From 8c19948f3b250e7a1aff1aa724ab83cafbef213b Mon Sep 17 00:00:00 2001
From: jbjohnso <jbjohnso@8638fb3e-16cb-4fca-ae20-7b5d299a9bcd>
Date: Mon, 5 Nov 2012 14:56:46 +0000
Subject: [PATCH] Have IPMI more decisively quite should the password be
 incorrect.  Hypothetically a DoS could be aimed at the client, but that's
 much less likely.

git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/branches/2.7@14248 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
---
 xCAT-server/lib/perl/xCAT/IPMI.pm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/xCAT-server/lib/perl/xCAT/IPMI.pm b/xCAT-server/lib/perl/xCAT/IPMI.pm
index 6086c0662..2894ac37a 100644
--- a/xCAT-server/lib/perl/xCAT/IPMI.pm
+++ b/xCAT-server/lib/perl/xCAT/IPMI.pm
@@ -21,6 +21,7 @@ use constant STATE_OPENSESSION=>1;
 use constant STATE_EXPECTINGRAKP2=>2;
 use constant STATE_EXPECTINGRAKP4=>3;
 use constant STATE_ESTABLISHED=>4;
+use constant STATE_FAILED=>4;
 #my $ipmidbg;
 #open($ipmidbg,">","/tmp/ipmidbg");
 #sub dprint {
@@ -469,6 +470,8 @@ sub timedout {
         $self->{ipmicallback}->($rsp,$self->{ipmicallback_args});
     	$self->{nowait}=0;
         return;
+    } elsif ($self->{sessionestablishmentcontext} == STATE_FAILED) {
+	return;
     }
     if ($self->{sessionestablishmentcontext} == STATE_OPENSESSION) { #in this particular case, we want to craft a new rmcp session request with a new client side session id, to aid in distinguishing retry from new
         $self->open_rmcpplus_request();
@@ -797,6 +800,7 @@ sub got_rakp2 {
     my @expectedhash = (unpack("C*",hmac_sha1($hmacdata,$self->{password})));
     foreach (0..(scalar(@expectedhash)-1)) {
         if ($expectedhash[$_] != $data[$_]) {
+	    $self->{sessionestablishmentcontext}=STATE_FAILED;
             $self->{onlogon}->("ERROR: Incorrect password provided",$self->{onlogon_args});
             return 9;
         }