Ver código fonte

[iSCSI] Offer CHAP authentication only if we have a username and password

Some EMC targets will fail if we advertise that we can authenticate with
CHAP, but the target is configured to allow unauthenticated access to that
target.  We advertise AuthMethod=CHAP,None; the target should (I think)
select AuthMethod=None for unprotected targets.  IETD does this, but an
EMC Celerra NS83 doesn't.

Fix by offering only AuthMethod=None if the user hasn't supplied a
username and password; this means that we won't be offering CHAP
authentication unless the user is expecting to use it (in which case the
target is presumably configured appropriately).

Many thanks to Alessandro Iurlano <alessandro.iurlano@gmail.com> for
reporting and helping to diagnose this problem.
tags/v0.9.4
Michael Brown 16 anos atrás
pai
commit
00ed567069
1 arquivos alterados com 5 adições e 4 exclusões
  1. 5
    4
      src/net/tcp/iscsi.c

+ 5
- 4
src/net/tcp/iscsi.c Ver arquivo

@@ -456,17 +456,18 @@ static int iscsi_build_login_request_strings ( struct iscsi_session *iscsi,
456 456
 				    "InitiatorName=%s%c"
457 457
 				    "TargetName=%s%c"
458 458
 				    "SessionType=Normal%c"
459
-				    "AuthMethod=CHAP,None%c",
459
+				    "AuthMethod=%sNone%c",
460 460
 				    iscsi_initiator_iqn(), 0,
461
-				    iscsi->target_iqn, 0, 0, 0 );
461
+				    iscsi->target_iqn, 0, 0,
462
+				    ( ( iscsi->username && iscsi->password ) ?
463
+				      "CHAP," : "" ), 0 );
462 464
 	}
463 465
 
464 466
 	if ( iscsi->status & ISCSI_STATUS_STRINGS_CHAP_ALGORITHM ) {
465 467
 		used += ssnprintf ( data + used, len - used, "CHAP_A=5%c", 0 );
466 468
 	}
467 469
 	
468
-	if ( ( iscsi->status & ISCSI_STATUS_STRINGS_CHAP_RESPONSE ) &&
469
-	     iscsi->username ) {
470
+	if ( ( iscsi->status & ISCSI_STATUS_STRINGS_CHAP_RESPONSE ) ) {
470 471
 		used += ssnprintf ( data + used, len - used,
471 472
 				    "CHAP_N=%s%cCHAP_R=0x",
472 473
 				    iscsi->username, 0 );

Carregando…
Cancelar
Salvar