1 /*
2  * ipmi_auth.h
3  *
4  * MontaVista IPMI interface for authorization
5  *
6  * Author: MontaVista Software, Inc.
7  *         Corey Minyard <minyard@mvista.com>
8  *         source@mvista.com
9  *
10  * Copyright 2002,2003,2004,2005 MontaVista Software Inc.
11  *
12  * This software is available to you under a choice of one of two
13  * licenses.  You may choose to be licensed under the terms of the GNU
14  * Lesser General Public License (GPL) Version 2 or the modified BSD
15  * license below.  The following disclamer applies to both licenses:
16  *
17  *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
18  *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
19  *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20  *  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21  *  INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
22  *  BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
23  *  OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
24  *  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
25  *  TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
26  *  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27  *
28  * GNU Lesser General Public Licence
29  *
30  *  This program is free software; you can redistribute it and/or
31  *  modify it under the terms of the GNU Lesser General Public License
32  *  as published by the Free Software Foundation; either version 2 of
33  *  the License, or (at your option) any later version.
34  *
35  *  You should have received a copy of the GNU Lesser General Public
36  *  License along with this program; if not, write to the Free
37  *  Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
38  *
39  * Modified BSD Licence
40  *
41  * Redistribution and use in source and binary forms, with or without
42  * modification, are permitted provided that the following conditions
43  * are met:
44  *
45  *   1. Redistributions of source code must retain the above copyright
46  *      notice, this list of conditions and the following disclaimer.
47  *   2. Redistributions in binary form must reproduce the above
48  *      copyright notice, this list of conditions and the following
49  *      disclaimer in the documentation and/or other materials provided
50  *      with the distribution.
51  *   3. The name of the author may not be used to endorse or promote
52  *      products derived from this software without specific prior
53  *      written permission.
54  */
55 
56 
57 #ifndef OPENIPMI_AUTH_H
58 #define OPENIPMI_AUTH_H
59 
60 #ifdef __cplusplus
61 extern "C" {
62 #endif
63 
64 /* Data is provided to the authorization code as an array of these items, a
65    "scatter-gather" list.  The algorithm will go through the item in the
66    array until "data" is NULL. */
67 typedef struct ipmi_auth_sg_s
68 {
69     void *data; /* NULL to terminate. */
70     int  len;
71 } ipmi_auth_sg_t;
72 
73 /* A handle for an authorization algorithm to use. */
74 typedef struct ipmi_authdata_s *ipmi_authdata_t;
75 
76 typedef struct ipmi_auth_s
77 {
78     /* Initialize the authorization engine and return a handle for it.
79        You must pass this handle into the other authorization
80        calls.  Return 0 on success or an errno on failure. */
81     int (*authcode_init)(unsigned char   *password,
82 			 ipmi_authdata_t *handle,
83 			 void            *info,
84 			 void            *(*mem_alloc)(void *info, int size),
85 			 void            (*mem_free)(void *info, void *data));
86 
87     /* Generate a 16-byte authorization code and put it into
88        "output". Returns 0 on success and an errno on failure.  */
89     int (*authcode_gen)(ipmi_authdata_t handle,
90 			ipmi_auth_sg_t  data[],
91 			void            *output);
92 
93     /* Check that the 16-byte authorization code given in "code" is valid.
94        This will return 0 if it is valid or EINVAL if not. */
95     int (*authcode_check)(ipmi_authdata_t handle,
96 			  ipmi_auth_sg_t  data[],
97 			  void            *code);
98 
99     /* Free the handle.  You MUST call this when you are done with the
100        handle. */
101     void (*authcode_cleanup)(ipmi_authdata_t handle);
102 } ipmi_auth_t;
103 
104 #define IPMI_USERNAME_MAX	16
105 #define IPMI_PASSWORD_MAX	20
106 
107 /* Standard IPMI authentication algorithms. */
108 #define IPMI_AUTHTYPE_DEFAULT	(~0) /* Choose the most secure available */
109 #define IPMI_AUTHTYPE_NONE	0
110 #define IPMI_AUTHTYPE_MD2	1
111 #define IPMI_AUTHTYPE_MD5	2
112 #define IPMI_AUTHTYPE_STRAIGHT	4
113 #define IPMI_AUTHTYPE_OEM	5
114 #define IPMI_AUTHTYPE_RMCP_PLUS	6
115 const char *ipmi_authtype_string(int authtype);
116 
117 /* This is a table of authentication algorithms. */
118 #define MAX_IPMI_AUTHS		6
119 extern ipmi_auth_t ipmi_auths[MAX_IPMI_AUTHS];
120 
121 /* IPMI privilege levels */
122 #define IPMI_PRIVILEGE_CALLBACK		1
123 #define IPMI_PRIVILEGE_USER		2
124 #define IPMI_PRIVILEGE_OPERATOR		3
125 #define IPMI_PRIVILEGE_ADMIN		4
126 #define IPMI_PRIVILEGE_OEM		5
127 const char *ipmi_privilege_string(int privilege);
128 
129 
130 /* Tell if a specific command is permitted for the given priviledge
131    level.  Returns one of the following. */
132 #define IPMI_PRIV_INVALID	-1
133 #define IPMI_PRIV_DENIED	0
134 #define IPMI_PRIV_PERMITTED	1
135 #define IPMI_PRIV_SEND		2 /* Special send message handling needed. */
136 #define IPMI_PRIV_BOOT		3 /* Special set system boot options handling.*/
137 
138 int ipmi_cmd_permitted(unsigned char priv,
139 		       unsigned char netfn,
140 		       unsigned char cmd);
141 
142 #ifdef __cplusplus
143 }
144 #endif
145 
146 #endif /* OPENIPMI_AUTH_H */
147