[PATCH]: Unable to handle CHAP_A in List

Tejas Vaykole <tejas.vaykole91@xxxxxxxxx> · Fri, 30 May 2014 12:19:58 +0530

>From 47d7faa9bd7ae50042aa10c7eb34b2bd1519fe63 Mon Sep 17 00:00:00 2001
From: Tejas Vaykole <tejas.vaykole@xxxxxxxxxxxxxx>
Date: Fri, 30 May 2014 11:13:47 +0530
Subject: [PATCH] target: Target Error in handling CHAP_A in a List.

The target is failing to handle list of CHAP_A key-value pair form
initiator.The target is expecting CHAP_A=5 always. In other cases,
where initiator sends list (for example) CHAP_A=6,5 target is failing
the security negotiation. Which is incorrect.

This patch handles the case (RFC 3720 section 11.1.4).
where in the initiator may send list of CHAP_A values and target replies
with appropriate CHAP_A value in response

Signed-off-by: Tejas Vaykole <tejas.vaykole@xxxxxxxxxxxxxx>
---
 drivers/target/iscsi/iscsi_target_auth.c | 57 ++++++++++++++++++++++++--------
 drivers/target/iscsi/iscsi_target_auth.h |  1 +
 2 files changed, 45 insertions(+), 13 deletions(-)

diff --git a/drivers/target/iscsi/iscsi_target_auth.c b/drivers/target/iscsi/iscsi_target_auth.c
index de77d9a..a68804d 100644
--- a/drivers/target/iscsi/iscsi_target_auth.c
+++ b/drivers/target/iscsi/iscsi_target_auth.c
@@ -72,6 +72,33 @@ static void chap_gen_challenge(
 }
 
 
+static int check_algorithm(const char *a_str)
+{
+	char *tmp = NULL;
+	char *token = NULL;
+	tmp = kstrdup(a_str, GFP_KERNEL);
+	if (!tmp) {
+		pr_err("Memory allocation failed for CHAP_A temperory buffer\n");
+		return  CHAP_DIGEST_UNKNOWN;
+	}
+	token = strsep(&tmp , "=");
+	while (token) {
+		token = strsep(&tmp , ",");
+		if (!token) {
+			kfree(tmp);
+			return CHAP_DIGEST_UNKNOWN;
+		}
+		if (!strncmp(token, "5", 1)) {
+			pr_debug("Selected MD5 Algorithm\n");
+			kfree(tmp);
+			return CHAP_DIGEST_MD5;
+		}
+	}
+	kfree(tmp);
+	return CHAP_DIGEST_UNKNOWN;
+}
+
+
 static struct iscsi_chap *chap_server_open(
 	struct iscsi_conn *conn,
 	struct iscsi_node_auth *auth,
@@ -79,6 +106,7 @@ static struct iscsi_chap *chap_server_open(
 	char *aic_str,
 	unsigned int *aic_len)
 {
+	int ret;
 	struct iscsi_chap *chap;
 
 	if (!(auth->naf_flags & NAF_USERID_SET) ||
@@ -93,21 +121,24 @@ static struct iscsi_chap *chap_server_open(
 		return NULL;
 
 	chap = conn->auth_protocol;
-	/*
-	 * We only support MD5 MDA presently.
-	 */
-	if (strncmp(a_str, "CHAP_A=5", 8)) {
-		pr_err("CHAP_A is not MD5.\n");
+	ret = check_algorithm(a_str);
+	switch (ret) {
+	case CHAP_DIGEST_MD5:
+		pr_debug("[server] Got CHAP_A=5\n");
+		/*
+		 * Send back CHAP_A set to MD5.
+		*/
+		*aic_len = sprintf(aic_str, "CHAP_A=5");
+		*aic_len += 1;
+		chap->digest_type = CHAP_DIGEST_MD5;
+		pr_debug("[server] Sending CHAP_A=%d\n", chap->digest_type);
+		break;
+	case CHAP_DIGEST_UNKNOWN:
+	default:
+		pr_err("Unknown CHAP_A.\n");
 		return NULL;
 	}
-	pr_debug("[server] Got CHAP_A=5\n");
-	/*
-	 * Send back CHAP_A set to MD5.
-	 */
-	*aic_len = sprintf(aic_str, "CHAP_A=5");
-	*aic_len += 1;
-	chap->digest_type = CHAP_DIGEST_MD5;
-	pr_debug("[server] Sending CHAP_A=%d\n", chap->digest_type);
+
 	/*
 	 * Set Identifier.
 	 */
diff --git a/drivers/target/iscsi/iscsi_target_auth.h b/drivers/target/iscsi/iscsi_target_auth.h
index 2f463c0..d22f7b96 100644
--- a/drivers/target/iscsi/iscsi_target_auth.h
+++ b/drivers/target/iscsi/iscsi_target_auth.h
@@ -1,6 +1,7 @@
 #ifndef _ISCSI_CHAP_H_
 #define _ISCSI_CHAP_H_
 
+#define CHAP_DIGEST_UNKNOWN	0
 #define CHAP_DIGEST_MD5		5
 #define CHAP_DIGEST_SHA		6
 
-- 
1.7.11.7

--
To unsubscribe from this list: send the line "unsubscribe target-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html







