ref: 1a4e03cf93872eb78f498af8afd5d8c7d6143178
parent: 8597051d6460da881c0501c7036dc229dc3101ca
author: cinap_lenrek <[email protected]>
date: Sun Apr 3 00:19:46 EDT 2022
ip/sol: kvm (vnc) redirect, bring back plain authentication as a fallback (when unsupported)
--- a/sys/man/8/sol
+++ b/sys/man/8/sol
@@ -4,7 +4,7 @@
.SH SYNOPSIS
.B ip/sol
[
-.B -rR
+.B -TRrk
] [
.B -u
.I user
@@ -15,12 +15,10 @@
serial-over-lan interface of intel AMT
enabled machines.
.PP
-The protocol runs over tcp port 16995 and
-and is protected using TLS.
+The protocol runs over tcp ports 16994/16995 and
+and is optinally protected using TLS.
.PP
-For authentication, a
-.B proto=httpdigest
-key with a username and password is required.
+For authentication, a username and password is required.
The default username, unless
given by the
.B -u
@@ -30,6 +28,10 @@
factotum.
.PP
The
+.B -T
+flag disables TLS encryption (enabled by default).
+.PP
+The
.B -r
and
.B -R
@@ -39,9 +41,20 @@
By default, raw mode is enabled when the
.B $TERM
environment variable has been set.
+.PP
+The
+.B -k
+flag connects to the VNC port instead.
+.SH EXAMPLE
+Connect to the KVM port with
+.IR vnc(1):
+.IP
+.EX
+execnet && vnc 'exec!ip/sol -k host'
+.EE
.SH SOURCE
.B /sys/src/cmd/ip/sol.c
.SH "SEE ALSO"
-.IR ssh (1),
-.IR consolefs (4),
+.IR execnet (4),
+.IR vncv (1),
.IR factotum (4)
--- a/sys/src/cmd/ip/sol.c
+++ b/sys/src/cmd/ip/sol.c
@@ -15,7 +15,10 @@
HEATBEAT_INTERVAL = 5000,
};
-int authok = 0, pid = 0, raw = -1, fd = -1;
+char *user = "admin";
+int authok = 0, pid = 0, raw = -1, kvm = 0, fd = -1, tls = 1;
+int reply, ok, n;
+char buf[MAX_TRANSMIT_BUFFER];
Biobuf bin, bout;
jmp_buf reconnect;
@@ -123,12 +126,11 @@
}
}
-void
+int
digestauth(char *server, char *user, char *method, char *url)
{
char realm[256+1], nonce[256+1], qop[256+1], nc[10], cnonce[32+1], chal[1024], resp[1024], ouser[256];
static uint counter;
- int reply, ok, n;
send("lblb[__b[____", 0x13, 4,
1+strlen(user) + 2 + 1+strlen(url) + 4,
@@ -136,7 +138,7 @@
strlen(url), url, strlen(url));
recv("lbl", &reply, &ok, &n);
if(reply != 0x114 || ok != 4 || n == 0)
- sysfatal("bad auth reply: %x %x", reply, ok);
+ return -1; /* not supported */
recv("b", &n);
recv("[", realm, n);
@@ -173,13 +175,46 @@
strlen(qop), qop, strlen(qop));
recv("lb*", &reply, &ok);
if(reply != 0x14 && ok != 4)
- sysfatal("bad auth reply: %x %x", reply, ok);
+ sysfatal("bad digest auth reply: %x %x", reply, ok);
+ return 0;
}
void
+plainauth(char *user, char *pass)
+{
+ send("lblb[b[", 0x13, 1,
+ strlen(user)+1+strlen(pass)+1,
+ strlen(user), user, strlen(user),
+ strlen(pass), pass, strlen(pass));
+ recv("lb*", &reply, &ok);
+ if(reply != 0x14 || ok != 1)
+ sysfatal("bad password auth reply: %x %x", reply, ok);
+}
+
+void
+auth(char *server, char *user)
+{
+ static UserPasswd *up = nil;
+
+ if(up == nil){
+ if(digestauth(server, user, "POST", "/RedirectionService") == 0)
+ return;
+
+ /* if digest auth not supported, get plaintext password */
+ up = auth_getuserpasswd(auth_getkey,
+ "proto=pass service=sol user=%q server=%q",
+ user, server);
+ if(up == nil)
+ sysfatal("auth_getuserpasswd: %r");
+ longjmp(reconnect, 1);
+ }
+ plainauth(up->user, up->passwd);
+}
+
+void
usage(void)
{
- fprint(2, "usage: %s [-Rr] [-u user] host\n", argv0);
+ fprint(2, "usage: %s [-TRrk] [-u user] host\n", argv0);
exits("usage");
}
@@ -186,11 +221,6 @@
void
main(int argc, char *argv[])
{
- uchar buf[MAX_TRANSMIT_BUFFER];
- TLSconn tls;
- char *user = "admin";
- int reply, ok, n;
-
fmtinstall('[', encodefmt);
fmtinstall('H', encodefmt);
@@ -198,6 +228,9 @@
case 'u':
user = EARGF(usage());
break;
+ case 'T':
+ tls = 0;
+ break;
case 'R':
raw = 0;
break;
@@ -204,6 +237,9 @@
case 'r':
raw = 1;
break;
+ case 'k':
+ kvm = 1;
+ break;
default:
usage();
} ARGEND;
@@ -211,6 +247,9 @@
if(argc != 1)
usage();
+ if(kvm)
+ goto Connect;
+
if(raw < 0) {
char *term = getenv("TERM");
raw = term && *term;
@@ -230,19 +269,23 @@
write(fd, "rawon", 5);
}
-Reconnect:
- fd = dial(netmkaddr(argv[0], "tcp", "16995"), nil, nil, nil);
+Connect:
+ fd = dial(netmkaddr(argv[0], "tcp", tls ? "16995" : "16994"), nil, nil, nil);
if(fd < 0)
sysfatal("dial: %r");
- memset(&tls, 0, sizeof(tls));
- fd = tlsClient(fd, &tls);
- if(fd < 0)
- sysfatal("tls client: %r");
- free(tls.cert);
- free(tls.sessionID);
- memset(&tls, 0, sizeof(tls));
+ if(tls){
+ TLSconn conn;
+ memset(&conn, 0, sizeof(conn));
+ fd = tlsClient(fd, &conn);
+ if(fd < 0)
+ sysfatal("tls: %r");
+ free(conn.cert);
+ free(conn.sessionID);
+ memset(&conn, 0, sizeof(conn));
+ }
+
authok = 0;
Binit(&bin, fd, OREAD);
Binit(&bout, fd, OWRITE);
@@ -250,17 +293,52 @@
Bterm(&bin);
Bterm(&bout);
close(fd);
- goto Reconnect;
+ goto Connect;
}
- send("l[", 0x10, "SOL ", 4);
+ if(kvm)
+ send("l[", 0x110, "KVMR", 4);
+ else
+ send("l[", 0x10, "SOL ", 4);
+
recv("lb*", &reply, &ok);
if(reply != 0x11 || ok != 1)
sysfatal("bad session reply: %x %x", reply, ok);
- digestauth(argv[0], user, "POST", "/RedirectionService");
+ auth(argv[0], user);
authok = 1;
+ /* kvm port redirect */
+ if(kvm){
+ int from, to;
+
+ send("b_______", 0x40);
+ if(read(fd, buf, 8) != 8 || buf[0] != 0x41)
+ sysfatal("bad redirection reply: %x %x", reply, ok);
+
+ pid = fork();
+ if(pid == 0){
+ pid = getppid();
+ from = 0;
+ to = fd;
+ } else {
+ from = fd;
+ to = 1;
+ }
+ atexit(killpid);
+ for(;;){
+ n = read(from, buf, sizeof(buf));
+ if(n < 0)
+ sysfatal("read: %r");
+ if(n == 0)
+ break;
+ if(write(to, buf, n) != n)
+ sysfatal("write: %r");
+ }
+ exits(nil);
+ }
+
+ /* serial over lan */
send("l____wwwwww____", 0x20,
MAX_TRANSMIT_BUFFER,
TRANSMIT_BUFFER_TIMEOUT,
@@ -270,7 +348,7 @@
HEATBEAT_INTERVAL);
recv("lb*", &reply, &ok);
if(reply != 0x21 || ok != 1)
- sysfatal("bad redirection reply: %x %x", reply, ok);
+ sysfatal("bad sol reply: %x %x", reply, ok);
pid = fork();
if(pid == 0){
@@ -305,5 +383,6 @@
}
}
}
+
exits(nil);
}