1c18ec02fSPetter Reinholdtsen /* -*-mode: C; indent-tabs-mode: t; -*- 2c18ec02fSPetter Reinholdtsen * Copyright (c) 2003 Sun Microsystems, Inc. All Rights Reserved. 3c18ec02fSPetter Reinholdtsen * 4c18ec02fSPetter Reinholdtsen * Redistribution and use in source and binary forms, with or without 5c18ec02fSPetter Reinholdtsen * modification, are permitted provided that the following conditions 6c18ec02fSPetter Reinholdtsen * are met: 7c18ec02fSPetter Reinholdtsen * 8c18ec02fSPetter Reinholdtsen * Redistribution of source code must retain the above copyright 9c18ec02fSPetter Reinholdtsen * notice, this list of conditions and the following disclaimer. 10c18ec02fSPetter Reinholdtsen * 11c18ec02fSPetter Reinholdtsen * Redistribution in binary form must reproduce the above copyright 12c18ec02fSPetter Reinholdtsen * notice, this list of conditions and the following disclaimer in the 13c18ec02fSPetter Reinholdtsen * documentation and/or other materials provided with the distribution. 14c18ec02fSPetter Reinholdtsen * 15c18ec02fSPetter Reinholdtsen * Neither the name of Sun Microsystems, Inc. or the names of 16c18ec02fSPetter Reinholdtsen * contributors may be used to endorse or promote products derived 17c18ec02fSPetter Reinholdtsen * from this software without specific prior written permission. 18c18ec02fSPetter Reinholdtsen * 19c18ec02fSPetter Reinholdtsen * This software is provided "AS IS," without a warranty of any kind. 20c18ec02fSPetter Reinholdtsen * ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, 21c18ec02fSPetter Reinholdtsen * INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A 22c18ec02fSPetter Reinholdtsen * PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. 23c18ec02fSPetter Reinholdtsen * SUN MICROSYSTEMS, INC. ("SUN") AND ITS LICENSORS SHALL NOT BE LIABLE 24c18ec02fSPetter Reinholdtsen * FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING 25c18ec02fSPetter Reinholdtsen * OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL 26c18ec02fSPetter Reinholdtsen * SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, 27c18ec02fSPetter Reinholdtsen * OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR 28c18ec02fSPetter Reinholdtsen * PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF 29c18ec02fSPetter Reinholdtsen * LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, 30c18ec02fSPetter Reinholdtsen * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 31c18ec02fSPetter Reinholdtsen */ 32c18ec02fSPetter Reinholdtsen 33c18ec02fSPetter Reinholdtsen #include <stdlib.h> 34c18ec02fSPetter Reinholdtsen #include <stdio.h> 35c18ec02fSPetter Reinholdtsen #include <string.h> 36c18ec02fSPetter Reinholdtsen #include <strings.h> 37c18ec02fSPetter Reinholdtsen #include <sys/types.h> 38c18ec02fSPetter Reinholdtsen #include <sys/socket.h> 39c18ec02fSPetter Reinholdtsen #include <netinet/in.h> 40c18ec02fSPetter Reinholdtsen #include <arpa/inet.h> 41c18ec02fSPetter Reinholdtsen #include <errno.h> 42c18ec02fSPetter Reinholdtsen #include <unistd.h> 43c18ec02fSPetter Reinholdtsen #include <signal.h> 44c18ec02fSPetter Reinholdtsen 45c18ec02fSPetter Reinholdtsen #include <ipmitool/ipmi.h> 46c18ec02fSPetter Reinholdtsen #include <ipmitool/ipmi_intf.h> 47c18ec02fSPetter Reinholdtsen #include <ipmitool/helper.h> 48c18ec02fSPetter Reinholdtsen #include <ipmitool/log.h> 49c18ec02fSPetter Reinholdtsen #include <ipmitool/ipmi_lanp.h> 50c18ec02fSPetter Reinholdtsen #include <ipmitool/ipmi_channel.h> 51c18ec02fSPetter Reinholdtsen #include <ipmitool/ipmi_strings.h> 52c18ec02fSPetter Reinholdtsen #include <ipmitool/ipmi_constants.h> 53c18ec02fSPetter Reinholdtsen 54c18ec02fSPetter Reinholdtsen extern int csv_output; 55c18ec02fSPetter Reinholdtsen extern int verbose; 56c18ec02fSPetter Reinholdtsen 57c18ec02fSPetter Reinholdtsen void printf_channel_usage (void); 58c18ec02fSPetter Reinholdtsen 59c18ec02fSPetter Reinholdtsen /** 60c18ec02fSPetter Reinholdtsen * ipmi_1_5_authtypes 61c18ec02fSPetter Reinholdtsen * 62c18ec02fSPetter Reinholdtsen * Create a string describing the supported authentication types as 63c18ec02fSPetter Reinholdtsen * specificed by the parameter n 64c18ec02fSPetter Reinholdtsen */ 65c18ec02fSPetter Reinholdtsen static const char * 66c18ec02fSPetter Reinholdtsen ipmi_1_5_authtypes(uint8_t n) 67c18ec02fSPetter Reinholdtsen { 68c18ec02fSPetter Reinholdtsen uint32_t i; 69c18ec02fSPetter Reinholdtsen static char supportedTypes[128]; 70c18ec02fSPetter Reinholdtsen 71*0a1f5c03SZdenek Styblik memset(supportedTypes, 0, sizeof(supportedTypes)); 72c18ec02fSPetter Reinholdtsen for (i = 0; ipmi_authtype_vals[i].val != 0; i++) { 73c18ec02fSPetter Reinholdtsen if (n & ipmi_authtype_vals[i].val) { 74c18ec02fSPetter Reinholdtsen strcat(supportedTypes, ipmi_authtype_vals[i].str); 75c18ec02fSPetter Reinholdtsen strcat(supportedTypes, " "); 76c18ec02fSPetter Reinholdtsen } 77c18ec02fSPetter Reinholdtsen } 78c18ec02fSPetter Reinholdtsen 79c18ec02fSPetter Reinholdtsen return supportedTypes; 80c18ec02fSPetter Reinholdtsen } 81c18ec02fSPetter Reinholdtsen 82c18ec02fSPetter Reinholdtsen 83c18ec02fSPetter Reinholdtsen 84c18ec02fSPetter Reinholdtsen /** 85c18ec02fSPetter Reinholdtsen * ipmi_get_channel_auth_cap 86c18ec02fSPetter Reinholdtsen * 87c18ec02fSPetter Reinholdtsen * return 0 on success 88c18ec02fSPetter Reinholdtsen * -1 on failure 89c18ec02fSPetter Reinholdtsen */ 90c18ec02fSPetter Reinholdtsen int 91a87b2cccSZdenek Styblik ipmi_get_channel_auth_cap(struct ipmi_intf *intf, uint8_t channel, uint8_t priv) 92c18ec02fSPetter Reinholdtsen { 93c18ec02fSPetter Reinholdtsen struct ipmi_rs *rsp; 94c18ec02fSPetter Reinholdtsen struct ipmi_rq req; 95c18ec02fSPetter Reinholdtsen struct get_channel_auth_cap_rsp auth_cap; 96c18ec02fSPetter Reinholdtsen uint8_t msg_data[2]; 97c18ec02fSPetter Reinholdtsen 98a87b2cccSZdenek Styblik /* Ask for IPMI v2 data as well */ 99a87b2cccSZdenek Styblik msg_data[0] = channel | 0x80; 100c18ec02fSPetter Reinholdtsen msg_data[1] = priv; 101c18ec02fSPetter Reinholdtsen 102c18ec02fSPetter Reinholdtsen memset(&req, 0, sizeof(req)); 103a87b2cccSZdenek Styblik req.msg.netfn = IPMI_NETFN_APP; 104a87b2cccSZdenek Styblik req.msg.cmd = IPMI_GET_CHANNEL_AUTH_CAP; 105c18ec02fSPetter Reinholdtsen req.msg.data = msg_data; 106c18ec02fSPetter Reinholdtsen req.msg.data_len = 2; 107c18ec02fSPetter Reinholdtsen 108c18ec02fSPetter Reinholdtsen rsp = intf->sendrecv(intf, &req); 109c18ec02fSPetter Reinholdtsen 110c18ec02fSPetter Reinholdtsen if ((rsp == NULL) || (rsp->ccode > 0)) { 111c18ec02fSPetter Reinholdtsen /* 112c18ec02fSPetter Reinholdtsen * It's very possible that this failed because we asked for IPMI v2 data 113c18ec02fSPetter Reinholdtsen * Ask again, without requesting IPMI v2 data 114c18ec02fSPetter Reinholdtsen */ 115c18ec02fSPetter Reinholdtsen msg_data[0] &= 0x7F; 116c18ec02fSPetter Reinholdtsen 117c18ec02fSPetter Reinholdtsen rsp = intf->sendrecv(intf, &req); 118c18ec02fSPetter Reinholdtsen if (rsp == NULL) { 119c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Unable to Get Channel Authentication Capabilities"); 120a87b2cccSZdenek Styblik return (-1); 121c18ec02fSPetter Reinholdtsen } 122c18ec02fSPetter Reinholdtsen if (rsp->ccode > 0) { 123c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Get Channel Authentication Capabilities failed: %s", 124c18ec02fSPetter Reinholdtsen val2str(rsp->ccode, completion_code_vals)); 125a87b2cccSZdenek Styblik return (-1); 126c18ec02fSPetter Reinholdtsen } 127c18ec02fSPetter Reinholdtsen } 128c18ec02fSPetter Reinholdtsen 129c18ec02fSPetter Reinholdtsen memcpy(&auth_cap, rsp->data, sizeof(struct get_channel_auth_cap_rsp)); 130c18ec02fSPetter Reinholdtsen 131c18ec02fSPetter Reinholdtsen printf("Channel number : %d\n", 132c18ec02fSPetter Reinholdtsen auth_cap.channel_number); 133c18ec02fSPetter Reinholdtsen printf("IPMI v1.5 auth types : %s\n", 134c18ec02fSPetter Reinholdtsen ipmi_1_5_authtypes(auth_cap.enabled_auth_types)); 135c18ec02fSPetter Reinholdtsen 136a87b2cccSZdenek Styblik if (auth_cap.v20_data_available) { 137c18ec02fSPetter Reinholdtsen printf("KG status : %s\n", 138c18ec02fSPetter Reinholdtsen (auth_cap.kg_status) ? "non-zero" : "default (all zeroes)"); 139a87b2cccSZdenek Styblik } 140c18ec02fSPetter Reinholdtsen 141c18ec02fSPetter Reinholdtsen printf("Per message authentication : %sabled\n", 142c18ec02fSPetter Reinholdtsen (auth_cap.per_message_auth) ? "dis" : "en"); 143c18ec02fSPetter Reinholdtsen printf("User level authentication : %sabled\n", 144c18ec02fSPetter Reinholdtsen (auth_cap.user_level_auth) ? "dis" : "en"); 145c18ec02fSPetter Reinholdtsen 146c18ec02fSPetter Reinholdtsen printf("Non-null user names exist : %s\n", 147c18ec02fSPetter Reinholdtsen (auth_cap.non_null_usernames) ? "yes" : "no"); 148c18ec02fSPetter Reinholdtsen printf("Null user names exist : %s\n", 149c18ec02fSPetter Reinholdtsen (auth_cap.null_usernames) ? "yes" : "no"); 150c18ec02fSPetter Reinholdtsen printf("Anonymous login enabled : %s\n", 151c18ec02fSPetter Reinholdtsen (auth_cap.anon_login_enabled) ? "yes" : "no"); 152c18ec02fSPetter Reinholdtsen 153c18ec02fSPetter Reinholdtsen if (auth_cap.v20_data_available) { 154c18ec02fSPetter Reinholdtsen printf("Channel supports IPMI v1.5 : %s\n", 155c18ec02fSPetter Reinholdtsen (auth_cap.ipmiv15_support) ? "yes" : "no"); 156c18ec02fSPetter Reinholdtsen printf("Channel supports IPMI v2.0 : %s\n", 157c18ec02fSPetter Reinholdtsen (auth_cap.ipmiv20_support) ? "yes" : "no"); 158c18ec02fSPetter Reinholdtsen } 159c18ec02fSPetter Reinholdtsen 160c18ec02fSPetter Reinholdtsen /* 161c18ec02fSPetter Reinholdtsen * If there is support for an OEM authentication type, there is some 162c18ec02fSPetter Reinholdtsen * information. 163c18ec02fSPetter Reinholdtsen */ 164c18ec02fSPetter Reinholdtsen if (auth_cap.enabled_auth_types & IPMI_1_5_AUTH_TYPE_BIT_OEM) { 165c18ec02fSPetter Reinholdtsen printf("IANA Number for OEM : %d\n", 166c18ec02fSPetter Reinholdtsen auth_cap.oem_id[0] | 167c18ec02fSPetter Reinholdtsen auth_cap.oem_id[1] << 8 | 168c18ec02fSPetter Reinholdtsen auth_cap.oem_id[2] << 16); 169c18ec02fSPetter Reinholdtsen printf("OEM Auxiliary Data : 0x%x\n", 170c18ec02fSPetter Reinholdtsen auth_cap.oem_aux_data); 171c18ec02fSPetter Reinholdtsen } 172c18ec02fSPetter Reinholdtsen 173c18ec02fSPetter Reinholdtsen return 0; 174c18ec02fSPetter Reinholdtsen } 175c18ec02fSPetter Reinholdtsen 176c18ec02fSPetter Reinholdtsen 177c18ec02fSPetter Reinholdtsen 178c18ec02fSPetter Reinholdtsen /** 179c18ec02fSPetter Reinholdtsen * ipmi_get_channel_info 180c18ec02fSPetter Reinholdtsen * 181c18ec02fSPetter Reinholdtsen * returns 0 on success 182c18ec02fSPetter Reinholdtsen * -1 on failure 183c18ec02fSPetter Reinholdtsen * 184c18ec02fSPetter Reinholdtsen */ 185c18ec02fSPetter Reinholdtsen int 186c18ec02fSPetter Reinholdtsen ipmi_get_channel_info(struct ipmi_intf *intf, uint8_t channel) 187c18ec02fSPetter Reinholdtsen { 188c18ec02fSPetter Reinholdtsen struct ipmi_rs *rsp; 189c18ec02fSPetter Reinholdtsen struct ipmi_rq req; 190c18ec02fSPetter Reinholdtsen uint8_t rqdata[2]; 191c18ec02fSPetter Reinholdtsen uint8_t medium; 192c18ec02fSPetter Reinholdtsen struct get_channel_info_rsp channel_info; 193c18ec02fSPetter Reinholdtsen struct get_channel_access_rsp channel_access; 194c18ec02fSPetter Reinholdtsen 195c18ec02fSPetter Reinholdtsen memset(&req, 0, sizeof(req)); 196a87b2cccSZdenek Styblik req.msg.netfn = IPMI_NETFN_APP; 197a87b2cccSZdenek Styblik req.msg.cmd = IPMI_GET_CHANNEL_INFO; 198c18ec02fSPetter Reinholdtsen req.msg.data = &channel; 199c18ec02fSPetter Reinholdtsen req.msg.data_len = 1; 200c18ec02fSPetter Reinholdtsen 201c18ec02fSPetter Reinholdtsen rsp = intf->sendrecv(intf, &req); 202c18ec02fSPetter Reinholdtsen if (rsp == NULL) { 203c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Unable to Get Channel Info"); 204c18ec02fSPetter Reinholdtsen return -1; 205c18ec02fSPetter Reinholdtsen } 206c18ec02fSPetter Reinholdtsen if (rsp->ccode > 0) { 207c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Get Channel Info failed: %s", 208c18ec02fSPetter Reinholdtsen val2str(rsp->ccode, completion_code_vals)); 209c18ec02fSPetter Reinholdtsen return -1; 210c18ec02fSPetter Reinholdtsen } 211c18ec02fSPetter Reinholdtsen 212c18ec02fSPetter Reinholdtsen memcpy(&channel_info, rsp->data, sizeof(struct get_channel_info_rsp)); 213c18ec02fSPetter Reinholdtsen 214c18ec02fSPetter Reinholdtsen printf("Channel 0x%x info:\n", channel_info.channel_number); 215c18ec02fSPetter Reinholdtsen 216c18ec02fSPetter Reinholdtsen printf(" Channel Medium Type : %s\n", 217c18ec02fSPetter Reinholdtsen val2str(channel_info.channel_medium, ipmi_channel_medium_vals)); 218c18ec02fSPetter Reinholdtsen 219c18ec02fSPetter Reinholdtsen printf(" Channel Protocol Type : %s\n", 220c18ec02fSPetter Reinholdtsen val2str(channel_info.channel_protocol, ipmi_channel_protocol_vals)); 221c18ec02fSPetter Reinholdtsen 222c18ec02fSPetter Reinholdtsen printf(" Session Support : "); 223c18ec02fSPetter Reinholdtsen switch (channel_info.session_support) { 224c18ec02fSPetter Reinholdtsen case 0x0: 225c18ec02fSPetter Reinholdtsen printf("session-less\n"); 226c18ec02fSPetter Reinholdtsen break; 227c18ec02fSPetter Reinholdtsen case 0x1: 228c18ec02fSPetter Reinholdtsen printf("single-session\n"); 229c18ec02fSPetter Reinholdtsen break; 230c18ec02fSPetter Reinholdtsen case 0x2: 231c18ec02fSPetter Reinholdtsen printf("multi-session\n"); 232c18ec02fSPetter Reinholdtsen break; 233c18ec02fSPetter Reinholdtsen case 0x3: 234c18ec02fSPetter Reinholdtsen default: 235c18ec02fSPetter Reinholdtsen printf("session-based\n"); 236c18ec02fSPetter Reinholdtsen break; 237c18ec02fSPetter Reinholdtsen } 238c18ec02fSPetter Reinholdtsen 239c18ec02fSPetter Reinholdtsen printf(" Active Session Count : %d\n", 240c18ec02fSPetter Reinholdtsen channel_info.active_sessions); 241c18ec02fSPetter Reinholdtsen 242c18ec02fSPetter Reinholdtsen printf(" Protocol Vendor ID : %d\n", 243c18ec02fSPetter Reinholdtsen channel_info.vendor_id[0] | 244c18ec02fSPetter Reinholdtsen channel_info.vendor_id[1] << 8 | 245c18ec02fSPetter Reinholdtsen channel_info.vendor_id[2] << 16); 246c18ec02fSPetter Reinholdtsen 247c18ec02fSPetter Reinholdtsen 248c18ec02fSPetter Reinholdtsen /* only proceed if this is LAN channel */ 249c18ec02fSPetter Reinholdtsen medium = ipmi_get_channel_medium(intf, channel); 250c18ec02fSPetter Reinholdtsen if (medium != IPMI_CHANNEL_MEDIUM_LAN && 251c18ec02fSPetter Reinholdtsen medium != IPMI_CHANNEL_MEDIUM_LAN_OTHER) { 252c18ec02fSPetter Reinholdtsen return 0; 253c18ec02fSPetter Reinholdtsen } 254c18ec02fSPetter Reinholdtsen 255c18ec02fSPetter Reinholdtsen memset(&req, 0, sizeof(req)); 256c18ec02fSPetter Reinholdtsen rqdata[0] = channel & 0xf; 257c18ec02fSPetter Reinholdtsen 258c18ec02fSPetter Reinholdtsen /* get volatile settings */ 259c18ec02fSPetter Reinholdtsen rqdata[1] = 0x80; /* 0x80=active */ 260a87b2cccSZdenek Styblik req.msg.netfn = IPMI_NETFN_APP; 261a87b2cccSZdenek Styblik req.msg.cmd = IPMI_GET_CHANNEL_ACCESS; 262c18ec02fSPetter Reinholdtsen req.msg.data = rqdata; 263c18ec02fSPetter Reinholdtsen req.msg.data_len = 2; 264c18ec02fSPetter Reinholdtsen 265c18ec02fSPetter Reinholdtsen rsp = intf->sendrecv(intf, &req); 266c18ec02fSPetter Reinholdtsen if (rsp == NULL) { 267c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Unable to Get Channel Access (volatile)"); 268c18ec02fSPetter Reinholdtsen return -1; 269c18ec02fSPetter Reinholdtsen } 270c18ec02fSPetter Reinholdtsen if (rsp->ccode > 0) { 271c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Get Channel Access (volatile) failed: %s", 272c18ec02fSPetter Reinholdtsen val2str(rsp->ccode, completion_code_vals)); 273c18ec02fSPetter Reinholdtsen return -1; 274c18ec02fSPetter Reinholdtsen } 275c18ec02fSPetter Reinholdtsen 276c18ec02fSPetter Reinholdtsen memcpy(&channel_access, rsp->data, sizeof(struct get_channel_access_rsp)); 277c18ec02fSPetter Reinholdtsen 278c18ec02fSPetter Reinholdtsen 279c18ec02fSPetter Reinholdtsen printf(" Volatile(active) Settings\n"); 280c18ec02fSPetter Reinholdtsen printf(" Alerting : %sabled\n", 281c18ec02fSPetter Reinholdtsen (channel_access.alerting) ? "dis" : "en"); 282c18ec02fSPetter Reinholdtsen printf(" Per-message Auth : %sabled\n", 283c18ec02fSPetter Reinholdtsen (channel_access.per_message_auth) ? "dis" : "en"); 284c18ec02fSPetter Reinholdtsen printf(" User Level Auth : %sabled\n", 285c18ec02fSPetter Reinholdtsen (channel_access.user_level_auth) ? "dis" : "en"); 286c18ec02fSPetter Reinholdtsen 287c18ec02fSPetter Reinholdtsen printf(" Access Mode : "); 288c18ec02fSPetter Reinholdtsen switch (channel_access.access_mode) { 289c18ec02fSPetter Reinholdtsen case 0: 290c18ec02fSPetter Reinholdtsen printf("disabled\n"); 291c18ec02fSPetter Reinholdtsen break; 292c18ec02fSPetter Reinholdtsen case 1: 293c18ec02fSPetter Reinholdtsen printf("pre-boot only\n"); 294c18ec02fSPetter Reinholdtsen break; 295c18ec02fSPetter Reinholdtsen case 2: 296c18ec02fSPetter Reinholdtsen printf("always available\n"); 297c18ec02fSPetter Reinholdtsen break; 298c18ec02fSPetter Reinholdtsen case 3: 299c18ec02fSPetter Reinholdtsen printf("shared\n"); 300c18ec02fSPetter Reinholdtsen break; 301c18ec02fSPetter Reinholdtsen default: 302c18ec02fSPetter Reinholdtsen printf("unknown\n"); 303c18ec02fSPetter Reinholdtsen break; 304c18ec02fSPetter Reinholdtsen } 305c18ec02fSPetter Reinholdtsen 306c18ec02fSPetter Reinholdtsen /* get non-volatile settings */ 307c18ec02fSPetter Reinholdtsen 308c18ec02fSPetter Reinholdtsen rqdata[1] = 0x40; /* 0x40=non-volatile */ 309c18ec02fSPetter Reinholdtsen rsp = intf->sendrecv(intf, &req); 310c18ec02fSPetter Reinholdtsen if (rsp == NULL) { 311c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Unable to Get Channel Access (non-volatile)"); 312c18ec02fSPetter Reinholdtsen return -1; 313c18ec02fSPetter Reinholdtsen } 314c18ec02fSPetter Reinholdtsen if (rsp->ccode > 0) { 315c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Get Channel Access (non-volatile) failed: %s", 316c18ec02fSPetter Reinholdtsen val2str(rsp->ccode, completion_code_vals)); 317c18ec02fSPetter Reinholdtsen return -1; 318c18ec02fSPetter Reinholdtsen } 319c18ec02fSPetter Reinholdtsen 320c18ec02fSPetter Reinholdtsen memcpy(&channel_access, rsp->data, sizeof(struct get_channel_access_rsp)); 321c18ec02fSPetter Reinholdtsen 322c18ec02fSPetter Reinholdtsen printf(" Non-Volatile Settings\n"); 323c18ec02fSPetter Reinholdtsen printf(" Alerting : %sabled\n", 324c18ec02fSPetter Reinholdtsen (channel_access.alerting) ? "dis" : "en"); 325c18ec02fSPetter Reinholdtsen printf(" Per-message Auth : %sabled\n", 326c18ec02fSPetter Reinholdtsen (channel_access.per_message_auth) ? "dis" : "en"); 327c18ec02fSPetter Reinholdtsen printf(" User Level Auth : %sabled\n", 328c18ec02fSPetter Reinholdtsen (channel_access.user_level_auth) ? "dis" : "en"); 329c18ec02fSPetter Reinholdtsen 330c18ec02fSPetter Reinholdtsen printf(" Access Mode : "); 331c18ec02fSPetter Reinholdtsen switch (channel_access.access_mode) { 332c18ec02fSPetter Reinholdtsen case 0: 333c18ec02fSPetter Reinholdtsen printf("disabled\n"); 334c18ec02fSPetter Reinholdtsen break; 335c18ec02fSPetter Reinholdtsen case 1: 336c18ec02fSPetter Reinholdtsen printf("pre-boot only\n"); 337c18ec02fSPetter Reinholdtsen break; 338c18ec02fSPetter Reinholdtsen case 2: 339c18ec02fSPetter Reinholdtsen printf("always available\n"); 340c18ec02fSPetter Reinholdtsen break; 341c18ec02fSPetter Reinholdtsen case 3: 342c18ec02fSPetter Reinholdtsen printf("shared\n"); 343c18ec02fSPetter Reinholdtsen break; 344c18ec02fSPetter Reinholdtsen default: 345c18ec02fSPetter Reinholdtsen printf("unknown\n"); 346c18ec02fSPetter Reinholdtsen break; 347c18ec02fSPetter Reinholdtsen } 348c18ec02fSPetter Reinholdtsen 349c18ec02fSPetter Reinholdtsen return 0; 350c18ec02fSPetter Reinholdtsen } 351c18ec02fSPetter Reinholdtsen 352c18ec02fSPetter Reinholdtsen static int 353c18ec02fSPetter Reinholdtsen ipmi_get_user_access(struct ipmi_intf *intf, uint8_t channel, uint8_t userid) 354c18ec02fSPetter Reinholdtsen { 355c18ec02fSPetter Reinholdtsen struct ipmi_rs *rsp; 356c18ec02fSPetter Reinholdtsen struct ipmi_rq req1, req2; 357c18ec02fSPetter Reinholdtsen uint8_t rqdata[2]; 358c18ec02fSPetter Reinholdtsen struct get_user_access_rsp user_access; 359a87b2cccSZdenek Styblik int curr_uid; 360a87b2cccSZdenek Styblik int max_uid = 0; 361a87b2cccSZdenek Styblik int init = 1; 362c18ec02fSPetter Reinholdtsen 363c18ec02fSPetter Reinholdtsen curr_uid = userid ? : 1; 364c18ec02fSPetter Reinholdtsen 365c18ec02fSPetter Reinholdtsen memset(&req1, 0, sizeof(req1)); 366c18ec02fSPetter Reinholdtsen req1.msg.netfn = IPMI_NETFN_APP; 367c18ec02fSPetter Reinholdtsen req1.msg.cmd = IPMI_GET_USER_ACCESS; 368c18ec02fSPetter Reinholdtsen req1.msg.data = rqdata; 369c18ec02fSPetter Reinholdtsen req1.msg.data_len = 2; 370c18ec02fSPetter Reinholdtsen 371c18ec02fSPetter Reinholdtsen memset(&req2, 0, sizeof(req2)); 372c18ec02fSPetter Reinholdtsen req2.msg.netfn = IPMI_NETFN_APP; 373c18ec02fSPetter Reinholdtsen req2.msg.cmd = IPMI_GET_USER_NAME; 374c18ec02fSPetter Reinholdtsen req2.msg.data = rqdata; 375c18ec02fSPetter Reinholdtsen req2.msg.data_len = 1; 376c18ec02fSPetter Reinholdtsen 377a87b2cccSZdenek Styblik do { 378c18ec02fSPetter Reinholdtsen rqdata[0] = channel & 0xf; 379c18ec02fSPetter Reinholdtsen rqdata[1] = curr_uid & 0x3f; 380c18ec02fSPetter Reinholdtsen 381c18ec02fSPetter Reinholdtsen rsp = intf->sendrecv(intf, &req1); 382c18ec02fSPetter Reinholdtsen if (rsp == NULL) { 383c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Unable to Get User Access (channel %d id %d)", 384c18ec02fSPetter Reinholdtsen rqdata[0], rqdata[1]); 385c18ec02fSPetter Reinholdtsen return -1; 386c18ec02fSPetter Reinholdtsen } 387c18ec02fSPetter Reinholdtsen if (rsp->ccode > 0) { 388c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Get User Access (channel %d id %d) failed: %s", 389c18ec02fSPetter Reinholdtsen rqdata[0], rqdata[1], 390c18ec02fSPetter Reinholdtsen val2str(rsp->ccode, completion_code_vals)); 391c18ec02fSPetter Reinholdtsen return -1; 392c18ec02fSPetter Reinholdtsen } 393c18ec02fSPetter Reinholdtsen 394c18ec02fSPetter Reinholdtsen memcpy(&user_access, rsp->data, sizeof(struct get_user_access_rsp)); 395c18ec02fSPetter Reinholdtsen 396c18ec02fSPetter Reinholdtsen rqdata[0] = curr_uid & 0x3f; 397c18ec02fSPetter Reinholdtsen 398c18ec02fSPetter Reinholdtsen rsp = intf->sendrecv(intf, &req2); 399c18ec02fSPetter Reinholdtsen if (rsp == NULL) { 400c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Unable to Get User Name (id %d)", rqdata[0]); 401c18ec02fSPetter Reinholdtsen return -1; 402c18ec02fSPetter Reinholdtsen } 403c18ec02fSPetter Reinholdtsen if (rsp->ccode > 0) { 404c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Get User Name (id %d) failed: %s", 405c18ec02fSPetter Reinholdtsen rqdata[0], val2str(rsp->ccode, completion_code_vals)); 406c18ec02fSPetter Reinholdtsen return -1; 407c18ec02fSPetter Reinholdtsen } 408c18ec02fSPetter Reinholdtsen 409c18ec02fSPetter Reinholdtsen if (init) { 410c18ec02fSPetter Reinholdtsen printf("Maximum User IDs : %d\n", user_access.max_user_ids); 411c18ec02fSPetter Reinholdtsen printf("Enabled User IDs : %d\n", user_access.enabled_user_ids); 412c18ec02fSPetter Reinholdtsen max_uid = user_access.max_user_ids; 413c18ec02fSPetter Reinholdtsen init = 0; 414c18ec02fSPetter Reinholdtsen } 415c18ec02fSPetter Reinholdtsen 416c18ec02fSPetter Reinholdtsen printf("\n"); 417c18ec02fSPetter Reinholdtsen printf("User ID : %d\n", curr_uid); 418c18ec02fSPetter Reinholdtsen printf("User Name : %s\n", rsp->data); 419c18ec02fSPetter Reinholdtsen printf("Fixed Name : %s\n", 420c18ec02fSPetter Reinholdtsen (curr_uid <= user_access.fixed_user_ids) ? "Yes" : "No"); 421c18ec02fSPetter Reinholdtsen printf("Access Available : %s\n", 422c18ec02fSPetter Reinholdtsen (user_access.callin_callback) ? "callback" : "call-in / callback"); 423c18ec02fSPetter Reinholdtsen printf("Link Authentication : %sabled\n", 424c18ec02fSPetter Reinholdtsen (user_access.link_auth) ? "en" : "dis"); 425c18ec02fSPetter Reinholdtsen printf("IPMI Messaging : %sabled\n", 426c18ec02fSPetter Reinholdtsen (user_access.ipmi_messaging) ? "en" : "dis"); 427c18ec02fSPetter Reinholdtsen printf("Privilege Level : %s\n", 428c18ec02fSPetter Reinholdtsen val2str(user_access.privilege_limit, ipmi_privlvl_vals)); 429c18ec02fSPetter Reinholdtsen 430c18ec02fSPetter Reinholdtsen curr_uid ++; 431c18ec02fSPetter Reinholdtsen 432c18ec02fSPetter Reinholdtsen } while (!userid && curr_uid <= max_uid); 433c18ec02fSPetter Reinholdtsen 434c18ec02fSPetter Reinholdtsen return 0; 435c18ec02fSPetter Reinholdtsen } 436c18ec02fSPetter Reinholdtsen 437c18ec02fSPetter Reinholdtsen static int 438c18ec02fSPetter Reinholdtsen ipmi_set_user_access(struct ipmi_intf * intf, int argc, char ** argv) 439c18ec02fSPetter Reinholdtsen { 440a87b2cccSZdenek Styblik uint8_t channel; 441a87b2cccSZdenek Styblik uint8_t privilege_limit; 442a87b2cccSZdenek Styblik uint8_t userid; 443c18ec02fSPetter Reinholdtsen struct ipmi_rs *rsp; 444c18ec02fSPetter Reinholdtsen struct ipmi_rq req; 445c18ec02fSPetter Reinholdtsen uint8_t rqdata[2]; 446c18ec02fSPetter Reinholdtsen struct get_user_access_rsp user_access; 447c18ec02fSPetter Reinholdtsen struct set_user_access_data set_access; 448c18ec02fSPetter Reinholdtsen int i; 449c18ec02fSPetter Reinholdtsen 450c18ec02fSPetter Reinholdtsen if ((argc < 3) || (strncmp(argv[0], "help", 4) == 0)) { 451c18ec02fSPetter Reinholdtsen printf_channel_usage(); 452c18ec02fSPetter Reinholdtsen return 0; 453c18ec02fSPetter Reinholdtsen } 454140add9dSZdenek Styblik if (is_ipmi_channel_num(argv[0], &channel) != 0 455140add9dSZdenek Styblik || is_ipmi_user_id(argv[1], &userid) != 0) { 456c18ec02fSPetter Reinholdtsen return (-1); 457c18ec02fSPetter Reinholdtsen } 458c18ec02fSPetter Reinholdtsen 459c18ec02fSPetter Reinholdtsen memset(&req, 0, sizeof(req)); 460c18ec02fSPetter Reinholdtsen req.msg.netfn = IPMI_NETFN_APP; 461c18ec02fSPetter Reinholdtsen req.msg.cmd = IPMI_GET_USER_ACCESS; 462c18ec02fSPetter Reinholdtsen req.msg.data = rqdata; 463c18ec02fSPetter Reinholdtsen req.msg.data_len = 2; 464c18ec02fSPetter Reinholdtsen 465c18ec02fSPetter Reinholdtsen rqdata[0] = channel & 0xf; 466c18ec02fSPetter Reinholdtsen rqdata[1] = userid & 0x3f; 467c18ec02fSPetter Reinholdtsen 468c18ec02fSPetter Reinholdtsen rsp = intf->sendrecv(intf, &req); 469c18ec02fSPetter Reinholdtsen if (rsp == NULL) { 470c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Unable to Get User Access (channel %d id %d)", 471c18ec02fSPetter Reinholdtsen rqdata[0], rqdata[1]); 472c18ec02fSPetter Reinholdtsen return -1; 473c18ec02fSPetter Reinholdtsen } 474c18ec02fSPetter Reinholdtsen if (rsp->ccode > 0) { 475c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Get User Access (channel %d id %d) failed: %s", 476c18ec02fSPetter Reinholdtsen rqdata[0], rqdata[1], 477c18ec02fSPetter Reinholdtsen val2str(rsp->ccode, completion_code_vals)); 478c18ec02fSPetter Reinholdtsen return -1; 479c18ec02fSPetter Reinholdtsen } 480c18ec02fSPetter Reinholdtsen 481c18ec02fSPetter Reinholdtsen memcpy(&user_access, rsp->data, sizeof(struct get_user_access_rsp)); 482c18ec02fSPetter Reinholdtsen 483c18ec02fSPetter Reinholdtsen memset(&set_access, 0, sizeof(set_access)); 484c18ec02fSPetter Reinholdtsen set_access.change_bits = 1; 485c18ec02fSPetter Reinholdtsen set_access.callin_callback = user_access.callin_callback; 486c18ec02fSPetter Reinholdtsen set_access.link_auth = user_access.link_auth; 487c18ec02fSPetter Reinholdtsen set_access.ipmi_messaging = user_access.ipmi_messaging; 488c18ec02fSPetter Reinholdtsen set_access.channel = channel; 489c18ec02fSPetter Reinholdtsen set_access.user_id = userid; 490c18ec02fSPetter Reinholdtsen set_access.privilege_limit = user_access.privilege_limit; 491c18ec02fSPetter Reinholdtsen set_access.session_limit = 0; 492c18ec02fSPetter Reinholdtsen 493a87b2cccSZdenek Styblik for (i = 2; i < argc; i ++) { 494c18ec02fSPetter Reinholdtsen if (strncmp(argv[i], "callin=", 7) == 0) { 495c18ec02fSPetter Reinholdtsen set_access.callin_callback = !(strncmp (argv[i]+7, "off", 3)); 496c18ec02fSPetter Reinholdtsen } 497c18ec02fSPetter Reinholdtsen else if (strncmp(argv[i], "link=", 5) == 0) { 498c18ec02fSPetter Reinholdtsen set_access.link_auth = strncmp (argv[i]+5, "off", 3); 499c18ec02fSPetter Reinholdtsen } 500c18ec02fSPetter Reinholdtsen else if (strncmp(argv[i], "ipmi=", 5) == 0) { 501c18ec02fSPetter Reinholdtsen set_access.ipmi_messaging = strncmp (argv[i]+5, "off", 3); 502c18ec02fSPetter Reinholdtsen } 503c18ec02fSPetter Reinholdtsen else if (strncmp(argv[i], "privilege=", 10) == 0) { 504c18ec02fSPetter Reinholdtsen if (str2uchar(argv[i]+10, &privilege_limit) != 0) { 505c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Numeric value expected, but '%s' given.", argv[i]+10); 506c18ec02fSPetter Reinholdtsen return (-1); 507c18ec02fSPetter Reinholdtsen } 508c18ec02fSPetter Reinholdtsen set_access.privilege_limit = privilege_limit; 509c18ec02fSPetter Reinholdtsen } 510c18ec02fSPetter Reinholdtsen else { 511c18ec02fSPetter Reinholdtsen printf ("Invalid option: %s\n", argv [i]); 512c18ec02fSPetter Reinholdtsen return -1; 513c18ec02fSPetter Reinholdtsen } 514c18ec02fSPetter Reinholdtsen } 515c18ec02fSPetter Reinholdtsen 516c18ec02fSPetter Reinholdtsen memset(&req, 0, sizeof(req)); 517c18ec02fSPetter Reinholdtsen req.msg.netfn = IPMI_NETFN_APP; 518c18ec02fSPetter Reinholdtsen req.msg.cmd = IPMI_SET_USER_ACCESS; 519c18ec02fSPetter Reinholdtsen req.msg.data = (uint8_t *) &set_access; 520c18ec02fSPetter Reinholdtsen req.msg.data_len = 4; 521c18ec02fSPetter Reinholdtsen 522c18ec02fSPetter Reinholdtsen rsp = intf->sendrecv(intf, &req); 523c18ec02fSPetter Reinholdtsen if (rsp == NULL) { 524c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Unable to Set User Access (channel %d id %d)", 525c18ec02fSPetter Reinholdtsen set_access.channel, set_access.user_id); 526c18ec02fSPetter Reinholdtsen return -1; 527c18ec02fSPetter Reinholdtsen } 528c18ec02fSPetter Reinholdtsen if (rsp->ccode > 0) { 529c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Set User Access (channel %d id %d) failed: %s", 530c18ec02fSPetter Reinholdtsen set_access.channel, set_access.user_id, 531c18ec02fSPetter Reinholdtsen val2str(rsp->ccode, completion_code_vals)); 532c18ec02fSPetter Reinholdtsen return -1; 533c18ec02fSPetter Reinholdtsen } 534c18ec02fSPetter Reinholdtsen 535c18ec02fSPetter Reinholdtsen return 0; 536c18ec02fSPetter Reinholdtsen } 537c18ec02fSPetter Reinholdtsen 538c18ec02fSPetter Reinholdtsen 539c18ec02fSPetter Reinholdtsen static const char * 540c18ec02fSPetter Reinholdtsen iana_string(uint32_t iana) 541c18ec02fSPetter Reinholdtsen { 542c18ec02fSPetter Reinholdtsen static char s[10]; 543c18ec02fSPetter Reinholdtsen 544a87b2cccSZdenek Styblik if (iana) { 545c18ec02fSPetter Reinholdtsen sprintf(s, "%06x", iana); 546c18ec02fSPetter Reinholdtsen return s; 547a87b2cccSZdenek Styblik } else { 548c18ec02fSPetter Reinholdtsen return "N/A"; 549c18ec02fSPetter Reinholdtsen } 550a87b2cccSZdenek Styblik } 551c18ec02fSPetter Reinholdtsen 552c18ec02fSPetter Reinholdtsen 553c18ec02fSPetter Reinholdtsen static int 554a87b2cccSZdenek Styblik ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type, 555c18ec02fSPetter Reinholdtsen uint8_t channel) 556c18ec02fSPetter Reinholdtsen { 557c18ec02fSPetter Reinholdtsen struct ipmi_rs *rsp; 558c18ec02fSPetter Reinholdtsen struct ipmi_rq req; 559c18ec02fSPetter Reinholdtsen 560c18ec02fSPetter Reinholdtsen uint8_t oem_record; 561c18ec02fSPetter Reinholdtsen uint8_t rqdata[3]; 562c18ec02fSPetter Reinholdtsen uint32_t iana; 563c18ec02fSPetter Reinholdtsen uint8_t auth_alg, integrity_alg, crypt_alg; 564c18ec02fSPetter Reinholdtsen uint8_t cipher_suite_id; 565c18ec02fSPetter Reinholdtsen uint8_t list_index = 0; 566a87b2cccSZdenek Styblik /* 0x40 sets * 16 bytes per set */ 567a87b2cccSZdenek Styblik uint8_t cipher_suite_data[1024]; 568c18ec02fSPetter Reinholdtsen uint16_t offset = 0; 569a87b2cccSZdenek Styblik /* how much was returned, total */ 570a87b2cccSZdenek Styblik uint16_t cipher_suite_data_length = 0; 571c18ec02fSPetter Reinholdtsen 572c18ec02fSPetter Reinholdtsen memset(cipher_suite_data, 0, sizeof(cipher_suite_data)); 573c18ec02fSPetter Reinholdtsen 574c18ec02fSPetter Reinholdtsen memset(&req, 0, sizeof(req)); 575a87b2cccSZdenek Styblik req.msg.netfn = IPMI_NETFN_APP; 576a87b2cccSZdenek Styblik req.msg.cmd = IPMI_GET_CHANNEL_CIPHER_SUITES; 577c18ec02fSPetter Reinholdtsen req.msg.data = rqdata; 578c18ec02fSPetter Reinholdtsen req.msg.data_len = 3; 579c18ec02fSPetter Reinholdtsen 580c18ec02fSPetter Reinholdtsen rqdata[0] = channel; 581c18ec02fSPetter Reinholdtsen rqdata[1] = ((strncmp(payload_type, "ipmi", 4) == 0)? 0: 1); 582a87b2cccSZdenek Styblik /* Always ask for cipher suite format */ 583a87b2cccSZdenek Styblik rqdata[2] = 0x80; 584c18ec02fSPetter Reinholdtsen 585c18ec02fSPetter Reinholdtsen rsp = intf->sendrecv(intf, &req); 586c18ec02fSPetter Reinholdtsen if (rsp == NULL) { 587c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites"); 588c18ec02fSPetter Reinholdtsen return -1; 589c18ec02fSPetter Reinholdtsen } 590c18ec02fSPetter Reinholdtsen if (rsp->ccode > 0) { 591c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s", 592c18ec02fSPetter Reinholdtsen val2str(rsp->ccode, completion_code_vals)); 593c18ec02fSPetter Reinholdtsen return -1; 594c18ec02fSPetter Reinholdtsen } 595c18ec02fSPetter Reinholdtsen 596c18ec02fSPetter Reinholdtsen 597a87b2cccSZdenek Styblik /* 598a87b2cccSZdenek Styblik * Grab the returned channel number once. We assume it's the same 599a87b2cccSZdenek Styblik * in future calls. 600a87b2cccSZdenek Styblik */ 601a87b2cccSZdenek Styblik if (rsp->data_len >= 1) { 602c18ec02fSPetter Reinholdtsen channel = rsp->data[0]; 603a87b2cccSZdenek Styblik } 604c18ec02fSPetter Reinholdtsen 605a87b2cccSZdenek Styblik while ((rsp->data_len > 1) && (rsp->data_len == 17) && (list_index < 0x3F)) { 606a87b2cccSZdenek Styblik /* 607a87b2cccSZdenek Styblik * We got back cipher suite data -- store it. 608a87b2cccSZdenek Styblik * printf("copying data to offset %d\n", offset); 609a87b2cccSZdenek Styblik * printbuf(rsp->data + 1, rsp->data_len - 1, "this is the data"); 610a87b2cccSZdenek Styblik */ 611c18ec02fSPetter Reinholdtsen memcpy(cipher_suite_data + offset, rsp->data + 1, rsp->data_len - 1); 612c18ec02fSPetter Reinholdtsen offset += rsp->data_len - 1; 613c18ec02fSPetter Reinholdtsen 614a87b2cccSZdenek Styblik /* 615a87b2cccSZdenek Styblik * Increment our list for the next call 616a87b2cccSZdenek Styblik */ 617c18ec02fSPetter Reinholdtsen ++list_index; 618c18ec02fSPetter Reinholdtsen rqdata[2] = (rqdata[2] & 0x80) + list_index; 619c18ec02fSPetter Reinholdtsen 620c18ec02fSPetter Reinholdtsen rsp = intf->sendrecv(intf, &req); 621c18ec02fSPetter Reinholdtsen if (rsp == NULL) { 622c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites"); 623c18ec02fSPetter Reinholdtsen return -1; 624c18ec02fSPetter Reinholdtsen } 625c18ec02fSPetter Reinholdtsen if (rsp->ccode > 0) { 626c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s", 627c18ec02fSPetter Reinholdtsen val2str(rsp->ccode, completion_code_vals)); 628c18ec02fSPetter Reinholdtsen return -1; 629c18ec02fSPetter Reinholdtsen } 630c18ec02fSPetter Reinholdtsen } 631c18ec02fSPetter Reinholdtsen 632c18ec02fSPetter Reinholdtsen /* Copy last chunk */ 633a87b2cccSZdenek Styblik if(rsp->data_len > 1) { 634a87b2cccSZdenek Styblik /* 635a87b2cccSZdenek Styblik * We got back cipher suite data -- store it. 636a87b2cccSZdenek Styblik * printf("copying data to offset %d\n", offset); 637a87b2cccSZdenek Styblik * printbuf(rsp->data + 1, rsp->data_len - 1, "this is the data"); 638a87b2cccSZdenek Styblik */ 639c18ec02fSPetter Reinholdtsen memcpy(cipher_suite_data + offset, rsp->data + 1, rsp->data_len - 1); 640c18ec02fSPetter Reinholdtsen offset += rsp->data_len - 1; 641c18ec02fSPetter Reinholdtsen } 642c18ec02fSPetter Reinholdtsen 643a87b2cccSZdenek Styblik /* We can chomp on all our data now. */ 644c18ec02fSPetter Reinholdtsen cipher_suite_data_length = offset; 645c18ec02fSPetter Reinholdtsen offset = 0; 646c18ec02fSPetter Reinholdtsen 647a87b2cccSZdenek Styblik if (! csv_output) { 648c18ec02fSPetter Reinholdtsen printf("ID IANA Auth Alg Integrity Alg Confidentiality Alg\n"); 649a87b2cccSZdenek Styblik } 650a87b2cccSZdenek Styblik while (offset < cipher_suite_data_length) { 651a87b2cccSZdenek Styblik if (cipher_suite_data[offset++] == 0xC0) { 652a87b2cccSZdenek Styblik /* standard type */ 653a87b2cccSZdenek Styblik oem_record = 0; 654c18ec02fSPetter Reinholdtsen iana = 0; 655c18ec02fSPetter Reinholdtsen 656a87b2cccSZdenek Styblik /* Verify that we have at least a full record left; id + 3 algs */ 657a87b2cccSZdenek Styblik if ((cipher_suite_data_length - offset) < 4) { 658a87b2cccSZdenek Styblik lprintf(LOG_ERR, "Incomplete data record in cipher suite data"); 659a87b2cccSZdenek Styblik return -1; 660a87b2cccSZdenek Styblik } 661a87b2cccSZdenek Styblik cipher_suite_id = cipher_suite_data[offset++]; 662a87b2cccSZdenek Styblik } else if (cipher_suite_data[offset++] == 0xC1) { 663a87b2cccSZdenek Styblik /* OEM record type */ 664a87b2cccSZdenek Styblik oem_record = 1; 665a87b2cccSZdenek Styblik 666a87b2cccSZdenek Styblik /* Verify that we have at least a full record left 667a87b2cccSZdenek Styblik * id + iana + 3 algs 668a87b2cccSZdenek Styblik */ 669a87b2cccSZdenek Styblik if ((cipher_suite_data_length - offset) < 4) { 670c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Incomplete data record in cipher suite data"); 671c18ec02fSPetter Reinholdtsen return -1; 672c18ec02fSPetter Reinholdtsen } 673c18ec02fSPetter Reinholdtsen 674c18ec02fSPetter Reinholdtsen cipher_suite_id = cipher_suite_data[offset++]; 675c18ec02fSPetter Reinholdtsen 676a87b2cccSZdenek Styblik /* Grab the IANA */ 677c18ec02fSPetter Reinholdtsen iana = 678c18ec02fSPetter Reinholdtsen cipher_suite_data[offset] | 679c18ec02fSPetter Reinholdtsen (cipher_suite_data[offset + 1] << 8) | 680c18ec02fSPetter Reinholdtsen (cipher_suite_data[offset + 2] << 16); 681c18ec02fSPetter Reinholdtsen offset += 3; 682a87b2cccSZdenek Styblik } else { 683c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Bad start of record byte in cipher suite data"); 684c18ec02fSPetter Reinholdtsen return -1; 685c18ec02fSPetter Reinholdtsen } 686c18ec02fSPetter Reinholdtsen 687a87b2cccSZdenek Styblik /* 688a87b2cccSZdenek Styblik * Grab the algorithms for this cipher suite. I guess we can't be 689a87b2cccSZdenek Styblik * sure of what order they'll come in. Also, I suppose we default 690a87b2cccSZdenek Styblik * to the NONE algorithm if one were absent. This part of the spec is 691a87b2cccSZdenek Styblik * poorly written -- I have read the errata document. For now, I'm only 692a87b2cccSZdenek Styblik * allowing one algorithm per type (auth, integrity, crypt) because I 693a87b2cccSZdenek Styblik * don't I understand how it could be otherwise. 694a87b2cccSZdenek Styblik */ 695c18ec02fSPetter Reinholdtsen auth_alg = IPMI_AUTH_RAKP_NONE; 696c18ec02fSPetter Reinholdtsen integrity_alg = IPMI_INTEGRITY_NONE; 697c18ec02fSPetter Reinholdtsen crypt_alg = IPMI_CRYPT_NONE; 698c18ec02fSPetter Reinholdtsen 699c18ec02fSPetter Reinholdtsen while (((cipher_suite_data[offset] & 0xC0) != 0xC0) && 700c18ec02fSPetter Reinholdtsen ((cipher_suite_data_length - offset) > 0)) 701c18ec02fSPetter Reinholdtsen { 702c18ec02fSPetter Reinholdtsen switch (cipher_suite_data[offset] & 0xC0) 703c18ec02fSPetter Reinholdtsen { 704c18ec02fSPetter Reinholdtsen case 0x00: 705a87b2cccSZdenek Styblik /* Authentication algorithm specifier */ 706c18ec02fSPetter Reinholdtsen auth_alg = cipher_suite_data[offset++] & 0x3F; 707c18ec02fSPetter Reinholdtsen break; 708c18ec02fSPetter Reinholdtsen case 0x40: 709a87b2cccSZdenek Styblik /* Interity algorithm specifier */ 710c18ec02fSPetter Reinholdtsen integrity_alg = cipher_suite_data[offset++] & 0x3F; 711c18ec02fSPetter Reinholdtsen break; 712c18ec02fSPetter Reinholdtsen case 0x80: 713a87b2cccSZdenek Styblik /* Confidentiality algorithm specifier */ 714c18ec02fSPetter Reinholdtsen crypt_alg = cipher_suite_data[offset++] & 0x3F; 715c18ec02fSPetter Reinholdtsen break; 716c18ec02fSPetter Reinholdtsen } 717c18ec02fSPetter Reinholdtsen } 718a87b2cccSZdenek Styblik /* We have everything we need to spit out a cipher suite record */ 719c18ec02fSPetter Reinholdtsen printf((csv_output? "%d,%s,%s,%s,%s\n" : 720c18ec02fSPetter Reinholdtsen "%-4d %-7s %-15s %-15s %-15s\n"), 721c18ec02fSPetter Reinholdtsen cipher_suite_id, 722c18ec02fSPetter Reinholdtsen iana_string(iana), 723c18ec02fSPetter Reinholdtsen val2str(auth_alg, ipmi_auth_algorithms), 724c18ec02fSPetter Reinholdtsen val2str(integrity_alg, ipmi_integrity_algorithms), 725c18ec02fSPetter Reinholdtsen val2str(crypt_alg, ipmi_encryption_algorithms)); 726c18ec02fSPetter Reinholdtsen } 727c18ec02fSPetter Reinholdtsen return 0; 728c18ec02fSPetter Reinholdtsen } 729c18ec02fSPetter Reinholdtsen 730c18ec02fSPetter Reinholdtsen 731c18ec02fSPetter Reinholdtsen 732c18ec02fSPetter Reinholdtsen uint8_t 733c18ec02fSPetter Reinholdtsen ipmi_get_channel_medium(struct ipmi_intf *intf, uint8_t channel) 734c18ec02fSPetter Reinholdtsen { 735c18ec02fSPetter Reinholdtsen struct ipmi_rs *rsp; 736c18ec02fSPetter Reinholdtsen struct ipmi_rq req; 737c18ec02fSPetter Reinholdtsen struct get_channel_info_rsp info; 738c18ec02fSPetter Reinholdtsen 739c18ec02fSPetter Reinholdtsen memset(&req, 0, sizeof(req)); 740c18ec02fSPetter Reinholdtsen req.msg.netfn = IPMI_NETFN_APP; 741c18ec02fSPetter Reinholdtsen req.msg.cmd = IPMI_GET_CHANNEL_INFO; 742c18ec02fSPetter Reinholdtsen req.msg.data = &channel; 743c18ec02fSPetter Reinholdtsen req.msg.data_len = 1; 744c18ec02fSPetter Reinholdtsen 745c18ec02fSPetter Reinholdtsen rsp = intf->sendrecv(intf, &req); 746c18ec02fSPetter Reinholdtsen if (rsp == NULL) { 747c18ec02fSPetter Reinholdtsen lprintf(LOG_ERR, "Get Channel Info command failed"); 748c18ec02fSPetter Reinholdtsen return 0; 749c18ec02fSPetter Reinholdtsen } 750c18ec02fSPetter Reinholdtsen if (rsp->ccode > 0) { 751a87b2cccSZdenek Styblik if (rsp->ccode == 0xcc) { 752c18ec02fSPetter Reinholdtsen return IPMI_CHANNEL_MEDIUM_RESERVED; 753a87b2cccSZdenek Styblik } 754c18ec02fSPetter Reinholdtsen lprintf(LOG_INFO, "Get Channel Info command failed: %s", 755c18ec02fSPetter Reinholdtsen val2str(rsp->ccode, completion_code_vals)); 756c18ec02fSPetter Reinholdtsen return IPMI_CHANNEL_MEDIUM_RESERVED; 757c18ec02fSPetter Reinholdtsen } 758c18ec02fSPetter Reinholdtsen 759c18ec02fSPetter Reinholdtsen memcpy(&info, rsp->data, sizeof(struct get_channel_info_rsp)); 760c18ec02fSPetter Reinholdtsen 761c18ec02fSPetter Reinholdtsen lprintf(LOG_DEBUG, "Channel type: %s", 762c18ec02fSPetter Reinholdtsen val2str(info.channel_medium, ipmi_channel_medium_vals)); 763c18ec02fSPetter Reinholdtsen 764c18ec02fSPetter Reinholdtsen return info.channel_medium; 765c18ec02fSPetter Reinholdtsen } 766c18ec02fSPetter Reinholdtsen 767c18ec02fSPetter Reinholdtsen uint8_t 768c18ec02fSPetter Reinholdtsen ipmi_current_channel_medium(struct ipmi_intf *intf) 769c18ec02fSPetter Reinholdtsen { 770c18ec02fSPetter Reinholdtsen return ipmi_get_channel_medium(intf, 0xE); 771c18ec02fSPetter Reinholdtsen } 772c18ec02fSPetter Reinholdtsen 773c18ec02fSPetter Reinholdtsen void 774c18ec02fSPetter Reinholdtsen printf_channel_usage() 775c18ec02fSPetter Reinholdtsen { 776a87b2cccSZdenek Styblik lprintf(LOG_NOTICE, 777a87b2cccSZdenek Styblik "Channel Commands: authcap <channel number> <max privilege>"); 778a87b2cccSZdenek Styblik lprintf(LOG_NOTICE, 779a87b2cccSZdenek Styblik " getaccess <channel number> [user id]"); 780a87b2cccSZdenek Styblik lprintf(LOG_NOTICE, 781a87b2cccSZdenek Styblik " setaccess <channel number> " 782c18ec02fSPetter Reinholdtsen "<user id> [callin=on|off] [ipmi=on|off] [link=on|off] [privilege=level]"); 783a87b2cccSZdenek Styblik lprintf(LOG_NOTICE, 784a87b2cccSZdenek Styblik " info [channel number]"); 785a87b2cccSZdenek Styblik lprintf(LOG_NOTICE, 786a87b2cccSZdenek Styblik " getciphers <ipmi | sol> [channel]"); 787a87b2cccSZdenek Styblik lprintf(LOG_NOTICE, 788a87b2cccSZdenek Styblik ""); 789a87b2cccSZdenek Styblik lprintf(LOG_NOTICE, 790a87b2cccSZdenek Styblik "Possible privilege levels are:"); 791a87b2cccSZdenek Styblik lprintf(LOG_NOTICE, 792a87b2cccSZdenek Styblik " 1 Callback level"); 793a87b2cccSZdenek Styblik lprintf(LOG_NOTICE, 794a87b2cccSZdenek Styblik " 2 User level"); 795a87b2cccSZdenek Styblik lprintf(LOG_NOTICE, 796a87b2cccSZdenek Styblik " 3 Operator level"); 797a87b2cccSZdenek Styblik lprintf(LOG_NOTICE, 798a87b2cccSZdenek Styblik " 4 Administrator level"); 799a87b2cccSZdenek Styblik lprintf(LOG_NOTICE, 800a87b2cccSZdenek Styblik " 5 OEM Proprietary level"); 801a87b2cccSZdenek Styblik lprintf(LOG_NOTICE, 802a87b2cccSZdenek Styblik " 15 No access"); 803c18ec02fSPetter Reinholdtsen } 804c18ec02fSPetter Reinholdtsen 805c18ec02fSPetter Reinholdtsen 806c18ec02fSPetter Reinholdtsen int 807c18ec02fSPetter Reinholdtsen ipmi_channel_main(struct ipmi_intf *intf, int argc, char **argv) 808c18ec02fSPetter Reinholdtsen { 809c18ec02fSPetter Reinholdtsen int retval = 0; 810a87b2cccSZdenek Styblik uint8_t channel; 811a87b2cccSZdenek Styblik uint8_t priv = 0; 8120562c809SZdenek Styblik if (argc < 1) { 8130562c809SZdenek Styblik lprintf(LOG_ERR, "Not enough parameters given."); 814c18ec02fSPetter Reinholdtsen printf_channel_usage(); 8150562c809SZdenek Styblik return (-1); 8160562c809SZdenek Styblik } else if (strncmp(argv[0], "help", 4) == 0) { 8170562c809SZdenek Styblik printf_channel_usage(); 8180562c809SZdenek Styblik return 0; 819a87b2cccSZdenek Styblik } else if (strncmp(argv[0], "authcap", 7) == 0) { 820c18ec02fSPetter Reinholdtsen if (argc != 3) { 821c18ec02fSPetter Reinholdtsen printf_channel_usage(); 822c18ec02fSPetter Reinholdtsen return (-1); 8230562c809SZdenek Styblik } 824140add9dSZdenek Styblik if (is_ipmi_channel_num(argv[1], &channel) != 0 825140add9dSZdenek Styblik || is_ipmi_user_priv_limit(argv[2], &priv) != 0) { 826c18ec02fSPetter Reinholdtsen return (-1); 827c18ec02fSPetter Reinholdtsen } 828c18ec02fSPetter Reinholdtsen retval = ipmi_get_channel_auth_cap(intf, channel, priv); 829a87b2cccSZdenek Styblik } else if (strncmp(argv[0], "getaccess", 10) == 0) { 830140add9dSZdenek Styblik uint8_t user_id = 0; 8310562c809SZdenek Styblik if ((argc < 2) || (argc > 3)) { 8320562c809SZdenek Styblik printf_channel_usage(); 8330562c809SZdenek Styblik return (-1); 8340562c809SZdenek Styblik } 835140add9dSZdenek Styblik if (is_ipmi_channel_num(argv[1], &channel) != 0) { 836c18ec02fSPetter Reinholdtsen return (-1); 837c18ec02fSPetter Reinholdtsen } 838c18ec02fSPetter Reinholdtsen if (argc == 3) { 839140add9dSZdenek Styblik if (is_ipmi_user_id(argv[2], &user_id) != 0) { 840c18ec02fSPetter Reinholdtsen return (-1); 841c18ec02fSPetter Reinholdtsen } 842c18ec02fSPetter Reinholdtsen } 843140add9dSZdenek Styblik retval = ipmi_get_user_access(intf, channel, user_id); 844a87b2cccSZdenek Styblik } else if (strncmp(argv[0], "setaccess", 9) == 0) { 845c18ec02fSPetter Reinholdtsen retval = ipmi_set_user_access(intf, argc-1, &(argv[1])); 846a87b2cccSZdenek Styblik } else if (strncmp(argv[0], "info", 4) == 0) { 847140add9dSZdenek Styblik channel = 0xE; 848a87b2cccSZdenek Styblik if (argc > 2) { 849c18ec02fSPetter Reinholdtsen printf_channel_usage(); 8500562c809SZdenek Styblik return (-1); 8510562c809SZdenek Styblik } 852c18ec02fSPetter Reinholdtsen if (argc == 2) { 853140add9dSZdenek Styblik if (is_ipmi_channel_num(argv[1], &channel) != 0) { 854c18ec02fSPetter Reinholdtsen return (-1); 855c18ec02fSPetter Reinholdtsen } 856c18ec02fSPetter Reinholdtsen } 857140add9dSZdenek Styblik retval = ipmi_get_channel_info(intf, channel); 858a87b2cccSZdenek Styblik } else if (strncmp(argv[0], "getciphers", 10) == 0) { 8590562c809SZdenek Styblik /* channel getciphers <ipmi|sol> [channel] */ 860140add9dSZdenek Styblik channel = 0xE; 861c18ec02fSPetter Reinholdtsen if ((argc < 2) || (argc > 3) || 862a87b2cccSZdenek Styblik (strncmp(argv[1], "ipmi", 4) && strncmp(argv[1], "sol", 3))) { 863c18ec02fSPetter Reinholdtsen printf_channel_usage(); 8640562c809SZdenek Styblik return (-1); 8650562c809SZdenek Styblik } 866c18ec02fSPetter Reinholdtsen if (argc == 3) { 867140add9dSZdenek Styblik if (is_ipmi_channel_num(argv[1], &channel) != 0) { 868c18ec02fSPetter Reinholdtsen return (-1); 869c18ec02fSPetter Reinholdtsen } 870c18ec02fSPetter Reinholdtsen } 871c18ec02fSPetter Reinholdtsen retval = ipmi_get_channel_cipher_suites(intf, 8720562c809SZdenek Styblik argv[1], /* ipmi | sol */ 873140add9dSZdenek Styblik channel); 874a87b2cccSZdenek Styblik } else { 875c18ec02fSPetter Reinholdtsen printf("Invalid CHANNEL command: %s\n", argv[0]); 876c18ec02fSPetter Reinholdtsen printf_channel_usage(); 877c18ec02fSPetter Reinholdtsen retval = -1; 878c18ec02fSPetter Reinholdtsen } 879c18ec02fSPetter Reinholdtsen return retval; 880c18ec02fSPetter Reinholdtsen } 881