submit

app/bmc/Api.c

@@ -296,10 +296,10 @@ int Init_UserInfoTbl(void)
 	if(1)	//first power on
 	{
 		memset(g_BMCInfo.UserInfoTbl, 0x0, sizeof(UserInfo_T)*MAX_USER_NUM);
-		g_BMCInfo.UserInfoTbl[0].UserId = 1;
-		strcpy(g_BMCInfo.UserInfoTbl[0].UserName, "admin");
-		strcpy(g_BMCInfo.UserInfoTbl[0].UserPassword, "admin");
-		g_BMCInfo.UserInfoTbl[0].UserStatus = TRUE;
+		g_BMCInfo.UserInfoTbl[2].UserId = 3;
+		strcpy(g_BMCInfo.UserInfoTbl[2].UserName, "admin");
+		strcpy(g_BMCInfo.UserInfoTbl[2].UserPassword, "admin");
+		g_BMCInfo.UserInfoTbl[2].UserStatus = TRUE;
 
 		g_BMCInfo.CurrentNoUser = 1;
 		g_BMCInfo.pUserInfo = NULL;
@@ -526,13 +526,13 @@ char* getmac(char *mac_buf)
 
 int FlushUserInfoTbl(void)
 {
-	sf_sector_erase(5, USERTBL_FLASH_ADDR);
-	sf_write(5, USERTBL_FLASH_ADDR, (uint8_t*)g_BMCInfo.UserInfoTbl, sizeof(UserInfo_T)*MAX_USER_NUM);
+//	sf_sector_erase(5, USERTBL_FLASH_ADDR);
+//	sf_write(5, USERTBL_FLASH_ADDR, (uint8_t*)g_BMCInfo.UserInfoTbl, sizeof(UserInfo_T)*MAX_USER_NUM);
 	return 0;
 }
 
 int UpdateUserInfoTble(void)
 {
-	sf_read(5, USERTBL_FLASH_ADDR, (uint8_t*)g_BMCInfo.UserInfoTbl, sizeof(UserInfo_T)*MAX_USER_NUM);
+//	sf_read(5, USERTBL_FLASH_ADDR, (uint8_t*)g_BMCInfo.UserInfoTbl, sizeof(UserInfo_T)*MAX_USER_NUM);
 	return 0;
 }

app/bmc/Session.c

@@ -317,7 +317,8 @@ uint8_t CheckForDuplicateUsers ( uint8_t* UserName)
     {
         if(g_BMCInfo.UserInfoTbl[i].UserId != 0)
         {
-            if (0 == strcmp(g_BMCInfo.UserInfoTbl[i].UserName, UserName))
+            if ((0 == strcmp(g_BMCInfo.UserInfoTbl[i].UserName, UserName)) \
+              && (TRUE == g_BMCInfo.UserInfoTbl[i].UserStatus))
                 return FALSE;
         }
     }	

app/bmc/lan/RMCP.c

@@ -643,13 +643,12 @@ static uint8_t
 ValidateAuthCode (  uint8_t* pAuthCode,   uint8_t* pPassword,
 				    SessionHdr_T* pSessionHdr,   IPMIMsgHdr_T* pIPMIMsg)
 {
-	// uint8_t   ComputedAuthCode [AUTH_CODE_LEN];
+	uint8_t   ComputedAuthCode [AUTH_CODE_LEN];
 
-	// memset(ComputedAuthCode, 0, sizeof (ComputedAuthCode));
+	memset(ComputedAuthCode, 0, sizeof (ComputedAuthCode));
 
-	// uint8_t passwd[20] = "hello";
-	// ComputeAuthCode (passwd, pSessionHdr, pIPMIMsg,
-	// 				 ComputedAuthCode, MULTI_SESSION_CHANNEL);
+	ComputeAuthCode (pPassword, pSessionHdr, pIPMIMsg,
+					 ComputedAuthCode, MULTI_SESSION_CHANNEL);
 
 	// int i;
 	// printf("pAuthCode: ");
@@ -663,8 +662,7 @@ ValidateAuthCode (  uint8_t* pAuthCode,   uint8_t* pPassword,
 	// printf("\n");
 	
 
-	// return (0 == memcmp (pAuthCode, ComputedAuthCode, AUTH_CODE_LEN));
-	return TRUE;
+	return (0 == memcmp (pAuthCode, ComputedAuthCode, AUTH_CODE_LEN));
 }
 
  #if IPMI20_SUPPORT

app/bmc/msghndlr/App/App.c

@@ -84,7 +84,7 @@ const CmdHndlrMap_T g_App_CmdHndlr [] =	//notice!
 //    { CMD_GET_CH_INFO,              PRIV_USER,      GET_CH_INFO,            sizeof (uint8_t),                 0xAAAA ,0xFFFF},
     { CMD_SET_USER_ACCESS,          PRIV_ADMIN,     SET_USER_ACCESS,        0xFF,    0xAAAA ,0xFFFF},
     { CMD_GET_USER_ACCESS,          PRIV_OPERATOR,  GET_USER_ACCESS,        sizeof (GetUserAccessReq_T),    0xAAAA ,0xFFFF},
-    { CMD_SET_USER_NAME,            PRIV_ADMIN,     SET_USER_NAME,          sizeof (SetUserNameReq_T),      0xAAAA ,0xFFFF},
+    { CMD_SET_USER_NAME,            PRIV_ADMIN,     SET_USER_NAME,          0xff,      0xAAAA ,0xFFFF},
     { CMD_GET_USER_NAME,            PRIV_OPERATOR,  GET_USER_NAME,          sizeof (uint8_t),                 0xAAAA ,0xFFFF},
     { CMD_SET_USER_PASSWORD,        PRIV_ADMIN,     SET_USER_PASSWORD,      0xFF,      0xAAAA ,0xFFFF},
 //    { CMD_MASTER_WRITE_READ,        PRIV_OPERATOR,  MASTER_WRITE_READ,      0xFF,                           0xAAAA ,0xFFFF},

app/bmc/msghndlr/App/AppDevice/AppDevice.c

@@ -1168,7 +1168,7 @@ GetSessionChallenge ( uint8_t* pReq, uint8_t ReqLen,  uint8_t* pRes)
 	
 	g_BMCInfo.pUserInfo = NULL;
 	pUserInfo = getUserNameInfo(pGetSesChalReq->UserName);
-	if(pUserInfo == NULL)
+	if((pUserInfo == NULL) || (TRUE != pUserInfo->UserStatus))
 	{
 		pGetSesChalRes->CompletionCode = 0x81;
         return sizeof (*pRes);
@@ -2345,19 +2345,24 @@ GetUserAccess ( uint8_t* pReq, uint8_t ReqLen,  uint8_t* pRes)
 	GetUserAccessRes_T*     pGetUserAccessRes = ( GetUserAccessRes_T*)pRes;
 	UserInfo_T*             pUserInfo;
 
-    pUserInfo = getUserIdInfo (pGetUserAccessReq->UserID);
+  pUserInfo = getUserIdInfo (pGetUserAccessReq->UserID);
 
-    if (NULL == pUserInfo)
+  if (NULL == pUserInfo)
 	{
 	   pGetUserAccessRes->CompletionCode = CC_INV_DATA_FIELD;
 	   return  sizeof (*pRes);
 	}
 
-    pGetUserAccessRes->CompletionCode = CC_NORMAL;
-    pGetUserAccessRes->MaxNoUserID    = MAX_USER_NUM;
-    pGetUserAccessRes->CurrentUserID  = g_BMCInfo.pUserInfo->UserId;
-    pGetUserAccessRes->FixedUserID    = 0;
-	//pGetUserAccessRes->ChannelAccess  = pUserInfo->ChannelAccess;
+  if(FALSE == pUserInfo->UserStatus)
+    pGetUserAccessRes->ChannelAccess  = 0x0F;  
+  else
+    pGetUserAccessRes->ChannelAccess  = 0x34;  
+
+  pGetUserAccessRes->CompletionCode = CC_NORMAL;
+  pGetUserAccessRes->MaxNoUserID    = MAX_USER_NUM;
+  pGetUserAccessRes->CurrentUserID  = g_BMCInfo.CurrentNoUser;
+  pGetUserAccessRes->FixedUserID    = 0;
+	  
 
     return sizeof (GetUserAccessRes_T);
 }
@@ -2367,118 +2372,119 @@ GetUserAccess ( uint8_t* pReq, uint8_t ReqLen,  uint8_t* pRes)
 * SetUserName
 *---------------------------------------*/
 int
-SetUserName ( uint8_t* pReq, uint8_t ReqLen,  uint8_t* pRes)
+SetUserName ( uint8_t* pReq, uint8_t ReqLen,  uint8_t* pRes)  //default password 123456
 {
-	// SetUserNameReq_T*       pSetUserNameReq = ( SetUserNameReq_T*)pReq;
-	// UserInfo_T*             pUserInfo;
-	// uint8_t                 i;
-	// uint8_t   	UserName[MAX_USERNAME_LEN + 1];   //plus 1 for null terminator
-	// uint8_t 	InvalidChar[]={  ' ' , ',' , '.' , '/' , ':' , ';' , '\\' , '(', ')' , 0x01 ,
-	// 				   0x02 , 0x03 , 0x04 , 0x05 , 0x06 , 0x07 , 0x08 , 0x09, 0x0A ,
-	// 				   0x0B , 0x0C , 0x0D , 0x0E , 0x0F , 0x10 , 0x11 , 0x12, 0x13 ,
-	// 				   0x14 , 0x15 , 0x16 , 0x17 , 0x18 , 0x19 , 0x1A , 0x1B, 0x1C ,
-	// 				   0x1D , 0x1E , 0x1F , 0x7F} ;
-
-
- //    // Check for Reserved bits
- //    if(pSetUserNameReq->UserID & (BIT7 | BIT6) || (pSetUserNameReq->UserID == 0x00))
- //    {
- //        *pRes = CC_INV_DATA_FIELD;
- //        return sizeof(*pRes);
- //    }
-
- //    /*User Id exceeded the limit or  Cant set NULL User */
- //    if (pSetUserNameReq->UserID > MAX_USER_NUM )
- //    {
- //        *pRes = CC_INV_DATA_FIELD ;
- //        return  sizeof (*pRes);
- //    }
-
- //    pUserInfo = getUserIdInfo(pSetUserNameReq->UserID);
+  	SetUserNameReq_T*       pSetUserNameReq = ( SetUserNameReq_T*)pReq;
+  	UserInfo_T*             pUserInfo;
+  	uint8_t                 i;
+  	uint8_t   	UserName[MAX_USERNAME_LEN + 1];   //plus 1 for null terminator
+  	uint8_t 	InvalidChar[]={  ' ' , ',' , '.' , '/' , ':' , ';' , '\\' , '(', ')' , 0x01 ,
+					   0x02 , 0x03 , 0x04 , 0x05 , 0x06 , 0x07 , 0x08 , 0x09, 0x0A ,
+					   0x0B , 0x0C , 0x0D , 0x0E , 0x0F , 0x10 , 0x11 , 0x12, 0x13 ,
+					   0x14 , 0x15 , 0x16 , 0x17 , 0x18 , 0x19 , 0x1A , 0x1B, 0x1C ,
+					   0x1D , 0x1E , 0x1F , 0x7F} ;
+
+
+    // Check for Reserved bits
+    if(pSetUserNameReq->UserID & (BIT7 | BIT6) || (pSetUserNameReq->UserID == 0x00))
+    {
+        *pRes = CC_INV_DATA_FIELD;
+        return sizeof(*pRes);
+    }
+
+    /*User Id exceeded the limit or  Cant set NULL User */
+    if (pSetUserNameReq->UserID > MAX_USER_NUM )
+    {
+        *pRes = CC_INV_DATA_FIELD ;
+        return  sizeof (*pRes);
+    }
+
     
- //    /* We should not set the NULL user */
- //    if(0== pSetUserNameReq->UserName [0] )
- //    {
- //        printf("\n Setting the NULL user :%x",pSetUserNameReq->UserID);
- //        *pRes = CC_INV_DATA_FIELD ;
- //        return	sizeof (*pRes);
- //    }
-
- //    /* check for numeric first char and special chars */
- //    if( (pSetUserNameReq->UserName[0] >= '0') && (pSetUserNameReq->UserName[0] <= '9')  )
- //    {
- //        *pRes = CC_INV_DATA_FIELD;
- //        return sizeof(*pRes);
- //    }
- //    else
- //    {
-	// 	strncpy((char *)UserName,(const char *) pSetUserNameReq->UserName, sizeof(pSetUserNameReq->UserName));
-	// 	UserName[MAX_USERNAME_LEN] = '\0';
- //        for(i=0;i<sizeof(InvalidChar);i++)
- //        {
- //            if( NULL != strchr((const char *)UserName, InvalidChar[i] ))
- //            {
- //                *pRes = CC_INV_DATA_FIELD;
- //                return sizeof(*pRes);
- //            }
- //        }
- //    }
     
- //    //Don't check duplicated user names for 0xFF, this request is for deleting user
- //    if(0xFF != pSetUserNameReq->UserName [0])
- //    {
- //        //checking for Duplicate user names
- //        if(CheckForDuplicateUsers(pSetUserNameReq->UserName)==FALSE)
- //        {
- //            //setting user's name with same name
- //            if(!strncmp((char *)pUserInfo->UserName,(char *)pSetUserNameReq->UserName, MAX_USERNAME_LEN))
- //            {
- //                *pRes = CC_NORMAL;
- //                return sizeof (*pRes);
- //            }
- //            printf("Duplicate ipmi user!!\n");
- //            *pRes = CC_INV_DATA_FIELD;
- //            return	sizeof (*pRes);    		
- //        }
- //    }
-
- //    /* If User[0] is 0xFF means the user is requested to delete */
- //    if (0xFF == pSetUserNameReq->UserName [0])	//delete user 
- //    {
- //        if( (g_BMCInfo.IpmiConfig.CurrentNoUser > 1) && (USER_ID == pUserInfo->ID))
- //        {
-	// 		if(pUserInfo->UserStatus == TRUE)
-	// 		{
-	// 			g_BMCInfo.IpmiConfig.CurrentNoUser--;
-	// 		}
- //            /* Delete the user both in Volatile & Non Volatile memory*/
- //            memset (pUserInfo,    0, sizeof (UserInfo_T));
- //        }
- //        else
- //        {
- //            *pRes = CC_INV_DATA_FIELD ;
- //            return  sizeof (*pRes);
- //        }
- //    }
- //    else if(USER_ID != pUserInfo->ID)	//add user
- //    {
- //        /* If First time-if user ID does not exist  */
- //        /* if the user name is set for the first time */
- //        pUserInfo->ID            = USER_ID;
- //        pUserInfo->UserId        = pSetUserNameReq->UserID;
- //        pUserInfo->UserStatus    = FALSE;
-	// 	memcpy(pUserInfo->UserName, pSetUserNameReq->UserName, MAX_USERNAME_LEN);
-
- //        //g_BMCInfo.IpmiConfig.CurrentNoUser++;
- //    }
- //    else if (USER_ID == pUserInfo->ID)//modifying users
- //    {
- //        memcpy (pUserInfo->UserName, pSetUserNameReq->UserName, MAX_USERNAME_LEN);
-	// }
-
-	// UpdateFlash();
-	*pRes = CC_NORMAL;
-	return sizeof (*pRes);
+    /* We should not set the NULL user */
+    if(0== pSetUserNameReq->UserName [0] )
+    {
+        printf("\n Setting the NULL user :%x",pSetUserNameReq->UserID);
+        *pRes = CC_INV_DATA_FIELD ;
+        return	sizeof (*pRes);
+    }
+
+    if((strlen(pSetUserNameReq->UserName) > MAX_USERNAME_LEN) || (strlen(pSetUserNameReq->UserName) == 0))
+    {
+      printf("Invalid username length: %d\n", strlen(pSetUserNameReq->UserName));
+      *pRes = CC_INV_DATA_FIELD;
+      return 1;
+    }
+    pUserInfo = getUserIdInfo(pSetUserNameReq->UserID);
+
+    /* check for numeric first char and special chars */
+    if( (pSetUserNameReq->UserName[0] >= '0') && (pSetUserNameReq->UserName[0] <= '9')  )
+    {
+        *pRes = CC_INV_DATA_FIELD;
+        return sizeof(*pRes);
+    }
+    else
+    {
+    		strncpy((char *)UserName,(const char *) pSetUserNameReq->UserName, sizeof(pSetUserNameReq->UserName));
+    		UserName[MAX_USERNAME_LEN] = '\0';
+        for(i=0;i<sizeof(InvalidChar);i++)
+        {
+            if( NULL != strchr((const char *)UserName, InvalidChar[i] ))
+            {
+                *pRes = CC_INV_DATA_FIELD;
+                return sizeof(*pRes);
+            }
+        }
+    }
+    
+    //Don't check duplicated user names for 0xFF, this request is for deleting user
+    if(0xFF != pSetUserNameReq->UserName [0])
+    {
+        //checking for Duplicate user names
+        if(CheckForDuplicateUsers(pSetUserNameReq->UserName)==FALSE)
+        {
+            printf("Duplicate ipmi user!!\n");
+            *pRes = CC_INV_DATA_FIELD;
+            return	sizeof (*pRes);    		
+        }
+    }
+
+    /* If User[0] is 0xFF means the user is requested to delete */
+    if (0xFF == pSetUserNameReq->UserName [0])	//delete user 
+    {
+        if( (g_BMCInfo.CurrentNoUser > 1) && (0 != pUserInfo->UserId))
+        {
+      			if(pUserInfo->UserStatus == TRUE)
+      			{
+      				g_BMCInfo.CurrentNoUser--;
+      			}
+            /* Delete the user both in Volatile & Non Volatile memory*/
+            memset (pUserInfo,    0, sizeof (UserInfo_T));
+        }
+        else
+        {
+            *pRes = CC_INV_DATA_FIELD ;
+            return  sizeof (*pRes);
+        }
+    }
+    else if(0 == pUserInfo->UserId)	//add user
+    {
+        /* If First time-if user ID does not exist  */
+        /* if the user name is set for the first time */
+        pUserInfo->UserId        = pSetUserNameReq->UserID;
+        pUserInfo->UserStatus    = TRUE;
+		    memcpy(pUserInfo->UserName, pSetUserNameReq->UserName, MAX_USERNAME_LEN);
+        strcpy(pUserInfo->UserPassword, "123456");
+        g_BMCInfo.CurrentNoUser++;
+    }
+    else if (0 != pUserInfo->UserId)//modifying users
+    {
+        memcpy (pUserInfo->UserName, pSetUserNameReq->UserName, MAX_USERNAME_LEN);
+	  }
+
+    FlushUserInfoTbl();
+  	*pRes = CC_NORMAL;
+  	return sizeof (*pRes);
 }
 
 
@@ -2492,20 +2498,20 @@ GetUserName ( uint8_t* pReq, uint8_t ReqLen,  uint8_t* pRes)
       GetUserNameRes_T*       pGetUserNameRes = ( GetUserNameRes_T*)pRes;
        UserInfo_T*            pUserInfo;
 
-    // // Check for Reserved bits
-    // if(pGetUserNameReq->UserID & (BIT7 | BIT6) || (pGetUserNameReq->UserID == 0x00))
-    // {
-    //     pGetUserNameRes->CompletionCode = CC_INV_DATA_FIELD ;
-    //     return sizeof(*pRes);
-    // }
+    // Check for Reserved bits
+    if(pGetUserNameReq->UserID & (BIT7 | BIT6) || (pGetUserNameReq->UserID == 0x00))
+    {
+        pGetUserNameRes->CompletionCode = CC_INV_DATA_FIELD ;
+        return sizeof(*pRes);
+    }
 
-    if (pGetUserNameReq->UserID >= MAX_USER_NUM)
+    if (pGetUserNameReq->UserID > MAX_USER_NUM)
     {
         /*  if user ID exceeded the Max limit */
         pGetUserNameRes->CompletionCode = CC_INV_DATA_FIELD ;
         return  sizeof (*pRes);/* Invalied user id */
     }
-	pUserInfo = getUserIdInfo(pGetUserNameReq->UserID);
+	  pUserInfo = getUserIdInfo(pGetUserNameReq->UserID);
 
     /* if User is disabled or if User is not created */
 
@@ -2515,19 +2521,19 @@ GetUserName ( uint8_t* pReq, uint8_t ReqLen,  uint8_t* pRes)
     // pUserInfo being NULL is probably not possible
     // If the signature doesnt match then the useris not yet configured
     // so reasonable to return an error
-    // if ((NULL == pUserInfo) || (pUserInfo->ID != USER_ID))
-    // {
-    //     /* User with given ID is disabled */
-    //     *pRes = CC_INV_DATA_FIELD;
-    //     return sizeof (*pRes);
-    // }
+    if ((NULL == pUserInfo)/* || (pUserInfo->ID != USER_ID)*/)
+    {
+        /* User with given ID is disabled */
+        *pRes = CC_INV_DATA_FIELD;
+        return sizeof (*pRes);
+    }
 
-    // //if we are here then the user is just disabled
-    // if(FALSE == pUserInfo->UserStatus)
-    // {
-    //     printf("user is just dissabled\n");
-    //     //user is just disabled!!
-    // }
+    //if we are here then the user is just disabled
+    if(FALSE == pUserInfo->UserStatus)
+    {
+        *pRes = CC_INV_DATA_FIELD;
+        return sizeof (*pRes);
+    }
 
     //Err = 0;
     pGetUserNameRes->CompletionCode = CC_NORMAL;
@@ -2542,134 +2548,119 @@ GetUserName ( uint8_t* pReq, uint8_t ReqLen,  uint8_t* pRes)
 int
 SetUserPassword ( uint8_t* pReq, uint8_t ReqLen,  uint8_t* pRes)
 {
-	// SetUserPswdReq_T*       pSetUserPswdReq = ( SetUserPswdReq_T*)pReq;
-	// UserInfo_T*             pUserInfo;
-	// uint8_t                 UserId=0, Operation;
-	// uint8_t          i;
-	// uint8_t          UserPassword[ MAX_PASSWORD_LEN + 1 ];
- //    uint8_t InvalidChar[] = {  0x01 , 0x02 , 0x03 , 0x04 ,0x05 , 0x06 , 0x07 , 0x08 , 0x09 , 0x0A, 
- //                             0x0B , 0x0C , 0x0D , 0x0E , 0x0F , 0x10 , 0x11 , 0x12 , 0x13 , 0x14,
- //                             0x15 , 0x16 , 0x17 , 0x18 , 0x19 , 0x1A , 0x1B , 0x1C , 0x1D , 0x1E , 
- //                             0x1F , 0x7F };
-
-
- //    Operation = pSetUserPswdReq->Operation & 0x03;
- //    UserId    = pSetUserPswdReq->UserID & 0x3F;
-
- //    /* Reserved bits checking */
- //    if((pSetUserPswdReq->UserID & BIT6) || (UserId == 0) || (pSetUserPswdReq->Operation & (BIT7 | BIT6 | BIT5 | BIT4 | BIT3 | BIT2)))
- //    {
- //        *pRes = CC_INV_DATA_FIELD;
- //        return	sizeof (*pRes);
- //    }
-
- //    if (ReqLen == IPMI_15_PASSWORD_LEN)
- //    {
- //        memset (pSetUserPswdReq->Password + 16, 0, 4);
- //    }
- //    ReqLen -=2;
-
- //    if (UserId > MAX_USER_NUM)
- //    {
- //        *pRes = CC_INV_DATA_FIELD;
- //        return  sizeof (*pRes); /*User Id exceeded the limit*/
- //    }
-
- //    pUserInfo = getUserIdInfo (UserId);
-
- //    if ( NULL ==  pUserInfo )
- //    {
- //        printf ("Invalid User Id \n");
- //        *pRes = CC_INV_DATA_FIELD;
- //        return  sizeof (*pRes);
- //    }
-
- //    *pRes = CC_NORMAL;
-
- //    switch (Operation)
- //    {
-
- //        case DISABLE_USER:
- //            /*disable user  */
- //            if(pUserInfo == NULL)
- //            {
- //                //the user is already disabled!!
- //                //no point in disabling him again
- //            }
- //            else
- //            {
- //                //here we can disable the user
- //                if ((pUserInfo->UserStatus == TRUE) && (USER_ID == pUserInfo->ID) && (g_BMCInfo.IpmiConfig.CurrentNoUser > 1)) 	
- //                {
-	// 				pUserInfo->UserStatus    = FALSE;
-	// 				pUserInfo->ChannelAccess &= 0x0f;
- //                    g_BMCInfo.IpmiConfig.CurrentNoUser--;
- //                    UpdateFlash(); 
- //                }
- //            }
- //            break;
- //        case ENABLE_USER:
- //            /*enable user   */
- //            if (USER_ID == pUserInfo->ID)
- //            {
- //                /* if for the first time then Increment the Current user No */
- //                if ( pUserInfo->UserStatus == FALSE )
- //                {
-	// 				pUserInfo->UserStatus    = TRUE;
-	// 				pUserInfo->ChannelAccess |= 0x70;
- //                    g_BMCInfo.IpmiConfig.CurrentNoUser++;
- //                    UpdateFlash();
- //                }
- //            }
- //            else
- //            {
-	// 			*pRes = CC_UNSPECIFIED_ERR;
-	// 			return	sizeof (*pRes);
- //            }
- //            break;
-
- //        case SET_PASSWORD:
- //            /*set password  */
- //            if (USER_ID == pUserInfo->ID)
- //            {
- //            	/*check for special characters*/
-	// 			strncpy((char *)UserPassword,(const char *) pSetUserPswdReq->Password, sizeof(pSetUserPswdReq->Password));
-	// 			UserPassword[MAX_PASSWORD_LEN] = '\0';
- //                for( i = 0 ; i < sizeof(InvalidChar) ; i++ )
- //                {
- //                     if( NULL != strchr((const char *)UserPassword, InvalidChar[i] ))
- //                     {
- //                         *pRes = CC_INV_DATA_FIELD;
- //                         return sizeof(*pRes);
- //                     }
- //                }
-
- //                pUserInfo->MaxPasswordSize = ReqLen;
-	// 			memcpy (pUserInfo->UserPassword, pSetUserPswdReq->Password, MAX_PASSWORD_LEN);
-	// 			UpdateFlash();
- //            }
- //            else
- //            {
- //                *pRes = CC_INV_DATA_FIELD;
- //                return sizeof (*pRes);
- //            }
- //            break;
-
- //        case TEST_PASSWORD:
- //            memcpy (UserPassword, pUserInfo->UserPassword, MAX_PASSWORD_LEN);
+  	SetUserPswdReq_T*       pSetUserPswdReq = ( SetUserPswdReq_T*)pReq;
+  	UserInfo_T*             pUserInfo;
+  	uint8_t                 UserId=0, Operation;
+  	uint8_t          i;
+  	uint8_t          UserPassword[ MAX_PASSWORD_LEN + 1 ] = {0};
+    uint8_t InvalidChar[] = {  0x01 , 0x02 , 0x03 , 0x04 ,0x05 , 0x06 , 0x07 , 0x08 , 0x09 , 0x0A, 
+                             0x0B , 0x0C , 0x0D , 0x0E , 0x0F , 0x10 , 0x11 , 0x12 , 0x13 , 0x14,
+                             0x15 , 0x16 , 0x17 , 0x18 , 0x19 , 0x1A , 0x1B , 0x1C , 0x1D , 0x1E , 
+                             0x1F , 0x7F };
+
+
+    Operation = pSetUserPswdReq->Operation & 0x03;
+    UserId    = pSetUserPswdReq->UserID & 0x3F;
+
+    /* Reserved bits checking */
+    if((pSetUserPswdReq->UserID & BIT6) || (UserId == 0) || (pSetUserPswdReq->Operation & (BIT7 | BIT6 | BIT5 | BIT4 | BIT3 | BIT2)))
+    {
+        *pRes = CC_INV_DATA_FIELD;
+        return	sizeof (*pRes);
+    }
+
+    if (ReqLen == IPMI_15_PASSWORD_LEN)
+    {
+        memset (pSetUserPswdReq->Password + 16, 0, 4);
+    }
+    ReqLen -=2;
+
+    if (UserId > MAX_USER_NUM)
+    {
+        *pRes = CC_INV_DATA_FIELD;
+        return  sizeof (*pRes); /*User Id exceeded the limit*/
+    }
+
+    pUserInfo = getUserIdInfo (UserId);
+
+    if ( NULL ==  pUserInfo )
+    {
+        printf ("Invalid User Id \n");
+        *pRes = CC_INV_DATA_FIELD;
+        return  sizeof (*pRes);
+    }
+
+    *pRes = CC_NORMAL;
+
+    switch (Operation)
+    {
+        case DISABLE_USER:            
+          //here we can disable the user
+          if ((pUserInfo->UserStatus == TRUE) && (g_BMCInfo.CurrentNoUser > 1)) 	
+          {
+        		pUserInfo->UserStatus    = FALSE;
+            g_BMCInfo.CurrentNoUser--;
+            FlushUserInfoTbl();
+          }
+          break;
+        case ENABLE_USER:
+            /*enable user   */
+            if ((0 != pUserInfo->UserId) && (0 != pUserInfo->UserName[0]))
+            {
+                /* if for the first time then Increment the Current user No */
+                if ( pUserInfo->UserStatus == FALSE )
+                {
+        					pUserInfo->UserStatus    = TRUE;
+                  g_BMCInfo.CurrentNoUser++;
+                  FlushUserInfoTbl();
+                }
+            }
+            else
+            {
+        				*pRes = CC_UNSPECIFIED_ERR;
+        				return	sizeof (*pRes);
+            }
+            break;
+
+        case SET_PASSWORD:
+            /*set password  */
+            if ((0 != pUserInfo->UserId) && (0 != pUserInfo->UserName[0]))
+            {
+            	 /*check for special characters*/
+        				strncpy((char *)UserPassword,(const char *) pSetUserPswdReq->Password, sizeof(pSetUserPswdReq->Password));
+                for( i = 0 ; i < sizeof(InvalidChar) ; i++ )
+                {
+                     if( NULL != strchr((const char *)UserPassword, InvalidChar[i] ))
+                     {
+                         *pRes = CC_INV_DATA_FIELD;
+                         return sizeof(*pRes);
+                     }
+                }
+
+        				strcpy(pUserInfo->UserPassword, pSetUserPswdReq->Password);
+        				FlushUserInfoTbl();
+                printf("---> SET_PASSWORD, username: %s, password: %s, get: %s\n", \
+                  pUserInfo->UserName, pUserInfo->UserPassword, pSetUserPswdReq->Password);
+            }
+            else
+            {
+                *pRes = CC_INV_DATA_FIELD;
+                return sizeof (*pRes);
+            }
+            break;
+
+        case TEST_PASSWORD:
+            memcpy (UserPassword, pUserInfo->UserPassword, MAX_PASSWORD_LEN);
     		
- //            /*Test Password */
- //            if( ReqLen != pUserInfo->MaxPasswordSize  && (pUserInfo->MaxPasswordSize != 0))
- //            {
- //                *pRes = CC_PASSWORD_TEST_FAILED_WRONG_SIZE;
- //            }
- //            else if (((FALSE == pUserInfo->UserStatus) && (pUserInfo->ID != USER_ID)) ||
- //            (0 != memcmp (UserPassword, pSetUserPswdReq->Password, MAX_PASSWORD_LEN)))
- //            {
- //                *pRes = CC_PASSWORD_TEST_FAILED;
- //            }
- //            break;
- //    }
+            /*Test Password */
+            if ((FALSE == pUserInfo->UserStatus) ||
+            (0 != memcmp (UserPassword, pSetUserPswdReq->Password, MAX_PASSWORD_LEN)))
+            {
+                *pRes = CC_PASSWORD_TEST_FAILED;
+            }
+            break;
+
+    }
     return sizeof (*pRes);
 }
 

app/bmc/msghndlr/PDKCmds.c

@@ -339,6 +339,7 @@ const CmdHndlrMap_T g_Storlead_CmdHndlr [] =
     { CMD_GET_SYS_INFO,         PRIV_USER,      Storlead_GetSysInfo,        0xff,  0xAAAA ,0xFFFF},
     { CMD_GET_SENSOR_INFO,      PRIV_USER,      Storlead_GetSensorInfo,     0xff,  0xAAAA  ,0xFFFF},
     { CMD_GET_SEL_ENTIRES,      PRIV_USER,      Storlead_GetSELEntires,     0xff,  0xAAAA  ,0xFFFF},
+    { CMD_AUTHOR_VERIFY,        PRIV_USER,      Storlead_AuthorVerify,     0xff,  0xAAAA  ,0xFFFF},
     { 0x00,                     0x00,           0x00,                 0x00, 0x0000  ,  0x0000},
 };
 

app/bmc/msghndlr/Storlead/Storlead.c

@@ -323,4 +323,33 @@ int Storlead_GetSELEntires(uint8_t *pReq, uint8_t ReqLen, uint8_t *pRes)
     pAMIGetSelEntiresRes->CompletionCode = CC_NORMAL;
 
     return sizeof(AMIGetSELEntriesRes_T) + (sizeof(SELRec_T) * pAMIGetSelEntiresRes->Noofentries);
+}
+
+int Storlead_AuthorVerify(uint8_t *pReq, uint8_t ReqLen, uint8_t *pRes)
+{
+    AuthorVerify_T *pAuthorVerify = (AuthorVerify_T *)pReq;
+    int i;
+
+    printf("Storlead_AuthorVerify, username: %s, password: %s\n", pAuthorVerify->name, pAuthorVerify->password);
+    for(i=0;i<MAX_USER_NUM;i++)
+    {
+        if(strcmp(g_BMCInfo.UserInfoTbl[i].UserName, pAuthorVerify->name) == 0)
+        {
+            if(strcmp(g_BMCInfo.UserInfoTbl[i].UserPassword, pAuthorVerify->password)==0)
+            {
+                *pRes = CC_NORMAL;
+                return 1;
+            }
+            else
+            {
+                printf("Invalid password!\n");
+                *pRes = CC_PASSWORD_TEST_FAILED;
+                return 1;
+            }
+        }
+    }
+
+    printf("Invalid username!\n");
+    *pRes = CC_PASSWORD_TEST_FAILED;
+    return 1;
 }

app/bmc/msghndlr/Storlead/Storlead.h

@@ -5,4 +5,5 @@
 
 int  Storlead_GetSysInfo(uint8_t* pReq, uint8_t ReqLen,  uint8_t* pRes);
 int  Storlead_GetSensorInfo(uint8_t* pReq, uint8_t ReqLen,  uint8_t* pRes);
-int  Storlead_GetSELEntires(uint8_t *pReq, uint8_t ReqLen, uint8_t *pRes);
+int  Storlead_GetSELEntires(uint8_t *pReq, uint8_t ReqLen, uint8_t *pRes);
+int Storlead_AuthorVerify(uint8_t *pReq, uint8_t ReqLen, uint8_t *pRes);

app/bmc/msghndlr/cmdselect.c

@@ -800,6 +800,7 @@ const NetFnCmds_T g_Storlead [] =
 	{ CMD_GET_SYS_INFO          ,ENABLED},
 	{ CMD_GET_SENSOR_INFO          ,ENABLED},
 	{ CMD_GET_SEL_ENTIRES          ,ENABLED},
+	{ CMD_AUTHOR_VERIFY          ,ENABLED},
 	{0,				0		},
 };
 

app/common_include/com_BmcType.h

@@ -287,21 +287,6 @@ typedef struct
 //    uint8_t   UserPasswdConfigured;           /*  Flag to allow default Empty Password  */
 }   UserInfo_T;
 
-// typedef struct
-// {
-//     uint8_t               Used;
-//     uint8_t               TimeOut;
-//     uint8_t               SeqNum;
-//     uint8_t               ChannelNum;
-//     uint8_t               DstSessionHandle;
-//     uint8_t               SrcSessionHandle;
-//     uint32_t              SrcSessionID;
-//     uint8_t               DestQ[PIPE_NAME_LEN];
-//     uint8_t               OriginSrc;
-//     IPMIMsgHdr_T       	  ReqMsgHdr;
-//     IPMIMsgHdr_T          ResMsgHdr;
-// } 	PendingBridgedResTbl_T;
-
 
 
 typedef struct
@@ -317,7 +302,11 @@ typedef struct
     uint8_t   Status;
 }AMIGetSELEntriesRes_T;
 
-
+typedef struct 
+{
+    char name[MAX_USERNAME_LEN];
+    char password[MAX_PASSWORD_LEN];
+} AuthorVerify_T;
 
 #pragma pack()
 #endif /* __BMC_TYPE_H__ */

app/common_include/com_IPMI_Storlead.h

@@ -4,5 +4,6 @@
 #define CMD_GET_SYS_INFO   		0x0
 #define CMD_GET_SENSOR_INFO   	0x1
 #define CMD_GET_SEL_ENTIRES		0x2
+#define CMD_AUTHOR_VERIFY 		0x3
 
 #endif /* __COM_IPMI_STORLEAD_H__ */

app/goahead-3.6.5/projects/goahead-linux-static-me.h

@@ -91,7 +91,7 @@
     #define ME_GOAHEAD_AUTH 1
 #endif
 #ifndef ME_GOAHEAD_AUTH_STORE
-    #define ME_GOAHEAD_AUTH_STORE "file"
+    #define ME_GOAHEAD_AUTH_STORE "BMC"    //"file"
 #endif
 #ifndef ME_GOAHEAD_AUTO_LOGIN
     #define ME_GOAHEAD_AUTO_LOGIN 0

app/goahead-3.6.5/projects/goahead-linux-static.mk

@@ -417,6 +417,7 @@ DEPS_USER_H4 += src/web_interface/inc/fw_update.h
 DEPS_USER_H4 += src/web_interface/inc/remote_control.h
 DEPS_USER_H4 += src/web_interface/inc/sel.h
 DEPS_USER_H4 += src/web_interface/inc/server_health.h
+DEPS_USER_H4 += src/web_interface/inc/user.h
 DEPS_USER_H4 += $(BUILD)/inc/goahead.h
 
 $(BUILD)/inc/config.h: $(DEPS_USER_H4)
@@ -451,6 +452,10 @@ $(BUILD)/inc/server_health.h: $(DEPS_USER_H4)
 	@echo '      [Copy] $(BUILD)/inc/server_health.h'
 	mkdir -p "$(BUILD)/inc"
 	cp src/web_interface/inc/server_health.h $(BUILD)/inc/server_health.h
+$(BUILD)/inc/user.h: $(DEPS_USER_H4)
+	@echo '      [Copy] $(BUILD)/inc/user.h'
+	mkdir -p "$(BUILD)/inc"
+	cp src/web_interface/inc/user.h $(BUILD)/inc/user.h
 
 
 DEPS_USER_C1 += $(BUILD)/inc/goahead.h
@@ -569,6 +574,13 @@ $(BUILD)/obj/libipmi_StorDevice.o: \
 		-D_FILE_OFFSET_BITS=64 -D_FILE_OFFSET_BITS=64 -DMBEDTLS_USER_CONFIG_FILE=\"embedtls.h\" \
 		-DME_COM_OPENSSL_PATH=$(ME_COM_OPENSSL_PATH) $(IFLAGS) \
 		"-I$(ME_COM_OPENSSL_PATH)/include" src/libipmi/src/libipmi_StorDevice.c
+$(BUILD)/obj/libipmi_usermgmt.o: \
+    src/libipmi/src/libipmi_usermgmt.c $(DEPS_USER_C2)
+	@echo '   [Compile] $(BUILD)/obj/libipmi_usermgmt.o'
+	$(CC) -c -o $(BUILD)/obj/libipmi_usermgmt.o $(LDFLAGS) $(CFLAGS) $(DFLAGS) \
+		-D_FILE_OFFSET_BITS=64 -D_FILE_OFFSET_BITS=64 -DMBEDTLS_USER_CONFIG_FILE=\"embedtls.h\" \
+		-DME_COM_OPENSSL_PATH=$(ME_COM_OPENSSL_PATH) $(IFLAGS) \
+		"-I$(ME_COM_OPENSSL_PATH)/include" src/libipmi/src/libipmi_usermgmt.c
 
 
 DEPS_USER_C3 += $(BUILD)/inc/goahead.h
@@ -589,6 +601,7 @@ DEPS_USER_C4 += $(BUILD)/inc/fw_update.h
 DEPS_USER_C4 += $(BUILD)/inc/remote_control.h
 DEPS_USER_C4 += $(BUILD)/inc/sel.h
 DEPS_USER_C4 += $(BUILD)/inc/server_health.h
+DEPS_USER_C4 += $(BUILD)/inc/user.h
 DEPS_USER_C4 += $(DEPS_USER_C2)
 
 $(BUILD)/obj/config.o: \
@@ -655,6 +668,14 @@ $(BUILD)/obj/server_health.o: \
 		-DME_COM_OPENSSL_PATH=$(ME_COM_OPENSSL_PATH) $(IFLAGS) \
 		"-I$(ME_COM_OPENSSL_PATH)/include" \
 		src/web_interface/src/server_health.c
+$(BUILD)/obj/user.o: \
+    src/web_interface/src/user.c $(DEPS_USER_C4)
+	@echo '   [Compile] $(BUILD)/obj/user.o'
+	$(CC) -c -o $(BUILD)/obj/user.o $(LDFLAGS) $(CFLAGS) $(DFLAGS) -D_FILE_OFFSET_BITS=64 \
+		-D_FILE_OFFSET_BITS=64 -DMBEDTLS_USER_CONFIG_FILE=\"embedtls.h\" \
+		-DME_COM_OPENSSL_PATH=$(ME_COM_OPENSSL_PATH) $(IFLAGS) \
+		"-I$(ME_COM_OPENSSL_PATH)/include" \
+		src/web_interface/src/user.c
 
 #################### jimbo modify end ###########################
 
@@ -1011,6 +1032,7 @@ DEPS_36 += $(BUILD)/obj/libipmi_sensor.o
 DEPS_36 += $(BUILD)/obj/libipmi_storlead_OEM.o
 DEPS_36 += $(BUILD)/obj/sensor_helpers.o
 DEPS_36 += $(BUILD)/obj/libipmi_StorDevice.o
+DEPS_36 += $(BUILD)/obj/libipmi_usermgmt.o
 
 ## resultUtils
 DEPS_36 += $(BUILD)/obj/ResultUtils.o
@@ -1024,7 +1046,7 @@ DEPS_36 += $(BUILD)/obj/fw_update.o
 DEPS_36 += $(BUILD)/obj/remote_control.o
 DEPS_36 += $(BUILD)/obj/sel.o
 DEPS_36 += $(BUILD)/obj/server_health.o
-
+DEPS_36 += $(BUILD)/obj/user.o
 
 ################ jimbo add end ###################
 $(BUILD)/bin/libgo.a: $(DEPS_36)
@@ -1034,10 +1056,10 @@ $(BUILD)/bin/libgo.a: $(DEPS_36)
 		"$(BUILD)/obj/libipmi_uds_session.o" "$(BUILD)/obj/libipmi_IPM.o" "$(BUILD)/obj/libipmi_fru.o" \
 		"$(BUILD)/obj/libipmi_Chassis.o" "$(BUILD)/obj/libipmi_PEF.o" "$(BUILD)/obj/libipmi_sdr.o" \
 		"$(BUILD)/obj/libipmi_sensor.o" "$(BUILD)/obj/libipmi_storlead_OEM.o" "$(BUILD)/obj/sensor_helpers.o"  \
-		"$(BUILD)/obj/libipmi_StorDevice.o"  \
+		"$(BUILD)/obj/libipmi_StorDevice.o" "$(BUILD)/obj/libipmi_usermgmt.o"  \
 		"$(BUILD)/obj/config.o" "$(BUILD)/obj/dashboard.o" "$(BUILD)/obj/fan.o" "$(BUILD)/obj/fru.o" \
 		"$(BUILD)/obj/fw_update.o" "$(BUILD)/obj/remote_control.o" "$(BUILD)/obj/sel.o" \
-		"$(BUILD)/obj/server_health.o" 
+		"$(BUILD)/obj/server_health.o" "$(BUILD)/obj/user.o" 
 
 #
 #   install-certs

app/goahead-3.6.5/src/auth.c

@@ -24,6 +24,7 @@
 /********************************* Includes ***********************************/
 
 #include    "goahead.h"
+#include    "user.h"
 
 #if ME_GOAHEAD_AUTH
 
@@ -37,7 +38,8 @@ static WebsHash users = -1;
 static WebsHash roles = -1;
 static char *masterSecret;
 static int autoLogin = ME_GOAHEAD_AUTO_LOGIN;
-static WebsVerify verifyPassword = websVerifyPasswordFromFile;
+//static WebsVerify verifyPassword = websVerifyPasswordFromFile;
+static WebsVerify verifyPassword = websVerifyPasswordFromBMC;
 
 #if ME_COMPILER_HAS_PAM
 typedef struct {
@@ -164,6 +166,8 @@ PUBLIC int websOpenAuth(int minimal)
     } else if (smatch(ME_GOAHEAD_AUTH_STORE, "pam")) {
         verifyPassword = websVerifyPasswordFromPam;
 #endif
+    } else if (smatch(ME_GOAHEAD_AUTH_STORE, "BMC")) {
+        verifyPassword = websVerifyPasswordFromBMC;
     }
     return 0;
 }
@@ -487,6 +491,7 @@ PUBLIC bool websLoginUser(Webs *wp, char *username, char *password)
     assert(username);
     assert(password);
 
+    printf("websLoginUser, username: %s, password: %s\n", username, password);
     if (!wp->route || !wp->route->verify) {
         return 0;
     }
@@ -595,12 +600,15 @@ PUBLIC bool websVerifyPasswordFromFile(Webs *wp)
         fmt(passbuf, sizeof(passbuf), "%s:%s:%s", wp->username, ME_GOAHEAD_REALM, wp->password);
         wfree(wp->password);
         wp->password = websMD5(passbuf);
+        printf("---> encoded password: %s\n", wp->password);
         wp->encoded = 1;
     }
     if (wp->digest) {
         success = smatch(wp->password, wp->digest);
+        printf("---> password: %s, digest: %s\n", wp->password, wp->digest);
     } else {
         success = smatch(wp->password, wp->user->password);
+        printf("---> password: %s, user->password: %s\n", wp->password, wp->user->password);
     }
     if (success) {
         trace(5, "User \"%s\" authenticated", wp->username);

app/goahead-3.6.5/src/auth.txt

@@ -16,4 +16,4 @@
 #       user name=joshua password=2fd6e47ff9bb70c0465fd2f5c8e5305e roles=manager,purchaser
 #
 
-user name=admin password=2fd6e47ff9bb70c0465fd2f5c8e5305e roles=manager,purchaser
+user name=admin password=b26bbb9407b20d92c5b7dd071a108dcc roles=manager,purchaser

app/goahead-3.6.5/src/goahead.c

@@ -27,6 +27,7 @@
 #include    "server_health.h"
 #include    "fw_update.h"
 #include    "config.h"
+#include    "user.h"
 
 /********************************* Defines ************************************/
 
@@ -191,8 +192,11 @@ websDefineAction("getFruProductInfo", getFruProductInfo);
 websDefineAction("Web_ClearSEL", Web_ClearSEL);
 websDefineAction("GetAllSELEntriesSorted", GetAllSELEntriesSorted);
 
-
-
+//user
+websDefineAction("getAllUserInfo", getAllUserInfo);
+websDefineAction("setUserPassword", setUserPassword);
+websDefineAction("addUser", addUser);
+websDefineAction("delUser", delUser);
 
 
 

app/goahead-3.6.5/src/libipmi/inc/libipmi_usermgmt.h

@@ -1,20 +1,27 @@
 #ifndef __LIBIPMI_USER_MANAGEMENT_H__
 #define __LIBIPMI_USER_MANAGEMENT_H__
 
+#include "com_IPMIDefs.h"
+#include "libipmi_struct.h"
+#include "com_BmcType.h"
+
 #pragma pack(1)
 
 typedef struct {
 	uint8_t		byUserID;
-	char		szUserName[16];
+	char		szUserName[MAX_USERNAME_LEN];
 } SetUser_T;
 
 typedef struct {
 	uint8_t		byCompletionCode;
-	char		szUserName[16];
+	char		szUserName[MAX_USERNAME_LEN];
 } GetUser_T;
 
 #pragma pack()
 
+uint16_t LIBIPMI_GetAllUserInfo( IPMI20_UDS_SESSION_T *pUDSSession, UserInfo_T *userInfoTbl, int timeout );
+uint8_t LIBIPMI_AuthorVerify( IPMI20_UDS_SESSION_T *pUDSSession, char *username, char *password, int timeout );
+uint16_t LIBIPMI_SetPassword( IPMI20_UDS_SESSION_T *pUDSSession, uint8_t userid, char *password, int timeout );
 
 #endif
 

app/goahead-3.6.5/src/libipmi/src/libipmi_sdr.c

@@ -432,7 +432,7 @@ static uint16_t ipmb_get_sdr( IPMI20_UDS_SESSION_T *pUDSSession,
         return( STATUS_CODE( IPMI_ERROR_FLAG, OEMCC_NOMEM ) );
 
     
-    temp_buffer = walloc( max_sdr_len + sizeof( GetSDRRes_T ) );
+    temp_buffer = (uint8_t*)walloc( max_sdr_len + sizeof( GetSDRRes_T ) );
     if( temp_buffer == NULL )
         return( STATUS_CODE( IPMI_ERROR_FLAG, OEMCC_NOMEM ) );
     

app/goahead-3.6.5/src/libipmi/src/libipmi_usermgmt.c

@@ -18,13 +18,15 @@
 ******************************************************************/
 #include "libipmi_session.h"
 #include "libipmi_errorcodes.h"
-#include "libipmi_api.h"
 #include "libipmi_usermgmt.h"
-
+#include "com_IPMIDefs.h"
+#include "com_IPMI_App.h"
 #include "string.h"
+#include "com_IPMI_AppDevice.h"
+#include "com_IPMI_Storlead.h"
 
 
-uint16_t LIBIPMI_SetUser( IPMI20_SESSION_T *pSession, char *pszUsername, uint8_t byID, int timeout )
+uint16_t LIBIPMI_SetUser( IPMI20_UDS_SESSION_T *pUDSSession, char *pszUsername, uint8_t byID, int timeout )
 {
 	SetUser_T	UserInfo;
 	int			nUserNameLen;
@@ -33,12 +35,12 @@ uint16_t LIBIPMI_SetUser( IPMI20_SESSION_T *pSession, char *pszUsername, uint8_t
 	uint16_t		wRet;
 	
 	
-	if(byID	>= MAX_USER_NUM)
+	if(byID	> MAX_USER_NUM)
 	{
 		printf("Invalid UserID\n");
 		return STATUS_CODE(0, LIBIPMI_E_INVALID_USER_ID);
 	}
-	else if( (nUserNameLen=strlen(pszUsername)) == 0 )
+	else if( ((nUserNameLen=strlen(pszUsername)) == 0 ) || (nUserNameLen > MAX_USERNAME_LEN))
 	{
 		printf("Invalid UserName\n");
 		return STATUS_CODE(0, LIBIPMI_E_INVALID_USER_NAME);
@@ -46,16 +48,12 @@ uint16_t LIBIPMI_SetUser( IPMI20_SESSION_T *pSession, char *pszUsername, uint8_t
 
 	memset(&UserInfo, 0, sizeof(SetUser_T) );
 	
-	/* Truncate the username to 16 chars */
-	(nUserNameLen > MAX_USER_NAME_LEN)?nUserNameLen = MAX_USER_NAME_LEN:nUserNameLen;
-	
 	/* IPMI Spec Table 22-33 */
 	UserInfo.byUserID = byID & ~(0xC0); 
-	memcpy(UserInfo.szUserName, pszUsername, nUserNameLen);
+	strcpy(UserInfo.szUserName, pszUsername);
 
-	dwResLen = 1;
 	/* Call RAW IPMI Command */
-	wRet = LIBIPMI_Send_RAW_IPMI2_0_Command(pSession, PAYLOAD_TYPE_IPMI,
+	wRet = LIBIPMI_Send_RAW_IPMI2_0_Command(pUDSSession,
 											DEFAULT_NET_FN_LUN, CMD_SET_USER_NAME,
 											(uint8_t*)&UserInfo, sizeof(SetUser_T),
 											byRes, &dwResLen,
@@ -66,7 +64,7 @@ uint16_t LIBIPMI_SetUser( IPMI20_SESSION_T *pSession, char *pszUsername, uint8_t
 	return wRet;
 }
 
-uint16_t LIBIPMI_GetUser( IPMI20_SESSION_T *pSession, char *pszUsername, uint8_t byID, int timeout )
+uint16_t LIBIPMI_GetUser( IPMI20_UDS_SESSION_T *pUDSSession, char *pszUsername, uint8_t byID, int timeout )
 {
 	GetUser_T	UserInfo;
 	uint32_t		dwRetLen;
@@ -83,7 +81,7 @@ uint16_t LIBIPMI_GetUser( IPMI20_SESSION_T *pSession, char *pszUsername, uint8_t
 	dwRetLen = sizeof(GetUser_T);
 	byID &= ~(0xC0);
 	/* Call RAW IPMI Command */
-	wRet = LIBIPMI_Send_RAW_IPMI2_0_Command(pSession, PAYLOAD_TYPE_IPMI,
+	wRet = LIBIPMI_Send_RAW_IPMI2_0_Command(pUDSSession, 
 											DEFAULT_NET_FN_LUN, CMD_GET_USER_NAME,
 											&byID, sizeof(uint8_t),
 											(uint8_t *)&UserInfo, &dwRetLen,
@@ -102,3 +100,120 @@ uint16_t LIBIPMI_GetUser( IPMI20_SESSION_T *pSession, char *pszUsername, uint8_t
 	return wRet;
 }
 
+uint16_t LIBIPMI_GetAllUserInfo( IPMI20_UDS_SESSION_T *pUDSSession, UserInfo_T *userInfoTbl, int timeout )
+{
+	uint16_t		wRet;
+	uint32_t		dwRetLen;
+	uint8_t 		maxUser;
+	uint8_t 		userID;
+	GetUserNameRes_T		UserInfo;
+	int i;
+
+	for(i=0;i<MAX_USER_NUM;i++)
+	{
+		userID = i+1;
+		wRet = LIBIPMI_Send_RAW_IPMI2_0_Command(pUDSSession, 
+												DEFAULT_NET_FN_LUN, CMD_GET_USER_NAME,
+												(uint8_t *)&userID, 1,
+												(uint8_t *)&UserInfo, &dwRetLen,
+												timeout);
+		if((wRet != 0) || (UserInfo.CompletionCode != 0))
+		{
+			userInfoTbl[i].UserStatus = FALSE;
+			continue;
+		}
+
+		userInfoTbl[i].UserStatus = TRUE;
+		userInfoTbl[i].UserId = i+1;
+		memcpy(userInfoTbl[i].UserName, UserInfo.UserName, MAX_USERNAME_LEN);		
+	}
+	return 0;
+}
+
+//uint8_t == bool
+uint8_t LIBIPMI_AuthorVerify( IPMI20_UDS_SESSION_T *pUDSSession, char *username, char *password, int timeout )
+{
+	AuthorVerify_T 	req;
+	uint8_t 		res;
+	uint32_t		dwRetLen;
+	uint16_t		wRet;	
+	if((username == NULL) || (username[0] == 0))
+	{
+		printf("username is NULL\n");
+		return FALSE;
+	}
+
+	if(strlen(username) > MAX_USERNAME_LEN)
+	{
+		printf("username is too long!\n");
+		return FALSE;
+	}
+
+	if(strlen(password) > MAX_PASSWORD_LEN)
+	{
+		printf("password is too long!\n");
+		return FALSE;
+	}
+
+	memset(&req, 0, sizeof(AuthorVerify_T));
+	strcpy(req.name, username); 
+	strcpy(req.password, password); 
+
+	wRet = LIBIPMI_Send_RAW_IPMI2_0_Command(pUDSSession, 
+										NETFNLUN_IPMI_STORLEAD, CMD_AUTHOR_VERIFY,
+										(uint8_t *)&req, sizeof(AuthorVerify_T),
+										(uint8_t *)&res, &dwRetLen,
+										timeout);
+	if((wRet == 0)  && (res == 0))
+	{
+		//verify ok
+		return TRUE;
+	}
+
+	return FALSE;
+}
+
+
+
+uint16_t LIBIPMI_SetPassword( IPMI20_UDS_SESSION_T *pUDSSession, uint8_t userid, char *password, int timeout )
+{
+	SetUserPswdReq_T req;
+	SetUserPswdRes_T res;
+	uint32_t		dwRetLen;
+	uint16_t		wRet;	
+
+	if((userid <= 0) || (userid > MAX_USER_NUM))
+	{
+		printf("Invalid userid: %d\n", userid);
+		return -1;
+	}
+
+	if (strlen(password) > MAX_PASSWORD_LEN)
+	{
+		printf("Invalid password Length: %d\n", strlen(password));
+		return -1;
+	}
+
+	if((password == NULL) || (password[0] == 0))
+	{
+		printf("password is null!\n");
+		return -1;
+	}
+
+	req.UserID = userid;
+	req.Operation = 0x02;
+	strcpy(req.Password, password);
+	printf("---> req: %s, password: %s\n", req.Password, password);
+	wRet = LIBIPMI_Send_RAW_IPMI2_0_Command(pUDSSession, 
+										DEFAULT_NET_FN_LUN, CMD_SET_USER_PASSWORD,
+										(uint8_t *)&req, sizeof(SetUserPswdReq_T),
+										(uint8_t *)&res, &dwRetLen,
+										timeout);
+	if((wRet != 0)  || (res.CompletionCode != 0))
+	{
+		printf("Ser password fail!\n");
+		return -1;
+	}
+
+	return 0;
+}

app/goahead-3.6.5/src/web_interface/inc/user.h

@@ -0,0 +1,12 @@
+#ifndef __USER_H__
+#define __USER_H__
+
+#include "goahead.h"
+
+PUBLIC bool websVerifyPasswordFromBMC(Webs *wp);
+void addUser(Webs *wp);
+void setUserPassword(Webs *wp);
+void getAllUserInfo(Webs *wp);
+void delUser(Webs *wp);
+
+#endif

app/goahead-3.6.5/src/web_interface/src/dashboard.c

@@ -338,7 +338,8 @@ void getSensorInfo(Webs *wp){
 
             if(root)
                 cJSON_Delete(root);
-          
+            if(pStr)
+                wfree(pStr);          
         }
     }
     //TODO: lusa

app/goahead-3.6.5/src/web_interface/src/user.c

@@ -0,0 +1,257 @@
+#include    "goahead.h"
+#include    "libipmi_IPM.h"
+#include    "com_IPMIDefs.h"
+#include    "ResultUtils.h"
+#include    "cJSON.h"
+#include    "libipmi_storlead_OEM.h"
+#include    "libsensor.h"
+#include    <stdio.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <unistd.h>
+#include "com_BmcType.h"
+#include "libipmi_usermgmt.h"
+
+PUBLIC bool websVerifyPasswordFromBMC(Webs *wp)
+{
+    char    passbuf[ME_GOAHEAD_LIMIT_PASSWORD * 3 + 3];
+    bool    success = TRUE;
+    int 	wRet;
+    IPMI20_UDS_SESSION_T    UDSSession;
+
+    assert(wp);
+
+    printf("---> verify from BMC\n");
+    
+    //Create session
+    LIBIPMI_CreateSession(&UDSSession, DEFAULT_TIMEOUT);
+    
+    if(LIBIPMI_AuthorVerify(&UDSSession, wp->username, wp->password, DEFAULT_TIMEOUT) == FALSE)
+    {
+    	success = FALSE;
+    }
+    //Close session
+    LIBIPMI_CloseSession(&UDSSession );
+
+    return success;
+}
+
+void getAllUserInfo(Webs *wp){
+    int wRet;
+    IPMI20_UDS_SESSION_T    UDSSession;
+    UserInfo_T userInfoTbl[MAX_USER_NUM];
+    int i;
+    //Create session
+    LIBIPMI_CreateSession(&UDSSession, DEFAULT_TIMEOUT);
+    
+    LIBIPMI_GetAllUserInfo(&UDSSession, userInfoTbl, DEFAULT_TIMEOUT );
+
+    //Close session
+    LIBIPMI_CloseSession(&UDSSession );
+
+    char *pStr;
+    int code = 200;
+    cJSON * root =  cJSON_CreateObject();
+    cJSON  *pJsonArry,*pJsonsub;
+    pJsonArry=cJSON_CreateArray();   /*创建数组*/
+    for(i=0;i<MAX_USER_NUM;i++)
+    {
+    	if(userInfoTbl[i].UserStatus == TRUE)
+    	{
+    		cJSON_AddItemToArray(pJsonArry,pJsonsub=cJSON_CreateObject());
+    		cJSON_AddNumberToObject(pJsonsub, "userid", userInfoTbl[i].UserId); 
+    		cJSON_AddStringToObject(pJsonsub, "username", userInfoTbl[i].UserName); 
+   
+    	}
+    }
+
+    cJSON_AddItemToObject(root, "data", pJsonArry);
+    pStr = cJSON_PrintUnformatted(root);
+
+    printf("---> cJSON Str:\n%s\n", pStr);
+    websSetStatus(wp, 200);
+    websWriteHeaders(wp, -1, 0);
+    websWriteEndHeaders(wp); 
+    websWrite(wp,"%s", pStr);
+    websFlush(wp, 0);
+    websDone(wp);
+
+    if(pStr)
+        wfree(pStr);
+    if(root)
+        cJSON_Delete(root);
+}
+
+void setUserPassword(Webs *wp){
+    int wRet;
+    IPMI20_UDS_SESSION_T    UDSSession;
+    char *username = websGetVar(wp, "username", NULL);
+    char *oldpassword = websGetVar(wp, "oldpassword", NULL);
+    char *password = websGetVar(wp, "password", NULL);
+    char *useridstr = websGetVar(wp, "userid", NULL);
+    uint8_t userid = atoi(useridstr);
+
+    printf("---> setUserPassword, userid: %d, username: %s, oldpassword: %s, password: %s\n",\
+    	userid, username, oldpassword, password);
+    //Create session
+    LIBIPMI_CreateSession(&UDSSession, DEFAULT_TIMEOUT);
+
+    //verify old password
+    if(LIBIPMI_AuthorVerify(&UDSSession, username, oldpassword, DEFAULT_TIMEOUT) != TRUE)
+    {
+    	printf("Verify oldpassword error!\n" );
+    	//Close session
+    	LIBIPMI_CloseSession(&UDSSession );
+    	websError(wp, 404, "Verify oldpassword error!");
+    	return;
+    }
+
+    printf("Verify oldpassword success!\n" );
+    //set new password
+    if(0 != LIBIPMI_SetPassword(&UDSSession, userid, password, DEFAULT_TIMEOUT))
+    {
+    	printf("Set user password fail!\n");
+    	//Close session
+    	LIBIPMI_CloseSession(&UDSSession );
+    	websError(wp, 404, "Set user password fail!");    	
+    	return;
+    }
+    printf("Set user password success!\n" );
+  
+    //Close session
+    LIBIPMI_CloseSession(&UDSSession );
+
+    websSetStatus(wp, 200);
+    websWriteHeaders(wp, -1, 0);
+    websWriteEndHeaders(wp); 
+    // websWrite(wp,"%s", pStr);
+    websFlush(wp, 0);
+    websDone(wp);
+}
+
+void addUser(Webs *wp){
+    int 			wRet;
+    IPMI20_UDS_SESSION_T    UDSSession;
+    UserInfo_T 		userInfoTbl[MAX_USER_NUM];
+    uint8_t 		userid;
+    int i;
+    char *username = websGetVar(wp, "username", NULL);
+    char *password = websGetVar(wp, "password", NULL);
+
+    //Create session
+    LIBIPMI_CreateSession(&UDSSession, DEFAULT_TIMEOUT);
+
+    //Find valid userid
+    LIBIPMI_GetAllUserInfo(&UDSSession, userInfoTbl, DEFAULT_TIMEOUT );
+    for(i=0;i<MAX_USER_NUM;i++)
+    {
+    	if(userInfoTbl[i].UserStatus != TRUE)
+    	{
+    		userid = i+1;
+    		break;
+    	}
+    }
+    if(MAX_USER_NUM == i)
+    {
+    	printf("The user is full!\n");
+    	websError(wp, 404, "The user is full!");
+    	//Close session
+    	LIBIPMI_CloseSession(&UDSSession );
+    	return;
+    }
+    
+    //set user name
+   	if(0 != LIBIPMI_SetUser(&UDSSession, username, userid, DEFAULT_TIMEOUT ))
+   	{
+   		printf("Set user name fail!\n");
+    	//Close session
+    	LIBIPMI_CloseSession(&UDSSession );
+    	websError(wp, 404, "Set user name fail!");    	
+    	return;
+   	}
+    
+    //set user password
+    if(0 != LIBIPMI_SetPassword(&UDSSession, userid, password, DEFAULT_TIMEOUT))
+    {
+    	printf("Set user password fail!\n");
+    	//Close session
+    	LIBIPMI_CloseSession(&UDSSession );
+    	websError(wp, 404, "Set user password fail!");    	
+    	return;
+    }
+
+    //Close session
+    LIBIPMI_CloseSession(&UDSSession );
+
+    char *pStr;
+    cJSON * root =  cJSON_CreateObject();
+    cJSON * data =  cJSON_CreateObject();
+    cJSON_AddItemToObject(root, "data", data);//根节点下添加
+    cJSON_AddStringToObject(root, "msg", "");
+    cJSON_AddNumberToObject(root, "code", 200);
+    cJSON_AddNumberToObject(data, "userid", userid);
+    cJSON_AddStringToObject(data, "username", username);
+    cJSON_AddStringToObject(data, "password", password);
+   
+    pStr = cJSON_PrintUnformatted(root);
+
+    printf("---> cJSON Str:\n%s\n", pStr);
+    websSetStatus(wp, 200);
+    websWriteHeaders(wp, -1, 0);
+    websWriteEndHeaders(wp); 
+    websWrite(wp,"%s", pStr);
+    websFlush(wp, 0);
+    websDone(wp);
+
+    if(pStr)
+        wfree(pStr);
+    if(root)
+        cJSON_Delete(root);
+}
+
+void delUser(Webs *wp){
+    int wRet;
+    IPMI20_UDS_SESSION_T    UDSSession;
+    char *useridstr = websGetVar(wp, "userid", NULL);
+    uint8_t userid = atoi(useridstr);
+    char UserName[MAX_USER_NUM] = {0xff};
+
+    //Create session
+    LIBIPMI_CreateSession(&UDSSession, DEFAULT_TIMEOUT);
+    
+    //set username 0xff to delete user
+   	if(0 != LIBIPMI_SetUser(&UDSSession, UserName, userid, DEFAULT_TIMEOUT ))
+   	{
+   		printf("Delete user fail!\n");
+    	//Close session
+    	LIBIPMI_CloseSession(&UDSSession );
+    	websError(wp, 404, "Delete user fail!");    	
+    	return;
+   	}
+  
+    //Close session
+    LIBIPMI_CloseSession(&UDSSession );
+
+    char *pStr;
+    cJSON * root =  cJSON_CreateObject();
+    cJSON * data =  cJSON_CreateObject();
+    cJSON_AddItemToObject(root, "data", data);//根节点下添加
+    cJSON_AddStringToObject(root, "msg", "");
+    cJSON_AddNumberToObject(root, "code", 200);
+    cJSON_AddNumberToObject(data, "userid", userid);
+   
+    pStr = cJSON_PrintUnformatted(root);
+
+    printf("---> cJSON Str:\n%s\n", pStr);
+    websSetStatus(wp, 200);
+    websWriteHeaders(wp, -1, 0);
+    websWriteEndHeaders(wp); 
+    websWrite(wp,"%s", pStr);
+    websFlush(wp, 0);
+    websDone(wp);
+
+    if(pStr)
+        wfree(pStr);
+    if(root)
+        cJSON_Delete(root);
+}

app/goahead-3.6.5/说明.txt

@@ -0,0 +1,11 @@
+获取所有用户信息
+http://192.168.0.208/action/getAllUserInfo
+
+新增用户，提供用户名和密码
+http://192.168.0.208/action/addUser?username=jimbo2&password=jimbo
+
+修改用户密码，提供用户ID、用户名、旧密码和新密码
+setuserPassword?username=admin&oldpassword=admin&password=hello&userid=3
+
+删除用户，提供用户ID
+http://192.168.0.208/action/delUser?userid=1