arif/xcat-core
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Have IPMI more decisively quite should the password be incorrect. Hypothetically a DoS could be aimed at the client, but that's much less likely.

Browse Source 
git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/branches/2.7@14248 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
This commit is contained in:
jbjohnso
2012-11-05 14:56:46 +00:00
parent 4106dec47e
commit 8c19948f3b
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
xCAT-server/lib/perl/xCAT/IPMI.pm
View File

@@ -21,6 +21,7 @@ use constant STATE_OPENSESSION=>1;
use constant STATE_EXPECTINGRAKP2=>2;
use constant STATE_EXPECTINGRAKP4=>3;
use constant STATE_ESTABLISHED=>4;
use constant STATE_FAILED=>4;
#my $ipmidbg;
#open($ipmidbg,">","/tmp/ipmidbg");
#sub dprint {
@@ -469,6 +470,8 @@ sub timedout {
$self->{ipmicallback}->($rsp,$self->{ipmicallback_args});
$self->{nowait}=0;
return;
} elsif ($self->{sessionestablishmentcontext} == STATE_FAILED) {
return;
}
if ($self->{sessionestablishmentcontext} == STATE_OPENSESSION) { #in this particular case, we want to craft a new rmcp session request with a new client side session id, to aid in distinguishing retry from new
$self->open_rmcpplus_request();
@@ -797,6 +800,7 @@ sub got_rakp2 {
my @expectedhash = (unpack("C*",hmac_sha1($hmacdata,$self->{password})));
foreach (0..(scalar(@expectedhash)-1)) {
if ($expectedhash[$_] != $data[$_]) {
$self->{sessionestablishmentcontext}=STATE_FAILED;
$self->{onlogon}->("ERROR: Incorrect password provided",$self->{onlogon_args});
return 9;
}