Acasă Explorează Ajutor
Înregistrare Autentificare
zhangbo
/
GD32F450_BMC_BaseCode
1
0
Bifurcare 0
Fisiere Probleme 0 Trageți solicitările 0 Wiki
Arbore: fa0dd5ec4d
Ramuri Etichete
GD32F450_BMC_Ba...
/
app
/
ipmitool-1.8.18
/
lib
/
ipmi_channel.c

ipmi_channel.c 26 KB
Istoric Crud

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932 
  1. /* -*-mode: C; indent-tabs-mode: t; -*-
    2. 

  2.  * Copyright (c) 2003 Sun Microsystems, Inc.  All Rights Reserved.
    3. 

  3.  * 
    4. 

  4.  * Redistribution and use in source and binary forms, with or without
    5. 

  5.  * modification, are permitted provided that the following conditions
    6. 

  6.  * are met:
    7. 

  7.  * 
    8. 

  8.  * Redistribution of source code must retain the above copyright
    9. 

  9.  * notice, this list of conditions and the following disclaimer.
    10. 

  10.  * 
    11. 

  11.  * Redistribution in binary form must reproduce the above copyright
    12. 

  12.  * notice, this list of conditions and the following disclaimer in the
    13. 

  13.  * documentation and/or other materials provided with the distribution.
    14. 

  14.  * 
    15. 

  15.  * Neither the name of Sun Microsystems, Inc. or the names of
    16. 

  16.  * contributors may be used to endorse or promote products derived
    17. 

  17.  * from this software without specific prior written permission.
    18. 

  18.  * 
    19. 

  19.  * This software is provided "AS IS," without a warranty of any kind.
    20. 

  20.  * ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES,
    21. 

  21.  * INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A
    22. 

  22.  * PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED.
    23. 

  23.  * SUN MICROSYSTEMS, INC. ("SUN") AND ITS LICENSORS SHALL NOT BE LIABLE
    24. 

  24.  * FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING
    25. 

  25.  * OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES.  IN NO EVENT WILL
    26. 

  26.  * SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA,
    27. 

  27.  * OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR
    28. 

  28.  * PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF
    29. 

  29.  * LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
    30. 

  30.  * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    31. 

  31.  */
    32. 

  32. 

  33. #include <stdlib.h>
    34. 

  34. #include <stdio.h>
    35. 

  35. #include <string.h>
    36. 

  36. #include <strings.h>
    37. 

  37. #include <sys/types.h>
    38. 

  38. #include <sys/socket.h>
    39. 

  39. #include <netinet/in.h>
    40. 

  40. #include <arpa/inet.h>
    41. 

  41. #include <errno.h>
    42. 

  42. #include <unistd.h>
    43. 

  43. #include <signal.h>
    44. 

  44. 

  45. #include <ipmitool/ipmi.h>
    46. 

  46. #include <ipmitool/ipmi_intf.h>
    47. 

  47. #include <ipmitool/helper.h>
    48. 

  48. #include <ipmitool/log.h>
    49. 

  49. #include <ipmitool/ipmi_lanp.h>
    50. 

  50. #include <ipmitool/ipmi_channel.h>
    51. 

  51. #include <ipmitool/ipmi_strings.h>
    52. 

  52. #include <ipmitool/ipmi_constants.h>
    53. 

  53. #include <ipmitool/ipmi_user.h>
    54. 

  54. 

  55. extern int csv_output;
    56. 

  56. extern int verbose;
    57. 

  57. 

  58. void printf_channel_usage(void);
    59. 

  59. 

  60. /* _ipmi_get_channel_access - Get Channel Access for given channel. Results are
    61. 

  61.  * stored into passed struct.
    62. 

  62.  *
    63. 

  63.  * @intf - IPMI interface
    64. 

  64.  * @channel_access - ptr to channel_access_t with Channel set.
    65. 

  65.  * @get_volatile_settings - get volatile if != 0, else non-volatile settings.
    66. 

  66.  *
    67. 

  67.  * returns - negative number means error, positive is a ccode.
    68. 

  68.  */
    69. 

  69. int
    70. 

  70. _ipmi_get_channel_access(struct ipmi_intf *intf,
    71. 

  71. 		struct channel_access_t *channel_access,
    72. 

  72. 		uint8_t get_volatile_settings)
    73. 

  73. {
    74. 

  74. 	struct ipmi_rs *rsp;
    75. 

  75. 	struct ipmi_rq req = {0};
    76. 

  76. 	uint8_t data[2];
    77. 

  77. 

  78. 	if (channel_access == NULL) {
    79. 

  79. 		return (-3);
    80. 

  80. 	}
    81. 

  81. 	data[0] = channel_access->channel & 0x0F;
    82. 

  82. 	/* volatile - 0x80; non-volatile - 0x40 */
    83. 

  83. 	data[1] = get_volatile_settings ? 0x80 : 0x40;
    84. 

  84. 	req.msg.netfn = IPMI_NETFN_APP;
    85. 

  85. 	req.msg.cmd = IPMI_GET_CHANNEL_ACCESS;
    86. 

  86. 	req.msg.data = data;
    87. 

  87. 	req.msg.data_len = 2;
    88. 

  88. 

  89. 	rsp = intf->sendrecv(intf, &req);
    90. 

  90. 	if (rsp == NULL) {
    91. 

  91. 		return (-1);
    92. 

  92. 	} else if (rsp->ccode != 0) {
    93. 

  93. 		return rsp->ccode;
    94. 

  94. 	} else if (rsp->data_len != 2) {
    95. 

  95. 		return (-2);
    96. 

  96. 	}
    97. 

  97. 	channel_access->alerting = rsp->data[0] & 0x20;
    98. 

  98. 	channel_access->per_message_auth = rsp->data[0] & 0x10;
    99. 

  99. 	channel_access->user_level_auth = rsp->data[0] & 0x08;
    100. 

  100. 	channel_access->access_mode = rsp->data[0] & 0x07;
    101. 

  101. 	channel_access->privilege_limit = rsp->data[1] & 0x0F;
    102. 

  102. 	return 0;
    103. 

  103. }
    104. 

  104. 

  105. /* _ipmi_get_channel_info - Get Channel Info for given channel. Results are
    106. 

  106.  * stored into passed struct.
    107. 

  107.  *
    108. 

  108.  * @intf - IPMI interface
    109. 

  109.  * @channel_info - ptr to channel_info_t with Channel set.
    110. 

  110.  *
    111. 

  111.  * returns - negative number means error, positive is a ccode.
    112. 

  112.  */
    113. 

  113. int
    114. 

  114. _ipmi_get_channel_info(struct ipmi_intf *intf,
    115. 

  115. 		struct channel_info_t *channel_info)
    116. 

  116. {
    117. 

  117. 	struct ipmi_rs *rsp;
    118. 

  118. 	struct ipmi_rq req = {0};
    119. 

  119. 	uint8_t data[1];
    120. 

  120. 

  121. 	if (channel_info == NULL) {
    122. 

  122. 		return (-3);
    123. 

  123. 	}
    124. 

  124. 	data[0] = channel_info->channel & 0x0F;
    125. 

  125. 	req.msg.netfn = IPMI_NETFN_APP;
    126. 

  126. 	req.msg.cmd = IPMI_GET_CHANNEL_INFO;
    127. 

  127. 	req.msg.data = data;
    128. 

  128. 	req.msg.data_len = 1;
    129. 

  129. 

  130. 	rsp = intf->sendrecv(intf, &req);
    131. 

  131. 	if (rsp == NULL) {
    132. 

  132. 		return (-1);
    133. 

  133. 	} else if (rsp->ccode != 0) {
    134. 

  134. 		return rsp->ccode;
    135. 

  135. 	} else if (rsp->data_len != 9) {
    136. 

  136. 		return (-2);
    137. 

  137. 	}
    138. 

  138. 	channel_info->channel = rsp->data[0] & 0x0F;
    139. 

  139. 	channel_info->medium = rsp->data[1] & 0x7F;
    140. 

  140. 	channel_info->protocol = rsp->data[2] & 0x1F;
    141. 

  141. 	channel_info->session_support = rsp->data[3] & 0xC0;
    142. 

  142. 	channel_info->active_sessions = rsp->data[3] & 0x3F;
    143. 

  143. 	memcpy(channel_info->vendor_id, &rsp->data[4],
    144. 

  144. 			sizeof(channel_info->vendor_id));
    145. 

  145. 	memcpy(channel_info->aux_info, &rsp->data[7],
    146. 

  146. 			sizeof(channel_info->aux_info));
    147. 

  147. 	return 0;
    148. 

  148. }
    149. 

  149. 

  150. /* _ipmi_set_channel_access - Set Channel Access values for given channel.
    151. 

  151.  *
    152. 

  152.  * @intf - IPMI interface
    153. 

  153.  * @channel_access - channel_access_t with desired values and channel set.
    154. 

  154.  * @access_option:
    155. 

  155.  *   - 0 = don't set/change Channel Access
    156. 

  156.  *   - 1 = set non-volatile settings of Channel Access
    157. 

  157.  *   - 2 = set volatile settings of Channel Access
    158. 

  158.  * @privilege_option:
    159. 

  159.  *   - 0 = don't set/change Privilege Level Limit
    160. 

  160.  *   - 1 = set non-volatile settings of Privilege Limit
    161. 

  161.  *   - 2 = set volatile settings of Privilege Limit
    162. 

  162.  *
    163. 

  163.  * returns - negative number means error, positive is a ccode. See IPMI
    164. 

  164.  *   specification for further information on ccodes for Set Channel Access.
    165. 

  165.  * 0x82 - set not supported on selected channel, eg. session-less channel.
    166. 

  166.  * 0x83 - access mode not supported
    167. 

  167.  */
    168. 

  168. int
    169. 

  169. _ipmi_set_channel_access(struct ipmi_intf *intf,
    170. 

  170. 		struct channel_access_t channel_access,
    171. 

  171. 		uint8_t access_option,
    172. 

  172. 		uint8_t privilege_option)
    173. 

  173. {
    174. 

  174. 	struct ipmi_rs *rsp;
    175. 

  175. 	struct ipmi_rq req;
    176. 

  176. 	uint8_t data[3];
    177. 

  177. 	/* Only values from <0..2> are accepted as valid. */
    178. 

  178. 	if (access_option > 2 || privilege_option > 2) {
    179. 

  179. 		return (-3);
    180. 

  180. 	}
    181. 

  181. 

  182. 	memset(&data, 0, sizeof(data));
    183. 

  183. 	data[0] = channel_access.channel & 0x0F;
    184. 

  184. 	data[1] = (access_option << 6);
    185. 

  185. 	if (channel_access.alerting) {
    186. 

  186. 		data[1] |= 0x20;
    187. 

  187. 	}
    188. 

  188. 	if (channel_access.per_message_auth) {
    189. 

  189. 		data[1] |= 0x10;
    190. 

  190. 	}
    191. 

  191. 	if (channel_access.user_level_auth) {
    192. 

  192. 		data[1] |= 0x08;
    193. 

  193. 	}
    194. 

  194. 	data[1] |= (channel_access.access_mode & 0x07);
    195. 

  195. 	data[2] = (privilege_option << 6);
    196. 

  196. 	data[2] |= (channel_access.privilege_limit & 0x0F);
    197. 

  197. 

  198. 	memset(&req, 0, sizeof(req));
    199. 

  199. 	req.msg.netfn = IPMI_NETFN_APP;
    200. 

  200. 	req.msg.cmd = IPMI_SET_CHANNEL_ACCESS;
    201. 

  201. 	req.msg.data = data;
    202. 

  202. 	req.msg.data_len = 3;
    203. 

  203. 	
    204. 

  204. 	rsp = intf->sendrecv(intf, &req);
    205. 

  205. 	if (rsp == NULL) {
    206. 

  206. 		return (-1);
    207. 

  207. 	}
    208. 

  208. 	return rsp->ccode;
    209. 

  209. }
    210. 

  210. 

  211. static const char *
    212. 

  212. iana_string(uint32_t iana)
    213. 

  213. {
    214. 

  214. 	static char s[10];
    215. 

  215. 

  216. 	if (iana) {
    217. 

  217. 		sprintf(s, "%06x", iana);
    218. 

  218. 		return s;
    219. 

  219. 	} else {
    220. 

  220. 		return "N/A";
    221. 

  221. 	}
    222. 

  222. }
    223. 

  223. 

  224. /**
    225. 

  225.  * ipmi_1_5_authtypes
    226. 

  226.  *
    227. 

  227.  * Create a string describing the supported authentication types as 
    228. 

  228.  * specificed by the parameter n
    229. 

  229.  */
    230. 

  230. static const char *
    231. 

  231. ipmi_1_5_authtypes(uint8_t n)
    232. 

  232. {
    233. 

  233. 	uint32_t i;
    234. 

  234. 	static char supportedTypes[128];
    235. 

  235. 

  236. 	memset(supportedTypes, 0, sizeof(supportedTypes));
    237. 

  237. 	for (i = 0; ipmi_authtype_vals[i].val != 0; i++) {
    238. 

  238. 		if (n & ipmi_authtype_vals[i].val) {
    239. 

  239. 			strcat(supportedTypes, ipmi_authtype_vals[i].str);
    240. 

  240. 			strcat(supportedTypes, " ");
    241. 

  241. 		}
    242. 

  242. 	}
    243. 

  243. 

  244. 	return supportedTypes;
    245. 

  245. }
    246. 

  246. 

  247. uint8_t
    248. 

  248. ipmi_current_channel_medium(struct ipmi_intf *intf)
    249. 

  249. {
    250. 

  250. 	return ipmi_get_channel_medium(intf, 0xE);
    251. 

  251. }
    252. 

  252. 

  253. /**
    254. 

  254.  * ipmi_get_channel_auth_cap
    255. 

  255.  *
    256. 

  256.  * return 0 on success
    257. 

  257.  *        -1 on failure
    258. 

  258.  */
    259. 

  259. int
    260. 

  260. ipmi_get_channel_auth_cap(struct ipmi_intf *intf, uint8_t channel, uint8_t priv)
    261. 

  261. {
    262. 

  262. 	struct ipmi_rs *rsp;
    263. 

  263. 	struct ipmi_rq req;
    264. 

  264. 	struct get_channel_auth_cap_rsp auth_cap;
    265. 

  265. 	uint8_t msg_data[2];
    266. 

  266. 

  267. 	/* Ask for IPMI v2 data as well */
    268. 

  268. 	msg_data[0] = channel | 0x80;
    269. 

  269. 	msg_data[1] = priv;
    270. 

  270. 

  271. 	memset(&req, 0, sizeof(req));
    272. 

  272. 	req.msg.netfn = IPMI_NETFN_APP;
    273. 

  273. 	req.msg.cmd = IPMI_GET_CHANNEL_AUTH_CAP;
    274. 

  274. 	req.msg.data = msg_data;
    275. 

  275. 	req.msg.data_len = 2;
    276. 

  276. 

  277. 	rsp = intf->sendrecv(intf, &req);
    278. 

  278. 

  279. 	if ((rsp == NULL) || (rsp->ccode > 0)) {
    280. 

  280. 		/*
    281. 

  281. 		 * It's very possible that this failed because we asked for IPMI v2 data
    282. 

  282. 		 * Ask again, without requesting IPMI v2 data
    283. 

  283. 		 */
    284. 

  284. 		msg_data[0] &= 0x7F;
    285. 

  285. 		
    286. 

  286. 		rsp = intf->sendrecv(intf, &req);
    287. 

  287. 		if (rsp == NULL) {
    288. 

  288. 			lprintf(LOG_ERR, "Unable to Get Channel Authentication Capabilities");
    289. 

  289. 			return (-1);
    290. 

  290. 		}
    291. 

  291. 		if (rsp->ccode > 0) {
    292. 

  292. 			lprintf(LOG_ERR, "Get Channel Authentication Capabilities failed: %s",
    293. 

  293. 				val2str(rsp->ccode, completion_code_vals));
    294. 

  294. 			return (-1);
    295. 

  295. 		}
    296. 

  296. 	}
    297. 

  297. 

  298. 	memcpy(&auth_cap, rsp->data, sizeof(struct get_channel_auth_cap_rsp));
    299. 

  299. 

  300. 	printf("Channel number             : %d\n",
    301. 

  301. 		   auth_cap.channel_number);
    302. 

  302. 	printf("IPMI v1.5  auth types      : %s\n",
    303. 

  303. 		   ipmi_1_5_authtypes(auth_cap.enabled_auth_types));
    304. 

  304. 

  305. 	if (auth_cap.v20_data_available) {
    306. 

  306. 		printf("KG status                  : %s\n",
    307. 

  307. 			   (auth_cap.kg_status) ? "non-zero" : "default (all zeroes)");
    308. 

  308. 	}
    309. 

  309. 

  310. 	printf("Per message authentication : %sabled\n",
    311. 

  311. 		   (auth_cap.per_message_auth) ? "dis" : "en");
    312. 

  312. 	printf("User level authentication  : %sabled\n",
    313. 

  313. 		   (auth_cap.user_level_auth) ? "dis" : "en");
    314. 

  314. 

  315. 	printf("Non-null user names exist  : %s\n",
    316. 

  316. 		   (auth_cap.non_null_usernames) ? "yes" : "no");
    317. 

  317. 	printf("Null user names exist      : %s\n",
    318. 

  318. 		   (auth_cap.null_usernames) ? "yes" : "no");
    319. 

  319. 	printf("Anonymous login enabled    : %s\n",
    320. 

  320. 		   (auth_cap.anon_login_enabled) ? "yes" : "no");
    321. 

  321. 

  322. 	if (auth_cap.v20_data_available) {
    323. 

  323. 		printf("Channel supports IPMI v1.5 : %s\n",
    324. 

  324. 			   (auth_cap.ipmiv15_support) ? "yes" : "no");
    325. 

  325. 		printf("Channel supports IPMI v2.0 : %s\n",
    326. 

  326. 			   (auth_cap.ipmiv20_support) ? "yes" : "no");
    327. 

  327. 	}
    328. 

  328. 

  329. 	/*
    330. 

  330. 	 * If there is support for an OEM authentication type, there is some
    331. 

  331. 	 * information.
    332. 

  332. 	 */
    333. 

  333. 	if (auth_cap.enabled_auth_types & IPMI_1_5_AUTH_TYPE_BIT_OEM) {
    334. 

  334. 		printf("IANA Number for OEM        : %d\n",
    335. 

  335. 			   auth_cap.oem_id[0]      | 
    336. 

  336. 			   auth_cap.oem_id[1] << 8 | 
    337. 

  337. 			   auth_cap.oem_id[2] << 16);
    338. 

  338. 		printf("OEM Auxiliary Data         : 0x%x\n",
    339. 

  339. 			   auth_cap.oem_aux_data);
    340. 

  340. 	}
    341. 

  341. 

  342. 	return 0;
    343. 

  343. }
    344. 

  344. 

  345. static int
    346. 

  346. ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type,
    347. 

  347. 		uint8_t channel)
    348. 

  348. {
    349. 

  349. 	struct ipmi_rs *rsp;
    350. 

  350. 	struct ipmi_rq req;
    351. 

  351. 

  352. 	uint8_t rqdata[3];
    353. 

  353. 	uint32_t iana;
    354. 

  354. 	uint8_t auth_alg, integrity_alg, crypt_alg;
    355. 

  355. 	uint8_t cipher_suite_id;
    356. 

  356. 	uint8_t list_index = 0;
    357. 

  357. 	/* 0x40 sets * 16 bytes per set */
    358. 

  358. 	uint8_t cipher_suite_data[1024];
    359. 

  359. 	uint16_t offset = 0;
    360. 

  360. 	/* how much was returned, total */
    361. 

  361. 	uint16_t cipher_suite_data_length = 0;
    362. 

  362. 

  363. 	memset(cipher_suite_data, 0, sizeof(cipher_suite_data));
    364. 

  364. 	
    365. 

  365. 	memset(&req, 0, sizeof(req));
    366. 

  366. 	req.msg.netfn = IPMI_NETFN_APP;
    367. 

  367. 	req.msg.cmd = IPMI_GET_CHANNEL_CIPHER_SUITES;
    368. 

  368. 	req.msg.data = rqdata;
    369. 

  369. 	req.msg.data_len = 3;
    370. 

  370. 

  371. 	rqdata[0] = channel;
    372. 

  372. 	rqdata[1] = ((strncmp(payload_type, "ipmi", 4) == 0)? 0: 1);
    373. 

  373. 	/* Always ask for cipher suite format */
    374. 

  374. 	rqdata[2] = 0x80;
    375. 

  375. 

  376. 	rsp = intf->sendrecv(intf, &req);
    377. 

  377. 	if (rsp == NULL) {
    378. 

  378. 		lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites");
    379. 

  379. 		return -1;
    380. 

  380. 	}
    381. 

  381. 	if (rsp->ccode > 0) {
    382. 

  382. 		lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
    383. 

  383. 			val2str(rsp->ccode, completion_code_vals));
    384. 

  384. 		return -1;
    385. 

  385. 	}
    386. 

  386. 

  387. 

  388. 	/*
    389. 

  389. 	 * Grab the returned channel number once.  We assume it's the same
    390. 

  390. 	 * in future calls.
    391. 

  391. 	 */
    392. 

  392. 	if (rsp->data_len >= 1) {
    393. 

  393. 		channel = rsp->data[0];
    394. 

  394. 	}
    395. 

  395. 

  396. 	while ((rsp->data_len > 1) && (rsp->data_len == 17) && (list_index < 0x3F)) {
    397. 

  397. 		/*
    398. 

  398. 		 * We got back cipher suite data -- store it.
    399. 

  399. 		 * printf("copying data to offset %d\n", offset);
    400. 

  400. 		 * printbuf(rsp->data + 1, rsp->data_len - 1, "this is the data");
    401. 

  401. 		 */
    402. 

  402. 		memcpy(cipher_suite_data + offset, rsp->data + 1, rsp->data_len - 1);
    403. 

  403. 		offset += rsp->data_len - 1;
    404. 

  404. 		
    405. 

  405. 		/*
    406. 

  406. 		 * Increment our list for the next call
    407. 

  407. 		 */
    408. 

  408. 		++list_index;
    409. 

  409. 		rqdata[2] =  (rqdata[2] & 0x80) + list_index; 
    410. 

  410. 

  411. 		rsp = intf->sendrecv(intf, &req);
    412. 

  412. 		if (rsp == NULL) {
    413. 

  413. 			lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites");
    414. 

  414. 			return -1;
    415. 

  415. 		}
    416. 

  416. 		if (rsp->ccode > 0) {
    417. 

  417. 			lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
    418. 

  418. 					val2str(rsp->ccode, completion_code_vals));
    419. 

  419. 			return -1;
    420. 

  420. 		}
    421. 

  421. 	}
    422. 

  422. 

  423. 	/* Copy last chunk */
    424. 

  424. 	if(rsp->data_len > 1) {
    425. 

  425. 		/*
    426. 

  426. 		 * We got back cipher suite data -- store it.
    427. 

  427. 		 * printf("copying data to offset %d\n", offset);
    428. 

  428. 		 * printbuf(rsp->data + 1, rsp->data_len - 1, "this is the data");
    429. 

  429. 		 */
    430. 

  430. 		memcpy(cipher_suite_data + offset, rsp->data + 1, rsp->data_len - 1);
    431. 

  431. 		offset += rsp->data_len - 1;
    432. 

  432. 	}
    433. 

  433. 

  434. 	/* We can chomp on all our data now. */
    435. 

  435. 	cipher_suite_data_length = offset;
    436. 

  436. 	offset = 0;
    437. 

  437. 

  438. 	if (! csv_output) {
    439. 

  439. 		printf("ID   IANA    Auth Alg        Integrity Alg   Confidentiality Alg\n");
    440. 

  440. 	}
    441. 

  441. 	while (offset < cipher_suite_data_length) {
    442. 

  442. 		if (cipher_suite_data[offset++] == 0xC0) {
    443. 

  443. 			/* standard type */
    444. 

  444. 			iana = 0;
    445. 

  445. 

  446. 			/* Verify that we have at least a full record left; id + 3 algs */
    447. 

  447. 			if ((cipher_suite_data_length - offset) < 4) {
    448. 

  448. 				lprintf(LOG_ERR, "Incomplete data record in cipher suite data");
    449. 

  449. 				return -1;
    450. 

  450. 			}
    451. 

  451. 			cipher_suite_id = cipher_suite_data[offset++];
    452. 

  452. 		} else if (cipher_suite_data[offset++] == 0xC1) {
    453. 

  453. 			/* OEM record type */
    454. 

  454. 			/* Verify that we have at least a full record left
    455. 

  455. 			 * id + iana + 3 algs
    456. 

  456. 			 */
    457. 

  457. 			if ((cipher_suite_data_length - offset) < 4) {
    458. 

  458. 				lprintf(LOG_ERR, "Incomplete data record in cipher suite data");
    459. 

  459. 				return -1;
    460. 

  460. 			}
    461. 

  461. 

  462. 			cipher_suite_id = cipher_suite_data[offset++];
    463. 

  463. 

  464. 			/* Grab the IANA */
    465. 

  465. 			iana =
    466. 

  466. 				cipher_suite_data[offset]            | 
    467. 

  467. 				(cipher_suite_data[offset + 1] << 8) | 
    468. 

  468. 				(cipher_suite_data[offset + 2] << 16);
    469. 

  469. 			offset += 3;
    470. 

  470. 		} else {
    471. 

  471. 			lprintf(LOG_ERR, "Bad start of record byte in cipher suite data");
    472. 

  472. 			return -1;
    473. 

  473. 		}
    474. 

  474. 

  475. 		/*
    476. 

  476. 		 * Grab the algorithms for this cipher suite.  I guess we can't be
    477. 

  477. 		 * sure of what order they'll come in.  Also, I suppose we default
    478. 

  478. 		 * to the NONE algorithm if one were absent.  This part of the spec is
    479. 

  479. 		 * poorly written -- I have read the errata document.  For now, I'm only
    480. 

  480. 		 * allowing one algorithm per type (auth, integrity, crypt) because I
    481. 

  481. 		 * don't I understand how it could be otherwise.
    482. 

  482. 		 */
    483. 

  483. 		auth_alg      = IPMI_AUTH_RAKP_NONE;
    484. 

  484. 		integrity_alg = IPMI_INTEGRITY_NONE;
    485. 

  485. 		crypt_alg     = IPMI_CRYPT_NONE;
    486. 

  486. 		
    487. 

  487. 		while (((cipher_suite_data[offset] & 0xC0) != 0xC0) &&
    488. 

  488. 			   ((cipher_suite_data_length - offset) > 0))
    489. 

  489. 		{
    490. 

  490. 			switch (cipher_suite_data[offset] & 0xC0)
    491. 

  491. 			{
    492. 

  492. 			case 0x00:
    493. 

  493. 				/* Authentication algorithm specifier */
    494. 

  494. 				auth_alg = cipher_suite_data[offset++] & 0x3F;
    495. 

  495. 				break;
    496. 

  496. 			case 0x40:
    497. 

  497. 				/* Interity algorithm specifier */
    498. 

  498. 				integrity_alg = cipher_suite_data[offset++] & 0x3F;
    499. 

  499. 				break;
    500. 

  500. 			case 0x80:
    501. 

  501. 				/* Confidentiality algorithm specifier */
    502. 

  502. 				crypt_alg = cipher_suite_data[offset++] & 0x3F;
    503. 

  503. 				break;
    504. 

  504. 			}
    505. 

  505. 		}
    506. 

  506. 		/* We have everything we need to spit out a cipher suite record */
    507. 

  507. 		printf((csv_output? "%d,%s,%s,%s,%s\n" :
    508. 

  508. 			"%-4d %-7s %-15s %-15s %-15s\n"),
    509. 

  509. 		       cipher_suite_id,
    510. 

  510. 		       iana_string(iana),
    511. 

  511. 		       val2str(auth_alg, ipmi_auth_algorithms),
    512. 

  512. 		       val2str(integrity_alg, ipmi_integrity_algorithms),
    513. 

  513. 		       val2str(crypt_alg, ipmi_encryption_algorithms));
    514. 

  514. 	}
    515. 

  515. 	return 0;
    516. 

  516. }
    517. 

  517. 

  518. /**
    519. 

  519.  * ipmi_get_channel_info
    520. 

  520.  *
    521. 

  521.  * returns 0 on success
    522. 

  522.  *         -1 on failure
    523. 

  523.  *
    524. 

  524.  */
    525. 

  525. int
    526. 

  526. ipmi_get_channel_info(struct ipmi_intf *intf, uint8_t channel)
    527. 

  527. {
    528. 

  528. 	struct channel_info_t channel_info = {0};
    529. 

  529. 	struct channel_access_t channel_access = {0};
    530. 

  530. 	int ccode = 0;
    531. 

  531. 

  532. 	channel_info.channel = channel;
    533. 

  533. 	ccode = _ipmi_get_channel_info(intf, &channel_info);
    534. 

  534. 	if (eval_ccode(ccode) != 0) {
    535. 

  535. 		lprintf(LOG_ERR, "Unable to Get Channel Info");
    536. 

  536. 		return (-1);
    537. 

  537. 	}
    538. 

  538. 

  539. 	printf("Channel 0x%x info:\n", channel_info.channel);
    540. 

  540. 	printf("  Channel Medium Type   : %s\n",
    541. 

  541. 		   val2str(channel_info.medium,
    542. 

  542. 			   ipmi_channel_medium_vals));
    543. 

  543. 	printf("  Channel Protocol Type : %s\n",
    544. 

  544. 		   val2str(channel_info.protocol,
    545. 

  545. 			   ipmi_channel_protocol_vals));
    546. 

  546. 	printf("  Session Support       : ");
    547. 

  547. 	switch (channel_info.session_support) {
    548. 

  548. 		case IPMI_CHANNEL_SESSION_LESS:
    549. 

  549. 			printf("session-less\n");
    550. 

  550. 			break;
    551. 

  551. 		case IPMI_CHANNEL_SESSION_SINGLE:
    552. 

  552. 			printf("single-session\n");
    553. 

  553. 			break;
    554. 

  554. 		case IPMI_CHANNEL_SESSION_MULTI:
    555. 

  555. 			printf("multi-session\n");
    556. 

  556. 			break;
    557. 

  557. 		case IPMI_CHANNEL_SESSION_BASED:
    558. 

  558. 			printf("session-based\n");
    559. 

  559. 			break;
    560. 

  560. 		default:
    561. 

  561. 			printf("unknown\n");
    562. 

  562. 			break;
    563. 

  563. 	}
    564. 

  564. 	printf("  Active Session Count  : %d\n",
    565. 

  565. 		   channel_info.active_sessions);
    566. 

  566. 	printf("  Protocol Vendor ID    : %d\n",
    567. 

  567. 		   channel_info.vendor_id[0]      |
    568. 

  568. 		   channel_info.vendor_id[1] << 8 |
    569. 

  569. 		   channel_info.vendor_id[2] << 16);
    570. 

  570. 

  571. 	/* only proceed if this is LAN channel */
    572. 

  572. 	if (channel_info.medium != IPMI_CHANNEL_MEDIUM_LAN
    573. 

  573. 		&& channel_info.medium != IPMI_CHANNEL_MEDIUM_LAN_OTHER) {
    574. 

  574. 		return 0;
    575. 

  575. 	}
    576. 

  576. 

  577. 	channel_access.channel = channel_info.channel;
    578. 

  578. 	ccode = _ipmi_get_channel_access(intf, &channel_access, 1);
    579. 

  579. 	if (eval_ccode(ccode) != 0) {
    580. 

  580. 		lprintf(LOG_ERR, "Unable to Get Channel Access (volatile)");
    581. 

  581. 		return (-1);
    582. 

  582. 	}
    583. 

  583. 

  584. 	printf("  Volatile(active) Settings\n");
    585. 

  585. 	printf("    Alerting            : %sabled\n",
    586. 

  586. 			(channel_access.alerting) ? "dis" : "en");
    587. 

  587. 	printf("    Per-message Auth    : %sabled\n",
    588. 

  588. 			(channel_access.per_message_auth) ? "dis" : "en");
    589. 

  589. 	printf("    User Level Auth     : %sabled\n",
    590. 

  590. 			(channel_access.user_level_auth) ? "dis" : "en");
    591. 

  591. 	printf("    Access Mode         : ");
    592. 

  592. 	switch (channel_access.access_mode) {
    593. 

  593. 		case 0:
    594. 

  594. 			printf("disabled\n");
    595. 

  595. 			break;
    596. 

  596. 		case 1:
    597. 

  597. 			printf("pre-boot only\n");
    598. 

  598. 			break;
    599. 

  599. 		case 2:
    600. 

  600. 			printf("always available\n");
    601. 

  601. 			break;
    602. 

  602. 		case 3:
    603. 

  603. 			printf("shared\n");
    604. 

  604. 			break;
    605. 

  605. 		default:
    606. 

  606. 			printf("unknown\n");
    607. 

  607. 			break;
    608. 

  608. 	}
    609. 

  609. 

  610. 	memset(&channel_access, 0, sizeof(channel_access));
    611. 

  611. 	channel_access.channel = channel_info.channel;
    612. 

  612. 	/* get non-volatile settings */
    613. 

  613. 	ccode = _ipmi_get_channel_access(intf, &channel_access, 0);
    614. 

  614. 	if (eval_ccode(ccode) != 0) {
    615. 

  615. 		lprintf(LOG_ERR, "Unable to Get Channel Access (non-volatile)");
    616. 

  616. 		return (-1);
    617. 

  617. 	}
    618. 

  618. 

  619. 	printf("  Non-Volatile Settings\n");
    620. 

  620. 	printf("    Alerting            : %sabled\n",
    621. 

  621. 			(channel_access.alerting) ? "dis" : "en");
    622. 

  622. 	printf("    Per-message Auth    : %sabled\n",
    623. 

  623. 			(channel_access.per_message_auth) ? "dis" : "en");
    624. 

  624. 	printf("    User Level Auth     : %sabled\n",
    625. 

  625. 			(channel_access.user_level_auth) ? "dis" : "en");
    626. 

  626. 	printf("    Access Mode         : ");
    627. 

  627. 	switch (channel_access.access_mode) {
    628. 

  628. 		case 0:
    629. 

  629. 			printf("disabled\n");
    630. 

  630. 			break;
    631. 

  631. 		case 1:
    632. 

  632. 			printf("pre-boot only\n");
    633. 

  633. 			break;
    634. 

  634. 		case 2:
    635. 

  635. 			printf("always available\n");
    636. 

  636. 			break;
    637. 

  637. 		case 3:
    638. 

  638. 			printf("shared\n");
    639. 

  639. 			break;
    640. 

  640. 		default:
    641. 

  641. 			printf("unknown\n");
    642. 

  642. 			break;
    643. 

  643. 	}
    644. 

  644. 	return 0;
    645. 

  645. }
    646. 

  646. 

  647. /* ipmi_get_channel_medium - Return Medium of given IPMI Channel.
    648. 

  648.  *
    649. 

  649.  * @channel - IPMI Channel
    650. 

  650.  *
    651. 

  651.  * returns - IPMI Channel Medium, IPMI_CHANNEL_MEDIUM_RESERVED if ccode > 0,
    652. 

  652.  * 0 on error.
    653. 

  653.  */
    654. 

  654. uint8_t
    655. 

  655. ipmi_get_channel_medium(struct ipmi_intf *intf, uint8_t channel)
    656. 

  656. {
    657. 

  657. 	struct channel_info_t channel_info = {0};
    658. 

  658. 	int ccode = 0;
    659. 

  659. 

  660. 	channel_info.channel = channel;
    661. 

  661. 	ccode = _ipmi_get_channel_info(intf, &channel_info);
    662. 

  662. 	if (ccode == 0xCC) {
    663. 

  663. 		return IPMI_CHANNEL_MEDIUM_RESERVED;
    664. 

  664. 	} else if (ccode < 0 && eval_ccode(ccode) != 0) {
    665. 

  665. 		return 0;
    666. 

  666. 	} else if (ccode > 0) {
    667. 

  667. 		lprintf(LOG_ERR, "Get Channel Info command failed: %s",
    668. 

  668. 				val2str(ccode, completion_code_vals));
    669. 

  669. 		return IPMI_CHANNEL_MEDIUM_RESERVED;
    670. 

  670. 	}
    671. 

  671. 	lprintf(LOG_DEBUG, "Channel type: %s",
    672. 

  672. 			val2str(channel_info.medium, ipmi_channel_medium_vals));
    673. 

  673. 	return channel_info.medium;
    674. 

  674. }
    675. 

  675. 

  676. /* ipmi_get_user_access - Get User Access for given Channel and User or Users.
    677. 

  677.  *
    678. 

  678.  * @intf - IPMI interface
    679. 

  679.  * @channel - IPMI Channel we're getting access for
    680. 

  680.  * @user_id - User ID. If 0 is passed, all IPMI users will be listed
    681. 

  681.  *
    682. 

  682.  * returns - 0 on success, (-1) on error
    683. 

  683.  */
    684. 

  684. static int
    685. 

  685. ipmi_get_user_access(struct ipmi_intf *intf, uint8_t channel, uint8_t user_id)
    686. 

  686. {
    687. 

  687. 	struct user_access_t user_access;
    688. 

  688. 	struct user_name_t user_name;
    689. 

  689. 	int ccode = 0;
    690. 

  690. 	int curr_uid;
    691. 

  691. 	int init = 1;
    692. 

  692. 	int max_uid = 0;
    693. 

  693. 

  694. 	curr_uid = user_id ? user_id : 1;
    695. 

  695. 	do {
    696. 

  696. 		memset(&user_access, 0, sizeof(user_access));
    697. 

  697. 		user_access.channel = channel;
    698. 

  698. 		user_access.user_id = curr_uid;
    699. 

  699. 		ccode = _ipmi_get_user_access(intf, &user_access);
    700. 

  700. 		if (eval_ccode(ccode) != 0) {
    701. 

  701. 			lprintf(LOG_ERR,
    702. 

  702. 					"Unable to Get User Access (channel %d id %d)",
    703. 

  703. 					channel, curr_uid);
    704. 

  704. 			return (-1);
    705. 

  705. 		}
    706. 

  706. 

  707. 		memset(&user_name, 0, sizeof(user_name));
    708. 

  708. 		user_name.user_id = curr_uid;
    709. 

  709. 		ccode = _ipmi_get_user_name(intf, &user_name);
    710. 

  710. 		if (ccode == 0xCC) {
    711. 

  711. 			user_name.user_id = curr_uid;
    712. 

  712. 			memset(&user_name.user_name, '\0', 17);
    713. 

  713. 		} else if (eval_ccode(ccode) != 0) {
    714. 

  714. 			lprintf(LOG_ERR, "Unable to Get User Name (id %d)", curr_uid);
    715. 

  715. 			return (-1);
    716. 

  716. 		}
    717. 

  717. 		if (init) {
    718. 

  718. 			printf("Maximum User IDs     : %d\n", user_access.max_user_ids);
    719. 

  719. 			printf("Enabled User IDs     : %d\n", user_access.enabled_user_ids);
    720. 

  720. 			max_uid = user_access.max_user_ids;
    721. 

  721. 			init = 0;
    722. 

  722. 		}
    723. 

  723. 

  724. 		printf("\n");
    725. 

  725. 		printf("User ID              : %d\n", curr_uid);
    726. 

  726. 		printf("User Name            : %s\n", user_name.user_name);
    727. 

  727. 		printf("Fixed Name           : %s\n",
    728. 

  728. 		       (curr_uid <= user_access.fixed_user_ids) ? "Yes" : "No");
    729. 

  729. 		printf("Access Available     : %s\n",
    730. 

  730. 		       (user_access.callin_callback) ? "callback" : "call-in / callback");
    731. 

  731. 		printf("Link Authentication  : %sabled\n",
    732. 

  732. 		       (user_access.link_auth) ? "en" : "dis");
    733. 

  733. 		printf("IPMI Messaging       : %sabled\n",
    734. 

  734. 		       (user_access.ipmi_messaging) ? "en" : "dis");
    735. 

  735. 		printf("Privilege Level      : %s\n",
    736. 

  736. 		       val2str(user_access.privilege_limit, ipmi_privlvl_vals));
    737. 

  737. 		printf("Enable Status        : %s\n",
    738. 

  738. 			val2str(user_access.enable_status, ipmi_user_enable_status_vals));
    739. 

  739. 		curr_uid ++;
    740. 

  740. 	} while (!user_id && curr_uid <= max_uid);
    741. 

  741. 

  742. 	return 0;
    743. 

  743. }
    744. 

  744. 

  745. /* ipmi_set_user_access - Query BMC for current Channel ACLs, parse CLI args
    746. 

  746.  * and update current ACLs.
    747. 

  747.  *
    748. 

  748.  * returns - 0 on success, (-1) on error
    749. 

  749.  */
    750. 

  750. int
    751. 

  751. ipmi_set_user_access(struct ipmi_intf *intf, int argc, char **argv)
    752. 

  752. {
    753. 

  753. 	struct user_access_t user_access = {0};
    754. 

  754. 	int ccode = 0;
    755. 

  755. 	int i = 0;
    756. 

  756. 	uint8_t channel = 0;
    757. 

  757. 	uint8_t priv = 0;
    758. 

  758. 	uint8_t user_id = 0;
    759. 

  759. 	if (argc > 0 && strncmp(argv[0], "help", 4) == 0) {
    760. 

  760. 		printf_channel_usage();
    761. 

  761. 		return 0;
    762. 

  762. 	} else if (argc < 3) {
    763. 

  763. 		lprintf(LOG_ERR, "Not enough parameters given.");
    764. 

  764. 		printf_channel_usage();
    765. 

  765. 		return (-1);
    766. 

  766. 	}
    767. 

  767. 	if (is_ipmi_channel_num(argv[0], &channel) != 0
    768. 

  768. 			|| is_ipmi_user_id(argv[1], &user_id) != 0) {
    769. 

  769. 		return (-1);
    770. 

  770. 	}
    771. 

  771. 	user_access.channel = channel;
    772. 

  772. 	user_access.user_id = user_id;
    773. 

  773. 	ccode = _ipmi_get_user_access(intf, &user_access);
    774. 

  774. 	if (eval_ccode(ccode) != 0) {
    775. 

  775. 		lprintf(LOG_ERR,
    776. 

  776. 				"Unable to Get User Access (channel %d id %d)",
    777. 

  777. 				channel, user_id);
    778. 

  778. 		return (-1);
    779. 

  779. 	}
    780. 

  780. 	for (i = 2; i < argc; i ++) {
    781. 

  781. 		if (strncmp(argv[i], "callin=", 7) == 0) {
    782. 

  782. 			if (strncmp(argv[i] + 7, "off", 3) == 0) {
    783. 

  783. 				user_access.callin_callback = 1;
    784. 

  784. 			} else {
    785. 

  785. 				user_access.callin_callback = 0;
    786. 

  786. 			}
    787. 

  787. 		} else if (strncmp(argv[i], "link=", 5) == 0) {
    788. 

  788. 			if (strncmp(argv[i] + 5, "off", 3) == 0) {
    789. 

  789. 				user_access.link_auth = 0;
    790. 

  790. 			} else {
    791. 

  791. 				user_access.link_auth = 1;
    792. 

  792. 			}
    793. 

  793. 		} else if (strncmp(argv[i], "ipmi=", 5) == 0) {
    794. 

  794. 			if (strncmp(argv[i] + 5, "off", 3) == 0) {
    795. 

  795. 				user_access.ipmi_messaging = 0;
    796. 

  796. 			} else {
    797. 

  797. 				user_access.ipmi_messaging = 1;
    798. 

  798. 			}
    799. 

  799. 		} else if (strncmp(argv[i], "privilege=", 10) == 0) {
    800. 

  800. 			if (str2uchar(argv[i] + 10, &priv) != 0) {
    801. 

  801. 				lprintf(LOG_ERR,
    802. 

  802. 						"Numeric value expected, but '%s' given.",
    803. 

  803. 						argv[i] + 10);
    804. 

  804. 				return (-1);
    805. 

  805. 			}
    806. 

  806. 			user_access.privilege_limit = priv;
    807. 

  807. 		} else {
    808. 

  808. 			lprintf(LOG_ERR, "Invalid option: %s\n", argv[i]);
    809. 

  809. 			return (-1);
    810. 

  810. 		}
    811. 

  811. 	}
    812. 

  812. 	ccode = _ipmi_set_user_access(intf, &user_access, 0);
    813. 

  813. 	if (eval_ccode(ccode) != 0) {
    814. 

  814. 		lprintf(LOG_ERR,
    815. 

  815. 				"Unable to Set User Access (channel %d id %d)",
    816. 

  816. 				channel, user_id);
    817. 

  817. 		return (-1);
    818. 

  818. 	}
    819. 

  819. 	printf("Set User Access (channel %d id %d) successful.\n",
    820. 

  820. 			channel, user_id);
    821. 

  821. 	return 0;
    822. 

  822. }
    823. 

  823. 

  824. int
    825. 

  825. ipmi_channel_main(struct ipmi_intf *intf, int argc, char **argv)
    826. 

  826. {
    827. 

  827. 	int retval = 0;
    828. 

  828. 	uint8_t channel;
    829. 

  829. 	uint8_t priv = 0;
    830. 

  830. 	if (argc < 1) {
    831. 

  831. 		lprintf(LOG_ERR, "Not enough parameters given.");
    832. 

  832. 		printf_channel_usage();
    833. 

  833. 		return (-1);
    834. 

  834. 	} else if (strncmp(argv[0], "help", 4) == 0) {
    835. 

  835. 		printf_channel_usage();
    836. 

  836. 		return 0;
    837. 

  837. 	} else if (strncmp(argv[0], "authcap", 7) == 0) {
    838. 

  838. 		if (argc != 3) {
    839. 

  839. 			printf_channel_usage();
    840. 

  840. 			return (-1);
    841. 

  841. 		}
    842. 

  842. 		if (is_ipmi_channel_num(argv[1], &channel) != 0
    843. 

  843. 				|| is_ipmi_user_priv_limit(argv[2], &priv) != 0) {
    844. 

  844. 			return (-1);
    845. 

  845. 		}
    846. 

  846. 		retval = ipmi_get_channel_auth_cap(intf, channel, priv);
    847. 

  847. 	} else if (strncmp(argv[0], "getaccess", 10) == 0) {
    848. 

  848. 		uint8_t user_id = 0;
    849. 

  849. 		if ((argc < 2) || (argc > 3)) {
    850. 

  850. 			lprintf(LOG_ERR, "Not enough parameters given.");
    851. 

  851. 			printf_channel_usage();
    852. 

  852. 			return (-1);
    853. 

  853. 		}
    854. 

  854. 		if (is_ipmi_channel_num(argv[1], &channel) != 0) {
    855. 

  855. 			return (-1);
    856. 

  856. 		}
    857. 

  857. 		if (argc == 3) {
    858. 

  858. 			if (is_ipmi_user_id(argv[2], &user_id) != 0) {
    859. 

  859. 				return (-1);
    860. 

  860. 			}
    861. 

  861. 		}
    862. 

  862. 		retval = ipmi_get_user_access(intf, channel, user_id);
    863. 

  863. 	} else if (strncmp(argv[0], "setaccess", 9) == 0) {
    864. 

  864. 		return ipmi_set_user_access(intf, (argc - 1), &(argv[1]));
    865. 

  865. 	} else if (strncmp(argv[0], "info", 4) == 0) {
    866. 

  866. 		channel = 0xE;
    867. 

  867. 		if (argc > 2) {
    868. 

  868. 			printf_channel_usage();
    869. 

  869. 			return (-1);
    870. 

  870. 		}
    871. 

  871. 		if (argc == 2) {
    872. 

  872. 			if (is_ipmi_channel_num(argv[1], &channel) != 0) {
    873. 

  873. 				return (-1);
    874. 

  874. 			}
    875. 

  875. 		}
    876. 

  876. 		retval = ipmi_get_channel_info(intf, channel);
    877. 

  877. 	} else if (strncmp(argv[0], "getciphers", 10) == 0) {
    878. 

  878. 		/* channel getciphers <ipmi|sol> [channel] */
    879. 

  879. 		channel = 0xE;
    880. 

  880. 		if ((argc < 2) || (argc > 3) ||
    881. 

  881. 		    (strncmp(argv[1], "ipmi", 4) && strncmp(argv[1], "sol",  3))) {
    882. 

  882. 			printf_channel_usage();
    883. 

  883. 			return (-1);
    884. 

  884. 		}
    885. 

  885. 		if (argc == 3) {
    886. 

  886. 			if (is_ipmi_channel_num(argv[2], &channel) != 0) {
    887. 

  887. 				return (-1);
    888. 

  888. 			}
    889. 

  889. 		}
    890. 

  890. 		retval = ipmi_get_channel_cipher_suites(intf,
    891. 

  891. 							argv[1], /* ipmi | sol */
    892. 

  892. 							channel);
    893. 

  893. 	} else {
    894. 

  894. 		lprintf(LOG_ERR, "Invalid CHANNEL command: %s\n", argv[0]);
    895. 

  895. 		printf_channel_usage();
    896. 

  896. 		retval = -1;
    897. 

  897. 	}
    898. 

  898. 	return retval;
    899. 

  899. }
    900. 

  900. 

  901. /* printf_channel_usage - print-out help. */
    902. 

  902. void
    903. 

  903. printf_channel_usage()
    904. 

  904. {
    905. 

  905. 	lprintf(LOG_NOTICE,
    906. 

  906. "Channel Commands: authcap   <channel number> <max privilege>");
    907. 

  907. 	lprintf(LOG_NOTICE,
    908. 

  908. "                  getaccess <channel number> [user id]");
    909. 

  909. 	lprintf(LOG_NOTICE,
    910. 

  910. "                  setaccess <channel number> "
    911. 

  911. "<user id> [callin=on|off] [ipmi=on|off] [link=on|off] [privilege=level]");
    912. 

  912. 	lprintf(LOG_NOTICE,
    913. 

  913. "                  info      [channel number]");
    914. 

  914. 	lprintf(LOG_NOTICE,
    915. 

  915. "                  getciphers <ipmi | sol> [channel]");
    916. 

  916. 	lprintf(LOG_NOTICE,
    917. 

  917. "");
    918. 

  918. 	lprintf(LOG_NOTICE,
    919. 

  919. "Possible privilege levels are:");
    920. 

  920. 	lprintf(LOG_NOTICE,
    921. 

  921. "   1   Callback level");
    922. 

  922. 	lprintf(LOG_NOTICE,
    923. 

  923. "   2   User level");
    924. 

  924. 	lprintf(LOG_NOTICE,
    925. 

  925. "   3   Operator level");
    926. 

  926. 	lprintf(LOG_NOTICE,
    927. 

  927. "   4   Administrator level");
    928. 

  928. 	lprintf(LOG_NOTICE,
    929. 

  929. "   5   OEM Proprietary level");
    930. 

  930. 	lprintf(LOG_NOTICE,
    931. 

  931. "  15   No access");
    932. 

  932. }
    933.