From 00ed567069f50325fb9835746696f5b5e351479a Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Thu, 24 Apr 2008 13:48:29 +0100 Subject: [PATCH] [iSCSI] Offer CHAP authentication only if we have a username and password Some EMC targets will fail if we advertise that we can authenticate with CHAP, but the target is configured to allow unauthenticated access to that target. We advertise AuthMethod=CHAP,None; the target should (I think) select AuthMethod=None for unprotected targets. IETD does this, but an EMC Celerra NS83 doesn't. Fix by offering only AuthMethod=None if the user hasn't supplied a username and password; this means that we won't be offering CHAP authentication unless the user is expecting to use it (in which case the target is presumably configured appropriately). Many thanks to Alessandro Iurlano for reporting and helping to diagnose this problem. --- src/net/tcp/iscsi.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/net/tcp/iscsi.c b/src/net/tcp/iscsi.c index c01ca44b..3cd54703 100644 --- a/src/net/tcp/iscsi.c +++ b/src/net/tcp/iscsi.c @@ -456,17 +456,18 @@ static int iscsi_build_login_request_strings ( struct iscsi_session *iscsi, "InitiatorName=%s%c" "TargetName=%s%c" "SessionType=Normal%c" - "AuthMethod=CHAP,None%c", + "AuthMethod=%sNone%c", iscsi_initiator_iqn(), 0, - iscsi->target_iqn, 0, 0, 0 ); + iscsi->target_iqn, 0, 0, + ( ( iscsi->username && iscsi->password ) ? + "CHAP," : "" ), 0 ); } if ( iscsi->status & ISCSI_STATUS_STRINGS_CHAP_ALGORITHM ) { used += ssnprintf ( data + used, len - used, "CHAP_A=5%c", 0 ); } - if ( ( iscsi->status & ISCSI_STATUS_STRINGS_CHAP_RESPONSE ) && - iscsi->username ) { + if ( ( iscsi->status & ISCSI_STATUS_STRINGS_CHAP_RESPONSE ) ) { used += ssnprintf ( data + used, len - used, "CHAP_N=%s%cCHAP_R=0x", iscsi->username, 0 );