clang-format: copy latest and re-format

clang-format-17 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest

clang-format: copy latest and re-format

clang-format-17 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest .clang-format from the docs repository and reformat the
repository.

Change-Id: I04b3a42ae6b6e53cad330bcd6b524d78368d2bd1
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

Remove autotools build

Change-Id: Ic9119f221c23ceecc3fec79ab752a9b2dddbe2ec
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

Remove Richard

Richard has left the project and asked that I remove him from the OWNERS
file.

Change-Id: I6cc0ceead9c2c5fd33cfdf3710dd95da582cf5bf
Signed-off-by: Jason M. Bills <jason.m.bills@intel

Remove Richard

Richard has left the project and asked that I remove him from the OWNERS
file.

Change-Id: I6cc0ceead9c2c5fd33cfdf3710dd95da582cf5bf
Signed-off-by: Jason M. Bills <jason.m.bills@intel.com>

show more ...

Add meson build

This adds the meson build files to be able to use meson instead of
autotools.

Tested: builds as expected, able to change password and log in.

Change-Id: I834b2fe205c3b79086b7a55e4b

Add meson build

This adds the meson build files to be able to use meson instead of
autotools.

Tested: builds as expected, able to change password and log in.

Change-Id: I834b2fe205c3b79086b7a55e4b7bcc39efa8a95e
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

show more ...

Fixes for warnings

Migrating to meson compiles with more warnings enabled. This change
fixes those warnings. Most were signedness differences.

Tested: compiles with no errors
able to log in

Fixes for warnings

Migrating to meson compiles with more warnings enabled. This change
fixes those warnings. Most were signedness differences.

Tested: compiles with no errors
able to log in over ipmi and change password

Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
Change-Id: Iae8ac6a5797919f52d61fbf546738094e57dc2ee

show more ...

clang-format: copy latest and re-format

clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest

clang-format: copy latest and re-format

clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest .clang-format from the docs repository and reformat the
repository.

Change-Id: I67a8e53501042adf9b23a7f48e201d079aff5d69
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

build: handle usrmerge

When building for merged-usr systems, the location of libdir might
be in `/usr/lib`. We should rely on the passed in `${libdir}` for
installation rather than hard-coding as `

build: handle usrmerge

When building for merged-usr systems, the location of libdir might
be in `/usr/lib`. We should rely on the passed in `${libdir}` for
installation rather than hard-coding as `/lib/security`

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: If53ea402f1e50416bc8a0e561d42080ea68742f9

show more ...

pam-ipmi: fix ipmitool user set password failed in 64bit environment

Symptom:
We try to use ipmitool user set password command to change root
password but we got IPMI command failed as below in our

pam-ipmi: fix ipmitool user set password failed in 64bit environment

Symptom:
We try to use ipmitool user set password command to change root
password but we got IPMI command failed as below in our 64bit platform

root@evb-npcm845:~# ipmitool user set password 1 0penBmc0
IPMI command failed: Invalid data field in request
Set User Password command failed (user 1)

Root cause:
There is default ipmi_pass file be created and encrypted in 32bit
environment from pam-ipmi original design before. According the
failed message, we found that PAM_AUTHTOK_ERR return from
update_pass_special_file() function that cause ipmid got bad
authentication token. Seems this file cannot be used in 64bit
environment by default that will cause ipmitool user set password
got failed

Solution:
According current pam-ipmi design that already consider if this file
does not exist then BMC will create it once a user in the ipmi group
has been added. There should not be any file there by default.
Thus, there is no need for this file. Without install this file
by default then we can got command successful

Verified:
root@evb-npcm845:~# ipmitool user set password 1 0penBmc0
Set User Password command successful (user 1)
After device reboot, we can use new password to login successfully

Signed-off-by: Tim Lee <timlee660101@gmail.com>
Change-Id: Ic4e557568d18f64f59e41f9b02fd348aff97dd24

show more ...

Update OWNERS file

Change-Id: Ic75869fb3263e48ae92d78ef2f3925adb6fc65ea
Signed-off-by: Tom Joseph <rushtotom@gmail.com>

prettier: re-format

Prettier is enabled in openbmc-build-scripts on Markdown, JSON, and YAML
files to have consistent formatting for these file types. Re-run the
formatter on the whole repository.

prettier: re-format

Prettier is enabled in openbmc-build-scripts on Markdown, JSON, and YAML
files to have consistent formatting for these file types. Re-run the
formatter on the whole repository.

Change-Id: I904e20aaa53b0bc3d537c4d450dc444aeaf8e71e
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

MAINTAINERS: remove file

The MAINTAINERS file is deprecated in favor of OWNERS.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I218510b39cf7c102376939a39dfc39f679e08647

OWNERS: switch 'matches' to 'matchers'

The original OWNERS template had a mistake which used 'matches' instead
of the field supported by the Gerrit plugin 'matchers'. Update the
OWNERS file to have

OWNERS: switch 'matches' to 'matchers'

The original OWNERS template had a mistake which used 'matches' instead
of the field supported by the Gerrit plugin 'matchers'. Update the
OWNERS file to have the correct field.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Iecdfb0138e3f0dce38732cd08657633e0fdcb1bb

show more ...

Add console error message for pam-ipmicheck

When changing the password of an IPMI user with passwd command, if a
invalid password is provided, it only gives the default error message.
This patch add

Add console error message for pam-ipmicheck

When changing the password of an IPMI user with passwd command, if a
invalid password is provided, it only gives the default error message.
This patch adds a detailed error message for interactive console in
pam-ipmicheck.

Tested:
Set a 22-char password for an ipmi user with passwd command, it prints:
"Username 4 / Password 22 exceeds IPMI 16/20 limit"

Change-Id: I1267939ae3cdee81e3efad7d6ec45f572bd83f3d
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>

show more ...

Improve exceed length limit error message

The error message printed when username or password length exceeds the
limit uses a hex value without 0x prefix, which is really confusing in
some cases. Th

Improve exceed length limit error message

The error message printed when username or password length exceeds the
limit uses a hex value without 0x prefix, which is really confusing in
some cases. This patch changes them to decimal format. Also use removes
extra strlen calls as they are of O(1) complexity.

Tested:
Update an ipmi user with a 22-char password, 22 is logged instead of 16

Change-Id: Idec08d920c6377d4db9af7dd616c73f618a1e839
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>

show more ...

Return PAM_AUTHTOK_ERR when length exceeds limit

Currently, when the length of username or password exceeds IPMI limit,
it returns PAM_NEW_AUTHTOK_REQD. But according to the man page of
pam_sm_chaut

Return PAM_AUTHTOK_ERR when length exceeds limit

Currently, when the length of username or password exceeds IPMI limit,
it returns PAM_NEW_AUTHTOK_REQD. But according to the man page of
pam_sm_chauthtok, PAM_NEW_AUTHTOK_REQD is not a vaild return value.
Return PAM_AUTHTOK_ERR instead.

Tested:
Try updating a user in ipmi group with a 21-char password by calling
pam_chauthtok, PAM_AUTHTOK_ERR is returned.

Change-Id: Ia055f253865e9f4174dcbee8eec87917b7612f94
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>

show more ...

Add OWNERS file

Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>
Change-Id: Ib86ca61b2b584144003e32eab54056b8a282a703

bootstrap: fix shellcheck warnings

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I86ef079c9632e5563a1a56d6a2e23aad59ecbc57

build: fix install race condition

It was observed in a Yocto build of openbmc/openbmc:

chmod: cannot access '/home/jenkins-slave/workspace/ci-openbmc/
distro/ubuntu/label/docker-builder/tar

build: fix install race condition

It was observed in a Yocto build of openbmc/openbmc:

chmod: cannot access '/home/jenkins-slave/workspace/ci-openbmc/
distro/ubuntu/label/docker-builder/target/witherspoon/build/work/
arm1176jzs-openbmc-linux-gnueabi/pam-ipmi/
1.0+gitAUTOINC+f3919c432f-r1/image/etc/ipmi_pass': No such file
or directory

This is caused by a race condition between 'install-exec', which
installs sysconf data, and 'install-data', which has a hook to chmod the
sysconf data. Switch from 'install-data-hook' to 'install-exec-hook' to
prevent race condition.

Per the Autotools documentation:
Variables using the standard directory prefixes ‘bin’, ‘sbin’,
‘libexec’, ‘sysconf’, ‘localstate’, ‘lib’, or ‘pkglib’ are installed
by install-exec.

Fixes openbmc/openbmc#3671.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ib6c85e77e8e10af0038feb7d0a5d35d81c958e98

show more ...

[pam-ipmi]: Fix key & password file permission

Limit keyfile & password file permission to owner read & write
600, instead of reading by group & other users.
This change will update the file permiss

[pam-ipmi]: Fix key & password file permission

Limit keyfile & password file permission to owner read & write
600, instead of reading by group & other users.
This change will update the file permission to correct one,
whenever an update is requested

Tested: changed passwords to see that the permissions get updated.

Change-Id: I7bf6f01e0b92730cc5cfef5d1eb9b0add60e9d83
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

show more ...

[pam-ipmi]: fix default data file permissions

Use install-data-hook to set correct permissions on the data files. The
default data file is installed as 0644, and these two files need 0600.

Tested:

[pam-ipmi]: fix default data file permissions

Use install-data-hook to set correct permissions on the data files. The
default data file is installed as 0644, and these two files need 0600.

Tested: checked that the files get installed as 0600

Change-Id: Ie93104f5f6c8df6903c8b52b276af3f217f54263
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

show more ...

Removal of excess 16 bytes padding

Cipher block padding is applied twice(once manually, and
once through EVP_CipherFinal()) causing excess 16 bytes of
data. Manual padding is removed to fix the issu

Removal of excess 16 bytes padding

Cipher block padding is applied twice(once manually, and
once through EVP_CipherFinal()) causing excess 16 bytes of
data. Manual padding is removed to fix the issue.

Unit-Test:
1. Verified that files are padded correctly without
excess 16 bytes. Also, verified the password update and
RMCP+ login using ipmitool
ipmitool user set password <userid> <password>
ipmitool -I lanplus -H 127.0.0.1 -U <userid> -P <password>
raw 6 1
2. Also verified renaming of user name and login
after that

Resolves openbmc/openbmc#3463

Change-Id: Icc29c4747388ef377a00cb79be6096938a360f6b
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>

show more ...

Update the ipmi_pass to use default password

As default use 0penBmc password for user root.
This can be overridden as needed through bbappend

Unit test:
Verified after flashing that user root is ab

Update the ipmi_pass to use default password

As default use 0penBmc password for user root.
This can be overridden as needed through bbappend

Unit test:
Verified after flashing that user root is able to login
through RMPC+ using password 0penBmc

Change-Id: I99ca95c13e82e4745c48396da9769bc89eeb646e
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>

show more ...

Add empty ipmi_pass file to the root image

Empty ipmi_pass file is added to the root image. This way the
same can be overridden as needed.

Unit Test:
Verified by making sure /etc/ipmi_pass exists b

Add empty ipmi_pass file to the root image

Empty ipmi_pass file is added to the root image. This way the
same can be overridden as needed.

Unit Test:
Verified by making sure /etc/ipmi_pass exists by default.

Change-Id: Ifed643ec6d567d251a9178653db1558bbb8a647e
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>

show more ...

build: add requirement for libpam to configure_ac

Add requirement for libpam in the configure_ac script, such that the
build will when not present.

Tested: Verified LIBS variable holds -lpam.
Chang

build: add requirement for libpam to configure_ac

Add requirement for libpam in the configure_ac script, such that the
build will when not present.

Tested: Verified LIBS variable holds -lpam.
Change-Id: Idad73d89bd97c38fe739e16e5e23193e47945e50
Signed-off-by: Patrick Venture <venture@google.com>

show more ...

build: drop undefined LIBCRYPT from Makefile

The LIBCRYPT in the Makefile is not backed by the configure script and
is therefore empty. However, the symbols sought after in this library
are not req

build: drop undefined LIBCRYPT from Makefile

The LIBCRYPT in the Makefile is not backed by the configure script and
is therefore empty. However, the symbols sought after in this library
are not required by the symbol table.

Change-Id: I02d2df56f280bcb5c23d9695d363b2713606644c
Signed-off-by: Patrick Venture <venture@google.com>

show more ...