# Copyright 2013 IBM Corporation # Copyright 2015-2017 Lenovo # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. """This represents the low layer message framing portion of IPMI""" import collections import hashlib import hmac import operator import os import random import select import socket import struct #import threading import asyncio from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.ciphers import algorithms from cryptography.hazmat.primitives.ciphers import Cipher from cryptography.hazmat.primitives.ciphers import modes import aiohmi.exceptions as exc from aiohmi.ipmi.private import constants from aiohmi.ipmi.private import util from aiohmi.ipmi.private.util import _monotonic_time from aiohmi.ipmi.private.util import get_ipmi_error KEEPALIVE_SESSIONS = asyncio.Lock() WAITING_SESSIONS = asyncio.Lock() try: dict.iteritems def dictitems(d): return d.iteritems() except AttributeError: def dictitems(d): return d.items() # minimum timeout for first packet to retry in any given # session. This will be randomized to stagger out retries # in case of congestion initialtimeout = 0.5 # the thread in which all IO will be performed, so that # calling code doesn't have to manage threading directly iothread = None # whether io thread is yet ready to work iothreadready = False # threads waiting for iothreadready iothreadwaiters = [] ioqueue = collections.deque([]) myself = None ipv6support = None selectdeadline = 0 running = True # set of iosockets that will be shared amongst Session objects iosockets = [] # no more than this many BMCs will share a socket # this could be adjusted based on rmem_max # value, leading to fewer filehandles MAX_BMCS_PER_SOCKET = 64 # maximum time to allow idle, more than this and BMC may assume MAX_IDLE = 29 # incorrect idle def unmatched(response, netfn, cmd): if not response: return True return response['command'] != cmd or response['netfn'] != netfn sockwatching = True async def terminate(): global sockwatching await Session._cleanup() sockwatching = False iosockets[0].sendto( b'\x01', (myself, iosockets[0].getsockname()[1])) def sock_completion(cloop, currsock, fut): cloop.remove_reader(currsock) fut.set_result(None) async def watchsockets(): global sockwatching sockwatching = True global iothreadready global selectdeadline iowaiters = [] directediowaiters = {} timeout = 300 iothreadready = True while iothreadwaiters: waiter = iothreadwaiters.pop() waiter.set() while sockwatching: if timeout < 0: timeout = 0 selectdeadline = _monotonic_time() + timeout currfutures = [] for currsock in iosockets: currfut = asyncio.Future() asyncio.get_running_loop().add_reader(currsock, sock_completion, asyncio.get_running_loop(), currsock, currfut) currfutures.append(currfut) #select.select(iosockets, (), (), timeout) done, futures = await asyncio.wait(currfutures, timeout=timeout, return_when=asyncio.FIRST_COMPLETED) for currfut in done: await currfut # pessimistically move out the deadline # doing it this early (before ioqueue is evaluated) # this avoids other threads making a bad assumption # about not having to break into the select selectdeadline = _monotonic_time() + 300 timeout = 300 sockaddrs = _io_graball(iosockets, directediowaiters) for w in iowaiters: w[1].set() iowaiters = [] for d in list(directediowaiters): # these are the existing waiters that didn't get # satisfied last graball, allow them to set a new # deadline if they still have time waiting, or # if they have expired, wake them now to let them # process their timeout rightnow = _monotonic_time() for idx, w in reversed(list( enumerate(directediowaiters[d]))): ltimeout = w[0] - rightnow if ltimeout < 0: w[1].set() # time is up, wake the caller del directediowaiters[d][idx] elif ltimeout < timeout: timeout = ltimeout if not directediowaiters[d]: del directediowaiters[d] while ioqueue: workitem = ioqueue.popleft() # order: function, args, list to append to , event to set if workitem[2] is None and sockaddrs: workitem[1].set() elif workitem[2] in sockaddrs: workitem[1].set() else: ltimeout = workitem[0] - _monotonic_time() if ltimeout < timeout: timeout = ltimeout if workitem[2] is None: iowaiters.append(workitem) else: if workitem[2] in directediowaiters: directediowaiters[workitem[2]].append(workitem) else: directediowaiters[workitem[2]] = [workitem] sessionqueue = collections.deque([]) async def _io_wait(timeout, myaddr=None, evq=None): evt = asyncio.Event() if evq is not None: evq.append(evt) deadline = timeout + _monotonic_time() ioqueue.append((deadline, evt, myaddr)) if deadline < selectdeadline: iosockets[0].sendto(b'\x01', (myself, iosockets[0].getsockname()[1])) await evt.wait() def _io_sendto(mysocket, packet, sockaddr): mysocket.setblocking(1) try: mysocket.sendto(packet, sockaddr) except Exception: pass def _io_graball(mysockets, iowaiters): sockaddrs = [] for mysocket in mysockets: while True: rdata = _io_recvfrom(mysocket, 3000) if rdata is None: break # If the payload is shorter than 4 bytes, it cannot # be a useful packet. Skip it entirely. # This applies to the packet sent to self to break # into the select if len(rdata[0]) < 4: continue myport = mysocket.getsockname()[1] rdata = rdata + (mysocket,) relsession = None if (rdata[1] in Session.bmc_handlers and myport in Session.bmc_handlers[rdata[1]]): # session data rdata = rdata + (True,) relsession = Session.bmc_handlers[rdata[1]][myport] elif rdata[2] in Session.bmc_handlers: # aiohmi is the bmc, and we have sessionless data rdata = rdata + (False,) relsession = Session.bmc_handlers[rdata[2]][0] if relsession is not None: relsession.pktqueue.append(rdata) sessionqueue.append(relsession) if rdata[1] in iowaiters: for w in iowaiters[rdata[1]]: w[1].set() del iowaiters[rdata[1]] sockaddrs.append(rdata[1]) return sockaddrs def _io_recvfrom(mysocket, size): mysocket.setblocking(0) try: return mysocket.recvfrom(size) except socket.error: return None try: IPPROTO_IPV6 = socket.IPPROTO_IPV6 except AttributeError: IPPROTO_IPV6 = 41 # This is the Win32 version of IPPROTO_IPV6, the only # platform where python *doesn't* have this in socket that aiohmi is # targetting. async def _poller(timeout=0): if sessionqueue: return True await _io_wait(timeout) return sessionqueue def _aespad(data): """ipmi demands a certain pad scheme, per table 13-20 AES-CBC encrypted payload fields. """ currlen = len(data) + 1 # need to count the pad length field as well neededpad = currlen % 16 if neededpad: # if it happens to be zero, hurray, but otherwise invert the # sense of the padding neededpad = 16 - neededpad padval = 1 pad = bytearray(neededpad) while padval <= neededpad: pad[padval - 1] = padval padval += 1 pad.append(neededpad) return pad def _checksum(*data): # Two's complement over the data csum = sum(data) csum ^= 0xff csum += 1 csum &= 0xff return csum class Session(object): """A class to manage common IPMI session logistics Almost all developers should not worry about this class and instead be looking toward ipmi.Command and ipmi.Console. For those that do have to worry, the main interesting thing is that the event loop can go one of two ways. Either a larger manager can query using class methods the soonest timeout deadline and the filehandles to poll and assume responsibility for the polling, or it can register filehandles to be watched. This is primarily of interest to Console class, which may have an input filehandle to watch and can pass it to Session. :param bmc: hostname or ip address of the BMC :param userid: username to use to connect :param password: password to connect to the BMC :param kg: optional parameter if BMC requires Kg be set :param port: UDP port to communicate with, pretty much always 623 :param onlogon: callback to receive notification of login completion """ bmc_handlers = {} waiting_sessions = {} initting_sessions = {} keepalive_sessions = {} peeraddr_to_nodes = {} iterwaiters = [] # NOTE(jbjohnso): # socketpool is a mapping of sockets to usage count socketpool = {} # this will be a lock. Delay the assignment so that a calling framework # can do something like reassign our threading and select modules socketchecking = None # Maintain single Cryptography backend for all IPMI sessions (seems to be # thread-safe) _crypto_backend = default_backend() @classmethod async def _cleanup(cls): for sesskey in list(cls.bmc_handlers): for portent in list(cls.bmc_handlers[sesskey]): session = cls.bmc_handlers[sesskey][portent] session.cleaningup = True await session.logout(False) @classmethod async def _assignsocket(cls, server=None, forbiddensockets=()): global iothread global iothreadready global iosockets global ipv6support global myself # seek for the least used socket. As sessions close, they may free # up slots in seemingly 'full' sockets. This scheme allows those # slots to be recycled sorted_candidates = None if server is None: sorted_candidates = sorted(dictitems(cls.socketpool), key=operator.itemgetter(1)) if sorted_candidates is None: sorted_candidates = [] for candidate in sorted_candidates: if candidate[1] >= MAX_BMCS_PER_SOCKET: break if candidate[0] in forbiddensockets: continue cls.socketpool[candidate[0]] += 1 return candidate[0] # we need a new socket if server: # Regardless of whether ipv6 is supported or not, we # must try to honor the address format of the given # server, rather than trying to create an automatic one tmpsocket = socket.socket(server[0], socket.SOCK_DGRAM) if server[0] == socket.AF_INET6: tmpsocket.setsockopt(IPPROTO_IPV6, socket.IPV6_V6ONLY, 0) elif ipv6support: tmpsocket = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM) tmpsocket.setsockopt(IPPROTO_IPV6, socket.IPV6_V6ONLY, 0) elif ipv6support is None: # we need to determine ipv6 support now try: tmpsocket = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM) tmpsocket.setsockopt(IPPROTO_IPV6, socket.IPV6_V6ONLY, 0) ipv6support = True except socket.error: ipv6support = False myself = '127.0.0.1' tmpsocket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) else: tmpsocket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) try: tmpsocket.setsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF, 16777216) except Exception: pass if server is None: # Rather than wait until send() to bind, bind now so that we have # a port number allocated no matter what tmpsocket.bind(('', 0)) cls.socketpool[tmpsocket] = 1 else: tmpsocket.bind(server[4]) iosockets.append(tmpsocket) if myself is None: # we have confirmed kernel IPv6 support, but ::1 may still not # be there try: iosockets[0].sendto( b'\x01', ('::1', iosockets[0].getsockname()[1])) myself = '::1' except socket.error: # AF_INET6, but no '::1', try the AF_INET6 version of 127 myself = '::ffff:127.0.0.1' if iothread is None: initevt = asyncio.Event() iothreadwaiters.append(initevt) iothread = asyncio.get_running_loop().create_task(watchsockets()) await initevt.wait() elif not iothreadready: initevt = asyncio.Event() iothreadwaiters.append(initevt) await initevt.wait() return tmpsocket def _sync_login(self, response): """Handle synchronous callers in lieu of a client-provided callback""" # Be a stub, the __init__ will catch and respond to ensure response # is given in the same thread as was called return @classmethod async def _is_session_valid(cls, session): await KEEPALIVE_SESSIONS.acquire() try: sess = cls.keepalive_sessions.get(session, None) if sess is not None and 'timeout' in sess: if sess['timeout'] < _monotonic_time() - 15: # session would have timed out by now, don't use it return False finally: KEEPALIVE_SESSIONS.release() return not session.broken async def __new__(cls, bmc, userid, password, port=623, kg=None, privlevel=None, keepalive=True): trueself = None forbidsock = [] for res in socket.getaddrinfo(bmc, port, 0, socket.SOCK_DGRAM): sockaddr = res[4] if ipv6support and res[0] == socket.AF_INET: # convert the sockaddr to AF_INET6 newhost = '::ffff:' + sockaddr[0] sockaddr = (newhost, sockaddr[1], 0, 0) if sockaddr in cls.bmc_handlers: for portself in list(dictitems(cls.bmc_handlers[sockaddr])): self = portself[1] if not ((self.logged or self.logging) and await cls._is_session_valid(self)): # we have encountered a leftover broken session del cls.bmc_handlers[sockaddr][portself[0]] continue if (self.bmc == bmc and self.userid == userid and self.password == password and self.kgo == kg): trueself = self break # ok, the candidate seems to be working, but does not match # will need to allow creation of a new session, but # must forbid use of this socket so that the socket # share routing code does not get confused. # in principle, should be able to distinguish by session # id, however it's easier this way forbidsock.append(self.socket) if trueself: return trueself i = cls.initting_sessions.get( (bmc, userid, password, port, kg), False) if i: i.initialized = True i.logging = True return i self = super().__new__(cls) self.forbidsock = forbidsock await self.__init__( bmc, userid, password, port, kg, privlevel, keepalive) cls.initting_sessions[(bmc, userid, password, port, kg)] = self return self async def __init__(self, bmc, userid, password, port=623, kg=None, privlevel=None, keepalive=True): if hasattr(self, 'initialized'): # new found an existing session, do not corrupt it while self.logging and not self.broken: await Session.wait_for_rsp() self.awaitingresponse = False self.lastresponse = None self.atomicop = asyncio.Lock() self.broken = False self.socket = None self.logged = 0 if privlevel is not None: self.privlevel = privlevel self.autopriv = False else: self.privlevel = 4 self.autopriv = True self.onlogpayload = None self.onlogpayloadtype = None self.logoutexpiry = None self.autokeepalive = keepalive self.maxtimeout = 2 # be aggressive about giving up on initial packet self.incommand = False self.nameonly = 16 # default to name only lookups in RAKP exchange self.servermode = False self.initialized = True self.cleaningup = False self.lastpayload = None self._customkeepalives = None # queue of events denoting line to run a cmd self.evq = collections.deque([]) self.bmc = bmc # a private queue for packets for which this session handler # is destined to receive self.pktqueue = collections.deque([]) try: self.userid = userid.encode('utf-8') self.password = password.encode('utf-8') except AttributeError: self.userid = userid self.password = password self.nowait = False self.pendingpayloads = collections.deque([]) self.request_entry = [] self.kgo = kg if kg is not None: try: kg = kg.encode('utf-8') except AttributeError: pass self.kg = kg else: self.kg = self.password self.port = port self.async_ = False self.logonwaiters = [self._sync_login] if self.__class__.socketchecking is None: self.__class__.socketchecking = asyncio.Lock() await self.socketchecking.acquire() try: self.socket = await self._assignsocket(forbiddensockets=self.forbidsock) finally: self.socketchecking.release() await self.login() if not self.async_: while self.logging and not self.broken: await Session.wait_for_rsp() if self.broken: raise exc.IpmiException(self.errormsg) async def _mark_broken(self, error=None): # since our connection has failed retries # deregister our keepalive facility self.lastpayload = None self.onlogpayload = None await KEEPALIVE_SESSIONS.acquire() try: Session.keepalive_sessions.pop(self, None) finally: KEEPALIVE_SESSIONS.release() await WAITING_SESSIONS.acquire() try: Session.waiting_sessions.pop(self, None) finally: WAITING_SESSIONS.release() try: del Session.initting_sessions[(self.bmc, self.userid, self.password, self.port, self.kgo)] except KeyError: pass await self.logout(False) # self.logging = False self.errormsg = error if not self.broken: self.broken = True if self.socket: self.socketpool[self.socket] -= 1 while self.logonwaiters: waiter = self.logonwaiters.pop() try: waiter({'error': 'Session failed to initialize'}) except Exception: pass async def onlogon(self, parameter): if 'error' in parameter: while self.logonwaiters: waiter = self.logonwaiters.pop() waiter(parameter) await self._mark_broken(parameter['error']) elif self.onlogpayload: await self._cmdwait() payload = self.onlogpayload payload_type = self.onlogpayloadtype self.incommand = _monotonic_time() + self._getmaxtimeout() self.onlogpayload = None await self.send_payload(payload, payload_type) while self.logonwaiters: waiter = self.logonwaiters.pop() waiter(parameter) def _initsession(self): # NOTE(jbjohnso): this number can be whatever we want. # I picked 'xCAT' minus 1 so that a hexdump of packet # would show xCAT self.localsid = 2017673555 self.remseqnumber = None self.confalgo = 0 self.aeskey = None self.integrityalgo = 0 self.attemptedhash = 256 self.currhashlib = None self.currhashlen = 0 self.k1 = None self.rmcptag = 1 self.lastpayload = None self.ipmicallback = None self.sessioncontext = None self.sequencenumber = 0 self.sessionid = 0 self.authtype = 0 self.ipmiversion = 1.5 self.timeout = initialtimeout + (0.5 * random.random()) self.logoutexpiry = _monotonic_time() + self._getmaxtimeout() self.rqlun = 0 self.seqlun = 0 # NOTE(jbjohnso): per IPMI table 5-4, software ids in the ipmi spec may # be 0x81 through 0x8d. We'll stick with 0x81 for now, # do not forsee a reason to adjust self.rqaddr = 0x81 self.logging = True self.logged = 0 # NOTE(jbjohnso): when we confirm a working sockaddr, put it here to # skip getaddrinfo self.sockaddr = None # NOTE(jbjohnso): this tracks netfn,command,seqlun combinations that # were retried so that we don't loop around and reuse # the same request data and cause potential ambiguity # in return self.tabooseq = {} # NOTE(jbjohnso): default to supporting ipmi 2.0. Strictly by spec, # this should gracefully be backwards compat, but some # 1.5 implementations checked reserved bits self.ipmi15only = 0 self.sol_handler = None # NOTE(jbjohnso): This is the callback handler for any SOL payload def _make_bridge_request_msg(self, channel, netfn, command): """This function generate message for bridge request. It is a part of ipmi payload. """ # NOTE(puwen): need to pay attention for this function because the # structure does not seem to match the specifications. head = bytearray((constants.IPMI_BMC_ADDRESS, constants.netfn_codes['application'] << 2)) check_sum = _checksum(*head) # NOTE(fengqian): according IPMI Figure 14-11, rqSWID is set to 81h boday = bytearray((0x81, (self.seqlun << 2) | self.rqlun, constants.IPMI_SEND_MESSAGE_CMD, 0x40 | channel)) # NOTE(fengqian): Track request self._add_request_entry((constants.netfn_codes['application'] + 1, self.seqlun, constants.IPMI_SEND_MESSAGE_CMD)) return head + bytearray((check_sum,)) + boday def _add_request_entry(self, entry=()): """This function record the request with netfn, sequence number and command, which will be used in parse_ipmi_payload. :param entry: a set of netfn, sequence number and command. """ if not self._lookup_request_entry(entry): self.request_entry.append(entry) def _lookup_request_entry(self, entry=()): return entry in self.request_entry def _remove_request_entry(self, entry=()): if self._lookup_request_entry(entry): self.request_entry.remove(entry) def _make_ipmi_payload(self, netfn, command, bridge_request=None, data=(), rslun=0): """This function generates the core ipmi payload that would be applicable for any channel (including KCS) """ bridge_msg = [] self.expectedcmd = command # in ipmi, the response netfn is always one self.expectednetfn = netfn + 1 # higher than the request payload, we assume # we are always the requestor for now seqincrement = 7 # IPMI spec forbids gaps bigger then 7 in seq number. # Risk the taboo rather than violate the rules while (not self.servermode and (netfn, command, self.seqlun) in self.tabooseq and self.tabooseq[(netfn, command, self.seqlun)] and seqincrement): self.tabooseq[(self.expectednetfn, command, self.seqlun)] -= 1 # Allow taboo to eventually expire after a few rounds self.seqlun += 1 # the last two bits are lun, so add 4 to add 1 self.seqlun &= 0x3f # we only have one byte, wrap when exceeded seqincrement -= 1 if bridge_request: addr = bridge_request.get('addr', 0x0) channel = bridge_request.get('channel', 0x0) bridge_msg = self._make_bridge_request_msg(channel, netfn, command) # NOTE(fengqian): For bridge request, rsaddr is specified and # rqaddr is BMC address. rqaddr = constants.IPMI_BMC_ADDRESS rsaddr = addr else: rqaddr = self.rqaddr rsaddr = constants.IPMI_BMC_ADDRESS if self.servermode: rsaddr = self.clientaddr # figure 13-4, first two bytes are rsaddr and # netfn, for non-bridge request, rsaddr is always 0x20 since we are # addressing BMC while rsaddr is specified forbridge request header = bytearray((rsaddr, (netfn << 2) | rslun)) reqbody = bytearray( (rqaddr, (self.seqlun << 2) | self.rqlun, command)) + data headsum = bytearray((_checksum(*header),)) bodysum = bytearray((_checksum(*reqbody),)) payload = header + headsum + reqbody + bodysum if bridge_request: payload = bridge_msg + payload # NOTE(fengqian): For bridge request, another check sum is needed. tail_csum = _checksum(*payload[3:]) payload.append(tail_csum) if not self.servermode: self._add_request_entry((self.expectednetfn, self.seqlun, command)) return payload async def _generic_callback(self, response): errorstr = get_ipmi_error(response) if errorstr: response['error'] = errorstr self.lastresponse = response def _isincommand(self): if self.incommand: stillin = self.incommand - _monotonic_time() if stillin > 0: return stillin else: self.lastpayload = None return 0 def _getmaxtimeout(self): cumulativetime = 0 incrementtime = self.timeout while incrementtime < self.maxtimeout: cumulativetime += incrementtime incrementtime += 1 return (cumulativetime + 1) * (self.logontries + 1) async def _cmdwait(self): while self._isincommand(): await _io_wait(self._isincommand(), self.sockaddr, self.evq) async def awaitresponse(self, retry, netfn, command): self.awaitingresponse = True try: alltimeout = _monotonic_time() + (self._getmaxtimeout() * 2) while (retry and unmatched(self.lastresponse, netfn, command) and (self.logging or self.logged or self.onlogpayload)): timeout = self.expiration - _monotonic_time() await _io_wait(timeout, self.sockaddr) while self.iterwaiters: waiter = self.iterwaiters.pop() waiter({'success': True}) await self.process_pktqueue() if _monotonic_time() > alltimeout: await self._mark_broken() raise exc.IpmiException('Session no longer connected') await WAITING_SESSIONS.acquire() try: if (self in self.waiting_sessions and self.expiration < _monotonic_time()): self.waiting_sessions.pop(self, None) if not self.lastpayload and not self.logging: return finally: WAITING_SESSIONS.release() await self._timedout() finally: self.awaitingresponse = False async def raw_command(self, netfn, command, bridge_request=None, data=(), retry=True, timeout=None, callback=None, rslun=0): if self.logging and not self.logged and self.logoutexpiry is None: self.logoutexpiry = _monotonic_time() + self._getmaxtimeout() while (self.logging and not self.logged and _monotonic_time() < self.logoutexpiry): await self.pause(1) if not self.logged: if (self.logoutexpiry is not None and _monotonic_time() > self.logoutexpiry): await self._mark_broken() raise exc.IpmiException('Session no longer connected') await self.atomicop.acquire() try: await self._cmdwait() if not self.logged: raise exc.IpmiException('Session no longer connected') self.incommand = _monotonic_time() + self._getmaxtimeout() finally: self.atomicop.release() self.lastresponse = None if callback is None: self.ipmicallback = self._generic_callback else: self.ipmicallback = callback await self._send_ipmi_net_payload(netfn, command, data, bridge_request=bridge_request, retry=retry, timeout=timeout, rslun=rslun) if retry: # in retry case, let the retry timers indicate wait time timeout = None else: # if not retry, give it a second before surrending timeout = 1 if callback: # caller *must* clean up self.incommand and self.evq return # The event loop is shared amongst aiohmi session instances # within a process. In this way, synchronous usage of the interface # plays well with asynchronous use. In fact, this produces the # behavior of only the constructor needing a callback. From then on, # synchronous usage of the class acts in a coroutine style governed # by order of data on the network await self.awaitresponse(retry, netfn + 1, command) lastresponse = self.lastresponse self.lastresponse = None self.incommand = False while self.evq: self.evq.popleft().set() if retry and lastresponse is None: raise exc.IpmiException('Session no longer connected') return lastresponse async def _send_ipmi_net_payload(self, netfn=None, command=None, data=(), code=0, bridge_request=None, retry=None, timeout=None, rslun=0): if retry is None: retry = not self.servermode if self.servermode: data = bytearray((code,)) + bytearray(data) if netfn is None: netfn = self.clientnetfn if command is None: command = self.clientcommand else: data = bytearray(data) ipmipayload = self._make_ipmi_payload(netfn, command, bridge_request, data, rslun) payload_type = constants.payload_types['ipmi'] await self.send_payload(payload=ipmipayload, payload_type=payload_type, retry=retry, timeout=timeout) async def send_payload(self, payload=(), payload_type=None, retry=True, needskeepalive=False, timeout=None): """Send payload over the IPMI Session :param needskeepalive: If the payload is expected not to count as 'active' by the BMC, set this to True to avoid Session considering the job done because of this payload. Notably, 0-length SOL packets are prone to confusion. :param timeout: Specify a custom timeout for long-running request """ if payload and self.lastpayload: # we already have a packet outgoing, make this # a pending payload # this way a simplistic BMC won't get confused # and we also avoid having to do more complicated # retry mechanism where each payload is # retried separately self.pendingpayloads.append((payload, payload_type, retry)) return if payload_type is None: payload_type = self.last_payload_type if not payload: payload = self.lastpayload message = bytearray(b'\x06\x00\xff\x07') # constant IPMI RMCP header if retry: self.lastpayload = payload self.last_payload_type = payload_type if not isinstance(payload, bytearray): payload = bytearray(payload) message.append(self.authtype) baretype = payload_type if self.integrityalgo: payload_type |= 0b01000000 if self.confalgo: payload_type |= 0b10000000 if self.ipmiversion == 2.0: message.append(payload_type) if baretype == 2: # TODO(jbjohnso): OEM payload types raise NotImplementedError("OEM Payloads") elif baretype not in constants.payload_types.values(): raise NotImplementedError( "Unrecognized payload type %d" % baretype) message += struct.pack("> 8) iv = os.urandom(16) message += iv payloadtocrypt = bytes(payload + _aespad(payload)) crypter = Cipher( algorithm=algorithms.AES(self.aeskey), mode=modes.CBC(iv), backend=self._crypto_backend ) encryptor = crypter.encryptor() message += encryptor.update(payloadtocrypt ) + encryptor.finalize() else: # no confidetiality algorithm message.append(psize & 0xff) message.append(psize >> 8) message += payload if self.integrityalgo: # see table 13-8, # RMCP+ packet format # TODO(jbjohnso): SHA256 which is now # allowed neededpad = (len(message) - 2) % 4 if neededpad: neededpad = 4 - neededpad message += b'\xff' * neededpad message.append(neededpad) message.append(7) # reserved, 7 is the required value for the # specification followed message += hmac.new( self.k1, bytes(message[4:]), self.currhashlib).digest()[:self.currhashlen] # per RFC2404 truncates to 96 bits self.netpacket = message # advance idle timer since we don't need keepalive while sending # packets out naturally await KEEPALIVE_SESSIONS.acquire() try: if (self in Session.keepalive_sessions and not needskeepalive and not self._customkeepalives): Session.keepalive_sessions[self]['timeout'] = \ _monotonic_time() + MAX_IDLE - (random.random() * 4.9) await self._xmit_packet(retry, timeout=timeout) finally: KEEPALIVE_SESSIONS.release() def _ipmi15authcode(self, payload, checkremotecode=False): # checkremotecode is used to verify remote code, # otherwise this function is used to general authcode for local if self.authtype == 0: # Only for things before auth in ipmi 1.5, not # like 2.0 cipher suite 0 return () password = self.password padneeded = 16 - len(password) if padneeded < 0: raise exc.IpmiException("Password is too long for ipmi 1.5") password += '\x00' * padneeded if checkremotecode: seqbytes = struct.pack(" 16: raise exc.IpmiException( "Username too long for IPMI, must not exceed 16") padneeded = 16 - len(self.userid) userid = self.userid + ('\x00' * padneeded) reqdata += userid self.ipmicallback = self._got_session_challenge await self._send_ipmi_net_payload(netfn=0x6, command=0x39, data=reqdata) async def _open_rmcpplus_request(self): self.authtype = 6 # have unique local session ids to ignore aborted # login attempts from the past self.localsid += 1 self.rmcptag += 1 data = bytearray([ self.rmcptag, 0, # request as much privilege as the channel will give us 0, 0, # reserved ]) data += struct.pack(" 0: (nextpayload, nextpayloadtype, retry) = \ self.pendingpayloads.popleft() await self.send_payload(payload=nextpayload, payload_type=nextpayloadtype, retry=retry) if self.sol_handler: await self.sol_handler(payload) async def _got_rmcp_response(self, data): # see RMCP+ open session response table if not (self.sessioncontext and self.sessioncontext != "ESTABLISHED"): return -9 # ignore payload as we are not in a state valid it if data[0] != self.rmcptag: return -9 # use rmcp tag to track and reject stale responses if data[1] != 0: # response code... if self.attemptedhash == 256: self.attemptedhash = 1 await self._open_rmcpplus_request() return if data[1] in constants.rmcp_codes: errstr = constants.rmcp_codes[data[1]] else: errstr = "Unrecognized RMCP code %d" % data[1] self.onlogon({'error': errstr}) return -9 self.allowedpriv = data[2] # NOTE(jbjohnso): At this point, the BMC has no idea about what user # shall be used. As such, the allowedpriv field is actually # not particularly useful. got_rakp2 is a good place to # gracefully detect and downgrade privilege for retry localsid = struct.unpack("> 2 self.clientaddr = payload[3] self.clientnetfn = (payload[1] >> 2) + 1 self.rqlun = payload[4] & 0b11 self.clientcommand = payload[5] await self._parse_payload(payload) return # payload[4] is rqSeq + rsLUN, we only need the rqSeq entry = (payload[1] >> 2, payload[4] >> 2, payload[5]) if self._lookup_request_entry(entry): self._remove_request_entry(entry) # NOTE(fengqian): for bridge request, we need to handle the # response twice. First response shows if message send correctly, # second response is the real response. # If the message is send crrectly, we will discard the first # response or else error message will be parsed and return. if ((entry[0] in [0x06, 0x07]) and (entry[2] == 0x34) and (payload[-2] == 0x0)): return -1 else: await self._parse_payload(payload) # NOTE(fengqian): recheck if the certain entry is removed in # case that bridge request failed. if self.request_entry: self._remove_request_entry((self.expectednetfn, self.seqlun, self.expectedcmd)) else: # payload is not a match for our last packet # it is also not a bridge request. return -1 async def _parse_payload(self, payload): if hasattr(self, 'hasretried') and self.hasretried: self.hasretried = 0 # try to skip it for at most 16 cycles of overflow self.tabooseq[ (self.expectednetfn, self.expectedcmd, self.seqlun)] = 16 # We want to now remember that we do not have an expected packet # bigger than one byte means it can never match the one byte value # by mistake self.expectednetfn = 0x1ff self.expectedcmd = 0x1ff if not self.servermode: self.seqlun += 1 # prepare seqlun for next transmit self.seqlun &= 0x3f # when overflowing, wrap around await WAITING_SESSIONS.acquire() try: Session.waiting_sessions.pop(self, None) finally: WAITING_SESSIONS.release() # render retry mechanism utterly incapable of # doing anything, though it shouldn't matter self.lastpayload = None self.last_payload_type = None response = {'netfn': payload[1] >> 2} # ^^ remove header of rsaddr/netfn/lun/checksum/rq/seq/lun del payload[0:5] # remove the trailing checksum del payload[-1] response['command'] = payload[0] if self.servermode: del payload[0:1] response['data'] = payload else: response['code'] = payload[1] del payload[0:2] response['data'] = payload self.timeout = initialtimeout + (0.5 * random.random()) if not self.servermode and len(self.pendingpayloads) > 0: (nextpayload, nextpayloadtype, retry) = \ self.pendingpayloads.popleft() await self.send_payload(payload=nextpayload, payload_type=nextpayloadtype, retry=retry) if self.ipmicallback: rsp = self.ipmicallback(response) if rsp: await rsp async def _timedout(self): if not self.lastpayload: return self.nowait = True self.timeout += 1 if self.timeout > self.maxtimeout: if self.logontries <= 0: response = {'error': 'timeout', 'code': 0xffff} if self.ipmicallback: await self.ipmicallback(response) self.nowait = False await self._mark_broken() return else: self.maxtimeout = 2 if self.sessioncontext == 'ESTABLISHED': self.onlogpayload = self.lastpayload self.onlogpayloadtype = self.last_payload_type self.maxtimeout = 6 await self._relog() return elif self.sessioncontext == 'FAILED': self.lastpayload = None self.onlogpayload = None self.nowait = False return if self.sessioncontext == 'OPENSESSION': # In this case, we want to craft a new session request to have # unambiguous session id regardless of how packet was dropped or # delayed in this case, it's safe to just redo the request self.lastpayload = None await self._open_rmcpplus_request() elif (self.sessioncontext == 'EXPECTINGRAKP2' or self.sessioncontext == 'EXPECTINGRAKP4'): # If we can't be sure which RAKP was dropped or if RAKP3/4 was just # delayed, the most reliable thing to do is rewind and start over # bmcs do not take kindly to receiving RAKP1 or RAKP3 twice. # Only do this while we still have login attempts budgeted; # otherwise each lost RAKP would spawn a fresh RAKP1 forever # (_relog resets self.timeout, so the timeout budget above never # trips during the RAKP phase). if self.logontries > 0: await self._relog() else: response = {'error': 'timeout', 'code': 0xffff} if self.ipmicallback: await self.ipmicallback(response) self.nowait = False await self._mark_broken() return else: # in IPMI case, the only recourse is to act as if the packet is # idempotent. SOL has more sophisticated retry handling # the biggest risks are reset sp which is often fruitless to retry # and chassis reset, which sometimes will shoot itself # systematically in the head in a shared port case making replies # impossible self.hasretried = 1 # remember so that we can track taboo # combinations # of sequence number, netfn, and lun due to # ambiguity on the wire await self.send_payload() self.nowait = False async def _xmit_packet(self, retry=True, timeout=None): if self.sequencenumber: # seq number of zero will be left alone, it is # special, otherwise increment self.sequencenumber += 1 if self.sockaddr: _io_sendto(self.socket, self.netpacket, self.sockaddr) else: # he have not yet picked a working sockaddr for this connection, # try all the candidates that getaddrinfo provides self.allsockaddrs = [] myport = self.socket.getsockname()[1] try: for res in socket.getaddrinfo(self.bmc, self.port, 0, socket.SOCK_DGRAM): sockaddr = res[4] if ipv6support and res[0] == socket.AF_INET: # convert the sockaddr to AF_INET6 newhost = '::ffff:' + sockaddr[0] sockaddr = (newhost, sockaddr[1], 0, 0) self.allsockaddrs.append(sockaddr) if sockaddr not in Session.bmc_handlers: Session.bmc_handlers[sockaddr] = {} Session.bmc_handlers[sockaddr][myport] = self _io_sendto(self.socket, self.netpacket, sockaddr) try: del Session.initting_sessions[(self.bmc, self.userid, self.password, self.port, self.kgo)] except KeyError: pass except socket.gaierror: raise exc.IpmiException( "Unable to transmit to specified address") if retry: await WAITING_SESSIONS.acquire() try: Session.waiting_sessions[self] = {} Session.waiting_sessions[self]['ipmisession'] = self if timeout is not None: self.expiration = timeout + _monotonic_time() else: self.expiration = self.timeout + _monotonic_time() Session.waiting_sessions[self]['timeout'] = self.expiration finally: WAITING_SESSIONS.release() async def logout(self, sessionok=True): if self.cleaningup: self.nowait = True if self.logged: if self.sol_handler: await self.raw_command( netfn=6, command=0x49, data=(1, 1, 0, 0, 0, 0), retry=sessionok) await self.raw_command( command=0x3c, netfn=6, data=struct.unpack( "4B", struct.pack("I", self.sessionid)), retry=False) # stop trying for a keepalive, self.lastpayload = None await KEEPALIVE_SESSIONS.acquire() try: Session.keepalive_sessions.pop(self, None) finally: KEEPALIVE_SESSIONS.release() self.logged = 0 self.onlogpayload = None self.logging = False if self._customkeepalives: for ka in list(self._customkeepalives): # Be thorough and notify parties through their custom # keepalives. In practice, this *should* be the same, but # if a code somehow makes duplicate SOL handlers, # this would notify all the handlers rather than just the # last one to take ownership if self._customkeepalives[ka][1] is None: continue await self._customkeepalives[ka][1]( {'error': 'Session Disconnected'}) self._customkeepalives = None if not self.broken: self.socketpool[self.socket] -= 1 self.broken = True # since this session is broken, remove it from the handler list # This allows constructor to create a new, functional object to # replace this one myport = self.socket.getsockname()[1] for sockaddr in self.allsockaddrs: if (sockaddr in Session.bmc_handlers and myport in Session.bmc_handlers[sockaddr]): del Session.bmc_handlers[sockaddr][myport] if Session.bmc_handlers[sockaddr] == {}: del Session.bmc_handlers[sockaddr] self.nowait = False self.socketpool[self.socket] -= 1 return {'success': True} if __name__ == "__main__": import sys ipmis = Session(bmc=sys.argv[1], userid=sys.argv[2], password=os.environ['IPMIPASS']) print(ipmis.raw_command(command=2, data=[1], netfn=0)) print(get_ipmi_error({'command': 8, 'code': 128, 'netfn': 1}))