Some EMC targets will fail if we advertise that we can authenticate with
CHAP, but the target is configured to allow unauthenticated access to that
target. We advertise AuthMethod=CHAP,None; the target should (I think)
select AuthMethod=None for unprotected targets. IETD does this, but an
EMC Celerra NS83 doesn't.
Fix by offering only AuthMethod=None if the user hasn't supplied a
username and password; this means that we won't be offering CHAP
authentication unless the user is expecting to use it (in which case the
target is presumably configured appropriately).
Many thanks to Alessandro Iurlano <alessandro.iurlano@gmail.com> for
reporting and helping to diagnose this problem.
"InitiatorName=%s%c"
"TargetName=%s%c"
"SessionType=Normal%c"
- "AuthMethod=CHAP,None%c",
+ "AuthMethod=%sNone%c",
iscsi_initiator_iqn(), 0,
- iscsi->target_iqn, 0, 0, 0 );
+ iscsi->target_iqn, 0, 0,
+ ( ( iscsi->username && iscsi->password ) ?
+ "CHAP," : "" ), 0 );
}
if ( iscsi->status & ISCSI_STATUS_STRINGS_CHAP_ALGORITHM ) {
used += ssnprintf ( data + used, len - used, "CHAP_A=5%c", 0 );
}
- if ( ( iscsi->status & ISCSI_STATUS_STRINGS_CHAP_RESPONSE ) &&
- iscsi->username ) {
+ if ( ( iscsi->status & ISCSI_STATUS_STRINGS_CHAP_RESPONSE ) ) {
used += ssnprintf ( data + used, len - used,
"CHAP_N=%s%cCHAP_R=0x",
iscsi->username, 0 );
projects / thirdparty / ipxe.git / commitdiff
