xref: /openbmc/ipmitool/lib/ipmi_user.c (revision 3412d861438ecdef75d62e3deeb6d48300315aca)
1 /*
2  * Copyright (c) 2003 Sun Microsystems, Inc.  All Rights Reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  *
8  * Redistribution of source code must retain the above copyright
9  * notice, this list of conditions and the following disclaimer.
10  *
11  * Redistribution in binary form must reproduce the above copyright
12  * notice, this list of conditions and the following disclaimer in the
13  * documentation and/or other materials provided with the distribution.
14  *
15  * Neither the name of Sun Microsystems, Inc. or the names of
16  * contributors may be used to endorse or promote products derived
17  * from this software without specific prior written permission.
18  *
19  * This software is provided "AS IS," without a warranty of any kind.
20  * ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES,
21  * INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A
22  * PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED.
23  * SUN MICROSYSTEMS, INC. ("SUN") AND ITS LICENSORS SHALL NOT BE LIABLE
24  * FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING
25  * OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES.  IN NO EVENT WILL
26  * SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA,
27  * OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR
28  * PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF
29  * LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
30  * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
31  */
32 
33 #include <stdlib.h>
34 #include <string.h>
35 #include <stdio.h>
36 #include <sys/types.h>
37 #include <sys/select.h>
38 #include <sys/time.h>
39 #include <signal.h>
40 #include <unistd.h>
41 
42 #include <ipmitool/helper.h>
43 #include <ipmitool/log.h>
44 #include <ipmitool/ipmi.h>
45 #include <ipmitool/ipmi_intf.h>
46 #include <ipmitool/ipmi_user.h>
47 #include <ipmitool/ipmi_constants.h>
48 #include <ipmitool/ipmi_strings.h>
49 #include <ipmitool/bswap.h>
50 
51 
52 extern int verbose;
53 extern int csv_output;
54 
55 
56 /* _ipmi_get_user_access - Get User Access for given channel. Results are stored
57  * into passed struct.
58  *
59  * @intf - IPMI interface
60  * @user_access_rsp - ptr to user_access_t with UID and Channel set
61  *
62  * returns - negative number means error, positive is a ccode
63  */
64 int
_ipmi_get_user_access(struct ipmi_intf * intf,struct user_access_t * user_access_rsp)65 _ipmi_get_user_access(struct ipmi_intf *intf,
66 		struct user_access_t *user_access_rsp)
67 {
68 	struct ipmi_rq req = {0};
69 	struct ipmi_rs *rsp;
70 	uint8_t data[2];
71 	if (user_access_rsp == NULL) {
72 		return (-3);
73 	}
74 	data[0] = user_access_rsp->channel & 0x0F;
75 	data[1] = user_access_rsp->user_id & 0x3F;
76 	req.msg.netfn = IPMI_NETFN_APP;
77 	req.msg.cmd = IPMI_GET_USER_ACCESS;
78 	req.msg.data = data;
79 	req.msg.data_len = 2;
80 	rsp = intf->sendrecv(intf, &req);
81 	if (rsp == NULL) {
82 		return (-1);
83 	} else if (rsp->ccode != 0) {
84 		return rsp->ccode;
85 	} else if (rsp->data_len != 4) {
86 		return (-2);
87 	}
88 	user_access_rsp->max_user_ids = rsp->data[0] & 0x3F;
89 	user_access_rsp->enable_status = rsp->data[1] & 0xC0;
90 	user_access_rsp->enabled_user_ids = rsp->data[1] & 0x3F;
91 	user_access_rsp->fixed_user_ids = rsp->data[2] & 0x3F;
92 	user_access_rsp->callin_callback = rsp->data[3] & 0x40;
93 	user_access_rsp->link_auth = rsp->data[3] & 0x20;
94 	user_access_rsp->ipmi_messaging = rsp->data[3] & 0x10;
95 	user_access_rsp->privilege_limit = rsp->data[3] & 0x0F;
96 	return rsp->ccode;
97 }
98 
99 /* _ipmi_get_user_name - Fetch User Name for given User ID. User Name is stored
100  * into passed structure.
101  *
102  * @intf - ipmi interface
103  * @user_name - user_name_t struct with UID set
104  *
105  * returns - negative number means error, positive is a ccode
106  */
107 int
_ipmi_get_user_name(struct ipmi_intf * intf,struct user_name_t * user_name_ptr)108 _ipmi_get_user_name(struct ipmi_intf *intf, struct user_name_t *user_name_ptr)
109 {
110 	struct ipmi_rq req = {0};
111 	struct ipmi_rs *rsp;
112 	uint8_t data[1];
113 	if (user_name_ptr == NULL) {
114 		return (-3);
115 	}
116 	data[0] = user_name_ptr->user_id & 0x3F;
117 	req.msg.netfn = IPMI_NETFN_APP;
118 	req.msg.cmd = IPMI_GET_USER_NAME;
119 	req.msg.data = data;
120 	req.msg.data_len = 1;
121 	rsp = intf->sendrecv(intf, &req);
122 	if (rsp == NULL) {
123 		return (-1);
124 	} else if (rsp->ccode > 0) {
125 		return rsp->ccode;
126 	} else if (rsp->data_len != 16) {
127 		return (-2);
128 	}
129 	memset(user_name_ptr->user_name, '\0', 17);
130 	memcpy(user_name_ptr->user_name, rsp->data, 16);
131 	return rsp->ccode;
132 }
133 
134 /* _ipmi_set_user_access - Set User Access for given channel.
135  *
136  * @intf - IPMI interface
137  * @user_access_req - ptr to user_access_t with desired User Access.
138  * @change_priv_limit_only - change User's privilege limit only
139  *
140  * returns - negative number means error, positive is a ccode
141  */
142 int
_ipmi_set_user_access(struct ipmi_intf * intf,struct user_access_t * user_access_req,uint8_t change_priv_limit_only)143 _ipmi_set_user_access(struct ipmi_intf *intf,
144 		struct user_access_t *user_access_req,
145 		uint8_t change_priv_limit_only)
146 {
147 	uint8_t data[4];
148 	struct ipmi_rq req = {0};
149 	struct ipmi_rs *rsp;
150 	if (user_access_req == NULL) {
151 		return (-3);
152 	}
153 	data[0] = change_priv_limit_only ? 0x00 : 0x80;
154 	if (user_access_req->callin_callback) {
155 		data[0] |= 0x40;
156 	}
157 	if (user_access_req->link_auth) {
158 		data[0] |= 0x20;
159 	}
160 	if (user_access_req->ipmi_messaging) {
161 		data[0] |= 0x10;
162 	}
163 	data[0] |= (user_access_req->channel & 0x0F);
164 	data[1] = user_access_req->user_id & 0x3F;
165 	data[2] = user_access_req->privilege_limit & 0x0F;
166 	data[3] = user_access_req->session_limit & 0x0F;
167 	req.msg.netfn = IPMI_NETFN_APP;
168 	req.msg.cmd = IPMI_SET_USER_ACCESS;
169 	req.msg.data = data;
170 	req.msg.data_len = 4;
171 	rsp = intf->sendrecv(intf, &req);
172 	if (rsp == NULL) {
173 		return (-1);
174 	} else {
175 		return rsp->ccode;
176 	}
177 }
178 
179 /* _ipmi_set_user_password - Set User Password command.
180  *
181  * @intf - IPMI interface
182  * @user_id - IPMI User ID
183  * @operation - which operation to perform(en/disable user, set/test password)
184  * @password - User Password
185  * @is_twenty_byte - 0 = store as 16byte, otherwise store as 20byte password
186  *
187  * returns - negative number means error, positive is a ccode
188  */
189 int
_ipmi_set_user_password(struct ipmi_intf * intf,uint8_t user_id,uint8_t operation,const char * password,uint8_t is_twenty_byte)190 _ipmi_set_user_password(struct ipmi_intf *intf, uint8_t user_id,
191 		uint8_t operation, const char *password,
192 		uint8_t is_twenty_byte)
193 {
194 	struct ipmi_rq req = {0};
195 	struct ipmi_rs *rsp;
196 	uint8_t *data;
197 	uint8_t data_len = (is_twenty_byte) ? 22 : 18;
198 	data = malloc(sizeof(uint8_t) * data_len);
199 	if (data == NULL) {
200 		return (-4);
201 	}
202 	memset(data, 0, data_len);
203 	data[0] = (is_twenty_byte) ? 0x80 : 0x00;
204 	data[0] |= (0x0F & user_id);
205 	data[1] = 0x03 & operation;
206 	if (password != NULL) {
207 		size_t copy_len = strlen(password);
208 		if (copy_len > (data_len - 2)) {
209 			copy_len = data_len - 2;
210 		} else if (copy_len < 1) {
211 			copy_len = 0;
212 		}
213 		strncpy((char *)(data + 2), password, copy_len);
214 	}
215 
216 	req.msg.netfn = IPMI_NETFN_APP;
217 	req.msg.cmd = IPMI_SET_USER_PASSWORD;
218 	req.msg.data = data;
219 	req.msg.data_len = data_len;
220 	rsp = intf->sendrecv(intf, &req);
221 	free(data);
222 	data = NULL;
223 	if (rsp == NULL) {
224 		return (-1);
225 	}
226 	return rsp->ccode;
227 }
228 
229 static void
dump_user_access(const char * user_name,struct user_access_t * user_access)230 dump_user_access(const char *user_name,
231 		struct user_access_t *user_access)
232 {
233 	static int printed_header = 0;
234 	if (!printed_header) {
235 		printf("ID  Name	     Callin  Link Auth	IPMI Msg   "
236 				"Channel Priv Limit\n");
237 		printed_header = 1;
238 	}
239 	printf("%-4d%-17s%-8s%-11s%-11s%-s\n",
240 			user_access->user_id,
241 			user_name,
242 			user_access->callin_callback? "false": "true ",
243 			user_access->link_auth? "true ": "false",
244 			user_access->ipmi_messaging? "true ": "false",
245 			val2str(user_access->privilege_limit,
246 				ipmi_privlvl_vals));
247 }
248 
249 
250 
251 static void
dump_user_access_csv(const char * user_name,struct user_access_t * user_access)252 dump_user_access_csv(const char *user_name,
253 		struct user_access_t *user_access)
254 {
255 	printf("%d,%s,%s,%s,%s,%s\n",
256 			user_access->user_id,
257 			user_name,
258 			user_access->callin_callback? "false": "true",
259 			user_access->link_auth? "true": "false",
260 			user_access->ipmi_messaging? "true": "false",
261 			val2str(user_access->privilege_limit,
262 				ipmi_privlvl_vals));
263 }
264 
265 /* ipmi_print_user_list - List IPMI Users and their ACLs for given channel.
266  *
267  * @intf - IPMI interface
268  * @channel_number - IPMI channel
269  *
270  * returns - 0 on success, (-1) on error
271  */
272 static int
ipmi_print_user_list(struct ipmi_intf * intf,uint8_t channel_number)273 ipmi_print_user_list(struct ipmi_intf *intf, uint8_t channel_number)
274 {
275 	struct user_access_t user_access = {0};
276 	struct user_name_t user_name = {0};
277 	int ccode = 0;
278 	uint8_t current_user_id = 1;
279 	do {
280 		memset(&user_access, 0, sizeof(user_access));
281 		user_access.user_id = current_user_id;
282 		user_access.channel = channel_number;
283 		ccode = _ipmi_get_user_access(intf, &user_access);
284 		if (eval_ccode(ccode) != 0) {
285 			return (-1);
286 		}
287 		memset(&user_name, 0, sizeof(user_name));
288 		user_name.user_id = current_user_id;
289 		ccode = _ipmi_get_user_name(intf, &user_name);
290 		if (eval_ccode(ccode) != 0) {
291 			return (-1);
292 		}
293 		if ((current_user_id == 0)
294 				|| user_access.link_auth
295 				|| user_access.ipmi_messaging
296 				|| strcmp("", (char *)user_name.user_name)) {
297 			if (csv_output) {
298 				dump_user_access_csv((char *)user_name.user_name,
299 						&user_access);
300 			} else {
301 				dump_user_access((char *)user_name.user_name,
302 						&user_access);
303 			}
304 		}
305 		++current_user_id;
306 	} while ((current_user_id <= user_access.max_user_ids)
307 			&& (current_user_id <= IPMI_UID_MAX));
308 	return 0;
309 }
310 
311 /* ipmi_print_user_summary - print User statistics for given channel
312  *
313  * @intf - IPMI interface
314  * @channel_number - channel number
315  *
316  * returns - 0 on success, (-1) on error
317  */
318 static int
ipmi_print_user_summary(struct ipmi_intf * intf,uint8_t channel_number)319 ipmi_print_user_summary(struct ipmi_intf *intf, uint8_t channel_number)
320 {
321 	struct user_access_t user_access = {0};
322 	int ccode = 0;
323 	user_access.channel = channel_number;
324 	user_access.user_id = 1;
325 	ccode = _ipmi_get_user_access(intf, &user_access);
326 	if (eval_ccode(ccode) != 0) {
327 		return (-1);
328 	}
329 	if (csv_output) {
330 		printf("%" PRIu8 ",%" PRIu8 ",%" PRIu8 "\n",
331 				user_access.max_user_ids,
332 				user_access.enabled_user_ids,
333 				user_access.fixed_user_ids);
334 	} else {
335 		printf("Maximum IDs	    : %" PRIu8 "\n",
336 				user_access.max_user_ids);
337 		printf("Enabled User Count  : %" PRIu8 "\n",
338 				user_access.enabled_user_ids);
339 		printf("Fixed Name Count    : %" PRIu8 "\n",
340 				user_access.fixed_user_ids);
341 	}
342 	return 0;
343 }
344 
345 /*
346  * ipmi_user_set_username
347  */
348 static int
ipmi_user_set_username(struct ipmi_intf * intf,uint8_t user_id,const char * name)349 ipmi_user_set_username(
350 		       struct ipmi_intf *intf,
351 		       uint8_t user_id,
352 		       const char *name)
353 {
354 	struct ipmi_rs	     * rsp;
355 	struct ipmi_rq	       req;
356 	uint8_t	       msg_data[17];
357 
358 	/*
359 	 * Ensure there is space for the name in the request message buffer
360 	 */
361 	if (strlen(name) >= sizeof(msg_data)) {
362 		return -1;
363 	}
364 
365 	memset(&req, 0, sizeof(req));
366 	req.msg.netfn    = IPMI_NETFN_APP;	     /* 0x06 */
367 	req.msg.cmd	     = IPMI_SET_USER_NAME;   /* 0x45 */
368 	req.msg.data     = msg_data;
369 	req.msg.data_len = sizeof(msg_data);
370 	memset(msg_data, 0, sizeof(msg_data));
371 
372 	/* The channel number will remain constant throughout this function */
373 	msg_data[0] = user_id;
374 	strncpy((char *)(msg_data + 1), name, strlen(name));
375 
376 	rsp = intf->sendrecv(intf, &req);
377 
378 	if (rsp == NULL) {
379 		lprintf(LOG_ERR, "Set User Name command failed (user %d, name %s)",
380 			user_id, name);
381 		return -1;
382 	}
383 	if (rsp->ccode > 0) {
384 		lprintf(LOG_ERR, "Set User Name command failed (user %d, name %s): %s",
385 			user_id, name, val2str(rsp->ccode, completion_code_vals));
386 		return -1;
387 	}
388 
389 	return 0;
390 }
391 
392 /* ipmi_user_test_password - Call _ipmi_set_user_password() with operation bit
393  * set to test password and interpret result.
394  */
395 static int
ipmi_user_test_password(struct ipmi_intf * intf,uint8_t user_id,const char * password,uint8_t is_twenty_byte_password)396 ipmi_user_test_password(struct ipmi_intf *intf, uint8_t user_id,
397 		const char *password, uint8_t is_twenty_byte_password)
398 {
399 	int ret = 0;
400 	ret = _ipmi_set_user_password(intf, user_id,
401 			IPMI_PASSWORD_TEST_PASSWORD, password,
402 			is_twenty_byte_password);
403 
404 	switch (ret) {
405 	case 0:
406 		printf("Success\n");
407 		break;
408 	case 0x80:
409 		printf("Failure: password incorrect\n");
410 		break;
411 	case 0x81:
412 		printf("Failure: wrong password size\n");
413 		break;
414 	default:
415 		printf("Unknown error\n");
416 	}
417 
418 	return ((ret == 0) ? 0 : -1);
419 }
420 
421 
422 /*
423  * print_user_usage
424  */
425 static void
print_user_usage(void)426 print_user_usage(void)
427 {
428 	lprintf(LOG_NOTICE,
429 "User Commands:");
430 	lprintf(LOG_NOTICE,
431 "               summary      [<channel number>]");
432 	lprintf(LOG_NOTICE,
433 "               list         [<channel number>]");
434 	lprintf(LOG_NOTICE,
435 "               set name     <user id> <username>");
436 	lprintf(LOG_NOTICE,
437 "               set password <user id> [<password> <16|20>]");
438 	lprintf(LOG_NOTICE,
439 "               disable      <user id>");
440 	lprintf(LOG_NOTICE,
441 "               enable       <user id>");
442 	lprintf(LOG_NOTICE,
443 "               priv         <user id> <privilege level> [<channel number>]");
444 	lprintf(LOG_NOTICE,
445 "                     Privilege levels:");
446 	lprintf(LOG_NOTICE,
447 "                      * 0x1 - Callback");
448 	lprintf(LOG_NOTICE,
449 "                      * 0x2 - User");
450 	lprintf(LOG_NOTICE,
451 "                      * 0x3 - Operator");
452 	lprintf(LOG_NOTICE,
453 "                      * 0x4 - Administrator");
454 	lprintf(LOG_NOTICE,
455 "                      * 0x5 - OEM Proprietary");
456 	lprintf(LOG_NOTICE,
457 "                      * 0xF - No Access");
458 	lprintf(LOG_NOTICE, "");
459 	lprintf(LOG_NOTICE,
460 "               test         <user id> <16|20> [<password]>");
461 	lprintf(LOG_NOTICE, "");
462 }
463 
464 
465 const char *
ipmi_user_build_password_prompt(uint8_t user_id)466 ipmi_user_build_password_prompt(uint8_t user_id)
467 {
468 	static char prompt[128];
469 	memset(prompt, 0, 128);
470 	snprintf(prompt, 128, "Password for user %d: ", user_id);
471 	return prompt;
472 }
473 
474 /* ask_password - ask user for password
475  *
476  * @user_id: User ID which will be built-in into text
477  *
478  * @returns pointer to char with password
479  */
480 char *
ask_password(uint8_t user_id)481 ask_password(uint8_t user_id)
482 {
483 	const char *password_prompt =
484 		ipmi_user_build_password_prompt(user_id);
485 # ifdef HAVE_GETPASSPHRASE
486 	return getpassphrase(password_prompt);
487 # else
488 	return (char*)getpass(password_prompt);
489 # endif
490 }
491 
492 int
ipmi_user_summary(struct ipmi_intf * intf,int argc,char ** argv)493 ipmi_user_summary(struct ipmi_intf *intf, int argc, char **argv)
494 {
495 	/* Summary*/
496 	uint8_t channel;
497 	if (argc == 1) {
498 		channel = 0x0E; /* Ask about the current channel */
499 	} else if (argc == 2) {
500 		if (is_ipmi_channel_num(argv[1], &channel) != 0) {
501 			return (-1);
502 		}
503 	} else {
504 		print_user_usage();
505 		return (-1);
506 	}
507 	return ipmi_print_user_summary(intf, channel);
508 }
509 
510 int
ipmi_user_list(struct ipmi_intf * intf,int argc,char ** argv)511 ipmi_user_list(struct ipmi_intf *intf, int argc, char **argv)
512 {
513 	/* List */
514 	uint8_t channel;
515 	if (argc == 1) {
516 		channel = 0x0E; /* Ask about the current channel */
517 	} else if (argc == 2) {
518 		if (is_ipmi_channel_num(argv[1], &channel) != 0) {
519 			return (-1);
520 		}
521 	} else {
522 		print_user_usage();
523 		return (-1);
524 	}
525 	return ipmi_print_user_list(intf, channel);
526 }
527 
528 int
ipmi_user_test(struct ipmi_intf * intf,int argc,char ** argv)529 ipmi_user_test(struct ipmi_intf *intf, int argc, char **argv)
530 {
531 	/* Test */
532 	char *password = NULL;
533 	int password_length = 0;
534 	uint8_t user_id = 0;
535 	/* a little irritating, isn't it */
536 	if (argc != 3 && argc != 4) {
537 		print_user_usage();
538 		return (-1);
539 	}
540 	if (is_ipmi_user_id(argv[1], &user_id)) {
541 		return (-1);
542 	}
543 	if (str2int(argv[2], &password_length) != 0
544 			|| (password_length != 16 && password_length != 20)) {
545 		lprintf(LOG_ERR,
546 				"Given password length '%s' is invalid.",
547 				argv[2]);
548 		lprintf(LOG_ERR, "Expected value is either 16 or 20.");
549 		return (-1);
550 	}
551 	if (argc == 3) {
552 		/* We need to prompt for a password */
553 		password = ask_password(user_id);
554 		if (password == NULL) {
555 			lprintf(LOG_ERR, "ipmitool: malloc failure");
556 			return (-1);
557 		}
558 	} else {
559 		password = argv[3];
560 	}
561 	return ipmi_user_test_password(intf,
562 					 user_id,
563 					 password,
564 					 password_length == 20);
565 }
566 
567 int
ipmi_user_priv(struct ipmi_intf * intf,int argc,char ** argv)568 ipmi_user_priv(struct ipmi_intf *intf, int argc, char **argv)
569 {
570 	struct user_access_t user_access = {0};
571 	int ccode = 0;
572 
573 	if (argc != 3 && argc != 4) {
574 		print_user_usage();
575 		return (-1);
576 	}
577 	if (argc == 4) {
578 		if (is_ipmi_channel_num(argv[3], &user_access.channel) != 0) {
579 			return (-1);
580 		}
581 	} else {
582 		/* Use channel running on */
583 		user_access.channel = 0x0E;
584 	}
585 	if (is_ipmi_user_priv_limit(argv[2], &user_access.privilege_limit) != 0
586 			|| is_ipmi_user_id(argv[1], &user_access.user_id) != 0) {
587 		return (-1);
588 	}
589 	ccode = _ipmi_set_user_access(intf, &user_access, 1);
590 	if (eval_ccode(ccode) != 0) {
591 		lprintf(LOG_ERR, "Set Privilege Level command failed (user %d)",
592 				user_access.user_id);
593 		return (-1);
594 	} else {
595 		printf("Set Privilege Level command successful (user %d)",
596 				user_access.user_id);
597 		return 0;
598 	}
599 }
600 
601 int
ipmi_user_mod(struct ipmi_intf * intf,int argc,char ** argv)602 ipmi_user_mod(struct ipmi_intf *intf, int argc, char **argv)
603 {
604 	/* Disable / Enable */
605 	uint8_t user_id;
606 	uint8_t operation;
607 
608 	if (argc != 2) {
609 		print_user_usage();
610 		return (-1);
611 	}
612 	if (is_ipmi_user_id(argv[1], &user_id)) {
613 		return (-1);
614 	}
615 	operation = (strncmp(argv[0], "disable", 7) == 0) ?
616 		IPMI_PASSWORD_DISABLE_USER : IPMI_PASSWORD_ENABLE_USER;
617 
618 	return _ipmi_set_user_password(intf, user_id, operation,
619 			(char *)NULL, 0);
620 }
621 
622 int
ipmi_user_password(struct ipmi_intf * intf,int argc,char ** argv)623 ipmi_user_password(struct ipmi_intf *intf, int argc, char **argv)
624 {
625 	char *password = NULL;
626 	int ccode = 0;
627 	uint8_t password_type = 16;
628 	uint8_t user_id = 0;
629 	if (is_ipmi_user_id(argv[2], &user_id)) {
630 		return (-1);
631 	}
632 
633 	if (argc == 3) {
634 		/* We need to prompt for a password */
635 		char *tmp;
636 		password = ask_password(user_id);
637 		if (password == NULL) {
638 			lprintf(LOG_ERR, "ipmitool: malloc failure");
639 			return (-1);
640 		}
641 		tmp = ask_password(user_id);
642 		if (tmp == NULL) {
643 			lprintf(LOG_ERR, "ipmitool: malloc failure");
644 			return (-1);
645 		}
646 		if (strlen(password) != strlen(tmp)
647 				|| strncmp(password, tmp, strlen(tmp))) {
648 			lprintf(LOG_ERR, "Passwords do not match.");
649 			return (-1);
650 		}
651 	} else {
652 		password = argv[3];
653 		if (argc > 4) {
654 			if ((str2uchar(argv[4], &password_type) != 0)
655 					|| (password_type != 16 && password_type != 20)) {
656 				lprintf(LOG_ERR, "Invalid password length '%s'", argv[4]);
657 				return (-1);
658 			}
659 		} else {
660 			password_type = 16;
661 		}
662 	}
663 
664 	if (password == NULL) {
665 		lprintf(LOG_ERR, "Unable to parse password argument.");
666 		return (-1);
667 	} else if (strlen(password) > 20) {
668 		lprintf(LOG_ERR, "Password is too long (> 20 bytes)");
669 		return (-1);
670 	}
671 
672 	ccode = _ipmi_set_user_password(intf, user_id,
673 			IPMI_PASSWORD_SET_PASSWORD, password,
674 			password_type > 16);
675 	if (eval_ccode(ccode) != 0) {
676 		lprintf(LOG_ERR, "Set User Password command failed (user %d)",
677 			user_id);
678 		return (-1);
679 	} else {
680 		printf("Set User Password command successful (user %d)\n",
681 				user_id);
682 		return 0;
683 	}
684 }
685 
686 int
ipmi_user_name(struct ipmi_intf * intf,int argc,char ** argv)687 ipmi_user_name(struct ipmi_intf *intf, int argc, char **argv)
688 {
689 	/* Set Name */
690 	uint8_t user_id = 0;
691 	if (argc != 4) {
692 		print_user_usage();
693 		return (-1);
694 	}
695 	if (is_ipmi_user_id(argv[2], &user_id)) {
696 		return (-1);
697 	}
698 	if (strlen(argv[3]) > 16) {
699 		lprintf(LOG_ERR, "Username is too long (> 16 bytes)");
700 		return (-1);
701 	}
702 
703 	return ipmi_user_set_username(intf, user_id, argv[3]);
704 }
705 
706 /*
707  * ipmi_user_main
708  *
709  * Upon entry to this function argv should contain our arguments
710  * specific to this subcommand
711  */
712 int
ipmi_user_main(struct ipmi_intf * intf,int argc,char ** argv)713 ipmi_user_main(struct ipmi_intf *intf, int argc, char **argv)
714 {
715 	if (argc == 0) {
716 		lprintf(LOG_ERR, "Not enough parameters given.");
717 		print_user_usage();
718 		return (-1);
719 	}
720 	if (strncmp(argv[0], "help", 4) == 0) {
721 		/* Help */
722 		print_user_usage();
723 		return 0;
724 	} else if (strncmp(argv[0], "summary", 7) == 0) {
725 		return ipmi_user_summary(intf, argc, argv);
726 	} else if (strncmp(argv[0], "list", 4) == 0) {
727 		return ipmi_user_list(intf, argc, argv);
728 	} else if (strncmp(argv[0], "test", 4) == 0) {
729 		return ipmi_user_test(intf, argc, argv);
730 	} else if (strncmp(argv[0], "set", 3) == 0) {
731 		/* Set */
732 		if ((argc >= 3)
733 				&& (strncmp("password", argv[1], 8) == 0)) {
734 			return ipmi_user_password(intf, argc, argv);
735 		} else if ((argc >= 2)
736 				&& (strncmp("name", argv[1], 4) == 0)) {
737 			return ipmi_user_name(intf, argc, argv);
738 		} else {
739 			print_user_usage();
740 			return (-1);
741 		}
742 	} else if (strncmp(argv[0], "priv", 4) == 0) {
743 		return ipmi_user_priv(intf, argc, argv);
744 	} else if ((strncmp(argv[0], "disable", 7) == 0)
745 			|| (strncmp(argv[0], "enable",  6) == 0)) {
746 		return ipmi_user_mod(intf, argc, argv);
747 	} else {
748 		lprintf(LOG_ERR, "Invalid user command: '%s'\n", argv[0]);
749 		print_user_usage();
750 		return (-1);
751 	}
752 }
753