Auto sync2gitlab import of ipmitool-1.8.18-18.el8.src.rpm
This commit is contained in:
parent
bf2df7d299
commit
a67e023fd3
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
/ipmitool-1.8.18.tar.bz2
|
25
0001-CVE-2011-4339-OpenIPMI.patch
Normal file
25
0001-CVE-2011-4339-OpenIPMI.patch
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
From 152efd46931a70ab4e3d81e99d312df7dcd666e6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Boris Ranto <branto@redhat.com>
|
||||||
|
Date: Tue, 10 May 2016 19:12:08 +0200
|
||||||
|
Subject: [PATCH] CVE-2011-4339 OpenIPMI
|
||||||
|
|
||||||
|
IPMI event daemon creates PID file with world writeable permissions
|
||||||
|
---
|
||||||
|
lib/helper.c | 1 -
|
||||||
|
1 file changed, 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/lib/helper.c b/lib/helper.c
|
||||||
|
index de91438..c3a1c80 100644
|
||||||
|
--- a/lib/helper.c
|
||||||
|
+++ b/lib/helper.c
|
||||||
|
@@ -829,7 +829,6 @@ ipmi_start_daemon(struct ipmi_intf *intf)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
chdir("/");
|
||||||
|
- umask(0);
|
||||||
|
|
||||||
|
for (fd=0; fd<64; fd++) {
|
||||||
|
if (fd != intf->fd)
|
||||||
|
--
|
||||||
|
2.7.4
|
||||||
|
|
89
0002-openssl.patch
Normal file
89
0002-openssl.patch
Normal file
@ -0,0 +1,89 @@
|
|||||||
|
diff -urNp old/src/plugins/lanplus/lanplus_crypt_impl.c new/src/plugins/lanplus/lanplus_crypt_impl.c
|
||||||
|
--- old/src/plugins/lanplus/lanplus_crypt_impl.c 2016-05-28 10:20:20.000000000 +0200
|
||||||
|
+++ new/src/plugins/lanplus/lanplus_crypt_impl.c 2017-02-21 10:50:21.634873466 +0100
|
||||||
|
@@ -164,10 +164,10 @@ lanplus_encrypt_aes_cbc_128(const uint8_
|
||||||
|
uint8_t * output,
|
||||||
|
uint32_t * bytes_written)
|
||||||
|
{
|
||||||
|
- EVP_CIPHER_CTX ctx;
|
||||||
|
- EVP_CIPHER_CTX_init(&ctx);
|
||||||
|
- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
|
||||||
|
- EVP_CIPHER_CTX_set_padding(&ctx, 0);
|
||||||
|
+ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
|
||||||
|
+ EVP_CIPHER_CTX_init(ctx);
|
||||||
|
+ EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
|
||||||
|
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
|
||||||
|
|
||||||
|
|
||||||
|
*bytes_written = 0;
|
||||||
|
@@ -191,7 +191,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_
|
||||||
|
assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
|
||||||
|
|
||||||
|
|
||||||
|
- if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
|
||||||
|
+ if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
|
||||||
|
{
|
||||||
|
/* Error */
|
||||||
|
*bytes_written = 0;
|
||||||
|
@@ -201,7 +201,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_
|
||||||
|
{
|
||||||
|
uint32_t tmplen;
|
||||||
|
|
||||||
|
- if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
|
||||||
|
+ if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
|
||||||
|
{
|
||||||
|
*bytes_written = 0;
|
||||||
|
return; /* Error */
|
||||||
|
@@ -210,7 +210,8 @@ lanplus_encrypt_aes_cbc_128(const uint8_
|
||||||
|
{
|
||||||
|
/* Success */
|
||||||
|
*bytes_written += tmplen;
|
||||||
|
- EVP_CIPHER_CTX_cleanup(&ctx);
|
||||||
|
+ EVP_CIPHER_CTX_cleanup(ctx);
|
||||||
|
+ EVP_CIPHER_CTX_free(ctx);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@@ -239,10 +240,10 @@ lanplus_decrypt_aes_cbc_128(const uint8_
|
||||||
|
uint8_t * output,
|
||||||
|
uint32_t * bytes_written)
|
||||||
|
{
|
||||||
|
- EVP_CIPHER_CTX ctx;
|
||||||
|
- EVP_CIPHER_CTX_init(&ctx);
|
||||||
|
- EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
|
||||||
|
- EVP_CIPHER_CTX_set_padding(&ctx, 0);
|
||||||
|
+ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
|
||||||
|
+ EVP_CIPHER_CTX_init(ctx);
|
||||||
|
+ EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
|
||||||
|
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
|
||||||
|
|
||||||
|
|
||||||
|
if (verbose >= 5)
|
||||||
|
@@ -266,7 +267,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_
|
||||||
|
assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
|
||||||
|
|
||||||
|
|
||||||
|
- if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
|
||||||
|
+ if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
|
||||||
|
{
|
||||||
|
/* Error */
|
||||||
|
lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
|
||||||
|
@@ -277,7 +278,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_
|
||||||
|
{
|
||||||
|
uint32_t tmplen;
|
||||||
|
|
||||||
|
- if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
|
||||||
|
+ if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
|
||||||
|
{
|
||||||
|
char buffer[1000];
|
||||||
|
ERR_error_string(ERR_get_error(), buffer);
|
||||||
|
@@ -290,7 +291,8 @@ lanplus_decrypt_aes_cbc_128(const uint8_
|
||||||
|
{
|
||||||
|
/* Success */
|
||||||
|
*bytes_written += tmplen;
|
||||||
|
- EVP_CIPHER_CTX_cleanup(&ctx);
|
||||||
|
+ EVP_CIPHER_CTX_cleanup(ctx);
|
||||||
|
+ EVP_CIPHER_CTX_free(ctx);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
240
0003-ipmitool-1.8.11-set-kg-key.patch
Normal file
240
0003-ipmitool-1.8.11-set-kg-key.patch
Normal file
@ -0,0 +1,240 @@
|
|||||||
|
diff -urNp old/doc/ipmitool.1 new/doc/ipmitool.1
|
||||||
|
--- old/doc/ipmitool.1 2017-02-06 10:20:02.254362909 +0100
|
||||||
|
+++ new/doc/ipmitool.1 2017-02-06 10:33:41.729294474 +0100
|
||||||
|
@@ -372,6 +372,20 @@ Configure user access information on the
|
||||||
|
|
||||||
|
Displays the list of cipher suites supported for the given
|
||||||
|
application (ipmi or sol) on the given channel.
|
||||||
|
+.TP
|
||||||
|
+\fIsetkg\fP <\fIhex\fP|\fIplain\fP> <\fBkey\fP> [<\fBchannel\fR>]
|
||||||
|
+.br
|
||||||
|
+
|
||||||
|
+Sets K_g key to given value. Use \fIplain\fP to specify \fBkey\fR as simple ASCII string.
|
||||||
|
+Use \fIhex\fP to specify \fBkey\fR as sequence of hexadecimal codes of ASCII charactes.
|
||||||
|
+I.e. following two examples are equivalent:
|
||||||
|
+
|
||||||
|
+.RS
|
||||||
|
+ipmitool channel setkg plain PASSWORD
|
||||||
|
+
|
||||||
|
+ipmitool channel setkg hex 50415353574F5244
|
||||||
|
+.RE
|
||||||
|
+
|
||||||
|
.RE
|
||||||
|
.RE
|
||||||
|
.TP
|
||||||
|
diff -urNp old/include/ipmitool/helper.h new/include/ipmitool/helper.h
|
||||||
|
--- old/include/ipmitool/helper.h 2017-02-06 10:20:02.254362909 +0100
|
||||||
|
+++ new/include/ipmitool/helper.h 2017-02-06 10:40:07.336136844 +0100
|
||||||
|
@@ -58,6 +58,8 @@
|
||||||
|
# define IPMI_UID_MAX 63
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+#define IPMI_KG_BUFFER_SIZE 21 /* key plus null byte */
|
||||||
|
+
|
||||||
|
struct ipmi_intf;
|
||||||
|
|
||||||
|
struct valstr {
|
||||||
|
diff -urNp old/include/ipmitool/ipmi_channel.h new/include/ipmitool/ipmi_channel.h
|
||||||
|
--- old/include/ipmitool/ipmi_channel.h 2017-02-06 10:20:02.253316684 +0100
|
||||||
|
+++ new/include/ipmitool/ipmi_channel.h 2017-02-06 10:58:15.291287621 +0100
|
||||||
|
@@ -49,6 +49,10 @@
|
||||||
|
#define IPMI_GET_USER_NAME 0x46
|
||||||
|
#define IPMI_SET_USER_PASSWORD 0x47
|
||||||
|
#define IPMI_GET_CHANNEL_CIPHER_SUITES 0x54
|
||||||
|
+#define IPMI_SET_CHANNEL_SECURITY_KEYS 0x56
|
||||||
|
+
|
||||||
|
+#define IPMI_KG_KEY_ID 1
|
||||||
|
+#define IPMI_SET_CHANNEL_SECURITY_KEYS_OP_SET 1
|
||||||
|
|
||||||
|
/* These are for channel_info_t.session_support */
|
||||||
|
#define IPMI_CHANNEL_SESSION_LESS 0x00
|
||||||
|
@@ -137,6 +141,40 @@ int _ipmi_set_channel_access(struct ipmi
|
||||||
|
struct channel_access_t channel_access, uint8_t access_option,
|
||||||
|
uint8_t privilege_option);
|
||||||
|
|
||||||
|
+struct set_channel_security_keys_req {
|
||||||
|
+#if WORDS_BIGENDIAN
|
||||||
|
+ uint8_t __reserved1 :4;
|
||||||
|
+ uint8_t channel :4;
|
||||||
|
+
|
||||||
|
+ uint8_t __reserved2 :6;
|
||||||
|
+ uint8_t operation :2;
|
||||||
|
+
|
||||||
|
+ uint8_t key_id;
|
||||||
|
+ unsigned char key_value[IPMI_KG_BUFFER_SIZE-1]; /* we don't want space for '\0' at the end */
|
||||||
|
+#else
|
||||||
|
+ uint8_t channel :4;
|
||||||
|
+ uint8_t __reserved1 :4;
|
||||||
|
+
|
||||||
|
+ uint8_t operation :2;
|
||||||
|
+ uint8_t __reserved2 :6;
|
||||||
|
+
|
||||||
|
+ uint8_t key_id;
|
||||||
|
+ unsigned char key_value[IPMI_KG_BUFFER_SIZE-1]; /* we don't want space for '\0' at the end */
|
||||||
|
+#endif
|
||||||
|
+} __attribute__ ((packed));
|
||||||
|
+
|
||||||
|
+struct set_channel_security_keys_rsp {
|
||||||
|
+#if WORDS_BIGENDIAN
|
||||||
|
+ uint8_t __reserved1 :6;
|
||||||
|
+ uint8_t lock_status :2;
|
||||||
|
+ unsigned char key_value; /* just the first character, use &key_value to explore the rest */
|
||||||
|
+#else
|
||||||
|
+ uint8_t lock_status :2;
|
||||||
|
+ uint8_t __reserved1 :6;
|
||||||
|
+ unsigned char key_value; /* just the first character, use &key_value to explore the rest */
|
||||||
|
+#endif
|
||||||
|
+} __attribute__ ((packed));
|
||||||
|
+
|
||||||
|
uint8_t ipmi_get_channel_medium(struct ipmi_intf * intf, uint8_t channel);
|
||||||
|
uint8_t ipmi_current_channel_medium(struct ipmi_intf * intf);
|
||||||
|
int ipmi_channel_main(struct ipmi_intf * intf, int argc, char ** argv);
|
||||||
|
diff -urNp old/include/ipmitool/ipmi_intf.h new/include/ipmitool/ipmi_intf.h
|
||||||
|
--- old/include/ipmitool/ipmi_intf.h 2017-02-06 10:20:02.254362909 +0100
|
||||||
|
+++ new/include/ipmitool/ipmi_intf.h 2017-02-06 10:40:40.264577602 +0100
|
||||||
|
@@ -60,7 +60,6 @@ enum LANPLUS_SESSION_STATE {
|
||||||
|
|
||||||
|
#define IPMI_AUTHCODE_BUFFER_SIZE 20
|
||||||
|
#define IPMI_SIK_BUFFER_SIZE IPMI_MAX_MD_SIZE
|
||||||
|
-#define IPMI_KG_BUFFER_SIZE 21 /* key plus null byte */
|
||||||
|
|
||||||
|
struct ipmi_session_params {
|
||||||
|
char * hostname;
|
||||||
|
diff -urNp old/lib/ipmi_channel.c new/lib/ipmi_channel.c
|
||||||
|
--- old/lib/ipmi_channel.c 2017-02-06 10:20:02.255409134 +0100
|
||||||
|
+++ new/lib/ipmi_channel.c 2017-02-06 12:32:14.222282317 +0100
|
||||||
|
@@ -821,6 +821,92 @@ ipmi_set_user_access(struct ipmi_intf *i
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
+int
|
||||||
|
+ipmi_set_channel_security_keys (struct ipmi_intf *intf, uint8_t channel, const char *method, const char *key)
|
||||||
|
+{
|
||||||
|
+ uint8_t kgkey[IPMI_KG_BUFFER_SIZE];
|
||||||
|
+ struct ipmi_rs *rsp;
|
||||||
|
+ struct ipmi_rq req;
|
||||||
|
+ struct set_channel_security_keys_req req_data;
|
||||||
|
+ int rc = -1;
|
||||||
|
+
|
||||||
|
+ /* convert provided key to array of bytes */
|
||||||
|
+ if (strcmp(method, "hex") == 0) {
|
||||||
|
+ if (strlen(key) > (IPMI_KG_BUFFER_SIZE-1)*2) {
|
||||||
|
+ lprintf(LOG_ERR, "Provided key is too long, max. length is %d bytes", (IPMI_KG_BUFFER_SIZE-1));
|
||||||
|
+ printf_channel_usage();
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ rc = ipmi_parse_hex(key, kgkey, sizeof(kgkey)-1);
|
||||||
|
+ if (rc == -1) {
|
||||||
|
+ lprintf(LOG_ERR, "Number of Kg key characters is not even");
|
||||||
|
+ return rc;
|
||||||
|
+ } else if (rc == -3) {
|
||||||
|
+ lprintf(LOG_ERR, "Kg key is not hexadecimal number");
|
||||||
|
+ return rc;
|
||||||
|
+ } else if (rc > (IPMI_KG_BUFFER_SIZE-1)) {
|
||||||
|
+ lprintf(LOG_ERR, "Kg key is too long");
|
||||||
|
+ return rc;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ } else if (strcmp(method, "plain") == 0) {
|
||||||
|
+ if (strlen(key) > IPMI_KG_BUFFER_SIZE-1) {
|
||||||
|
+ lprintf(LOG_ERR, "Provided key is too long, max. length is %d bytes", (IPMI_KG_BUFFER_SIZE -1));
|
||||||
|
+ printf_channel_usage();
|
||||||
|
+ return rc;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ strncpy(kgkey, key, IPMI_KG_BUFFER_SIZE-1);
|
||||||
|
+ } else {
|
||||||
|
+ printf_channel_usage();
|
||||||
|
+ return rc;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* assemble and send request to set kg key */
|
||||||
|
+ memset(&req_data, 0, sizeof(req_data));
|
||||||
|
+ req_data.channel = channel;
|
||||||
|
+ req_data.operation = IPMI_SET_CHANNEL_SECURITY_KEYS_OP_SET;
|
||||||
|
+ req_data.key_id = IPMI_KG_KEY_ID;
|
||||||
|
+ memcpy(req_data.key_value, kgkey, IPMI_KG_BUFFER_SIZE-1);
|
||||||
|
+
|
||||||
|
+ memset(&req, 0, sizeof(req));
|
||||||
|
+ req.msg.netfn = IPMI_NETFN_APP;
|
||||||
|
+ req.msg.cmd = IPMI_SET_CHANNEL_SECURITY_KEYS;
|
||||||
|
+ req.msg.data = (uint8_t*) &req_data;
|
||||||
|
+ req.msg.data_len = sizeof(req_data);
|
||||||
|
+
|
||||||
|
+ rsp = intf->sendrecv(intf, &req);
|
||||||
|
+ if (rsp == NULL) {
|
||||||
|
+ lprintf(LOG_ERR, "Set Channel Security Keys command failed");
|
||||||
|
+ return rc;
|
||||||
|
+ }
|
||||||
|
+ if (rsp->ccode > 0) {
|
||||||
|
+ const char *error = NULL;
|
||||||
|
+ switch (rsp->ccode) {
|
||||||
|
+ case 0x80:
|
||||||
|
+ error = "Key is locked";
|
||||||
|
+ break;
|
||||||
|
+ case 0x81:
|
||||||
|
+ error = "Insufficient key bytes";
|
||||||
|
+ break;
|
||||||
|
+ case 0x82:
|
||||||
|
+ error = "Too many key bytes";
|
||||||
|
+ break;
|
||||||
|
+ case 0x83:
|
||||||
|
+ error = "Key value does not meet criteria for K_g key";
|
||||||
|
+ break;
|
||||||
|
+ default:
|
||||||
|
+ error = val2str(rsp->ccode, completion_code_vals);
|
||||||
|
+ }
|
||||||
|
+ lprintf(LOG_ERR, "Error setting security key: %X (%s)", rsp->ccode, error);
|
||||||
|
+ return rc;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ lprintf(LOG_NOTICE, "Set Channel Security Keys command succeeded");
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
int
|
||||||
|
ipmi_channel_main(struct ipmi_intf *intf, int argc, char **argv)
|
||||||
|
{
|
||||||
|
@@ -890,6 +976,19 @@ ipmi_channel_main(struct ipmi_intf *intf
|
||||||
|
retval = ipmi_get_channel_cipher_suites(intf,
|
||||||
|
argv[1], /* ipmi | sol */
|
||||||
|
channel);
|
||||||
|
+ } else if (strncmp(argv[0], "setkg", 5) == 0) {
|
||||||
|
+ if (argc < 3 || argc > 4)
|
||||||
|
+ printf_channel_usage();
|
||||||
|
+ else {
|
||||||
|
+ uint8_t ch = 0xe;
|
||||||
|
+ char *method = argv[1];
|
||||||
|
+ char *key = argv[2];
|
||||||
|
+ if (argc == 4) {
|
||||||
|
+ ch = (uint8_t)strtol(argv[3], NULL, 0);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ retval = ipmi_set_channel_security_keys(intf, ch, method, key);
|
||||||
|
+ }
|
||||||
|
} else {
|
||||||
|
lprintf(LOG_ERR, "Invalid CHANNEL command: %s\n", argv[0]);
|
||||||
|
printf_channel_usage();
|
||||||
|
@@ -916,6 +1015,10 @@ printf_channel_usage()
|
||||||
|
lprintf(LOG_NOTICE,
|
||||||
|
"");
|
||||||
|
lprintf(LOG_NOTICE,
|
||||||
|
+" setkg hex|plain <key> [channel]");
|
||||||
|
+ lprintf(LOG_NOTICE,
|
||||||
|
+"");
|
||||||
|
+ lprintf(LOG_NOTICE,
|
||||||
|
"Possible privilege levels are:");
|
||||||
|
lprintf(LOG_NOTICE,
|
||||||
|
" 1 Callback level");
|
||||||
|
diff -urNp old/src/plugins/ipmi_intf.c new/src/plugins/ipmi_intf.c
|
||||||
|
--- old/src/plugins/ipmi_intf.c 2017-02-06 10:20:02.257501584 +0100
|
||||||
|
+++ new/src/plugins/ipmi_intf.c 2017-02-06 10:42:12.585257810 +0100
|
||||||
|
@@ -55,6 +55,7 @@
|
||||||
|
#include <ipmitool/ipmi.h>
|
||||||
|
#include <ipmitool/ipmi_sdr.h>
|
||||||
|
#include <ipmitool/log.h>
|
||||||
|
+#include <ipmitool/helper.h>
|
||||||
|
|
||||||
|
#define IPMI_DEFAULT_PAYLOAD_SIZE 25
|
||||||
|
|
16
0004-slowswid.patch
Normal file
16
0004-slowswid.patch
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
diff --git a/lib/ipmi_sdr.c b/lib/ipmi_sdr.c
|
||||||
|
index fa7b082..9bc5ac2 100644
|
||||||
|
--- a/lib/ipmi_sdr.c
|
||||||
|
+++ b/lib/ipmi_sdr.c
|
||||||
|
@@ -572,6 +572,8 @@ ipmi_sdr_get_sensor_reading_ipmb(struct ipmi_intf *intf, uint8_t sensor,
|
||||||
|
uint32_t save_addr;
|
||||||
|
uint32_t save_channel;
|
||||||
|
|
||||||
|
+ if (target == (uint8_t) 0xb1)
|
||||||
|
+ return ipmi_sdr_get_sensor_reading(intf, sensor);
|
||||||
|
if ( BRIDGE_TO_SENSOR(intf, target, channel) ) {
|
||||||
|
lprintf(LOG_DEBUG,
|
||||||
|
"Bridge to Sensor "
|
||||||
|
--
|
||||||
|
2.1.0
|
||||||
|
|
16
0005-sensor-id-length.patch
Normal file
16
0005-sensor-id-length.patch
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
diff --git a/include/ipmitool/ipmi_sdr.h b/include/ipmitool/ipmi_sdr.h
|
||||||
|
index ccf0cf0..47d3949 100644
|
||||||
|
--- a/include/ipmitool/ipmi_sdr.h
|
||||||
|
+++ b/include/ipmitool/ipmi_sdr.h
|
||||||
|
@@ -819,7 +819,7 @@ static const char *sensor_type_desc[] __attribute__ ((unused)) = {
|
||||||
|
"Version Change", "FRU State" };
|
||||||
|
|
||||||
|
struct sensor_reading {
|
||||||
|
- char s_id[17]; /* name of the sensor */
|
||||||
|
+ char s_id[33]; /* name of the sensor */
|
||||||
|
struct sdr_record_full_sensor *full;
|
||||||
|
struct sdr_record_compact_sensor *compact;
|
||||||
|
uint8_t s_reading_valid; /* read value valididity */
|
||||||
|
--
|
||||||
|
2.1.0
|
||||||
|
|
21
0006-enable-usb.patch
Normal file
21
0006-enable-usb.patch
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
diff -urNp old/configure.ac new/configure.ac
|
||||||
|
--- old/configure.ac 2017-02-02 14:20:33.230784269 +0100
|
||||||
|
+++ new/configure.ac 2017-02-02 14:22:53.528510336 +0100
|
||||||
|
@@ -63,7 +63,7 @@ xenable_intf_imb=yes
|
||||||
|
xenable_intf_lipmi=yes
|
||||||
|
xenable_intf_open=yes
|
||||||
|
#xenable_intf_serial=yes
|
||||||
|
-xenable_intf_usb=no
|
||||||
|
+xenable_intf_usb=yes
|
||||||
|
xenable_ipmishell=yes
|
||||||
|
|
||||||
|
dnl set some things so we build with GNU tools on Solaris
|
||||||
|
@@ -209,7 +209,7 @@ fi
|
||||||
|
dnl enable IPMI USB interface
|
||||||
|
AC_ARG_ENABLE([intf-usb],
|
||||||
|
[AC_HELP_STRING([--enable-intf-usb],
|
||||||
|
- [enable IPMI USB interface [default=auto]])],
|
||||||
|
+ [enable IPMI USB interface [default=yes]])],
|
||||||
|
[xenable_intf_usb=$enableval],
|
||||||
|
[xenable_intf_usb=$xenable_intf_usb])
|
||||||
|
if test "x$xenable_intf_usb" = "xstatic" || test "x$xenable_intf_usb" = "xplugin"; then
|
41
0007-check-input.patch
Normal file
41
0007-check-input.patch
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
diff -urNp old/doc/ipmitool.1 new/doc/ipmitool.1
|
||||||
|
--- old/doc/ipmitool.1 2017-10-03 16:10:50.446539988 +0200
|
||||||
|
+++ new/doc/ipmitool.1 2017-10-03 16:16:37.039673239 +0200
|
||||||
|
@@ -3170,13 +3170,14 @@ SOL configuration data for the currently
|
||||||
|
|
||||||
|
Enable, disable or show status of SOL payload for the user on the specified channel.
|
||||||
|
.TP
|
||||||
|
-\fIset\fP <\fBparameter\fR> <\fBvalue\fR> [<\fBchannel\fR>]
|
||||||
|
+\fIset\fP <\fBparameter\fR> <\fBvalue\fR> [<\fBchannel\fR>] [\fBnoguard\fR]
|
||||||
|
.br
|
||||||
|
|
||||||
|
Configure parameters for Serial Over Lan. If no channel is given,
|
||||||
|
it will display SOL configuration data for the currently used
|
||||||
|
channel. Configuration parameter updates are automatically guarded
|
||||||
|
-with the updates to the set\-in\-progress parameter.
|
||||||
|
+with the updates to the set\-in\-progress parameter, unless \fInoguard\fR
|
||||||
|
+parameter is present.
|
||||||
|
.RS
|
||||||
|
.TP
|
||||||
|
Valid parameters and values are:
|
||||||
|
diff -urNp old/lib/ipmi_sol.c new/lib/ipmi_sol.c
|
||||||
|
--- old/lib/ipmi_sol.c 2017-10-03 16:10:50.447539996 +0200
|
||||||
|
+++ new/lib/ipmi_sol.c 2017-10-03 16:18:37.079006949 +0200
|
||||||
|
@@ -1875,7 +1875,7 @@ static void
|
||||||
|
print_sol_usage(void)
|
||||||
|
{
|
||||||
|
lprintf(LOG_NOTICE, "SOL Commands: info [<channel number>]");
|
||||||
|
- lprintf(LOG_NOTICE, " set <parameter> <value> [channel]");
|
||||||
|
+ lprintf(LOG_NOTICE, " set <parameter> <value> [channel] [noguard]");
|
||||||
|
lprintf(LOG_NOTICE, " payload <enable|disable|status> [channel] [userid]");
|
||||||
|
lprintf(LOG_NOTICE, " activate [<usesolkeepalive|nokeepalive>] [instance=<number>]");
|
||||||
|
lprintf(LOG_NOTICE, " deactivate [instance=<number>]");
|
||||||
|
@@ -1890,6 +1890,8 @@ print_sol_usage(void)
|
||||||
|
static void
|
||||||
|
print_sol_set_usage(void)
|
||||||
|
{
|
||||||
|
+ lprintf(LOG_NOTICE, "\nSOL set usage: \n");
|
||||||
|
+ lprintf(LOG_NOTICE, " sol set <parameter> <value> [channel] [noguard]\n");
|
||||||
|
lprintf(LOG_NOTICE, "\nSOL set parameters and values: \n");
|
||||||
|
lprintf(LOG_NOTICE, " set-in-progress set-complete | "
|
||||||
|
"set-in-progress | commit-write");
|
864
0008-use-best-cipher.patch
Normal file
864
0008-use-best-cipher.patch
Normal file
@ -0,0 +1,864 @@
|
|||||||
|
From 260293c0ee5a268bc7fc1483e5304546745122a6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Vernon Mauery <vernon.mauery@intel.com>
|
||||||
|
Date: Mon, 9 Apr 2018 12:28:57 -0700
|
||||||
|
Subject: [PATCH] lanplus: Auto-select 'best' cipher suite available
|
||||||
|
|
||||||
|
Current cipher suites could be ranked as this:
|
||||||
|
17 > 3 >> all the rest
|
||||||
|
|
||||||
|
Cherry-picked-from: 7772254b62826b894ca629df8c597030a98f4f72
|
||||||
|
Cherry-picked-from: f9c699c712f884c82fc1a62f1f61a8d597ac0cfd
|
||||||
|
|
||||||
|
Also fetched some functions/macros for helper.h
|
||||||
|
|
||||||
|
Equals to getting include/ipmitool/helper.h changes from commits:
|
||||||
|
(oldest first)
|
||||||
|
|
||||||
|
6c00d44 mc: watchdog get: Update to match IPMI 2.0 spec
|
||||||
|
e8e94d8 mc: watchdog set: Refactor to reduce complexity
|
||||||
|
0310208 mc: Code refactor to reduce copy-paste ratio
|
||||||
|
249e092 general: Make byteswapping arch-independent
|
||||||
|
5491b12 refix 249e0929: Fix byteswapping helpers
|
||||||
|
bb1a4cc Refactoring. Improve code reuse ratio.
|
||||||
|
---
|
||||||
|
include/ipmitool/helper.h | 58 ++++++++
|
||||||
|
include/ipmitool/ipmi_channel.h | 47 +++++++
|
||||||
|
include/ipmitool/ipmi_intf.h | 39 ++++-
|
||||||
|
lib/ipmi_channel.c | 242 +++++++++++++++-----------------
|
||||||
|
lib/ipmi_main.c | 23 +--
|
||||||
|
src/plugins/ipmi_intf.c | 5 +-
|
||||||
|
src/plugins/lanplus/lanplus.c | 114 +++++++++++----
|
||||||
|
7 files changed, 360 insertions(+), 168 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/include/ipmitool/helper.h b/include/ipmitool/helper.h
|
||||||
|
index c53736f..6a2e5f4 100644
|
||||||
|
--- a/include/ipmitool/helper.h
|
||||||
|
+++ b/include/ipmitool/helper.h
|
||||||
|
@@ -38,6 +38,8 @@
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
+#define ARRAY_SIZE(a) (sizeof(a) / sizeof(a[0]))
|
||||||
|
+
|
||||||
|
#ifndef TRUE
|
||||||
|
#define TRUE 1
|
||||||
|
#endif
|
||||||
|
@@ -111,6 +113,62 @@ FILE * ipmi_open_file(const char * file, int rw);
|
||||||
|
void ipmi_start_daemon(struct ipmi_intf *intf);
|
||||||
|
uint16_t ipmi_get_oem_id(struct ipmi_intf *intf);
|
||||||
|
|
||||||
|
+#define IS_SET(v, b) ((v) & (1 << (b)))
|
||||||
|
+
|
||||||
|
+/* le16toh(), hto16le(), et. al. don't exist for Windows or Apple */
|
||||||
|
+/* For portability, let's simply define our own versions here */
|
||||||
|
+
|
||||||
|
+/* IPMI is always little-endian */
|
||||||
|
+static inline uint16_t ipmi16toh(void *ipmi16)
|
||||||
|
+{
|
||||||
|
+ uint8_t *ipmi = (uint8_t *)ipmi16;
|
||||||
|
+ uint16_t h;
|
||||||
|
+
|
||||||
|
+ h = ipmi[1] << 8; /* MSB */
|
||||||
|
+ h |= ipmi[0]; /* LSB */
|
||||||
|
+
|
||||||
|
+ return h;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static inline void htoipmi16(uint16_t h, uint8_t *ipmi)
|
||||||
|
+{
|
||||||
|
+ ipmi[0] = h & 0xFF; /* LSB */
|
||||||
|
+ ipmi[1] = h >> 8; /* MSB */
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static inline uint32_t ipmi24toh(void *ipmi24)
|
||||||
|
+{
|
||||||
|
+ uint8_t *ipmi = (uint8_t *)ipmi24;
|
||||||
|
+ uint32_t h = 0;
|
||||||
|
+
|
||||||
|
+ h = ipmi[2] << 16; /* MSB */
|
||||||
|
+ h |= ipmi[1] << 8;
|
||||||
|
+ h |= ipmi[0]; /* LSB */
|
||||||
|
+
|
||||||
|
+ return h;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static inline uint32_t ipmi32toh(void *ipmi32)
|
||||||
|
+{
|
||||||
|
+ uint8_t *ipmi = ipmi32;
|
||||||
|
+ uint32_t h;
|
||||||
|
+
|
||||||
|
+ h = ipmi[3] << 24; /* MSB */
|
||||||
|
+ h |= ipmi[2] << 16;
|
||||||
|
+ h |= ipmi[1] << 8;
|
||||||
|
+ h |= ipmi[0]; /* LSB */
|
||||||
|
+
|
||||||
|
+ return h;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static inline void htoipmi32(uint32_t h, uint8_t *ipmi)
|
||||||
|
+{
|
||||||
|
+ ipmi[0] = h & 0xFF; /* LSB */
|
||||||
|
+ ipmi[1] = (h >> 8) & 0xFF;
|
||||||
|
+ ipmi[2] = (h >> 16) & 0xFF;
|
||||||
|
+ ipmi[3] = (h >> 24) & 0xFF; /* MSB */
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
#define ipmi_open_file_read(file) ipmi_open_file(file, 0)
|
||||||
|
#define ipmi_open_file_write(file) ipmi_open_file(file, 1)
|
||||||
|
|
||||||
|
diff --git a/include/ipmitool/ipmi_channel.h b/include/ipmitool/ipmi_channel.h
|
||||||
|
index 3ade2d5..324c0bb 100644
|
||||||
|
--- a/include/ipmitool/ipmi_channel.h
|
||||||
|
+++ b/include/ipmitool/ipmi_channel.h
|
||||||
|
@@ -37,6 +37,7 @@
|
||||||
|
# include <config.h>
|
||||||
|
#endif
|
||||||
|
#include <ipmitool/ipmi.h>
|
||||||
|
+#include <ipmitool/ipmi_intf.h>
|
||||||
|
|
||||||
|
|
||||||
|
#define IPMI_GET_CHANNEL_AUTH_CAP 0x38
|
||||||
|
@@ -81,6 +82,50 @@ struct channel_access_t {
|
||||||
|
uint8_t user_level_auth;
|
||||||
|
};
|
||||||
|
|
||||||
|
+/*
|
||||||
|
+ * The Cipher Suite Record Format from table 22-18 of the IPMI v2.0 spec
|
||||||
|
+ */
|
||||||
|
+enum cipher_suite_format_tag {
|
||||||
|
+ STANDARD_CIPHER_SUITE = 0xc0,
|
||||||
|
+ OEM_CIPHER_SUITE = 0xc1,
|
||||||
|
+};
|
||||||
|
+#ifdef HAVE_PRAGMA_PACK
|
||||||
|
+#pragma pack(1)
|
||||||
|
+#endif
|
||||||
|
+struct std_cipher_suite_record_t {
|
||||||
|
+ uint8_t start_of_record;
|
||||||
|
+ uint8_t cipher_suite_id;
|
||||||
|
+ uint8_t auth_alg;
|
||||||
|
+ uint8_t integrity_alg;
|
||||||
|
+ uint8_t crypt_alg;
|
||||||
|
+} ATTRIBUTE_PACKING;
|
||||||
|
+struct oem_cipher_suite_record_t {
|
||||||
|
+ uint8_t start_of_record;
|
||||||
|
+ uint8_t cipher_suite_id;
|
||||||
|
+ uint8_t iana[3];
|
||||||
|
+ uint8_t auth_alg;
|
||||||
|
+ uint8_t integrity_alg;
|
||||||
|
+ uint8_t crypt_alg;
|
||||||
|
+} ATTRIBUTE_PACKING;
|
||||||
|
+#ifdef HAVE_PRAGMA_PACK
|
||||||
|
+#pragma pack(0)
|
||||||
|
+#endif
|
||||||
|
+#define CIPHER_ALG_MASK 0x3f
|
||||||
|
+#define MAX_CIPHER_SUITE_RECORD_OFFSET 0x40
|
||||||
|
+#define MAX_CIPHER_SUITE_DATA_LEN 0x10
|
||||||
|
+#define LIST_ALGORITHMS_BY_CIPHER_SUITE 0x80
|
||||||
|
+
|
||||||
|
+/* Below is the theoretical maximum number of cipher suites that could be
|
||||||
|
+ * reported by a BMC. That is with the Get Channel Cipher Suites Command, at 16
|
||||||
|
+ * bytes at a time and 0x40 requests, it can report 1024 bytes, which is about
|
||||||
|
+ * 204 standard records or 128 OEM records. Really, we probably don't need more
|
||||||
|
+ * than about 20, which is the full set of standard records plus a few OEM
|
||||||
|
+ * records.
|
||||||
|
+ */
|
||||||
|
+#define MAX_CIPHER_SUITE_COUNT (MAX_CIPHER_SUITE_RECORD_OFFSET * \
|
||||||
|
+ MAX_CIPHER_SUITE_DATA_LEN / \
|
||||||
|
+ sizeof(struct std_cipher_suite_record_t))
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* The Get Authentication Capabilities response structure
|
||||||
|
* From table 22-15 of the IPMI v2.0 spec
|
||||||
|
@@ -135,6 +180,8 @@ struct get_channel_auth_cap_rsp {
|
||||||
|
int _ipmi_get_channel_access(struct ipmi_intf *intf,
|
||||||
|
struct channel_access_t *channel_access,
|
||||||
|
uint8_t get_volatile_settings);
|
||||||
|
+int ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type,
|
||||||
|
+ uint8_t channel, struct cipher_suite_info *suites, size_t *count);
|
||||||
|
int _ipmi_get_channel_info(struct ipmi_intf *intf,
|
||||||
|
struct channel_info_t *channel_info);
|
||||||
|
int _ipmi_set_channel_access(struct ipmi_intf *intf,
|
||||||
|
diff --git a/include/ipmitool/ipmi_intf.h b/include/ipmitool/ipmi_intf.h
|
||||||
|
index 0b8c64b..7a07d66 100644
|
||||||
|
--- a/include/ipmitool/ipmi_intf.h
|
||||||
|
+++ b/include/ipmitool/ipmi_intf.h
|
||||||
|
@@ -61,13 +61,45 @@ enum LANPLUS_SESSION_STATE {
|
||||||
|
#define IPMI_AUTHCODE_BUFFER_SIZE 20
|
||||||
|
#define IPMI_SIK_BUFFER_SIZE IPMI_MAX_MD_SIZE
|
||||||
|
|
||||||
|
+enum cipher_suite_ids {
|
||||||
|
+ IPMI_LANPLUS_CIPHER_SUITE_0 = 0,
|
||||||
|
+ IPMI_LANPLUS_CIPHER_SUITE_1 = 1,
|
||||||
|
+ IPMI_LANPLUS_CIPHER_SUITE_2 = 2,
|
||||||
|
+ IPMI_LANPLUS_CIPHER_SUITE_3 = 3,
|
||||||
|
+ IPMI_LANPLUS_CIPHER_SUITE_4 = 4,
|
||||||
|
+ IPMI_LANPLUS_CIPHER_SUITE_5 = 5,
|
||||||
|
+ IPMI_LANPLUS_CIPHER_SUITE_6 = 6,
|
||||||
|
+ IPMI_LANPLUS_CIPHER_SUITE_7 = 7,
|
||||||
|
+ IPMI_LANPLUS_CIPHER_SUITE_8 = 8,
|
||||||
|
+ IPMI_LANPLUS_CIPHER_SUITE_9 = 9,
|
||||||
|
+ IPMI_LANPLUS_CIPHER_SUITE_10 = 10,
|
||||||
|
+ IPMI_LANPLUS_CIPHER_SUITE_11 = 11,
|
||||||
|
+ IPMI_LANPLUS_CIPHER_SUITE_12 = 12,
|
||||||
|
+ IPMI_LANPLUS_CIPHER_SUITE_13 = 13,
|
||||||
|
+ IPMI_LANPLUS_CIPHER_SUITE_14 = 14,
|
||||||
|
+#ifdef HAVE_CRYPTO_SHA256
|
||||||
|
+ IPMI_LANPLUS_CIPHER_SUITE_15 = 15,
|
||||||
|
+ IPMI_LANPLUS_CIPHER_SUITE_16 = 16,
|
||||||
|
+ IPMI_LANPLUS_CIPHER_SUITE_17 = 17,
|
||||||
|
+#endif /* HAVE_CRYPTO_SHA256 */
|
||||||
|
+ IPMI_LANPLUS_CIPHER_SUITE_RESERVED = 0xff,
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+struct cipher_suite_info {
|
||||||
|
+ enum cipher_suite_ids cipher_suite_id;
|
||||||
|
+ uint8_t auth_alg;
|
||||||
|
+ uint8_t integrity_alg;
|
||||||
|
+ uint8_t crypt_alg;
|
||||||
|
+ uint32_t iana;
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
struct ipmi_session_params {
|
||||||
|
char * hostname;
|
||||||
|
uint8_t username[17];
|
||||||
|
uint8_t authcode_set[IPMI_AUTHCODE_BUFFER_SIZE + 1];
|
||||||
|
uint8_t authtype_set;
|
||||||
|
uint8_t privlvl;
|
||||||
|
- uint8_t cipher_suite_id;
|
||||||
|
+ enum cipher_suite_ids cipher_suite_id;
|
||||||
|
char sol_escape_char;
|
||||||
|
int password;
|
||||||
|
int port;
|
||||||
|
@@ -217,7 +249,10 @@ void ipmi_intf_session_set_username(struct ipmi_intf * intf, char * username);
|
||||||
|
void ipmi_intf_session_set_password(struct ipmi_intf * intf, char * password);
|
||||||
|
void ipmi_intf_session_set_privlvl(struct ipmi_intf * intf, uint8_t privlvl);
|
||||||
|
void ipmi_intf_session_set_lookupbit(struct ipmi_intf * intf, uint8_t lookupbit);
|
||||||
|
-void ipmi_intf_session_set_cipher_suite_id(struct ipmi_intf * intf, uint8_t cipher_suite_id);
|
||||||
|
+#ifdef IPMI_INTF_LANPLUS
|
||||||
|
+void ipmi_intf_session_set_cipher_suite_id(struct ipmi_intf * intf,
|
||||||
|
+ enum cipher_suite_ids cipher_suite_id);
|
||||||
|
+#endif /* IPMI_INTF_LANPLUS */
|
||||||
|
void ipmi_intf_session_set_sol_escape_char(struct ipmi_intf * intf, char sol_escape_char);
|
||||||
|
void ipmi_intf_session_set_kgkey(struct ipmi_intf *intf, const uint8_t *kgkey);
|
||||||
|
void ipmi_intf_session_set_port(struct ipmi_intf * intf, int port);
|
||||||
|
diff --git a/lib/ipmi_channel.c b/lib/ipmi_channel.c
|
||||||
|
index e1fc75f..3ae3104 100644
|
||||||
|
--- a/lib/ipmi_channel.c
|
||||||
|
+++ b/lib/ipmi_channel.c
|
||||||
|
@@ -342,86 +342,116 @@ ipmi_get_channel_auth_cap(struct ipmi_intf *intf, uint8_t channel, uint8_t priv)
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
-static int
|
||||||
|
+static size_t
|
||||||
|
+parse_channel_cipher_suite_data(uint8_t *cipher_suite_data, size_t data_len,
|
||||||
|
+ struct cipher_suite_info* suites, size_t nr_suites)
|
||||||
|
+{
|
||||||
|
+ size_t count = 0;
|
||||||
|
+ size_t offset = 0;
|
||||||
|
+ uint32_t iana;
|
||||||
|
+ uint8_t auth_alg, integrity_alg, crypt_alg;
|
||||||
|
+ uint8_t cipher_suite_id;
|
||||||
|
+
|
||||||
|
+ memset(suites, 0, sizeof(*suites) * nr_suites);
|
||||||
|
+
|
||||||
|
+ while (offset < data_len && count < nr_suites) {
|
||||||
|
+ auth_alg = IPMI_AUTH_RAKP_NONE;
|
||||||
|
+ integrity_alg = IPMI_INTEGRITY_NONE;
|
||||||
|
+ crypt_alg = IPMI_CRYPT_NONE;
|
||||||
|
+ if (cipher_suite_data[offset] == STANDARD_CIPHER_SUITE) {
|
||||||
|
+ struct std_cipher_suite_record_t *record =
|
||||||
|
+ (struct std_cipher_suite_record_t*)(&cipher_suite_data[offset]);
|
||||||
|
+ /* standard type */
|
||||||
|
+ iana = 0;
|
||||||
|
+
|
||||||
|
+ /* Verify that we have at least a full record left; id + 3 algs */
|
||||||
|
+ if ((data_len - offset) < sizeof(*record)) {
|
||||||
|
+ lprintf(LOG_INFO, "Incomplete data record in cipher suite data");
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ cipher_suite_id = record->cipher_suite_id;
|
||||||
|
+ auth_alg = CIPHER_ALG_MASK & record->auth_alg;
|
||||||
|
+ integrity_alg = CIPHER_ALG_MASK & record->integrity_alg;
|
||||||
|
+ crypt_alg = CIPHER_ALG_MASK & record->crypt_alg;
|
||||||
|
+ offset += sizeof(*record);
|
||||||
|
+ } else if (cipher_suite_data[offset] == OEM_CIPHER_SUITE) {
|
||||||
|
+ /* OEM record type */
|
||||||
|
+ struct oem_cipher_suite_record_t *record =
|
||||||
|
+ (struct oem_cipher_suite_record_t*)(&cipher_suite_data[offset]);
|
||||||
|
+ /* Verify that we have at least a full record left
|
||||||
|
+ * id + iana + 3 algs
|
||||||
|
+ */
|
||||||
|
+ if ((data_len - offset) < sizeof(*record)) {
|
||||||
|
+ lprintf(LOG_INFO, "Incomplete data record in cipher suite data");
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ cipher_suite_id = record->cipher_suite_id;
|
||||||
|
+
|
||||||
|
+ /* Grab the IANA */
|
||||||
|
+ iana = ipmi24toh(record->iana);
|
||||||
|
+ auth_alg = CIPHER_ALG_MASK & record->auth_alg;
|
||||||
|
+ integrity_alg = CIPHER_ALG_MASK & record->integrity_alg;
|
||||||
|
+ crypt_alg = CIPHER_ALG_MASK & record->crypt_alg;
|
||||||
|
+ offset += sizeof(*record);
|
||||||
|
+ } else {
|
||||||
|
+ lprintf(LOG_INFO, "Bad start of record byte in cipher suite data (offset %d, value %x)", offset, cipher_suite_data[offset]);
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ suites[count].cipher_suite_id = cipher_suite_id;
|
||||||
|
+ suites[count].iana = iana;
|
||||||
|
+ suites[count].auth_alg = auth_alg;
|
||||||
|
+ suites[count].integrity_alg = integrity_alg;
|
||||||
|
+ suites[count].crypt_alg = crypt_alg;
|
||||||
|
+ count++;
|
||||||
|
+ }
|
||||||
|
+ return count;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+int
|
||||||
|
ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type,
|
||||||
|
- uint8_t channel)
|
||||||
|
+ uint8_t channel, struct cipher_suite_info *suites, size_t *count)
|
||||||
|
{
|
||||||
|
struct ipmi_rs *rsp;
|
||||||
|
struct ipmi_rq req;
|
||||||
|
|
||||||
|
uint8_t rqdata[3];
|
||||||
|
- uint32_t iana;
|
||||||
|
- uint8_t auth_alg, integrity_alg, crypt_alg;
|
||||||
|
- uint8_t cipher_suite_id;
|
||||||
|
uint8_t list_index = 0;
|
||||||
|
/* 0x40 sets * 16 bytes per set */
|
||||||
|
- uint8_t cipher_suite_data[1024];
|
||||||
|
- uint16_t offset = 0;
|
||||||
|
- /* how much was returned, total */
|
||||||
|
- uint16_t cipher_suite_data_length = 0;
|
||||||
|
+ uint8_t cipher_suite_data[MAX_CIPHER_SUITE_RECORD_OFFSET *
|
||||||
|
+ MAX_CIPHER_SUITE_DATA_LEN];
|
||||||
|
+ size_t offset = 0;
|
||||||
|
+ size_t nr_suites = 0;
|
||||||
|
|
||||||
|
+ if (!suites || !count || !*count)
|
||||||
|
+ return -1;
|
||||||
|
+
|
||||||
|
+ nr_suites = *count;
|
||||||
|
+ *count = 0;
|
||||||
|
memset(cipher_suite_data, 0, sizeof(cipher_suite_data));
|
||||||
|
-
|
||||||
|
+
|
||||||
|
memset(&req, 0, sizeof(req));
|
||||||
|
req.msg.netfn = IPMI_NETFN_APP;
|
||||||
|
req.msg.cmd = IPMI_GET_CHANNEL_CIPHER_SUITES;
|
||||||
|
req.msg.data = rqdata;
|
||||||
|
- req.msg.data_len = 3;
|
||||||
|
+ req.msg.data_len = sizeof(rqdata);
|
||||||
|
|
||||||
|
rqdata[0] = channel;
|
||||||
|
rqdata[1] = ((strncmp(payload_type, "ipmi", 4) == 0)? 0: 1);
|
||||||
|
- /* Always ask for cipher suite format */
|
||||||
|
- rqdata[2] = 0x80;
|
||||||
|
-
|
||||||
|
- rsp = intf->sendrecv(intf, &req);
|
||||||
|
- if (rsp == NULL) {
|
||||||
|
- lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites");
|
||||||
|
- return -1;
|
||||||
|
- }
|
||||||
|
- if (rsp->ccode > 0) {
|
||||||
|
- lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
|
||||||
|
- val2str(rsp->ccode, completion_code_vals));
|
||||||
|
- return -1;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
-
|
||||||
|
- /*
|
||||||
|
- * Grab the returned channel number once. We assume it's the same
|
||||||
|
- * in future calls.
|
||||||
|
- */
|
||||||
|
- if (rsp->data_len >= 1) {
|
||||||
|
- channel = rsp->data[0];
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- while ((rsp->data_len > 1) && (rsp->data_len == 17) && (list_index < 0x3F)) {
|
||||||
|
- /*
|
||||||
|
- * We got back cipher suite data -- store it.
|
||||||
|
- * printf("copying data to offset %d\n", offset);
|
||||||
|
- * printbuf(rsp->data + 1, rsp->data_len - 1, "this is the data");
|
||||||
|
- */
|
||||||
|
- memcpy(cipher_suite_data + offset, rsp->data + 1, rsp->data_len - 1);
|
||||||
|
- offset += rsp->data_len - 1;
|
||||||
|
-
|
||||||
|
- /*
|
||||||
|
- * Increment our list for the next call
|
||||||
|
- */
|
||||||
|
- ++list_index;
|
||||||
|
- rqdata[2] = (rqdata[2] & 0x80) + list_index;
|
||||||
|
|
||||||
|
+ do {
|
||||||
|
+ /* Always ask for cipher suite format */
|
||||||
|
+ rqdata[2] = LIST_ALGORITHMS_BY_CIPHER_SUITE | list_index;
|
||||||
|
rsp = intf->sendrecv(intf, &req);
|
||||||
|
if (rsp == NULL) {
|
||||||
|
lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
- if (rsp->ccode > 0) {
|
||||||
|
+ if (rsp->ccode || rsp->data_len < 1) {
|
||||||
|
lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
|
||||||
|
val2str(rsp->ccode, completion_code_vals));
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- /* Copy last chunk */
|
||||||
|
- if(rsp->data_len > 1) {
|
||||||
|
/*
|
||||||
|
* We got back cipher suite data -- store it.
|
||||||
|
* printf("copying data to offset %d\n", offset);
|
||||||
|
@@ -429,88 +459,46 @@ ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type,
|
||||||
|
*/
|
||||||
|
memcpy(cipher_suite_data + offset, rsp->data + 1, rsp->data_len - 1);
|
||||||
|
offset += rsp->data_len - 1;
|
||||||
|
- }
|
||||||
|
|
||||||
|
- /* We can chomp on all our data now. */
|
||||||
|
- cipher_suite_data_length = offset;
|
||||||
|
- offset = 0;
|
||||||
|
+ /*
|
||||||
|
+ * Increment our list for the next call
|
||||||
|
+ */
|
||||||
|
+ ++list_index;
|
||||||
|
+ } while ((rsp->data_len == (sizeof(uint8_t) + MAX_CIPHER_SUITE_DATA_LEN)) &&
|
||||||
|
+ (list_index < MAX_CIPHER_SUITE_RECORD_OFFSET));
|
||||||
|
|
||||||
|
- if (! csv_output) {
|
||||||
|
- printf("ID IANA Auth Alg Integrity Alg Confidentiality Alg\n");
|
||||||
|
- }
|
||||||
|
- while (offset < cipher_suite_data_length) {
|
||||||
|
- if (cipher_suite_data[offset++] == 0xC0) {
|
||||||
|
- /* standard type */
|
||||||
|
- iana = 0;
|
||||||
|
+ *count = parse_channel_cipher_suite_data(cipher_suite_data, offset, suites,
|
||||||
|
+ nr_suites);
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
|
||||||
|
- /* Verify that we have at least a full record left; id + 3 algs */
|
||||||
|
- if ((cipher_suite_data_length - offset) < 4) {
|
||||||
|
- lprintf(LOG_ERR, "Incomplete data record in cipher suite data");
|
||||||
|
- return -1;
|
||||||
|
- }
|
||||||
|
- cipher_suite_id = cipher_suite_data[offset++];
|
||||||
|
- } else if (cipher_suite_data[offset++] == 0xC1) {
|
||||||
|
- /* OEM record type */
|
||||||
|
- /* Verify that we have at least a full record left
|
||||||
|
- * id + iana + 3 algs
|
||||||
|
- */
|
||||||
|
- if ((cipher_suite_data_length - offset) < 4) {
|
||||||
|
- lprintf(LOG_ERR, "Incomplete data record in cipher suite data");
|
||||||
|
- return -1;
|
||||||
|
- }
|
||||||
|
+static int
|
||||||
|
+ipmi_print_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type,
|
||||||
|
+ uint8_t channel)
|
||||||
|
+{
|
||||||
|
+ int rc;
|
||||||
|
+ size_t i = 0;
|
||||||
|
+ struct cipher_suite_info suites[MAX_CIPHER_SUITE_COUNT];
|
||||||
|
+ size_t nr_suites = sizeof(*suites);
|
||||||
|
|
||||||
|
- cipher_suite_id = cipher_suite_data[offset++];
|
||||||
|
+ rc = ipmi_get_channel_cipher_suites(intf, payload_type, channel,
|
||||||
|
+ suites, &nr_suites);
|
||||||
|
|
||||||
|
- /* Grab the IANA */
|
||||||
|
- iana =
|
||||||
|
- cipher_suite_data[offset] |
|
||||||
|
- (cipher_suite_data[offset + 1] << 8) |
|
||||||
|
- (cipher_suite_data[offset + 2] << 16);
|
||||||
|
- offset += 3;
|
||||||
|
- } else {
|
||||||
|
- lprintf(LOG_ERR, "Bad start of record byte in cipher suite data");
|
||||||
|
- return -1;
|
||||||
|
- }
|
||||||
|
+ if (rc < 0)
|
||||||
|
+ return rc;
|
||||||
|
|
||||||
|
- /*
|
||||||
|
- * Grab the algorithms for this cipher suite. I guess we can't be
|
||||||
|
- * sure of what order they'll come in. Also, I suppose we default
|
||||||
|
- * to the NONE algorithm if one were absent. This part of the spec is
|
||||||
|
- * poorly written -- I have read the errata document. For now, I'm only
|
||||||
|
- * allowing one algorithm per type (auth, integrity, crypt) because I
|
||||||
|
- * don't I understand how it could be otherwise.
|
||||||
|
- */
|
||||||
|
- auth_alg = IPMI_AUTH_RAKP_NONE;
|
||||||
|
- integrity_alg = IPMI_INTEGRITY_NONE;
|
||||||
|
- crypt_alg = IPMI_CRYPT_NONE;
|
||||||
|
-
|
||||||
|
- while (((cipher_suite_data[offset] & 0xC0) != 0xC0) &&
|
||||||
|
- ((cipher_suite_data_length - offset) > 0))
|
||||||
|
- {
|
||||||
|
- switch (cipher_suite_data[offset] & 0xC0)
|
||||||
|
- {
|
||||||
|
- case 0x00:
|
||||||
|
- /* Authentication algorithm specifier */
|
||||||
|
- auth_alg = cipher_suite_data[offset++] & 0x3F;
|
||||||
|
- break;
|
||||||
|
- case 0x40:
|
||||||
|
- /* Interity algorithm specifier */
|
||||||
|
- integrity_alg = cipher_suite_data[offset++] & 0x3F;
|
||||||
|
- break;
|
||||||
|
- case 0x80:
|
||||||
|
- /* Confidentiality algorithm specifier */
|
||||||
|
- crypt_alg = cipher_suite_data[offset++] & 0x3F;
|
||||||
|
- break;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
+ if (! csv_output) {
|
||||||
|
+ printf("ID IANA Auth Alg Integrity Alg Confidentiality Alg\n");
|
||||||
|
+ }
|
||||||
|
+ for (i = 0; i < nr_suites; i++) {
|
||||||
|
/* We have everything we need to spit out a cipher suite record */
|
||||||
|
printf((csv_output? "%d,%s,%s,%s,%s\n" :
|
||||||
|
"%-4d %-7s %-15s %-15s %-15s\n"),
|
||||||
|
- cipher_suite_id,
|
||||||
|
- iana_string(iana),
|
||||||
|
- val2str(auth_alg, ipmi_auth_algorithms),
|
||||||
|
- val2str(integrity_alg, ipmi_integrity_algorithms),
|
||||||
|
- val2str(crypt_alg, ipmi_encryption_algorithms));
|
||||||
|
+ suites[i].cipher_suite_id,
|
||||||
|
+ iana_string(suites[i].iana),
|
||||||
|
+ val2str(suites[i].auth_alg, ipmi_auth_algorithms),
|
||||||
|
+ val2str(suites[i].integrity_alg, ipmi_integrity_algorithms),
|
||||||
|
+ val2str(suites[i].crypt_alg, ipmi_encryption_algorithms));
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
@@ -973,7 +961,7 @@ ipmi_channel_main(struct ipmi_intf *intf, int argc, char **argv)
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- retval = ipmi_get_channel_cipher_suites(intf,
|
||||||
|
+ retval = ipmi_print_channel_cipher_suites(intf,
|
||||||
|
argv[1], /* ipmi | sol */
|
||||||
|
channel);
|
||||||
|
} else if (strncmp(argv[0], "setkg", 5) == 0) {
|
||||||
|
diff --git a/lib/ipmi_main.c b/lib/ipmi_main.c
|
||||||
|
index 811c80b..6aee102 100644
|
||||||
|
--- a/lib/ipmi_main.c
|
||||||
|
+++ b/lib/ipmi_main.c
|
||||||
|
@@ -323,6 +323,7 @@ ipmi_main(int argc, char ** argv,
|
||||||
|
uint8_t target_addr = 0;
|
||||||
|
uint8_t target_channel = 0;
|
||||||
|
|
||||||
|
+ uint8_t u8tmp = 0;
|
||||||
|
uint8_t transit_addr = 0;
|
||||||
|
uint8_t transit_channel = 0;
|
||||||
|
uint8_t target_lun = 0;
|
||||||
|
@@ -347,7 +348,10 @@ ipmi_main(int argc, char ** argv,
|
||||||
|
char * seloem = NULL;
|
||||||
|
int port = 0;
|
||||||
|
int devnum = 0;
|
||||||
|
- int cipher_suite_id = 3; /* See table 22-19 of the IPMIv2 spec */
|
||||||
|
+#ifdef IPMI_INTF_LANPLUS
|
||||||
|
+ /* lookup best cipher suite available */
|
||||||
|
+ enum cipher_suite_ids cipher_suite_id = IPMI_LANPLUS_CIPHER_SUITE_RESERVED;
|
||||||
|
+#endif /* IPMI_INTF_LANPLUS */
|
||||||
|
int argflag, i, found;
|
||||||
|
int rc = -1;
|
||||||
|
int ai_family = AF_UNSPEC;
|
||||||
|
@@ -425,19 +429,18 @@ ipmi_main(int argc, char ** argv,
|
||||||
|
goto out_free;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
+#ifdef IPMI_INTF_LANPLUS
|
||||||
|
case 'C':
|
||||||
|
- if (str2int(optarg, &cipher_suite_id) != 0) {
|
||||||
|
- lprintf(LOG_ERR, "Invalid parameter given or out of range for '-C'.");
|
||||||
|
- rc = -1;
|
||||||
|
- goto out_free;
|
||||||
|
- }
|
||||||
|
- /* add check Cipher is -gt 0 */
|
||||||
|
- if (cipher_suite_id < 0) {
|
||||||
|
- lprintf(LOG_ERR, "Cipher suite ID %i is invalid.", cipher_suite_id);
|
||||||
|
+ /* Cipher Suite ID is a byte as per IPMI specification */
|
||||||
|
+ if (str2uchar(optarg, &u8tmp) != 0) {
|
||||||
|
+ lprintf(LOG_ERR, "Invalid parameter given or out of "
|
||||||
|
+ "range [0-255] for '-C'.");
|
||||||
|
rc = -1;
|
||||||
|
goto out_free;
|
||||||
|
}
|
||||||
|
+ cipher_suite_id = u8tmp;
|
||||||
|
break;
|
||||||
|
+#endif /* IPMI_INTF_LANPLUS */
|
||||||
|
case 'v':
|
||||||
|
verbose++;
|
||||||
|
break;
|
||||||
|
@@ -870,7 +873,9 @@ ipmi_main(int argc, char ** argv,
|
||||||
|
|
||||||
|
ipmi_intf_session_set_lookupbit(ipmi_main_intf, lookupbit);
|
||||||
|
ipmi_intf_session_set_sol_escape_char(ipmi_main_intf, sol_escape_char);
|
||||||
|
+#ifdef IPMI_INTF_LANPLUS
|
||||||
|
ipmi_intf_session_set_cipher_suite_id(ipmi_main_intf, cipher_suite_id);
|
||||||
|
+#endif /* IPMI_INTF_LANPLUS */
|
||||||
|
|
||||||
|
ipmi_main_intf->devnum = devnum;
|
||||||
|
|
||||||
|
diff --git a/src/plugins/ipmi_intf.c b/src/plugins/ipmi_intf.c
|
||||||
|
index 1d9e87b..00b0918 100644
|
||||||
|
--- a/src/plugins/ipmi_intf.c
|
||||||
|
+++ b/src/plugins/ipmi_intf.c
|
||||||
|
@@ -252,11 +252,14 @@ ipmi_intf_session_set_lookupbit(struct ipmi_intf * intf, uint8_t lookupbit)
|
||||||
|
intf->ssn_params.lookupbit = lookupbit;
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef IPMI_INTF_LANPLUS
|
||||||
|
void
|
||||||
|
-ipmi_intf_session_set_cipher_suite_id(struct ipmi_intf * intf, uint8_t cipher_suite_id)
|
||||||
|
+ipmi_intf_session_set_cipher_suite_id(struct ipmi_intf * intf,
|
||||||
|
+ enum cipher_suite_ids cipher_suite_id)
|
||||||
|
{
|
||||||
|
intf->ssn_params.cipher_suite_id = cipher_suite_id;
|
||||||
|
}
|
||||||
|
+#endif /* IPMI_INTF_LANPLUS */
|
||||||
|
|
||||||
|
void
|
||||||
|
ipmi_intf_session_set_sol_escape_char(struct ipmi_intf * intf, char sol_escape_char)
|
||||||
|
diff --git a/src/plugins/lanplus/lanplus.c b/src/plugins/lanplus/lanplus.c
|
||||||
|
index a0e388c..3087348 100644
|
||||||
|
--- a/src/plugins/lanplus/lanplus.c
|
||||||
|
+++ b/src/plugins/lanplus/lanplus.c
|
||||||
|
@@ -164,114 +164,109 @@ extern int verbose;
|
||||||
|
* returns 0 on success
|
||||||
|
* 1 on failure
|
||||||
|
*/
|
||||||
|
-int lanplus_get_requested_ciphers(int cipher_suite_id,
|
||||||
|
+int lanplus_get_requested_ciphers(enum cipher_suite_ids cipher_suite_id,
|
||||||
|
uint8_t * auth_alg,
|
||||||
|
uint8_t * integrity_alg,
|
||||||
|
uint8_t * crypt_alg)
|
||||||
|
{
|
||||||
|
-#ifdef HAVE_CRYPTO_SHA256
|
||||||
|
- if ((cipher_suite_id < 0) || (cipher_suite_id > 17)) {
|
||||||
|
- return 1;
|
||||||
|
- }
|
||||||
|
-#else
|
||||||
|
- if ((cipher_suite_id < 0) || (cipher_suite_id > 14))
|
||||||
|
- return 1;
|
||||||
|
-#endif /* HAVE_CRYPTO_SHA256 */
|
||||||
|
/* See table 22-19 for the source of the statement */
|
||||||
|
switch (cipher_suite_id)
|
||||||
|
{
|
||||||
|
- case 0:
|
||||||
|
+ case IPMI_LANPLUS_CIPHER_SUITE_0:
|
||||||
|
*auth_alg = IPMI_AUTH_RAKP_NONE;
|
||||||
|
*integrity_alg = IPMI_INTEGRITY_NONE;
|
||||||
|
*crypt_alg = IPMI_CRYPT_NONE;
|
||||||
|
break;
|
||||||
|
- case 1:
|
||||||
|
+ case IPMI_LANPLUS_CIPHER_SUITE_1:
|
||||||
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1;
|
||||||
|
*integrity_alg = IPMI_INTEGRITY_NONE;
|
||||||
|
*crypt_alg = IPMI_CRYPT_NONE;
|
||||||
|
break;
|
||||||
|
- case 2:
|
||||||
|
+ case IPMI_LANPLUS_CIPHER_SUITE_2:
|
||||||
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1;
|
||||||
|
*integrity_alg = IPMI_INTEGRITY_HMAC_SHA1_96;
|
||||||
|
*crypt_alg = IPMI_CRYPT_NONE;
|
||||||
|
break;
|
||||||
|
- case 3:
|
||||||
|
+ case IPMI_LANPLUS_CIPHER_SUITE_3:
|
||||||
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1;
|
||||||
|
*integrity_alg = IPMI_INTEGRITY_HMAC_SHA1_96;
|
||||||
|
*crypt_alg = IPMI_CRYPT_AES_CBC_128;
|
||||||
|
break;
|
||||||
|
- case 4:
|
||||||
|
+ case IPMI_LANPLUS_CIPHER_SUITE_4:
|
||||||
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1;
|
||||||
|
*integrity_alg = IPMI_INTEGRITY_HMAC_SHA1_96;
|
||||||
|
*crypt_alg = IPMI_CRYPT_XRC4_128;
|
||||||
|
break;
|
||||||
|
- case 5:
|
||||||
|
+ case IPMI_LANPLUS_CIPHER_SUITE_5:
|
||||||
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA1;
|
||||||
|
*integrity_alg = IPMI_INTEGRITY_HMAC_SHA1_96;
|
||||||
|
*crypt_alg = IPMI_CRYPT_XRC4_40;
|
||||||
|
break;
|
||||||
|
- case 6:
|
||||||
|
+ case IPMI_LANPLUS_CIPHER_SUITE_6:
|
||||||
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
|
||||||
|
*integrity_alg = IPMI_INTEGRITY_NONE;
|
||||||
|
*crypt_alg = IPMI_CRYPT_NONE;
|
||||||
|
break;
|
||||||
|
- case 7:
|
||||||
|
+ case IPMI_LANPLUS_CIPHER_SUITE_7:
|
||||||
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
|
||||||
|
*integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128;
|
||||||
|
*crypt_alg = IPMI_CRYPT_NONE;
|
||||||
|
break;
|
||||||
|
- case 8:
|
||||||
|
+ case IPMI_LANPLUS_CIPHER_SUITE_8:
|
||||||
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
|
||||||
|
*integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128;
|
||||||
|
*crypt_alg = IPMI_CRYPT_AES_CBC_128;
|
||||||
|
break;
|
||||||
|
- case 9:
|
||||||
|
+ case IPMI_LANPLUS_CIPHER_SUITE_9:
|
||||||
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
|
||||||
|
*integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128;
|
||||||
|
*crypt_alg = IPMI_CRYPT_XRC4_128;
|
||||||
|
break;
|
||||||
|
- case 10:
|
||||||
|
+ case IPMI_LANPLUS_CIPHER_SUITE_10:
|
||||||
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
|
||||||
|
*integrity_alg = IPMI_INTEGRITY_HMAC_MD5_128;
|
||||||
|
*crypt_alg = IPMI_CRYPT_XRC4_40;
|
||||||
|
break;
|
||||||
|
- case 11:
|
||||||
|
+ case IPMI_LANPLUS_CIPHER_SUITE_11:
|
||||||
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
|
||||||
|
*integrity_alg = IPMI_INTEGRITY_MD5_128;
|
||||||
|
*crypt_alg = IPMI_CRYPT_NONE;
|
||||||
|
break;
|
||||||
|
- case 12:
|
||||||
|
+ case IPMI_LANPLUS_CIPHER_SUITE_12:
|
||||||
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
|
||||||
|
*integrity_alg = IPMI_INTEGRITY_MD5_128;
|
||||||
|
*crypt_alg = IPMI_CRYPT_AES_CBC_128;
|
||||||
|
break;
|
||||||
|
- case 13:
|
||||||
|
+ case IPMI_LANPLUS_CIPHER_SUITE_13:
|
||||||
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
|
||||||
|
*integrity_alg = IPMI_INTEGRITY_MD5_128;
|
||||||
|
*crypt_alg = IPMI_CRYPT_XRC4_128;
|
||||||
|
break;
|
||||||
|
- case 14:
|
||||||
|
+ case IPMI_LANPLUS_CIPHER_SUITE_14:
|
||||||
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_MD5;
|
||||||
|
*integrity_alg = IPMI_INTEGRITY_MD5_128;
|
||||||
|
*crypt_alg = IPMI_CRYPT_XRC4_40;
|
||||||
|
break;
|
||||||
|
#ifdef HAVE_CRYPTO_SHA256
|
||||||
|
- case 15:
|
||||||
|
+ case IPMI_LANPLUS_CIPHER_SUITE_15:
|
||||||
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA256;
|
||||||
|
*integrity_alg = IPMI_INTEGRITY_NONE;
|
||||||
|
*crypt_alg = IPMI_CRYPT_NONE;
|
||||||
|
break;
|
||||||
|
- case 16:
|
||||||
|
+ case IPMI_LANPLUS_CIPHER_SUITE_16:
|
||||||
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA256;
|
||||||
|
*integrity_alg = IPMI_INTEGRITY_HMAC_SHA256_128;
|
||||||
|
*crypt_alg = IPMI_CRYPT_NONE;
|
||||||
|
break;
|
||||||
|
- case 17:
|
||||||
|
+ case IPMI_LANPLUS_CIPHER_SUITE_17:
|
||||||
|
*auth_alg = IPMI_AUTH_RAKP_HMAC_SHA256;
|
||||||
|
*integrity_alg = IPMI_INTEGRITY_HMAC_SHA256_128;
|
||||||
|
*crypt_alg = IPMI_CRYPT_AES_CBC_128;
|
||||||
|
break;
|
||||||
|
#endif /* HAVE_CRYPTO_SHA256 */
|
||||||
|
+ case IPMI_LANPLUS_CIPHER_SUITE_RESERVED:
|
||||||
|
+ default:
|
||||||
|
+ return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
@@ -3441,6 +3436,57 @@ ipmi_set_session_privlvl_cmd(struct ipmi_intf * intf)
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static uint8_t
|
||||||
|
+ipmi_find_best_cipher_suite(struct ipmi_intf *intf)
|
||||||
|
+{
|
||||||
|
+ enum cipher_suite_ids best_suite = IPMI_LANPLUS_CIPHER_SUITE_RESERVED;
|
||||||
|
+#ifdef HAVE_CRYPTO_SHA256
|
||||||
|
+ struct cipher_suite_info suites[MAX_CIPHER_SUITE_COUNT];
|
||||||
|
+ size_t nr_suites = ARRAY_SIZE(suites);
|
||||||
|
+ /* cipher suite best order is chosen with this criteria:
|
||||||
|
+ * HMAC-MD5 and MD5 are BAD; xRC4 is bad; AES128 is required
|
||||||
|
+ * HMAC-SHA256 > HMAC-SHA1
|
||||||
|
+ * secure authentication > encrypted content
|
||||||
|
+ *
|
||||||
|
+ * With xRC4 out, all cipher suites with MD5 out, and cipher suite 3 being
|
||||||
|
+ * required by the spec, the only better defined standard cipher suite is
|
||||||
|
+ * 17. So if SHA256 is available, we should try to use that, otherwise,
|
||||||
|
+ * fall back to 3.
|
||||||
|
+ */
|
||||||
|
+ const enum cipher_suite_ids cipher_order_preferred[] = {
|
||||||
|
+ IPMI_LANPLUS_CIPHER_SUITE_17,
|
||||||
|
+ IPMI_LANPLUS_CIPHER_SUITE_3,
|
||||||
|
+ };
|
||||||
|
+ const size_t nr_preferred = ARRAY_SIZE(cipher_order_preferred);
|
||||||
|
+ size_t ipref, i;
|
||||||
|
+
|
||||||
|
+ if (ipmi_get_channel_cipher_suites(intf, "ipmi", IPMI_LAN_CHANNEL_E,
|
||||||
|
+ suites, &nr_suites) < 0)
|
||||||
|
+ {
|
||||||
|
+ /* default legacy behavior - cipher suite 3 if none is requested */
|
||||||
|
+ return IPMI_LANPLUS_CIPHER_SUITE_3;
|
||||||
|
+ }
|
||||||
|
+ for (ipref = 0; ipref < nr_preferred &&
|
||||||
|
+ IPMI_LANPLUS_CIPHER_SUITE_RESERVED == best_suite; ipref++)
|
||||||
|
+ {
|
||||||
|
+ for (i = 0; i < nr_suites; i++) {
|
||||||
|
+ if (cipher_order_preferred[ipref] == suites[i].cipher_suite_id) {
|
||||||
|
+ best_suite = cipher_order_preferred[ipref];
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+#endif /* HAVE_CRYPTO_SHA256 */
|
||||||
|
+ if (IPMI_LANPLUS_CIPHER_SUITE_RESERVED == best_suite) {
|
||||||
|
+ /* IPMI 2.0 spec requires that cipher suite 3 is implemented
|
||||||
|
+ * so we should always be able to fall back to that if better
|
||||||
|
+ * options are not available. */
|
||||||
|
+ best_suite = IPMI_LANPLUS_CIPHER_SUITE_3;
|
||||||
|
+ }
|
||||||
|
+ lprintf(LOG_INFO, "Using best available cipher suite %d\n", best_suite);
|
||||||
|
+ return best_suite;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
* ipmi_lanplus_open
|
||||||
|
*/
|
||||||
|
@@ -3514,6 +3560,16 @@ ipmi_lanplus_open(struct ipmi_intf * intf)
|
||||||
|
lprintf(LOG_INFO, "This BMC does not support IPMI v2 / RMCP+");
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
|
+ /*
|
||||||
|
+ * If no cipher suite was provided, query the channel cipher suite list and
|
||||||
|
+ * pick the best one available
|
||||||
|
+ */
|
||||||
|
+ if (IPMI_LANPLUS_CIPHER_SUITE_RESERVED ==
|
||||||
|
+ intf->ssn_params.cipher_suite_id)
|
||||||
|
+ {
|
||||||
|
+ ipmi_intf_session_set_cipher_suite_id(intf,
|
||||||
|
+ ipmi_find_best_cipher_suite(intf));
|
||||||
|
+ }
|
||||||
|
|
||||||
|
/*
|
||||||
|
* If the open/rakp1/rakp3 sequence encounters a timeout, the whole sequence
|
||||||
|
@@ -3728,7 +3784,7 @@ static int ipmi_lanplus_setup(struct ipmi_intf * intf)
|
||||||
|
|
||||||
|
static void ipmi_lanp_set_max_rq_data_size(struct ipmi_intf * intf, uint16_t size)
|
||||||
|
{
|
||||||
|
- if (intf->ssn_params.cipher_suite_id == 3) {
|
||||||
|
+ if (intf->ssn_params.cipher_suite_id == IPMI_LANPLUS_CIPHER_SUITE_3) {
|
||||||
|
/*
|
||||||
|
* encrypted payload can only be multiple of 16 bytes
|
||||||
|
*/
|
||||||
|
@@ -3746,7 +3802,7 @@ static void ipmi_lanp_set_max_rq_data_size(struct ipmi_intf * intf, uint16_t siz
|
||||||
|
|
||||||
|
static void ipmi_lanp_set_max_rp_data_size(struct ipmi_intf * intf, uint16_t size)
|
||||||
|
{
|
||||||
|
- if (intf->ssn_params.cipher_suite_id == 3) {
|
||||||
|
+ if (intf->ssn_params.cipher_suite_id == IPMI_LANPLUS_CIPHER_SUITE_3) {
|
||||||
|
/*
|
||||||
|
* encrypted payload can only be multiple of 16 bytes
|
||||||
|
*/
|
||||||
|
--
|
||||||
|
2.20.1
|
||||||
|
|
383
0009-CVE-2020-5208.patch
Normal file
383
0009-CVE-2020-5208.patch
Normal file
@ -0,0 +1,383 @@
|
|||||||
|
From a1732e68bce148255785e67eb035520729274d86 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Chrostoper Ertl <chertl@microsoft.com>
|
||||||
|
Date: Thu, 28 Nov 2019 16:33:59 +0000
|
||||||
|
Subject: [PATCH] Fixes for CVE-2020-5208
|
||||||
|
|
||||||
|
see https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
|
||||||
|
|
||||||
|
This patch is combination of following commits:
|
||||||
|
|
||||||
|
pick e824c23316ae50beb7f7488f2055ac65e8b341f2 fru: Fix buffer overflow vulnerabilities
|
||||||
|
pick 840fb1cbb4fb365cb9797300e3374d4faefcdb10 fru: Fix buffer overflow in ipmi_spd_print_fru
|
||||||
|
pick 41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22 session: Fix buffer overflow in ipmi_get_session_info
|
||||||
|
pick 9452be87181a6e83cfcc768b3ed8321763db50e4 channel: Fix buffer overflow
|
||||||
|
pick d45572d71e70840e0d4c50bf48218492b79c1a10 lanp: Fix buffer overflows in get_lan_param_select
|
||||||
|
pick 7ccea283dd62a05a320c1921e3d8d71a87772637 fru, sdr: Fix id_string buffer overflows
|
||||||
|
|
||||||
|
[vdolezal@redhat.com]: fixed memleak of `spd_data` in
|
||||||
|
lib/dimm_spd.c:ipmi_spd_print_fru()
|
||||||
|
---
|
||||||
|
lib/dimm_spd.c | 11 ++++++++++-
|
||||||
|
lib/ipmi_channel.c | 5 ++++-
|
||||||
|
lib/ipmi_fru.c | 35 ++++++++++++++++++++++++++++++++---
|
||||||
|
lib/ipmi_lanp.c | 14 +++++++-------
|
||||||
|
lib/ipmi_sdr.c | 40 ++++++++++++++++++++++++----------------
|
||||||
|
lib/ipmi_session.c | 12 ++++++++----
|
||||||
|
6 files changed, 85 insertions(+), 32 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/dimm_spd.c b/lib/dimm_spd.c
|
||||||
|
index 41e30db..ebcc94c 100644
|
||||||
|
--- a/lib/dimm_spd.c
|
||||||
|
+++ b/lib/dimm_spd.c
|
||||||
|
@@ -1621,7 +1621,7 @@ ipmi_spd_print_fru(struct ipmi_intf * intf, uint8_t id)
|
||||||
|
struct ipmi_rq req;
|
||||||
|
struct fru_info fru;
|
||||||
|
uint8_t *spd_data, msg_data[4];
|
||||||
|
- int len, offset;
|
||||||
|
+ uint32_t len, offset;
|
||||||
|
|
||||||
|
msg_data[0] = id;
|
||||||
|
|
||||||
|
@@ -1697,6 +1697,15 @@ ipmi_spd_print_fru(struct ipmi_intf * intf, uint8_t id)
|
||||||
|
}
|
||||||
|
|
||||||
|
len = rsp->data[0];
|
||||||
|
+ if(rsp->data_len < 1
|
||||||
|
+ || len > rsp->data_len - 1
|
||||||
|
+ || len > fru.size - offset)
|
||||||
|
+ {
|
||||||
|
+ printf(" Not enough buffer size");
|
||||||
|
+ free(spd_data);
|
||||||
|
+ spd_data = NULL;
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
memcpy(&spd_data[offset], rsp->data + 1, len);
|
||||||
|
offset += len;
|
||||||
|
} while (offset < fru.size);
|
||||||
|
diff --git a/lib/ipmi_channel.c b/lib/ipmi_channel.c
|
||||||
|
index 3ae3104..80ba522 100644
|
||||||
|
--- a/lib/ipmi_channel.c
|
||||||
|
+++ b/lib/ipmi_channel.c
|
||||||
|
@@ -447,7 +447,10 @@ ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type,
|
||||||
|
lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
- if (rsp->ccode || rsp->data_len < 1) {
|
||||||
|
+ if (rsp->ccode
|
||||||
|
+ || rsp->data_len < 1
|
||||||
|
+ || rsp->data_len > sizeof(uint8_t) + MAX_CIPHER_SUITE_DATA_LEN)
|
||||||
|
+ {
|
||||||
|
lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
|
||||||
|
val2str(rsp->ccode, completion_code_vals));
|
||||||
|
return -1;
|
||||||
|
diff --git a/lib/ipmi_fru.c b/lib/ipmi_fru.c
|
||||||
|
index cf00eff..98bc984 100644
|
||||||
|
--- a/lib/ipmi_fru.c
|
||||||
|
+++ b/lib/ipmi_fru.c
|
||||||
|
@@ -615,7 +615,10 @@ int
|
||||||
|
read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
|
||||||
|
uint32_t offset, uint32_t length, uint8_t *frubuf)
|
||||||
|
{
|
||||||
|
- uint32_t off = offset, tmp, finish;
|
||||||
|
+ uint32_t off = offset;
|
||||||
|
+ uint32_t tmp;
|
||||||
|
+ uint32_t finish;
|
||||||
|
+ uint32_t size_left_in_buffer;
|
||||||
|
struct ipmi_rs * rsp;
|
||||||
|
struct ipmi_rq req;
|
||||||
|
uint8_t msg_data[4];
|
||||||
|
@@ -628,10 +631,12 @@ read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
|
||||||
|
|
||||||
|
finish = offset + length;
|
||||||
|
if (finish > fru->size) {
|
||||||
|
+ memset(frubuf + fru->size, 0, length - fru->size);
|
||||||
|
finish = fru->size;
|
||||||
|
lprintf(LOG_NOTICE, "Read FRU Area length %d too large, "
|
||||||
|
"Adjusting to %d",
|
||||||
|
offset + length, finish - offset);
|
||||||
|
+ length = finish - offset;
|
||||||
|
}
|
||||||
|
|
||||||
|
memset(&req, 0, sizeof(req));
|
||||||
|
@@ -667,6 +672,7 @@ read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+ size_left_in_buffer = length;
|
||||||
|
do {
|
||||||
|
tmp = fru->access ? off >> 1 : off;
|
||||||
|
msg_data[0] = id;
|
||||||
|
@@ -707,9 +713,18 @@ read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
|
||||||
|
}
|
||||||
|
|
||||||
|
tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0];
|
||||||
|
+ if(rsp->data_len < 1
|
||||||
|
+ || tmp > rsp->data_len - 1
|
||||||
|
+ || tmp > size_left_in_buffer)
|
||||||
|
+ {
|
||||||
|
+ printf(" Not enough buffer size");
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
memcpy(frubuf, rsp->data + 1, tmp);
|
||||||
|
off += tmp;
|
||||||
|
frubuf += tmp;
|
||||||
|
+ size_left_in_buffer -= tmp;
|
||||||
|
/* sometimes the size returned in the Info command
|
||||||
|
* is too large. return 0 so higher level function
|
||||||
|
* still attempts to parse what was returned */
|
||||||
|
@@ -742,7 +757,9 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
|
||||||
|
uint32_t offset, uint32_t length, uint8_t *frubuf)
|
||||||
|
{
|
||||||
|
static uint32_t fru_data_rqst_size = 20;
|
||||||
|
- uint32_t off = offset, tmp, finish;
|
||||||
|
+ uint32_t off = offset;
|
||||||
|
+ uint32_t tmp, finish;
|
||||||
|
+ uint32_t size_left_in_buffer;
|
||||||
|
struct ipmi_rs * rsp;
|
||||||
|
struct ipmi_rq req;
|
||||||
|
uint8_t msg_data[4];
|
||||||
|
@@ -755,10 +772,12 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
|
||||||
|
|
||||||
|
finish = offset + length;
|
||||||
|
if (finish > fru->size) {
|
||||||
|
+ memset(frubuf + fru->size, 0, length - fru->size);
|
||||||
|
finish = fru->size;
|
||||||
|
lprintf(LOG_NOTICE, "Read FRU Area length %d too large, "
|
||||||
|
"Adjusting to %d",
|
||||||
|
offset + length, finish - offset);
|
||||||
|
+ length = finish - offset;
|
||||||
|
}
|
||||||
|
|
||||||
|
memset(&req, 0, sizeof(req));
|
||||||
|
@@ -773,6 +792,8 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
|
||||||
|
if (fru->access && fru_data_rqst_size > 16)
|
||||||
|
#endif
|
||||||
|
fru_data_rqst_size = 16;
|
||||||
|
+
|
||||||
|
+ size_left_in_buffer = length;
|
||||||
|
do {
|
||||||
|
tmp = fru->access ? off >> 1 : off;
|
||||||
|
msg_data[0] = id;
|
||||||
|
@@ -804,8 +825,16 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id,
|
||||||
|
}
|
||||||
|
|
||||||
|
tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0];
|
||||||
|
+ if(rsp->data_len < 1
|
||||||
|
+ || tmp > rsp->data_len - 1
|
||||||
|
+ || tmp > size_left_in_buffer)
|
||||||
|
+ {
|
||||||
|
+ printf(" Not enough buffer size");
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
memcpy((frubuf + off)-offset, rsp->data + 1, tmp);
|
||||||
|
off += tmp;
|
||||||
|
+ size_left_in_buffer -= tmp;
|
||||||
|
|
||||||
|
/* sometimes the size returned in the Info command
|
||||||
|
* is too large. return 0 so higher level function
|
||||||
|
@@ -3033,7 +3062,7 @@ ipmi_fru_print(struct ipmi_intf * intf, struct sdr_record_fru_locator * fru)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
memset(desc, 0, sizeof(desc));
|
||||||
|
- memcpy(desc, fru->id_string, fru->id_code & 0x01f);
|
||||||
|
+ memcpy(desc, fru->id_string, __min(fru->id_code & 0x01f, sizeof(desc)));
|
||||||
|
desc[fru->id_code & 0x01f] = 0;
|
||||||
|
printf("FRU Device Description : %s (ID %d)\n", desc, fru->device_id);
|
||||||
|
|
||||||
|
diff --git a/lib/ipmi_lanp.c b/lib/ipmi_lanp.c
|
||||||
|
index 65d881b..022c7f1 100644
|
||||||
|
--- a/lib/ipmi_lanp.c
|
||||||
|
+++ b/lib/ipmi_lanp.c
|
||||||
|
@@ -1809,7 +1809,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
|
||||||
|
if (p == NULL) {
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
|
- memcpy(data, p->data, p->data_len);
|
||||||
|
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
|
||||||
|
/* set new ipaddr */
|
||||||
|
memcpy(data+3, temp, 4);
|
||||||
|
printf("Setting LAN Alert %d IP Address to %d.%d.%d.%d\n", alert,
|
||||||
|
@@ -1824,7 +1824,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
|
||||||
|
if (p == NULL) {
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
|
- memcpy(data, p->data, p->data_len);
|
||||||
|
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
|
||||||
|
/* set new macaddr */
|
||||||
|
memcpy(data+7, temp, 6);
|
||||||
|
printf("Setting LAN Alert %d MAC Address to "
|
||||||
|
@@ -1838,7 +1838,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
|
||||||
|
if (p == NULL) {
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
|
- memcpy(data, p->data, p->data_len);
|
||||||
|
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
|
||||||
|
|
||||||
|
if (strncasecmp(argv[1], "def", 3) == 0 ||
|
||||||
|
strncasecmp(argv[1], "default", 7) == 0) {
|
||||||
|
@@ -1864,7 +1864,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
|
||||||
|
if (p == NULL) {
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
|
- memcpy(data, p->data, p->data_len);
|
||||||
|
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
|
||||||
|
|
||||||
|
if (strncasecmp(argv[1], "on", 2) == 0 ||
|
||||||
|
strncasecmp(argv[1], "yes", 3) == 0) {
|
||||||
|
@@ -1889,7 +1889,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
|
||||||
|
if (p == NULL) {
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
|
- memcpy(data, p->data, p->data_len);
|
||||||
|
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
|
||||||
|
|
||||||
|
if (strncasecmp(argv[1], "pet", 3) == 0) {
|
||||||
|
printf("Setting LAN Alert %d destination to PET Trap\n", alert);
|
||||||
|
@@ -1917,7 +1917,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
|
||||||
|
if (p == NULL) {
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
|
- memcpy(data, p->data, p->data_len);
|
||||||
|
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
|
||||||
|
|
||||||
|
if (str2uchar(argv[1], &data[2]) != 0) {
|
||||||
|
lprintf(LOG_ERR, "Invalid time: %s", argv[1]);
|
||||||
|
@@ -1933,7 +1933,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert,
|
||||||
|
if (p == NULL) {
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
|
- memcpy(data, p->data, p->data_len);
|
||||||
|
+ memcpy(data, p->data, __min(p->data_len, sizeof(data)));
|
||||||
|
|
||||||
|
if (str2uchar(argv[1], &data[3]) != 0) {
|
||||||
|
lprintf(LOG_ERR, "Invalid retry: %s", argv[1]);
|
||||||
|
diff --git a/lib/ipmi_sdr.c b/lib/ipmi_sdr.c
|
||||||
|
index fd2c02d..01d81f7 100644
|
||||||
|
--- a/lib/ipmi_sdr.c
|
||||||
|
+++ b/lib/ipmi_sdr.c
|
||||||
|
@@ -2086,7 +2086,7 @@ ipmi_sdr_print_sensor_eventonly(struct ipmi_intf *intf,
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
memset(desc, 0, sizeof (desc));
|
||||||
|
- snprintf(desc, (sensor->id_code & 0x1f) + 1, "%s", sensor->id_string);
|
||||||
|
+ snprintf(desc, sizeof(desc), "%.*s", (sensor->id_code & 0x1f) + 1, sensor->id_string);
|
||||||
|
|
||||||
|
if (verbose) {
|
||||||
|
printf("Sensor ID : %s (0x%x)\n",
|
||||||
|
@@ -2137,7 +2137,7 @@ ipmi_sdr_print_sensor_mc_locator(struct ipmi_intf *intf,
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
memset(desc, 0, sizeof (desc));
|
||||||
|
- snprintf(desc, (mc->id_code & 0x1f) + 1, "%s", mc->id_string);
|
||||||
|
+ snprintf(desc, sizeof(desc), "%.*s", (mc->id_code & 0x1f) + 1, mc->id_string);
|
||||||
|
|
||||||
|
if (verbose == 0) {
|
||||||
|
if (csv_output)
|
||||||
|
@@ -2230,7 +2230,7 @@ ipmi_sdr_print_sensor_generic_locator(struct ipmi_intf *intf,
|
||||||
|
char desc[17];
|
||||||
|
|
||||||
|
memset(desc, 0, sizeof (desc));
|
||||||
|
- snprintf(desc, (dev->id_code & 0x1f) + 1, "%s", dev->id_string);
|
||||||
|
+ snprintf(desc, sizeof(desc), "%.*s", (dev->id_code & 0x1f) + 1, dev->id_string);
|
||||||
|
|
||||||
|
if (!verbose) {
|
||||||
|
if (csv_output)
|
||||||
|
@@ -2287,7 +2287,7 @@ ipmi_sdr_print_sensor_fru_locator(struct ipmi_intf *intf,
|
||||||
|
char desc[17];
|
||||||
|
|
||||||
|
memset(desc, 0, sizeof (desc));
|
||||||
|
- snprintf(desc, (fru->id_code & 0x1f) + 1, "%s", fru->id_string);
|
||||||
|
+ snprintf(desc, sizeof(desc), "%.*s", (fru->id_code & 0x1f) + 1, fru->id_string);
|
||||||
|
|
||||||
|
if (!verbose) {
|
||||||
|
if (csv_output)
|
||||||
|
@@ -2491,35 +2491,43 @@ ipmi_sdr_print_name_from_rawentry(struct ipmi_intf *intf, uint16_t id,
|
||||||
|
|
||||||
|
int rc =0;
|
||||||
|
char desc[17];
|
||||||
|
+ const char *id_string;
|
||||||
|
+ uint8_t id_code;
|
||||||
|
memset(desc, ' ', sizeof (desc));
|
||||||
|
|
||||||
|
switch ( type) {
|
||||||
|
case SDR_RECORD_TYPE_FULL_SENSOR:
|
||||||
|
record.full = (struct sdr_record_full_sensor *) raw;
|
||||||
|
- snprintf(desc, (record.full->id_code & 0x1f) +1, "%s",
|
||||||
|
- (const char *)record.full->id_string);
|
||||||
|
+ id_code = record.full->id_code;
|
||||||
|
+ id_string = record.full->id_string;
|
||||||
|
break;
|
||||||
|
+
|
||||||
|
case SDR_RECORD_TYPE_COMPACT_SENSOR:
|
||||||
|
record.compact = (struct sdr_record_compact_sensor *) raw ;
|
||||||
|
- snprintf(desc, (record.compact->id_code & 0x1f) +1, "%s",
|
||||||
|
- (const char *)record.compact->id_string);
|
||||||
|
+ id_code = record.compact->id_code;
|
||||||
|
+ id_string = record.compact->id_string;
|
||||||
|
break;
|
||||||
|
+
|
||||||
|
case SDR_RECORD_TYPE_EVENTONLY_SENSOR:
|
||||||
|
record.eventonly = (struct sdr_record_eventonly_sensor *) raw ;
|
||||||
|
- snprintf(desc, (record.eventonly->id_code & 0x1f) +1, "%s",
|
||||||
|
- (const char *)record.eventonly->id_string);
|
||||||
|
- break;
|
||||||
|
+ id_code = record.eventonly->id_code;
|
||||||
|
+ id_string = record.eventonly->id_string;
|
||||||
|
+ break;
|
||||||
|
+
|
||||||
|
case SDR_RECORD_TYPE_MC_DEVICE_LOCATOR:
|
||||||
|
record.mcloc = (struct sdr_record_mc_locator *) raw ;
|
||||||
|
- snprintf(desc, (record.mcloc->id_code & 0x1f) +1, "%s",
|
||||||
|
- (const char *)record.mcloc->id_string);
|
||||||
|
+ id_code = record.mcloc->id_code;
|
||||||
|
+ id_string = record.mcloc->id_string;
|
||||||
|
break;
|
||||||
|
+
|
||||||
|
default:
|
||||||
|
rc = -1;
|
||||||
|
- break;
|
||||||
|
- }
|
||||||
|
+ }
|
||||||
|
+ if (!rc) {
|
||||||
|
+ snprintf(desc, sizeof(desc), "%.*s", (id_code & 0x1f) + 1, id_string);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- lprintf(LOG_INFO, "ID: 0x%04x , NAME: %-16s", id, desc);
|
||||||
|
+ lprintf(LOG_INFO, "ID: 0x%04x , NAME: %-16s", id, desc);
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/lib/ipmi_session.c b/lib/ipmi_session.c
|
||||||
|
index 141f0f4..b9af1fd 100644
|
||||||
|
--- a/lib/ipmi_session.c
|
||||||
|
+++ b/lib/ipmi_session.c
|
||||||
|
@@ -309,8 +309,10 @@ ipmi_get_session_info(struct ipmi_intf * intf,
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
- memcpy(&session_info, rsp->data, rsp->data_len);
|
||||||
|
- print_session_info(&session_info, rsp->data_len);
|
||||||
|
+ memcpy(&session_info, rsp->data,
|
||||||
|
+ __min(rsp->data_len, sizeof(session_info)));
|
||||||
|
+ print_session_info(&session_info,
|
||||||
|
+ __min(rsp->data_len, sizeof(session_info)));
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
@@ -341,8 +343,10 @@ ipmi_get_session_info(struct ipmi_intf * intf,
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
- memcpy(&session_info, rsp->data, rsp->data_len);
|
||||||
|
- print_session_info(&session_info, rsp->data_len);
|
||||||
|
+ memcpy(&session_info, rsp->data,
|
||||||
|
+ __min(rsp->data_len, sizeof(session_info)));
|
||||||
|
+ print_session_info(&session_info,
|
||||||
|
+ __min(rsp->data_len, sizeof(session_info)));
|
||||||
|
|
||||||
|
} while (i <= session_info.session_slot_count);
|
||||||
|
break;
|
||||||
|
--
|
||||||
|
2.20.1
|
||||||
|
|
420
0010-quanta-oem-support.patch
Normal file
420
0010-quanta-oem-support.patch
Normal file
@ -0,0 +1,420 @@
|
|||||||
|
From 87a898756a7bd54898c1f6d2a5441efb1f810b67 Mon Sep 17 00:00:00 2001
|
||||||
|
From: qctbmc <qct.bmc@gmail.com>
|
||||||
|
Date: Tue, 10 Jul 2018 11:21:55 +0800
|
||||||
|
Subject: [PATCH] oem: Add basic support for Quanta
|
||||||
|
|
||||||
|
---
|
||||||
|
include/ipmitool/Makefile.am | 2 +-
|
||||||
|
include/ipmitool/ipmi_quantaoem.h | 55 +++++++++
|
||||||
|
lib/Makefile.am | 2 +-
|
||||||
|
lib/ipmi_main.c | 1 +
|
||||||
|
lib/ipmi_oem.c | 14 +++
|
||||||
|
lib/ipmi_quantaoem.c | 184 ++++++++++++++++++++++++++++++
|
||||||
|
lib/ipmi_sel.c | 21 +++-
|
||||||
|
src/ipmitool.c | 1 +
|
||||||
|
8 files changed, 274 insertions(+), 6 deletions(-)
|
||||||
|
create mode 100644 include/ipmitool/ipmi_quantaoem.h
|
||||||
|
create mode 100644 lib/ipmi_quantaoem.c
|
||||||
|
|
||||||
|
diff --git a/include/ipmitool/Makefile.am b/include/ipmitool/Makefile.am
|
||||||
|
index 9093a56..8bc584a 100644
|
||||||
|
--- a/include/ipmitool/Makefile.am
|
||||||
|
+++ b/include/ipmitool/Makefile.am
|
||||||
|
@@ -39,4 +39,4 @@ noinst_HEADERS = log.h bswap.h hpm2.h helper.h ipmi.h ipmi_cc.h ipmi_intf.h \
|
||||||
|
ipmi_fwum.h ipmi_main.h ipmi_tsol.h ipmi_firewall.h \
|
||||||
|
ipmi_kontronoem.h ipmi_ekanalyzer.h ipmi_gendev.h ipmi_ime.h \
|
||||||
|
ipmi_delloem.h ipmi_dcmi.h ipmi_vita.h ipmi_sel_supermicro.h \
|
||||||
|
- ipmi_cfgp.h ipmi_lanp6.h
|
||||||
|
+ ipmi_cfgp.h ipmi_lanp6.h ipmi_quantaoem.h
|
||||||
|
diff --git a/include/ipmitool/ipmi_quantaoem.h b/include/ipmitool/ipmi_quantaoem.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..544f510
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/include/ipmitool/ipmi_quantaoem.h
|
||||||
|
@@ -0,0 +1,55 @@
|
||||||
|
+/*
|
||||||
|
+ * Copyright (c) 2018 Quanta Computer Inc. All rights reserved.
|
||||||
|
+ *
|
||||||
|
+ * Redistribution and use in source and binary forms, with or without
|
||||||
|
+ * modification, are permitted provided that the following conditions
|
||||||
|
+ * are met:
|
||||||
|
+ *
|
||||||
|
+ * Redistribution of source code must retain the above copyright
|
||||||
|
+ * notice, this list of conditions and the following disclaimer.
|
||||||
|
+ *
|
||||||
|
+ * Redistribution in binary form must reproduce the above copyright
|
||||||
|
+ * notice, this list of conditions and the following disclaimer in the
|
||||||
|
+ * documentation and/or other materials provided with the distribution.
|
||||||
|
+ *
|
||||||
|
+ * Neither the name of Quanta Computer Inc. or the names of
|
||||||
|
+ * contributors may be used to endorse or promote products derived
|
||||||
|
+ * from this software without specific prior written permission.
|
||||||
|
+ *
|
||||||
|
+ * This software is provided "AS IS," without a warranty of any kind.
|
||||||
|
+ * ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES,
|
||||||
|
+ * INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A
|
||||||
|
+ * PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED.
|
||||||
|
+ * Quanta Computer Inc. AND ITS LICENSORS SHALL NOT BE LIABLE
|
||||||
|
+ * FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING
|
||||||
|
+ * OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL
|
||||||
|
+ * Quanta Computer Inc. OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA,
|
||||||
|
+ * OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR
|
||||||
|
+ * PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF
|
||||||
|
+ * LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
|
||||||
|
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#ifndef IPMI_QUANTAOEM_H
|
||||||
|
+#define IPMI_QUANTAOEM_H
|
||||||
|
+
|
||||||
|
+#if HAVE_CONFIG_H
|
||||||
|
+# include <config.h>
|
||||||
|
+#endif
|
||||||
|
+#include <ipmitool/ipmi.h>
|
||||||
|
+#include <ipmitool/ipmi_sdr.h>
|
||||||
|
+
|
||||||
|
+#define OEM_QCT_NETFN 0x36
|
||||||
|
+#define OEM_QCT_GET_INFO 0x65
|
||||||
|
+
|
||||||
|
+typedef enum
|
||||||
|
+{
|
||||||
|
+ OEM_QCT_PLATFORM_UNKNOWN = 0,
|
||||||
|
+ OEM_QCT_PLATFORM_GRANTLEY,
|
||||||
|
+ OEM_QCT_PLATFORM_PURLEY
|
||||||
|
+} qct_platform_t;
|
||||||
|
+
|
||||||
|
+qct_platform_t oem_qct_get_platform_id(struct ipmi_intf *intf);
|
||||||
|
+char *oem_qct_get_evt_desc(struct ipmi_intf *intf, struct sel_event_record *rec);
|
||||||
|
+
|
||||||
|
+#endif /*IPMI_QUANTAOEM_H*/
|
||||||
|
diff --git a/lib/Makefile.am b/lib/Makefile.am
|
||||||
|
index cc69a8f..e7568f3 100644
|
||||||
|
--- a/lib/Makefile.am
|
||||||
|
+++ b/lib/Makefile.am
|
||||||
|
@@ -41,7 +41,7 @@ libipmitool_la_SOURCES = helper.c ipmi_sdr.c ipmi_sel.c ipmi_sol.c ipmi_pef.c \
|
||||||
|
ipmi_main.c ipmi_tsol.c ipmi_firewall.c ipmi_kontronoem.c \
|
||||||
|
ipmi_hpmfwupg.c ipmi_sdradd.c ipmi_ekanalyzer.c ipmi_gendev.c \
|
||||||
|
ipmi_ime.c ipmi_delloem.c ipmi_dcmi.c hpm2.c ipmi_vita.c \
|
||||||
|
- ipmi_lanp6.c ipmi_cfgp.c \
|
||||||
|
+ ipmi_lanp6.c ipmi_cfgp.c ipmi_quantaoem.c \
|
||||||
|
../src/plugins/lan/md5.c ../src/plugins/lan/md5.h
|
||||||
|
|
||||||
|
libipmitool_la_LDFLAGS = -export-dynamic
|
||||||
|
diff --git a/lib/ipmi_main.c b/lib/ipmi_main.c
|
||||||
|
index 6aee102..9d4a148 100644
|
||||||
|
--- a/lib/ipmi_main.c
|
||||||
|
+++ b/lib/ipmi_main.c
|
||||||
|
@@ -75,6 +75,7 @@
|
||||||
|
#include <ipmitool/ipmi_picmg.h>
|
||||||
|
#include <ipmitool/ipmi_kontronoem.h>
|
||||||
|
#include <ipmitool/ipmi_vita.h>
|
||||||
|
+#include <ipmitool/ipmi_quantaoem.h>
|
||||||
|
|
||||||
|
#ifdef HAVE_CONFIG_H
|
||||||
|
# include <config.h>
|
||||||
|
diff --git a/lib/ipmi_oem.c b/lib/ipmi_oem.c
|
||||||
|
index 96db2ea..86fd803 100644
|
||||||
|
--- a/lib/ipmi_oem.c
|
||||||
|
+++ b/lib/ipmi_oem.c
|
||||||
|
@@ -39,6 +39,7 @@
|
||||||
|
|
||||||
|
static int ipmi_oem_supermicro(struct ipmi_intf * intf);
|
||||||
|
static int ipmi_oem_ibm(struct ipmi_intf * intf);
|
||||||
|
+static int ipmi_oem_quanta(struct ipmi_intf * intf);
|
||||||
|
|
||||||
|
static struct ipmi_oem_handle ipmi_oem_list[] = {
|
||||||
|
{
|
||||||
|
@@ -71,6 +72,11 @@ static struct ipmi_oem_handle ipmi_oem_list[] = {
|
||||||
|
.name = "kontron",
|
||||||
|
.desc = "Kontron OEM big buffer support"
|
||||||
|
},
|
||||||
|
+ {
|
||||||
|
+ .name = "quanta",
|
||||||
|
+ .desc = "Quanta IPMIv1.5 BMC with OEM LAN authentication support",
|
||||||
|
+ .setup = ipmi_oem_quanta,
|
||||||
|
+ },
|
||||||
|
{ 0 }
|
||||||
|
};
|
||||||
|
|
||||||
|
@@ -93,6 +99,14 @@ ipmi_oem_ibm(struct ipmi_intf * intf)
|
||||||
|
return ipmi_sel_oem_init((const char *)filename);
|
||||||
|
}
|
||||||
|
|
||||||
|
+/* Quanta IPMIv2 BMCs use OEM authtype */
|
||||||
|
+static int
|
||||||
|
+ipmi_oem_quanta(struct ipmi_intf * intf)
|
||||||
|
+{
|
||||||
|
+ ipmi_intf_session_set_authtype(intf, IPMI_SESSION_AUTHTYPE_OEM);
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/* ipmi_oem_print - print list of OEM handles
|
||||||
|
*/
|
||||||
|
void
|
||||||
|
diff --git a/lib/ipmi_quantaoem.c b/lib/ipmi_quantaoem.c
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..7b4c5c6
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/lib/ipmi_quantaoem.c
|
||||||
|
@@ -0,0 +1,184 @@
|
||||||
|
+/*
|
||||||
|
+ * Copyright (c) 2018 Quanta Computer Inc. All rights reserved.
|
||||||
|
+ *
|
||||||
|
+ * Redistribution and use in source and binary forms, with or without
|
||||||
|
+ * modification, are permitted provided that the following conditions
|
||||||
|
+ * are met:
|
||||||
|
+ *
|
||||||
|
+ * Redistribution of source code must retain the above copyright
|
||||||
|
+ * notice, this list of conditions and the following disclaimer.
|
||||||
|
+ *
|
||||||
|
+ * Redistribution in binary form must reproduce the above copyright
|
||||||
|
+ * notice, this list of conditions and the following disclaimer in the
|
||||||
|
+ * documentation and/or other materials provided with the distribution.
|
||||||
|
+ *
|
||||||
|
+ * Neither the name of Quanta Computer Inc. or the names of
|
||||||
|
+ * contributors may be used to endorse or promote products derived
|
||||||
|
+ * from this software without specific prior written permission.
|
||||||
|
+ *
|
||||||
|
+ * This software is provided "AS IS," without a warranty of any kind.
|
||||||
|
+ * ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES,
|
||||||
|
+ * INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A
|
||||||
|
+ * PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED.
|
||||||
|
+ * Quanta Computer Inc. AND ITS LICENSORS SHALL NOT BE LIABLE
|
||||||
|
+ * FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING
|
||||||
|
+ * OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL
|
||||||
|
+ * Quanta Computer Inc. OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA,
|
||||||
|
+ * OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR
|
||||||
|
+ * PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF
|
||||||
|
+ * LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
|
||||||
|
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
|
||||||
|
+ */
|
||||||
|
+#define _XOPEN_SOURCE
|
||||||
|
+
|
||||||
|
+#include <stdlib.h>
|
||||||
|
+#include <stdio.h>
|
||||||
|
+#include <string.h>
|
||||||
|
+#include <strings.h>
|
||||||
|
+#include <sys/socket.h>
|
||||||
|
+#include <netinet/in.h>
|
||||||
|
+#include <arpa/inet.h>
|
||||||
|
+#include <errno.h>
|
||||||
|
+#include <time.h>
|
||||||
|
+#include <unistd.h>
|
||||||
|
+#include <signal.h>
|
||||||
|
+#include <ctype.h>
|
||||||
|
+#include <sys/time.h>
|
||||||
|
+#include <limits.h>
|
||||||
|
+#include <fcntl.h>
|
||||||
|
+#include <sys/select.h>
|
||||||
|
+#include <termios.h>
|
||||||
|
+#include <ipmitool/ipmi.h>
|
||||||
|
+#include <ipmitool/ipmi_mc.h>
|
||||||
|
+#include <ipmitool/ipmi_intf.h>
|
||||||
|
+#include <ipmitool/helper.h>
|
||||||
|
+#include <ipmitool/log.h>
|
||||||
|
+#include <ipmitool/ipmi_sel.h>
|
||||||
|
+#include <ipmitool/ipmi_sdr.h>
|
||||||
|
+#include <ipmitool/ipmi_strings.h>
|
||||||
|
+#include <ipmitool/ipmi_channel.h>
|
||||||
|
+#include <ipmitool/ipmi_quantaoem.h>
|
||||||
|
+#include <ipmitool/ipmi_raw.h>
|
||||||
|
+
|
||||||
|
+/* Max Size of the description String to be displyed for the Each sel entry */
|
||||||
|
+#define SIZE_OF_DESC 128
|
||||||
|
+
|
||||||
|
+#define CPU_SHIFT 6
|
||||||
|
+#define CPU_MASK 0X03
|
||||||
|
+#define CPU_NUM(x) (((x) >> CPU_SHIFT) & CPU_MASK)
|
||||||
|
+
|
||||||
|
+#define CHANNEL_BASE 0x41
|
||||||
|
+#define CHANNEL_SHIFT 3
|
||||||
|
+#define CHANNEL_MASK 0x07
|
||||||
|
+#define CHANNEL_OFFSET(x) (((x) >> CHANNEL_SHIFT) & CHANNEL_MASK)
|
||||||
|
+#define CHANNEL_NUM(x) (CHANNEL_BASE + CHANNEL_OFFSET(x))
|
||||||
|
+
|
||||||
|
+#define DIMM_MASK 0x07
|
||||||
|
+#define DIMM_NUM(x) ((x) & DIMM_MASK)
|
||||||
|
+
|
||||||
|
+#define GET_PLATFORM_ID_DATA_SIZE 4
|
||||||
|
+
|
||||||
|
+// Magic code to check if it's valid command
|
||||||
|
+#define QCT_MAGIC_1 0x4C
|
||||||
|
+#define QCT_MAGIC_2 0x1C
|
||||||
|
+#define QCT_MAGIC_3 0x00
|
||||||
|
+#define QCT_MAGIC_4 0x02
|
||||||
|
+
|
||||||
|
+qct_platform_t
|
||||||
|
+oem_qct_get_platform_id(struct ipmi_intf *intf)
|
||||||
|
+{
|
||||||
|
+ /* Execute a Get platform ID command to determine the board */
|
||||||
|
+ struct ipmi_rs *rsp;
|
||||||
|
+ struct ipmi_rq req;
|
||||||
|
+ qct_platform_t platform_id;
|
||||||
|
+ uint8_t msg_data[GET_PLATFORM_ID_DATA_SIZE];
|
||||||
|
+
|
||||||
|
+ /* Ask for IPMI v2 data as well */
|
||||||
|
+ msg_data[0] = QCT_MAGIC_1;
|
||||||
|
+ msg_data[1] = QCT_MAGIC_2;
|
||||||
|
+ msg_data[2] = QCT_MAGIC_3;
|
||||||
|
+ msg_data[3] = QCT_MAGIC_4;
|
||||||
|
+
|
||||||
|
+ memset(&req, 0, sizeof(req));
|
||||||
|
+ req.msg.netfn = OEM_QCT_NETFN;
|
||||||
|
+ req.msg.cmd = OEM_QCT_GET_INFO;
|
||||||
|
+ req.msg.data = msg_data;
|
||||||
|
+ req.msg.data_len = sizeof(msg_data);
|
||||||
|
+
|
||||||
|
+ rsp = intf->sendrecv(intf, &req);
|
||||||
|
+ if (rsp == NULL) {
|
||||||
|
+ lprintf(LOG_ERR, "Get Platform ID command failed");
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+ if (rsp->ccode) {
|
||||||
|
+ lprintf(LOG_ERR, "Get Platform ID command failed: %#x %s",
|
||||||
|
+ rsp->ccode, val2str(rsp->ccode, completion_code_vals));
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+ platform_id = rsp->data[0];
|
||||||
|
+ lprintf(LOG_DEBUG,"Platform ID: %hhx", rsp->data[0]);
|
||||||
|
+ return platform_id;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+char *
|
||||||
|
+oem_qct_get_evt_desc(struct ipmi_intf *intf, struct sel_event_record *rec)
|
||||||
|
+{
|
||||||
|
+ struct ipmi_rs *rsp;
|
||||||
|
+ struct ipmi_rq req;
|
||||||
|
+ char *desc = NULL;
|
||||||
|
+ int data;
|
||||||
|
+ int sensor_type;
|
||||||
|
+ qct_platform_t platform_id;
|
||||||
|
+
|
||||||
|
+ /* Get the OEM event Bytes of the SEL Records byte 15 to data */
|
||||||
|
+ data = rec->sel_type.standard_type.event_data[2];
|
||||||
|
+ /* Check for the Standard Event type == 0x6F */
|
||||||
|
+ if (rec->sel_type.standard_type.event_type != 0x6F) {
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+ /* Allocate mem for te Description string */
|
||||||
|
+ desc = malloc(SIZE_OF_DESC);
|
||||||
|
+ if (desc == NULL) {
|
||||||
|
+ lprintf(LOG_ERR, "ipmitool: malloc failure");
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+ memset(desc, 0, SIZE_OF_DESC);
|
||||||
|
+ sensor_type = rec->sel_type.standard_type.sensor_type;
|
||||||
|
+ switch (sensor_type) {
|
||||||
|
+ case SENSOR_TYPE_MEMORY:
|
||||||
|
+ memset(&req, 0, sizeof (req));
|
||||||
|
+ req.msg.netfn = IPMI_NETFN_APP;
|
||||||
|
+ req.msg.lun = 0;
|
||||||
|
+ req.msg.cmd = BMC_GET_DEVICE_ID;
|
||||||
|
+ req.msg.data = NULL;
|
||||||
|
+ req.msg.data_len = 0;
|
||||||
|
+
|
||||||
|
+ rsp = intf->sendrecv(intf, &req);
|
||||||
|
+ if (rsp == NULL) {
|
||||||
|
+ lprintf(LOG_ERR, " Error getting system info");
|
||||||
|
+ goto out;
|
||||||
|
+ } else if (rsp->ccode) {
|
||||||
|
+ lprintf(LOG_ERR, " Error getting system info: %s",
|
||||||
|
+ val2str(rsp->ccode, completion_code_vals));
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+ /* check the platform type */
|
||||||
|
+ platform_id = oem_qct_get_platform_id(intf);
|
||||||
|
+ if (OEM_QCT_PLATFORM_PURLEY == platform_id) {
|
||||||
|
+ snprintf(desc, SIZE_OF_DESC, "CPU%d_%c%d",
|
||||||
|
+ CPU_NUM(data),
|
||||||
|
+ CHANNEL_NUM(data),
|
||||||
|
+ DIMM_NUM(data));
|
||||||
|
+ }
|
||||||
|
+ break;
|
||||||
|
+ default:
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+ return desc;
|
||||||
|
+out:
|
||||||
|
+ if (desc) {
|
||||||
|
+ free(desc);
|
||||||
|
+ desc = NULL;
|
||||||
|
+ }
|
||||||
|
+ return desc;
|
||||||
|
+}
|
||||||
|
diff --git a/lib/ipmi_sel.c b/lib/ipmi_sel.c
|
||||||
|
index 8b0395e..a54fefd 100644
|
||||||
|
--- a/lib/ipmi_sel.c
|
||||||
|
+++ b/lib/ipmi_sel.c
|
||||||
|
@@ -50,6 +50,7 @@
|
||||||
|
#include <ipmitool/ipmi_fru.h>
|
||||||
|
#include <ipmitool/ipmi_sensor.h>
|
||||||
|
#include <ipmitool/ipmi_strings.h>
|
||||||
|
+#include <ipmitool/ipmi_quantaoem.h>
|
||||||
|
|
||||||
|
extern int verbose;
|
||||||
|
static int sel_extended = 0;
|
||||||
|
@@ -1244,6 +1245,9 @@ ipmi_get_oem_desc(struct ipmi_intf * intf, struct sel_event_record * rec)
|
||||||
|
case IPMI_OEM_SUPERMICRO_47488:
|
||||||
|
desc = get_supermicro_evt_desc(intf, rec);
|
||||||
|
break;
|
||||||
|
+ case IPMI_OEM_QUANTA:
|
||||||
|
+ desc = oem_qct_get_evt_desc(intf, rec);
|
||||||
|
+ break;
|
||||||
|
case IPMI_OEM_UNKNOWN:
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
@@ -1349,6 +1353,9 @@ ipmi_get_event_desc(struct ipmi_intf * intf, struct sel_event_record * rec, char
|
||||||
|
sfx = ipmi_get_oem_desc(intf, rec);
|
||||||
|
break;
|
||||||
|
/* add your oem sensor assignation here */
|
||||||
|
+ case IPMI_OEM_QUANTA:
|
||||||
|
+ sfx = ipmi_get_oem_desc(intf, rec);
|
||||||
|
+ break;
|
||||||
|
default:
|
||||||
|
lprintf(LOG_DEBUG, "oem sensor type %x using standard type supplied description",
|
||||||
|
rec->sel_type.standard_type.sensor_type );
|
||||||
|
@@ -1359,9 +1366,12 @@ ipmi_get_event_desc(struct ipmi_intf * intf, struct sel_event_record * rec, char
|
||||||
|
case IPMI_OEM_SUPERMICRO:
|
||||||
|
case IPMI_OEM_SUPERMICRO_47488:
|
||||||
|
sfx = ipmi_get_oem_desc(intf, rec);
|
||||||
|
- break;
|
||||||
|
+ break;
|
||||||
|
+ case IPMI_OEM_QUANTA:
|
||||||
|
+ sfx = ipmi_get_oem_desc(intf, rec);
|
||||||
|
+ break;
|
||||||
|
default:
|
||||||
|
- break;
|
||||||
|
+ break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
/*
|
||||||
|
@@ -1986,9 +1996,12 @@ ipmi_sel_print_std_entry(struct ipmi_intf * intf, struct sel_event_record * evt)
|
||||||
|
case IPMI_OEM_SUPERMICRO:
|
||||||
|
case IPMI_OEM_SUPERMICRO_47488:
|
||||||
|
print_sensor = 0;
|
||||||
|
- break;
|
||||||
|
+ break;
|
||||||
|
+ case IPMI_OEM_QUANTA:
|
||||||
|
+ print_sensor = 0;
|
||||||
|
+ break;
|
||||||
|
default:
|
||||||
|
- break;
|
||||||
|
+ break;
|
||||||
|
}
|
||||||
|
/*
|
||||||
|
* Sensor-Specific Discrete
|
||||||
|
diff --git a/src/ipmitool.c b/src/ipmitool.c
|
||||||
|
index 5e19c6e..ec0b741 100644
|
||||||
|
--- a/src/ipmitool.c
|
||||||
|
+++ b/src/ipmitool.c
|
||||||
|
@@ -66,6 +66,7 @@
|
||||||
|
#include <ipmitool/ipmi_ime.h>
|
||||||
|
#include <ipmitool/ipmi_dcmi.h>
|
||||||
|
#include <ipmitool/ipmi_vita.h>
|
||||||
|
+#include <ipmitool/ipmi_quantaoem.h>
|
||||||
|
|
||||||
|
#ifdef HAVE_CONFIG_H
|
||||||
|
# include <config.h>
|
||||||
|
--
|
||||||
|
2.20.1
|
||||||
|
|
33
0011-pef-missing-newline.patch
Normal file
33
0011-pef-missing-newline.patch
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
From a365e624fff752bfe79438f6c177399492ccfdde Mon Sep 17 00:00:00 2001
|
||||||
|
From: Vaclav Dolezal <vdolezal@redhat.com>
|
||||||
|
Date: Fri, 1 Mar 2019 14:46:12 +0100
|
||||||
|
Subject: [PATCH] Fix "ipmitool pef {status,info}" not printing final newline
|
||||||
|
|
||||||
|
Signed-off-by: Vaclav Dolezal <vdolezal@redhat.com>
|
||||||
|
---
|
||||||
|
lib/ipmi_pef.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/ipmi_pef.c b/lib/ipmi_pef.c
|
||||||
|
index bbf25f2..4be749e 100644
|
||||||
|
--- a/lib/ipmi_pef.c
|
||||||
|
+++ b/lib/ipmi_pef.c
|
||||||
|
@@ -1183,6 +1183,7 @@ ipmi_pef2_get_info(struct ipmi_intf *intf)
|
||||||
|
ipmi_pef_print_guid(guid_ptr);
|
||||||
|
}
|
||||||
|
ipmi_pef_print_flags(&pef_b2s_actions, P_SUPP, pcap.actions);
|
||||||
|
+ putchar('\n');
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -1242,6 +1243,7 @@ ipmi_pef2_get_status(struct ipmi_intf *intf)
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
|
ipmi_pef_print_flags(&pef_b2s_actions, P_ACTV, rsp->data[1]);
|
||||||
|
+ putchar('\n');
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.25.4
|
||||||
|
|
38
0012-lanplus-cipher-retry.patch
Normal file
38
0012-lanplus-cipher-retry.patch
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
From 9d72def87ecc384d0a46525c766e755068fefe54 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?V=C3=A1clav=20Dole=C5=BEal?= <vdolezal@redhat.com>
|
||||||
|
Date: Thu, 28 May 2020 13:32:31 +0200
|
||||||
|
Subject: [PATCH] lanplus: don't retry pre-session Get cipher suites
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Some BMCs are ignoring it, causing needless delay.
|
||||||
|
|
||||||
|
Signed-off-by: Václav Doležal <vdolezal@redhat.com>
|
||||||
|
---
|
||||||
|
src/plugins/lanplus/lanplus.c | 8 ++++++--
|
||||||
|
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/plugins/lanplus/lanplus.c b/src/plugins/lanplus/lanplus.c
|
||||||
|
index 3087348..c442c0e 100644
|
||||||
|
--- a/src/plugins/lanplus/lanplus.c
|
||||||
|
+++ b/src/plugins/lanplus/lanplus.c
|
||||||
|
@@ -3459,9 +3459,13 @@ ipmi_find_best_cipher_suite(struct ipmi_intf *intf)
|
||||||
|
};
|
||||||
|
const size_t nr_preferred = ARRAY_SIZE(cipher_order_preferred);
|
||||||
|
size_t ipref, i;
|
||||||
|
+ int rc;
|
||||||
|
+ int retry_old = intf->ssn_params.retry;
|
||||||
|
|
||||||
|
- if (ipmi_get_channel_cipher_suites(intf, "ipmi", IPMI_LAN_CHANNEL_E,
|
||||||
|
- suites, &nr_suites) < 0)
|
||||||
|
+ ipmi_intf_session_set_retry(intf, 1);
|
||||||
|
+ rc = ipmi_get_channel_cipher_suites(intf, "ipmi", IPMI_LAN_CHANNEL_E, suites, &nr_suites);
|
||||||
|
+ ipmi_intf_session_set_retry(intf, retry_old);
|
||||||
|
+ if (rc < 0)
|
||||||
|
{
|
||||||
|
/* default legacy behavior - cipher suite 3 if none is requested */
|
||||||
|
return IPMI_LANPLUS_CIPHER_SUITE_3;
|
||||||
|
--
|
||||||
|
2.25.4
|
||||||
|
|
65
0013-lanplus-Cleanup.-Refix-6dec83ff-fix-be2c0c4b.patch
Normal file
65
0013-lanplus-Cleanup.-Refix-6dec83ff-fix-be2c0c4b.patch
Normal file
@ -0,0 +1,65 @@
|
|||||||
|
From 646160e2175f9e0ba33e4f2bda12d84555e9c30e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alexander Amelkin <alexander@amelkin.msk.ru>
|
||||||
|
Date: Thu, 29 Nov 2018 13:10:53 +0300
|
||||||
|
Subject: [PATCH] lanplus: Cleanup. Refix 6dec83ff, fix be2c0c4b
|
||||||
|
|
||||||
|
This is a cleanup commit.
|
||||||
|
|
||||||
|
Commit 6dec83ff removed assignment of `rsp` pointer
|
||||||
|
in SOL-processing block of ipmi_lan_poll_single(),
|
||||||
|
but left the check for the pointer validity in place.
|
||||||
|
Although that has effectively fixed the bug of potentially
|
||||||
|
accessing the null `rsp` pointer in the `else` block introduced
|
||||||
|
with be2c0c4b, the resulting if/else looked suspicious and left
|
||||||
|
and impression that a NULL pointer could still be accessed.
|
||||||
|
|
||||||
|
This commit removes the check for `rsp` from the `if`
|
||||||
|
as it is checked at the start of the function where `rsp`
|
||||||
|
is initialized (and that is the only place where it is ever changed).
|
||||||
|
|
||||||
|
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
||||||
|
(cherry picked from commit 64727f59c4a1412fdb73e092fb838ae66e2aad1a)
|
||||||
|
|
||||||
|
lanplus: Fix segfault for truncated dcmi response
|
||||||
|
|
||||||
|
On occasion a dcmi power reading will return error C6, and a
|
||||||
|
truncated response payload. As the decrypted payload is shorter
|
||||||
|
than the expected length, lanplus_decrypt_aes_cbc_128() adjusts
|
||||||
|
the payload_size downward by one byte. In ipmi_lan_poll_single()
|
||||||
|
the calculation to determine if the payload size has increased
|
||||||
|
erroniously sets extra_data_length to -1, with a subsequent
|
||||||
|
segv when calling a memmove to shift response data.
|
||||||
|
The fix is to check for a positive value in the extra_data_length.
|
||||||
|
|
||||||
|
Resolves ipmitool/ipmitool#72
|
||||||
|
|
||||||
|
(cherry picked from commit 9ec2232321a7bca7e1fb8f939d071f12c8dfa7fd)
|
||||||
|
---
|
||||||
|
src/plugins/lanplus/lanplus.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/plugins/lanplus/lanplus.c b/src/plugins/lanplus/lanplus.c
|
||||||
|
index c442c0e..ef132f6 100644
|
||||||
|
--- a/src/plugins/lanplus/lanplus.c
|
||||||
|
+++ b/src/plugins/lanplus/lanplus.c
|
||||||
|
@@ -814,7 +814,7 @@ ipmi_lan_poll_single(struct ipmi_intf * intf)
|
||||||
|
* rsp->data_len becomes the length of that data
|
||||||
|
*/
|
||||||
|
extra_data_length = payload_size - (offset - payload_start) - 1;
|
||||||
|
- if (extra_data_length) {
|
||||||
|
+ if (extra_data_length > 0) {
|
||||||
|
rsp->data_len = extra_data_length;
|
||||||
|
memmove(rsp->data, rsp->data + offset, extra_data_length);
|
||||||
|
} else {
|
||||||
|
@@ -868,7 +868,7 @@ ipmi_lan_poll_single(struct ipmi_intf * intf)
|
||||||
|
}
|
||||||
|
read_sol_packet(rsp, &offset);
|
||||||
|
extra_data_length = payload_size - (offset - payload_start);
|
||||||
|
- if (rsp && extra_data_length) {
|
||||||
|
+ if (extra_data_length > 0) {
|
||||||
|
rsp->data_len = extra_data_length;
|
||||||
|
memmove(rsp->data, rsp->data + offset, extra_data_length);
|
||||||
|
} else {
|
||||||
|
--
|
||||||
|
2.26.3
|
||||||
|
|
326
exchange-bmc-os-info
Normal file
326
exchange-bmc-os-info
Normal file
@ -0,0 +1,326 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
#############################################################################
|
||||||
|
#
|
||||||
|
# exchange-bmc-os-info: Set OS and BMC (Baseboard Management Controller)
|
||||||
|
# parameters during system startup.
|
||||||
|
#
|
||||||
|
# version: 0.72
|
||||||
|
#
|
||||||
|
# Authors: Charles Rose <charles_rose@dell.com>
|
||||||
|
# Jordan Hargrave <jordan_hargrave@dell.com>
|
||||||
|
#
|
||||||
|
# Description: Script to set OS information in the BMC; fetch BMC IP/URL
|
||||||
|
# and set in the OS for use by other scripts/user.
|
||||||
|
#
|
||||||
|
# BMC IP and URL are made available in /var/run/bmc-info
|
||||||
|
#
|
||||||
|
# Example to launch BMC web-interface:
|
||||||
|
# # . /var/run/bmc-info
|
||||||
|
# # xdg-open $BMC_URL
|
||||||
|
#
|
||||||
|
# See here for details:
|
||||||
|
# https://fedoraproject.org/wiki/Features/AgentFreeManagement
|
||||||
|
#
|
||||||
|
# OEM Specific: OEM specific ipmi commands go in:
|
||||||
|
# 'oem_set_os_version' and 'oem_get_bmc_url'
|
||||||
|
#############################################################################
|
||||||
|
#
|
||||||
|
# chkconfig: 345 99 00
|
||||||
|
# description: Set OS name, hostname in BMC; make BMC IP/URL available in OS
|
||||||
|
# processname: exchange-bmc-os-info
|
||||||
|
# config: /etc/sysconfig/exchange-bmc-os-info
|
||||||
|
#
|
||||||
|
### BEGIN INIT INFO
|
||||||
|
# Provides: exchange-bmc-os-info
|
||||||
|
# Required-Start: ipmi
|
||||||
|
# Default-Start: 3 4 5
|
||||||
|
# Default-Stop: 0 1 2 6
|
||||||
|
|
||||||
|
|
||||||
|
#############################################################################
|
||||||
|
# GLOBALS
|
||||||
|
#############################################################################
|
||||||
|
CONFIGFILE=/etc/sysconfig/exchange-bmc-os-info
|
||||||
|
IPMI_TOOL=/usr/bin/ipmitool
|
||||||
|
BMC_INFO=/var/run/bmc-info
|
||||||
|
|
||||||
|
# BMC Manufacturer ID used in 'oem_set_os_version' and 'oem_get_bmc_url'
|
||||||
|
DELL="674"
|
||||||
|
#OTHER_OEM="123"
|
||||||
|
|
||||||
|
# Defaults for ${CONFIGFILE}
|
||||||
|
SET_OS_INFO="yes"
|
||||||
|
RESET_OS_INFO="no"
|
||||||
|
SET_BMC_INFO="yes"
|
||||||
|
|
||||||
|
# getsysinfo and setsysinfo commands
|
||||||
|
IPMI_SET_SYSINFO="${IPMI_TOOL} mc setsysinfo"
|
||||||
|
IPMI_GET_SYSINFO="${IPMI_TOOL} mc getsysinfo"
|
||||||
|
#############################################################################
|
||||||
|
SCRIPT_NAME=$(basename $0)
|
||||||
|
|
||||||
|
# source config
|
||||||
|
[ -r ${CONFIGFILE} ] && . ${CONFIGFILE}
|
||||||
|
|
||||||
|
RETVAL=0
|
||||||
|
|
||||||
|
if [ -f /bin/gettext.sh ]; then
|
||||||
|
GETTEXT=1
|
||||||
|
. /bin/gettext.sh
|
||||||
|
OUTPUT="eval_gettext"
|
||||||
|
else
|
||||||
|
GETTEXT=0
|
||||||
|
OUTPUT="echo"
|
||||||
|
fi
|
||||||
|
|
||||||
|
#############################################################################
|
||||||
|
# Get Vendor ID of BMC for use in 'oem_set_os_version' and 'oem_get_bmc_url'
|
||||||
|
#
|
||||||
|
get_bmc_vendor_id()
|
||||||
|
{
|
||||||
|
BMC_VENDOR=$(${IPMI_TOOL} mc info 2>/dev/null | \
|
||||||
|
sed -n "s#^Manufacturer ID.*: ##p")
|
||||||
|
[ -z "${BMC_VENDOR}" ] && RETVAL=4
|
||||||
|
}
|
||||||
|
|
||||||
|
# set/getsysinfo support was added to ipmitool post v1.8.12 via this patch
|
||||||
|
# http://sourceforge.net/mailarchive/message.php?msg_id=29647222
|
||||||
|
check_ipmitool()
|
||||||
|
{
|
||||||
|
if [ -x ${IPMI_TOOL} ]; then
|
||||||
|
[ ! ${IPMI_GET_SYSINFO} >/dev/null 2>&1 ] && \
|
||||||
|
RETVAL=3
|
||||||
|
else
|
||||||
|
RETVAL=2
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
bmc_exists()
|
||||||
|
{
|
||||||
|
check_ipmitool
|
||||||
|
[ $RETVAL -eq 0 ] && get_bmc_vendor_id
|
||||||
|
return $RETVAL
|
||||||
|
}
|
||||||
|
#############################################################################
|
||||||
|
|
||||||
|
get_os_info()
|
||||||
|
{
|
||||||
|
OS_HOSTNAME=$(hostname)
|
||||||
|
KERNEL_VERSION=$(uname -r -m)
|
||||||
|
|
||||||
|
if [ -e /etc/lsb-release ] ; then
|
||||||
|
. /etc/lsb-release
|
||||||
|
NAME=${DISTRIB_ID}
|
||||||
|
VERSION="${DISTRIB_RELEASE} ${DISTRIB_CODENAME}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# we prefer systemd's /etc/os-release over other sources
|
||||||
|
[ -e /etc/os-release ] && . /etc/os-release
|
||||||
|
|
||||||
|
OS_NAME=${NAME}
|
||||||
|
OS_VERSION="${VERSION} kernel ${KERNEL_VERSION}"
|
||||||
|
}
|
||||||
|
|
||||||
|
oem_set_os_version()
|
||||||
|
{
|
||||||
|
# OS Version setting is not standard yet
|
||||||
|
# we need per vendor oem commands
|
||||||
|
case "${BMC_VENDOR}" in
|
||||||
|
$DELL) ${IPMI_SET_SYSINFO} delloem_os_version \
|
||||||
|
"${OS_VERSION}" > /dev/null 2>&1
|
||||||
|
return $?
|
||||||
|
;;
|
||||||
|
# Add OEM specific commands.
|
||||||
|
# Example:
|
||||||
|
# $OTHER_OEM) ${IPMI_SET_SYSINFO} otheroem_os_version \
|
||||||
|
# "${OS_VERSION}" > /dev/null 2>&1
|
||||||
|
# return $?
|
||||||
|
# ;;
|
||||||
|
*) return 0
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
|
set_os_info()
|
||||||
|
{
|
||||||
|
# Set and reset OS info in the BMC
|
||||||
|
if [ "$1" = "reset" ]; then
|
||||||
|
OS_NAME=""
|
||||||
|
OS_HOSTNAME=""
|
||||||
|
OS_VERSION=""
|
||||||
|
fi
|
||||||
|
|
||||||
|
${IPMI_SET_SYSINFO} os_name "${OS_NAME}" >/dev/null 2>&1 \
|
||||||
|
|| RETVAL=6
|
||||||
|
${IPMI_SET_SYSINFO} primary_os_name "${OS_NAME}" >/dev/null 2>&1 \
|
||||||
|
|| RETVAL=6
|
||||||
|
${IPMI_SET_SYSINFO} system_name "${OS_HOSTNAME}" >/dev/null 2>&1 \
|
||||||
|
|| RETVAL=6
|
||||||
|
oem_set_os_version || RETVAL=6
|
||||||
|
}
|
||||||
|
|
||||||
|
#############################################################################
|
||||||
|
valid_url()
|
||||||
|
{
|
||||||
|
url="(https?|http)://[a-z0-9-]+(\.[a-z0-9-]+)+([/?].*)?"
|
||||||
|
printf -- "%s" "${TMP_URL}"| grep -Eq "^${url}"
|
||||||
|
return $?
|
||||||
|
}
|
||||||
|
|
||||||
|
oem_get_bmc_url()
|
||||||
|
{
|
||||||
|
# BMC URL is not standard yet
|
||||||
|
# we need per vendor oem commands
|
||||||
|
case "$BMC_VENDOR" in
|
||||||
|
$DELL) TMP_URL=$(${IPMI_GET_SYSINFO} delloem_url 2> /dev/null)
|
||||||
|
;;
|
||||||
|
# Add OEM specific commands
|
||||||
|
# Example:
|
||||||
|
# $OTHER_OEM)
|
||||||
|
# TMP_URL=$(${IPMI_GET_SYSINFO} otheroem_url 2> /dev/null)
|
||||||
|
# ;;
|
||||||
|
*) TMP_URL="" ;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
valid_url && BMC_URL=${TMP_URL} || BMC_URL=""
|
||||||
|
}
|
||||||
|
|
||||||
|
valid_ip()
|
||||||
|
{
|
||||||
|
#Thanks to mkyong.com
|
||||||
|
octet="([01]?[[:digit:]][[:digit:]]?|2[0-4][[:digit:]]|25[0-5])"
|
||||||
|
|
||||||
|
printf -- "%s" "${TMP_IPv4}"| grep -Eq "^${octet}\\.${octet}\\.${octet}\\.${octet}$"
|
||||||
|
return $?
|
||||||
|
}
|
||||||
|
|
||||||
|
get_bmc_ip()
|
||||||
|
{
|
||||||
|
#Thanks to http://ingvar.blog.redpill-linpro.com
|
||||||
|
for CHANNEL in `seq 1 14`
|
||||||
|
do
|
||||||
|
[ $(${IPMI_TOOL} lan print ${CHANNEL} 2>/dev/null \
|
||||||
|
| grep -q "^Set") ] || break
|
||||||
|
done
|
||||||
|
|
||||||
|
# Get BMC_IPv4 and BMC_URL from BMC
|
||||||
|
TMP_IPv4=$(${IPMI_TOOL} lan print ${CHANNEL} 2>/dev/null \
|
||||||
|
| sed -n "s#^IP Address .*: ##p")
|
||||||
|
|
||||||
|
valid_ip && BMC_IPv4=${TMP_IPv4} || BMC_IPv4=""
|
||||||
|
}
|
||||||
|
|
||||||
|
get_bmc_info()
|
||||||
|
{
|
||||||
|
get_bmc_ip
|
||||||
|
if [ -z "${BMC_IPv4}" ] || [ "${BMC_IPv4}" = "0.0.0.0" ]; then
|
||||||
|
BMC_IPv4=""
|
||||||
|
RETVAL=5
|
||||||
|
else
|
||||||
|
# URL makes sense only if there is an IP
|
||||||
|
oem_get_bmc_url
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
set_bmc_info()
|
||||||
|
{
|
||||||
|
if [ ! $(touch "${BMC_INFO}" && chmod 600 "${BMC_INFO}") ]; then
|
||||||
|
printf "BMC_IPv4=%s\n" "${BMC_IPv4}" > "${BMC_INFO}"
|
||||||
|
[ -n "${BMC_URL}" ] && \
|
||||||
|
printf "BMC_URL=%s\n" "${BMC_URL}" >> "${BMC_INFO}"
|
||||||
|
else
|
||||||
|
RETVAL=5
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
unset_bmc_info()
|
||||||
|
{
|
||||||
|
[ -f ${BMC_INFO} ] && rm -f ${BMC_INFO} > /dev/null 2>&1
|
||||||
|
}
|
||||||
|
|
||||||
|
#############################################################################
|
||||||
|
start()
|
||||||
|
{
|
||||||
|
if bmc_exists; then
|
||||||
|
[ "${SET_OS_INFO}" = "yes" ] && \
|
||||||
|
get_os_info && set_os_info
|
||||||
|
|
||||||
|
if [ "${SET_BMC_INFO}" = "yes" ]; then
|
||||||
|
get_bmc_info
|
||||||
|
if [ ${RETVAL} -eq 0 ]; then
|
||||||
|
set_bmc_info
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
#############################################################################
|
||||||
|
stop()
|
||||||
|
{
|
||||||
|
if bmc_exists; then
|
||||||
|
# reset OS info while system reboots
|
||||||
|
# aids with debugging OS boot-up issues
|
||||||
|
if [ "${RESET_OS_INFO}" = "yes" ]; then
|
||||||
|
set_os_info reset
|
||||||
|
fi
|
||||||
|
unset_bmc_info
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
#############################################################################
|
||||||
|
restart()
|
||||||
|
{
|
||||||
|
stop
|
||||||
|
[ $RETVAL -eq 0 ] && start
|
||||||
|
}
|
||||||
|
|
||||||
|
#############################################################################
|
||||||
|
status()
|
||||||
|
{
|
||||||
|
[ -r ${BMC_INFO} ] && \
|
||||||
|
grep -q "BMC_IPv4" "${BMC_INFO}" >/dev/null 1>&2 && \
|
||||||
|
BMC_STATUS="ok" || BMC_STATUS="inactive"
|
||||||
|
${OUTPUT} "${SCRIPT_NAME}: ${BMC_STATUS}" 1>&2
|
||||||
|
[ ${GETTEXT} -eq 1 ] && echo
|
||||||
|
}
|
||||||
|
|
||||||
|
#############################################################################
|
||||||
|
usage()
|
||||||
|
{
|
||||||
|
${OUTPUT} "Usage: ${SCRIPT_NAME} {start|stop|restart|status}" 1>&2
|
||||||
|
[ ${GETTEXT} -eq 1 ] && echo
|
||||||
|
RETVAL=1
|
||||||
|
}
|
||||||
|
|
||||||
|
#############################################################################
|
||||||
|
# MAIN
|
||||||
|
#############################################################################
|
||||||
|
case "$1" in
|
||||||
|
start) start ;;
|
||||||
|
stop) stop ;;
|
||||||
|
restart) restart ;;
|
||||||
|
status) status ;;
|
||||||
|
*) usage ;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
case "$RETVAL" in
|
||||||
|
0|1) ;;
|
||||||
|
2) ${OUTPUT} "${SCRIPT_NAME}: ipmitool(1) not found." 1>&2 ;;
|
||||||
|
3) ${OUTPUT} "${SCRIPT_NAME}: this version of ipmitool does not support getsysinfo." 1>&2 ;;
|
||||||
|
4) ${OUTPUT} "${SCRIPT_NAME}: failed to communicate with BMC." 1>&2 ;;
|
||||||
|
5) ${OUTPUT} "${SCRIPT_NAME}: failed to set OS information in BMC." 1>&2 ;;
|
||||||
|
6) ${OUTPUT} "${SCRIPT_NAME}: failed to get BMC information." 1>&2 ;;
|
||||||
|
*) ${OUTPUT} "${SCRIPT_NAME}: unexpected error." 1>&2 ;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
if [ ${RETVAL} -gt 1 ]; then
|
||||||
|
${OUTPUT} " Return code: ${RETVAL}" 1>&2
|
||||||
|
[ ${GETTEXT} -eq 1 ] && echo
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
exit ${RETVAL}
|
||||||
|
|
||||||
|
#############################################################################
|
||||||
|
# end of file
|
||||||
|
#############################################################################
|
13
exchange-bmc-os-info.service
Normal file
13
exchange-bmc-os-info.service
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Exchange Information between BMC and OS
|
||||||
|
After=ipmi.service network.target
|
||||||
|
Requires=ipmi.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
RemainAfterExit=yes
|
||||||
|
ExecStart=/usr/libexec/exchange-bmc-os-info start
|
||||||
|
ExecStop=/usr/libexec/exchange-bmc-os-info stop
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
26
exchange-bmc-os-info.sysconf
Normal file
26
exchange-bmc-os-info.sysconf
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
# exchange-bmc-os-info
|
||||||
|
#
|
||||||
|
# Config file to control Exchange of information between
|
||||||
|
# the OS and Service Processor/Baseboard Management Controller (BMC)
|
||||||
|
#
|
||||||
|
# See here for details
|
||||||
|
# https://fedoraproject.org/wiki/Features/AgentFreeManagement
|
||||||
|
|
||||||
|
### Set OS Info in BMC/Service Processor ###
|
||||||
|
# Name: SET_OS_INFO
|
||||||
|
# Description: Set OS Name, Version and Hostname in the Service Processor (BMC)
|
||||||
|
# Default: yes
|
||||||
|
SET_OS_INFO="yes"
|
||||||
|
|
||||||
|
### Reset OS Info in BMC/Service Processor ###
|
||||||
|
# Name: RESET_OS_INFO
|
||||||
|
# Description: Reset OS Name, Version and Hostname in the Service Processor (BMC).
|
||||||
|
# Useful when the OS Name/Hostname should be empty on reboot
|
||||||
|
# Default: no
|
||||||
|
RESET_OS_INFO="no"
|
||||||
|
|
||||||
|
### Set BMC/Service Processor Info in OS ###
|
||||||
|
# Name; SET_BMC_INFO
|
||||||
|
# Description: Set IP Address and URL of Service Processor/BMC in /run/bmc-info
|
||||||
|
# Default: yes
|
||||||
|
SET_BMC_INFO="yes"
|
13
ipmievd.service
Normal file
13
ipmievd.service
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Ipmievd Daemon
|
||||||
|
After=syslog.target
|
||||||
|
After=ipmi.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
EnvironmentFile=-/etc/sysconfig/ipmievd
|
||||||
|
ExecStart=/usr/sbin/ipmievd $IPMIEVD_OPTIONS
|
||||||
|
Type=forking
|
||||||
|
PIDFile=/var/run/ipmievd.pid
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
405
ipmitool.spec
Normal file
405
ipmitool.spec
Normal file
@ -0,0 +1,405 @@
|
|||||||
|
Name: ipmitool
|
||||||
|
Summary: Utility for IPMI control
|
||||||
|
Version: 1.8.18
|
||||||
|
Release: 18%{?dist}
|
||||||
|
License: BSD
|
||||||
|
URL: http://ipmitool.sourceforge.net/
|
||||||
|
Source0: http://downloads.sourceforge.net/project/%{name}/%{name}/%{version}/%{name}-%{version}.tar.bz2
|
||||||
|
Source1: openipmi-ipmievd.sysconf
|
||||||
|
Source2: ipmievd.service
|
||||||
|
Source3: exchange-bmc-os-info.service
|
||||||
|
Source4: exchange-bmc-os-info.sysconf
|
||||||
|
Source5: set-bmc-url.sh
|
||||||
|
Source6: exchange-bmc-os-info
|
||||||
|
|
||||||
|
Patch1: 0001-CVE-2011-4339-OpenIPMI.patch
|
||||||
|
# WARNING: THIS PATCH MUST BE USED FOR RAWHIDE (f26+) BRANCH
|
||||||
|
Patch2: 0002-openssl.patch
|
||||||
|
Patch3: 0003-ipmitool-1.8.11-set-kg-key.patch
|
||||||
|
Patch4: 0004-slowswid.patch
|
||||||
|
Patch5: 0005-sensor-id-length.patch
|
||||||
|
Patch6: 0006-enable-usb.patch
|
||||||
|
Patch7: 0007-check-input.patch
|
||||||
|
Patch8: 0008-use-best-cipher.patch
|
||||||
|
Patch9: 0009-CVE-2020-5208.patch
|
||||||
|
Patch10: 0010-quanta-oem-support.patch
|
||||||
|
Patch11: 0011-pef-missing-newline.patch
|
||||||
|
Patch12: 0012-lanplus-cipher-retry.patch
|
||||||
|
Patch13: 0013-lanplus-Cleanup.-Refix-6dec83ff-fix-be2c0c4b.patch
|
||||||
|
|
||||||
|
BuildRequires: openssl-devel readline-devel ncurses-devel
|
||||||
|
%{?systemd_requires}
|
||||||
|
BuildRequires: systemd
|
||||||
|
# bootstrap
|
||||||
|
BuildRequires: automake autoconf libtool
|
||||||
|
Obsoletes: OpenIPMI-tools < 2.0.14-3
|
||||||
|
Provides: OpenIPMI-tools = 2.0.14-3
|
||||||
|
|
||||||
|
|
||||||
|
%description
|
||||||
|
This package contains a utility for interfacing with devices that support
|
||||||
|
the Intelligent Platform Management Interface specification. IPMI is
|
||||||
|
an open standard for machine health, inventory, and remote power control.
|
||||||
|
|
||||||
|
This utility can communicate with IPMI-enabled devices through either a
|
||||||
|
kernel driver such as OpenIPMI or over the RMCP LAN protocol defined in
|
||||||
|
the IPMI specification. IPMIv2 adds support for encrypted LAN
|
||||||
|
communications and remote Serial-over-LAN functionality.
|
||||||
|
|
||||||
|
It provides commands for reading the Sensor Data Repository (SDR) and
|
||||||
|
displaying sensor values, displaying the contents of the System Event
|
||||||
|
Log (SEL), printing Field Replaceable Unit (FRU) information, reading and
|
||||||
|
setting LAN configuration, and chassis power control.
|
||||||
|
|
||||||
|
|
||||||
|
%package -n ipmievd
|
||||||
|
Requires: ipmitool
|
||||||
|
%{?systemd_requires}
|
||||||
|
BuildRequires: systemd
|
||||||
|
Summary: IPMI event daemon for sending events to syslog
|
||||||
|
%description -n ipmievd
|
||||||
|
ipmievd is a daemon which will listen for events from the BMC that are
|
||||||
|
being sent to the SEL and also log those messages to syslog.
|
||||||
|
|
||||||
|
|
||||||
|
%package -n bmc-snmp-proxy
|
||||||
|
Requires: net-snmp
|
||||||
|
Requires: exchange-bmc-os-info
|
||||||
|
BuildArch: noarch
|
||||||
|
Summary: Reconfigure SNMP to include host SNMP agent within BMC
|
||||||
|
%description -n bmc-snmp-proxy
|
||||||
|
Given a host with BMC, this package would extend system configuration
|
||||||
|
of net-snmp to include redirections to BMC based SNMP.
|
||||||
|
|
||||||
|
|
||||||
|
%package -n exchange-bmc-os-info
|
||||||
|
Requires: hostname
|
||||||
|
Requires: ipmitool
|
||||||
|
BuildArch: noarch
|
||||||
|
%{?systemd_requires}
|
||||||
|
BuildRequires: systemd
|
||||||
|
|
||||||
|
Summary: Let OS and BMC exchange info
|
||||||
|
|
||||||
|
%description -n exchange-bmc-os-info
|
||||||
|
Given a host with BMC, this package would pass the hostname &
|
||||||
|
OS information to the BMC and also capture the BMC ip info
|
||||||
|
for the host OS to use.
|
||||||
|
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%autosetup -p1
|
||||||
|
|
||||||
|
for f in AUTHORS ChangeLog; do
|
||||||
|
iconv -f iso-8859-1 -t utf8 < ${f} > ${f}.utf8
|
||||||
|
mv ${f}.utf8 ${f}
|
||||||
|
done
|
||||||
|
|
||||||
|
%build
|
||||||
|
# --disable-dependency-tracking speeds up the build
|
||||||
|
# --enable-file-security adds some security checks
|
||||||
|
# --disable-intf-free disables FreeIPMI support - we don't want to depend on
|
||||||
|
# FreeIPMI libraries, FreeIPMI has its own ipmitoool-like utility.
|
||||||
|
|
||||||
|
# begin: release auto-tools
|
||||||
|
# Used to be needed by aarch64 support, now only cxoem patch makefiles are left.
|
||||||
|
aclocal
|
||||||
|
libtoolize --automake --copy
|
||||||
|
autoheader
|
||||||
|
automake --foreign --add-missing --copy
|
||||||
|
aclocal
|
||||||
|
autoconf
|
||||||
|
automake --foreign
|
||||||
|
# end: release auto-tools
|
||||||
|
|
||||||
|
%configure \
|
||||||
|
CFLAGS="%{optflags} -fno-strict-aliasing" \
|
||||||
|
--disable-dependency-tracking --enable-file-security --disable-intf-free
|
||||||
|
make %{?_smp_mflags}
|
||||||
|
|
||||||
|
%install
|
||||||
|
make DESTDIR=%{buildroot} install
|
||||||
|
|
||||||
|
install -Dpm 644 %{SOURCE2} %{buildroot}%{_unitdir}/ipmievd.service
|
||||||
|
install -Dpm 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/sysconfig/ipmievd
|
||||||
|
install -Dm 644 %{SOURCE3} %{buildroot}%{_unitdir}/exchange-bmc-os-info.service
|
||||||
|
install -Dm 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/exchange-bmc-os-info
|
||||||
|
install -Dm 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/profile.d/set-bmc-url.sh
|
||||||
|
install -Dm 755 %{SOURCE6} %{buildroot}%{_libexecdir}/exchange-bmc-os-info
|
||||||
|
|
||||||
|
|
||||||
|
install -Dm 644 contrib/bmc-snmp-proxy.sysconf %{buildroot}%{_sysconfdir}/sysconfig/bmc-snmp-proxy
|
||||||
|
install -Dm 644 contrib/bmc-snmp-proxy.service %{buildroot}%{_unitdir}/bmc-snmp-proxy.service
|
||||||
|
install -Dm 755 contrib/bmc-snmp-proxy %{buildroot}%{_libexecdir}/bmc-snmp-proxy
|
||||||
|
|
||||||
|
%post -n ipmievd
|
||||||
|
%systemd_post ipmievd.service
|
||||||
|
|
||||||
|
%preun -n ipmievd
|
||||||
|
%systemd_preun ipmievd.service
|
||||||
|
|
||||||
|
%postun -n ipmievd
|
||||||
|
%systemd_postun_with_restart ipmievd.service
|
||||||
|
|
||||||
|
%post -n exchange-bmc-os-info
|
||||||
|
%systemd_post exchange-bmc-os-info.service
|
||||||
|
|
||||||
|
%preun -n exchange-bmc-os-info
|
||||||
|
%systemd_preun exchange-bmc-os-info.service
|
||||||
|
|
||||||
|
%postun -n exchange-bmc-os-info
|
||||||
|
%systemd_postun_with_restart exchange-bmc-os-info.service
|
||||||
|
|
||||||
|
|
||||||
|
%triggerun -- ipmievd < 1.8.11-7
|
||||||
|
# Save the current service runlevel info
|
||||||
|
# User must manually run systemd-sysv-convert --apply ipmievd
|
||||||
|
# to migrate them to systemd targets
|
||||||
|
/usr/bin/systemd-sysv-convert --save ipmievd >/dev/null 2>&1 ||:
|
||||||
|
|
||||||
|
# Run these because the SysV package being removed won't do them
|
||||||
|
/sbin/chkconfig --del ipmievd >/dev/null 2>&1 || :
|
||||||
|
/bin/systemctl try-restart ipmievd.service >/dev/null 2>&1 || :
|
||||||
|
|
||||||
|
%files
|
||||||
|
%{_bindir}/ipmitool
|
||||||
|
%{_mandir}/man1/ipmitool.1*
|
||||||
|
%doc %{_datadir}/doc/ipmitool
|
||||||
|
%{_datadir}/ipmitool
|
||||||
|
|
||||||
|
%files -n ipmievd
|
||||||
|
%config(noreplace) %{_sysconfdir}/sysconfig/ipmievd
|
||||||
|
%{_unitdir}/ipmievd.service
|
||||||
|
%{_sbindir}/ipmievd
|
||||||
|
%{_mandir}/man8/ipmievd.8*
|
||||||
|
|
||||||
|
%files -n exchange-bmc-os-info
|
||||||
|
%config(noreplace) %{_sysconfdir}/sysconfig/exchange-bmc-os-info
|
||||||
|
%{_sysconfdir}/profile.d/set-bmc-url.sh
|
||||||
|
%{_unitdir}/exchange-bmc-os-info.service
|
||||||
|
%{_libexecdir}/exchange-bmc-os-info
|
||||||
|
|
||||||
|
%files -n bmc-snmp-proxy
|
||||||
|
%config(noreplace) %{_sysconfdir}/sysconfig/bmc-snmp-proxy
|
||||||
|
%{_unitdir}/bmc-snmp-proxy.service
|
||||||
|
%{_libexecdir}/bmc-snmp-proxy
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Mon Jul 19 2021 Pavel Cahyna <pcahyna@redhat.com> - 1.8.18-18
|
||||||
|
- Protect against negative values to memmove that caused
|
||||||
|
"ipmitool sol activate" to crash against an IBM DataPower appliance
|
||||||
|
(#1951480)
|
||||||
|
Cherry-picked from upstream PR#78.
|
||||||
|
|
||||||
|
* Wed Jun 03 2020 Václav Doležal <vdolezal@redhat.com> - 1.8.18-17
|
||||||
|
- Disable retry of pre-session "Get cipher suites" command as some
|
||||||
|
BMCs are ignoring it (#1831158)
|
||||||
|
|
||||||
|
* Thu Apr 30 2020 Václav Doležal <vdolezal@redhat.com> - 1.8.18-16
|
||||||
|
- Fix "ipmitool pef {status,info}" not printing final newline (#1840546)
|
||||||
|
|
||||||
|
* Thu Apr 30 2020 Václav Doležal <vdolezal@redhat.com> - 1.8.18-15
|
||||||
|
- Backport OEM support for Quanta (#1811941)
|
||||||
|
|
||||||
|
* Fri Feb 07 2020 Václav Doležal <vdolezal@redhat.com> - 1.8.18-14
|
||||||
|
- Fix memory leak (found by covscan)
|
||||||
|
|
||||||
|
* Fri Feb 07 2020 Václav Doležal <vdolezal@redhat.com> - 1.8.18-13
|
||||||
|
- Backport fix for CVE-2020-5208 (#1799039)
|
||||||
|
|
||||||
|
* Fri Nov 15 2019 Václav Doležal <vdolezal@redhat.com> - 1.8.18-12
|
||||||
|
- Disable -fstrict-aliasing (RPMDiff issue)
|
||||||
|
|
||||||
|
* Tue Oct 15 2019 Václav Doležal <vdolezal@redhat.com> - 1.8.18-11
|
||||||
|
- Choose the best cipher suite available when connecting over LAN (#1749360)
|
||||||
|
|
||||||
|
* Thu Feb 22 2018 Josef Ridky <jridky@redhat.com> - 1.8.18-10
|
||||||
|
- Spec clean up
|
||||||
|
- Add support to set kg key
|
||||||
|
- Fix DDR4 memory issues
|
||||||
|
- Increase length of sensor id
|
||||||
|
- Enable usb interface by default
|
||||||
|
- Fix input options
|
||||||
|
|
||||||
|
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.18-9
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jan 30 2018 Josef Ridky <jridky@redhat.com> - 1.8.18-8
|
||||||
|
- remove old systemd dependencies
|
||||||
|
|
||||||
|
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.18-7
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.18-6
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Feb 21 2017 Josef Ridky <jridky@redhat.com> - 1.8.18-5
|
||||||
|
- Fix allocation issue
|
||||||
|
|
||||||
|
* Tue Feb 21 2017 Josef Ridky <jridky@redhat.com> - 1.8.18-4
|
||||||
|
- Add support for OpenSSL-1.1.0 library (#1423743)
|
||||||
|
|
||||||
|
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.18-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jan 12 2017 Igor Gnatenko <ignatenko@redhat.com> - 1.8.18-2
|
||||||
|
- Rebuild for readline 7.x
|
||||||
|
|
||||||
|
* Mon Oct 10 2016 Boris Ranto <branto@redhat.com> - 0:1.8.18-1
|
||||||
|
- New version (0:1.8.18-1)
|
||||||
|
- CVE-2011-4339 OpenIPMI
|
||||||
|
|
||||||
|
* Tue May 10 2016 Boris Ranto <branto@redhat.com> - 0:1.8.17-1
|
||||||
|
- New version (0:1.8.17-1)
|
||||||
|
- CVE-2011-4339 OpenIPMI
|
||||||
|
|
||||||
|
* Tue Feb 23 2016 Boris Ranto <branto@redhat.com> - 1.8.16-1
|
||||||
|
- Rebase to version 1.8.16
|
||||||
|
|
||||||
|
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.15-6
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Nov 24 2015 Boris Ranto <branto@redhat.com> - 1.8.15-5
|
||||||
|
- Split ipmievd bits into a separate package
|
||||||
|
|
||||||
|
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.15-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Apr 22 2015 Ales Ledvinka <aledvink@redhat.com> 1.8.15-3
|
||||||
|
- Remove modalias dependency.
|
||||||
|
|
||||||
|
* Thu Mar 19 2015 Ales Ledvinka <aledvink@redhat.com> 1.8.15-1
|
||||||
|
- Upstream release 1.8.15
|
||||||
|
|
||||||
|
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.13-6
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.13-5
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Apr 8 2014 Ales Ledvinka <aledvink@redhat.com> 1.8.13-4
|
||||||
|
- Support for environment variable short options.
|
||||||
|
|
||||||
|
* Tue Nov 5 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.13-3
|
||||||
|
- Cleanup of dual bridge option.
|
||||||
|
|
||||||
|
* Tue Oct 15 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.13-2
|
||||||
|
- BMC SNMP agent redirection
|
||||||
|
|
||||||
|
* Mon Oct 14 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.13-1
|
||||||
|
- Upstream release 1.8.13
|
||||||
|
|
||||||
|
* Fri Aug 09 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.12-13073103
|
||||||
|
- Avoid FIPS mode crashes if possible.
|
||||||
|
- Document FIPS limitations.
|
||||||
|
|
||||||
|
* Wed Jul 31 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.12-13073101
|
||||||
|
- Include current upstream bugfixes.
|
||||||
|
|
||||||
|
* Thu Jul 25 2013 Ales Ledvinka <aledvink@redhat.com> 1.8.12-16
|
||||||
|
- Calxeda OEM extensions.
|
||||||
|
|
||||||
|
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.12-15
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Dec 17 2012 Praveen K Paladugu <praveen_paladugu@dell.com> - 1.8.12-14
|
||||||
|
- Updated the exchange-bmc-os-info's service file with Requires stmt
|
||||||
|
|
||||||
|
* Fri Dec 14 2012 Ales Ledvinka <aledvink@redhat.com> 1.8.12-13
|
||||||
|
- fixed argument parsing leaks
|
||||||
|
- ask user for password only once and do so only when interactive password
|
||||||
|
is the chosen password method.
|
||||||
|
|
||||||
|
* Thu Dec 13 2012 Praveen K Paladugu <praveen_paladugu@dell.com> - 1.8.12-12
|
||||||
|
- Removed the extra symbols in the patch, as the build is failing.
|
||||||
|
|
||||||
|
* Thu Dec 13 2012 Praveen K Paladugu <praveen_paladugu@dell.com> - 1.8.12-11
|
||||||
|
- Subpackage for exchange-bmc-os-info as it requires OPenIPMI
|
||||||
|
|
||||||
|
* Wed Dec 12 2012 Ales Ledvinka <aledvink@redhat.com> 1.8.12-10
|
||||||
|
- documented fixed and conditional defaults. adjusted synopsis
|
||||||
|
|
||||||
|
* Tue Dec 4 2012 Ales Ledvinka <aledvink@redhat.com> 1.8.12-9
|
||||||
|
- fixed ipmitool documentation
|
||||||
|
|
||||||
|
* Fri Nov 30 2012 Praveen K Paladugu <praveen_paladugu@dell.com> 1.8.12-8
|
||||||
|
- service & scripts to allow OS to capture BMC's IP & URL info
|
||||||
|
- Also pass the OS information to BMC
|
||||||
|
- patches submitted by Charles Rose (charles_rose[at]dell.com)
|
||||||
|
|
||||||
|
* Fri Nov 16 2012 Ales Ledvinka <aledvink@redhat.com> 1.8.12-7
|
||||||
|
- failed sol session activation crashes while logging exit
|
||||||
|
|
||||||
|
* Fri Nov 16 2012 Ales Ledvinka <aledvink@redhat.com> 1.8.12-6
|
||||||
|
- revert default cipersuite back to 3 which includes integrity and confidentiality
|
||||||
|
|
||||||
|
* Thu Oct 18 2012 Dan Horák <dan[at]danny.cz> - 1.8.12-5
|
||||||
|
- fix build on big endian arches
|
||||||
|
|
||||||
|
* Wed Oct 17 2012 Ales Ledvinka <aledvink@redhat.cz> 1.8.12-4
|
||||||
|
- support setting OS name and Hostname on BMC
|
||||||
|
|
||||||
|
* Tue Sep 04 2012 Dan Horák <dan[at]danny.cz> - 1.8.12-3
|
||||||
|
- fix build on big endian arches
|
||||||
|
|
||||||
|
* Mon Aug 27 2012 Jan Safranek <jsafrane@redhat.com> - 1.8.12-2
|
||||||
|
- Fixed starting ipmievd under systemd (#819234).
|
||||||
|
- Updated RPM scriplets with latest systemd-rpm macros (#850161)
|
||||||
|
|
||||||
|
* Fri Aug 10 2012 Jan Safranek <jsafrane@redhat.com> - 1.8.12-1
|
||||||
|
- update to ipmitool-1.8.12
|
||||||
|
|
||||||
|
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.11-12
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue May 22 2012 Jan Safranek <jsafrane@redhat.com> - 1.8.11-11
|
||||||
|
- start ipmievd.service after ipmi (#819234)
|
||||||
|
|
||||||
|
* Thu Apr 26 2012 Jan Safranek <jsafrane@redhat.com> - 1.8.11-10
|
||||||
|
- fixed ipmievd.service systemd unit (#807757)
|
||||||
|
|
||||||
|
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.11-9
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Dec 13 2011 Jan Safranek <jsafrane@redhat.com> - 1.8.11-8
|
||||||
|
- fixed CVE-2011-4339
|
||||||
|
|
||||||
|
* Mon Sep 12 2011 Tom Callaway <spot@fedoraproject.org> - 1.8.11-7
|
||||||
|
- convert to systemd
|
||||||
|
|
||||||
|
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.11-6
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Mar 3 2010 Jan Safranek <jsafrane@redhat.com> - 1.8.11-5
|
||||||
|
- Fixed exit code of ipmievd initscript with wrong arguments
|
||||||
|
|
||||||
|
* Mon Nov 2 2009 Jan Safranek <jsafrane@redhat.com> 1.8.11-4
|
||||||
|
- fix ipmievd initscript 'condrestart' action (#532188)
|
||||||
|
|
||||||
|
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.8.11-3
|
||||||
|
- rebuilt with new openssl
|
||||||
|
|
||||||
|
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.11-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Feb 26 2009 Jan Safranek <jsafrane@redhat.com> 1.8.11-1
|
||||||
|
- updated to new version
|
||||||
|
|
||||||
|
* Tue Feb 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.8.10-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Jan 17 2009 Tomas Mraz <tmraz@redhat.com> 1.8.10-3
|
||||||
|
- rebuild with new openssl
|
||||||
|
|
||||||
|
* Tue Oct 14 2008 Jan Safranek <jsafrane@redhat.com> 1.8.10-2
|
||||||
|
- fix issues found during package review:
|
||||||
|
- clear Default-Start: line in the init script, the service should be
|
||||||
|
disabled by default
|
||||||
|
- added Obsoletes: OpenIPMI-tools
|
||||||
|
- compile with --disable-dependency-tracking to speed things up
|
||||||
|
- compile with --enable-file-security
|
||||||
|
- compile with --disable-intf-free, don't depend on FreeIPMI libraries
|
||||||
|
(FreeIPMI has its own ipmitool-like utility)
|
||||||
|
|
||||||
|
* Mon Oct 13 2008 Jan Safranek <jsafrane@redhat.com> 1.8.10-1
|
||||||
|
- package created, based on upstream .spec file
|
1
openipmi-ipmievd.sysconf
Normal file
1
openipmi-ipmievd.sysconf
Normal file
@ -0,0 +1 @@
|
|||||||
|
IPMIEVD_OPTIONS="sel daemon pidfile=/var/run/ipmievd.pid"
|
11
set-bmc-url.sh
Normal file
11
set-bmc-url.sh
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
# Export BMC URL
|
||||||
|
#
|
||||||
|
|
||||||
|
BMC_INFO="/var/run/bmc-info"
|
||||||
|
|
||||||
|
if [ "$(id -u)" = "0" ]; then
|
||||||
|
[ -f ${BMC_INFO} ] && . ${BMC_INFO} && \
|
||||||
|
export "${BMC_URL}" "${BMC_IPv4}" >/dev/null 2>&1
|
||||||
|
fi
|
||||||
|
|
||||||
|
unset BMC_INFO
|
Loading…
Reference in New Issue
Block a user