00001 /* 00002 * ipmi_auth.h 00003 * 00004 * MontaVista IPMI interface for authorization 00005 * 00006 * Author: MontaVista Software, Inc. 00007 * Corey Minyard <minyard@mvista.com> 00008 * source@mvista.com 00009 * 00010 * Copyright 2002,2003,2004,2005 MontaVista Software Inc. 00011 * 00012 * This software is available to you under a choice of one of two 00013 * licenses. You may choose to be licensed under the terms of the GNU 00014 * Lesser General Public License (GPL) Version 2 or the modified BSD 00015 * license below. The following disclamer applies to both licenses: 00016 * 00017 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED 00018 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 00019 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 00020 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 00021 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 00022 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 00023 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 00024 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR 00025 * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 00026 * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 00027 * 00028 * GNU Lesser General Public Licence 00029 * 00030 * This program is free software; you can redistribute it and/or 00031 * modify it under the terms of the GNU Lesser General Public License 00032 * as published by the Free Software Foundation; either version 2 of 00033 * the License, or (at your option) any later version. 00034 * 00035 * You should have received a copy of the GNU Lesser General Public 00036 * License along with this program; if not, write to the Free 00037 * Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 00038 * 00039 * Modified BSD Licence 00040 * 00041 * Redistribution and use in source and binary forms, with or without 00042 * modification, are permitted provided that the following conditions 00043 * are met: 00044 * 00045 * 1. Redistributions of source code must retain the above copyright 00046 * notice, this list of conditions and the following disclaimer. 00047 * 2. Redistributions in binary form must reproduce the above 00048 * copyright notice, this list of conditions and the following 00049 * disclaimer in the documentation and/or other materials provided 00050 * with the distribution. 00051 * 3. The name of the author may not be used to endorse or promote 00052 * products derived from this software without specific prior 00053 * written permission. 00054 */ 00055 00056 00057 #ifndef _IPMI_AUTH_H 00058 #define _IPMI_AUTH_H 00059 00060 #ifdef __cplusplus 00061 extern "C" { 00062 #endif 00063 00064 /* Data is provided to the authorization code as an array of these items, a 00065 "scatter-gather" list. The algorithm will go through the item in the 00066 array until "data" is NULL. */ 00067 typedef struct ipmi_auth_sg_s 00068 { 00069 void *data; /* NULL to terminate. */ 00070 int len; 00071 } ipmi_auth_sg_t; 00072 00073 /* A handle for an authorization algorithm to use. */ 00074 typedef struct ipmi_authdata_s *ipmi_authdata_t; 00075 00076 typedef struct ipmi_auth_s 00077 { 00078 /* Initialize the authorization engine and return a handle for it. 00079 You must pass this handle into the other authorization 00080 calls. Return 0 on success or an errno on failure. */ 00081 int (*authcode_init)(unsigned char *password, 00082 ipmi_authdata_t *handle, 00083 void *info, 00084 void *(*mem_alloc)(void *info, int size), 00085 void (*mem_free)(void *info, void *data)); 00086 00087 /* Generate a 16-byte authorization code and put it into 00088 "output". Returns 0 on success and an errno on failure. */ 00089 int (*authcode_gen)(ipmi_authdata_t handle, 00090 ipmi_auth_sg_t data[], 00091 void *output); 00092 00093 /* Check that the 16-byte authorization code given in "code" is valid. 00094 This will return 0 if it is valid or EINVAL if not. */ 00095 int (*authcode_check)(ipmi_authdata_t handle, 00096 ipmi_auth_sg_t data[], 00097 void *code); 00098 00099 /* Free the handle. You MUST call this when you are done with the 00100 handle. */ 00101 void (*authcode_cleanup)(ipmi_authdata_t handle); 00102 } ipmi_auth_t; 00103 00104 #define IPMI_USERNAME_MAX 16 00105 #define IPMI_PASSWORD_MAX 20 00106 00107 /* Standard IPMI authentication algorithms. */ 00108 #define IPMI_AUTHTYPE_DEFAULT (~0) /* Choose the most secure available */ 00109 #define IPMI_AUTHTYPE_NONE 0 00110 #define IPMI_AUTHTYPE_MD2 1 00111 #define IPMI_AUTHTYPE_MD5 2 00112 #define IPMI_AUTHTYPE_STRAIGHT 4 00113 #define IPMI_AUTHTYPE_OEM 5 00114 #define IPMI_AUTHTYPE_RMCP_PLUS 6 00115 const char *ipmi_authtype_string(int authtype); 00116 00117 /* This is a table of authentication algorithms. */ 00118 #define MAX_IPMI_AUTHS 6 00119 extern ipmi_auth_t ipmi_auths[MAX_IPMI_AUTHS]; 00120 00121 /* IPMI privilege levels */ 00122 #define IPMI_PRIVILEGE_CALLBACK 1 00123 #define IPMI_PRIVILEGE_USER 2 00124 #define IPMI_PRIVILEGE_OPERATOR 3 00125 #define IPMI_PRIVILEGE_ADMIN 4 00126 #define IPMI_PRIVILEGE_OEM 5 00127 const char *ipmi_privilege_string(int privilege); 00128 00129 00130 /* Tell if a specific command is permitted for the given priviledge 00131 level. Returns one of the following. */ 00132 #define IPMI_PRIV_INVALID -1 00133 #define IPMI_PRIV_DENIED 0 00134 #define IPMI_PRIV_PERMITTED 1 00135 #define IPMI_PRIV_SEND 2 /* Special send message handling needed. */ 00136 #define IPMI_PRIV_BOOT 3 /* Special set system boot options handling.*/ 00137 00138 int ipmi_cmd_permitted(unsigned char priv, 00139 unsigned char netfn, 00140 unsigned char cmd); 00141 00142 #ifdef __cplusplus 00143 } 00144 #endif 00145 00146 #endif /* _IPMI_AUTH_H */