xref: /openbmc/ipmitool/lib/ipmi_user.c (revision 33f9336e)
1 /*
2  * Copyright (c) 2003 Sun Microsystems, Inc.  All Rights Reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  *
8  * Redistribution of source code must retain the above copyright
9  * notice, this list of conditions and the following disclaimer.
10  *
11  * Redistribution in binary form must reproduce the above copyright
12  * notice, this list of conditions and the following disclaimer in the
13  * documentation and/or other materials provided with the distribution.
14  *
15  * Neither the name of Sun Microsystems, Inc. or the names of
16  * contributors may be used to endorse or promote products derived
17  * from this software without specific prior written permission.
18  *
19  * This software is provided "AS IS," without a warranty of any kind.
20  * ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES,
21  * INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A
22  * PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED.
23  * SUN MICROSYSTEMS, INC. ("SUN") AND ITS LICENSORS SHALL NOT BE LIABLE
24  * FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING
25  * OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES.  IN NO EVENT WILL
26  * SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA,
27  * OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR
28  * PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF
29  * LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
30  * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
31  */
32 
33 #include <stdlib.h>
34 #include <string.h>
35 #include <stdio.h>
36 #include <sys/types.h>
37 #include <sys/select.h>
38 #include <sys/time.h>
39 #include <signal.h>
40 #include <unistd.h>
41 
42 #include <ipmitool/helper.h>
43 #include <ipmitool/log.h>
44 #include <ipmitool/ipmi.h>
45 #include <ipmitool/ipmi_intf.h>
46 #include <ipmitool/ipmi_user.h>
47 #include <ipmitool/ipmi_constants.h>
48 #include <ipmitool/ipmi_strings.h>
49 #include <ipmitool/bswap.h>
50 
51 
52 extern int verbose;
53 extern int csv_output;
54 
55 
56 #define IPMI_PASSWORD_DISABLE_USER  0x00
57 #define IPMI_PASSWORD_ENABLE_USER   0x01
58 #define IPMI_PASSWORD_SET_PASSWORD  0x02
59 #define IPMI_PASSWORD_TEST_PASSWORD 0x03
60 
61 /* _ipmi_get_user_access - Get User Access for given channel. Results are stored
62  * into passed struct.
63  *
64  * @intf - IPMI interface
65  * @user_access_rsp - ptr to user_access_t with UID and Channel set
66  *
67  * returns - negative number means error, positive is a ccode
68  */
69 int
70 _ipmi_get_user_access(struct ipmi_intf *intf,
71 		struct user_access_t *user_access_rsp)
72 {
73 	struct ipmi_rq req = {0};
74 	struct ipmi_rs *rsp;
75 	uint8_t data[2];
76 	if (user_access_rsp == NULL) {
77 		return (-3);
78 	}
79 	data[0] = user_access_rsp->channel & 0x0F;
80 	data[1] = user_access_rsp->user_id & 0x3F;
81 	req.msg.netfn = IPMI_NETFN_APP;
82 	req.msg.cmd = IPMI_GET_USER_ACCESS;
83 	req.msg.data = data;
84 	req.msg.data_len = 2;
85 	rsp = intf->sendrecv(intf, &req);
86 	if (rsp == NULL) {
87 		return (-1);
88 	} else if (rsp->ccode != 0) {
89 		return rsp->ccode;
90 	} else if (rsp->data_len != 4) {
91 		return (-2);
92 	}
93 	user_access_rsp->max_user_ids = rsp->data[0] & 0x3F;
94 	user_access_rsp->enable_status = rsp->data[1] & 0xC0;
95 	user_access_rsp->enabled_user_ids = rsp->data[1] & 0x3F;
96 	user_access_rsp->fixed_user_ids = rsp->data[2] & 0x3F;
97 	user_access_rsp->callin_callback = rsp->data[3] & 0x40;
98 	user_access_rsp->link_auth = rsp->data[3] & 0x20;
99 	user_access_rsp->ipmi_messaging = rsp->data[3] & 0x10;
100 	user_access_rsp->privilege_limit = rsp->data[3] & 0x0F;
101 	return rsp->ccode;
102 }
103 
104 /* _ipmi_get_user_name - Fetch User Name for given User ID. User Name is stored
105  * into passed structure.
106  *
107  * @intf - ipmi interface
108  * @user_name - user_name_t struct with UID set
109  *
110  * returns - negative number means error, positive is a ccode
111  */
112 int
113 _ipmi_get_user_name(struct ipmi_intf *intf, struct user_name_t *user_name_ptr)
114 {
115 	struct ipmi_rq req = {0};
116 	struct ipmi_rs *rsp;
117 	uint8_t data[1];
118 	if (user_name_ptr == NULL) {
119 		return (-3);
120 	}
121 	data[0] = user_name_ptr->user_id & 0x3F;
122 	req.msg.netfn = IPMI_NETFN_APP;
123 	req.msg.cmd = IPMI_GET_USER_NAME;
124 	req.msg.data = data;
125 	req.msg.data_len = 1;
126 	rsp = intf->sendrecv(intf, &req);
127 	if (rsp == NULL) {
128 		return (-1);
129 	} else if (rsp->ccode > 0) {
130 		return rsp->ccode;
131 	} else if (rsp->data_len != 17) {
132 		return (-2);
133 	}
134 	memset(user_name_ptr->user_name, '\0', 17);
135 	memcpy(user_name_ptr->user_name, rsp->data, 16);
136 	return rsp->ccode;
137 }
138 
139 /* _ipmi_set_user_access - Set User Access for given channel.
140  *
141  * @intf - IPMI interface
142  * @user_access_req - ptr to user_access_t with desired User Access.
143  * @change_priv_limit_only - change User's privilege limit only
144  *
145  * returns - negative number means error, positive is a ccode
146  */
147 int
148 _ipmi_set_user_access(struct ipmi_intf *intf,
149 		struct user_access_t *user_access_req,
150 		uint8_t change_priv_limit_only)
151 {
152 	uint8_t data[4];
153 	struct ipmi_rq req = {0};
154 	struct ipmi_rs *rsp;
155 	if (user_access_req == NULL) {
156 		return (-3);
157 	}
158 	data[0] = change_priv_limit_only ? 0x00 : 0x80;
159 	if (user_access_req->callin_callback) {
160 		data[0] |= 0x40;
161 	}
162 	if (user_access_req->link_auth) {
163 		data[0] |= 0x20;
164 	}
165 	if (user_access_req->ipmi_messaging) {
166 		data[0] |= 0x10;
167 	}
168 	data[0] |= (user_access_req->channel & 0x0F);
169 	data[1] = user_access_req->user_id & 0x3F;
170 	data[2] = user_access_req->privilege_limit & 0x0F;
171 	data[3] = user_access_req->session_limit & 0x0F;
172 	req.msg.netfn = IPMI_NETFN_APP;
173 	req.msg.cmd = IPMI_SET_USER_ACCESS;
174 	req.msg.data = data;
175 	req.msg.data_len = 4;
176 	rsp = intf->sendrecv(intf, &req);
177 	if (rsp == NULL) {
178 		return (-1);
179 	} else {
180 		return rsp->ccode;
181 	}
182 }
183 
184 static void
185 dump_user_access(const char *user_name,
186 		struct user_access_t *user_access)
187 {
188 	static int printed_header = 0;
189 	if (!printed_header) {
190 		printf("ID  Name	     Callin  Link Auth	IPMI Msg   "
191 				"Channel Priv Limit\n");
192 		printed_header = 1;
193 	}
194 	printf("%-4d%-17s%-8s%-11s%-11s%-s\n",
195 			user_access->user_id,
196 			user_name,
197 			user_access->callin_callback? "false": "true ",
198 			user_access->link_auth? "true ": "false",
199 			user_access->ipmi_messaging? "true ": "false",
200 			val2str(user_access->privilege_limit,
201 				ipmi_privlvl_vals));
202 }
203 
204 
205 
206 static void
207 dump_user_access_csv(const char *user_name,
208 		struct user_access_t *user_access)
209 {
210 	printf("%d,%s,%s,%s,%s,%s\n",
211 			user_access->user_id,
212 			user_name,
213 			user_access->callin_callback? "false": "true",
214 			user_access->link_auth? "true": "false",
215 			user_access->ipmi_messaging? "true": "false",
216 			val2str(user_access->privilege_limit,
217 				ipmi_privlvl_vals));
218 }
219 
220 /* ipmi_print_user_list - List IPMI Users and their ACLs for given channel.
221  *
222  * @intf - IPMI interface
223  * @channel_number - IPMI channel
224  *
225  * returns - 0 on success, (-1) on error
226  */
227 static int
228 ipmi_print_user_list(struct ipmi_intf *intf, uint8_t channel_number)
229 {
230 	struct user_access_t user_access = {0};
231 	struct user_name_t user_name = {0};
232 	int ccode = 0;
233 	uint8_t current_user_id = 1;
234 	do {
235 		memset(&user_access, 0, sizeof(user_access));
236 		user_access.user_id = current_user_id;
237 		user_access.channel = channel_number;
238 		ccode = _ipmi_get_user_access(intf, &user_access);
239 		if (eval_ccode(ccode) != 0) {
240 			return (-1);
241 		}
242 		memset(&user_name, 0, sizeof(user_name));
243 		user_name.user_id = current_user_id;
244 		ccode = _ipmi_get_user_name(intf, &user_name);
245 		if (eval_ccode(ccode) != 0) {
246 			return (-1);
247 		}
248 		if ((current_user_id == 0)
249 				|| user_access.link_auth
250 				|| user_access.ipmi_messaging
251 				|| strcmp("", (char *)user_name.user_name)) {
252 			if (csv_output) {
253 				dump_user_access_csv((char *)user_name.user_name,
254 						&user_access);
255 			} else {
256 				dump_user_access((char *)user_name.user_name,
257 						&user_access);
258 			}
259 		}
260 		++current_user_id;
261 	} while ((current_user_id <= user_access.max_user_ids)
262 			&& (current_user_id <= IPMI_UID_MAX));
263 	return 0;
264 }
265 
266 /* ipmi_print_user_summary - print User statistics for given channel
267  *
268  * @intf - IPMI interface
269  * @channel_number - channel number
270  *
271  * returns - 0 on success, (-1) on error
272  */
273 static int
274 ipmi_print_user_summary(struct ipmi_intf *intf, uint8_t channel_number)
275 {
276 	struct user_access_t user_access = {0};
277 	int ccode = 0;
278 	user_access.channel = channel_number;
279 	user_access.user_id = 1;
280 	ccode = _ipmi_get_user_access(intf, &user_access);
281 	if (eval_ccode(ccode) != 0) {
282 		return (-1);
283 	}
284 	if (csv_output) {
285 		printf("%" PRIu8 ",%" PRIu8 ",%" PRIu8 "\n",
286 				user_access.max_user_ids,
287 				user_access.enabled_user_ids,
288 				user_access.fixed_user_ids);
289 	} else {
290 		printf("Maximum IDs	    : %" PRIu8 "\n",
291 				user_access.max_user_ids);
292 		printf("Enabled User Count  : %" PRIu8 "\n",
293 				user_access.enabled_user_ids);
294 		printf("Fixed Name Count    : %" PRIu8 "\n",
295 				user_access.fixed_user_ids);
296 	}
297 	return 0;
298 }
299 
300 /*
301  * ipmi_user_set_username
302  */
303 static int
304 ipmi_user_set_username(
305 		       struct ipmi_intf *intf,
306 		       uint8_t user_id,
307 		       const char *name)
308 {
309 	struct ipmi_rs	     * rsp;
310 	struct ipmi_rq	       req;
311 	uint8_t	       msg_data[17];
312 
313 	/*
314 	 * Ensure there is space for the name in the request message buffer
315 	 */
316 	if (strlen(name) >= sizeof(msg_data)) {
317 		return -1;
318 	}
319 
320 	memset(&req, 0, sizeof(req));
321 	req.msg.netfn    = IPMI_NETFN_APP;	     /* 0x06 */
322 	req.msg.cmd	     = IPMI_SET_USER_NAME;   /* 0x45 */
323 	req.msg.data     = msg_data;
324 	req.msg.data_len = sizeof(msg_data);
325 	memset(msg_data, 0, sizeof(msg_data));
326 
327 	/* The channel number will remain constant throughout this function */
328 	msg_data[0] = user_id;
329 	strncpy((char *)(msg_data + 1), name, strlen(name));
330 
331 	rsp = intf->sendrecv(intf, &req);
332 
333 	if (rsp == NULL) {
334 		lprintf(LOG_ERR, "Set User Name command failed (user %d, name %s)",
335 			user_id, name);
336 		return -1;
337 	}
338 	if (rsp->ccode > 0) {
339 		lprintf(LOG_ERR, "Set User Name command failed (user %d, name %s): %s",
340 			user_id, name, val2str(rsp->ccode, completion_code_vals));
341 		return -1;
342 	}
343 
344 	return 0;
345 }
346 
347 /*
348  * ipmi_user_set_password
349  *
350  * This function is responsible for 4 things
351  * Enabling/Disabling users
352  * Setting/Testing passwords
353  */
354 static int
355 ipmi_user_set_password(
356 		       struct ipmi_intf * intf,
357 		       uint8_t user_id,
358 		       uint8_t operation,
359 		       const char *password,
360 		       int is_twenty_byte_password)
361 {
362 	struct ipmi_rs	     * rsp;
363 	struct ipmi_rq	       req;
364 	uint8_t	               msg_data[22];
365 
366 	int password_length = (is_twenty_byte_password? 20 : 16);
367 
368 	memset(&req, 0, sizeof(req));
369 	req.msg.netfn    = IPMI_NETFN_APP;	    /* 0x06 */
370 	req.msg.cmd	 = IPMI_SET_USER_PASSWORD;  /* 0x47 */
371 	req.msg.data     = msg_data;
372 	req.msg.data_len = password_length + 2;
373 
374 
375 	/* The channel number will remain constant throughout this function */
376 	msg_data[0] = user_id;
377 
378 	if (is_twenty_byte_password)
379 		msg_data[0] |= 0x80;
380 
381 	msg_data[1] = operation;
382 
383 	memset(msg_data + 2, 0, password_length);
384 
385 	if (password != NULL)
386 		strncpy((char *)(msg_data + 2), password, password_length);
387 
388 	rsp = intf->sendrecv(intf, &req);
389 
390 	if (rsp == NULL) {
391 		lprintf(LOG_ERR, "Set User Password command failed (user %d)",
392 			user_id);
393 		return -1;
394 	}
395 	if (rsp->ccode > 0) {
396 		lprintf(LOG_ERR, "Set User Password command failed (user %d): %s",
397 			user_id, val2str(rsp->ccode, completion_code_vals));
398 		return rsp->ccode;
399 	}
400 
401 	return 0;
402 }
403 
404 /*
405  * ipmi_user_test_password
406  *
407  * Call ipmi_user_set_password, and interpret the result
408  */
409 static int
410 ipmi_user_test_password(
411 			struct ipmi_intf * intf,
412 			uint8_t      user_id,
413 			const char       * password,
414 			int                is_twenty_byte_password)
415 {
416 	int ret;
417 
418 	ret = ipmi_user_set_password(intf,
419 				     user_id,
420 				     IPMI_PASSWORD_TEST_PASSWORD,
421 				     password,
422 				     is_twenty_byte_password);
423 
424 	switch (ret) {
425 	case 0:
426 		printf("Success\n");
427 		break;
428 	case 0x80:
429 		printf("Failure: password incorrect\n");
430 		break;
431 	case 0x81:
432 		printf("Failure: wrong password size\n");
433 		break;
434 	default:
435 		printf("Unknown error\n");
436 	}
437 
438 	return ((ret == 0) ? 0 : -1);
439 }
440 
441 
442 /*
443  * print_user_usage
444  */
445 static void
446 print_user_usage(void)
447 {
448 	lprintf(LOG_NOTICE,
449 "User Commands:");
450 	lprintf(LOG_NOTICE,
451 "               summary      [<channel number>]");
452 	lprintf(LOG_NOTICE,
453 "               list         [<channel number>]");
454 	lprintf(LOG_NOTICE,
455 "               set name     <user id> <username>");
456 	lprintf(LOG_NOTICE,
457 "               set password <user id> [<password> <16|20>]");
458 	lprintf(LOG_NOTICE,
459 "               disable      <user id>");
460 	lprintf(LOG_NOTICE,
461 "               enable       <user id>");
462 	lprintf(LOG_NOTICE,
463 "               priv         <user id> <privilege level> [<channel number>]");
464 	lprintf(LOG_NOTICE,
465 "                     Privilege levels:");
466 	lprintf(LOG_NOTICE,
467 "                      * 0x1 - Callback");
468 	lprintf(LOG_NOTICE,
469 "                      * 0x2 - User");
470 	lprintf(LOG_NOTICE,
471 "                      * 0x3 - Operator");
472 	lprintf(LOG_NOTICE,
473 "                      * 0x4 - Administrator");
474 	lprintf(LOG_NOTICE,
475 "                      * 0x5 - OEM Proprietary");
476 	lprintf(LOG_NOTICE,
477 "                      * 0xF - No Access");
478 	lprintf(LOG_NOTICE, "");
479 	lprintf(LOG_NOTICE,
480 "               test         <user id> <16|20> [<password]>");
481 	lprintf(LOG_NOTICE, "");
482 }
483 
484 
485 const char *
486 ipmi_user_build_password_prompt(uint8_t user_id)
487 {
488 	static char prompt[128];
489 	memset(prompt, 0, 128);
490 	snprintf(prompt, 128, "Password for user %d: ", user_id);
491 	return prompt;
492 }
493 
494 /* ask_password - ask user for password
495  *
496  * @user_id: User ID which will be built-in into text
497  *
498  * @returns pointer to char with password
499  */
500 char *
501 ask_password(uint8_t user_id)
502 {
503 	const char *password_prompt =
504 		ipmi_user_build_password_prompt(user_id);
505 # ifdef HAVE_GETPASSPHRASE
506 	return getpassphrase(password_prompt);
507 # else
508 	return (char*)getpass(password_prompt);
509 # endif
510 }
511 
512 int
513 ipmi_user_summary(struct ipmi_intf *intf, int argc, char **argv)
514 {
515 	/* Summary*/
516 	uint8_t channel;
517 	if (argc == 1) {
518 		channel = 0x0E; /* Ask about the current channel */
519 	} else if (argc == 2) {
520 		if (is_ipmi_channel_num(argv[1], &channel) != 0) {
521 			return (-1);
522 		}
523 	} else {
524 		print_user_usage();
525 		return (-1);
526 	}
527 	return ipmi_print_user_summary(intf, channel);
528 }
529 
530 int
531 ipmi_user_list(struct ipmi_intf *intf, int argc, char **argv)
532 {
533 	/* List */
534 	uint8_t channel;
535 	if (argc == 1) {
536 		channel = 0x0E; /* Ask about the current channel */
537 	} else if (argc == 2) {
538 		if (is_ipmi_channel_num(argv[1], &channel) != 0) {
539 			return (-1);
540 		}
541 	} else {
542 		print_user_usage();
543 		return (-1);
544 	}
545 	return ipmi_print_user_list(intf, channel);
546 }
547 
548 int
549 ipmi_user_test(struct ipmi_intf *intf, int argc, char **argv)
550 {
551 	/* Test */
552 	char *password = NULL;
553 	int password_length = 0;
554 	uint8_t user_id = 0;
555 	/* a little irritating, isn't it */
556 	if (argc != 3 && argc != 4) {
557 		print_user_usage();
558 		return (-1);
559 	}
560 	if (is_ipmi_user_id(argv[1], &user_id)) {
561 		return (-1);
562 	}
563 	if (str2int(argv[2], &password_length) != 0
564 			|| (password_length != 16 && password_length != 20)) {
565 		lprintf(LOG_ERR,
566 				"Given password length '%s' is invalid.",
567 				argv[2]);
568 		lprintf(LOG_ERR, "Expected value is either 16 or 20.");
569 		return (-1);
570 	}
571 	if (argc == 3) {
572 		/* We need to prompt for a password */
573 		password = ask_password(user_id);
574 		if (password == NULL) {
575 			lprintf(LOG_ERR, "ipmitool: malloc failure");
576 			return (-1);
577 		}
578 	} else {
579 		password = argv[3];
580 	}
581 	return ipmi_user_test_password(intf,
582 					 user_id,
583 					 password,
584 					 password_length == 20);
585 }
586 
587 int
588 ipmi_user_priv(struct ipmi_intf *intf, int argc, char **argv)
589 {
590 	struct user_access_t user_access = {0};
591 	int ccode = 0;
592 
593 	if (argc != 3 && argc != 4) {
594 		print_user_usage();
595 		return (-1);
596 	}
597 	if (argc == 4) {
598 		if (is_ipmi_channel_num(argv[3], &user_access.channel) != 0) {
599 			return (-1);
600 		}
601 	} else {
602 		/* Use channel running on */
603 		user_access.channel = 0x0E;
604 	}
605 	if (is_ipmi_user_priv_limit(argv[2], &user_access.privilege_limit) != 0
606 			|| is_ipmi_user_id(argv[1], &user_access.user_id) != 0) {
607 		return (-1);
608 	}
609 	ccode = _ipmi_set_user_access(intf, &user_access, 1);
610 	if (eval_ccode(ccode) != 0) {
611 		lprintf(LOG_ERR, "Set Privilege Level command failed (user %d)",
612 				user_access.user_id);
613 		return (-1);
614 	} else {
615 		printf("Set Privilege Level command successful (user %d)",
616 				user_access.user_id);
617 		return 0;
618 	}
619 }
620 
621 int
622 ipmi_user_mod(struct ipmi_intf *intf, int argc, char **argv)
623 {
624 	/* Disable / Enable */
625 	uint8_t user_id;
626 	uint8_t operation;
627 	char null_password[16]; /* Not used, but required */
628 
629 	if (argc != 2) {
630 		print_user_usage();
631 		return (-1);
632 	}
633 	if (is_ipmi_user_id(argv[1], &user_id)) {
634 		return (-1);
635 	}
636 	memset(null_password, 0, sizeof(null_password));
637 	operation = (strncmp(argv[0], "disable", 7) == 0) ?
638 		IPMI_PASSWORD_DISABLE_USER : IPMI_PASSWORD_ENABLE_USER;
639 
640 	/* Last parameter is ignored */
641 	return ipmi_user_set_password(intf, user_id, operation, null_password, 0);
642 }
643 
644 int
645 ipmi_user_password(struct ipmi_intf *intf, int argc, char **argv)
646 {
647 	char *password = NULL;
648 	uint8_t password_type = 16;
649 	uint8_t user_id = 0;
650 	if (is_ipmi_user_id(argv[2], &user_id)) {
651 		return (-1);
652 	}
653 
654 	if (argc == 3) {
655 		/* We need to prompt for a password */
656 		char *tmp;
657 		password = ask_password(user_id);
658 		if (password == NULL) {
659 			lprintf(LOG_ERR, "ipmitool: malloc failure");
660 			return (-1);
661 		}
662 		tmp = ask_password(user_id);
663 		if (tmp == NULL) {
664 			lprintf(LOG_ERR, "ipmitool: malloc failure");
665 			return (-1);
666 		}
667 		if (strlen(password) != strlen(tmp)
668 				|| strncmp(password, tmp, strlen(tmp))) {
669 			lprintf(LOG_ERR, "Passwords do not match.");
670 			return (-1);
671 		}
672 	} else {
673 		password = argv[3];
674 		if (argc > 4) {
675 			if ((str2uchar(argv[4], &password_type) != 0)
676 					|| (password_type != 16 && password_type != 20)) {
677 				lprintf(LOG_ERR, "Invalid password length '%s'", argv[4]);
678 				return (-1);
679 			}
680 		} else {
681 			password_type = 16;
682 		}
683 	}
684 
685 	if (password == NULL) {
686 		lprintf(LOG_ERR, "Unable to parse password argument.");
687 		return (-1);
688 	} else if (strlen(password) > 20) {
689 		lprintf(LOG_ERR, "Password is too long (> 20 bytes)");
690 		return (-1);
691 	}
692 
693 	return ipmi_user_set_password(intf,
694 					user_id,
695 					IPMI_PASSWORD_SET_PASSWORD,
696 					password,
697 					password_type > 16);
698 }
699 
700 int
701 ipmi_user_name(struct ipmi_intf *intf, int argc, char **argv)
702 {
703 	/* Set Name */
704 	uint8_t user_id = 0;
705 	if (argc != 4) {
706 		print_user_usage();
707 		return (-1);
708 	}
709 	if (is_ipmi_user_id(argv[2], &user_id)) {
710 		return (-1);
711 	}
712 	if (strlen(argv[3]) > 16) {
713 		lprintf(LOG_ERR, "Username is too long (> 16 bytes)");
714 		return (-1);
715 	}
716 
717 	return ipmi_user_set_username(intf, user_id, argv[3]);
718 }
719 
720 /*
721  * ipmi_user_main
722  *
723  * Upon entry to this function argv should contain our arguments
724  * specific to this subcommand
725  */
726 int
727 ipmi_user_main(struct ipmi_intf *intf, int argc, char **argv)
728 {
729 	if (argc == 0) {
730 		lprintf(LOG_ERR, "Not enough parameters given.");
731 		print_user_usage();
732 		return (-1);
733 	}
734 	if (strncmp(argv[0], "help", 4) == 0) {
735 		/* Help */
736 		print_user_usage();
737 		return 0;
738 	} else if (strncmp(argv[0], "summary", 7) == 0) {
739 		return ipmi_user_summary(intf, argc, argv);
740 	} else if (strncmp(argv[0], "list", 4) == 0) {
741 		return ipmi_user_list(intf, argc, argv);
742 	} else if (strncmp(argv[0], "test", 4) == 0) {
743 		return ipmi_user_test(intf, argc, argv);
744 	} else if (strncmp(argv[0], "set", 3) == 0) {
745 		/* Set */
746 		if ((argc >= 3)
747 				&& (strncmp("password", argv[1], 8) == 0)) {
748 			return ipmi_user_password(intf, argc, argv);
749 		} else if ((argc >= 2)
750 				&& (strncmp("name", argv[1], 4) == 0)) {
751 			return ipmi_user_name(intf, argc, argv);
752 		} else {
753 			print_user_usage();
754 			return (-1);
755 		}
756 	} else if (strncmp(argv[0], "priv", 4) == 0) {
757 		return ipmi_user_priv(intf, argc, argv);
758 	} else if ((strncmp(argv[0], "disable", 7) == 0)
759 			|| (strncmp(argv[0], "enable",  6) == 0)) {
760 		return ipmi_user_mod(intf, argc, argv);
761 	} else {
762 		lprintf(LOG_ERR, "Invalid user command: '%s'\n", argv[0]);
763 		print_user_usage();
764 		return (-1);
765 	}
766 }
767