1c18ec02fSPetter Reinholdtsen /* -*-mode: C; indent-tabs-mode: t; -*-
2c18ec02fSPetter Reinholdtsen * Copyright (c) 2003 Sun Microsystems, Inc. All Rights Reserved.
3c18ec02fSPetter Reinholdtsen *
4c18ec02fSPetter Reinholdtsen * Redistribution and use in source and binary forms, with or without
5c18ec02fSPetter Reinholdtsen * modification, are permitted provided that the following conditions
6c18ec02fSPetter Reinholdtsen * are met:
7c18ec02fSPetter Reinholdtsen *
8c18ec02fSPetter Reinholdtsen * Redistribution of source code must retain the above copyright
9c18ec02fSPetter Reinholdtsen * notice, this list of conditions and the following disclaimer.
10c18ec02fSPetter Reinholdtsen *
11c18ec02fSPetter Reinholdtsen * Redistribution in binary form must reproduce the above copyright
12c18ec02fSPetter Reinholdtsen * notice, this list of conditions and the following disclaimer in the
13c18ec02fSPetter Reinholdtsen * documentation and/or other materials provided with the distribution.
14c18ec02fSPetter Reinholdtsen *
15c18ec02fSPetter Reinholdtsen * Neither the name of Sun Microsystems, Inc. or the names of
16c18ec02fSPetter Reinholdtsen * contributors may be used to endorse or promote products derived
17c18ec02fSPetter Reinholdtsen * from this software without specific prior written permission.
18c18ec02fSPetter Reinholdtsen *
19c18ec02fSPetter Reinholdtsen * This software is provided "AS IS," without a warranty of any kind.
20c18ec02fSPetter Reinholdtsen * ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES,
21c18ec02fSPetter Reinholdtsen * INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A
22c18ec02fSPetter Reinholdtsen * PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED.
23c18ec02fSPetter Reinholdtsen * SUN MICROSYSTEMS, INC. ("SUN") AND ITS LICENSORS SHALL NOT BE LIABLE
24c18ec02fSPetter Reinholdtsen * FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING
25c18ec02fSPetter Reinholdtsen * OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL
26c18ec02fSPetter Reinholdtsen * SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA,
27c18ec02fSPetter Reinholdtsen * OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR
28c18ec02fSPetter Reinholdtsen * PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF
29c18ec02fSPetter Reinholdtsen * LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
30c18ec02fSPetter Reinholdtsen * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
31c18ec02fSPetter Reinholdtsen */
32c18ec02fSPetter Reinholdtsen
33c18ec02fSPetter Reinholdtsen #include <stdlib.h>
34c18ec02fSPetter Reinholdtsen #include <stdio.h>
35c18ec02fSPetter Reinholdtsen #include <string.h>
36c18ec02fSPetter Reinholdtsen #include <strings.h>
37c18ec02fSPetter Reinholdtsen #include <sys/types.h>
38c18ec02fSPetter Reinholdtsen #include <sys/socket.h>
39c18ec02fSPetter Reinholdtsen #include <netinet/in.h>
40c18ec02fSPetter Reinholdtsen #include <arpa/inet.h>
41c18ec02fSPetter Reinholdtsen #include <errno.h>
42c18ec02fSPetter Reinholdtsen #include <unistd.h>
43c18ec02fSPetter Reinholdtsen #include <signal.h>
44c18ec02fSPetter Reinholdtsen
45c18ec02fSPetter Reinholdtsen #include <ipmitool/ipmi.h>
46c18ec02fSPetter Reinholdtsen #include <ipmitool/ipmi_intf.h>
47c18ec02fSPetter Reinholdtsen #include <ipmitool/helper.h>
48c18ec02fSPetter Reinholdtsen #include <ipmitool/log.h>
49c18ec02fSPetter Reinholdtsen #include <ipmitool/ipmi_lanp.h>
50c18ec02fSPetter Reinholdtsen #include <ipmitool/ipmi_channel.h>
51c18ec02fSPetter Reinholdtsen #include <ipmitool/ipmi_strings.h>
52c18ec02fSPetter Reinholdtsen #include <ipmitool/ipmi_constants.h>
53e4be291cSZdenek Styblik #include <ipmitool/ipmi_user.h>
54c18ec02fSPetter Reinholdtsen
55c18ec02fSPetter Reinholdtsen extern int csv_output;
56c18ec02fSPetter Reinholdtsen extern int verbose;
57c18ec02fSPetter Reinholdtsen
58c18ec02fSPetter Reinholdtsen void printf_channel_usage(void);
59c18ec02fSPetter Reinholdtsen
60238d3c4eSZdenek Styblik /* _ipmi_get_channel_access - Get Channel Access for given channel. Results are
61238d3c4eSZdenek Styblik * stored into passed struct.
62238d3c4eSZdenek Styblik *
63238d3c4eSZdenek Styblik * @intf - IPMI interface
64238d3c4eSZdenek Styblik * @channel_access - ptr to channel_access_t with Channel set.
65238d3c4eSZdenek Styblik * @get_volatile_settings - get volatile if != 0, else non-volatile settings.
66238d3c4eSZdenek Styblik *
67238d3c4eSZdenek Styblik * returns - negative number means error, positive is a ccode.
68238d3c4eSZdenek Styblik */
69238d3c4eSZdenek Styblik int
_ipmi_get_channel_access(struct ipmi_intf * intf,struct channel_access_t * channel_access,uint8_t get_volatile_settings)70238d3c4eSZdenek Styblik _ipmi_get_channel_access(struct ipmi_intf *intf,
71238d3c4eSZdenek Styblik struct channel_access_t *channel_access,
72238d3c4eSZdenek Styblik uint8_t get_volatile_settings)
73238d3c4eSZdenek Styblik {
74238d3c4eSZdenek Styblik struct ipmi_rs *rsp;
75238d3c4eSZdenek Styblik struct ipmi_rq req = {0};
76238d3c4eSZdenek Styblik uint8_t data[2];
77238d3c4eSZdenek Styblik
78238d3c4eSZdenek Styblik if (channel_access == NULL) {
79238d3c4eSZdenek Styblik return (-3);
80238d3c4eSZdenek Styblik }
81238d3c4eSZdenek Styblik data[0] = channel_access->channel & 0x0F;
82238d3c4eSZdenek Styblik /* volatile - 0x80; non-volatile - 0x40 */
83238d3c4eSZdenek Styblik data[1] = get_volatile_settings ? 0x80 : 0x40;
84238d3c4eSZdenek Styblik req.msg.netfn = IPMI_NETFN_APP;
85238d3c4eSZdenek Styblik req.msg.cmd = IPMI_GET_CHANNEL_ACCESS;
86238d3c4eSZdenek Styblik req.msg.data = data;
87238d3c4eSZdenek Styblik req.msg.data_len = 2;
88238d3c4eSZdenek Styblik
89238d3c4eSZdenek Styblik rsp = intf->sendrecv(intf, &req);
90238d3c4eSZdenek Styblik if (rsp == NULL) {
91238d3c4eSZdenek Styblik return (-1);
92238d3c4eSZdenek Styblik } else if (rsp->ccode != 0) {
93238d3c4eSZdenek Styblik return rsp->ccode;
94238d3c4eSZdenek Styblik } else if (rsp->data_len != 2) {
95238d3c4eSZdenek Styblik return (-2);
96238d3c4eSZdenek Styblik }
97238d3c4eSZdenek Styblik channel_access->alerting = rsp->data[0] & 0x20;
98238d3c4eSZdenek Styblik channel_access->per_message_auth = rsp->data[0] & 0x10;
99238d3c4eSZdenek Styblik channel_access->user_level_auth = rsp->data[0] & 0x08;
100238d3c4eSZdenek Styblik channel_access->access_mode = rsp->data[0] & 0x07;
101238d3c4eSZdenek Styblik channel_access->privilege_limit = rsp->data[1] & 0x0F;
102238d3c4eSZdenek Styblik return 0;
103238d3c4eSZdenek Styblik }
104238d3c4eSZdenek Styblik
105238d3c4eSZdenek Styblik /* _ipmi_get_channel_info - Get Channel Info for given channel. Results are
106238d3c4eSZdenek Styblik * stored into passed struct.
107238d3c4eSZdenek Styblik *
108238d3c4eSZdenek Styblik * @intf - IPMI interface
109238d3c4eSZdenek Styblik * @channel_info - ptr to channel_info_t with Channel set.
110238d3c4eSZdenek Styblik *
111238d3c4eSZdenek Styblik * returns - negative number means error, positive is a ccode.
112238d3c4eSZdenek Styblik */
113238d3c4eSZdenek Styblik int
_ipmi_get_channel_info(struct ipmi_intf * intf,struct channel_info_t * channel_info)114238d3c4eSZdenek Styblik _ipmi_get_channel_info(struct ipmi_intf *intf,
115238d3c4eSZdenek Styblik struct channel_info_t *channel_info)
116238d3c4eSZdenek Styblik {
117238d3c4eSZdenek Styblik struct ipmi_rs *rsp;
118238d3c4eSZdenek Styblik struct ipmi_rq req = {0};
119238d3c4eSZdenek Styblik uint8_t data[1];
120238d3c4eSZdenek Styblik
121238d3c4eSZdenek Styblik if (channel_info == NULL) {
122238d3c4eSZdenek Styblik return (-3);
123238d3c4eSZdenek Styblik }
124238d3c4eSZdenek Styblik data[0] = channel_info->channel & 0x0F;
125238d3c4eSZdenek Styblik req.msg.netfn = IPMI_NETFN_APP;
126238d3c4eSZdenek Styblik req.msg.cmd = IPMI_GET_CHANNEL_INFO;
127238d3c4eSZdenek Styblik req.msg.data = data;
128238d3c4eSZdenek Styblik req.msg.data_len = 1;
129238d3c4eSZdenek Styblik
130238d3c4eSZdenek Styblik rsp = intf->sendrecv(intf, &req);
131238d3c4eSZdenek Styblik if (rsp == NULL) {
132238d3c4eSZdenek Styblik return (-1);
133238d3c4eSZdenek Styblik } else if (rsp->ccode != 0) {
134238d3c4eSZdenek Styblik return rsp->ccode;
135238d3c4eSZdenek Styblik } else if (rsp->data_len != 9) {
136238d3c4eSZdenek Styblik return (-2);
137238d3c4eSZdenek Styblik }
138238d3c4eSZdenek Styblik channel_info->channel = rsp->data[0] & 0x0F;
139238d3c4eSZdenek Styblik channel_info->medium = rsp->data[1] & 0x7F;
140238d3c4eSZdenek Styblik channel_info->protocol = rsp->data[2] & 0x1F;
141238d3c4eSZdenek Styblik channel_info->session_support = rsp->data[3] & 0xC0;
142238d3c4eSZdenek Styblik channel_info->active_sessions = rsp->data[3] & 0x3F;
143238d3c4eSZdenek Styblik memcpy(channel_info->vendor_id, &rsp->data[4],
144238d3c4eSZdenek Styblik sizeof(channel_info->vendor_id));
145238d3c4eSZdenek Styblik memcpy(channel_info->aux_info, &rsp->data[7],
146238d3c4eSZdenek Styblik sizeof(channel_info->aux_info));
147238d3c4eSZdenek Styblik return 0;
148238d3c4eSZdenek Styblik }
149238d3c4eSZdenek Styblik
150026a8b6fSZdenek Styblik /* _ipmi_set_channel_access - Set Channel Access values for given channel.
151026a8b6fSZdenek Styblik *
152026a8b6fSZdenek Styblik * @intf - IPMI interface
153026a8b6fSZdenek Styblik * @channel_access - channel_access_t with desired values and channel set.
154026a8b6fSZdenek Styblik * @access_option:
155026a8b6fSZdenek Styblik * - 0 = don't set/change Channel Access
156026a8b6fSZdenek Styblik * - 1 = set non-volatile settings of Channel Access
157026a8b6fSZdenek Styblik * - 2 = set volatile settings of Channel Access
158026a8b6fSZdenek Styblik * @privilege_option:
159026a8b6fSZdenek Styblik * - 0 = don't set/change Privilege Level Limit
160026a8b6fSZdenek Styblik * - 1 = set non-volatile settings of Privilege Limit
161026a8b6fSZdenek Styblik * - 2 = set volatile settings of Privilege Limit
162026a8b6fSZdenek Styblik *
163026a8b6fSZdenek Styblik * returns - negative number means error, positive is a ccode. See IPMI
164026a8b6fSZdenek Styblik * specification for further information on ccodes for Set Channel Access.
165026a8b6fSZdenek Styblik * 0x82 - set not supported on selected channel, eg. session-less channel.
166026a8b6fSZdenek Styblik * 0x83 - access mode not supported
167026a8b6fSZdenek Styblik */
168026a8b6fSZdenek Styblik int
_ipmi_set_channel_access(struct ipmi_intf * intf,struct channel_access_t channel_access,uint8_t access_option,uint8_t privilege_option)169026a8b6fSZdenek Styblik _ipmi_set_channel_access(struct ipmi_intf *intf,
170026a8b6fSZdenek Styblik struct channel_access_t channel_access,
171026a8b6fSZdenek Styblik uint8_t access_option,
172026a8b6fSZdenek Styblik uint8_t privilege_option)
173026a8b6fSZdenek Styblik {
174026a8b6fSZdenek Styblik struct ipmi_rs *rsp;
175026a8b6fSZdenek Styblik struct ipmi_rq req;
176026a8b6fSZdenek Styblik uint8_t data[3];
177026a8b6fSZdenek Styblik /* Only values from <0..2> are accepted as valid. */
178026a8b6fSZdenek Styblik if (access_option > 2 || privilege_option > 2) {
179026a8b6fSZdenek Styblik return (-3);
180026a8b6fSZdenek Styblik }
181026a8b6fSZdenek Styblik
182*5a30d18aSZdenek Styblik memset(&data, 0, sizeof(data));
183026a8b6fSZdenek Styblik data[0] = channel_access.channel & 0x0F;
184026a8b6fSZdenek Styblik data[1] = (access_option << 6);
185026a8b6fSZdenek Styblik if (channel_access.alerting) {
186026a8b6fSZdenek Styblik data[1] |= 0x20;
187026a8b6fSZdenek Styblik }
188026a8b6fSZdenek Styblik if (channel_access.per_message_auth) {
189026a8b6fSZdenek Styblik data[1] |= 0x10;
190026a8b6fSZdenek Styblik }
191026a8b6fSZdenek Styblik if (channel_access.user_level_auth) {
192026a8b6fSZdenek Styblik data[1] |= 0x08;
193026a8b6fSZdenek Styblik }
194026a8b6fSZdenek Styblik data[1] |= (channel_access.access_mode & 0x07);
195026a8b6fSZdenek Styblik data[2] = (privilege_option << 6);
196026a8b6fSZdenek Styblik data[2] |= (channel_access.privilege_limit & 0x0F);
197026a8b6fSZdenek Styblik
198026a8b6fSZdenek Styblik memset(&req, 0, sizeof(req));
199026a8b6fSZdenek Styblik req.msg.netfn = IPMI_NETFN_APP;
200026a8b6fSZdenek Styblik req.msg.cmd = IPMI_SET_CHANNEL_ACCESS;
201026a8b6fSZdenek Styblik req.msg.data = data;
202026a8b6fSZdenek Styblik req.msg.data_len = 3;
203026a8b6fSZdenek Styblik
204026a8b6fSZdenek Styblik rsp = intf->sendrecv(intf, &req);
205026a8b6fSZdenek Styblik if (rsp == NULL) {
206026a8b6fSZdenek Styblik return (-1);
207026a8b6fSZdenek Styblik }
208026a8b6fSZdenek Styblik return rsp->ccode;
209026a8b6fSZdenek Styblik }
210026a8b6fSZdenek Styblik
2116febd101SZdenek Styblik static const char *
iana_string(uint32_t iana)2126febd101SZdenek Styblik iana_string(uint32_t iana)
2136febd101SZdenek Styblik {
2146febd101SZdenek Styblik static char s[10];
2156febd101SZdenek Styblik
2166febd101SZdenek Styblik if (iana) {
2176febd101SZdenek Styblik sprintf(s, "%06x", iana);
2186febd101SZdenek Styblik return s;
2196febd101SZdenek Styblik } else {
2206febd101SZdenek Styblik return "N/A";
2216febd101SZdenek Styblik }
2226febd101SZdenek Styblik }
2236febd101SZdenek Styblik
224c18ec02fSPetter Reinholdtsen /**
225c18ec02fSPetter Reinholdtsen * ipmi_1_5_authtypes
226c18ec02fSPetter Reinholdtsen *
227c18ec02fSPetter Reinholdtsen * Create a string describing the supported authentication types as
228c18ec02fSPetter Reinholdtsen * specificed by the parameter n
229c18ec02fSPetter Reinholdtsen */
230c18ec02fSPetter Reinholdtsen static const char *
ipmi_1_5_authtypes(uint8_t n)231c18ec02fSPetter Reinholdtsen ipmi_1_5_authtypes(uint8_t n)
232c18ec02fSPetter Reinholdtsen {
233c18ec02fSPetter Reinholdtsen uint32_t i;
234c18ec02fSPetter Reinholdtsen static char supportedTypes[128];
235c18ec02fSPetter Reinholdtsen
2360a1f5c03SZdenek Styblik memset(supportedTypes, 0, sizeof(supportedTypes));
237c18ec02fSPetter Reinholdtsen for (i = 0; ipmi_authtype_vals[i].val != 0; i++) {
238c18ec02fSPetter Reinholdtsen if (n & ipmi_authtype_vals[i].val) {
239c18ec02fSPetter Reinholdtsen strcat(supportedTypes, ipmi_authtype_vals[i].str);
240c18ec02fSPetter Reinholdtsen strcat(supportedTypes, " ");
241c18ec02fSPetter Reinholdtsen }
242c18ec02fSPetter Reinholdtsen }
243c18ec02fSPetter Reinholdtsen
244c18ec02fSPetter Reinholdtsen return supportedTypes;
245c18ec02fSPetter Reinholdtsen }
246c18ec02fSPetter Reinholdtsen
2476febd101SZdenek Styblik uint8_t
ipmi_current_channel_medium(struct ipmi_intf * intf)2486febd101SZdenek Styblik ipmi_current_channel_medium(struct ipmi_intf *intf)
2496febd101SZdenek Styblik {
2506febd101SZdenek Styblik return ipmi_get_channel_medium(intf, 0xE);
2516febd101SZdenek Styblik }
252c18ec02fSPetter Reinholdtsen
253c18ec02fSPetter Reinholdtsen /**
254c18ec02fSPetter Reinholdtsen * ipmi_get_channel_auth_cap
255c18ec02fSPetter Reinholdtsen *
256c18ec02fSPetter Reinholdtsen * return 0 on success
257c18ec02fSPetter Reinholdtsen * -1 on failure
258c18ec02fSPetter Reinholdtsen */
259c18ec02fSPetter Reinholdtsen int
ipmi_get_channel_auth_cap(struct ipmi_intf * intf,uint8_t channel,uint8_t priv)260a87b2cccSZdenek Styblik ipmi_get_channel_auth_cap(struct ipmi_intf *intf, uint8_t channel, uint8_t priv)
261c18ec02fSPetter Reinholdtsen {
262c18ec02fSPetter Reinholdtsen struct ipmi_rs *rsp;
263c18ec02fSPetter Reinholdtsen struct ipmi_rq req;
264c18ec02fSPetter Reinholdtsen struct get_channel_auth_cap_rsp auth_cap;
265c18ec02fSPetter Reinholdtsen uint8_t msg_data[2];
266c18ec02fSPetter Reinholdtsen
267a87b2cccSZdenek Styblik /* Ask for IPMI v2 data as well */
268a87b2cccSZdenek Styblik msg_data[0] = channel | 0x80;
269c18ec02fSPetter Reinholdtsen msg_data[1] = priv;
270c18ec02fSPetter Reinholdtsen
271c18ec02fSPetter Reinholdtsen memset(&req, 0, sizeof(req));
272a87b2cccSZdenek Styblik req.msg.netfn = IPMI_NETFN_APP;
273a87b2cccSZdenek Styblik req.msg.cmd = IPMI_GET_CHANNEL_AUTH_CAP;
274c18ec02fSPetter Reinholdtsen req.msg.data = msg_data;
275c18ec02fSPetter Reinholdtsen req.msg.data_len = 2;
276c18ec02fSPetter Reinholdtsen
277c18ec02fSPetter Reinholdtsen rsp = intf->sendrecv(intf, &req);
278c18ec02fSPetter Reinholdtsen
279c18ec02fSPetter Reinholdtsen if ((rsp == NULL) || (rsp->ccode > 0)) {
280c18ec02fSPetter Reinholdtsen /*
281c18ec02fSPetter Reinholdtsen * It's very possible that this failed because we asked for IPMI v2 data
282c18ec02fSPetter Reinholdtsen * Ask again, without requesting IPMI v2 data
283c18ec02fSPetter Reinholdtsen */
284c18ec02fSPetter Reinholdtsen msg_data[0] &= 0x7F;
285c18ec02fSPetter Reinholdtsen
286c18ec02fSPetter Reinholdtsen rsp = intf->sendrecv(intf, &req);
287c18ec02fSPetter Reinholdtsen if (rsp == NULL) {
288c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Unable to Get Channel Authentication Capabilities");
289a87b2cccSZdenek Styblik return (-1);
290c18ec02fSPetter Reinholdtsen }
291c18ec02fSPetter Reinholdtsen if (rsp->ccode > 0) {
292c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Get Channel Authentication Capabilities failed: %s",
293c18ec02fSPetter Reinholdtsen val2str(rsp->ccode, completion_code_vals));
294a87b2cccSZdenek Styblik return (-1);
295c18ec02fSPetter Reinholdtsen }
296c18ec02fSPetter Reinholdtsen }
297c18ec02fSPetter Reinholdtsen
298c18ec02fSPetter Reinholdtsen memcpy(&auth_cap, rsp->data, sizeof(struct get_channel_auth_cap_rsp));
299c18ec02fSPetter Reinholdtsen
300c18ec02fSPetter Reinholdtsen printf("Channel number : %d\n",
301c18ec02fSPetter Reinholdtsen auth_cap.channel_number);
302c18ec02fSPetter Reinholdtsen printf("IPMI v1.5 auth types : %s\n",
303c18ec02fSPetter Reinholdtsen ipmi_1_5_authtypes(auth_cap.enabled_auth_types));
304c18ec02fSPetter Reinholdtsen
305a87b2cccSZdenek Styblik if (auth_cap.v20_data_available) {
306c18ec02fSPetter Reinholdtsen printf("KG status : %s\n",
307c18ec02fSPetter Reinholdtsen (auth_cap.kg_status) ? "non-zero" : "default (all zeroes)");
308a87b2cccSZdenek Styblik }
309c18ec02fSPetter Reinholdtsen
310c18ec02fSPetter Reinholdtsen printf("Per message authentication : %sabled\n",
311c18ec02fSPetter Reinholdtsen (auth_cap.per_message_auth) ? "dis" : "en");
312c18ec02fSPetter Reinholdtsen printf("User level authentication : %sabled\n",
313c18ec02fSPetter Reinholdtsen (auth_cap.user_level_auth) ? "dis" : "en");
314c18ec02fSPetter Reinholdtsen
315c18ec02fSPetter Reinholdtsen printf("Non-null user names exist : %s\n",
316c18ec02fSPetter Reinholdtsen (auth_cap.non_null_usernames) ? "yes" : "no");
317c18ec02fSPetter Reinholdtsen printf("Null user names exist : %s\n",
318c18ec02fSPetter Reinholdtsen (auth_cap.null_usernames) ? "yes" : "no");
319c18ec02fSPetter Reinholdtsen printf("Anonymous login enabled : %s\n",
320c18ec02fSPetter Reinholdtsen (auth_cap.anon_login_enabled) ? "yes" : "no");
321c18ec02fSPetter Reinholdtsen
322c18ec02fSPetter Reinholdtsen if (auth_cap.v20_data_available) {
323c18ec02fSPetter Reinholdtsen printf("Channel supports IPMI v1.5 : %s\n",
324c18ec02fSPetter Reinholdtsen (auth_cap.ipmiv15_support) ? "yes" : "no");
325c18ec02fSPetter Reinholdtsen printf("Channel supports IPMI v2.0 : %s\n",
326c18ec02fSPetter Reinholdtsen (auth_cap.ipmiv20_support) ? "yes" : "no");
327c18ec02fSPetter Reinholdtsen }
328c18ec02fSPetter Reinholdtsen
329c18ec02fSPetter Reinholdtsen /*
330c18ec02fSPetter Reinholdtsen * If there is support for an OEM authentication type, there is some
331c18ec02fSPetter Reinholdtsen * information.
332c18ec02fSPetter Reinholdtsen */
333c18ec02fSPetter Reinholdtsen if (auth_cap.enabled_auth_types & IPMI_1_5_AUTH_TYPE_BIT_OEM) {
334c18ec02fSPetter Reinholdtsen printf("IANA Number for OEM : %d\n",
335c18ec02fSPetter Reinholdtsen auth_cap.oem_id[0] |
336c18ec02fSPetter Reinholdtsen auth_cap.oem_id[1] << 8 |
337c18ec02fSPetter Reinholdtsen auth_cap.oem_id[2] << 16);
338c18ec02fSPetter Reinholdtsen printf("OEM Auxiliary Data : 0x%x\n",
339c18ec02fSPetter Reinholdtsen auth_cap.oem_aux_data);
340c18ec02fSPetter Reinholdtsen }
341c18ec02fSPetter Reinholdtsen
342c18ec02fSPetter Reinholdtsen return 0;
343c18ec02fSPetter Reinholdtsen }
344c18ec02fSPetter Reinholdtsen
345c18ec02fSPetter Reinholdtsen static int
ipmi_get_channel_cipher_suites(struct ipmi_intf * intf,const char * payload_type,uint8_t channel)346a87b2cccSZdenek Styblik ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type,
347c18ec02fSPetter Reinholdtsen uint8_t channel)
348c18ec02fSPetter Reinholdtsen {
349c18ec02fSPetter Reinholdtsen struct ipmi_rs *rsp;
350c18ec02fSPetter Reinholdtsen struct ipmi_rq req;
351c18ec02fSPetter Reinholdtsen
352c18ec02fSPetter Reinholdtsen uint8_t rqdata[3];
353c18ec02fSPetter Reinholdtsen uint32_t iana;
354c18ec02fSPetter Reinholdtsen uint8_t auth_alg, integrity_alg, crypt_alg;
355c18ec02fSPetter Reinholdtsen uint8_t cipher_suite_id;
356c18ec02fSPetter Reinholdtsen uint8_t list_index = 0;
357a87b2cccSZdenek Styblik /* 0x40 sets * 16 bytes per set */
358a87b2cccSZdenek Styblik uint8_t cipher_suite_data[1024];
359c18ec02fSPetter Reinholdtsen uint16_t offset = 0;
360a87b2cccSZdenek Styblik /* how much was returned, total */
361a87b2cccSZdenek Styblik uint16_t cipher_suite_data_length = 0;
362c18ec02fSPetter Reinholdtsen
363c18ec02fSPetter Reinholdtsen memset(cipher_suite_data, 0, sizeof(cipher_suite_data));
364c18ec02fSPetter Reinholdtsen
365c18ec02fSPetter Reinholdtsen memset(&req, 0, sizeof(req));
366a87b2cccSZdenek Styblik req.msg.netfn = IPMI_NETFN_APP;
367a87b2cccSZdenek Styblik req.msg.cmd = IPMI_GET_CHANNEL_CIPHER_SUITES;
368c18ec02fSPetter Reinholdtsen req.msg.data = rqdata;
369c18ec02fSPetter Reinholdtsen req.msg.data_len = 3;
370c18ec02fSPetter Reinholdtsen
371c18ec02fSPetter Reinholdtsen rqdata[0] = channel;
372c18ec02fSPetter Reinholdtsen rqdata[1] = ((strncmp(payload_type, "ipmi", 4) == 0)? 0: 1);
373a87b2cccSZdenek Styblik /* Always ask for cipher suite format */
374a87b2cccSZdenek Styblik rqdata[2] = 0x80;
375c18ec02fSPetter Reinholdtsen
376c18ec02fSPetter Reinholdtsen rsp = intf->sendrecv(intf, &req);
377c18ec02fSPetter Reinholdtsen if (rsp == NULL) {
378c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites");
379c18ec02fSPetter Reinholdtsen return -1;
380c18ec02fSPetter Reinholdtsen }
381c18ec02fSPetter Reinholdtsen if (rsp->ccode > 0) {
382c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
383c18ec02fSPetter Reinholdtsen val2str(rsp->ccode, completion_code_vals));
384c18ec02fSPetter Reinholdtsen return -1;
385c18ec02fSPetter Reinholdtsen }
386c18ec02fSPetter Reinholdtsen
387c18ec02fSPetter Reinholdtsen
388a87b2cccSZdenek Styblik /*
389a87b2cccSZdenek Styblik * Grab the returned channel number once. We assume it's the same
390a87b2cccSZdenek Styblik * in future calls.
391a87b2cccSZdenek Styblik */
392a87b2cccSZdenek Styblik if (rsp->data_len >= 1) {
393c18ec02fSPetter Reinholdtsen channel = rsp->data[0];
394a87b2cccSZdenek Styblik }
395c18ec02fSPetter Reinholdtsen
396a87b2cccSZdenek Styblik while ((rsp->data_len > 1) && (rsp->data_len == 17) && (list_index < 0x3F)) {
397a87b2cccSZdenek Styblik /*
398a87b2cccSZdenek Styblik * We got back cipher suite data -- store it.
399a87b2cccSZdenek Styblik * printf("copying data to offset %d\n", offset);
400a87b2cccSZdenek Styblik * printbuf(rsp->data + 1, rsp->data_len - 1, "this is the data");
401a87b2cccSZdenek Styblik */
402c18ec02fSPetter Reinholdtsen memcpy(cipher_suite_data + offset, rsp->data + 1, rsp->data_len - 1);
403c18ec02fSPetter Reinholdtsen offset += rsp->data_len - 1;
404c18ec02fSPetter Reinholdtsen
405a87b2cccSZdenek Styblik /*
406a87b2cccSZdenek Styblik * Increment our list for the next call
407a87b2cccSZdenek Styblik */
408c18ec02fSPetter Reinholdtsen ++list_index;
409c18ec02fSPetter Reinholdtsen rqdata[2] = (rqdata[2] & 0x80) + list_index;
410c18ec02fSPetter Reinholdtsen
411c18ec02fSPetter Reinholdtsen rsp = intf->sendrecv(intf, &req);
412c18ec02fSPetter Reinholdtsen if (rsp == NULL) {
413c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites");
414c18ec02fSPetter Reinholdtsen return -1;
415c18ec02fSPetter Reinholdtsen }
416c18ec02fSPetter Reinholdtsen if (rsp->ccode > 0) {
417c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
418c18ec02fSPetter Reinholdtsen val2str(rsp->ccode, completion_code_vals));
419c18ec02fSPetter Reinholdtsen return -1;
420c18ec02fSPetter Reinholdtsen }
421c18ec02fSPetter Reinholdtsen }
422c18ec02fSPetter Reinholdtsen
423c18ec02fSPetter Reinholdtsen /* Copy last chunk */
424a87b2cccSZdenek Styblik if(rsp->data_len > 1) {
425a87b2cccSZdenek Styblik /*
426a87b2cccSZdenek Styblik * We got back cipher suite data -- store it.
427a87b2cccSZdenek Styblik * printf("copying data to offset %d\n", offset);
428a87b2cccSZdenek Styblik * printbuf(rsp->data + 1, rsp->data_len - 1, "this is the data");
429a87b2cccSZdenek Styblik */
430c18ec02fSPetter Reinholdtsen memcpy(cipher_suite_data + offset, rsp->data + 1, rsp->data_len - 1);
431c18ec02fSPetter Reinholdtsen offset += rsp->data_len - 1;
432c18ec02fSPetter Reinholdtsen }
433c18ec02fSPetter Reinholdtsen
434a87b2cccSZdenek Styblik /* We can chomp on all our data now. */
435c18ec02fSPetter Reinholdtsen cipher_suite_data_length = offset;
436c18ec02fSPetter Reinholdtsen offset = 0;
437c18ec02fSPetter Reinholdtsen
438a87b2cccSZdenek Styblik if (! csv_output) {
439c18ec02fSPetter Reinholdtsen printf("ID IANA Auth Alg Integrity Alg Confidentiality Alg\n");
440a87b2cccSZdenek Styblik }
441a87b2cccSZdenek Styblik while (offset < cipher_suite_data_length) {
442a87b2cccSZdenek Styblik if (cipher_suite_data[offset++] == 0xC0) {
443a87b2cccSZdenek Styblik /* standard type */
444c18ec02fSPetter Reinholdtsen iana = 0;
445c18ec02fSPetter Reinholdtsen
446a87b2cccSZdenek Styblik /* Verify that we have at least a full record left; id + 3 algs */
447a87b2cccSZdenek Styblik if ((cipher_suite_data_length - offset) < 4) {
448a87b2cccSZdenek Styblik lprintf(LOG_ERR, "Incomplete data record in cipher suite data");
449a87b2cccSZdenek Styblik return -1;
450a87b2cccSZdenek Styblik }
451a87b2cccSZdenek Styblik cipher_suite_id = cipher_suite_data[offset++];
452a87b2cccSZdenek Styblik } else if (cipher_suite_data[offset++] == 0xC1) {
453a87b2cccSZdenek Styblik /* OEM record type */
454a87b2cccSZdenek Styblik /* Verify that we have at least a full record left
455a87b2cccSZdenek Styblik * id + iana + 3 algs
456a87b2cccSZdenek Styblik */
457a87b2cccSZdenek Styblik if ((cipher_suite_data_length - offset) < 4) {
458c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Incomplete data record in cipher suite data");
459c18ec02fSPetter Reinholdtsen return -1;
460c18ec02fSPetter Reinholdtsen }
461c18ec02fSPetter Reinholdtsen
462c18ec02fSPetter Reinholdtsen cipher_suite_id = cipher_suite_data[offset++];
463c18ec02fSPetter Reinholdtsen
464a87b2cccSZdenek Styblik /* Grab the IANA */
465c18ec02fSPetter Reinholdtsen iana =
466c18ec02fSPetter Reinholdtsen cipher_suite_data[offset] |
467c18ec02fSPetter Reinholdtsen (cipher_suite_data[offset + 1] << 8) |
468c18ec02fSPetter Reinholdtsen (cipher_suite_data[offset + 2] << 16);
469c18ec02fSPetter Reinholdtsen offset += 3;
470a87b2cccSZdenek Styblik } else {
471c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Bad start of record byte in cipher suite data");
472c18ec02fSPetter Reinholdtsen return -1;
473c18ec02fSPetter Reinholdtsen }
474c18ec02fSPetter Reinholdtsen
475a87b2cccSZdenek Styblik /*
476a87b2cccSZdenek Styblik * Grab the algorithms for this cipher suite. I guess we can't be
477a87b2cccSZdenek Styblik * sure of what order they'll come in. Also, I suppose we default
478a87b2cccSZdenek Styblik * to the NONE algorithm if one were absent. This part of the spec is
479a87b2cccSZdenek Styblik * poorly written -- I have read the errata document. For now, I'm only
480a87b2cccSZdenek Styblik * allowing one algorithm per type (auth, integrity, crypt) because I
481a87b2cccSZdenek Styblik * don't I understand how it could be otherwise.
482a87b2cccSZdenek Styblik */
483c18ec02fSPetter Reinholdtsen auth_alg = IPMI_AUTH_RAKP_NONE;
484c18ec02fSPetter Reinholdtsen integrity_alg = IPMI_INTEGRITY_NONE;
485c18ec02fSPetter Reinholdtsen crypt_alg = IPMI_CRYPT_NONE;
486c18ec02fSPetter Reinholdtsen
487c18ec02fSPetter Reinholdtsen while (((cipher_suite_data[offset] & 0xC0) != 0xC0) &&
488c18ec02fSPetter Reinholdtsen ((cipher_suite_data_length - offset) > 0))
489c18ec02fSPetter Reinholdtsen {
490c18ec02fSPetter Reinholdtsen switch (cipher_suite_data[offset] & 0xC0)
491c18ec02fSPetter Reinholdtsen {
492c18ec02fSPetter Reinholdtsen case 0x00:
493a87b2cccSZdenek Styblik /* Authentication algorithm specifier */
494c18ec02fSPetter Reinholdtsen auth_alg = cipher_suite_data[offset++] & 0x3F;
495c18ec02fSPetter Reinholdtsen break;
496c18ec02fSPetter Reinholdtsen case 0x40:
497a87b2cccSZdenek Styblik /* Interity algorithm specifier */
498c18ec02fSPetter Reinholdtsen integrity_alg = cipher_suite_data[offset++] & 0x3F;
499c18ec02fSPetter Reinholdtsen break;
500c18ec02fSPetter Reinholdtsen case 0x80:
501a87b2cccSZdenek Styblik /* Confidentiality algorithm specifier */
502c18ec02fSPetter Reinholdtsen crypt_alg = cipher_suite_data[offset++] & 0x3F;
503c18ec02fSPetter Reinholdtsen break;
504c18ec02fSPetter Reinholdtsen }
505c18ec02fSPetter Reinholdtsen }
506a87b2cccSZdenek Styblik /* We have everything we need to spit out a cipher suite record */
507c18ec02fSPetter Reinholdtsen printf((csv_output? "%d,%s,%s,%s,%s\n" :
508c18ec02fSPetter Reinholdtsen "%-4d %-7s %-15s %-15s %-15s\n"),
509c18ec02fSPetter Reinholdtsen cipher_suite_id,
510c18ec02fSPetter Reinholdtsen iana_string(iana),
511c18ec02fSPetter Reinholdtsen val2str(auth_alg, ipmi_auth_algorithms),
512c18ec02fSPetter Reinholdtsen val2str(integrity_alg, ipmi_integrity_algorithms),
513c18ec02fSPetter Reinholdtsen val2str(crypt_alg, ipmi_encryption_algorithms));
514c18ec02fSPetter Reinholdtsen }
515c18ec02fSPetter Reinholdtsen return 0;
516c18ec02fSPetter Reinholdtsen }
517c18ec02fSPetter Reinholdtsen
5186febd101SZdenek Styblik /**
5196febd101SZdenek Styblik * ipmi_get_channel_info
5206febd101SZdenek Styblik *
5216febd101SZdenek Styblik * returns 0 on success
5226febd101SZdenek Styblik * -1 on failure
5236febd101SZdenek Styblik *
5246febd101SZdenek Styblik */
5256febd101SZdenek Styblik int
ipmi_get_channel_info(struct ipmi_intf * intf,uint8_t channel)5266febd101SZdenek Styblik ipmi_get_channel_info(struct ipmi_intf *intf, uint8_t channel)
5276febd101SZdenek Styblik {
5286febd101SZdenek Styblik struct channel_info_t channel_info = {0};
5296febd101SZdenek Styblik struct channel_access_t channel_access = {0};
5306febd101SZdenek Styblik int ccode = 0;
5316febd101SZdenek Styblik
5326febd101SZdenek Styblik channel_info.channel = channel;
5336febd101SZdenek Styblik ccode = _ipmi_get_channel_info(intf, &channel_info);
5346febd101SZdenek Styblik if (eval_ccode(ccode) != 0) {
5356febd101SZdenek Styblik lprintf(LOG_ERR, "Unable to Get Channel Info");
5366febd101SZdenek Styblik return (-1);
5376febd101SZdenek Styblik }
5386febd101SZdenek Styblik
5396febd101SZdenek Styblik printf("Channel 0x%x info:\n", channel_info.channel);
5406febd101SZdenek Styblik printf(" Channel Medium Type : %s\n",
5416febd101SZdenek Styblik val2str(channel_info.medium,
5426febd101SZdenek Styblik ipmi_channel_medium_vals));
5436febd101SZdenek Styblik printf(" Channel Protocol Type : %s\n",
5446febd101SZdenek Styblik val2str(channel_info.protocol,
5456febd101SZdenek Styblik ipmi_channel_protocol_vals));
5466febd101SZdenek Styblik printf(" Session Support : ");
5476febd101SZdenek Styblik switch (channel_info.session_support) {
5486febd101SZdenek Styblik case IPMI_CHANNEL_SESSION_LESS:
5496febd101SZdenek Styblik printf("session-less\n");
5506febd101SZdenek Styblik break;
5516febd101SZdenek Styblik case IPMI_CHANNEL_SESSION_SINGLE:
5526febd101SZdenek Styblik printf("single-session\n");
5536febd101SZdenek Styblik break;
5546febd101SZdenek Styblik case IPMI_CHANNEL_SESSION_MULTI:
5556febd101SZdenek Styblik printf("multi-session\n");
5566febd101SZdenek Styblik break;
5576febd101SZdenek Styblik case IPMI_CHANNEL_SESSION_BASED:
5586febd101SZdenek Styblik printf("session-based\n");
5596febd101SZdenek Styblik break;
5606febd101SZdenek Styblik default:
5616febd101SZdenek Styblik printf("unknown\n");
5626febd101SZdenek Styblik break;
5636febd101SZdenek Styblik }
5646febd101SZdenek Styblik printf(" Active Session Count : %d\n",
5656febd101SZdenek Styblik channel_info.active_sessions);
5666febd101SZdenek Styblik printf(" Protocol Vendor ID : %d\n",
5676febd101SZdenek Styblik channel_info.vendor_id[0] |
5686febd101SZdenek Styblik channel_info.vendor_id[1] << 8 |
5696febd101SZdenek Styblik channel_info.vendor_id[2] << 16);
5706febd101SZdenek Styblik
5716febd101SZdenek Styblik /* only proceed if this is LAN channel */
5726febd101SZdenek Styblik if (channel_info.medium != IPMI_CHANNEL_MEDIUM_LAN
5736febd101SZdenek Styblik && channel_info.medium != IPMI_CHANNEL_MEDIUM_LAN_OTHER) {
5746febd101SZdenek Styblik return 0;
5756febd101SZdenek Styblik }
5766febd101SZdenek Styblik
5776febd101SZdenek Styblik channel_access.channel = channel_info.channel;
5786febd101SZdenek Styblik ccode = _ipmi_get_channel_access(intf, &channel_access, 1);
5796febd101SZdenek Styblik if (eval_ccode(ccode) != 0) {
5806febd101SZdenek Styblik lprintf(LOG_ERR, "Unable to Get Channel Access (volatile)");
5816febd101SZdenek Styblik return (-1);
5826febd101SZdenek Styblik }
5836febd101SZdenek Styblik
5846febd101SZdenek Styblik printf(" Volatile(active) Settings\n");
5856febd101SZdenek Styblik printf(" Alerting : %sabled\n",
5866febd101SZdenek Styblik (channel_access.alerting) ? "dis" : "en");
5876febd101SZdenek Styblik printf(" Per-message Auth : %sabled\n",
5886febd101SZdenek Styblik (channel_access.per_message_auth) ? "dis" : "en");
5896febd101SZdenek Styblik printf(" User Level Auth : %sabled\n",
5906febd101SZdenek Styblik (channel_access.user_level_auth) ? "dis" : "en");
5916febd101SZdenek Styblik printf(" Access Mode : ");
5926febd101SZdenek Styblik switch (channel_access.access_mode) {
5936febd101SZdenek Styblik case 0:
5946febd101SZdenek Styblik printf("disabled\n");
5956febd101SZdenek Styblik break;
5966febd101SZdenek Styblik case 1:
5976febd101SZdenek Styblik printf("pre-boot only\n");
5986febd101SZdenek Styblik break;
5996febd101SZdenek Styblik case 2:
6006febd101SZdenek Styblik printf("always available\n");
6016febd101SZdenek Styblik break;
6026febd101SZdenek Styblik case 3:
6036febd101SZdenek Styblik printf("shared\n");
6046febd101SZdenek Styblik break;
6056febd101SZdenek Styblik default:
6066febd101SZdenek Styblik printf("unknown\n");
6076febd101SZdenek Styblik break;
6086febd101SZdenek Styblik }
6096febd101SZdenek Styblik
6106febd101SZdenek Styblik memset(&channel_access, 0, sizeof(channel_access));
6116febd101SZdenek Styblik channel_access.channel = channel_info.channel;
6126febd101SZdenek Styblik /* get non-volatile settings */
6136febd101SZdenek Styblik ccode = _ipmi_get_channel_access(intf, &channel_access, 0);
6146febd101SZdenek Styblik if (eval_ccode(ccode) != 0) {
6156febd101SZdenek Styblik lprintf(LOG_ERR, "Unable to Get Channel Access (non-volatile)");
6166febd101SZdenek Styblik return (-1);
6176febd101SZdenek Styblik }
6186febd101SZdenek Styblik
6196febd101SZdenek Styblik printf(" Non-Volatile Settings\n");
6206febd101SZdenek Styblik printf(" Alerting : %sabled\n",
6216febd101SZdenek Styblik (channel_access.alerting) ? "dis" : "en");
6226febd101SZdenek Styblik printf(" Per-message Auth : %sabled\n",
6236febd101SZdenek Styblik (channel_access.per_message_auth) ? "dis" : "en");
6246febd101SZdenek Styblik printf(" User Level Auth : %sabled\n",
6256febd101SZdenek Styblik (channel_access.user_level_auth) ? "dis" : "en");
6266febd101SZdenek Styblik printf(" Access Mode : ");
6276febd101SZdenek Styblik switch (channel_access.access_mode) {
6286febd101SZdenek Styblik case 0:
6296febd101SZdenek Styblik printf("disabled\n");
6306febd101SZdenek Styblik break;
6316febd101SZdenek Styblik case 1:
6326febd101SZdenek Styblik printf("pre-boot only\n");
6336febd101SZdenek Styblik break;
6346febd101SZdenek Styblik case 2:
6356febd101SZdenek Styblik printf("always available\n");
6366febd101SZdenek Styblik break;
6376febd101SZdenek Styblik case 3:
6386febd101SZdenek Styblik printf("shared\n");
6396febd101SZdenek Styblik break;
6406febd101SZdenek Styblik default:
6416febd101SZdenek Styblik printf("unknown\n");
6426febd101SZdenek Styblik break;
6436febd101SZdenek Styblik }
6446febd101SZdenek Styblik return 0;
6456febd101SZdenek Styblik }
6466febd101SZdenek Styblik
6476febd101SZdenek Styblik /* ipmi_get_channel_medium - Return Medium of given IPMI Channel.
6486febd101SZdenek Styblik *
6496febd101SZdenek Styblik * @channel - IPMI Channel
6506febd101SZdenek Styblik *
6516febd101SZdenek Styblik * returns - IPMI Channel Medium, IPMI_CHANNEL_MEDIUM_RESERVED if ccode > 0,
6526febd101SZdenek Styblik * 0 on error.
6536febd101SZdenek Styblik */
654c18ec02fSPetter Reinholdtsen uint8_t
ipmi_get_channel_medium(struct ipmi_intf * intf,uint8_t channel)655c18ec02fSPetter Reinholdtsen ipmi_get_channel_medium(struct ipmi_intf *intf, uint8_t channel)
656c18ec02fSPetter Reinholdtsen {
6570801b458SZdenek Styblik struct channel_info_t channel_info = {0};
6580801b458SZdenek Styblik int ccode = 0;
659c18ec02fSPetter Reinholdtsen
6600801b458SZdenek Styblik channel_info.channel = channel;
6610801b458SZdenek Styblik ccode = _ipmi_get_channel_info(intf, &channel_info);
6626b8d55d6SZdenek Styblik if (ccode == 0xCC) {
6630801b458SZdenek Styblik return IPMI_CHANNEL_MEDIUM_RESERVED;
6646b8d55d6SZdenek Styblik } else if (ccode < 0 && eval_ccode(ccode) != 0) {
6656b8d55d6SZdenek Styblik return 0;
6666b8d55d6SZdenek Styblik } else if (ccode > 0) {
6670801b458SZdenek Styblik lprintf(LOG_ERR, "Get Channel Info command failed: %s",
6680801b458SZdenek Styblik val2str(ccode, completion_code_vals));
669c18ec02fSPetter Reinholdtsen return IPMI_CHANNEL_MEDIUM_RESERVED;
670a87b2cccSZdenek Styblik }
671c18ec02fSPetter Reinholdtsen lprintf(LOG_DEBUG, "Channel type: %s",
6720801b458SZdenek Styblik val2str(channel_info.medium, ipmi_channel_medium_vals));
6730801b458SZdenek Styblik return channel_info.medium;
674c18ec02fSPetter Reinholdtsen }
675c18ec02fSPetter Reinholdtsen
6766febd101SZdenek Styblik /* ipmi_get_user_access - Get User Access for given Channel and User or Users.
6776febd101SZdenek Styblik *
6786febd101SZdenek Styblik * @intf - IPMI interface
6796febd101SZdenek Styblik * @channel - IPMI Channel we're getting access for
6806febd101SZdenek Styblik * @user_id - User ID. If 0 is passed, all IPMI users will be listed
6816febd101SZdenek Styblik *
6826febd101SZdenek Styblik * returns - 0 on success, (-1) on error
6836febd101SZdenek Styblik */
6846febd101SZdenek Styblik static int
ipmi_get_user_access(struct ipmi_intf * intf,uint8_t channel,uint8_t user_id)6856febd101SZdenek Styblik ipmi_get_user_access(struct ipmi_intf *intf, uint8_t channel, uint8_t user_id)
686c18ec02fSPetter Reinholdtsen {
6876febd101SZdenek Styblik struct user_access_t user_access;
6886febd101SZdenek Styblik struct user_name_t user_name;
6896febd101SZdenek Styblik int ccode = 0;
6906febd101SZdenek Styblik int curr_uid;
6916febd101SZdenek Styblik int init = 1;
6926febd101SZdenek Styblik int max_uid = 0;
6936febd101SZdenek Styblik
6946febd101SZdenek Styblik curr_uid = user_id ? user_id : 1;
6956febd101SZdenek Styblik do {
6966febd101SZdenek Styblik memset(&user_access, 0, sizeof(user_access));
6976febd101SZdenek Styblik user_access.channel = channel;
6986febd101SZdenek Styblik user_access.user_id = curr_uid;
6996febd101SZdenek Styblik ccode = _ipmi_get_user_access(intf, &user_access);
7006febd101SZdenek Styblik if (eval_ccode(ccode) != 0) {
7016febd101SZdenek Styblik lprintf(LOG_ERR,
7026febd101SZdenek Styblik "Unable to Get User Access (channel %d id %d)",
7036febd101SZdenek Styblik channel, curr_uid);
7046febd101SZdenek Styblik return (-1);
705c18ec02fSPetter Reinholdtsen }
706c18ec02fSPetter Reinholdtsen
7076febd101SZdenek Styblik memset(&user_name, 0, sizeof(user_name));
7086febd101SZdenek Styblik user_name.user_id = curr_uid;
7096febd101SZdenek Styblik ccode = _ipmi_get_user_name(intf, &user_name);
7106febd101SZdenek Styblik if (eval_ccode(ccode) != 0) {
7116febd101SZdenek Styblik lprintf(LOG_ERR, "Unable to Get User Name (id %d)", curr_uid);
7126febd101SZdenek Styblik return (-1);
7136febd101SZdenek Styblik }
7146febd101SZdenek Styblik if (init) {
7156febd101SZdenek Styblik printf("Maximum User IDs : %d\n", user_access.max_user_ids);
7166febd101SZdenek Styblik printf("Enabled User IDs : %d\n", user_access.enabled_user_ids);
7176febd101SZdenek Styblik max_uid = user_access.max_user_ids;
7186febd101SZdenek Styblik init = 0;
7196febd101SZdenek Styblik }
7206febd101SZdenek Styblik
7216febd101SZdenek Styblik printf("\n");
7226febd101SZdenek Styblik printf("User ID : %d\n", curr_uid);
7236febd101SZdenek Styblik printf("User Name : %s\n", user_name.user_name);
7246febd101SZdenek Styblik printf("Fixed Name : %s\n",
7256febd101SZdenek Styblik (curr_uid <= user_access.fixed_user_ids) ? "Yes" : "No");
7266febd101SZdenek Styblik printf("Access Available : %s\n",
7276febd101SZdenek Styblik (user_access.callin_callback) ? "callback" : "call-in / callback");
7286febd101SZdenek Styblik printf("Link Authentication : %sabled\n",
7296febd101SZdenek Styblik (user_access.link_auth) ? "en" : "dis");
7306febd101SZdenek Styblik printf("IPMI Messaging : %sabled\n",
7316febd101SZdenek Styblik (user_access.ipmi_messaging) ? "en" : "dis");
7326febd101SZdenek Styblik printf("Privilege Level : %s\n",
7336febd101SZdenek Styblik val2str(user_access.privilege_limit, ipmi_privlvl_vals));
7346febd101SZdenek Styblik
7356febd101SZdenek Styblik curr_uid ++;
7366febd101SZdenek Styblik } while (!user_id && curr_uid <= max_uid);
7376febd101SZdenek Styblik
7386febd101SZdenek Styblik return 0;
739c18ec02fSPetter Reinholdtsen }
740c18ec02fSPetter Reinholdtsen
741585cb7c8SZdenek Styblik /* ipmi_set_user_access - Query BMC for current Channel ACLs, parse CLI args
742585cb7c8SZdenek Styblik * and update current ACLs.
743585cb7c8SZdenek Styblik *
744585cb7c8SZdenek Styblik * returns - 0 on success, (-1) on error
745585cb7c8SZdenek Styblik */
746e4be291cSZdenek Styblik int
ipmi_set_user_access(struct ipmi_intf * intf,int argc,char ** argv)747e4be291cSZdenek Styblik ipmi_set_user_access(struct ipmi_intf *intf, int argc, char **argv)
748e4be291cSZdenek Styblik {
749e4be291cSZdenek Styblik struct user_access_t user_access = {0};
750e4be291cSZdenek Styblik int ccode = 0;
751e4be291cSZdenek Styblik int i = 0;
752e4be291cSZdenek Styblik uint8_t channel = 0;
753e4be291cSZdenek Styblik uint8_t priv = 0;
754e4be291cSZdenek Styblik uint8_t user_id = 0;
755e4be291cSZdenek Styblik if (argc > 0 && strncmp(argv[0], "help", 4) == 0) {
756e4be291cSZdenek Styblik printf_channel_usage();
757e4be291cSZdenek Styblik return 0;
758e4be291cSZdenek Styblik } else if (argc < 3) {
759e4be291cSZdenek Styblik lprintf(LOG_ERR, "Not enough parameters given.");
760e4be291cSZdenek Styblik printf_channel_usage();
761e4be291cSZdenek Styblik return (-1);
762e4be291cSZdenek Styblik }
763e4be291cSZdenek Styblik if (is_ipmi_channel_num(argv[0], &channel) != 0
764e4be291cSZdenek Styblik || is_ipmi_user_id(argv[1], &user_id) != 0) {
765e4be291cSZdenek Styblik return (-1);
766e4be291cSZdenek Styblik }
767e4be291cSZdenek Styblik user_access.channel = channel;
768e4be291cSZdenek Styblik user_access.user_id = user_id;
769e4be291cSZdenek Styblik ccode = _ipmi_get_user_access(intf, &user_access);
770e4be291cSZdenek Styblik if (eval_ccode(ccode) != 0) {
771e4be291cSZdenek Styblik lprintf(LOG_ERR,
772e4be291cSZdenek Styblik "Unable to Get User Access (channel %d id %d)",
773e4be291cSZdenek Styblik channel, user_id);
774e4be291cSZdenek Styblik return (-1);
775e4be291cSZdenek Styblik }
776e4be291cSZdenek Styblik for (i = 3; i < argc; i ++) {
777e4be291cSZdenek Styblik if (strncmp(argv[i], "callin=", 7) == 0) {
778e4be291cSZdenek Styblik if (strncmp(argv[i] + 7, "off", 3) == 0) {
779e4be291cSZdenek Styblik user_access.callin_callback = 1;
780e4be291cSZdenek Styblik } else {
781e4be291cSZdenek Styblik user_access.callin_callback = 0;
782e4be291cSZdenek Styblik }
783e4be291cSZdenek Styblik } else if (strncmp(argv[i], "link=", 5) == 0) {
784e4be291cSZdenek Styblik if (strncmp(argv[i] + 5, "off", 3) == 0) {
785e4be291cSZdenek Styblik user_access.link_auth = 0;
786e4be291cSZdenek Styblik } else {
787e4be291cSZdenek Styblik user_access.link_auth = 1;
788e4be291cSZdenek Styblik }
789e4be291cSZdenek Styblik } else if (strncmp(argv[i], "ipmi=", 5) == 0) {
790e4be291cSZdenek Styblik if (strncmp(argv[i] + 5, "off", 3) == 0) {
791e4be291cSZdenek Styblik user_access.ipmi_messaging = 0;
792e4be291cSZdenek Styblik } else {
793e4be291cSZdenek Styblik user_access.ipmi_messaging = 1;
794e4be291cSZdenek Styblik }
795e4be291cSZdenek Styblik } else if (strncmp(argv[i], "privilege=", 10) == 0) {
796e4be291cSZdenek Styblik if (str2uchar(argv[i] + 10, &priv) != 0) {
797e4be291cSZdenek Styblik lprintf(LOG_ERR,
798e4be291cSZdenek Styblik "Numeric value expected, but '%s' given.",
799e4be291cSZdenek Styblik argv[i] + 10);
800e4be291cSZdenek Styblik return (-1);
801e4be291cSZdenek Styblik }
802e4be291cSZdenek Styblik user_access.privilege_limit = priv;
803e4be291cSZdenek Styblik } else {
804e4be291cSZdenek Styblik lprintf(LOG_ERR, "Invalid option: %s\n", argv[i]);
805e4be291cSZdenek Styblik return (-1);
806e4be291cSZdenek Styblik }
807e4be291cSZdenek Styblik }
808708be8bcSZdenek Styblik ccode = _ipmi_set_user_access(intf, &user_access, 0);
809e4be291cSZdenek Styblik if (eval_ccode(ccode) != 0) {
810e4be291cSZdenek Styblik lprintf(LOG_ERR,
811e4be291cSZdenek Styblik "Unable to Set User Access (channel %d id %d)",
812e4be291cSZdenek Styblik channel, user_id);
813e4be291cSZdenek Styblik return (-1);
814e4be291cSZdenek Styblik }
815e4be291cSZdenek Styblik printf("Set User Access (channel %d id %d) successful.\n",
816e4be291cSZdenek Styblik channel, user_id);
817e4be291cSZdenek Styblik return 0;
818e4be291cSZdenek Styblik }
819c18ec02fSPetter Reinholdtsen
820c18ec02fSPetter Reinholdtsen int
ipmi_channel_main(struct ipmi_intf * intf,int argc,char ** argv)821c18ec02fSPetter Reinholdtsen ipmi_channel_main(struct ipmi_intf *intf, int argc, char **argv)
822c18ec02fSPetter Reinholdtsen {
823c18ec02fSPetter Reinholdtsen int retval = 0;
824a87b2cccSZdenek Styblik uint8_t channel;
825a87b2cccSZdenek Styblik uint8_t priv = 0;
8260562c809SZdenek Styblik if (argc < 1) {
8270562c809SZdenek Styblik lprintf(LOG_ERR, "Not enough parameters given.");
828c18ec02fSPetter Reinholdtsen printf_channel_usage();
8290562c809SZdenek Styblik return (-1);
8300562c809SZdenek Styblik } else if (strncmp(argv[0], "help", 4) == 0) {
8310562c809SZdenek Styblik printf_channel_usage();
8320562c809SZdenek Styblik return 0;
833a87b2cccSZdenek Styblik } else if (strncmp(argv[0], "authcap", 7) == 0) {
834c18ec02fSPetter Reinholdtsen if (argc != 3) {
835c18ec02fSPetter Reinholdtsen printf_channel_usage();
836c18ec02fSPetter Reinholdtsen return (-1);
8370562c809SZdenek Styblik }
838140add9dSZdenek Styblik if (is_ipmi_channel_num(argv[1], &channel) != 0
839140add9dSZdenek Styblik || is_ipmi_user_priv_limit(argv[2], &priv) != 0) {
840c18ec02fSPetter Reinholdtsen return (-1);
841c18ec02fSPetter Reinholdtsen }
842c18ec02fSPetter Reinholdtsen retval = ipmi_get_channel_auth_cap(intf, channel, priv);
843a87b2cccSZdenek Styblik } else if (strncmp(argv[0], "getaccess", 10) == 0) {
844140add9dSZdenek Styblik uint8_t user_id = 0;
8450562c809SZdenek Styblik if ((argc < 2) || (argc > 3)) {
846e4be291cSZdenek Styblik lprintf(LOG_ERR, "Not enough parameters given.");
8470562c809SZdenek Styblik printf_channel_usage();
8480562c809SZdenek Styblik return (-1);
8490562c809SZdenek Styblik }
850140add9dSZdenek Styblik if (is_ipmi_channel_num(argv[1], &channel) != 0) {
851c18ec02fSPetter Reinholdtsen return (-1);
852c18ec02fSPetter Reinholdtsen }
853c18ec02fSPetter Reinholdtsen if (argc == 3) {
854140add9dSZdenek Styblik if (is_ipmi_user_id(argv[2], &user_id) != 0) {
855c18ec02fSPetter Reinholdtsen return (-1);
856c18ec02fSPetter Reinholdtsen }
857c18ec02fSPetter Reinholdtsen }
858140add9dSZdenek Styblik retval = ipmi_get_user_access(intf, channel, user_id);
859a87b2cccSZdenek Styblik } else if (strncmp(argv[0], "setaccess", 9) == 0) {
860e4be291cSZdenek Styblik return ipmi_set_user_access(intf, (argc - 1), &(argv[1]));
861a87b2cccSZdenek Styblik } else if (strncmp(argv[0], "info", 4) == 0) {
862140add9dSZdenek Styblik channel = 0xE;
863a87b2cccSZdenek Styblik if (argc > 2) {
864c18ec02fSPetter Reinholdtsen printf_channel_usage();
8650562c809SZdenek Styblik return (-1);
8660562c809SZdenek Styblik }
867c18ec02fSPetter Reinholdtsen if (argc == 2) {
868140add9dSZdenek Styblik if (is_ipmi_channel_num(argv[1], &channel) != 0) {
869c18ec02fSPetter Reinholdtsen return (-1);
870c18ec02fSPetter Reinholdtsen }
871c18ec02fSPetter Reinholdtsen }
872140add9dSZdenek Styblik retval = ipmi_get_channel_info(intf, channel);
873a87b2cccSZdenek Styblik } else if (strncmp(argv[0], "getciphers", 10) == 0) {
8740562c809SZdenek Styblik /* channel getciphers <ipmi|sol> [channel] */
875140add9dSZdenek Styblik channel = 0xE;
876c18ec02fSPetter Reinholdtsen if ((argc < 2) || (argc > 3) ||
877a87b2cccSZdenek Styblik (strncmp(argv[1], "ipmi", 4) && strncmp(argv[1], "sol", 3))) {
878c18ec02fSPetter Reinholdtsen printf_channel_usage();
8790562c809SZdenek Styblik return (-1);
8800562c809SZdenek Styblik }
881c18ec02fSPetter Reinholdtsen if (argc == 3) {
882140add9dSZdenek Styblik if (is_ipmi_channel_num(argv[1], &channel) != 0) {
883c18ec02fSPetter Reinholdtsen return (-1);
884c18ec02fSPetter Reinholdtsen }
885c18ec02fSPetter Reinholdtsen }
886c18ec02fSPetter Reinholdtsen retval = ipmi_get_channel_cipher_suites(intf,
8870562c809SZdenek Styblik argv[1], /* ipmi | sol */
888140add9dSZdenek Styblik channel);
889a87b2cccSZdenek Styblik } else {
890278dc84bSZdenek Styblik lprintf(LOG_ERR, "Invalid CHANNEL command: %s\n", argv[0]);
891c18ec02fSPetter Reinholdtsen printf_channel_usage();
892c18ec02fSPetter Reinholdtsen retval = -1;
893c18ec02fSPetter Reinholdtsen }
894c18ec02fSPetter Reinholdtsen return retval;
895c18ec02fSPetter Reinholdtsen }
8966febd101SZdenek Styblik
8976febd101SZdenek Styblik /* printf_channel_usage - print-out help. */
8986febd101SZdenek Styblik void
printf_channel_usage()8996febd101SZdenek Styblik printf_channel_usage()
9006febd101SZdenek Styblik {
9016febd101SZdenek Styblik lprintf(LOG_NOTICE,
9026febd101SZdenek Styblik "Channel Commands: authcap <channel number> <max privilege>");
9036febd101SZdenek Styblik lprintf(LOG_NOTICE,
9046febd101SZdenek Styblik " getaccess <channel number> [user id]");
9056febd101SZdenek Styblik lprintf(LOG_NOTICE,
9066febd101SZdenek Styblik " setaccess <channel number> "
9076febd101SZdenek Styblik "<user id> [callin=on|off] [ipmi=on|off] [link=on|off] [privilege=level]");
9086febd101SZdenek Styblik lprintf(LOG_NOTICE,
9096febd101SZdenek Styblik " info [channel number]");
9106febd101SZdenek Styblik lprintf(LOG_NOTICE,
9116febd101SZdenek Styblik " getciphers <ipmi | sol> [channel]");
9126febd101SZdenek Styblik lprintf(LOG_NOTICE,
9136febd101SZdenek Styblik "");
9146febd101SZdenek Styblik lprintf(LOG_NOTICE,
9156febd101SZdenek Styblik "Possible privilege levels are:");
9166febd101SZdenek Styblik lprintf(LOG_NOTICE,
9176febd101SZdenek Styblik " 1 Callback level");
9186febd101SZdenek Styblik lprintf(LOG_NOTICE,
9196febd101SZdenek Styblik " 2 User level");
9206febd101SZdenek Styblik lprintf(LOG_NOTICE,
9216febd101SZdenek Styblik " 3 Operator level");
9226febd101SZdenek Styblik lprintf(LOG_NOTICE,
9236febd101SZdenek Styblik " 4 Administrator level");
9246febd101SZdenek Styblik lprintf(LOG_NOTICE,
9256febd101SZdenek Styblik " 5 OEM Proprietary level");
9266febd101SZdenek Styblik lprintf(LOG_NOTICE,
9276febd101SZdenek Styblik " 15 No access");
9286febd101SZdenek Styblik }
929