libipmi/common/ipmi_user.c

5345Seschrock/*
5345Seschrock * CDDL HEADER START
5345Seschrock *
5345Seschrock * The contents of this file are subject to the terms of the
5345Seschrock * Common Development and Distribution License (the "License").
5345Seschrock * You may not use this file except in compliance with the License.
5345Seschrock *
5345Seschrock * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
5345Seschrock * or http://www.opensolaris.org/os/licensing.
5345Seschrock * See the License for the specific language governing permissions
5345Seschrock * and limitations under the License.
5345Seschrock *
5345Seschrock * When distributing Covered Code, include this CDDL HEADER in each
5345Seschrock * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
5345Seschrock * If applicable, add the following below this CDDL HEADER, with the
5345Seschrock * fields enclosed by brackets "[]" replaced with your own identifying
5345Seschrock * information: Portions Copyright [yyyy] [name of copyright owner]
5345Seschrock *
5345Seschrock * CDDL HEADER END
5345Seschrock */
5345Seschrock/*
*10516SEric.Schrock@Sun.COM * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
5345Seschrock * Use is subject to license terms.
5345Seschrock */
5345Seschrock
5345Seschrock#include <libipmi.h>
5345Seschrock#include <string.h>
5345Seschrock
5345Seschrock#include "ipmi_impl.h"
5345Seschrock
6070Srobjtypedef struct ipmi_user_impl {
6070Srobj	ipmi_list_t	iu_list;
6070Srobj	ipmi_user_t	iu_user;
6070Srobj} ipmi_user_impl_t;
6070Srobj
5345Seschrock/*
5345Seschrock * Get User Access.  See section 22.27.
5345Seschrock *
5345Seschrock * See libipmi.h for a complete description of IPMI reference material.
5345Seschrock */
5345Seschrock
5345Seschrocktypedef struct ipmi_get_user_access_req {
5621Seschrock	DECL_BITFIELD2(
5621Seschrock	    igua_channel		:4,
5621Seschrock	    __reserved1			:4);
5621Seschrock	DECL_BITFIELD2(
5621Seschrock	    igua_uid			:2,
5621Seschrock	    __reserved2			:6);
5345Seschrock} ipmi_get_user_access_req_t;
5345Seschrock
5345Seschrock#define	IPMI_CMD_GET_USER_ACCESS	0x44
5345Seschrock
5345Seschrocktypedef struct ipmi_get_user_access {
5621Seschrock	DECL_BITFIELD2(
5621Seschrock	    igua_max_uid		:4,
5621Seschrock	    __reserved1			:4);
5621Seschrock	DECL_BITFIELD2(
5621Seschrock	    igua_enable_status		:4,
5621Seschrock	    igua_enabled_uid		:4);
5621Seschrock	DECL_BITFIELD2(
5621Seschrock	    __reserved2			:4,
5621Seschrock	    igua_fixed_uid		:4);
5621Seschrock	DECL_BITFIELD5(
5621Seschrock	    __reserved3			:1,
5621Seschrock	    igua_only_callback		:1,
5621Seschrock	    igua_link_auth_enable	:1,
5621Seschrock	    igua_ipmi_msg_enable	:1,
5621Seschrock	    igua_privilege_level	:4);
5345Seschrock} ipmi_get_user_access_t;
5345Seschrock
5345Seschrock#define	IPMI_USER_ENABLE_UNSPECIFIED	0x00
5345Seschrock#define	IPMI_USER_ENABLE_SETPASSWD	0x01
5345Seschrock#define	IPMI_USER_DISABLE_SETPASSWD	0x02
5345Seschrock
5345Seschrock#define	IPMI_USER_CHANNEL_CURRENT	0xe
5345Seschrock
5345Seschrock/*
5345Seschrock * Get User Name.  See section 22.29
5345Seschrock */
5345Seschrock
5345Seschrock#define	IPMI_CMD_GET_USER_NAME		0x46
5345Seschrock
5345Seschrock/*
5345Seschrock * Set User Password.  See section 22.30
5345Seschrock */
5345Seschrock
5345Seschrock#define	IPMI_CMD_SET_USER_PASSWORD	0x47
5345Seschrock
5345Seschrocktypedef struct ipmi_set_user_password {
5621Seschrock	DECL_BITFIELD3(
5621Seschrock	    isup_uid		:6,
5621Seschrock	    __reserved1		:1,
5621Seschrock	    isup_len20		:1);
5621Seschrock	DECL_BITFIELD2(
5621Seschrock	    isup_op		:2,
5621Seschrock	    __reserved2		:6);
5345Seschrock	char		isup_passwd[20];
5345Seschrock} ipmi_set_user_password_t;
5345Seschrock
5345Seschrock#define	IPMI_PASSWORD_OP_DISABLE	0x0
5345Seschrock#define	IPMI_PASSWORD_OP_ENABLE		0x1
5345Seschrock#define	IPMI_PASSWORD_OP_SET		0x2
5345Seschrock#define	IPMI_PASSWORD_OP_TEST		0x3
5345Seschrock
5345Seschrockstatic ipmi_get_user_access_t *
5345Seschrockipmi_get_user_access(ipmi_handle_t *ihp, uint8_t channel, uint8_t uid)
5345Seschrock{
5345Seschrock	ipmi_cmd_t cmd, *resp;
5345Seschrock	ipmi_get_user_access_req_t req = { 0 };
5345Seschrock
5345Seschrock	req.igua_channel = channel;
5345Seschrock	req.igua_uid = uid;
5345Seschrock
5345Seschrock	cmd.ic_netfn = IPMI_NETFN_APP;
5345Seschrock	cmd.ic_cmd = IPMI_CMD_GET_USER_ACCESS;
5345Seschrock	cmd.ic_lun = 0;
5345Seschrock	cmd.ic_data = &req;
5345Seschrock	cmd.ic_dlen = sizeof (req);
5345Seschrock
5345Seschrock	if ((resp = ipmi_send(ihp, &cmd)) == NULL) {
5345Seschrock		/*
5345Seschrock		 * If sessions aren't supported on the current channel, some
5345Seschrock		 * service processors (notably Sun's ILOM) will return an
5345Seschrock		 * invalid request completion code (0xCC).  For these SPs, we
5345Seschrock		 * translate this to the more appropriate EIPMI_INVALID_COMMAND.
5345Seschrock		 */
5345Seschrock		if (ipmi_errno(ihp) == EIPMI_INVALID_REQUEST)
5345Seschrock			(void) ipmi_set_error(ihp, EIPMI_INVALID_COMMAND,
5345Seschrock			    NULL);
5345Seschrock		return (NULL);
5345Seschrock	}
5345Seschrock
5345Seschrock	if (resp->ic_dlen < sizeof (ipmi_get_user_access_t)) {
5345Seschrock		(void) ipmi_set_error(ihp, EIPMI_BAD_RESPONSE_LENGTH, NULL);
5345Seschrock		return (NULL);
5345Seschrock	}
5345Seschrock
5345Seschrock	return (resp->ic_data);
5345Seschrock}
5345Seschrock
5345Seschrockstatic const char *
5345Seschrockipmi_get_user_name(ipmi_handle_t *ihp, uint8_t uid)
5345Seschrock{
5345Seschrock	ipmi_cmd_t cmd, *resp;
5345Seschrock
5345Seschrock	cmd.ic_netfn = IPMI_NETFN_APP;
*10516SEric.Schrock@Sun.COM	cmd.ic_cmd = IPMI_CMD_GET_USER_NAME;
5345Seschrock	cmd.ic_lun = 0;
5345Seschrock	cmd.ic_data = &uid;
5345Seschrock	cmd.ic_dlen = sizeof (uid);
5345Seschrock
5345Seschrock	if ((resp = ipmi_send(ihp, &cmd)) == NULL)
5345Seschrock		return (NULL);
5345Seschrock
5345Seschrock	if (resp->ic_dlen < 16) {
5345Seschrock		(void) ipmi_set_error(ihp, EIPMI_BAD_RESPONSE_LENGTH, NULL);
5345Seschrock		return (NULL);
5345Seschrock	}
5345Seschrock
5345Seschrock	return (resp->ic_data);
5345Seschrock}
5345Seschrock
5345Seschrockvoid
5345Seschrockipmi_user_clear(ipmi_handle_t *ihp)
5345Seschrock{
6070Srobj	ipmi_user_impl_t *uip;
5345Seschrock
6070Srobj	while ((uip = ipmi_list_next(&ihp->ih_users)) != NULL) {
6070Srobj		ipmi_list_delete(&ihp->ih_users, uip);
6070Srobj		ipmi_free(ihp, uip->iu_user.iu_name);
6070Srobj		ipmi_free(ihp, uip);
5345Seschrock	}
5345Seschrock}
5345Seschrock
5345Seschrock/*
5345Seschrock * Returns user information in a well-defined structure.
5345Seschrock */
5345Seschrockint
5345Seschrockipmi_user_iter(ipmi_handle_t *ihp, int (*func)(ipmi_user_t *, void *),
5345Seschrock    void *data)
5345Seschrock{
5345Seschrock	ipmi_get_user_access_t *resp;
*10516SEric.Schrock@Sun.COM	uint8_t i, uid_max;
6070Srobj	ipmi_user_impl_t *uip;
5345Seschrock	ipmi_user_t *up;
5345Seschrock	const char *name;
*10516SEric.Schrock@Sun.COM	uint8_t channel;
*10516SEric.Schrock@Sun.COM	ipmi_deviceid_t *devid;
5345Seschrock
5345Seschrock	ipmi_user_clear(ihp);
5345Seschrock
*10516SEric.Schrock@Sun.COM	channel = IPMI_USER_CHANNEL_CURRENT;
*10516SEric.Schrock@Sun.COM
5345Seschrock	/*
*10516SEric.Schrock@Sun.COM	 * Get the number of active users on the system by requesting the first
*10516SEric.Schrock@Sun.COM	 * user ID (1).
5345Seschrock	 */
*10516SEric.Schrock@Sun.COM	if ((resp = ipmi_get_user_access(ihp, channel, 1)) == NULL) {
*10516SEric.Schrock@Sun.COM		/*
*10516SEric.Schrock@Sun.COM		 * Some versions of the Sun ILOM have a bug which prevent the
*10516SEric.Schrock@Sun.COM		 * GET USER ACCESS command from succeeding over the default
*10516SEric.Schrock@Sun.COM		 * channel.  If this fails and we are on ILOM, then attempt to
*10516SEric.Schrock@Sun.COM		 * use the standard channel (1) instead.
*10516SEric.Schrock@Sun.COM		 */
*10516SEric.Schrock@Sun.COM		if ((devid = ipmi_get_deviceid(ihp)) == NULL)
*10516SEric.Schrock@Sun.COM			return (-1);
5345Seschrock
*10516SEric.Schrock@Sun.COM		if (!ipmi_is_sun_ilom(devid))
*10516SEric.Schrock@Sun.COM			return (-1);
*10516SEric.Schrock@Sun.COM
*10516SEric.Schrock@Sun.COM		channel = 1;
*10516SEric.Schrock@Sun.COM		if ((resp = ipmi_get_user_access(ihp, channel, 1)) == NULL)
*10516SEric.Schrock@Sun.COM			return (-1);
*10516SEric.Schrock@Sun.COM	}
*10516SEric.Schrock@Sun.COM
*10516SEric.Schrock@Sun.COM	uid_max = resp->igua_max_uid;
*10516SEric.Schrock@Sun.COM	for (i = 1; i <= uid_max; i++) {
*10516SEric.Schrock@Sun.COM		if (i != 1 && (resp = ipmi_get_user_access(ihp,
*10516SEric.Schrock@Sun.COM		    channel, i)) == NULL)
5345Seschrock			return (-1);
5345Seschrock
6070Srobj		if ((uip = ipmi_zalloc(ihp, sizeof (ipmi_user_impl_t))) == NULL)
5345Seschrock			return (-1);
5345Seschrock
6070Srobj		up = &uip->iu_user;
6070Srobj
5345Seschrock		up->iu_enabled = resp->igua_enabled_uid;
5345Seschrock		up->iu_uid = i;
5345Seschrock		up->iu_ipmi_msg_enable = resp->igua_ipmi_msg_enable;
5345Seschrock		up->iu_link_auth_enable = resp->igua_link_auth_enable;
5345Seschrock		up->iu_priv = resp->igua_privilege_level;
6070Srobj
6070Srobj		ipmi_list_append(&ihp->ih_users, uip);
5345Seschrock
*10516SEric.Schrock@Sun.COM		/*
*10516SEric.Schrock@Sun.COM		 * If we are requesting a username that doesn't have a
*10516SEric.Schrock@Sun.COM		 * supported username, we may get an INVALID REQUEST response.
*10516SEric.Schrock@Sun.COM		 * If this is the case, then continue as if there is no known
*10516SEric.Schrock@Sun.COM		 * username.
*10516SEric.Schrock@Sun.COM		 */
*10516SEric.Schrock@Sun.COM		if ((name = ipmi_get_user_name(ihp, i)) == NULL) {
*10516SEric.Schrock@Sun.COM			if (ipmi_errno(ihp) == EIPMI_INVALID_REQUEST)
*10516SEric.Schrock@Sun.COM				continue;
*10516SEric.Schrock@Sun.COM			else
*10516SEric.Schrock@Sun.COM				return (-1);
*10516SEric.Schrock@Sun.COM		}
5345Seschrock
*10516SEric.Schrock@Sun.COM		if (*name == '\0')
*10516SEric.Schrock@Sun.COM			continue;
*10516SEric.Schrock@Sun.COM
*10516SEric.Schrock@Sun.COM		if ((up->iu_name = ipmi_strdup(ihp, name)) == NULL)
5345Seschrock			return (-1);
5345Seschrock	}
5345Seschrock
6070Srobj	for (uip = ipmi_list_next(&ihp->ih_users); uip != NULL;
6070Srobj	    uip = ipmi_list_next(uip)) {
6070Srobj		if (func(&uip->iu_user, data) != 0)
5345Seschrock			return (-1);
5345Seschrock	}
5345Seschrock
5345Seschrock	return (0);
5345Seschrock}
5345Seschrock
5345Seschrocktypedef struct ipmi_user_cb {
5345Seschrock	const char	*uic_name;
5345Seschrock	uint8_t		uic_uid;
5345Seschrock	ipmi_user_t	*uic_result;
5345Seschrock} ipmi_user_cb_t;
5345Seschrock
5345Seschrockstatic int
5345Seschrockipmi_user_callback(ipmi_user_t *up, void *data)
5345Seschrock{
5345Seschrock	ipmi_user_cb_t *cbp = data;
5345Seschrock
5345Seschrock	if (cbp->uic_result != NULL)
5345Seschrock		return (0);
5345Seschrock
5345Seschrock	if (up->iu_name) {
5345Seschrock		if (strcmp(up->iu_name, cbp->uic_name) == 0)
5345Seschrock			cbp->uic_result = up;
5345Seschrock	} else if (up->iu_uid == cbp->uic_uid) {
5345Seschrock		cbp->uic_result = up;
5345Seschrock	}
5345Seschrock
5345Seschrock	return (0);
5345Seschrock}
5345Seschrock
5345Seschrockipmi_user_t *
5345Seschrockipmi_user_lookup_name(ipmi_handle_t *ihp, const char *name)
5345Seschrock{
5345Seschrock	ipmi_user_cb_t cb = { 0 };
5345Seschrock
5345Seschrock	cb.uic_name = name;
5345Seschrock	cb.uic_result = NULL;
5345Seschrock
5345Seschrock	if (ipmi_user_iter(ihp, ipmi_user_callback, &cb) != 0)
5345Seschrock		return (NULL);
5345Seschrock
5345Seschrock	if (cb.uic_result == NULL)
5345Seschrock		(void) ipmi_set_error(ihp, EIPMI_NOT_PRESENT,
5345Seschrock		    "no such user");
5345Seschrock
5345Seschrock	return (cb.uic_result);
5345Seschrock}
5345Seschrock
5345Seschrockipmi_user_t *
5345Seschrockipmi_user_lookup_id(ipmi_handle_t *ihp, uint8_t uid)
5345Seschrock{
5345Seschrock	ipmi_user_cb_t cb = { 0 };
5345Seschrock
5345Seschrock	cb.uic_uid = uid;
5345Seschrock	cb.uic_result = NULL;
5345Seschrock
5345Seschrock	if (ipmi_user_iter(ihp, ipmi_user_callback, &cb) != 0)
5345Seschrock		return (NULL);
5345Seschrock
5345Seschrock	if (cb.uic_result == NULL)
5345Seschrock		(void) ipmi_set_error(ihp, EIPMI_NOT_PRESENT,
5345Seschrock		    "no such user");
5345Seschrock
5345Seschrock	return (cb.uic_result);
5345Seschrock}
5345Seschrock
5345Seschrockint
5345Seschrockipmi_user_set_password(ipmi_handle_t *ihp, uint8_t uid, const char *passwd)
5345Seschrock{
5345Seschrock	ipmi_set_user_password_t req = { 0 };
5345Seschrock	ipmi_cmd_t cmd;
5345Seschrock
5345Seschrock	req.isup_uid = uid;
5345Seschrock	req.isup_op = IPMI_PASSWORD_OP_SET;
5345Seschrock
5345Seschrock	if (strlen(passwd) > 19)
5345Seschrock		return (ipmi_set_error(ihp, EIPMI_INVALID_REQUEST,
5345Seschrock		    "password length must be less than 20 characters"));
5345Seschrock
5345Seschrock	if (strlen(passwd) > 15)
5345Seschrock		req.isup_len20 = 1;
5345Seschrock
5345Seschrock	(void) strcpy(req.isup_passwd, passwd);
5345Seschrock
5345Seschrock	cmd.ic_netfn = IPMI_NETFN_APP;
5345Seschrock	cmd.ic_cmd = IPMI_CMD_SET_USER_PASSWORD;
5345Seschrock	cmd.ic_lun = 0;
5345Seschrock	cmd.ic_data = &req;
5345Seschrock	if (req.isup_len20)
5345Seschrock		cmd.ic_dlen = sizeof (req);
5345Seschrock	else
5345Seschrock		cmd.ic_dlen = sizeof (req) - 4;
5345Seschrock
5345Seschrock	if (ipmi_send(ihp, &cmd) == NULL)
5345Seschrock		return (-1);
5345Seschrock
5345Seschrock	return (0);
5345Seschrock}