From a9ee361f27e0439530387765924574e5358c8a5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Sat, 10 Sep 2022 15:44:41 +0200 Subject: New upstream version 1.8.19 --- src/plugins/lanplus/Makefile.in | 649 ------------------------------- src/plugins/lanplus/README.lanplus | 74 ++++ src/plugins/lanplus/README.sol | 76 ++++ src/plugins/lanplus/asf.h | 19 +- src/plugins/lanplus/lanplus.c | 362 +++++++++-------- src/plugins/lanplus/lanplus.h | 7 +- src/plugins/lanplus/lanplus_crypt.c | 52 ++- src/plugins/lanplus/lanplus_crypt.h | 8 +- src/plugins/lanplus/lanplus_crypt_impl.c | 60 +-- src/plugins/lanplus/lanplus_crypt_impl.h | 7 +- src/plugins/lanplus/lanplus_dump.h | 7 +- src/plugins/lanplus/rmcp.h | 18 +- 12 files changed, 406 insertions(+), 933 deletions(-) delete mode 100644 src/plugins/lanplus/Makefile.in create mode 100644 src/plugins/lanplus/README.lanplus create mode 100644 src/plugins/lanplus/README.sol (limited to 'src/plugins/lanplus') diff --git a/src/plugins/lanplus/Makefile.in b/src/plugins/lanplus/Makefile.in deleted file mode 100644 index d24775b..0000000 --- a/src/plugins/lanplus/Makefile.in +++ /dev/null @@ -1,649 +0,0 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994-2013 Free Software Foundation, Inc. - -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -# Copyright (c) 2003 Sun Microsystems, Inc. All Rights Reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# Redistribution of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# Redistribution in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# Neither the name of Sun Microsystems, Inc. or the names of -# contributors may be used to endorse or promote products derived -# from this software without specific prior written permission. -# -# This software is provided "AS IS," without a warranty of any kind. -# ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, -# INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A -# PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. -# SUN MICROSYSTEMS, INC. ("SUN") AND ITS LICENSORS SHALL NOT BE LIABLE -# FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING -# OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL -# SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, -# OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR -# PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF -# LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, -# EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. - -VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ - esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -target_triplet = @target@ -subdir = src/plugins/lanplus -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -LTLIBRARIES = $(noinst_LTLIBRARIES) -libintf_lanplus_la_DEPENDENCIES = $(top_builddir)/lib/libipmitool.la -am_libintf_lanplus_la_OBJECTS = lanplus.lo lanplus_strings.lo \ - lanplus_crypt.lo lanplus_dump.lo lanplus_crypt_impl.lo -libintf_lanplus_la_OBJECTS = $(am_libintf_lanplus_la_OBJECTS) -AM_V_lt = $(am__v_lt_@AM_V@) -am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -am__v_lt_0 = --silent -am__v_lt_1 = -AM_V_P = $(am__v_P_@AM_V@) -am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -am__v_P_0 = false -am__v_P_1 = : -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; -am__v_GEN_1 = -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ -am__v_at_1 = -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ - $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ - $(AM_CFLAGS) $(CFLAGS) -AM_V_CC = $(am__v_CC_@AM_V@) -am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -am__v_CC_1 = -CCLD = $(CC) -LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_CCLD = $(am__v_CCLD_@AM_V@) -am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -am__v_CCLD_1 = -SOURCES = $(libintf_lanplus_la_SOURCES) -DIST_SOURCES = $(libintf_lanplus_la_SOURCES) -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -# Read a list of newline-separated strings from the standard input, -# and print each of them once, without duplicates. Input order is -# *not* preserved. -am__uniquify_input = $(AWK) '\ - BEGIN { nonempty = 0; } \ - { items[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in items) print i; }; } \ -' -# Make sure the list of sources is unique. This is necessary because, -# e.g., the same source file might be shared among _SOURCES variables -# for different programs/libraries. -am__define_uniq_tagged_files = \ - list='$(am__tagged_files)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ -AR = @AR@ -ARCH = @ARCH@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -BASEDIR = @BASEDIR@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DISTRO = @DISTRO@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -GREP = @GREP@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -INTF_BMC = @INTF_BMC@ -INTF_BMC_LIB = @INTF_BMC_LIB@ -INTF_DUMMY = @INTF_DUMMY@ -INTF_DUMMY_LIB = @INTF_DUMMY_LIB@ -INTF_FREE = @INTF_FREE@ -INTF_FREE_LIB = @INTF_FREE_LIB@ -INTF_IMB = @INTF_IMB@ -INTF_IMB_LIB = @INTF_IMB_LIB@ -INTF_LAN = @INTF_LAN@ -INTF_LANPLUS = @INTF_LANPLUS@ -INTF_LANPLUS_LIB = @INTF_LANPLUS_LIB@ -INTF_LAN_LIB = @INTF_LAN_LIB@ -INTF_LIPMI = @INTF_LIPMI@ -INTF_LIPMI_LIB = @INTF_LIPMI_LIB@ -INTF_OPEN = @INTF_OPEN@ -INTF_OPEN_LIB = @INTF_OPEN_LIB@ -INTF_SERIAL = @INTF_SERIAL@ -INTF_SERIAL_LIB = @INTF_SERIAL_LIB@ -INTF_USB = @INTF_USB@ -INTF_USB_LIB = @INTF_USB_LIB@ -IPMITOOL_INTF_LIB = @IPMITOOL_INTF_LIB@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -MAKEINFO = @MAKEINFO@ -MANIFEST_TOOL = @MANIFEST_TOOL@ -MKDIR_P = @MKDIR_P@ -NM = @NM@ -NMEDIT = @NMEDIT@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OS = @OS@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -POW_LIB = @POW_LIB@ -PSTAMP = @PSTAMP@ -RANLIB = @RANLIB@ -RPMBUILD = @RPMBUILD@ -RPM_RELEASE = @RPM_RELEASE@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -VERSION = @VERSION@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_configure_args = @ac_configure_args@ -ac_ct_AR = @ac_ct_AR@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target = @target@ -target_alias = @target_alias@ -target_cpu = @target_cpu@ -target_os = @target_os@ -target_vendor = @target_vendor@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -MAINTAINERCLEANFILES = Makefile.in -AM_CPPFLAGS = -I$(top_srcdir)/include -EXTRA_LTLIBRARIES = libintf_lanplus.la -noinst_LTLIBRARIES = @INTF_LANPLUS_LIB@ -libintf_lanplus_la_LIBADD = $(top_builddir)/lib/libipmitool.la -libintf_lanplus_la_SOURCES = \ - rmcp.h asf.h \ - lanplus.c lanplus.h \ - lanplus_strings.c \ - lanplus_crypt.c lanplus_crypt.h \ - lanplus_dump.h lanplus_dump.c \ - lanplus_crypt_impl.h lanplus_crypt_impl.c - -all: all-am - -.SUFFIXES: -.SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/plugins/lanplus/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --foreign src/plugins/lanplus/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): - -clean-noinstLTLIBRARIES: - -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) - @list='$(noinst_LTLIBRARIES)'; \ - locs=`for p in $$list; do echo $$p; done | \ - sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ - sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } - -libintf_lanplus.la: $(libintf_lanplus_la_OBJECTS) $(libintf_lanplus_la_DEPENDENCIES) $(EXTRA_libintf_lanplus_la_DEPENDENCIES) - $(AM_V_CCLD)$(LINK) $(libintf_lanplus_la_OBJECTS) $(libintf_lanplus_la_LIBADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lanplus.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lanplus_crypt.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lanplus_crypt_impl.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lanplus_dump.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lanplus_strings.Plo@am__quote@ - -.c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< - -.c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -ID: $(am__tagged_files) - $(am__define_uniq_tagged_files); mkid -fID $$unique -tags: tags-am -TAGS: tags - -tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ - $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: ctags-am - -CTAGS: ctags -ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -cscopelist: cscopelist-am - -cscopelist-am: $(am__tagged_files) - list='$(am__tagged_files)'; \ - case "$(srcdir)" in \ - [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ - *) sdir=$(subdir)/$(srcdir) ;; \ - esac; \ - for i in $$list; do \ - if test -f "$$i"; then \ - echo "$(subdir)/$$i"; \ - else \ - echo "$$sdir/$$i"; \ - fi; \ - done >> $(top_builddir)/cscope.files - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(LTLIBRARIES) -installdirs: -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - if test -z '$(STRIP)'; then \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - install; \ - else \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ - fi -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." - -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) -clean: clean-am - -clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ - mostlyclean-am - -distclean: distclean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: - -.MAKE: install-am install-strip - -.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-noinstLTLIBRARIES cscopelist-am ctags \ - ctags-am distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-am uninstall uninstall-am - - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/src/plugins/lanplus/README.lanplus b/src/plugins/lanplus/README.lanplus new file mode 100644 index 0000000..4406d5b --- /dev/null +++ b/src/plugins/lanplus/README.lanplus @@ -0,0 +1,74 @@ +This interface exists to provide a means of connecting to an IPMIv2 enabled +BMC. In some places, the IPMIv2 specification is either unclear or +inconsistent, and interpretations of the intent of the specification had to +be made at the discretion of the implementor. The purpose of this +document is to make those decisions clear so that 1) they can be reviewed +by others and 2) so that the rationale for those decisions can be made +clear. + +* Though it's not stated explicitly with which algorithm the K1 and K2 keys +should be generated, we chose to use the authentication algorithm. The +specification states that K1 and K2 are generated with an HMAC algorithm, +and all of the authentication algorithms (except for "none") are HMAC +algorithms, whereas the integrity algorithms are not all HMAC. See section +13.32 for details about K1 and K2, and section + + +* The IPMIv2 specification describes a key, Kg, that is the "BMC key". +This key functions as a global key that is required to be known in addition +to the user's key, by authenticating users. If the BMC has a null Kg, the +users key, Kuid, is used in its place in algorithms where Kg is required, +per the specification section 13.33. A user can obtain the status of Kg by +querying the BMC with the Get Channel Authentication Capabilities command. +Currently, this implementation does not provide a way for a user to specify +Kg for BMCs that require it. + + +* The specification is unclear as to which key is used for HMAC based +integrity checking. One the one hand, section 13.28.4 states explicitly +that HMAC integrity algorithms use the session integrity key as the HMAC +key. Confusing that matter is a statement in section 13.32 regarding the +creation of additional keying material. In this section it is stated that +"all keying material for the RSP integrity and confidentiality algorithms +will be generated by processing a pre-defined set of constants using HMAC +per [RFC2104], keyed by sik". And "For the mandatory-to-implement +integrity and confidentiality algorithms defined in this specification, +processing the first two (2) constants will generate the require amount of +keying material." We decided to use K1 as our HMAC key for the generation +of authentication codes (integrity checking). Furthermore, we are using +all 20 bytes of K1. + + +* IPMIv2 compliant BMCs are supposed to support 20 byte passwords, as well +store metadata describing whether the password was stored as a 16 byte or +20 byte class password. We do not currently support 20 byte passwords. It +should be noted that there are obvious mistakes in the SET USER PASSWORD +command specification, as it mentions the ability to query for 16/20 byte +password status, but the packet format does not support this. + + +* The IPMIv2 specification describes a type of login called a "role only +login." This feature allows a user to login providing only a requested +privilege level and a password. We do not currently support this feature. +Supporting this feature would only require the ability to specify +username/privilege lookups in the RAKP 1 message sent from ipmitool. We +currently specify the use of username only lookups for authentication. + + +* In the IPMIv2 packet description in table 13-8 of the IPMv2 +specification, there are two fields that are rather ambiguous in meaning. +The fields are "Pad Length" and "Next Header". Although neither field is +listed as belonging to the IPMIv2 packet format, we include/expect them +both in our IPMIv2 packets. Are rationale is 1) the Next Headers field's +comment states what the value of that field should be for IPMIv2, and 2) +for the most part the ASF and IPMIv2 fields seem to parallel each other, +and we feel that the Pad Length and Next Header fields were left out of the +IPMIv2 column by mistake. + + +* The GET CHANNEL CIPHER SUITES command documentation seems to have +mistakes. The "start of record" byte is stated to be either 0x30 or 0x31, +whereas the detailed description in table 22-18 leads us to believe that +this byte should really be 0xC0 or 0xC1. Also the description of bits 5:0 +in the start of record byte should probably be 00_0000 rather than 00_000. + diff --git a/src/plugins/lanplus/README.sol b/src/plugins/lanplus/README.sol new file mode 100644 index 0000000..4c64e2a --- /dev/null +++ b/src/plugins/lanplus/README.sol @@ -0,0 +1,76 @@ +This document was last updated for release 1.8.8. + +This document explains how Serial Over Lan is implemented on in the +ipmitool IPMI client. Obviously, the code itself is authoritative, but +this document should serve as a good starting point. + +Serial Over Lan (SOL) is defined in the IPMI v2 specification published by +Intel and available at http://www.intel.com/design/servers/ipmi/. SOL +functionality is built on top of the RMCP+ protocol as an additional +payload type (type 1). + +The high end SOL logic is implemented in src/ipmitool/lib/ipmi_sol.c. SOL +sessions are begun in ipmitool using the "sol activate" command. This +command maps directly to the IPMI Activate Payload command. It first +verifies that an RMCP+ session (lanplus interface) is being used to +establish the session. Although the spec allows for a SOL connection to be +established on a port different than the RMCP+ port that the "activate +payload" command issued, ipmitool does not support this. + +Once a session has been established (the activate payload command +succeeds), ipmitool simply loops over a select() on user input and data +returned from the BMC. All user input is first filtered so that special +escape sequences can suspend or deactivate the SOL session and so that data +can be broken into chunks no greater than N bytes. This maximum is +specified by the BMC in the response to the Activate Payload command. + +User input to the BMC is handled in ipmitool/src/plugins/lanplus/lanplus.c. +Every SOL packet (with one exception) traveling in either direction causes +the recipient to return an acknowledgement packet, though acks themself are +not acknowledged. The transport layer in lanplus.c handles the logic +regarding acks, partial acks, sequence numbers. SOL acknowledgements +packets be acks, partial acks (the remote destination processed only some +of the data), and nacks (requests to stop sending packets). Nacks are not +honored by ipmitool. + +Note that one way that SOL communication differs from standard IPMI +commands, is that it is not simply a request response protocol. Packets +may be returned asynchronously from the BMC. When establishing a SOL +session, ipmitool registers a callback for asynchronously received data. +This call back simply prints text returned from the BMC. + +Once a user has chosen to exit the SOL session (with ~.) ipmitool sends the +IPMI SOL Deactivate command to the BMC. + +The standard code path for SOL logic follows: + ipmi_sol_main (ipmi_sol.c): + + ipmi_sol_activate (ipmi_sol.c): + Argument validation + Creation and dispatch of IPMI Activate Payload command + + ipmi_sol_red_pill (ipmi_sol.c): + Loop on select() for user input and data returned from the BMC + Periodic dispatch of "keep alive" packet to the BMC. + Send user input to the BMC and BMC data to the console. + + processSolUserInput (ipmi_sol.c): + Process possible escape sequences (~., ~B, etc.) + Send (with retries) user data to the BMC + Partial creation of packet payload + + ipmi_lanplus_send_sol (lanplus.c): + Completion of packet payload + Send (with retries) of SOL packet + + ipmi_lanplus_send_payload (lanplus.c): + Creation of RMCP+ packet + Details general to all V2 packet processing, as + well as a some logic to handle ack reception. + + is_sol_partial_ack (lanplus.c): + Determine whether a data needs to be resent + + ipmi_lanplus_recv_sol (lanplus.c): + Handle data received by the BMC. Ack as appropriate. + diff --git a/src/plugins/lanplus/asf.h b/src/plugins/lanplus/asf.h index 7a30418..6453363 100644 --- a/src/plugins/lanplus/asf.h +++ b/src/plugins/lanplus/asf.h @@ -30,8 +30,7 @@ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. */ -#ifndef IPMI_ASF_H -#define IPMI_ASF_H +#pragma once #include #include "lanplus.h" @@ -41,20 +40,6 @@ #define ASF_TYPE_PING 0x80 #define ASF_TYPE_PONG 0x40 -static const struct valstr asf_type_vals[] __attribute__((unused)) = { - { 0x10, "Reset" }, - { 0x11, "Power-up" }, - { 0x12, "Unconditional Power-down" }, - { 0x13, "Power Cycle" }, - { 0x40, "Presence Pong" }, - { 0x41, "Capabilities Response" }, - { 0x42, "System State Response" }, - { 0x80, "Presence Ping" }, - { 0x81, "Capabilities Request" }, - { 0x82, "System State Request" }, - { 0x00, NULL } -}; - /* ASF message header */ #ifdef HAVE_PRAGMA_PACK #pragma pack(1) @@ -71,5 +56,3 @@ struct asf_hdr { #endif int handle_asf(struct ipmi_intf * intf, uint8_t * data, int data_len); - -#endif /* IPMI_ASF_H */ diff --git a/src/plugins/lanplus/lanplus.c b/src/plugins/lanplus/lanplus.c index a0e388c..ed41380 100644 --- a/src/plugins/lanplus/lanplus.c +++ b/src/plugins/lanplus/lanplus.c @@ -29,7 +29,6 @@ * LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. */ -#define _GNU_SOURCE #include #include @@ -103,15 +102,14 @@ static void getIpmiPayloadWireRep( uint8_t rq_seq, uint8_t curr_seq); static void getSolPayloadWireRep( - struct ipmi_intf * intf, uint8_t * msg, struct ipmi_v2_payload * payload); static void read_open_session_response(struct ipmi_rs * rsp, int offset); static void read_rakp2_message(struct ipmi_rs * rsp, int offset, uint8_t alg); static void read_rakp4_message(struct ipmi_rs * rsp, int offset, uint8_t alg); -static void read_session_data(struct ipmi_rs * rsp, int * offset, struct ipmi_session *s); -static void read_session_data_v15(struct ipmi_rs * rsp, int * offset, struct ipmi_session *s); -static void read_session_data_v2x(struct ipmi_rs * rsp, int * offset, struct ipmi_session *s); +static void read_session_data(struct ipmi_rs * rsp, int * offset); +static void read_session_data_v15(struct ipmi_rs * rsp, int * offset); +static void read_session_data_v2x(struct ipmi_rs * rsp, int * offset); static void read_ipmi_response(struct ipmi_rs * rsp, int * offset); static void read_sol_packet(struct ipmi_rs * rsp, int * offset); static struct ipmi_rs * ipmi_lanplus_recv_sol(struct ipmi_intf * intf); @@ -119,7 +117,6 @@ static struct ipmi_rs * ipmi_lanplus_send_sol( struct ipmi_intf * intf, struct ipmi_v2_payload * payload); static int check_sol_packet_for_new_data( - struct ipmi_intf * intf, struct ipmi_rs *rsp); static void ack_sol_packet( struct ipmi_intf * intf, @@ -164,141 +161,115 @@ extern int verbose; * returns 0 on success * 1 on failure */ -int lanplus_get_requested_ciphers(int cipher_suite_id, - uint8_t * auth_alg, - uint8_t * integrity_alg, - uint8_t * crypt_alg) +int +lanplus_get_requested_ciphers(enum cipher_suite_ids cipher_suite_id, + uint8_t *auth_alg, + uint8_t *integrity_alg, + uint8_t *crypt_alg) { -#ifdef HAVE_CRYPTO_SHA256 - if ((cipher_suite_id < 0) || (cipher_suite_id > 17)) { - return 1; - } -#else - if ((cipher_suite_id < 0) || (cipher_suite_id > 14)) - return 1; -#endif /* HAVE_CRYPTO_SHA256 */ /* See table 22-19 for the source of the statement */ switch (cipher_suite_id) { - case 0: + case IPMI_LANPLUS_CIPHER_SUITE_0: *auth_alg = IPMI_AUTH_RAKP_NONE; *integrity_alg = IPMI_INTEGRITY_NONE; *crypt_alg = IPMI_CRYPT_NONE; break; - case 1: + case IPMI_LANPLUS_CIPHER_SUITE_1: *auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1; *integrity_alg = IPMI_INTEGRITY_NONE; *crypt_alg = IPMI_CRYPT_NONE; break; - case 2: + case IPMI_LANPLUS_CIPHER_SUITE_2: *auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1; *integrity_alg = IPMI_INTEGRITY_HMAC_SHA1_96; *crypt_alg = IPMI_CRYPT_NONE; break; - case 3: + case IPMI_LANPLUS_CIPHER_SUITE_3: *auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1; *integrity_alg = IPMI_INTEGRITY_HMAC_SHA1_96; *crypt_alg = IPMI_CRYPT_AES_CBC_128; break; - case 4: + case IPMI_LANPLUS_CIPHER_SUITE_4: *auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1; *integrity_alg = IPMI_INTEGRITY_HMAC_SHA1_96; *crypt_alg = IPMI_CRYPT_XRC4_128; break; - case 5: + case IPMI_LANPLUS_CIPHER_SUITE_5: *auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1; *integrity_alg = IPMI_INTEGRITY_HMAC_SHA1_96; *crypt_alg = IPMI_CRYPT_XRC4_40; break; - case 6: + case IPMI_LANPLUS_CIPHER_SUITE_6: *auth_alg = IPMI_AUTH_RAKP_HMAC_MD5; *integrity_alg = IPMI_INTEGRITY_NONE; *crypt_alg = IPMI_CRYPT_NONE; break; - case 7: + case IPMI_LANPLUS_CIPHER_SUITE_7: *auth_alg = IPMI_AUTH_RAKP_HMAC_MD5; *integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128; *crypt_alg = IPMI_CRYPT_NONE; break; - case 8: + case IPMI_LANPLUS_CIPHER_SUITE_8: *auth_alg = IPMI_AUTH_RAKP_HMAC_MD5; *integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128; *crypt_alg = IPMI_CRYPT_AES_CBC_128; break; - case 9: + case IPMI_LANPLUS_CIPHER_SUITE_9: *auth_alg = IPMI_AUTH_RAKP_HMAC_MD5; *integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128; *crypt_alg = IPMI_CRYPT_XRC4_128; break; - case 10: + case IPMI_LANPLUS_CIPHER_SUITE_10: *auth_alg = IPMI_AUTH_RAKP_HMAC_MD5; *integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128; *crypt_alg = IPMI_CRYPT_XRC4_40; break; - case 11: + case IPMI_LANPLUS_CIPHER_SUITE_11: *auth_alg = IPMI_AUTH_RAKP_HMAC_MD5; *integrity_alg = IPMI_INTEGRITY_MD5_128; *crypt_alg = IPMI_CRYPT_NONE; break; - case 12: + case IPMI_LANPLUS_CIPHER_SUITE_12: *auth_alg = IPMI_AUTH_RAKP_HMAC_MD5; *integrity_alg = IPMI_INTEGRITY_MD5_128; *crypt_alg = IPMI_CRYPT_AES_CBC_128; break; - case 13: + case IPMI_LANPLUS_CIPHER_SUITE_13: *auth_alg = IPMI_AUTH_RAKP_HMAC_MD5; *integrity_alg = IPMI_INTEGRITY_MD5_128; *crypt_alg = IPMI_CRYPT_XRC4_128; break; - case 14: + case IPMI_LANPLUS_CIPHER_SUITE_14: *auth_alg = IPMI_AUTH_RAKP_HMAC_MD5; *integrity_alg = IPMI_INTEGRITY_MD5_128; *crypt_alg = IPMI_CRYPT_XRC4_40; break; #ifdef HAVE_CRYPTO_SHA256 - case 15: + case IPMI_LANPLUS_CIPHER_SUITE_15: *auth_alg = IPMI_AUTH_RAKP_HMAC_SHA256; *integrity_alg = IPMI_INTEGRITY_NONE; *crypt_alg = IPMI_CRYPT_NONE; break; - case 16: + case IPMI_LANPLUS_CIPHER_SUITE_16: *auth_alg = IPMI_AUTH_RAKP_HMAC_SHA256; *integrity_alg = IPMI_INTEGRITY_HMAC_SHA256_128; *crypt_alg = IPMI_CRYPT_NONE; break; - case 17: + case IPMI_LANPLUS_CIPHER_SUITE_17: *auth_alg = IPMI_AUTH_RAKP_HMAC_SHA256; *integrity_alg = IPMI_INTEGRITY_HMAC_SHA256_128; *crypt_alg = IPMI_CRYPT_AES_CBC_128; break; #endif /* HAVE_CRYPTO_SHA256 */ + case IPMI_LANPLUS_CIPHER_SUITE_RESERVED: + default: + return 1; } return 0; } - - -/* - * Reverse the order of arbitrarily long strings of bytes - */ -void lanplus_swap( - uint8_t * buffer, - int length) -{ - int i; - uint8_t temp; - - for (i =0; i < length/2; ++i) - { - temp = buffer[i]; - buffer[i] = buffer[length - 1 - i]; - buffer[length - 1 - i] = temp; - } -} - - - static const struct valstr plus_payload_types_vals[] = { { IPMI_PAYLOAD_TYPE_IPMI, "IPMI (0)" }, // IPMI Message { IPMI_PAYLOAD_TYPE_SOL, "SOL (1)" }, // SOL (Serial over LAN) @@ -320,7 +291,7 @@ ipmi_req_add_entry(struct ipmi_intf * intf, struct ipmi_rq * req, uint8_t req_se struct ipmi_rq_entry * e; e = malloc(sizeof(struct ipmi_rq_entry)); - if (e == NULL) { + if (!e) { lprintf(LOG_ERR, "ipmitool: malloc failure"); return NULL; } @@ -331,7 +302,7 @@ ipmi_req_add_entry(struct ipmi_intf * intf, struct ipmi_rq * req, uint8_t req_se e->intf = intf; e->rq_seq = req_seq; - if (ipmi_req_entries == NULL) + if (!ipmi_req_entries) ipmi_req_entries = e; else ipmi_req_entries_tail->next = e; @@ -523,7 +494,7 @@ ipmi_lan_recv_packet(struct ipmi_intf * intf) * asf.data[f:a]= 0x000000000000 */ static int -ipmi_handle_pong(struct ipmi_intf * intf, struct ipmi_rs * rsp) +ipmi_handle_pong(struct ipmi_rs *rsp) { struct rmcp_pong { struct rmcp_hdr rmcp; @@ -533,7 +504,7 @@ ipmi_handle_pong(struct ipmi_intf * intf, struct ipmi_rs * rsp) uint8_t sup_entities; uint8_t sup_interact; uint8_t reserved[6]; - } * pong; + } *pong; if (!rsp) return -1; @@ -595,7 +566,7 @@ ipmiv2_lan_ping(struct ipmi_intf * intf) int rv; data = malloc(len); - if (data == NULL) { + if (!data) { lprintf(LOG_ERR, "ipmitool: malloc failure"); return -1; } @@ -644,7 +615,7 @@ ipmi_lan_poll_single(struct ipmi_intf * intf) rsp = ipmi_lan_recv_packet(intf); /* check if no packet has come */ - if (rsp == NULL) { + if (!rsp) { return NULL; } @@ -653,7 +624,7 @@ ipmi_lan_poll_single(struct ipmi_intf * intf) if (rmcp_rsp->class == RMCP_CLASS_ASF) { /* might be ping response packet */ - rv = ipmi_handle_pong(intf, rsp); + rv = ipmi_handle_pong(rsp); return (rv <= 0) ? NULL : rsp; } @@ -683,7 +654,7 @@ ipmi_lan_poll_single(struct ipmi_intf * intf) * ------------------------------------------------------------------- */ - read_session_data(rsp, &offset, intf->session); + read_session_data(rsp, &offset); /* * Skip packets that are not intended for this session @@ -764,14 +735,12 @@ ipmi_lan_poll_single(struct ipmi_intf * intf) entry = ipmi_req_lookup_entry(rsp->payload.ipmi_response.rq_seq, rsp->payload.ipmi_response.cmd); - if (entry == NULL) { + if (!entry) { lprintf(LOG_INFO, "IPMI Request Match NOT FOUND"); /* read one more packet */ return (struct ipmi_rs *)1; }; - uint8_t target_cmd = entry->req.msg.target_cmd; - lprintf(LOG_DEBUG+2, "IPMI Request Match found"); if (entry->bridging_level) { @@ -790,12 +759,6 @@ ipmi_lan_poll_single(struct ipmi_intf * intf) if (payload_size > 8) { printbuf(&rsp->data[offset], (rsp->data_len-offset-1), "bridge command response"); - /* - * decrement payload size - * (cks2 for outer Send Message) - */ - payload_size--; - /* * need to make a loop for embedded bridged response */ @@ -819,9 +782,12 @@ ipmi_lan_poll_single(struct ipmi_intf * intf) * rsp->data_len becomes the length of that data */ extra_data_length = payload_size - (offset - payload_start) - 1; - if (extra_data_length) { + if (extra_data_length > 0) { rsp->data_len = extra_data_length; memmove(rsp->data, rsp->data + offset, extra_data_length); + offset = 0; + payload_start = 0; + payload_size = extra_data_length; } else { rsp->data_len = 0; } @@ -873,7 +839,7 @@ ipmi_lan_poll_single(struct ipmi_intf * intf) } read_sol_packet(rsp, &offset); extra_data_length = payload_size - (offset - payload_start); - if (rsp && extra_data_length) { + if (extra_data_length > 0) { rsp->data_len = extra_data_length; memmove(rsp->data, rsp->data + offset, extra_data_length); } else { @@ -990,7 +956,7 @@ read_open_session_response(struct ipmi_rs * rsp, int offset) * * param rsp [in/out] reading from the data variable and writing to the rakp 2 * section - * param offset [in] tells us where hte rakp2 payload starts + * param offset [in] tells us where the rakp2 payload starts * param auth_alg [in] describes the authentication algorithm was agreed upon in * the open session request/response phase. We need to know that here so * that we know how many bytes (if any) to read fromt the packet. @@ -1011,31 +977,19 @@ read_rakp2_message( /* RAKP response code */ rsp->payload.rakp2_message.rakp_return_code = rsp->data[offset + 1]; - /* Console session ID */ - memcpy(&(rsp->payload.rakp2_message.console_id), - rsp->data + offset + 4, - 4); - #if WORDS_BIGENDIAN - rsp->payload.rakp2_message.console_id = - BSWAP_32(rsp->payload.rakp2_message.console_id); - #endif + /* Console session ID */ + rsp->payload.rakp2_message.console_id = ipmi32toh(&rsp->data[offset + 4]); - /* BMC random number */ - memcpy(&(rsp->payload.rakp2_message.bmc_rand), - rsp->data + offset + 8, - 16); - #if WORDS_BIGENDIAN - lanplus_swap(rsp->payload.rakp2_message.bmc_rand, 16); - #endif + /* BMC random number */ + memcpy(&(rsp->payload.rakp2_message.bmc_rand), + array_letoh(&rsp->data[offset + 8], 16), + 16); + + /* BMC GUID */ + memcpy(&(rsp->payload.rakp2_message.bmc_guid), + array_letoh(&rsp->data[offset + 24], 16), + 16); - /* BMC GUID */ - memcpy(&(rsp->payload.rakp2_message.bmc_guid), - rsp->data + offset + 24, - 16); - #if WORDS_BIGENDIAN - lanplus_swap(rsp->payload.rakp2_message.bmc_guid, 16); - #endif - /* Key exchange authentication code */ switch (auth_alg) { @@ -1089,7 +1043,7 @@ read_rakp2_message( * * param rsp [in/out] reading from the data variable and writing to the rakp * 4 section - * param offset [in] tells us where hte rakp4 payload starts + * param offset [in] tells us where the rakp4 payload starts * param integrity_alg [in] describes the authentication algorithm was * agreed upon in the open session request/response phase. We need * to know that here so that we know how many bytes (if any) to read @@ -1111,16 +1065,9 @@ read_rakp4_message( /* RAKP response code */ rsp->payload.rakp4_message.rakp_return_code = rsp->data[offset + 1]; - /* Console session ID */ - memcpy(&(rsp->payload.rakp4_message.console_id), - rsp->data + offset + 4, - 4); - #if WORDS_BIGENDIAN - rsp->payload.rakp4_message.console_id = - BSWAP_32(rsp->payload.rakp4_message.console_id); - #endif + /* Console session ID */ + rsp->payload.rakp4_message.console_id = ipmi32toh(&rsp->data[offset + 4]); - /* Integrity check value */ switch (auth_alg) { @@ -1178,21 +1125,19 @@ read_rakp4_message( * param offset [in/out] should point to the beginning of the session when * this function is called. The offset will be adjusted to * point to the end of the session when this function exits. - * param session holds our session state */ void read_session_data( struct ipmi_rs * rsp, - int * offset, - struct ipmi_session * s) + int * offset) { /* We expect to read different stuff depending on the authtype */ rsp->session.authtype = rsp->data[*offset]; if (rsp->session.authtype == IPMI_SESSION_AUTHTYPE_RMCP_PLUS) - read_session_data_v2x(rsp, offset, s); + read_session_data_v2x(rsp, offset); else - read_session_data_v15(rsp, offset, s); + read_session_data_v15(rsp, offset); } @@ -1218,8 +1163,7 @@ read_session_data( void read_session_data_v2x( struct ipmi_rs * rsp, - int * offset, - struct ipmi_session * s) + int * offset) { rsp->session.authtype = rsp->data[(*offset)++]; @@ -1231,25 +1175,15 @@ read_session_data_v2x( rsp->session.payloadtype = rsp->data[(*offset)++] & 0x3F; /* Session ID */ - memcpy(&rsp->session.id, rsp->data + *offset, 4); + rsp->session.id = ipmi32toh(&rsp->data[*offset]); *offset += 4; - #if WORDS_BIGENDIAN - rsp->session.id = BSWAP_32(rsp->session.id); - #endif - /* Ignored, so far */ - memcpy(&rsp->session.seq, rsp->data + *offset, 4); + rsp->session.seq = ipmi32toh(&rsp->data[*offset]); *offset += 4; - #if WORDS_BIGENDIAN - rsp->session.seq = BSWAP_32(rsp->session.seq); - #endif - memcpy(&rsp->session.msglen, rsp->data + *offset, 2); + rsp->session.msglen = ipmi16toh(&rsp->data[*offset]); *offset += 2; - #if WORDS_BIGENDIAN - rsp->session.msglen = BSWAP_16(rsp->session.msglen); - #endif } @@ -1257,7 +1191,7 @@ read_session_data_v2x( /* * read_session_data_v15 * - * Initialize the ipmi_rsp from the session header of the packet. + * Initialize the ipmi_rsp from the session header of the packet. * * The offset should point the first byte of the the IPMI session when this * function is called. When this function exits, the offset will point to @@ -1272,8 +1206,7 @@ read_session_data_v2x( */ void read_session_data_v15( struct ipmi_rs * rsp, - int * offset, - struct ipmi_session * s) + int * offset) { /* All v15 messages are IPMI messages */ rsp->session.payloadtype = IPMI_PAYLOAD_TYPE_IPMI; @@ -1537,7 +1470,6 @@ void getIpmiPayloadWireRep( * param payload [in] holds the v2 payload with our SOL data */ void getSolPayloadWireRep( - struct ipmi_intf * intf, /* in out */ uint8_t * msg, /* output */ struct ipmi_v2_payload * payload) /* input */ { @@ -1667,7 +1599,7 @@ ipmi_lanplus_build_v2x_msg( msg = malloc(len); - if (msg == NULL) { + if (!msg) { lprintf(LOG_ERR, "ipmitool: malloc failure"); return; } @@ -1743,7 +1675,7 @@ ipmi_lanplus_build_v2x_msg( break; case IPMI_PAYLOAD_TYPE_SOL: - getSolPayloadWireRep(intf, + getSolPayloadWireRep( msg + IPMI_LANPLUS_OFFSET_PAYLOAD, payload); @@ -1971,8 +1903,6 @@ ipmi_lanplus_build_v2x_ipmi_cmd( entry = ipmi_req_add_entry(intf, req, curr_seq); /* it's a bridge command */ } else { - unsigned char backup_cmd; - /* Add entry for cmd */ entry = ipmi_req_add_entry(intf, req, curr_seq); @@ -1988,7 +1918,7 @@ ipmi_lanplus_build_v2x_ipmi_cmd( } } - if (entry == NULL) + if (!entry) return NULL; // Build our payload @@ -2054,13 +1984,13 @@ ipmi_lanplus_build_v15_ipmi_cmd( struct ipmi_rq_entry * entry; entry = ipmi_req_add_entry(intf, req, 0); - if (entry == NULL) + if (!entry) return NULL; len = req->msg.data_len + 21; msg = malloc(len); - if (msg == NULL) { + if (!msg) { lprintf(LOG_ERR, "ipmitool: malloc failure"); return NULL; } @@ -2251,7 +2181,7 @@ ipmi_lanplus_send_payload( entry = ipmi_lanplus_build_v2x_ipmi_cmd(intf, ipmi_request, isRetry); } - if (entry == NULL) { + if (!entry) { lprintf(LOG_ERR, "Aborting send command, unable to build"); return NULL; } @@ -2397,7 +2327,7 @@ ipmi_lanplus_send_payload( /* Duplicate Request ccode most likely indicates a response to a previous retry. Ignore and keep polling. */ - while ((rsp != NULL) && (rsp->ccode == 0xcf)) + while (rsp && rsp->ccode == 0xcf) { rsp = NULL; rsp = ipmi_lan_poll_recv(intf); @@ -2584,7 +2514,6 @@ ipmi_lanplus_send_sol( */ static int check_sol_packet_for_new_data( - struct ipmi_intf * intf, struct ipmi_rs *rsp) { static uint8_t last_received_sequence_number = 0; @@ -2623,7 +2552,7 @@ check_sol_packet_for_new_data( /* - *Rember the data for next round + * Remember the data for next round */ if (rsp->payload.sol_packet.packet_sequence_number) { @@ -2700,7 +2629,7 @@ ipmi_lanplus_recv_sol(struct ipmi_intf * intf) * Remembers the data sent, and alters the data to just * include the new stuff. */ - check_sol_packet_for_new_data(intf, rsp); + check_sol_packet_for_new_data(rsp); } return rsp; } @@ -2770,7 +2699,7 @@ ipmi_get_auth_capabilities_cmd( rsp = intf->sendrecv(intf, &req); - if (rsp == NULL || rsp->ccode > 0) { + if (!rsp || rsp->ccode) { /* * It's very possible that this failed because we asked for IPMI * v2 data. Ask again, without requesting IPMI v2 data. @@ -2779,11 +2708,11 @@ ipmi_get_auth_capabilities_cmd( rsp = intf->sendrecv(intf, &req); - if (rsp == NULL) { + if (!rsp) { lprintf(LOG_INFO, "Get Auth Capabilities error"); return 1; } - if (rsp->ccode > 0) { + if (rsp->ccode) { lprintf(LOG_INFO, "Get Auth Capabilities error: %s", val2str(rsp->ccode, completion_code_vals)); return 1; @@ -2808,10 +2737,9 @@ ipmi_close_session_cmd(struct ipmi_intf * intf) struct ipmi_rs * rsp; struct ipmi_rq req; uint8_t msg_data[4]; - uint32_t bmc_session_lsbf; uint8_t backupBridgePossible; - if (intf->session == NULL + if (!intf->session || intf->session->v2_data.session_state != LANPLUS_STATE_ACTIVE) return -1; @@ -2820,12 +2748,7 @@ ipmi_close_session_cmd(struct ipmi_intf * intf) intf->target_addr = IPMI_BMC_SLAVE_ADDR; bridgePossible = 0; - bmc_session_lsbf = intf->session->v2_data.bmc_id; -#if WORDS_BIGENDIAN - bmc_session_lsbf = BSWAP_32(bmc_session_lsbf); -#endif - - memcpy(&msg_data, &bmc_session_lsbf, 4); + htoipmi32(intf->session->v2_data.bmc_id, msg_data); memset(&req, 0, sizeof(req)); req.msg.netfn = IPMI_NETFN_APP; @@ -2834,7 +2757,7 @@ ipmi_close_session_cmd(struct ipmi_intf * intf) req.msg.data_len = 4; rsp = intf->sendrecv(intf, &req); - if (rsp == NULL) { + if (!rsp) { /* Looks like the session was closed */ lprintf(LOG_ERR, "Close Session command failed"); return -1; @@ -2848,7 +2771,7 @@ ipmi_close_session_cmd(struct ipmi_intf * intf) (long)intf->session->v2_data.bmc_id); return -1; } - if (rsp->ccode > 0) { + if (rsp->ccode) { lprintf(LOG_ERR, "Close Session command failed: %s", val2str(rsp->ccode, completion_code_vals)); return -1; @@ -2885,7 +2808,7 @@ ipmi_lanplus_open_session(struct ipmi_intf * intf) * Build an Open Session Request Payload */ msg = (uint8_t*)malloc(IPMI_OPEN_SESSION_REQUEST_SIZE); - if (msg == NULL) { + if (!msg) { lprintf(LOG_ERR, "ipmitool: malloc failure"); return 1; } @@ -2966,7 +2889,7 @@ ipmi_lanplus_open_session(struct ipmi_intf * intf) free(msg); msg = NULL; - if (rsp == NULL ) { + if (!rsp ) { lprintf(LOG_DEBUG, "Timeout in open session response message."); return 2; } @@ -3071,7 +2994,7 @@ ipmi_lanplus_rakp1(struct ipmi_intf * intf) * Build a RAKP 1 message */ msg = (uint8_t*)malloc(IPMI_RAKP1_MESSAGE_SIZE); - if (msg == NULL) { + if (!msg) { lprintf(LOG_ERR, "ipmitool: malloc failure"); return 1; } @@ -3102,9 +3025,7 @@ ipmi_lanplus_rakp1(struct ipmi_intf * intf) return 1; } memcpy(msg + 8, session->v2_data.console_rand, 16); - #if WORDS_BIGENDIAN - lanplus_swap(msg + 8, 16); - #endif + array_letoh(msg + 8, 16); if (verbose > 1) printbuf(session->v2_data.console_rand, 16, @@ -3152,7 +3073,7 @@ ipmi_lanplus_rakp1(struct ipmi_intf * intf) free(msg); msg = NULL; - if (rsp == NULL) + if (!rsp) { lprintf(LOG_WARNING, "> Error: no response from RAKP 1 message"); return 2; @@ -3236,7 +3157,7 @@ ipmi_lanplus_rakp3(struct ipmi_intf * intf) * Build a RAKP 3 message */ msg = (uint8_t*)malloc(IPMI_RAKP3_MESSAGE_MAX_SIZE); - if (msg == NULL) { + if (!msg) { lprintf(LOG_ERR, "ipmitool: malloc failure"); return 1; } @@ -3325,7 +3246,7 @@ ipmi_lanplus_rakp3(struct ipmi_intf * intf) */ return 1; } - else if (rsp == NULL) + else if (!rsp) { lprintf(LOG_WARNING, "> Error: no response from RAKP 3 message"); return 2; @@ -3416,7 +3337,7 @@ ipmi_set_session_privlvl_cmd(struct ipmi_intf * intf) req.msg.data_len = 1; rsp = intf->sendrecv(intf, &req); - if (rsp == NULL) { + if (!rsp) { lprintf(LOG_ERR, "Set Session Privilege Level to %s failed", val2str(privlvl, ipmi_privlvl_vals)); bridgePossible = backupBridgePossible; @@ -3425,7 +3346,7 @@ ipmi_set_session_privlvl_cmd(struct ipmi_intf * intf) if (verbose > 2) printbuf(rsp->data, rsp->data_len, "set_session_privlvl"); - if (rsp->ccode > 0) { + if (rsp->ccode) { lprintf(LOG_ERR, "Set Session Privilege Level to %s failed: %s", val2str(privlvl, ipmi_privlvl_vals), val2str(rsp->ccode, completion_code_vals)); @@ -3441,6 +3362,62 @@ ipmi_set_session_privlvl_cmd(struct ipmi_intf * intf) return 0; } +static uint8_t +ipmi_find_best_cipher_suite(struct ipmi_intf *intf) +{ + enum cipher_suite_ids best_suite = IPMI_LANPLUS_CIPHER_SUITE_RESERVED; +#ifdef HAVE_CRYPTO_SHA256 + struct cipher_suite_info suites[MAX_CIPHER_SUITE_COUNT]; + size_t nr_suites = ARRAY_SIZE(suites); + + /* cipher suite best order is chosen with this criteria: + * HMAC-MD5 and MD5 are BAD; xRC4 is bad; AES128 is required + * HMAC-SHA256 > HMAC-SHA1 + * secure authentication > encrypted content + * + * With xRC4 out, all cipher suites with MD5 out, and cipher suite 3 + * being required by the spec, the only better defined standard cipher + * suite is 17. So if SHA256 is available, we should try to use that, + * otherwise, fall back to 3. + */ + const enum cipher_suite_ids cipher_order_preferred[] = { + IPMI_LANPLUS_CIPHER_SUITE_17, + IPMI_LANPLUS_CIPHER_SUITE_3, + }; + const size_t nr_preferred = ARRAY_SIZE(cipher_order_preferred); + size_t ipref, i; + + if (ipmi_get_channel_cipher_suites(intf, "ipmi", IPMI_LAN_CHANNEL_E, + suites, &nr_suites) < 0) + { + /* default legacy behavior - fall back to cipher suite 3 */ + return IPMI_LANPLUS_CIPHER_SUITE_3; + } + for (ipref = 0; + ipref < nr_preferred && + IPMI_LANPLUS_CIPHER_SUITE_RESERVED == best_suite; + ipref++) + { + for (i = 0; i < nr_suites; i++) { + if (cipher_order_preferred[ipref] + == suites[i].cipher_suite_id) + { + best_suite = cipher_order_preferred[ipref]; + break; + } + } + } +#endif /* HAVE_CRYPTO_SHA256 */ + if (IPMI_LANPLUS_CIPHER_SUITE_RESERVED == best_suite) { + /* IPMI 2.0 spec requires that cipher suite 3 is implemented + * so we should always be able to fall back to that if better + * options are not available. */ + best_suite = IPMI_LANPLUS_CIPHER_SUITE_3; + } + lprintf(LOG_INFO, "Using best available cipher suite %d\n", best_suite); + return best_suite; +} + /** * ipmi_lanplus_open */ @@ -3470,7 +3447,7 @@ ipmi_lanplus_open(struct ipmi_intf * intf) if (!params->retry) params->retry = IPMI_LAN_RETRY; - if (params->hostname == NULL || strlen((const char *)params->hostname) == 0) { + if (!params->hostname || strlen((const char *)params->hostname) == 0) { lprintf(LOG_ERR, "No hostname specified!"); return -1; } @@ -3491,7 +3468,9 @@ ipmi_lanplus_open(struct ipmi_intf * intf) /* Setup our lanplus session state */ memset(session, 0, sizeof(struct ipmi_session)); session->timeout = params->timeout; - memcpy(&session->authcode, ¶ms->authcode_set, sizeof(session->authcode)); + memcpy(&session->authcode, + ¶ms->authcode_set, + sizeof(session->authcode)); session->v2_data.auth_alg = IPMI_AUTH_RAKP_NONE; session->v2_data.crypt_alg = IPMI_CRYPT_NONE; session->sol_data.sequence_number = 1; @@ -3510,15 +3489,30 @@ ipmi_lanplus_open(struct ipmi_intf * intf) goto fail; } - if (!ipmi_oem_active(intf, "i82571spt") && ! auth_cap.v20_data_available) { + if (!ipmi_oem_active(intf, "i82571spt") && + !auth_cap.v20_data_available) + { lprintf(LOG_INFO, "This BMC does not support IPMI v2 / RMCP+"); goto fail; } /* - * If the open/rakp1/rakp3 sequence encounters a timeout, the whole sequence - * needs to restart. The individual messages are not individually retryable, - * as the session state is advancing. + * If no cipher suite was provided, query the channel cipher suite list + * and pick the best one available + */ + if (IPMI_LANPLUS_CIPHER_SUITE_RESERVED == + intf->ssn_params.cipher_suite_id) + { + ipmi_intf_session_set_cipher_suite_id( + intf, + ipmi_find_best_cipher_suite(intf) + ); + } + + /* + * If the open/rakp1/rakp3 sequence encounters a timeout, the whole + * sequence needs to restart. The individual messages are not + * individually retryable, as the session state is advancing. */ for (retry = 0; retry < IPMI_LAN_RETRY; retry++) { session->v2_data.session_state = LANPLUS_STATE_PRESESSION; @@ -3687,21 +3681,19 @@ ipmi_lanplus_keepalive(struct ipmi_intf * intf) return 0; rsp = intf->sendrecv(intf, &req); - while (rsp != NULL && is_sol_packet(rsp)) { + while (rsp && is_sol_packet(rsp)) { /* rsp was SOL data instead of our answer */ /* since it didn't go through the sol recv, do sol recv stuff here */ ack_sol_packet(intf, rsp); - check_sol_packet_for_new_data(intf, rsp); + check_sol_packet_for_new_data(rsp); if (rsp->data_len) intf->session->sol_data.sol_input_handler(rsp); rsp = ipmi_lan_poll_recv(intf); - if (rsp == NULL) /* the get device id answer never got back, but retry mechanism was bypassed by SOL data */ + if (!rsp) /* the get device id answer never got back, but retry mechanism was bypassed by SOL data */ return 0; /* so get device id command never returned, the connection is still alive */ } - if (rsp == NULL) - return -1; - if (rsp->ccode > 0) + if (!rsp || rsp->ccode) return -1; return 0; @@ -3728,7 +3720,7 @@ static int ipmi_lanplus_setup(struct ipmi_intf * intf) static void ipmi_lanp_set_max_rq_data_size(struct ipmi_intf * intf, uint16_t size) { - if (intf->ssn_params.cipher_suite_id == 3) { + if (intf->ssn_params.cipher_suite_id == IPMI_LANPLUS_CIPHER_SUITE_3) { /* * encrypted payload can only be multiple of 16 bytes */ @@ -3746,7 +3738,7 @@ static void ipmi_lanp_set_max_rq_data_size(struct ipmi_intf * intf, uint16_t siz static void ipmi_lanp_set_max_rp_data_size(struct ipmi_intf * intf, uint16_t size) { - if (intf->ssn_params.cipher_suite_id == 3) { + if (intf->ssn_params.cipher_suite_id == IPMI_LANPLUS_CIPHER_SUITE_3) { /* * encrypted payload can only be multiple of 16 bytes */ diff --git a/src/plugins/lanplus/lanplus.h b/src/plugins/lanplus/lanplus.h index d967462..3e287ae 100644 --- a/src/plugins/lanplus/lanplus.h +++ b/src/plugins/lanplus/lanplus.h @@ -30,8 +30,7 @@ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. */ -#ifndef IPMI_LANPLUS_H -#define IPMI_LANPLUS_H +#pragma once #include @@ -113,7 +112,7 @@ /* *This is accurate, as long as we're only passing 1 auth algorithm, - * one integrity algorithm, and 1 encyrption alogrithm + * one integrity algorithm, and 1 encyrption algorithm */ #define IPMI_OPEN_SESSION_REQUEST_SIZE 32 #define IPMI_RAKP1_MESSAGE_SIZE 44 @@ -130,5 +129,3 @@ struct ipmi_rs * ipmi_lan_send_cmd(struct ipmi_intf * intf, struct ipmi_rq * req int ipmi_lanplus_open(struct ipmi_intf * intf); void ipmi_lanplus_close(struct ipmi_intf * intf); int ipmiv2_lan_ping(struct ipmi_intf * intf); - -#endif /*IPMI_LAN_H*/ diff --git a/src/plugins/lanplus/lanplus_crypt.c b/src/plugins/lanplus/lanplus_crypt.c index cb963f4..b4d677b 100644 --- a/src/plugins/lanplus/lanplus_crypt.c +++ b/src/plugins/lanplus/lanplus_crypt.c @@ -84,12 +84,16 @@ lanplus_rakp2_hmac_matches(const struct ipmi_session * session, return 1; /* We don't yet support other algorithms */ +#ifdef HAVE_CRYPTO_SHA256 // assert() is a macro, must not put #ifdef inside it assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1) || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5) -#ifdef HAVE_CRYPTO_SHA256 || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA256) -#endif /* HAVE_CRYPTO_SHA256 */ ); +#else + assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1) + || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5) + ); +#endif /* HAVE_CRYPTO_SHA256 */ bufferLength = @@ -103,7 +107,7 @@ lanplus_rakp2_hmac_matches(const struct ipmi_session * session, strlen((const char *)intf->ssn_params.username); /* optional */ buffer = malloc(bufferLength); - if (buffer == NULL) { + if (!buffer) { lprintf(LOG_ERR, "ipmitool: malloc failure"); return 1; } @@ -251,12 +255,16 @@ lanplus_rakp4_hmac_matches(const struct ipmi_session * session, return 1; /* We don't yet support other algorithms */ +#ifdef HAVE_CRYPTO_SHA256 // assert() is a macro, must not put #ifdef inside it assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1) || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5) -#ifdef HAVE_CRYPTO_SHA256 || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA256) -#endif /* HAVE_CRYPTO_SHA256 */ ); +#else + assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1) + || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5) + ); +#endif /* HAVE_CRYPTO_SHA256 */ } bufferLength = @@ -265,7 +273,7 @@ lanplus_rakp4_hmac_matches(const struct ipmi_session * session, 16; /* GUIDc */ buffer = (uint8_t *)malloc(bufferLength); - if (buffer == NULL) { + if (!buffer) { lprintf(LOG_ERR, "ipmitool: malloc failure"); return 1; } @@ -417,12 +425,16 @@ lanplus_generate_rakp3_authcode(uint8_t * output_buffer, } /* We don't yet support other algorithms */ +#ifdef HAVE_CRYPTO_SHA256 // assert() is a macro, must not put #ifdef inside it assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1) || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5) -#ifdef HAVE_CRYPTO_SHA256 || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA256) -#endif /* HAVE_CRYPTO_SHA256 */ ); +#else + assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1) + || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5) + ); +#endif /* HAVE_CRYPTO_SHA256 */ input_buffer_length = 16 + /* Rc */ @@ -432,7 +444,7 @@ lanplus_generate_rakp3_authcode(uint8_t * output_buffer, strlen((const char *)intf->ssn_params.username); input_buffer = malloc(input_buffer_length); - if (input_buffer == NULL) { + if (!input_buffer) { lprintf(LOG_ERR, "ipmitool: malloc failure"); return 1; } @@ -512,7 +524,7 @@ lanplus_generate_rakp3_authcode(uint8_t * output_buffer, * - Usename (absent for null usernames) * * The key used to generated the SIK is Kg if Kg is not null (two-key logins are - * enabled). Otherwise Kuid (the user authcode) is used as the key to genereate + * enabled). Otherwise Kuid (the user authcode) is used as the key to generate * the SIK. * * I am aware that the subscripts look backwards, but that is the way they are @@ -539,12 +551,16 @@ lanplus_generate_sik(struct ipmi_session * session, struct ipmi_intf * intf) return 0; /* We don't yet support other algorithms */ +#ifdef HAVE_CRYPTO_SHA256 // assert() is a macro, must not put #ifdef inside it assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1) || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5) -#ifdef HAVE_CRYPTO_SHA256 || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA256) -#endif /* HAVE_CRYPTO_SHA256 */ ); +#else + assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1) + || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5) + ); +#endif /* HAVE_CRYPTO_SHA256 */ input_buffer_length = 16 + /* Rm */ @@ -554,7 +570,7 @@ lanplus_generate_sik(struct ipmi_session * session, struct ipmi_intf * intf) strlen((const char *)intf->ssn_params.username); input_buffer = malloc(input_buffer_length); - if (input_buffer == NULL) { + if (!input_buffer) { lprintf(LOG_ERR, "ipmitool: malloc failure"); return 1; } @@ -836,7 +852,7 @@ lanplus_encrypt_payload(uint8_t crypt_alg, pad_length = IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE - mod; padded_input = (uint8_t*)malloc(input_length + pad_length + 1); - if (padded_input == NULL) { + if (!padded_input) { lprintf(LOG_ERR, "ipmitool: malloc failure"); return 1; } @@ -853,7 +869,7 @@ lanplus_encrypt_payload(uint8_t crypt_alg, if (lanplus_rand(output, IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE)) { lprintf(LOG_ERR, "lanplus_encrypt_payload: Error generating IV"); - if (padded_input != NULL) { + if (padded_input) { free(padded_input); padded_input = NULL; } @@ -897,7 +913,7 @@ lanplus_encrypt_payload(uint8_t crypt_alg, * * The authcode is computed using the specified integrity algorithm starting * with the AuthType / Format field, and ending with the field immediately - * preceeding the authcode itself. + * preceding the authcode itself. * * The key key used to generate the authcode MAC is K1. * @@ -1003,7 +1019,7 @@ lanplus_decrypt_payload(uint8_t crypt_alg, const uint8_t * key, assert(crypt_alg == IPMI_CRYPT_AES_CBC_128); decrypted_payload = (uint8_t*)malloc(input_length); - if (decrypted_payload == NULL) { + if (!decrypted_payload) { lprintf(LOG_ERR, "ipmitool: malloc failure"); return 1; } @@ -1029,7 +1045,7 @@ lanplus_decrypt_payload(uint8_t crypt_alg, const uint8_t * key, bytes_decrypted); /* - * We have to determine the payload size, by substracting the padding, etc. + * We have to determine the payload size, by subtracting the padding, etc. * The last byte of the decrypted payload is the confidentiality pad length. */ conf_pad_length = decrypted_payload[bytes_decrypted - 1]; diff --git a/src/plugins/lanplus/lanplus_crypt.h b/src/plugins/lanplus/lanplus_crypt.h index d69cc9b..1c306dd 100644 --- a/src/plugins/lanplus/lanplus_crypt.h +++ b/src/plugins/lanplus/lanplus_crypt.h @@ -30,8 +30,7 @@ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. */ -#ifndef IPMI_LANPLUS_CRYPT_H -#define IPMI_LANPLUS_CRYPT_H +#pragma once #include @@ -68,8 +67,3 @@ int lanplus_decrypt_payload(uint8_t crypt_alg, uint16_t * payload_size); int lanplus_has_valid_auth_code(struct ipmi_rs * rs, struct ipmi_session * session); - - - - -#endif /* IPMI_LANPLUS_CRYPT_H */ diff --git a/src/plugins/lanplus/lanplus_crypt_impl.c b/src/plugins/lanplus/lanplus_crypt_impl.c index d5fac37..7603e6d 100644 --- a/src/plugins/lanplus/lanplus_crypt_impl.c +++ b/src/plugins/lanplus/lanplus_crypt_impl.c @@ -102,7 +102,7 @@ lanplus_rand(uint8_t * buffer, uint32_t num_bytes) * param mac specifies the algorithm to be used, currently SHA1, SHA256 and MD5 * are supported * param key is the key used for HMAC generation - * param key_len is the lenght of key + * param key_len is the length of key * param d is the data to be MAC'd * param n is the length of the data at d * param md is the result of the HMAC algorithm @@ -164,11 +164,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, uint8_t * output, uint32_t * bytes_written) { - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); - EVP_CIPHER_CTX_set_padding(&ctx, 0); - + EVP_CIPHER_CTX *ctx = NULL; *bytes_written = 0; @@ -182,6 +178,18 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, printbuf(input, input_length, "encrypting this data"); } + ctx = EVP_CIPHER_CTX_new(); + if (!ctx) { + lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed"); + return; + } +#if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_CIPHER_CTX_init(ctx); +#else + EVP_CIPHER_CTX_reset(ctx); +#endif + EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); + EVP_CIPHER_CTX_set_padding(ctx, 0); /* * The default implementation adds a whole block of padding if the input @@ -191,28 +199,28 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); - if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length)) + if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length)) { /* Error */ *bytes_written = 0; - return; } else { uint32_t tmplen; - if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen)) + if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen)) { + /* Error */ *bytes_written = 0; - return; /* Error */ } else { /* Success */ *bytes_written += tmplen; - EVP_CIPHER_CTX_cleanup(&ctx); } } + /* performs cleanup and free */ + EVP_CIPHER_CTX_free(ctx); } @@ -239,11 +247,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, uint8_t * output, uint32_t * bytes_written) { - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); - EVP_CIPHER_CTX_set_padding(&ctx, 0); - + EVP_CIPHER_CTX *ctx = NULL; if (verbose >= 5) { @@ -252,12 +256,24 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, printbuf(input, input_length, "decrypting this data"); } - *bytes_written = 0; if (input_length == 0) return; + ctx = EVP_CIPHER_CTX_new(); + if (!ctx) { + lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed"); + return; + } +#if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_CIPHER_CTX_init(ctx); +#else + EVP_CIPHER_CTX_reset(ctx); +#endif + EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); + EVP_CIPHER_CTX_set_padding(ctx, 0); + /* * The default implementation adds a whole block of padding if the input * data is perfectly aligned. We would like to keep that from happening. @@ -266,33 +282,33 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); - if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length)) + if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length)) { /* Error */ lprintf(LOG_DEBUG, "ERROR: decrypt update failed"); *bytes_written = 0; - return; } else { uint32_t tmplen; - if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen)) + if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen)) { + /* Error */ char buffer[1000]; ERR_error_string(ERR_get_error(), buffer); lprintf(LOG_DEBUG, "the ERR error %s", buffer); lprintf(LOG_DEBUG, "ERROR: decrypt final failed"); *bytes_written = 0; - return; /* Error */ } else { /* Success */ *bytes_written += tmplen; - EVP_CIPHER_CTX_cleanup(&ctx); } } + /* performs cleanup and free */ + EVP_CIPHER_CTX_free(ctx); if (verbose >= 5) { diff --git a/src/plugins/lanplus/lanplus_crypt_impl.h b/src/plugins/lanplus/lanplus_crypt_impl.h index ff534bc..a48c6b7 100644 --- a/src/plugins/lanplus/lanplus_crypt_impl.h +++ b/src/plugins/lanplus/lanplus_crypt_impl.h @@ -30,9 +30,7 @@ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. */ -#ifndef IPMI_LANPLUS_CRYPT_IMPL_H -#define IPMI_LANPLUS_CRYPT_IMPL_H - +#pragma once int lanplus_seed_prng(uint32_t bytes); @@ -61,6 +59,3 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, uint32_t input_length, uint8_t * output, uint32_t * bytes_written); - - -#endif /* IPMI_LANPLUS_CRYPT_IMPL_H */ diff --git a/src/plugins/lanplus/lanplus_dump.h b/src/plugins/lanplus/lanplus_dump.h index 4e29ebb..d4c8a8d 100644 --- a/src/plugins/lanplus/lanplus_dump.h +++ b/src/plugins/lanplus/lanplus_dump.h @@ -30,9 +30,7 @@ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. */ - -#ifndef IPMI_LANPLUS_DUMP_H -#define IPMI_LANPLUS_DUMP_H +#pragma once #include @@ -40,6 +38,3 @@ void lanplus_dump_open_session_response(const struct ipmi_rs * rsp); void lanplus_dump_rakp2_message(const struct ipmi_rs * rsp, uint8_t auth_alg); void lanplus_dump_rakp4_message(const struct ipmi_rs * rsp, uint8_t auth_alg); - - -#endif /* IPMI_LANPLUS_DUMP_H */ diff --git a/src/plugins/lanplus/rmcp.h b/src/plugins/lanplus/rmcp.h index 51dc44d..df07f2f 100644 --- a/src/plugins/lanplus/rmcp.h +++ b/src/plugins/lanplus/rmcp.h @@ -30,8 +30,7 @@ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. */ -#ifndef IPMI_RMCP_H -#define IPMI_RMCP_H +#pragma once #include #include "lanplus.h" @@ -45,24 +44,11 @@ #define RMCP_TYPE_NORM 0x00 #define RMCP_TYPE_ACK 0x01 -static const struct valstr rmcp_type_vals[] __attribute__((unused)) = { - { RMCP_TYPE_NORM, "Normal RMCP" }, - { RMCP_TYPE_ACK, "RMCP ACK" }, - { 0, NULL } -}; - #define RMCP_CLASS_MASK 0x1f #define RMCP_CLASS_ASF 0x06 #define RMCP_CLASS_IPMI 0x07 #define RMCP_CLASS_OEM 0x08 -static const struct valstr rmcp_class_vals[] __attribute__((unused)) = { - { RMCP_CLASS_ASF, "ASF" }, - { RMCP_CLASS_IPMI, "IPMI" }, - { RMCP_CLASS_OEM, "OEM" }, - { 0, NULL } -}; - /* RMCP message header */ #ifdef HAVE_PRAGMA_PACK #pragma pack(1) @@ -78,5 +64,3 @@ struct rmcp_hdr { #endif int handle_rmcp(struct ipmi_intf * intf, uint8_t * data, int data_len); - -#endif /* IPMI_RMCP_H */ -- cgit v1.2.3