[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Freeipmi-devel] Re: [llnl-devel] How to enable users on the BMC
|
From: |
Albert Chu |
|
Subject: |
[Freeipmi-devel] Re: [llnl-devel] How to enable users on the BMC |
|
Date: |
Wed, 24 Dec 2003 08:21:13 -0800 |
Hmmm, well I just used the following on our nodes, and it did work.
(Note, I hid the username/passwords at the bottom, you'll have to retype
those in)...
Al
#include <stdio.h>
#include <alloca.h>
#include <stdlib.h>
#include <freeipmi/freeipmi.h>
#include <sys/io.h>
#include <string.h>
int
set_user_info (u_int8_t uid, char *user, char *pass, u_int8_t priv)
{
net_fn_t net_fn;
u_int8_t pkt[20];
net_fn.fn = IPMI_NET_FN_APP_RQ;
net_fn.lun = IPMI_BMC_IPMB_LUN_BMC;
{
/* set user name */
memset(pkt, '\0', 20);
pkt[0] = ipmi_netfn2byte (net_fn);
pkt[1] = IPMI_CMD_SET_USER_NAME;
pkt[2] = uid;
strcpy(&pkt[3], user);
if (ipmi_kcs_write (pkt, 19) == -1)
{
printf("A Error writing cmd\n");
exit(1);
}
if (ipmi_kcs_read (pkt, 3) == -1)
{
printf("A Error reading cmd\n");
exit(1);
}
if (pkt[2] != IPMI_COMMAND_SUCCESS)
{
printf("A Command did not succeed: %x\n", pkt[2]);
exit(1);
}
}
{
/* set user pw */
memset(pkt, '\0', 20);
pkt[0] = ipmi_netfn2byte (net_fn);
pkt[1] = IPMI_CMD_SET_USER_PASSWORD_CMD;
pkt[2] = uid;
pkt[3] = 0x02;
strcpy(&pkt[4], pass);
if (ipmi_kcs_write (pkt, 20) == -1)
{
printf("B Error writing cmd\n");
exit(1);
}
if (ipmi_kcs_read (pkt, 3) == -1)
{
printf("B Error reading cmd\n");
exit(1);
}
if (pkt[2] != IPMI_COMMAND_SUCCESS)
{
printf("B Command did not succeed: %x\n", pkt[2]);
exit(1);
}
}
{
/* enable user */
memset(pkt, '\0', 20);
pkt[0] = ipmi_netfn2byte (net_fn);
pkt[1] = IPMI_CMD_SET_USER_PASSWORD_CMD;
pkt[2] = uid;
pkt[3] = 0x01;
if (ipmi_kcs_write (pkt, 20) == -1)
{
printf("C Error writing cmd\n");
exit(1);
}
if (ipmi_kcs_read (pkt, 3) == -1)
{
printf("C Error reading cmd\n");
exit(1);
}
if (pkt[2] != IPMI_COMMAND_SUCCESS)
{
printf("C Command did not succeed: %x\n", pkt[2]);
exit(1);
}
}
{
/* set access */
pkt[0] = ipmi_netfn2byte (net_fn);
pkt[1] = IPMI_CMD_SET_USER_ACCESS_CMD;
pkt[2] = 0x97;
pkt[3] = uid;
pkt[4] = priv;
pkt[5] = 0;
if (ipmi_kcs_write (pkt, 6) == -1)
{
printf("D Error writing cmd\n");
exit(1);
}
if (ipmi_kcs_read (pkt, 3) == -1)
{
printf("D Error reading cmd\n");
exit(1);
}
if (pkt[2] != IPMI_COMMAND_SUCCESS)
{
printf("D Command did not succeed\n");
exit(1);
}
}
return 0;
}
int
main (int argc, char *argv[])
{
if(iopl (3) != 0)
{
perror ("iopl");
exit (1);
}
set_user_info (0x02, "foo", "foopw", 0x02);
set_user_info (0x03, "foo", "foopw", 0x03);
set_user_info (0x04, "foo", "foopw", 0x04);
return 0;
}
--
Albert Chu
address@hidden
Lawrence Livermore National Laboratory
----- Original Message -----
From: address@hidden
Date: Tuesday, December 23, 2003 6:12 pm
Subject: Re: [llnl-devel] How to enable users on the BMC
> Hmm, I applied your patch, and when I verified with Intel's SMU
> utility, I
> get "Password is clear" for that user. Are you sure you just
> didn't set a
> user with no password?
>
> I tried Ian's latest, and we still have disabled users.
>
> brian
>
> > Hey Brian,
> >
> > Try my following uhhh "diff" ... (+ is new line, - is remove line)
> >
> > // Now enable the user
> > + pkt[0] = ipmi_netfn2byte (net_fn);
> > + pkt[1] = IPMI_CMD_SET_USER_PASSWORD_CMD;
> > - pkt[2] = 0x01;
> > + pkt[2] = (unsigned)uid;
> > + pkt[3] = 0x01;
> > // no need to put data in password buffer
> > - memset (pkt + 4, 0, 16);
> >
> >
> > Al
> >
> > --
> > Albert Chu
> > address@hidden
> > Lawrence Livermore National Laboratory
> >
> > ----- Original Message -----
> > From: address@hidden
> > Date: Tuesday, December 23, 2003 4:07 pm
> > Subject: Re: [llnl-devel] How to enable users on the BMC
> >
> >> Albert,
> >>
> >> I can't quite figure out your changes. AB is working on it, but
> I was
> >> hoping to apply them myself. Can you send a diff to bmc-make-
> user.c ?
> >>
> >> Here is what I came up with, but it doesn't work.
> >>
> >> brian
> >>
> >> > Hey Ian,
> >> >
> >> > I figured it out and I was able to enable a user on one of our
> test>> > nodes and was able to successfully power status that node
> with>> that user.
> >> >
> >> > The bug is in your bmc-make-user program.
> >> >
> >> > If you take a look at the set-user-password command on 18.27 of
> >> the IPMI
> >> > spec, you need to execute the set-user-password command TWICE.
> >> >
> >> > One time, you set the user-password by setting the second byte of
> >> the> command 0x02...
> >> >
> >> > Then, you have to call set-user-password again, setting the
> >> second byte
> >> > of the command to 0x01.
> >> >
> >> > Here's what I did to make it work on our system (after I used
> your>> > bmc-make-user command to setup a user):
> >> >
> >> >
> >> > net_fn_t net_fn;
> >> > u_int8_t pkt[20];
> >> >
> >> > net_fn.fn = IPMI_NET_FN_APP_RQ;
> >> > net_fn.lun = IPMI_BMC_IPMB_LUN_BMC;
> >> >
> >> > pkt[0] = ipmi_netfn2byte (net_fn);
> >> > pkt[1] = IPMI_CMD_SET_USER_PASSWORD_CMD;
> >> > pkt[2] = 0x02;
> >> > pkt[3] = 0x01;
> >> > // no need to put data in password buffer
> >> >
> >> > if (ipmi_kcs_write (pkt, 20) == -1)
> >> > {
> >> > printf("Error writing cmd\n");
> >> > exit(1);
> >> > }
> >> >
> >> > if (ipmi_kcs_read (pkt, 3) == -1)
> >> > {
> >> > printf("Error reading cmd\n");
> >> > exit(1);
> >> > }
> >> >
> >> > if (pkt[2] != IPMI_COMMAND_SUCCESS)
> >> > {
> >> > printf("Command did not succeed\n");
> >> > exit(1);
> >> > }
> >> >
> >> > Al
> >> >
> >> > --
> >> > Albert Chu
> >> > address@hidden
> >> > Lawrence Livermore National Laboratory
> >> >
> >> > ----- Original Message -----
> >> > From: Albert Chu <address@hidden>
> >> > Date: Tuesday, December 23, 2003 1:25 pm
> >> > Subject: [llnl-devel] enabling BMC users
> >> >
> >> >> Hey Ian,
> >> >>
> >> >> I got some of your code. I've been playing with it. I tried
> >> the "get
> >> >> user access command" for the user we use to power off/power
> on our
> >> >> testcluster. And the results I got were:
> >> >>
> >> >> bit 7 - reserved
> >> >> bit 6 - user access available during call-in or callback
> direction>> >> communication
> >> >> bit 5 - user enabled for link authentication
> >> >> bit 4 - user disabled for IPMI messaging
> >> >> bit3-0: 0xF (no access).
> >> >>
> >> >> This is a username that we definitely use on our test
> cluster. So
> >> >> needless to say, the data I got back was surprising. So perhaps
> >> >> the set
> >> >> user access command isn't the right command to use?
> >> >>
> >> >> I'll keep playing around, see what I can come up with. Let
> me know
> >> >> howthings are going for you.
> >> >>
> >> >> Al
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> --
> >> >> Albert Chu
> >> >> address@hidden
> >> >> Lawrence Livermore National Laboratory
> >> >>
> >> >>
> >> >> _______________________________________________
> >> >> llnl-devel mailing list
> >> >> address@hidden
> >> >> http://californiadigital.com/cgi-bin/mailman/listinfo/llnl-devel
> >> >>
> >> >
> >> >
> >> > _______________________________________________
> >> > llnl-devel mailing list
> >> > address@hidden
> >> > http://californiadigital.com/cgi-bin/mailman/listinfo/llnl-devel
> >> >
> >>
> >
> >
>
>