[iSCSI] Offer CHAP authentication only if we have a username and password origin/HEAD origin/master
authorMichael Brown <mcb30@etherboot.org>
Thu, 24 Apr 2008 12:48:29 +0000 (13:48 +0100)
committerMichael Brown <mcb30@etherboot.org>
Thu, 24 Apr 2008 12:48:29 +0000 (13:48 +0100)
Some EMC targets will fail if we advertise that we can authenticate with
CHAP, but the target is configured to allow unauthenticated access to that
target.  We advertise AuthMethod=CHAP,None; the target should (I think)
select AuthMethod=None for unprotected targets.  IETD does this, but an
EMC Celerra NS83 doesn't.

Fix by offering only AuthMethod=None if the user hasn't supplied a
username and password; this means that we won't be offering CHAP
authentication unless the user is expecting to use it (in which case the
target is presumably configured appropriately).

Many thanks to Alessandro Iurlano <alessandro.iurlano@gmail.com> for
reporting and helping to diagnose this problem.

src/net/tcp/iscsi.c

index c01ca44..3cd5470 100644 (file)
@@ -456,17 +456,18 @@ static int iscsi_build_login_request_strings ( struct iscsi_session *iscsi,
                                    "InitiatorName=%s%c"
                                    "TargetName=%s%c"
                                    "SessionType=Normal%c"
                                    "InitiatorName=%s%c"
                                    "TargetName=%s%c"
                                    "SessionType=Normal%c"
-                                   "AuthMethod=CHAP,None%c",
+                                   "AuthMethod=%sNone%c",
                                    iscsi_initiator_iqn(), 0,
                                    iscsi_initiator_iqn(), 0,
-                                   iscsi->target_iqn, 0, 0, 0 );
+                                   iscsi->target_iqn, 0, 0,
+                                   ( ( iscsi->username && iscsi->password ) ?
+                                     "CHAP," : "" ), 0 );
        }
 
        if ( iscsi->status & ISCSI_STATUS_STRINGS_CHAP_ALGORITHM ) {
                used += ssnprintf ( data + used, len - used, "CHAP_A=5%c", 0 );
        }
        
        }
 
        if ( iscsi->status & ISCSI_STATUS_STRINGS_CHAP_ALGORITHM ) {
                used += ssnprintf ( data + used, len - used, "CHAP_A=5%c", 0 );
        }
        
-       if ( ( iscsi->status & ISCSI_STATUS_STRINGS_CHAP_RESPONSE ) &&
-            iscsi->username ) {
+       if ( ( iscsi->status & ISCSI_STATUS_STRINGS_CHAP_RESPONSE ) ) {
                used += ssnprintf ( data + used, len - used,
                                    "CHAP_N=%s%cCHAP_R=0x",
                                    iscsi->username, 0 );
                used += ssnprintf ( data + used, len - used,
                                    "CHAP_N=%s%cCHAP_R=0x",
                                    iscsi->username, 0 );