of the the IPMI session when this
* function is called. When this function exits, the offset will point to
@@ -1272,8 +1206,7 @@ read_session_data_v2x(
*/
void read_session_data_v15(
struct ipmi_rs * rsp,
- int * offset,
- struct ipmi_session * s)
+ int * offset)
{
/* All v15 messages are IPMI messages */
rsp->session.payloadtype = IPMI_PAYLOAD_TYPE_IPMI;
@@ -1537,7 +1470,6 @@ void getIpmiPayloadWireRep(
* param payload [in] holds the v2 payload with our SOL data
*/
void getSolPayloadWireRep(
- struct ipmi_intf * intf, /* in out */
uint8_t * msg, /* output */
struct ipmi_v2_payload * payload) /* input */
{
@@ -1667,7 +1599,7 @@ ipmi_lanplus_build_v2x_msg(
msg = malloc(len);
- if (msg == NULL) {
+ if (!msg) {
lprintf(LOG_ERR, "ipmitool: malloc failure");
return;
}
@@ -1743,7 +1675,7 @@ ipmi_lanplus_build_v2x_msg(
break;
case IPMI_PAYLOAD_TYPE_SOL:
- getSolPayloadWireRep(intf,
+ getSolPayloadWireRep(
msg + IPMI_LANPLUS_OFFSET_PAYLOAD,
payload);
@@ -1971,8 +1903,6 @@ ipmi_lanplus_build_v2x_ipmi_cmd(
entry = ipmi_req_add_entry(intf, req, curr_seq);
/* it's a bridge command */
} else {
- unsigned char backup_cmd;
-
/* Add entry for cmd */
entry = ipmi_req_add_entry(intf, req, curr_seq);
@@ -1988,7 +1918,7 @@ ipmi_lanplus_build_v2x_ipmi_cmd(
}
}
- if (entry == NULL)
+ if (!entry)
return NULL;
// Build our payload
@@ -2054,13 +1984,13 @@ ipmi_lanplus_build_v15_ipmi_cmd(
struct ipmi_rq_entry * entry;
entry = ipmi_req_add_entry(intf, req, 0);
- if (entry == NULL)
+ if (!entry)
return NULL;
len = req->msg.data_len + 21;
msg = malloc(len);
- if (msg == NULL) {
+ if (!msg) {
lprintf(LOG_ERR, "ipmitool: malloc failure");
return NULL;
}
@@ -2251,7 +2181,7 @@ ipmi_lanplus_send_payload(
entry = ipmi_lanplus_build_v2x_ipmi_cmd(intf, ipmi_request, isRetry);
}
- if (entry == NULL) {
+ if (!entry) {
lprintf(LOG_ERR, "Aborting send command, unable to build");
return NULL;
}
@@ -2397,7 +2327,7 @@ ipmi_lanplus_send_payload(
/* Duplicate Request ccode most likely indicates a response to
a previous retry. Ignore and keep polling. */
- while ((rsp != NULL) && (rsp->ccode == 0xcf))
+ while (rsp && rsp->ccode == 0xcf)
{
rsp = NULL;
rsp = ipmi_lan_poll_recv(intf);
@@ -2584,7 +2514,6 @@ ipmi_lanplus_send_sol(
*/
static int
check_sol_packet_for_new_data(
- struct ipmi_intf * intf,
struct ipmi_rs *rsp)
{
static uint8_t last_received_sequence_number = 0;
@@ -2623,7 +2552,7 @@ check_sol_packet_for_new_data(
/*
- *Rember the data for next round
+ * Remember the data for next round
*/
if (rsp->payload.sol_packet.packet_sequence_number)
{
@@ -2700,7 +2629,7 @@ ipmi_lanplus_recv_sol(struct ipmi_intf * intf)
* Remembers the data sent, and alters the data to just
* include the new stuff.
*/
- check_sol_packet_for_new_data(intf, rsp);
+ check_sol_packet_for_new_data(rsp);
}
return rsp;
}
@@ -2770,7 +2699,7 @@ ipmi_get_auth_capabilities_cmd(
rsp = intf->sendrecv(intf, &req);
- if (rsp == NULL || rsp->ccode > 0) {
+ if (!rsp || rsp->ccode) {
/*
* It's very possible that this failed because we asked for IPMI
* v2 data. Ask again, without requesting IPMI v2 data.
@@ -2779,11 +2708,11 @@ ipmi_get_auth_capabilities_cmd(
rsp = intf->sendrecv(intf, &req);
- if (rsp == NULL) {
+ if (!rsp) {
lprintf(LOG_INFO, "Get Auth Capabilities error");
return 1;
}
- if (rsp->ccode > 0) {
+ if (rsp->ccode) {
lprintf(LOG_INFO, "Get Auth Capabilities error: %s",
val2str(rsp->ccode, completion_code_vals));
return 1;
@@ -2808,10 +2737,9 @@ ipmi_close_session_cmd(struct ipmi_intf * intf)
struct ipmi_rs * rsp;
struct ipmi_rq req;
uint8_t msg_data[4];
- uint32_t bmc_session_lsbf;
uint8_t backupBridgePossible;
- if (intf->session == NULL
+ if (!intf->session
|| intf->session->v2_data.session_state != LANPLUS_STATE_ACTIVE)
return -1;
@@ -2820,12 +2748,7 @@ ipmi_close_session_cmd(struct ipmi_intf * intf)
intf->target_addr = IPMI_BMC_SLAVE_ADDR;
bridgePossible = 0;
- bmc_session_lsbf = intf->session->v2_data.bmc_id;
-#if WORDS_BIGENDIAN
- bmc_session_lsbf = BSWAP_32(bmc_session_lsbf);
-#endif
-
- memcpy(&msg_data, &bmc_session_lsbf, 4);
+ htoipmi32(intf->session->v2_data.bmc_id, msg_data);
memset(&req, 0, sizeof(req));
req.msg.netfn = IPMI_NETFN_APP;
@@ -2834,7 +2757,7 @@ ipmi_close_session_cmd(struct ipmi_intf * intf)
req.msg.data_len = 4;
rsp = intf->sendrecv(intf, &req);
- if (rsp == NULL) {
+ if (!rsp) {
/* Looks like the session was closed */
lprintf(LOG_ERR, "Close Session command failed");
return -1;
@@ -2848,7 +2771,7 @@ ipmi_close_session_cmd(struct ipmi_intf * intf)
(long)intf->session->v2_data.bmc_id);
return -1;
}
- if (rsp->ccode > 0) {
+ if (rsp->ccode) {
lprintf(LOG_ERR, "Close Session command failed: %s",
val2str(rsp->ccode, completion_code_vals));
return -1;
@@ -2885,7 +2808,7 @@ ipmi_lanplus_open_session(struct ipmi_intf * intf)
* Build an Open Session Request Payload
*/
msg = (uint8_t*)malloc(IPMI_OPEN_SESSION_REQUEST_SIZE);
- if (msg == NULL) {
+ if (!msg) {
lprintf(LOG_ERR, "ipmitool: malloc failure");
return 1;
}
@@ -2966,7 +2889,7 @@ ipmi_lanplus_open_session(struct ipmi_intf * intf)
free(msg);
msg = NULL;
- if (rsp == NULL ) {
+ if (!rsp ) {
lprintf(LOG_DEBUG, "Timeout in open session response message.");
return 2;
}
@@ -3071,7 +2994,7 @@ ipmi_lanplus_rakp1(struct ipmi_intf * intf)
* Build a RAKP 1 message
*/
msg = (uint8_t*)malloc(IPMI_RAKP1_MESSAGE_SIZE);
- if (msg == NULL) {
+ if (!msg) {
lprintf(LOG_ERR, "ipmitool: malloc failure");
return 1;
}
@@ -3102,9 +3025,7 @@ ipmi_lanplus_rakp1(struct ipmi_intf * intf)
return 1;
}
memcpy(msg + 8, session->v2_data.console_rand, 16);
- #if WORDS_BIGENDIAN
- lanplus_swap(msg + 8, 16);
- #endif
+ array_letoh(msg + 8, 16);
if (verbose > 1)
printbuf(session->v2_data.console_rand, 16,
@@ -3152,7 +3073,7 @@ ipmi_lanplus_rakp1(struct ipmi_intf * intf)
free(msg);
msg = NULL;
- if (rsp == NULL)
+ if (!rsp)
{
lprintf(LOG_WARNING, "> Error: no response from RAKP 1 message");
return 2;
@@ -3236,7 +3157,7 @@ ipmi_lanplus_rakp3(struct ipmi_intf * intf)
* Build a RAKP 3 message
*/
msg = (uint8_t*)malloc(IPMI_RAKP3_MESSAGE_MAX_SIZE);
- if (msg == NULL) {
+ if (!msg) {
lprintf(LOG_ERR, "ipmitool: malloc failure");
return 1;
}
@@ -3325,7 +3246,7 @@ ipmi_lanplus_rakp3(struct ipmi_intf * intf)
*/
return 1;
}
- else if (rsp == NULL)
+ else if (!rsp)
{
lprintf(LOG_WARNING, "> Error: no response from RAKP 3 message");
return 2;
@@ -3416,7 +3337,7 @@ ipmi_set_session_privlvl_cmd(struct ipmi_intf * intf)
req.msg.data_len = 1;
rsp = intf->sendrecv(intf, &req);
- if (rsp == NULL) {
+ if (!rsp) {
lprintf(LOG_ERR, "Set Session Privilege Level to %s failed",
val2str(privlvl, ipmi_privlvl_vals));
bridgePossible = backupBridgePossible;
@@ -3425,7 +3346,7 @@ ipmi_set_session_privlvl_cmd(struct ipmi_intf * intf)
if (verbose > 2)
printbuf(rsp->data, rsp->data_len, "set_session_privlvl");
- if (rsp->ccode > 0) {
+ if (rsp->ccode) {
lprintf(LOG_ERR, "Set Session Privilege Level to %s failed: %s",
val2str(privlvl, ipmi_privlvl_vals),
val2str(rsp->ccode, completion_code_vals));
@@ -3441,6 +3362,62 @@ ipmi_set_session_privlvl_cmd(struct ipmi_intf * intf)
return 0;
}
+static uint8_t
+ipmi_find_best_cipher_suite(struct ipmi_intf *intf)
+{
+ enum cipher_suite_ids best_suite = IPMI_LANPLUS_CIPHER_SUITE_RESERVED;
+#ifdef HAVE_CRYPTO_SHA256
+ struct cipher_suite_info suites[MAX_CIPHER_SUITE_COUNT];
+ size_t nr_suites = ARRAY_SIZE(suites);
+
+ /* cipher suite best order is chosen with this criteria:
+ * HMAC-MD5 and MD5 are BAD; xRC4 is bad; AES128 is required
+ * HMAC-SHA256 > HMAC-SHA1
+ * secure authentication > encrypted content
+ *
+ * With xRC4 out, all cipher suites with MD5 out, and cipher suite 3
+ * being required by the spec, the only better defined standard cipher
+ * suite is 17. So if SHA256 is available, we should try to use that,
+ * otherwise, fall back to 3.
+ */
+ const enum cipher_suite_ids cipher_order_preferred[] = {
+ IPMI_LANPLUS_CIPHER_SUITE_17,
+ IPMI_LANPLUS_CIPHER_SUITE_3,
+ };
+ const size_t nr_preferred = ARRAY_SIZE(cipher_order_preferred);
+ size_t ipref, i;
+
+ if (ipmi_get_channel_cipher_suites(intf, "ipmi", IPMI_LAN_CHANNEL_E,
+ suites, &nr_suites) < 0)
+ {
+ /* default legacy behavior - fall back to cipher suite 3 */
+ return IPMI_LANPLUS_CIPHER_SUITE_3;
+ }
+ for (ipref = 0;
+ ipref < nr_preferred &&
+ IPMI_LANPLUS_CIPHER_SUITE_RESERVED == best_suite;
+ ipref++)
+ {
+ for (i = 0; i < nr_suites; i++) {
+ if (cipher_order_preferred[ipref]
+ == suites[i].cipher_suite_id)
+ {
+ best_suite = cipher_order_preferred[ipref];
+ break;
+ }
+ }
+ }
+#endif /* HAVE_CRYPTO_SHA256 */
+ if (IPMI_LANPLUS_CIPHER_SUITE_RESERVED == best_suite) {
+ /* IPMI 2.0 spec requires that cipher suite 3 is implemented
+ * so we should always be able to fall back to that if better
+ * options are not available. */
+ best_suite = IPMI_LANPLUS_CIPHER_SUITE_3;
+ }
+ lprintf(LOG_INFO, "Using best available cipher suite %d\n", best_suite);
+ return best_suite;
+}
+
/**
* ipmi_lanplus_open
*/
@@ -3470,7 +3447,7 @@ ipmi_lanplus_open(struct ipmi_intf * intf)
if (!params->retry)
params->retry = IPMI_LAN_RETRY;
- if (params->hostname == NULL || strlen((const char *)params->hostname) == 0) {
+ if (!params->hostname || strlen((const char *)params->hostname) == 0) {
lprintf(LOG_ERR, "No hostname specified!");
return -1;
}
@@ -3491,7 +3468,9 @@ ipmi_lanplus_open(struct ipmi_intf * intf)
/* Setup our lanplus session state */
memset(session, 0, sizeof(struct ipmi_session));
session->timeout = params->timeout;
- memcpy(&session->authcode, &params->authcode_set, sizeof(session->authcode));
+ memcpy(&session->authcode,
+ &params->authcode_set,
+ sizeof(session->authcode));
session->v2_data.auth_alg = IPMI_AUTH_RAKP_NONE;
session->v2_data.crypt_alg = IPMI_CRYPT_NONE;
session->sol_data.sequence_number = 1;
@@ -3510,15 +3489,30 @@ ipmi_lanplus_open(struct ipmi_intf * intf)
goto fail;
}
- if (!ipmi_oem_active(intf, "i82571spt") && ! auth_cap.v20_data_available) {
+ if (!ipmi_oem_active(intf, "i82571spt") &&
+ !auth_cap.v20_data_available)
+ {
lprintf(LOG_INFO, "This BMC does not support IPMI v2 / RMCP+");
goto fail;
}
/*
- * If the open/rakp1/rakp3 sequence encounters a timeout, the whole sequence
- * needs to restart. The individual messages are not individually retryable,
- * as the session state is advancing.
+ * If no cipher suite was provided, query the channel cipher suite list
+ * and pick the best one available
+ */
+ if (IPMI_LANPLUS_CIPHER_SUITE_RESERVED ==
+ intf->ssn_params.cipher_suite_id)
+ {
+ ipmi_intf_session_set_cipher_suite_id(
+ intf,
+ ipmi_find_best_cipher_suite(intf)
+ );
+ }
+
+ /*
+ * If the open/rakp1/rakp3 sequence encounters a timeout, the whole
+ * sequence needs to restart. The individual messages are not
+ * individually retryable, as the session state is advancing.
*/
for (retry = 0; retry < IPMI_LAN_RETRY; retry++) {
session->v2_data.session_state = LANPLUS_STATE_PRESESSION;
@@ -3687,21 +3681,19 @@ ipmi_lanplus_keepalive(struct ipmi_intf * intf)
return 0;
rsp = intf->sendrecv(intf, &req);
- while (rsp != NULL && is_sol_packet(rsp)) {
+ while (rsp && is_sol_packet(rsp)) {
/* rsp was SOL data instead of our answer */
/* since it didn't go through the sol recv, do sol recv stuff here */
ack_sol_packet(intf, rsp);
- check_sol_packet_for_new_data(intf, rsp);
+ check_sol_packet_for_new_data(rsp);
if (rsp->data_len)
intf->session->sol_data.sol_input_handler(rsp);
rsp = ipmi_lan_poll_recv(intf);
- if (rsp == NULL) /* the get device id answer never got back, but retry mechanism was bypassed by SOL data */
+ if (!rsp) /* the get device id answer never got back, but retry mechanism was bypassed by SOL data */
return 0; /* so get device id command never returned, the connection is still alive */
}
- if (rsp == NULL)
- return -1;
- if (rsp->ccode > 0)
+ if (!rsp || rsp->ccode)
return -1;
return 0;
@@ -3728,7 +3720,7 @@ static int ipmi_lanplus_setup(struct ipmi_intf * intf)
static void ipmi_lanp_set_max_rq_data_size(struct ipmi_intf * intf, uint16_t size)
{
- if (intf->ssn_params.cipher_suite_id == 3) {
+ if (intf->ssn_params.cipher_suite_id == IPMI_LANPLUS_CIPHER_SUITE_3) {
/*
* encrypted payload can only be multiple of 16 bytes
*/
@@ -3746,7 +3738,7 @@ static void ipmi_lanp_set_max_rq_data_size(struct ipmi_intf * intf, uint16_t siz
static void ipmi_lanp_set_max_rp_data_size(struct ipmi_intf * intf, uint16_t size)
{
- if (intf->ssn_params.cipher_suite_id == 3) {
+ if (intf->ssn_params.cipher_suite_id == IPMI_LANPLUS_CIPHER_SUITE_3) {
/*
* encrypted payload can only be multiple of 16 bytes
*/
diff --git a/src/plugins/lanplus/lanplus.h b/src/plugins/lanplus/lanplus.h
index d967462..3e287ae 100644
--- a/src/plugins/lanplus/lanplus.h
+++ b/src/plugins/lanplus/lanplus.h
@@ -30,8 +30,7 @@
* EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
*/
-#ifndef IPMI_LANPLUS_H
-#define IPMI_LANPLUS_H
+#pragma once
#include <ipmitool/ipmi.h>
@@ -113,7 +112,7 @@
/*
*This is accurate, as long as we're only passing 1 auth algorithm,
- * one integrity algorithm, and 1 encyrption alogrithm
+ * one integrity algorithm, and 1 encyrption algorithm
*/
#define IPMI_OPEN_SESSION_REQUEST_SIZE 32
#define IPMI_RAKP1_MESSAGE_SIZE 44
@@ -130,5 +129,3 @@ struct ipmi_rs * ipmi_lan_send_cmd(struct ipmi_intf * intf, struct ipmi_rq * req
int ipmi_lanplus_open(struct ipmi_intf * intf);
void ipmi_lanplus_close(struct ipmi_intf * intf);
int ipmiv2_lan_ping(struct ipmi_intf * intf);
-
-#endif /*IPMI_LAN_H*/
diff --git a/src/plugins/lanplus/lanplus_crypt.c b/src/plugins/lanplus/lanplus_crypt.c
index cb963f4..b4d677b 100644
--- a/src/plugins/lanplus/lanplus_crypt.c
+++ b/src/plugins/lanplus/lanplus_crypt.c
@@ -84,12 +84,16 @@ lanplus_rakp2_hmac_matches(const struct ipmi_session * session,
return 1;
/* We don't yet support other algorithms */
+#ifdef HAVE_CRYPTO_SHA256 // assert() is a macro, must not put #ifdef inside it
assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1)
|| (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5)
-#ifdef HAVE_CRYPTO_SHA256
|| (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA256)
-#endif /* HAVE_CRYPTO_SHA256 */
);
+#else
+ assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1)
+ || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5)
+ );
+#endif /* HAVE_CRYPTO_SHA256 */
bufferLength =
@@ -103,7 +107,7 @@ lanplus_rakp2_hmac_matches(const struct ipmi_session * session,
strlen((const char *)intf->ssn_params.username); /* optional */
buffer = malloc(bufferLength);
- if (buffer == NULL) {
+ if (!buffer) {
lprintf(LOG_ERR, "ipmitool: malloc failure");
return 1;
}
@@ -251,12 +255,16 @@ lanplus_rakp4_hmac_matches(const struct ipmi_session * session,
return 1;
/* We don't yet support other algorithms */
+#ifdef HAVE_CRYPTO_SHA256 // assert() is a macro, must not put #ifdef inside it
assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1)
|| (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5)
-#ifdef HAVE_CRYPTO_SHA256
|| (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA256)
-#endif /* HAVE_CRYPTO_SHA256 */
);
+#else
+ assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1)
+ || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5)
+ );
+#endif /* HAVE_CRYPTO_SHA256 */
}
bufferLength =
@@ -265,7 +273,7 @@ lanplus_rakp4_hmac_matches(const struct ipmi_session * session,
16; /* GUIDc */
buffer = (uint8_t *)malloc(bufferLength);
- if (buffer == NULL) {
+ if (!buffer) {
lprintf(LOG_ERR, "ipmitool: malloc failure");
return 1;
}
@@ -417,12 +425,16 @@ lanplus_generate_rakp3_authcode(uint8_t * output_buffer,
}
/* We don't yet support other algorithms */
+#ifdef HAVE_CRYPTO_SHA256 // assert() is a macro, must not put #ifdef inside it
assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1)
|| (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5)
-#ifdef HAVE_CRYPTO_SHA256
|| (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA256)
-#endif /* HAVE_CRYPTO_SHA256 */
);
+#else
+ assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1)
+ || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5)
+ );
+#endif /* HAVE_CRYPTO_SHA256 */
input_buffer_length =
16 + /* Rc */
@@ -432,7 +444,7 @@ lanplus_generate_rakp3_authcode(uint8_t * output_buffer,
strlen((const char *)intf->ssn_params.username);
input_buffer = malloc(input_buffer_length);
- if (input_buffer == NULL) {
+ if (!input_buffer) {
lprintf(LOG_ERR, "ipmitool: malloc failure");
return 1;
}
@@ -512,7 +524,7 @@ lanplus_generate_rakp3_authcode(uint8_t * output_buffer,
* <USERNAME> - Usename (absent for null usernames)
*
* The key used to generated the SIK is Kg if Kg is not null (two-key logins are
- * enabled). Otherwise Kuid (the user authcode) is used as the key to genereate
+ * enabled). Otherwise Kuid (the user authcode) is used as the key to generate
* the SIK.
*
* I am aware that the subscripts look backwards, but that is the way they are
@@ -539,12 +551,16 @@ lanplus_generate_sik(struct ipmi_session * session, struct ipmi_intf * intf)
return 0;
/* We don't yet support other algorithms */
+#ifdef HAVE_CRYPTO_SHA256 // assert() is a macro, must not put #ifdef inside it
assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1)
|| (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5)
-#ifdef HAVE_CRYPTO_SHA256
|| (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA256)
-#endif /* HAVE_CRYPTO_SHA256 */
);
+#else
+ assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1)
+ || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5)
+ );
+#endif /* HAVE_CRYPTO_SHA256 */
input_buffer_length =
16 + /* Rm */
@@ -554,7 +570,7 @@ lanplus_generate_sik(struct ipmi_session * session, struct ipmi_intf * intf)
strlen((const char *)intf->ssn_params.username);
input_buffer = malloc(input_buffer_length);
- if (input_buffer == NULL) {
+ if (!input_buffer) {
lprintf(LOG_ERR, "ipmitool: malloc failure");
return 1;
}
@@ -836,7 +852,7 @@ lanplus_encrypt_payload(uint8_t crypt_alg,
pad_length = IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE - mod;
padded_input = (uint8_t*)malloc(input_length + pad_length + 1);
- if (padded_input == NULL) {
+ if (!padded_input) {
lprintf(LOG_ERR, "ipmitool: malloc failure");
return 1;
}
@@ -853,7 +869,7 @@ lanplus_encrypt_payload(uint8_t crypt_alg,
if (lanplus_rand(output, IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE))
{
lprintf(LOG_ERR, "lanplus_encrypt_payload: Error generating IV");
- if (padded_input != NULL) {
+ if (padded_input) {
free(padded_input);
padded_input = NULL;
}
@@ -897,7 +913,7 @@ lanplus_encrypt_payload(uint8_t crypt_alg,
*
* The authcode is computed using the specified integrity algorithm starting
* with the AuthType / Format field, and ending with the field immediately
- * preceeding the authcode itself.
+ * preceding the authcode itself.
*
* The key key used to generate the authcode MAC is K1.
*
@@ -1003,7 +1019,7 @@ lanplus_decrypt_payload(uint8_t crypt_alg, const uint8_t * key,
assert(crypt_alg == IPMI_CRYPT_AES_CBC_128);
decrypted_payload = (uint8_t*)malloc(input_length);
- if (decrypted_payload == NULL) {
+ if (!decrypted_payload) {
lprintf(LOG_ERR, "ipmitool: malloc failure");
return 1;
}
@@ -1029,7 +1045,7 @@ lanplus_decrypt_payload(uint8_t crypt_alg, const uint8_t * key,
bytes_decrypted);
/*
- * We have to determine the payload size, by substracting the padding, etc.
+ * We have to determine the payload size, by subtracting the padding, etc.
* The last byte of the decrypted payload is the confidentiality pad length.
*/
conf_pad_length = decrypted_payload[bytes_decrypted - 1];
diff --git a/src/plugins/lanplus/lanplus_crypt.h b/src/plugins/lanplus/lanplus_crypt.h
index d69cc9b..1c306dd 100644
--- a/src/plugins/lanplus/lanplus_crypt.h
+++ b/src/plugins/lanplus/lanplus_crypt.h
@@ -30,8 +30,7 @@
* EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
*/
-#ifndef IPMI_LANPLUS_CRYPT_H
-#define IPMI_LANPLUS_CRYPT_H
+#pragma once
#include <ipmitool/ipmi_intf.h>
@@ -68,8 +67,3 @@ int lanplus_decrypt_payload(uint8_t crypt_alg,
uint16_t * payload_size);
int lanplus_has_valid_auth_code(struct ipmi_rs * rs,
struct ipmi_session * session);
-
-
-
-
-#endif /* IPMI_LANPLUS_CRYPT_H */
diff --git a/src/plugins/lanplus/lanplus_crypt_impl.c b/src/plugins/lanplus/lanplus_crypt_impl.c
index d5fac37..7603e6d 100644
--- a/src/plugins/lanplus/lanplus_crypt_impl.c
+++ b/src/plugins/lanplus/lanplus_crypt_impl.c
@@ -102,7 +102,7 @@ lanplus_rand(uint8_t * buffer, uint32_t num_bytes)
* param mac specifies the algorithm to be used, currently SHA1, SHA256 and MD5
* are supported
* param key is the key used for HMAC generation
- * param key_len is the lenght of key
+ * param key_len is the length of key
* param d is the data to be MAC'd
* param n is the length of the data at d
* param md is the result of the HMAC algorithm
@@ -164,11 +164,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
uint8_t * output,
uint32_t * bytes_written)
{
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
- EVP_CIPHER_CTX_set_padding(&ctx, 0);
-
+ EVP_CIPHER_CTX *ctx = NULL;
*bytes_written = 0;
@@ -182,6 +178,18 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
printbuf(input, input_length, "encrypting this data");
}
+ ctx = EVP_CIPHER_CTX_new();
+ if (!ctx) {
+ lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
+ return;
+ }
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ EVP_CIPHER_CTX_init(ctx);
+#else
+ EVP_CIPHER_CTX_reset(ctx);
+#endif
+ EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
/*
* The default implementation adds a whole block of padding if the input
@@ -191,28 +199,28 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
- if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
+ if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
{
/* Error */
*bytes_written = 0;
- return;
}
else
{
uint32_t tmplen;
- if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
+ if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
{
+ /* Error */
*bytes_written = 0;
- return; /* Error */
}
else
{
/* Success */
*bytes_written += tmplen;
- EVP_CIPHER_CTX_cleanup(&ctx);
}
}
+ /* performs cleanup and free */
+ EVP_CIPHER_CTX_free(ctx);
}
@@ -239,11 +247,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
uint8_t * output,
uint32_t * bytes_written)
{
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
- EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
- EVP_CIPHER_CTX_set_padding(&ctx, 0);
-
+ EVP_CIPHER_CTX *ctx = NULL;
if (verbose >= 5)
{
@@ -252,12 +256,24 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
printbuf(input, input_length, "decrypting this data");
}
-
*bytes_written = 0;
if (input_length == 0)
return;
+ ctx = EVP_CIPHER_CTX_new();
+ if (!ctx) {
+ lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
+ return;
+ }
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ EVP_CIPHER_CTX_init(ctx);
+#else
+ EVP_CIPHER_CTX_reset(ctx);
+#endif
+ EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
+
/*
* The default implementation adds a whole block of padding if the input
* data is perfectly aligned. We would like to keep that from happening.
@@ -266,33 +282,33 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
- if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
+ if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
{
/* Error */
lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
*bytes_written = 0;
- return;
}
else
{
uint32_t tmplen;
- if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
+ if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
{
+ /* Error */
char buffer[1000];
ERR_error_string(ERR_get_error(), buffer);
lprintf(LOG_DEBUG, "the ERR error %s", buffer);
lprintf(LOG_DEBUG, "ERROR: decrypt final failed");
*bytes_written = 0;
- return; /* Error */
}
else
{
/* Success */
*bytes_written += tmplen;
- EVP_CIPHER_CTX_cleanup(&ctx);
}
}
+ /* performs cleanup and free */
+ EVP_CIPHER_CTX_free(ctx);
if (verbose >= 5)
{
diff --git a/src/plugins/lanplus/lanplus_crypt_impl.h b/src/plugins/lanplus/lanplus_crypt_impl.h
index ff534bc..a48c6b7 100644
--- a/src/plugins/lanplus/lanplus_crypt_impl.h
+++ b/src/plugins/lanplus/lanplus_crypt_impl.h
@@ -30,9 +30,7 @@
* EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
*/
-#ifndef IPMI_LANPLUS_CRYPT_IMPL_H
-#define IPMI_LANPLUS_CRYPT_IMPL_H
-
+#pragma once
int
lanplus_seed_prng(uint32_t bytes);
@@ -61,6 +59,3 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
uint32_t input_length,
uint8_t * output,
uint32_t * bytes_written);
-
-
-#endif /* IPMI_LANPLUS_CRYPT_IMPL_H */
diff --git a/src/plugins/lanplus/lanplus_dump.h b/src/plugins/lanplus/lanplus_dump.h
index 4e29ebb..d4c8a8d 100644
--- a/src/plugins/lanplus/lanplus_dump.h
+++ b/src/plugins/lanplus/lanplus_dump.h
@@ -30,9 +30,7 @@
* EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
*/
-
-#ifndef IPMI_LANPLUS_DUMP_H
-#define IPMI_LANPLUS_DUMP_H
+#pragma once
#include <ipmitool/ipmi_intf.h>
@@ -40,6 +38,3 @@
void lanplus_dump_open_session_response(const struct ipmi_rs * rsp);
void lanplus_dump_rakp2_message(const struct ipmi_rs * rsp, uint8_t auth_alg);
void lanplus_dump_rakp4_message(const struct ipmi_rs * rsp, uint8_t auth_alg);
-
-
-#endif /* IPMI_LANPLUS_DUMP_H */
diff --git a/src/plugins/lanplus/rmcp.h b/src/plugins/lanplus/rmcp.h
index 51dc44d..df07f2f 100644
--- a/src/plugins/lanplus/rmcp.h
+++ b/src/plugins/lanplus/rmcp.h
@@ -30,8 +30,7 @@
* EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
*/
-#ifndef IPMI_RMCP_H
-#define IPMI_RMCP_H
+#pragma once
#include <ipmitool/helper.h>
#include "lanplus.h"
@@ -45,24 +44,11 @@
#define RMCP_TYPE_NORM 0x00
#define RMCP_TYPE_ACK 0x01
-static const struct valstr rmcp_type_vals[] __attribute__((unused)) = {
- { RMCP_TYPE_NORM, "Normal RMCP" },
- { RMCP_TYPE_ACK, "RMCP ACK" },
- { 0, NULL }
-};
-
#define RMCP_CLASS_MASK 0x1f
#define RMCP_CLASS_ASF 0x06
#define RMCP_CLASS_IPMI 0x07
#define RMCP_CLASS_OEM 0x08
-static const struct valstr rmcp_class_vals[] __attribute__((unused)) = {
- { RMCP_CLASS_ASF, "ASF" },
- { RMCP_CLASS_IPMI, "IPMI" },
- { RMCP_CLASS_OEM, "OEM" },
- { 0, NULL }
-};
-
/* RMCP message header */
#ifdef HAVE_PRAGMA_PACK
#pragma pack(1)
@@ -78,5 +64,3 @@ struct rmcp_hdr {
#endif
int handle_rmcp(struct ipmi_intf * intf, uint8_t * data, int data_len);
-
-#endif /* IPMI_RMCP_H */