diff -up ./doc/ipmitool.1.kg1 ./doc/ipmitool.1

--- ./doc/ipmitool.1.kg1	2014-03-05 09:04:19.334742088 +0100

+++ ./doc/ipmitool.1	2014-03-05 09:02:53.011524309 +0100

@@ -371,6 +371,20 @@ Configure user access information on the

 Displays the list of cipher suites supported for the given

 application (ipmi or sol) on the given channel.

+.TP

+\fIsetkg\fP <\fIhex\fP|\fIplain\fP> <\fBkey\fP> [<\fBchannel\fR>]

+.br

+

+Sets K_g key to given value. Use \fIplain\fP to specify \fBkey\fR as simple ASCII string.

+Use \fIhex\fP to specify \fBkey\fR as sequence of hexadecimal codes of ASCII charactes.

+I.e. following two examples are equivalent:

+

+.RS

+ipmitool channel setkg plain PASSWORD

+

+ipmitool channel setkg hex 50415353574F5244

+.RE

+

 .RE

 .RE

 .TP 

diff -up ./include/ipmitool/helper.h.kg1 ./include/ipmitool/helper.h

--- ./include/ipmitool/helper.h.kg1	2014-03-05 09:42:21.546499783 +0100

+++ ./include/ipmitool/helper.h	2014-03-05 09:43:28.095667676 +0100

@@ -58,6 +58,8 @@

 # define IPMI_UID_MAX 63

 #endif

+#define IPMI_KG_BUFFER_SIZE       21 /* key plus null byte */

+

 struct ipmi_intf;

 struct valstr {

@@ -100,6 +102,8 @@ uint8_t ipmi_csum(uint8_t * d, int s);

 FILE * ipmi_open_file(const char * file, int rw);

 void ipmi_start_daemon(struct ipmi_intf *intf);

+unsigned char *ipmi_parse_hex(const char *str);

+

 #define ipmi_open_file_read(file)	ipmi_open_file(file, 0)

 #define ipmi_open_file_write(file)	ipmi_open_file(file, 1)

diff -up ./include/ipmitool/ipmi_channel.h.kg1 ./include/ipmitool/ipmi_channel.h

--- ./include/ipmitool/ipmi_channel.h.kg1	2014-03-05 09:04:41.707798532 +0100

+++ ./include/ipmitool/ipmi_channel.h	2014-03-05 09:10:00.770603481 +0100

@@ -48,7 +48,10 @@

 #define IPMI_GET_USER_NAME             0x46

 #define IPMI_SET_USER_PASSWORD         0x47

 #define IPMI_GET_CHANNEL_CIPHER_SUITES 0x54

+#define IPMI_SET_CHANNEL_SECURITY_KEYS 0x56

+#define IPMI_KG_KEY_ID  1

+#define IPMI_SET_CHANNEL_SECURITY_KEYS_OP_SET 1

 /*

  * The Get Authentication Capabilities response structure

@@ -246,6 +249,48 @@ struct set_user_access_data {

 #endif

 } ATTRIBUTE_PACKING;

 #ifdef HAVE_PRAGMA_PACK

+#pragma pack(0)

+#endif

+

+#ifdef HAVE_PRAGMA_PACK

+#pragma pack(1)

+#endif

+struct set_channel_security_keys_req {

+#if WORDS_BIGENDIAN

+	uint8_t __reserved1                     :4;

+	uint8_t channel                         :4;

+	uint8_t __reserved2                     :6;

+	uint8_t operation                       :2;

+	uint8_t key_id;

+	unsigned char key_value[IPMI_KG_BUFFER_SIZE-1]; /* we don't want space for '\0' at the end */

+#else

+	uint8_t channel                         :4;

+	uint8_t __reserved1                     :4;

+	uint8_t operation                       :2;

+	uint8_t __reserved2                     :6;

+	uint8_t key_id;

+	unsigned char key_value[IPMI_KG_BUFFER_SIZE-1]; /* we don't want space for '\0' at the end */

+#endif

+} ATTRIBUTE_PACKING;

+#ifdef HAVE_PRAGMA_PACK

+#pragma pack(0)

+#endif

+

+#ifdef HAVE_PRAGMA_PACK

+#pragma pack(1)

+#endif

+struct set_channel_security_keys_rsp {

+#if WORDS_BIGENDIAN

+	uint8_t __reserved1                     :6;

+	uint8_t lock_status                     :2;

+	unsigned char key_value; /* just the first character, use &key_value to explore the rest */

+#else

+	uint8_t lock_status                     :2;

+	uint8_t __reserved1                     :6;

+	unsigned char key_value; /* just the first character, use &key_value to explore the rest */

+#endif

+} ATTRIBUTE_PACKING;

+#ifdef HAVE_PRAGMA_PACK

 #pragma pack(0)

 #endif

diff -up ./include/ipmitool/ipmi_intf.h.kg1 ./include/ipmitool/ipmi_intf.h

--- ./include/ipmitool/ipmi_intf.h.kg1	2014-03-05 09:10:45.363715984 +0100

+++ ./include/ipmitool/ipmi_intf.h	2014-03-05 09:11:27.483822244 +0100

@@ -60,7 +60,7 @@ enum LANPLUS_SESSION_STATE {

 #define IPMI_AUTHCODE_BUFFER_SIZE 20

 #define IPMI_SIK_BUFFER_SIZE      20

-#define IPMI_KG_BUFFER_SIZE       21 /* key plus null byte */

+/* XXX: remove or modify  # d e fine IPMI_KG_BUFFER_SIZE       21 /* key plus null byte */

 struct ipmi_session {

 	uint8_t hostname[64];

diff -up ./lib/helper.c.kg1 ./lib/helper.c

--- ./lib/helper.c.kg1	2014-03-05 09:11:41.417857400 +0100

+++ ./lib/helper.c	2014-03-05 09:15:11.318386949 +0100

@@ -667,6 +667,68 @@ ipmi_start_daemon(struct ipmi_intf *intf

 	dup(0);

 }

+/* ipmi_parse_hex - convert hexadecimal numbers to ascii string

+ *                  Input string must be composed of two-characer hexadecimal numbers.

+ *                  There is no separator between the numbers. Each number results in one character

+ *                  of the converted string.

+ *

+ *                  Example: ipmi_parse_hex("50415353574F5244") returns 'PASSWORD'

+ *

+ * @param str:  input string. It must contain only even number of '0'-'9','a'-'f' and 'A-F' characters.

+ * @returns converted ascii string

+ * @returns NULL on error

+ */

+unsigned char *

+ipmi_parse_hex(const char *str)

+{

+	const char * p;

+	unsigned char * out, *q;

+	unsigned char b = 0;

+	int shift = 4;

+

+	if (strlen(str) == 0)

+		return NULL;

+

+	if (strlen(str) % 2 != 0) {

+		lprintf(LOG_ERR, "Number of hex_kg characters is not even");

+		return NULL;

+	}

+

+	if (strlen(str) > (IPMI_KG_BUFFER_SIZE-1)*2) {

+		lprintf(LOG_ERR, "Kg key is too long");

+		return NULL;

+	}

+

+	out = calloc(IPMI_KG_BUFFER_SIZE, sizeof(unsigned char));

+	if (out == NULL) {

+		lprintf(LOG_ERR, "malloc failure");

+		return NULL;

+	}

+

+	for (p = str, q = out; *p; p++) {

+		if (!isxdigit(*p)) {

+			lprintf(LOG_ERR, "Kg_hex is not hexadecimal number");

+			free(out);

+			return NULL;

+		}

+

+		if (*p < 'A') /* it must be 0-9 */

+			b = *p - '0';

+		else /* it's A-F or a-f */

+			b = (*p | 0x20) - 'a' + 10; /* convert to lowercase and to 10-15 */

+

+		*q = *q + b << shift;

+		if (shift)

+			shift = 0;

+		else {

+			shift = 4;

+			q++;

+		}

+	}

+

+	return out;

+}

+

 /* is_fru_id - wrapper for str-2-int FRU ID conversion. Message is printed

  * on error.

  * FRU ID range: <0..255>

diff -up ./lib/ipmi_channel.c.kg1 ./lib/ipmi_channel.c

--- ./lib/ipmi_channel.c.kg1	2014-03-05 09:15:28.655430688 +0100

+++ ./lib/ipmi_channel.c	2014-03-05 09:37:19.367737427 +0100

@@ -786,6 +786,90 @@ ipmi_current_channel_medium(struct ipmi_

 	return ipmi_get_channel_medium(intf, 0xE);

 }

+int 

+ipmi_set_channel_security_keys (struct ipmi_intf *intf, uint8_t channel,

+				const char *method, const char *key)

+{

+	unsigned char* decoded_key = NULL;

+	struct ipmi_rs *rsp;

+	struct ipmi_rq req;

+	struct set_channel_security_keys_req req_data;

+

+	/* convert provided key to array of bytes */

+	if (strcmp(method, "hex") == 0) {

+		if (strlen(key) > (IPMI_KG_BUFFER_SIZE-1)*2) {

+			lprintf(LOG_ERR, "Provided key is too long, max. length is 20 bytes");

+			printf_channel_usage();

+			return -1;

+		}

+		decoded_key = ipmi_parse_hex(key);

+		if (decoded_key == NULL) {

+			/* something went bad, ipmi_parse_hex already reported the error */

+			return -1;

+		}

+	} else if (strcmp(method, "plain") == 0) {

+		if (strlen(key) > IPMI_KG_BUFFER_SIZE-1) {

+			lprintf(LOG_ERR, "Provided key is too long, max. length is 20 bytes");

+			printf_channel_usage();

+			return -1;

+		}

+

+		decoded_key = calloc(IPMI_KG_BUFFER_SIZE, sizeof(unsigned char));

+		if (decoded_key == NULL) {

+			lprintf(LOG_ERR, "Cannot allocate memory");

+			return -1;

+		}

+		strncpy(decoded_key, key, IPMI_KG_BUFFER_SIZE-1);

+	} else {

+		printf_channel_usage();

+		return -1;

+	}

+

+	/* assemble and send request to set kg key */

+	memset(&req_data, 0, sizeof(req_data));

+	req_data.channel = channel;

+	req_data.operation = IPMI_SET_CHANNEL_SECURITY_KEYS_OP_SET;

+	req_data.key_id = IPMI_KG_KEY_ID;

+	memcpy(req_data.key_value, decoded_key, IPMI_KG_BUFFER_SIZE-1);

+	free(decoded_key);

+

+	memset(&req, 0, sizeof(req));

+	req.msg.netfn = IPMI_NETFN_APP;

+	req.msg.cmd = IPMI_SET_CHANNEL_SECURITY_KEYS;

+	req.msg.data = (uint8_t*) &req_data;

+	req.msg.data_len = sizeof(req_data);

+

+	rsp = intf->sendrecv(intf, &req;;

+	if (rsp == NULL) {

+		lprintf(LOG_ERR, "Set Channel Security Keys command failed");

+		return -1;

+	}

+	if (rsp->ccode > 0) {

+		const char *error = NULL;

+		switch (rsp->ccode) {

+			case 0x80:

+				error = "Key is locked";

+				break;

+			case 0x81:

+				error = "Insufficient key bytes";

+				break;

+			case 0x82:

+				error = "Too many key bytes";

+				break;

+			case 0x83:

+				error = "Key value does not meet criteria for K_g key";

+				break;

+			default:

+				error = val2str(rsp->ccode, completion_code_vals);

+		}

+		lprintf(LOG_ERR, "Error setting security key: %X (%s)", rsp->ccode, error);

+		return -1;

+	}

+

+	lprintf(LOG_NOTICE, "Set Channel Security Keys command succeeded");

+	return 0;

+}

+

 void

 printf_channel_usage()

 {

@@ -795,6 +879,7 @@ printf_channel_usage()

 		"<user id> [callin=on|off] [ipmi=on|off] [link=on|off] [privilege=level]");

 	lprintf(LOG_NOTICE, "                  info      [channel number]");

 	lprintf(LOG_NOTICE, "                  getciphers <ipmi | sol> [channel]\n");

+	lprintf(LOG_NOTICE, "                  setkg hex|plain <key> [channel]\n");

 	lprintf(LOG_NOTICE, "Possible privilege levels are:");

 	lprintf(LOG_NOTICE, "   1   Callback level");

 	lprintf(LOG_NOTICE, "   2   User level");

@@ -892,6 +977,21 @@ ipmi_channel_main(struct ipmi_intf * int

 								ch);

 		}

 	}

+	else if (strcmp(argv[0], "setkg") == 0)

+	{

+		if (argc < 3 || argc > 4)

+			printf_channel_usage();

+		else {

+			uint8_t ch = 0xe;

+			char *method = argv[1];

+			char *key = argv[2];

+			if (argc == 4) {

+				ch = (uint8_t)strtol(argv[3], NULL, 0);

+			}

+

+			retval = ipmi_set_channel_security_keys(intf, ch, method, key);

+		}

+	}

 	else

 	{

 		printf("Invalid CHANNEL command: %s\n", argv[0]);

diff -up ./lib/ipmi_main.c.kg1 ./lib/ipmi_main.c

--- ./lib/ipmi_main.c.kg1	2014-03-05 09:50:30.905734365 +0100

+++ ./lib/ipmi_main.c	2014-03-05 10:47:04.857296819 +0100

@@ -275,69 +275,6 @@ void ipmi_catch_sigint()

 	exit(-1);

 }

-/* ipmi_parse_hex - convert hexadecimal numbers to ascii string

- *                  Input string must be composed of two-characer hexadecimal numbers.

- *                  There is no separator between the numbers. Each number results in one character

- *                  of the converted string.

- *

- *                  Example: ipmi_parse_hex("50415353574F5244") returns 'PASSWORD'

- *

- * @param str:  input string. It must contain only even number of '0'-'9','a'-'f' and 'A-F' characters.

- * @returns converted ascii string

- * @returns NULL on error

- */

-static unsigned char *

-ipmi_parse_hex(const char *str)

-{

-	const char * p;

-	unsigned char * out, *q;

-	unsigned char b = 0;

-	int shift = 4;

-

-	if (strlen(str) == 0)

-		return NULL;

-

-	if (strlen(str) % 2 != 0) {

-		lprintf(LOG_ERR, "Number of hex_kg characters is not even");

-		return NULL;

-	}

-

-	if (strlen(str) > (IPMI_KG_BUFFER_SIZE-1)*2) {

-		lprintf(LOG_ERR, "Kg key is too long");

-		return NULL;

-	}

-

-	out = calloc(IPMI_KG_BUFFER_SIZE, sizeof(unsigned char));

-	if (out == NULL) {

-		lprintf(LOG_ERR, "malloc failure");

-		return NULL;

-	}

-

-	for (p = str, q = out; *p; p++) {

-		if (!isxdigit(*p)) {

-			lprintf(LOG_ERR, "Kg_hex is not hexadecimal number");

-			free(out);

-			out = NULL;

-			return NULL;

-		}

-

-		if (*p < 'A') /* it must be 0-9 */

-			b = *p - '0';

-		else /* it's A-F or a-f */

-			b = (*p | 0x20) - 'a' + 10; /* convert to lowercase and to 10-15 */

-

-		*q = *q + b << shift;

-		if (shift)

-			shift = 0;

-		else {

-			shift = 4;

-			q++;

-		}

-	}

-

-	return out;

-}

-

 /* ipmi_parse_options  -  helper function to handle parsing command line options

  *

  * @argc:	count of options

@@ -521,11 +458,12 @@ ipmi_main(int argc, char ** argv,

 				free(kgkey);

 				kgkey = NULL;

 			}

-			kgkey = strdup(optarg);

+			kgkey = calloc(IPMI_KG_BUFFER_SIZE, 1);

 			if (kgkey == NULL) {

 				lprintf(LOG_ERR, "%s: malloc failure", progname);

 				goto out_free;

 			}

+			strncpy(kgkey, optarg, IPMI_KG_BUFFER_SIZE);

 			break;

 		case 'K':

 			if ((tmp_env = getenv("IPMI_KGKEY"))) {

@@ -533,11 +471,12 @@ ipmi_main(int argc, char ** argv,

 					free(kgkey);

 					kgkey = NULL;

 				}

-				kgkey = strdup(tmp_env);

+				kgkey = calloc(IPMI_KG_BUFFER_SIZE, 1);

 				if (kgkey == NULL) {

 					lprintf(LOG_ERR, "%s: malloc failure", progname);

 					goto out_free;

 				}

+				strncpy(kgkey, tmp_env, IPMI_KG_BUFFER_SIZE);

 			} else {

 				lprintf(LOG_WARN, "Unable to read kgkey from environment");

 			}

@@ -564,11 +503,14 @@ ipmi_main(int argc, char ** argv,

 					kgkey = NULL;

 				}

 				kgkey = strdup(tmp_pass);

-				tmp_pass = NULL;

+				kgkey = calloc(IPMI_KG_BUFFER_SIZE, 1);

 				if (kgkey == NULL) {

 					lprintf(LOG_ERR, "%s: malloc failure", progname);

+					tmp_pass = NULL;

 					goto out_free;

 				}

+				strncpy(kgkey, tmp_pass, IPMI_KG_BUFFER_SIZE);

+				tmp_pass = NULL;

 			}

 			break;

 		case 'U':