#
1318a5ed |
| 16-Aug-2024 |
Patrick Williams <patrick@stwcx.xyz> |
clang-format: re-format for clang-18
clang-format-18 isn't compatible with the clang-format-17 output, so we need to reformat the code with the latest version. The way clang-18 handles lambda forma
clang-format: re-format for clang-18
clang-format-18 isn't compatible with the clang-format-17 output, so we need to reformat the code with the latest version. The way clang-18 handles lambda formatting also changed, so we have made changes to the organization default style format to better handle lambda formatting.
See I5e08687e696dd240402a2780158664b7113def0e for updated style. See Iea0776aaa7edd483fa395e23de25ebf5a6288f71 for clang-18 enablement.
Change-Id: I01547e98d27910919e09ebf7907c86292a6c825d Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
show more ...
|
#
82844ef6 |
| 17-Jul-2024 |
George Liu <liuxiwei@ieisystem.com> |
user_channel: switch to lg2
Signed-off-by: George Liu <liuxiwei@ieisystem.com> Change-Id: I80149836f196f01eb09cc874f74eec0d787b5ac5
|
#
3771f5f2 |
| 02-Nov-2023 |
PavanKumarIntel <pavanx.kumar.martha@intel.com> |
Fix the bugs found in static analysis
This commit fixes the following static analyzer reported issues:
Operands don't affect result some conditions are not required to check as its always true
Fix the bugs found in static analysis
This commit fixes the following static analyzer reported issues:
Operands don't affect result some conditions are not required to check as its always true Unsigned compared against 0 Unchecked return value from library Uninitialized scalar variable
Change-Id: I0b1fd426794bb88f6eafcc817cef5dd2f655e1ba Signed-off-by: PavanKumarIntel <pavanx.kumar.martha@intel.com>
show more ...
|
#
fbc6c9d7 |
| 10-May-2023 |
Patrick Williams <patrick@stwcx.xyz> |
clang-format: copy latest and re-format
clang-format-16 has some backwards incompatible changes that require additional settings for best compatibility and re-running the formatter. Copy the latest
clang-format: copy latest and re-format
clang-format-16 has some backwards incompatible changes that require additional settings for best compatibility and re-running the formatter. Copy the latest .clang-format from the docs repository and reformat the repository.
Change-Id: I44441096113929ce96eb1439e2932e6ff3c87f27 Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
show more ...
|
#
65a9168c |
| 30-Nov-2022 |
Tim Lee <timlee660101@gmail.com> |
Revert "user_mgmt: Fix SEGV on 64bit"
This reverts commit 05703adfe2bf70945d2befa8a7beda4ce5e5182a.
Due to we found that root cause about SEGV on 64bit and after modify in pam-ipmit then SEGV on 64
Revert "user_mgmt: Fix SEGV on 64bit"
This reverts commit 05703adfe2bf70945d2befa8a7beda4ce5e5182a.
Due to we found that root cause about SEGV on 64bit and after modify in pam-ipmit then SEGV on 64bit will not happen anymore.
Thus, we submitted this commit in gerrit in pam-ipmi as below: https://gerrit.openbmc.org/c/openbmc/pam-ipmi/+/58579
Root cause: There is default ipmi_pass file be created and encrypted in 32bit environment from pam-ipmi original design before. According the failed message, we found that PAM_AUTHTOK_ERR return from update_pass_special_file() function that cause ipmid got bad authentication token. Seems this file cannot be used in 64bit environment by default that will cause ipmitool user set password got failed.
Solution: According current pam-ipmi design that already consider if this file does not exist then BMC will create it once a user in the ipmi group has been added. There should not be any file there by default. Thus, there is no need for this file. Without install this file by default then ipmitool command successful.
Thus, this default ipmi_pass file that will cause SEGV in host-ipmid on 64 bit project. After remove this default file, SEGV crash issue in host-ipmid symptom was gone.
BTW, there is another issue we found that “ipmitool user set password 1 0penBmc0” command failed. Due to pam-ipmi still use size_t structure, but host-ipmid already change to use uint32_t structure for MetaPassStruct.
Thus, we need to revert your commit and remove ipmi_pass file in pam-ipmi for fixing two issues.
Verified: root@evb-npcm845:~# ipmitool user set password 1 0penBmc0 Set User Password command successful (user 1)
Signed-off-by: Tim Lee <timlee660101@gmail.com> Change-Id: I03ba57a9006694a09b75c16d897377b1b57051e5
show more ...
|
#
05703adf |
| 05-Aug-2022 |
Anton Blanchard <anton@ozlabs.org> |
user_mgmt: Fix SEGV on 64bit
The password management code takes a file off disk and interprets it as a C struct. This is neither endian safe, 32/64 bit safe nor safe against C struct alignment rules
user_mgmt: Fix SEGV on 64bit
The password management code takes a file off disk and interprets it as a C struct. This is neither endian safe, 32/64 bit safe nor safe against C struct alignment rules.
Fix the SEGV on 64bit by switching from size_t to uint32_t.
Signed-off-by: Anton Blanchard <anton@ozlabs.org> Change-Id: Ibabd947284441ec141a9d2d3800f1ae95a0a7906
show more ...
|
#
1e22a0f1 |
| 30-Jul-2021 |
Vernon Mauery <vernon.mauery@linux.intel.com> |
Use SecureString where there is data to be cleansed SecureString has quite a few places it should be used in the user management code. Tested: ran set password, test password, a
Use SecureString where there is data to be cleansed SecureString has quite a few places it should be used in the user management code. Tested: ran set password, test password, and other commands Change-Id: Ia53bc914d25f7965c3e72d5cf18346e0fa9339b9 Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
show more ...
|
#
a67caed7 |
| 25-Aug-2021 |
P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com> |
NULL check before pointer dereference The function EVP_CIPHER_CTX_set_padding() is called with ctx.get() before checking ctx for NULL. The NULL check is performed after the function.
NULL check before pointer dereference The function EVP_CIPHER_CTX_set_padding() is called with ctx.get() before checking ctx for NULL. The NULL check is performed after the function. This commit moves the NULL check before Function call. Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com> Change-Id: If8f3b78d2e33c216adac9da54bdc22079435aad4
show more ...
|
#
bf30c8d3 |
| 19-Jul-2021 |
P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com> |
Fix Kloxwork Issue : NULL check after new A unique pointer of EVP_CIPHER_CTX is created using EVP_CIPHER_CTX_new() which could return NULL. This Commit adds a NULL check to avoid NUL
Fix Kloxwork Issue : NULL check after new A unique pointer of EVP_CIPHER_CTX is created using EVP_CIPHER_CTX_new() which could return NULL. This Commit adds a NULL check to avoid NULL pointer dereferencing and returns memory error. Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com> Change-Id: Icbc599210034feb6f7b3c35542bcfff205987628
show more ...
|
#
2f0ad74d |
| 14-May-2021 |
Andrew Geissler <geissonator@yahoo.com> |
shadowlock: disable until proper unit tests are run This code as-is is not doing anything other then declaring a function. The solution is to utilize {} to tell the compiler it's an obje
shadowlock: disable until proper unit tests are run This code as-is is not doing anything other then declaring a function. The solution is to utilize {} to tell the compiler it's an object instantiation. Given that this code has been a noop up until this point, it's best to just comment it out until someone can come in enable and test it properly. The latest yocto update which brings in a newer compiler is erroring out on this so we need something quick to be able to make progress there. openbmc/phosphor-host-ipmid#170 is tracking this issue. Signed-off-by: Andrew Geissler <geissonator@yahoo.com> Change-Id: Idd4acd8e8541195f1b6e73c854866281832f1878
show more ...
|
#
70bd0635 |
| 23-Oct-2020 |
Jayaprakash Mutyala <mutyalax.jayaprakash@intel.com> |
Clear security sensitive data As password is sensitive data Clear after use. Tested: Verified using ipmitool commands Command: ipmitool user set password 5 asdf1234 //Set us
Clear security sensitive data As password is sensitive data Clear after use. Tested: Verified using ipmitool commands Command: ipmitool user set password 5 asdf1234 //Set user password Response: Set User Password command successful (user 5) Command: ipmitool raw 6 0x47 5 2 0x30 0x70 0x65 0x6e 0x42 0x6d 0x63 0x31 0 0 0 0 0 0 0 0 //set user password - set password Response: //Success Command: ipmitool raw 6 0x47 5 3 0x30 0x70 0x65 0x6e 0x42 0x6d 0x63 0x31 0 0 0 0 0 0 0 0 //set user password - test password Response: //Success Signed-off-by: Jayaprakash Mutyala <mutyalax.jayaprakash@intel.com> Change-Id: I06196233ac5468534bd10fd34f99f7d35fd7b971
show more ...
|
#
6ba8d315 |
| 10-Apr-2020 |
Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> |
[Fix]: Restrict password file permissions to 600 pam-ipmi is already updated restrict file permission of /etc/key_file & /etc/ipmi_pass to 600 during creation. But this won't affect when
[Fix]: Restrict password file permissions to 600 pam-ipmi is already updated restrict file permission of /etc/key_file & /etc/ipmi_pass to 600 during creation. But this won't affect when firmware is updated with nv section preserved or without user credentials getting changed. This commit will check the file permission on every boot and update both the files to 600. Tested: 1. Verified that RMCP+ connection still works after this change 2. Manually set file permission to 777 and restrating ipmid or BMC will fix the same. Change-Id: Icfe8af5af918792412fb42e8114fcf859848e1a8 Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
show more ...
|
#
b265455a |
| 03-Apr-2020 |
Vernon Mauery <vernon.mauery@linux.intel.com> |
Use more restrictive permissions on /etc/ipmi-pass This forces the permissions on /etc/ipmi-pass to be 0600 or RW only by owner. This is to prevent non-owners from reading the file, even
Use more restrictive permissions on /etc/ipmi-pass This forces the permissions on /etc/ipmi-pass to be 0600 or RW only by owner. This is to prevent non-owners from reading the file, even though it is obfuscated to make it harder for ipmi passwords to leak. Tested: change ipmi passwords and see that the /etc/ipmi-pass file has 0600 permissions. Change-Id: I4be0b8a65f98ced031493f7767879eb054e1ee84 Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
show more ...
|
#
51d0c40a |
| 19-Aug-2019 |
Patrick Venture <venture@google.com> |
user_channel: passwd_mgr: minor cleanup from cppcheck [user_channel/passwd_mgr.cpp:220]: (style) The scope of the variable 'userEPos' can be reduced. [user_channel/passwd_mgr.cpp:358
user_channel: passwd_mgr: minor cleanup from cppcheck [user_channel/passwd_mgr.cpp:220]: (style) The scope of the variable 'userEPos' can be reduced. [user_channel/passwd_mgr.cpp:358]: (style) The scope of the variable 'userEPos' can be reduced. [user_channel/passwd_mgr.cpp:444]: (style) Variable 'fd' is assigned a value that is never used. Tested: Not tested. Signed-off-by: Patrick Venture <venture@google.com> Change-Id: If02125c422ab1e9c15c6420dbf8da6a52fb68541
show more ...
|
#
161f20d5 |
| 28-Jan-2019 |
Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> |
Removal of excess 16 bytes padding Cipher block padding is applied twice(once manually, and once through EVP_CipherFinal()) causing excess 16 bytes of data. Manual padding is removed
Removal of excess 16 bytes padding Cipher block padding is applied twice(once manually, and once through EVP_CipherFinal()) causing excess 16 bytes of data. Manual padding is removed to fix the issue. Unit-Test: 1. Verified that files are padded correctly without excess 16 bytes. Also, verified the password update and RMCP+ login using ipmitool ipmitool user set password <userid> <password> ipmitool -I lanplus -H 127.0.0.1 -U <userid> -P <password> raw 6 1 2. Also verified renaming of user name and login after that Resolves openbmc/openbmc#3463 Change-Id: Idec14b100bf7558137ff14601eb590b50cdbd7bf Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
show more ...
|
#
48e55585 |
| 20-Dec-2018 |
Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> |
Change struct names to UpperCamelCase Change struct names to UpperCamelCase to align with OpenBMC coding guidelines Change-Id: Ib71768be45e57556a26b14b64adec98db3bc7762 Sign
Change struct names to UpperCamelCase Change struct names to UpperCamelCase to align with OpenBMC coding guidelines Change-Id: Ib71768be45e57556a26b14b64adec98db3bc7762 Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
show more ...
|
#
42bed64d |
| 21-Sep-2018 |
Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> |
IPMI password entry cleanup Whenever user is removed from the system, password map in IPMI database has to be cleaned up. Similarly password entry must be updated when user rename ha
IPMI password entry cleanup Whenever user is removed from the system, password map in IPMI database has to be cleaned up. Similarly password entry must be updated when user rename happens. This commit add's API changes for the same Change-Id: I304c721b31fc7fbad019c85d8ca2ecc60ca398d8 Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
show more ...
|
#
b29b5ab3 |
| 16-May-2018 |
AppaRao Puli <apparao.puli@intel.com> |
Handling delete password entry from ipmi-pass API to Handle the delete password entry from ipmi-pass encrypted file when user gets deleted by any interface Change-Id: I692a8
Handling delete password entry from ipmi-pass API to Handle the delete password entry from ipmi-pass encrypted file when user gets deleted by any interface Change-Id: I692a81b166b53d6fc981fdb85ce5d6980887560b Signed-off-by: AppaRao Puli <apparao.puli@intel.com> Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
show more ...
|
#
4654d99f |
| 18-Apr-2018 |
Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> |
Add first user layer support. Exposes user layer library which will be used by both apphandler and netipmid for RAKP. Password is decrypted from the special file which is used by pam
Add first user layer support. Exposes user layer library which will be used by both apphandler and netipmid for RAKP. Password is decrypted from the special file which is used by pam-ipmi. Change-Id: Ia6b99d4359a03843f19cd0e18f7269ad2e3cdb44 Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
show more ...
|