struct ipmi_config_section *
ipmi_config_core_lan_conf_security_keys_section_get (ipmi_config_state_data_t *state_data,
unsigned int config_flags,
int channel_index)
{
struct ipmi_config_section *section = NULL;
char *section_comment =
"If your system supports IPMI 2.0 and Serial-over-LAN (SOL), a "
"K_g BMC key may be configurable. The K_g key is an optional key that "
"can be set for two key authentication in IPMI 2.0. It is optionally "
"configured. Most users will want to set this to zero (or blank).";
char *section_name_base_str = "Lan_Conf_Security_Keys";
assert (state_data);
if (!(section = ipmi_config_section_multi_channel_create (state_data,
section_name_base_str,
section_comment,
NULL,
NULL,
config_flags,
channel_index,
state_data->lan_channel_numbers,
state_data->lan_channel_numbers_count)))
goto cleanup;
if (ipmi_config_section_add_key (state_data,
section,
"K_R",
"Give string or blank to clear. Max 20 chars",
0,
k_r_checkout,
k_r_commit,
k_r_validate) < 0)
goto cleanup;
if (ipmi_config_section_add_key (state_data,
section,
"K_G",
"Give string or blank to clear. Max 20 bytes, prefix with 0x to enter hex",
0,
k_g_checkout,
k_g_commit,
k_g_validate) < 0)
goto cleanup;
return (section);
cleanup:
if (section)
ipmi_config_section_destroy (section);
return (NULL);
}
struct ipmi_config_section *
ipmi_config_core_lan_channel_section_get (ipmi_config_state_data_t *state_data,
unsigned int config_flags,
int channel_index)
{
struct ipmi_config_section * section = NULL;
char *section_comment =
"In the Lan_Channel section, general IPMI over LAN can be enabled for "
"disabled. In the below, \"Volatile\" configurations are immediately "
"configured onto the BMC and will have immediate effect on the system. "
"\"Non_Volatile\" configurations are only available after the next "
"system reset. Generally, both the \"Volatile\" and \"Non_Volatile\" "
"equivalent fields should be configured identically."
"\n"
"To enable IPMI over LAN, typically \"Access_Mode\" "
"should be set to \"Always_Available\". "
"\"Channel_Privilege_Limit\" should be set to the highest privilege "
"level any username was configured with. Typically, this "
"is set to \"Administrator\"."
"\n"
"\"User_Level_Auth\" and \"Per_Message_Auth\" are typically set to "
"\"Yes\" for additional security.";
char *section_name_base_str = "Lan_Channel";
assert (state_data);
if (!(section = ipmi_config_section_multi_channel_create (state_data,
section_name_base_str,
section_comment,
NULL,
NULL,
config_flags,
channel_index,
state_data->lan_channel_numbers,
state_data->lan_channel_numbers_count)))
goto cleanup;
if (ipmi_config_core_channel_common_section_get (state_data,
section) < 0)
goto cleanup;
return (section);
cleanup:
if (section)
ipmi_config_section_destroy (section);
return (NULL);
}
struct ipmi_config_section *
ipmi_config_pef_community_string_section_get (ipmi_config_state_data_t *state_data,
unsigned int config_flags,
int channel_index)
{
struct ipmi_config_section *section = NULL;
char *section_name_base_str = "Community_String";
assert (state_data);
if (!(section = ipmi_config_section_multi_channel_create (state_data,
section_name_base_str,
NULL,
NULL,
NULL,
config_flags,
channel_index,
state_data->lan_channel_numbers,
state_data->lan_channel_numbers_count)))
goto cleanup;
if (ipmi_config_section_add_key (state_data,
section,
"Community_String",
"Give valid string",
0,
community_string_checkout,
community_string_commit,
community_string_validate) < 0)
goto cleanup;
return (section);
cleanup:
if (section)
ipmi_config_section_destroy (section);
return (NULL);
}
struct ipmi_config_section *
ipmi_config_core_lan_conf_user_security_section_get (ipmi_config_state_data_t *state_data,
unsigned int config_flags,
int channel_index)
{
struct ipmi_config_section *section = NULL;
char *section_comment =
"The following user security configuration options are optionally "
"implemented by the vendor. They may not be available your system and "
"may not be visible below."
"\n"
"The following configuration supports the ability for the BMC to "
"disable a user if a number of bad passwords are entered sequentially. "
"\"Bad_Password_Threshold\" determines the number of bad passwords that "
"must be entered sequentially. \"Attempt_Count_Reset_Interval\" determines "
"the range of time the bad passwords must occur in. \"User_Lockout_Interval\" "
"determines the time a user will be locked off if the bad password "
"threshold is reached. If set to \"Yes\", \"Enable_Event_Message_When_User_Disabled\" "
"will inform the BMC to log an event message when a user is disabled.";
char *section_name_base_str = "Lan_Conf_User_Security";
assert (state_data);
if (!(section = ipmi_config_section_multi_channel_create (state_data,
section_name_base_str,
section_comment,
NULL,
NULL,
config_flags,
channel_index,
state_data->lan_channel_numbers,
state_data->lan_channel_numbers_count)))
goto cleanup;
if (ipmi_config_section_add_key (state_data,
section,
"Bad_Password_Threshold",
"Possible values: 0-255, 0 indicates no limit",
0,
bad_password_threshold_checkout,
bad_password_threshold_commit,
number_range_one_byte_validate) < 0)
goto cleanup;
if (ipmi_config_section_add_key (state_data,
section,
"Attempt_Count_Reset_Interval",
"Possible values: 0-65535, in 10 second increments (e.g. 2 = 20 sec)\n"
" 0 indicates no interval (i.e. don't reset counter)",
0,
attempt_count_reset_interval_checkout,
attempt_count_reset_interval_commit,
number_range_two_bytes_validate) < 0)
goto cleanup;
if (ipmi_config_section_add_key (state_data,
section,
"User_Lockout_Interval",
"Possible values: 0-65535, in 10 second increments (e.g. 2 = 20 sec)\n"
" 0 indicates no interval (i.e. don't re-enable user)",
0,
user_lockout_interval_checkout,
user_lockout_interval_commit,
number_range_two_bytes_validate) < 0)
goto cleanup;
if (ipmi_config_section_add_key (state_data,
section,
"Enable_Event_Message_When_User_Disabled",
"Possible values: Yes/No",
0,
enable_event_message_when_user_disabled_checkout,
enable_event_message_when_user_disabled_commit,
yes_no_validate) < 0)
goto cleanup;
return (section);
cleanup:
if (section)
ipmi_config_section_destroy (section);
return (NULL);
}
struct ipmi_config_section *
ipmi_config_core_serial_conf_section_get (ipmi_config_state_data_t *state_data,
unsigned int config_flags,
int channel_index)
{
struct ipmi_config_section *section = NULL;
char *section_comment =
"In the Serial_Conf section, typical serial communication configuration "
"is setup. Most users will only be interested in IPMI over LAN, "
"therefore this section can generally be ignored.";
char *section_name_base_str = "Serial_Conf";
assert (state_data);
/*
* achu: section not checked out by default.
*/
if (!state_data->prog_data->args->verbose_count)
config_flags |= IPMI_CONFIG_DO_NOT_CHECKOUT;
if (!(section = ipmi_config_section_multi_channel_create (state_data,
section_name_base_str,
section_comment,
NULL,
NULL,
config_flags,
channel_index,
state_data->serial_channel_numbers,
state_data->serial_channel_numbers_count)))
goto cleanup;
if (ipmi_config_section_add_key (state_data,
section,
"Enable_Basic_Mode",
"Possible values: Yes/No",
0,
enable_basic_mode_checkout,
enable_basic_mode_commit,
yes_no_validate) < 0)
goto cleanup;
if (ipmi_config_section_add_key (state_data,
section,
"Enable_PPP_Mode",
"Possible values: Yes/No",
0,
enable_ppp_mode_checkout,
enable_ppp_mode_commit,
yes_no_validate) < 0)
goto cleanup;
if (ipmi_config_section_add_key (state_data,
section,
"Enable_Terminal_Mode",
"Possible values: Yes/No",
0,
enable_terminal_mode_checkout,
enable_terminal_mode_commit,
yes_no_validate) < 0)
goto cleanup;
if (ipmi_config_section_add_key (state_data,
section,
"Connect_Mode",
"Possible values: Modem_Connect/Direct_Connect",
0,
connect_mode_checkout,
connect_mode_commit,
connect_mode_number_validate) < 0)
goto cleanup;
if (ipmi_config_section_add_key (state_data,
section,
"Page_Blackout_Interval",
"Give a valid number",
0,
page_blackout_interval_checkout,
page_blackout_interval_commit,
number_range_one_byte_validate) < 0)
goto cleanup;
if (ipmi_config_section_add_key (state_data,
section,
"Call_Retry_Interval",
"Give a valid number",
0,
call_retry_interval_checkout,
call_retry_interval_commit,
number_range_one_byte_validate) < 0)
goto cleanup;
/* achu: For backwards compatability to ipmi-config in 0.2.0 */
if (ipmi_config_section_add_key (state_data,
section,
"Call_Retry_Time",
"Give a valid number",
IPMI_CONFIG_DO_NOT_CHECKOUT,
call_retry_interval_checkout,
call_retry_interval_commit,
number_range_one_byte_validate) < 0)
goto cleanup;
if (ipmi_config_section_add_key (state_data,
section,
"Enable_DTR_Hangup",
"Possible values: Yes/No",
0,
enable_dtr_hangup_checkout,
enable_dtr_hangup_commit,
yes_no_validate) < 0)
goto cleanup;
if (ipmi_config_section_add_key (state_data,
section,
"Flow_Control",
"Possible values: No_Flow_Control/RTS_CTS/XON_XOFF",
0,
flow_control_checkout,
flow_control_commit,
flow_control_number_validate) < 0)
goto cleanup;
if (ipmi_config_section_add_key (state_data,
section,
"Bit_Rate",
"Possible values: 9600/19200/38400/57600/115200",
0,
bit_rate_checkout,
bit_rate_commit,
bit_rate_number_validate) < 0)
goto cleanup;
return (section);
cleanup:
if (section)
ipmi_config_section_destroy (section);
return (NULL);
}
