[iscsi] Include credentials in iBFT only if used during iSCSI login

Avoid passing credentials in the iBFT that were available but not required for login. This works around a problem in the Microsoft iSCSI initiator, which will refuse to initiate sessions if the CHAP password is fewer than 12 characters, even if the target ends up not asking for CHAP authentication.
2025-12-22 21:11:03 +03:00 · 2009-02-20 21:41:00 +00:00
parent 78d426d196
commit 4dd746a725
3 changed files with 73 additions and 17 deletions
--- a/src/include/gpxe/iscsi.h
+++ b/src/include/gpxe/iscsi.h
@@ -530,8 +530,6 @@ struct iscsi_session {
 	char *target_username;
 	/** Target password (if any) */
 	char *target_password;
-	/** Target has authenticated acceptably */
-	int target_auth_ok;
 	/** CHAP challenge (for target auth only)
 	 *
 	 * This is a block of random data; the first byte is used as
@@ -664,6 +662,15 @@ struct iscsi_session {
 /** Mask for all iSCSI "needs to send" flags */
 #define ISCSI_STATUS_STRINGS_MASK 0xff00

+/** Target has requested forward (initiator) authentication */
+#define ISCSI_STATUS_AUTH_FORWARD_REQUIRED 0x00010000
+
+/** Initiator requires target (reverse) authentication */
+#define ISCSI_STATUS_AUTH_REVERSE_REQUIRED 0x00020000
+
+/** Target authenticated itself correctly */
+#define ISCSI_STATUS_AUTH_REVERSE_OK 0x00040000
+
 /** Maximum number of retries at connecting */
 #define ISCSI_MAX_RETRIES 2