tacho / conman

Automatically exported from code.google.com/p/conman
GNU General Public License v3.0
1 stars 0 forks source link

IPMI SOL Cipher Suite ID, Privilege Level, and Workaround Flags #5

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What new or enhanced feature are you proposing?

Support for IPMI SOL connections via FreeIPMI with non-default values of Cipher 
Suite ID, Privilege Level, and Workaround Flags.

What goal would this enhancement help you achieve?

The ability to define IPMI SOL connections requiring non-default values for 
these settings.  The FreeIPMI defaults are as follows:

The Cipher Suite ID defaults to 3: Authentication Algorithm = HMAC-SHA1, 
Integrity Algorithm = HMAC-SHA1-96, Confidentiality Algorithm = AES-CBC-128.

The Privilege Level defaults to ADMIN.

The Workaround Flags default to 0: no modifications to the IPMI protocol.

Please provide any additional information below.

Refer to <ipmiconsole.h> from FreeIPMI.  These values are stored in the 
cipher_suite_id, privilege_level, and workaround_flags components of 
ipmiconsole_ipmi_config struct:

struct ipmiconsole_ipmi_config
{
  char *username;
  char *password;
  unsigned char *k_g;
  unsigned int k_g_len;
  int privilege_level;
  int cipher_suite_id;
  unsigned int workaround_flags;
};

Original issue reported on code.google.com by chris.m.dunlap on 17 Jun 2010 at 6:55

GoogleCodeExporter commented 9 years ago

Original comment by chris.m.dunlap on 17 Jun 2010 at 6:56

GoogleCodeExporter commented 9 years ago
Patch for workaround flags from Matthieu Pérotin (2010-07-02).

Original comment by chris.m.dunlap on 2 Nov 2010 at 5:41

Attachments:

GoogleCodeExporter commented 9 years ago

Original comment by chris.m.dunlap on 26 Jan 2011 at 1:25

GoogleCodeExporter commented 9 years ago
The IPMIOPTS string is parsed into comma-delimited substrings where each 
substring is of the form "X:VALUE".  "X" is a single-character case-insensitive 
key specifying the option type, and "VALUE" is its corresponding value.  The 
IPMI default will be used if either "VALUE" is omitted from the substring 
("X:") or the substring is omitted altogether.  Note that since the IPMIOPTS 
string is delimited by commas, substring values cannot contain commas.

The valid IPMIOPTS substrings include the following (in any order):

- U:<username> - a string of at most 16 bytes for the username.

- P:<password> - a string of at most 20 bytes for the password.

- K:<K_g> - a string of at most 20 bytes for the K_g key.

- C:<cipher_suite> - an integer for the IPMI cipher suite ID.

- L:<privilege_level> - the string "user", "op", or "admin".

- W:<workaround_flag> - a string or integer for an IPMI workaround.  This may 
be repeated in order to specify multiple flags.  The following strings are 
currently recognized: "authcap", "intel20", "supermicro20", "sun20", 
"opensesspriv", "integritycheckvalue", "solpayloadsize", "solport", and 
"solstatus".

Refer to ipmiconsole(8) 
<http://www.gnu.org/software/freeipmi/manpages/man8/ipmiconsole.8.html> for a 
list of currently supported cipher suite IDs, workaround flags, and the like.

As an example, the following config lines are equivalent ways of specifying a 
console "foo" connected to a host "bar" via IPMI SOL with username "user", 
password "pass", and workaround flags for authentication capabilities, ignoring 
SOL payload size, and ignoring SOL port:

console name="foo" dev="ipmi:bar" 
ipmiopts="U:user,P:pass,W:authcap,W:solpayloadsize,W:solport"
console name="foo" dev="ipmi:bar" 
ipmiopts="w:1,U:user,w:0100000000,P:pass,w:0x2000000"
console name="foo" dev="ipmi:bar" ipmiopts="u:user,p:pass,k:,c:,l:,w:0x3000001"

Original comment by chris.m.dunlap on 18 Apr 2011 at 9:11

GoogleCodeExporter commented 9 years ago
This issue was updated by revision r1047.

Requires freeipmi-1.0.4 or later.

Original comment by chris.m.dunlap on 20 Apr 2011 at 12:51

GoogleCodeExporter commented 9 years ago
This issue was closed by revision r1059.

Original comment by chris.m.dunlap on 21 Apr 2011 at 12:20