Implement auto-downgrade to operator in IPMI

In some circumstances, xCAT can only have Operator privilege in
an IPMI environment.  In such a scenario, auto-degrade to operator
and try again before giving up.
This commit is contained in:
Jarrod Johnson 2014-04-14 15:46:44 -04:00
parent 6e7009e9e6
commit 5c4558c06c

View File

@ -122,6 +122,7 @@ sub new {
unless ($ipmi2support) {
$self->{ipmi15only} = 1;
}
$self->{privlevel} = 4;
unless ($args{'bmc'} and defined $args{'userid'} and defined $args{'password'}) {
$self->{error}="bmc, userid, and password must be specified";
return $self;
@ -309,7 +310,7 @@ sub session_activated {
sub set_admin_level {
my $self= shift;
$self->subcmd(netfn=>0x6,command=>0x3b,data=>[4],callback=>\&admin_level_set,callback_args=>$self);
$self->subcmd(netfn=>0x6,command=>0x3b,data=>[$self->{privlevel}],callback=>\&admin_level_set,callback_args=>$self);
}
sub admin_level_set {
my $rsp = shift;
@ -687,7 +688,7 @@ sub send_rakp3 {
$self->{rmcptag}+=1;
my @payload = ($self->{rmcptag},0,0,0,@{$self->{pendingsessionid}});
my @user = unpack("C*",$self->{userid});
push @payload,unpack("C*",hmac_sha1(pack("C*",@{$self->{remoterandomnumber}},@{$self->{sidm}},4,scalar @user,@user),$self->{password}));
push @payload,unpack("C*",hmac_sha1(pack("C*",@{$self->{remoterandomnumber}},@{$self->{sidm}},$self->{privlevel},scalar @user,@user),$self->{password}));
$self->sendpayload(payload=>\@payload,type=>$payload_types{'rakp3'});
}
@ -701,7 +702,7 @@ sub send_rakp1 {
push @{$self->{randomnumber}},$randomnumber;
}
push @payload, @{$self->{randomnumber}};
push @payload,(4,0,0); # request admin
push @payload,($self->{privlevel},0,0); # request priv
my @user = unpack("C*",$self->{userid});
push @payload,scalar @user;
push @payload,@user;
@ -817,6 +818,13 @@ sub got_rakp2 {
}
$byte = shift @data;
unless ($byte == 0x00) {
if ($byte == 0x9 and $self->{privlevel} == 4) {
# this is probably an environment that wants to give us only operator
# try to connect again at 3.
$self->{privlevel} = 3;
$self->relog();
return;
}
if ($byte == 0x02) { #invalid session id is almost certainly because a retry on rmcp+ open session response rendered our session id invalid, ignore this in the hope that we'll get an answer for our retry that invalidated us..
#$self->relog();
#TODO: probably should disable RAKP1 retry here... high likelihood that we'll just spew a bad RAKP1 and Open Session Request retry would be more appropriate to try to discern a valid session id
@ -841,7 +849,7 @@ sub got_rakp2 {
#Data now represents authcode.. sha1 only..
my @user = unpack("C*",$self->{userid});
my $ulength = scalar @user;
my $hmacdata = pack("C*",(@{$self->{sidm}},@{$self->{pendingsessionid}},@{$self->{randomnumber}},@{$self->{remoterandomnumber}},@{$self->{remoteguid}},4,$ulength,@user));
my $hmacdata = pack("C*",(@{$self->{sidm}},@{$self->{pendingsessionid}},@{$self->{randomnumber}},@{$self->{remoterandomnumber}},@{$self->{remoteguid}},$self->{privlevel},$ulength,@user));
my @expectedhash = (unpack("C*",hmac_sha1($hmacdata,$self->{password})));
foreach (0..(scalar(@expectedhash)-1)) {
if ($expectedhash[$_] != $data[$_]) {
@ -850,7 +858,7 @@ sub got_rakp2 {
return 9;
}
}
$self->{sik} = hmac_sha1(pack("C*",@{$self->{randomnumber}},@{$self->{remoterandomnumber}},4,$ulength,@user),$self->{password});
$self->{sik} = hmac_sha1(pack("C*",@{$self->{randomnumber}},@{$self->{remoterandomnumber}},$self->{privlevel},$ulength,@user),$self->{password});
$self->{k1} = hmac_sha1(pack("C*",1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1),$self->{sik});
$self->{k2} = hmac_sha1(pack("C*",2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2),$self->{sik});
my @aeskey = unpack("C*",$self->{k2});