Blame SOURCES/0003-ipmitool-1.8.11-set-kg-key.patch

e20f4c
diff -urNp old/doc/ipmitool.1 new/doc/ipmitool.1
e20f4c
--- old/doc/ipmitool.1	2017-02-06 10:20:02.254362909 +0100
e20f4c
+++ new/doc/ipmitool.1	2017-02-06 10:33:41.729294474 +0100
e20f4c
@@ -372,6 +372,20 @@ Configure user access information on the
e20f4c
 
e20f4c
 Displays the list of cipher suites supported for the given
e20f4c
 application (ipmi or sol) on the given channel.
e20f4c
+.TP
e20f4c
+\fIsetkg\fP <\fIhex\fP|\fIplain\fP> <\fBkey\fP> [<\fBchannel\fR>]
e20f4c
+.br
e20f4c
+
e20f4c
+Sets K_g key to given value. Use \fIplain\fP to specify \fBkey\fR as simple ASCII string.
e20f4c
+Use \fIhex\fP to specify \fBkey\fR as sequence of hexadecimal codes of ASCII charactes.
e20f4c
+I.e. following two examples are equivalent:
e20f4c
+
e20f4c
+.RS
e20f4c
+ipmitool channel setkg plain PASSWORD
e20f4c
+
e20f4c
+ipmitool channel setkg hex 50415353574F5244
e20f4c
+.RE
e20f4c
+
e20f4c
 .RE
e20f4c
 .RE
e20f4c
 .TP 
e20f4c
diff -urNp old/include/ipmitool/helper.h new/include/ipmitool/helper.h
e20f4c
--- old/include/ipmitool/helper.h	2017-02-06 10:20:02.254362909 +0100
e20f4c
+++ new/include/ipmitool/helper.h	2017-02-06 10:40:07.336136844 +0100
e20f4c
@@ -58,6 +58,8 @@
e20f4c
 # define IPMI_UID_MAX 63
e20f4c
 #endif
e20f4c
 
e20f4c
+#define IPMI_KG_BUFFER_SIZE       21 /* key plus null byte */
e20f4c
+
e20f4c
 struct ipmi_intf;
e20f4c
 
e20f4c
 struct valstr {
e20f4c
diff -urNp old/include/ipmitool/ipmi_channel.h new/include/ipmitool/ipmi_channel.h
e20f4c
--- old/include/ipmitool/ipmi_channel.h	2017-02-06 10:20:02.253316684 +0100
e20f4c
+++ new/include/ipmitool/ipmi_channel.h	2017-02-06 10:58:15.291287621 +0100
e20f4c
@@ -49,6 +49,10 @@
e20f4c
 #define IPMI_GET_USER_NAME             0x46
e20f4c
 #define IPMI_SET_USER_PASSWORD         0x47
e20f4c
 #define IPMI_GET_CHANNEL_CIPHER_SUITES 0x54
e20f4c
+#define IPMI_SET_CHANNEL_SECURITY_KEYS 0x56
e20f4c
+
e20f4c
+#define IPMI_KG_KEY_ID  1
e20f4c
+#define IPMI_SET_CHANNEL_SECURITY_KEYS_OP_SET 1
e20f4c
 
e20f4c
 /* These are for channel_info_t.session_support */
e20f4c
 #define IPMI_CHANNEL_SESSION_LESS 0x00
e20f4c
@@ -137,6 +141,40 @@ int _ipmi_set_channel_access(struct ipmi
e20f4c
 		struct channel_access_t channel_access, uint8_t access_option,
e20f4c
 		uint8_t privilege_option);
e20f4c
 
e20f4c
+struct set_channel_security_keys_req {
e20f4c
+#if WORDS_BIGENDIAN
e20f4c
+	uint8_t __reserved1			:4;
e20f4c
+	uint8_t channel				:4;
e20f4c
+	
e20f4c
+	uint8_t __reserved2			:6;
e20f4c
+	uint8_t operation			:2;
e20f4c
+	
e20f4c
+	uint8_t key_id;
e20f4c
+	unsigned char key_value[IPMI_KG_BUFFER_SIZE-1]; /* we don't want space for '\0' at the end */
e20f4c
+#else
e20f4c
+	uint8_t channel				:4;
e20f4c
+	uint8_t __reserved1			:4;
e20f4c
+	
e20f4c
+	uint8_t operation			:2;
e20f4c
+	uint8_t __reserved2			:6;
e20f4c
+	
e20f4c
+	uint8_t key_id;
e20f4c
+	unsigned char key_value[IPMI_KG_BUFFER_SIZE-1]; /* we don't want space for '\0' at the end */
e20f4c
+#endif
e20f4c
+} __attribute__ ((packed));
e20f4c
+
e20f4c
+struct set_channel_security_keys_rsp {
e20f4c
+#if WORDS_BIGENDIAN
e20f4c
+	uint8_t __reserved1			:6;
e20f4c
+	uint8_t lock_status			:2;
e20f4c
+	unsigned char key_value; /* just the first character, use &key_value to explore the rest */
e20f4c
+#else
e20f4c
+	uint8_t lock_status			:2;
e20f4c
+	uint8_t __reserved1			:6;
e20f4c
+	unsigned char key_value; /* just the first character, use &key_value to explore the rest */
e20f4c
+#endif
e20f4c
+} __attribute__ ((packed));
e20f4c
+
e20f4c
 uint8_t ipmi_get_channel_medium(struct ipmi_intf * intf, uint8_t channel);
e20f4c
 uint8_t ipmi_current_channel_medium(struct ipmi_intf * intf);
e20f4c
 int ipmi_channel_main(struct ipmi_intf * intf, int argc, char ** argv);
e20f4c
diff -urNp old/include/ipmitool/ipmi_intf.h new/include/ipmitool/ipmi_intf.h
e20f4c
--- old/include/ipmitool/ipmi_intf.h	2017-02-06 10:20:02.254362909 +0100
e20f4c
+++ new/include/ipmitool/ipmi_intf.h	2017-02-06 10:40:40.264577602 +0100
e20f4c
@@ -60,7 +60,6 @@ enum LANPLUS_SESSION_STATE {
e20f4c
 
e20f4c
 #define IPMI_AUTHCODE_BUFFER_SIZE 20
e20f4c
 #define IPMI_SIK_BUFFER_SIZE      IPMI_MAX_MD_SIZE
e20f4c
-#define IPMI_KG_BUFFER_SIZE       21 /* key plus null byte */
e20f4c
 
e20f4c
 struct ipmi_session_params {
e20f4c
 	char * hostname;
e20f4c
diff -urNp old/lib/ipmi_channel.c new/lib/ipmi_channel.c
e20f4c
--- old/lib/ipmi_channel.c	2017-02-06 10:20:02.255409134 +0100
e20f4c
+++ new/lib/ipmi_channel.c	2017-02-06 12:32:14.222282317 +0100
e20f4c
@@ -821,6 +821,92 @@ ipmi_set_user_access(struct ipmi_intf *i
e20f4c
 	return 0;
e20f4c
 }
e20f4c
 
e20f4c
+int 
e20f4c
+ipmi_set_channel_security_keys (struct ipmi_intf *intf, uint8_t channel, const char *method, const char *key)
e20f4c
+{
e20f4c
+	uint8_t kgkey[IPMI_KG_BUFFER_SIZE];
e20f4c
+	struct ipmi_rs *rsp;
e20f4c
+	struct ipmi_rq req;
e20f4c
+	struct set_channel_security_keys_req req_data;
e20f4c
+	int rc = -1;
e20f4c
+	
e20f4c
+	/* convert provided key to array of bytes */
e20f4c
+	if (strcmp(method, "hex") == 0) {
e20f4c
+		if (strlen(key) > (IPMI_KG_BUFFER_SIZE-1)*2) {
e20f4c
+			lprintf(LOG_ERR, "Provided key is too long, max. length is %d bytes", (IPMI_KG_BUFFER_SIZE-1));
e20f4c
+			printf_channel_usage();
e20f4c
+			return -1;
e20f4c
+		}
e20f4c
+
e20f4c
+		rc = ipmi_parse_hex(key, kgkey, sizeof(kgkey)-1);
e20f4c
+		if (rc == -1) {
e20f4c
+			lprintf(LOG_ERR, "Number of Kg key characters is not even");
e20f4c
+			return rc;
e20f4c
+		} else if (rc == -3) {
e20f4c
+			lprintf(LOG_ERR, "Kg key is not hexadecimal number");
e20f4c
+			return rc;
e20f4c
+		} else if (rc > (IPMI_KG_BUFFER_SIZE-1)) {
e20f4c
+			lprintf(LOG_ERR, "Kg key is too long");
e20f4c
+			return rc;
e20f4c
+		}
e20f4c
+		
e20f4c
+	} else if (strcmp(method, "plain") == 0) {
e20f4c
+		if (strlen(key) > IPMI_KG_BUFFER_SIZE-1) {
e20f4c
+			lprintf(LOG_ERR, "Provided key is too long, max. length is %d bytes", (IPMI_KG_BUFFER_SIZE -1));
e20f4c
+			printf_channel_usage();
e20f4c
+			return rc;
e20f4c
+		}
e20f4c
+		
e20f4c
+		strncpy(kgkey, key, IPMI_KG_BUFFER_SIZE-1);
e20f4c
+	} else {
e20f4c
+		printf_channel_usage();
e20f4c
+		return rc;
e20f4c
+	}
e20f4c
+	
e20f4c
+	/* assemble and send request to set kg key */
e20f4c
+	memset(&req_data, 0, sizeof(req_data));
e20f4c
+	req_data.channel = channel;
e20f4c
+	req_data.operation = IPMI_SET_CHANNEL_SECURITY_KEYS_OP_SET;
e20f4c
+	req_data.key_id = IPMI_KG_KEY_ID;
e20f4c
+	memcpy(req_data.key_value, kgkey, IPMI_KG_BUFFER_SIZE-1);
e20f4c
+	
e20f4c
+	memset(&req, 0, sizeof(req));
e20f4c
+	req.msg.netfn = IPMI_NETFN_APP;
e20f4c
+	req.msg.cmd = IPMI_SET_CHANNEL_SECURITY_KEYS;
e20f4c
+	req.msg.data = (uint8_t*) &req_data;
e20f4c
+	req.msg.data_len = sizeof(req_data);
e20f4c
+
e20f4c
+	rsp = intf->sendrecv(intf, &req;;
e20f4c
+	if (rsp == NULL) {
e20f4c
+		lprintf(LOG_ERR, "Set Channel Security Keys command failed");
e20f4c
+		return rc;
e20f4c
+	}
e20f4c
+	if (rsp->ccode > 0) {
e20f4c
+		const char *error = NULL;
e20f4c
+		switch (rsp->ccode) {
e20f4c
+		case 0x80:
e20f4c
+			error = "Key is locked";
e20f4c
+			break;
e20f4c
+		case 0x81:
e20f4c
+			error = "Insufficient key bytes";
e20f4c
+			break;
e20f4c
+		case 0x82:
e20f4c
+			error = "Too many key bytes";
e20f4c
+			break;
e20f4c
+		case 0x83:
e20f4c
+			error = "Key value does not meet criteria for K_g key";
e20f4c
+			break;
e20f4c
+		default:
e20f4c
+			error = val2str(rsp->ccode, completion_code_vals);
e20f4c
+		}
e20f4c
+		lprintf(LOG_ERR, "Error setting security key: %X (%s)", rsp->ccode, error);
e20f4c
+		return rc;
e20f4c
+	}
e20f4c
+	
e20f4c
+	lprintf(LOG_NOTICE, "Set Channel Security Keys command succeeded");
e20f4c
+	return 0;
e20f4c
+}
e20f4c
+
e20f4c
 int
e20f4c
 ipmi_channel_main(struct ipmi_intf *intf, int argc, char **argv)
e20f4c
 {
e20f4c
@@ -890,6 +976,19 @@ ipmi_channel_main(struct ipmi_intf *intf
e20f4c
 		retval = ipmi_get_channel_cipher_suites(intf,
e20f4c
 							argv[1], /* ipmi | sol */
e20f4c
 							channel);
e20f4c
+	} else if (strncmp(argv[0], "setkg", 5) == 0) {
e20f4c
+		if (argc < 3 || argc > 4)
e20f4c
+			printf_channel_usage();
e20f4c
+		else {
e20f4c
+			uint8_t ch = 0xe;
e20f4c
+			char *method = argv[1];
e20f4c
+			char *key = argv[2];
e20f4c
+			if (argc == 4) {
e20f4c
+				ch = (uint8_t)strtol(argv[3], NULL, 0);
e20f4c
+			}
e20f4c
+				
e20f4c
+			retval = ipmi_set_channel_security_keys(intf, ch, method, key);
e20f4c
+		}
e20f4c
 	} else {
e20f4c
 		lprintf(LOG_ERR, "Invalid CHANNEL command: %s\n", argv[0]);
e20f4c
 		printf_channel_usage();
e20f4c
@@ -916,6 +1015,10 @@ printf_channel_usage()
e20f4c
 	lprintf(LOG_NOTICE,
e20f4c
 "");
e20f4c
 	lprintf(LOG_NOTICE,
e20f4c
+"                  setkg hex|plain <key> [channel]");
e20f4c
+	lprintf(LOG_NOTICE,
e20f4c
+"");
e20f4c
+	lprintf(LOG_NOTICE,
e20f4c
 "Possible privilege levels are:");
e20f4c
 	lprintf(LOG_NOTICE,
e20f4c
 "   1   Callback level");
e20f4c
diff -urNp old/src/plugins/ipmi_intf.c new/src/plugins/ipmi_intf.c
e20f4c
--- old/src/plugins/ipmi_intf.c	2017-02-06 10:20:02.257501584 +0100
e20f4c
+++ new/src/plugins/ipmi_intf.c	2017-02-06 10:42:12.585257810 +0100
e20f4c
@@ -55,6 +55,7 @@
e20f4c
 #include <ipmitool/ipmi.h>
e20f4c
 #include <ipmitool/ipmi_sdr.h>
e20f4c
 #include <ipmitool/log.h>
e20f4c
+#include <ipmitool/helper.h>
e20f4c
 
e20f4c
 #define IPMI_DEFAULT_PAYLOAD_SIZE   25
e20f4c