2
0
mirror of https://github.com/xcat2/xcat-dep.git synced 2024-11-22 01:21:44 +00:00

Add patches for ipmitool from RHEL8

This commit is contained in:
GONG Jie 2018-11-15 03:00:20 -05:00
parent c67f8a3924
commit 010a288bd3
7 changed files with 448 additions and 0 deletions

View File

@ -0,0 +1,25 @@
From 152efd46931a70ab4e3d81e99d312df7dcd666e6 Mon Sep 17 00:00:00 2001
From: Boris Ranto <branto@redhat.com>
Date: Tue, 10 May 2016 19:12:08 +0200
Subject: [PATCH] CVE-2011-4339 OpenIPMI
IPMI event daemon creates PID file with world writeable permissions
---
lib/helper.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/lib/helper.c b/lib/helper.c
index de91438..c3a1c80 100644
--- a/lib/helper.c
+++ b/lib/helper.c
@@ -829,7 +829,6 @@ ipmi_start_daemon(struct ipmi_intf *intf)
#endif
chdir("/");
- umask(0);
for (fd=0; fd<64; fd++) {
if (fd != intf->fd)
--
2.7.4

View File

@ -0,0 +1,89 @@
diff -urNp old/src/plugins/lanplus/lanplus_crypt_impl.c new/src/plugins/lanplus/lanplus_crypt_impl.c
--- old/src/plugins/lanplus/lanplus_crypt_impl.c 2016-05-28 10:20:20.000000000 +0200
+++ new/src/plugins/lanplus/lanplus_crypt_impl.c 2017-02-21 10:50:21.634873466 +0100
@@ -164,10 +164,10 @@ lanplus_encrypt_aes_cbc_128(const uint8_
uint8_t * output,
uint32_t * bytes_written)
{
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
- EVP_CIPHER_CTX_set_padding(&ctx, 0);
+ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+ EVP_CIPHER_CTX_init(ctx);
+ EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
*bytes_written = 0;
@@ -191,7 +191,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_
assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
- if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
+ if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
{
/* Error */
*bytes_written = 0;
@@ -201,7 +201,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_
{
uint32_t tmplen;
- if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
+ if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
{
*bytes_written = 0;
return; /* Error */
@@ -210,7 +210,8 @@ lanplus_encrypt_aes_cbc_128(const uint8_
{
/* Success */
*bytes_written += tmplen;
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_cleanup(ctx);
+ EVP_CIPHER_CTX_free(ctx);
}
}
}
@@ -239,10 +240,10 @@ lanplus_decrypt_aes_cbc_128(const uint8_
uint8_t * output,
uint32_t * bytes_written)
{
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
- EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
- EVP_CIPHER_CTX_set_padding(&ctx, 0);
+ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+ EVP_CIPHER_CTX_init(ctx);
+ EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
if (verbose >= 5)
@@ -266,7 +267,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_
assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
- if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
+ if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
{
/* Error */
lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
@@ -277,7 +278,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_
{
uint32_t tmplen;
- if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
+ if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
{
char buffer[1000];
ERR_error_string(ERR_get_error(), buffer);
@@ -290,7 +291,8 @@ lanplus_decrypt_aes_cbc_128(const uint8_
{
/* Success */
*bytes_written += tmplen;
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_cleanup(ctx);
+ EVP_CIPHER_CTX_free(ctx);
}
}

View File

@ -0,0 +1,240 @@
diff -urNp old/doc/ipmitool.1 new/doc/ipmitool.1
--- old/doc/ipmitool.1 2017-02-06 10:20:02.254362909 +0100
+++ new/doc/ipmitool.1 2017-02-06 10:33:41.729294474 +0100
@@ -372,6 +372,20 @@ Configure user access information on the
Displays the list of cipher suites supported for the given
application (ipmi or sol) on the given channel.
+.TP
+\fIsetkg\fP <\fIhex\fP|\fIplain\fP> <\fBkey\fP> [<\fBchannel\fR>]
+.br
+
+Sets K_g key to given value. Use \fIplain\fP to specify \fBkey\fR as simple ASCII string.
+Use \fIhex\fP to specify \fBkey\fR as sequence of hexadecimal codes of ASCII charactes.
+I.e. following two examples are equivalent:
+
+.RS
+ipmitool channel setkg plain PASSWORD
+
+ipmitool channel setkg hex 50415353574F5244
+.RE
+
.RE
.RE
.TP
diff -urNp old/include/ipmitool/helper.h new/include/ipmitool/helper.h
--- old/include/ipmitool/helper.h 2017-02-06 10:20:02.254362909 +0100
+++ new/include/ipmitool/helper.h 2017-02-06 10:40:07.336136844 +0100
@@ -58,6 +58,8 @@
# define IPMI_UID_MAX 63
#endif
+#define IPMI_KG_BUFFER_SIZE 21 /* key plus null byte */
+
struct ipmi_intf;
struct valstr {
diff -urNp old/include/ipmitool/ipmi_channel.h new/include/ipmitool/ipmi_channel.h
--- old/include/ipmitool/ipmi_channel.h 2017-02-06 10:20:02.253316684 +0100
+++ new/include/ipmitool/ipmi_channel.h 2017-02-06 10:58:15.291287621 +0100
@@ -49,6 +49,10 @@
#define IPMI_GET_USER_NAME 0x46
#define IPMI_SET_USER_PASSWORD 0x47
#define IPMI_GET_CHANNEL_CIPHER_SUITES 0x54
+#define IPMI_SET_CHANNEL_SECURITY_KEYS 0x56
+
+#define IPMI_KG_KEY_ID 1
+#define IPMI_SET_CHANNEL_SECURITY_KEYS_OP_SET 1
/* These are for channel_info_t.session_support */
#define IPMI_CHANNEL_SESSION_LESS 0x00
@@ -137,6 +141,40 @@ int _ipmi_set_channel_access(struct ipmi
struct channel_access_t channel_access, uint8_t access_option,
uint8_t privilege_option);
+struct set_channel_security_keys_req {
+#if WORDS_BIGENDIAN
+ uint8_t __reserved1 :4;
+ uint8_t channel :4;
+
+ uint8_t __reserved2 :6;
+ uint8_t operation :2;
+
+ uint8_t key_id;
+ unsigned char key_value[IPMI_KG_BUFFER_SIZE-1]; /* we don't want space for '\0' at the end */
+#else
+ uint8_t channel :4;
+ uint8_t __reserved1 :4;
+
+ uint8_t operation :2;
+ uint8_t __reserved2 :6;
+
+ uint8_t key_id;
+ unsigned char key_value[IPMI_KG_BUFFER_SIZE-1]; /* we don't want space for '\0' at the end */
+#endif
+} __attribute__ ((packed));
+
+struct set_channel_security_keys_rsp {
+#if WORDS_BIGENDIAN
+ uint8_t __reserved1 :6;
+ uint8_t lock_status :2;
+ unsigned char key_value; /* just the first character, use &key_value to explore the rest */
+#else
+ uint8_t lock_status :2;
+ uint8_t __reserved1 :6;
+ unsigned char key_value; /* just the first character, use &key_value to explore the rest */
+#endif
+} __attribute__ ((packed));
+
uint8_t ipmi_get_channel_medium(struct ipmi_intf * intf, uint8_t channel);
uint8_t ipmi_current_channel_medium(struct ipmi_intf * intf);
int ipmi_channel_main(struct ipmi_intf * intf, int argc, char ** argv);
diff -urNp old/include/ipmitool/ipmi_intf.h new/include/ipmitool/ipmi_intf.h
--- old/include/ipmitool/ipmi_intf.h 2017-02-06 10:20:02.254362909 +0100
+++ new/include/ipmitool/ipmi_intf.h 2017-02-06 10:40:40.264577602 +0100
@@ -60,7 +60,6 @@ enum LANPLUS_SESSION_STATE {
#define IPMI_AUTHCODE_BUFFER_SIZE 20
#define IPMI_SIK_BUFFER_SIZE IPMI_MAX_MD_SIZE
-#define IPMI_KG_BUFFER_SIZE 21 /* key plus null byte */
struct ipmi_session_params {
char * hostname;
diff -urNp old/lib/ipmi_channel.c new/lib/ipmi_channel.c
--- old/lib/ipmi_channel.c 2017-02-06 10:20:02.255409134 +0100
+++ new/lib/ipmi_channel.c 2017-02-06 12:32:14.222282317 +0100
@@ -821,6 +821,92 @@ ipmi_set_user_access(struct ipmi_intf *i
return 0;
}
+int
+ipmi_set_channel_security_keys (struct ipmi_intf *intf, uint8_t channel, const char *method, const char *key)
+{
+ uint8_t kgkey[IPMI_KG_BUFFER_SIZE];
+ struct ipmi_rs *rsp;
+ struct ipmi_rq req;
+ struct set_channel_security_keys_req req_data;
+ int rc = -1;
+
+ /* convert provided key to array of bytes */
+ if (strcmp(method, "hex") == 0) {
+ if (strlen(key) > (IPMI_KG_BUFFER_SIZE-1)*2) {
+ lprintf(LOG_ERR, "Provided key is too long, max. length is %d bytes", (IPMI_KG_BUFFER_SIZE-1));
+ printf_channel_usage();
+ return -1;
+ }
+
+ rc = ipmi_parse_hex(key, kgkey, sizeof(kgkey)-1);
+ if (rc == -1) {
+ lprintf(LOG_ERR, "Number of Kg key characters is not even");
+ return rc;
+ } else if (rc == -3) {
+ lprintf(LOG_ERR, "Kg key is not hexadecimal number");
+ return rc;
+ } else if (rc > (IPMI_KG_BUFFER_SIZE-1)) {
+ lprintf(LOG_ERR, "Kg key is too long");
+ return rc;
+ }
+
+ } else if (strcmp(method, "plain") == 0) {
+ if (strlen(key) > IPMI_KG_BUFFER_SIZE-1) {
+ lprintf(LOG_ERR, "Provided key is too long, max. length is %d bytes", (IPMI_KG_BUFFER_SIZE -1));
+ printf_channel_usage();
+ return rc;
+ }
+
+ strncpy(kgkey, key, IPMI_KG_BUFFER_SIZE-1);
+ } else {
+ printf_channel_usage();
+ return rc;
+ }
+
+ /* assemble and send request to set kg key */
+ memset(&req_data, 0, sizeof(req_data));
+ req_data.channel = channel;
+ req_data.operation = IPMI_SET_CHANNEL_SECURITY_KEYS_OP_SET;
+ req_data.key_id = IPMI_KG_KEY_ID;
+ memcpy(req_data.key_value, kgkey, IPMI_KG_BUFFER_SIZE-1);
+
+ memset(&req, 0, sizeof(req));
+ req.msg.netfn = IPMI_NETFN_APP;
+ req.msg.cmd = IPMI_SET_CHANNEL_SECURITY_KEYS;
+ req.msg.data = (uint8_t*) &req_data;
+ req.msg.data_len = sizeof(req_data);
+
+ rsp = intf->sendrecv(intf, &req);
+ if (rsp == NULL) {
+ lprintf(LOG_ERR, "Set Channel Security Keys command failed");
+ return rc;
+ }
+ if (rsp->ccode > 0) {
+ const char *error = NULL;
+ switch (rsp->ccode) {
+ case 0x80:
+ error = "Key is locked";
+ break;
+ case 0x81:
+ error = "Insufficient key bytes";
+ break;
+ case 0x82:
+ error = "Too many key bytes";
+ break;
+ case 0x83:
+ error = "Key value does not meet criteria for K_g key";
+ break;
+ default:
+ error = val2str(rsp->ccode, completion_code_vals);
+ }
+ lprintf(LOG_ERR, "Error setting security key: %X (%s)", rsp->ccode, error);
+ return rc;
+ }
+
+ lprintf(LOG_NOTICE, "Set Channel Security Keys command succeeded");
+ return 0;
+}
+
int
ipmi_channel_main(struct ipmi_intf *intf, int argc, char **argv)
{
@@ -890,6 +976,19 @@ ipmi_channel_main(struct ipmi_intf *intf
retval = ipmi_get_channel_cipher_suites(intf,
argv[1], /* ipmi | sol */
channel);
+ } else if (strncmp(argv[0], "setkg", 5) == 0) {
+ if (argc < 3 || argc > 4)
+ printf_channel_usage();
+ else {
+ uint8_t ch = 0xe;
+ char *method = argv[1];
+ char *key = argv[2];
+ if (argc == 4) {
+ ch = (uint8_t)strtol(argv[3], NULL, 0);
+ }
+
+ retval = ipmi_set_channel_security_keys(intf, ch, method, key);
+ }
} else {
lprintf(LOG_ERR, "Invalid CHANNEL command: %s\n", argv[0]);
printf_channel_usage();
@@ -916,6 +1015,10 @@ printf_channel_usage()
lprintf(LOG_NOTICE,
"");
lprintf(LOG_NOTICE,
+" setkg hex|plain <key> [channel]");
+ lprintf(LOG_NOTICE,
+"");
+ lprintf(LOG_NOTICE,
"Possible privilege levels are:");
lprintf(LOG_NOTICE,
" 1 Callback level");
diff -urNp old/src/plugins/ipmi_intf.c new/src/plugins/ipmi_intf.c
--- old/src/plugins/ipmi_intf.c 2017-02-06 10:20:02.257501584 +0100
+++ new/src/plugins/ipmi_intf.c 2017-02-06 10:42:12.585257810 +0100
@@ -55,6 +55,7 @@
#include <ipmitool/ipmi.h>
#include <ipmitool/ipmi_sdr.h>
#include <ipmitool/log.h>
+#include <ipmitool/helper.h>
#define IPMI_DEFAULT_PAYLOAD_SIZE 25

View File

@ -0,0 +1,16 @@
diff --git a/lib/ipmi_sdr.c b/lib/ipmi_sdr.c
index fa7b082..9bc5ac2 100644
--- a/lib/ipmi_sdr.c
+++ b/lib/ipmi_sdr.c
@@ -572,6 +572,8 @@ ipmi_sdr_get_sensor_reading_ipmb(struct ipmi_intf *intf, uint8_t sensor,
uint32_t save_addr;
uint32_t save_channel;
+ if (target == (uint8_t) 0xb1)
+ return ipmi_sdr_get_sensor_reading(intf, sensor);
if ( BRIDGE_TO_SENSOR(intf, target, channel) ) {
lprintf(LOG_DEBUG,
"Bridge to Sensor "
--
2.1.0

View File

@ -0,0 +1,16 @@
diff --git a/include/ipmitool/ipmi_sdr.h b/include/ipmitool/ipmi_sdr.h
index ccf0cf0..47d3949 100644
--- a/include/ipmitool/ipmi_sdr.h
+++ b/include/ipmitool/ipmi_sdr.h
@@ -819,7 +819,7 @@ static const char *sensor_type_desc[] __attribute__ ((unused)) = {
"Version Change", "FRU State" };
struct sensor_reading {
- char s_id[17]; /* name of the sensor */
+ char s_id[33]; /* name of the sensor */
struct sdr_record_full_sensor *full;
struct sdr_record_compact_sensor *compact;
uint8_t s_reading_valid; /* read value valididity */
--
2.1.0

View File

@ -0,0 +1,21 @@
diff -urNp old/configure.ac new/configure.ac
--- old/configure.ac 2017-02-02 14:20:33.230784269 +0100
+++ new/configure.ac 2017-02-02 14:22:53.528510336 +0100
@@ -63,7 +63,7 @@ xenable_intf_imb=yes
xenable_intf_lipmi=yes
xenable_intf_open=yes
#xenable_intf_serial=yes
-xenable_intf_usb=no
+xenable_intf_usb=yes
xenable_ipmishell=yes
dnl set some things so we build with GNU tools on Solaris
@@ -209,7 +209,7 @@ fi
dnl enable IPMI USB interface
AC_ARG_ENABLE([intf-usb],
[AC_HELP_STRING([--enable-intf-usb],
- [enable IPMI USB interface [default=auto]])],
+ [enable IPMI USB interface [default=yes]])],
[xenable_intf_usb=$enableval],
[xenable_intf_usb=$xenable_intf_usb])
if test "x$xenable_intf_usb" = "xstatic" || test "x$xenable_intf_usb" = "xplugin"; then

View File

@ -0,0 +1,41 @@
diff -urNp old/doc/ipmitool.1 new/doc/ipmitool.1
--- old/doc/ipmitool.1 2017-10-03 16:10:50.446539988 +0200
+++ new/doc/ipmitool.1 2017-10-03 16:16:37.039673239 +0200
@@ -3170,13 +3170,14 @@ SOL configuration data for the currently
Enable, disable or show status of SOL payload for the user on the specified channel.
.TP
-\fIset\fP <\fBparameter\fR> <\fBvalue\fR> [<\fBchannel\fR>]
+\fIset\fP <\fBparameter\fR> <\fBvalue\fR> [<\fBchannel\fR>] [\fBnoguard\fR]
.br
Configure parameters for Serial Over Lan. If no channel is given,
it will display SOL configuration data for the currently used
channel. Configuration parameter updates are automatically guarded
-with the updates to the set\-in\-progress parameter.
+with the updates to the set\-in\-progress parameter, unless \fInoguard\fR
+parameter is present.
.RS
.TP
Valid parameters and values are:
diff -urNp old/lib/ipmi_sol.c new/lib/ipmi_sol.c
--- old/lib/ipmi_sol.c 2017-10-03 16:10:50.447539996 +0200
+++ new/lib/ipmi_sol.c 2017-10-03 16:18:37.079006949 +0200
@@ -1875,7 +1875,7 @@ static void
print_sol_usage(void)
{
lprintf(LOG_NOTICE, "SOL Commands: info [<channel number>]");
- lprintf(LOG_NOTICE, " set <parameter> <value> [channel]");
+ lprintf(LOG_NOTICE, " set <parameter> <value> [channel] [noguard]");
lprintf(LOG_NOTICE, " payload <enable|disable|status> [channel] [userid]");
lprintf(LOG_NOTICE, " activate [<usesolkeepalive|nokeepalive>] [instance=<number>]");
lprintf(LOG_NOTICE, " deactivate [instance=<number>]");
@@ -1890,6 +1890,8 @@ print_sol_usage(void)
static void
print_sol_set_usage(void)
{
+ lprintf(LOG_NOTICE, "\nSOL set usage: \n");
+ lprintf(LOG_NOTICE, " sol set <parameter> <value> [channel] [noguard]\n");
lprintf(LOG_NOTICE, "\nSOL set parameters and values: \n");
lprintf(LOG_NOTICE, " set-in-progress set-complete | "
"set-in-progress | commit-write");