iscsi_text.c revision 1.6
1 1.6 mlelstv /* $NetBSD: iscsi_text.c,v 1.6 2012/08/12 13:26:18 mlelstv Exp $ */ 2 1.1 agc 3 1.1 agc /*- 4 1.1 agc * Copyright (c) 2005,2006,2011 The NetBSD Foundation, Inc. 5 1.1 agc * All rights reserved. 6 1.1 agc * 7 1.1 agc * This code is derived from software contributed to The NetBSD Foundation 8 1.1 agc * by Wasabi Systems, Inc. 9 1.1 agc * 10 1.1 agc * Redistribution and use in source and binary forms, with or without 11 1.1 agc * modification, are permitted provided that the following conditions 12 1.1 agc * are met: 13 1.1 agc * 1. Redistributions of source code must retain the above copyright 14 1.1 agc * notice, this list of conditions and the following disclaimer. 15 1.1 agc * 2. Redistributions in binary form must reproduce the above copyright 16 1.1 agc * notice, this list of conditions and the following disclaimer in the 17 1.1 agc * documentation and/or other materials provided with the distribution. 18 1.1 agc * 19 1.1 agc * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 1.1 agc * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 1.1 agc * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 1.1 agc * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 1.1 agc * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 1.1 agc * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 1.1 agc * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 1.1 agc * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 1.1 agc * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 1.1 agc * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 1.1 agc * POSSIBILITY OF SUCH DAMAGE. 30 1.1 agc */ 31 1.1 agc 32 1.1 agc #include "iscsi_globals.h" 33 1.1 agc #include "base64.h" 34 1.1 agc #include <sys/md5.h> 35 1.2 tls #include <sys/cprng.h> 36 1.1 agc 37 1.5 mlelstv /* define to send T_BIGNUM in hex format instead of base64 */ 38 1.5 mlelstv /* #define ISCSI_HEXBIGNUMS */ 39 1.5 mlelstv 40 1.1 agc #define isdigit(x) ((x) >= '0' && (x) <= '9') 41 1.1 agc #define toupper(x) ((x) & ~0x20) 42 1.1 agc 43 1.1 agc /*****************************************************************************/ 44 1.1 agc 45 1.1 agc #define MAX_STRING 255 /* Maximum length of parameter value */ 46 1.1 agc #define MAX_LIST 4 /* Maximum number of list elements we'll ever send */ 47 1.1 agc 48 1.1 agc /* Maximum number of negotiation parameters in the operational negotiation phase */ 49 1.1 agc /* 48 should be more than enough even with the target defining its own keys */ 50 1.1 agc #define MAX_NEG 48 51 1.1 agc 52 1.1 agc #define CHAP_CHALLENGE_LEN 32 /* Number of bytes to send in challenge */ 53 1.1 agc #define CHAP_MD5_SIZE 16 /* Number of bytes in MD5 hash */ 54 1.1 agc 55 1.1 agc /*****************************************************************************/ 56 1.1 agc 57 1.1 agc /* authentication states */ 58 1.1 agc 59 1.1 agc typedef enum 60 1.1 agc { 61 1.1 agc AUTH_INITIAL, /* sending choice of algorithms */ 62 1.1 agc AUTH_METHOD_SELECTED, /* received choice, sending first parameter */ 63 1.1 agc /* from here it's alg dependent */ 64 1.1 agc AUTH_CHAP_ALG_SENT, /* CHAP: Algorithm selected */ 65 1.1 agc AUTH_CHAP_RSP_SENT, /* CHAP: Response sent */ 66 1.1 agc /* for all algorithms */ 67 1.1 agc AUTH_DONE /* in parameter negotiation stage */ 68 1.1 agc } auth_state_t; 69 1.1 agc 70 1.1 agc 71 1.1 agc /* enumeration of all the keys we know, and a place for the ones we don't */ 72 1.1 agc 73 1.1 agc typedef enum 74 1.1 agc { 75 1.1 agc K_AuthMethod, 76 1.1 agc K_Auth_CHAP_Algorithm, 77 1.1 agc K_Auth_CHAP_Challenge, 78 1.1 agc K_Auth_CHAP_Identifier, 79 1.1 agc K_Auth_CHAP_Name, 80 1.1 agc K_Auth_CHAP_Response, 81 1.1 agc K_DataDigest, 82 1.1 agc K_DataPDUInOrder, 83 1.1 agc K_DataSequenceInOrder, 84 1.1 agc K_DefaultTime2Retain, 85 1.1 agc K_DefaultTime2Wait, 86 1.1 agc K_ErrorRecoveryLevel, 87 1.1 agc K_FirstBurstLength, 88 1.1 agc K_HeaderDigest, 89 1.1 agc K_IFMarker, 90 1.1 agc K_IFMarkInt, 91 1.1 agc K_ImmediateData, 92 1.1 agc K_InitialR2T, 93 1.1 agc K_InitiatorAlias, 94 1.1 agc K_InitiatorName, 95 1.1 agc K_MaxBurstLength, 96 1.1 agc K_MaxConnections, 97 1.1 agc K_MaxOutstandingR2T, 98 1.1 agc K_MaxRecvDataSegmentLength, 99 1.1 agc K_OFMarker, 100 1.1 agc K_OFMarkInt, 101 1.1 agc K_SendTargets, 102 1.1 agc K_SessionType, 103 1.1 agc K_TargetAddress, 104 1.1 agc K_TargetAlias, 105 1.1 agc K_TargetName, 106 1.1 agc K_TargetPortalGroupTag, 107 1.1 agc K_NotUnderstood 108 1.1 agc } text_key_t; 109 1.1 agc 110 1.1 agc /* maximum known key */ 111 1.1 agc #define MAX_KEY K_TargetPortalGroupTag 112 1.1 agc 113 1.1 agc 114 1.1 agc #undef DEBOUT 115 1.1 agc #define DEBOUT(x) printf x 116 1.1 agc 117 1.1 agc 118 1.1 agc 119 1.1 agc /* value types */ 120 1.1 agc typedef enum 121 1.1 agc { /* Value is... */ 122 1.1 agc T_NUM, /* numeric */ 123 1.1 agc T_BIGNUM, /* large numeric */ 124 1.1 agc T_STRING, /* string */ 125 1.1 agc T_YESNO, /* boolean (Yes or No) */ 126 1.1 agc T_AUTH, /* authentication type (CHAP or None for now) */ 127 1.1 agc T_DIGEST, /* digest (None or CRC32C) */ 128 1.1 agc T_RANGE, /* numeric range */ 129 1.1 agc T_SENDT, /* send target options (ALL, target-name, empty) */ 130 1.1 agc T_SESS /* session type (Discovery or Normal) */ 131 1.1 agc } val_kind_t; 132 1.1 agc 133 1.1 agc 134 1.1 agc /* table of negotiation key strings with value type and default */ 135 1.1 agc 136 1.1 agc typedef struct 137 1.1 agc { 138 1.1 agc const uint8_t *name; /* the key name */ 139 1.1 agc val_kind_t val; /* the value type */ 140 1.1 agc uint32_t defval; /* default value */ 141 1.1 agc } key_entry_t; 142 1.1 agc 143 1.1 agc STATIC key_entry_t entries[] = { 144 1.1 agc {"AuthMethod", T_AUTH, 0}, 145 1.1 agc {"CHAP_A", T_NUM, 5}, 146 1.1 agc {"CHAP_C", T_BIGNUM, 0}, 147 1.1 agc {"CHAP_I", T_NUM, 0}, 148 1.1 agc {"CHAP_N", T_STRING, 0}, 149 1.1 agc {"CHAP_R", T_BIGNUM, 0}, 150 1.1 agc {"DataDigest", T_DIGEST, 0}, 151 1.1 agc {"DataPDUInOrder", T_YESNO, 1}, 152 1.1 agc {"DataSequenceInOrder", T_YESNO, 1}, 153 1.1 agc {"DefaultTime2Retain", T_NUM, 20}, 154 1.1 agc {"DefaultTime2Wait", T_NUM, 2}, 155 1.1 agc {"ErrorRecoveryLevel", T_NUM, 0}, 156 1.1 agc {"FirstBurstLength", T_NUM, 64 * 1024}, 157 1.1 agc {"HeaderDigest", T_DIGEST, 0}, 158 1.1 agc {"IFMarker", T_YESNO, 0}, 159 1.1 agc {"IFMarkInt", T_RANGE, 2048}, 160 1.1 agc {"ImmediateData", T_YESNO, 1}, 161 1.1 agc {"InitialR2T", T_YESNO, 1}, 162 1.1 agc {"InitiatorAlias", T_STRING, 0}, 163 1.1 agc {"InitiatorName", T_STRING, 0}, 164 1.1 agc {"MaxBurstLength", T_NUM, 256 * 1024}, 165 1.1 agc {"MaxConnections", T_NUM, 1}, 166 1.1 agc {"MaxOutstandingR2T", T_NUM, 1}, 167 1.1 agc {"MaxRecvDataSegmentLength", T_NUM, 8192}, 168 1.1 agc {"OFMarker", T_YESNO, 0}, 169 1.1 agc {"OFMarkInt", T_RANGE, 2048}, 170 1.1 agc {"SendTargets", T_SENDT, 0}, 171 1.1 agc {"SessionType", T_SESS, 0}, 172 1.1 agc {"TargetAddress", T_STRING, 0}, 173 1.1 agc {"TargetAlias", T_STRING, 0}, 174 1.1 agc {"TargetName", T_STRING, 0}, 175 1.1 agc {"TargetPortalGroupTag", T_NUM, 0}, 176 1.1 agc {NULL, T_STRING, 0} 177 1.1 agc }; 178 1.1 agc 179 1.1 agc /* a negotiation parameter: key and values (there may be more than 1 for lists) */ 180 1.1 agc typedef struct 181 1.1 agc { 182 1.1 agc text_key_t key; /* the key */ 183 1.1 agc int list_num; /* number of elements in list, doubles as */ 184 1.1 agc /* data size for large numeric values */ 185 1.1 agc union 186 1.1 agc { 187 1.1 agc uint32_t nval[MAX_LIST]; /* numeric or enumeration values */ 188 1.1 agc uint8_t *sval; /* string or data pointer */ 189 1.1 agc } val; 190 1.1 agc } negotiation_parameter_t; 191 1.1 agc 192 1.1 agc 193 1.1 agc /* Negotiation state flags */ 194 1.1 agc #define NS_SENT 0x01 /* key was sent to target */ 195 1.1 agc #define NS_RECEIVED 0x02 /* key was received from target */ 196 1.1 agc 197 1.1 agc typedef struct 198 1.1 agc { 199 1.1 agc negotiation_parameter_t pars[MAX_NEG]; /* the parameters to send */ 200 1.1 agc negotiation_parameter_t *cpar; /* the last parameter set */ 201 1.1 agc uint16_t num_pars; /* number of parameters to send */ 202 1.1 agc auth_state_t auth_state; /* authentication state */ 203 1.1 agc iscsi_auth_types_t auth_alg; /* authentication algorithm */ 204 1.1 agc uint8_t kflags[MAX_KEY + 2]; /* negotiation flags for each key */ 205 1.1 agc uint8_t password[MAX_STRING + 1]; /* authentication secret */ 206 1.1 agc uint8_t target_password[MAX_STRING + 1]; /* target authentication secret */ 207 1.1 agc uint8_t user_name[MAX_STRING + 1]; /* authentication user ID */ 208 1.1 agc uint8_t temp_buf[MAX_STRING + 1]; /* scratch buffer */ 209 1.1 agc 210 1.1 agc bool HeaderDigest; 211 1.1 agc bool DataDigest; 212 1.1 agc bool InitialR2T; 213 1.1 agc bool ImmediateData; 214 1.1 agc uint32_t ErrorRecoveryLevel; 215 1.1 agc uint32_t MaxRecvDataSegmentLength; 216 1.1 agc uint32_t MaxConnections; 217 1.1 agc uint32_t DefaultTime2Wait; 218 1.1 agc uint32_t DefaultTime2Retain; 219 1.1 agc uint32_t MaxBurstLength; 220 1.1 agc uint32_t FirstBurstLength; 221 1.1 agc uint32_t MaxOutstandingR2T; 222 1.1 agc 223 1.1 agc } negotiation_state_t; 224 1.1 agc 225 1.1 agc 226 1.1 agc #define TX(state, key) (state->kflags [key] & NS_SENT) 227 1.1 agc #define RX(state, key) (state->kflags [key] & NS_RECEIVED) 228 1.1 agc 229 1.1 agc /*****************************************************************************/ 230 1.1 agc 231 1.1 agc 232 1.1 agc STATIC void 233 1.1 agc chap_md5_response(uint8_t *buffer, uint8_t identifier, uint8_t *secret, 234 1.1 agc uint8_t *challenge, int challenge_size) 235 1.1 agc { 236 1.1 agc MD5_CTX md5; 237 1.1 agc 238 1.1 agc MD5Init(&md5); 239 1.1 agc MD5Update(&md5, &identifier, 1); 240 1.1 agc MD5Update(&md5, secret, strlen(secret)); 241 1.1 agc MD5Update(&md5, challenge, challenge_size); 242 1.1 agc MD5Final(buffer, &md5); 243 1.1 agc } 244 1.1 agc 245 1.1 agc 246 1.1 agc /*****************************************************************************/ 247 1.1 agc 248 1.1 agc /* 249 1.1 agc * hexdig: 250 1.1 agc * Return value of hex digit. 251 1.1 agc * Note: a null character is acceptable, and returns 0. 252 1.1 agc * 253 1.1 agc * Parameter: 254 1.1 agc * c The character 255 1.1 agc * 256 1.1 agc * Returns: The value, -1 on error. 257 1.1 agc */ 258 1.1 agc 259 1.1 agc static __inline int 260 1.1 agc hexdig(uint8_t c) 261 1.1 agc { 262 1.1 agc 263 1.1 agc if (!c) { 264 1.1 agc return 0; 265 1.1 agc } 266 1.1 agc if (isdigit(c)) { 267 1.1 agc return c - '0'; 268 1.1 agc } 269 1.1 agc c = toupper(c); 270 1.1 agc if (c >= 'A' && c <= 'F') { 271 1.1 agc return c - 'A' + 10; 272 1.1 agc } 273 1.1 agc return -1; 274 1.1 agc } 275 1.1 agc 276 1.1 agc /* 277 1.1 agc * skiptozero: 278 1.1 agc * Skip to next zero character in buffer. 279 1.1 agc * 280 1.1 agc * Parameter: 281 1.1 agc * buf The buffer pointer 282 1.1 agc * 283 1.1 agc * Returns: The pointer to the character after the zero character. 284 1.1 agc */ 285 1.1 agc 286 1.1 agc static __inline uint8_t * 287 1.1 agc skiptozero(uint8_t *buf) 288 1.1 agc { 289 1.1 agc 290 1.1 agc while (*buf) { 291 1.1 agc buf++; 292 1.1 agc } 293 1.1 agc return buf + 1; 294 1.1 agc } 295 1.1 agc 296 1.1 agc 297 1.1 agc /* 298 1.1 agc * get_bignumval: 299 1.1 agc * Get a large numeric value. 300 1.1 agc * NOTE: Overwrites source string. 301 1.1 agc * 302 1.1 agc * Parameter: 303 1.1 agc * buf The buffer pointer 304 1.1 agc * par The parameter 305 1.1 agc * 306 1.1 agc * Returns: The pointer to the next parameter, NULL on error. 307 1.1 agc */ 308 1.1 agc 309 1.1 agc STATIC uint8_t * 310 1.1 agc get_bignumval(uint8_t *buf, negotiation_parameter_t *par) 311 1.1 agc { 312 1.1 agc int val; 313 1.1 agc char c; 314 1.1 agc uint8_t *dp = buf; 315 1.1 agc 316 1.1 agc par->val.sval = buf; 317 1.1 agc 318 1.1 agc if (buf[0] == '0' && (buf[1] == 'x' || buf[1] == 'X')) { 319 1.1 agc buf += 2; 320 1.1 agc while ((c = *buf) != 0x0) { 321 1.1 agc buf++; 322 1.1 agc val = (hexdig(c) << 4) | hexdig(*buf); 323 1.1 agc if (val < 0) { 324 1.1 agc return NULL; 325 1.1 agc } 326 1.1 agc *dp++ = (uint8_t) val; 327 1.1 agc if (*buf) { 328 1.1 agc buf++; 329 1.1 agc } 330 1.1 agc } 331 1.1 agc buf++; 332 1.1 agc par->list_num = dp - par->val.sval; 333 1.1 agc } else if (buf[0] == '0' && (buf[1] == 'b' || buf[1] == 'B')) { 334 1.1 agc buf = base64_decode(&buf[2], par->val.sval, &par->list_num); 335 1.1 agc } else { 336 1.1 agc DEBOUT(("Ill-formatted large number <%s>\n", buf)); 337 1.1 agc return NULL; 338 1.1 agc } 339 1.1 agc 340 1.1 agc return buf; 341 1.1 agc } 342 1.1 agc 343 1.1 agc 344 1.1 agc /* 345 1.1 agc * get_numval: 346 1.1 agc * Get a numeric value. 347 1.1 agc * 348 1.1 agc * Parameter: 349 1.1 agc * buf The buffer pointer 350 1.1 agc * pval The pointer to the result. 351 1.1 agc * 352 1.1 agc * Returns: The pointer to the next parameter, NULL on error. 353 1.1 agc */ 354 1.1 agc 355 1.1 agc STATIC uint8_t * 356 1.1 agc get_numval(uint8_t *buf, uint32_t *pval) 357 1.1 agc { 358 1.1 agc uint32_t val = 0; 359 1.1 agc char c; 360 1.1 agc 361 1.1 agc if (buf[0] == '0' && (buf[1] == 'x' || buf[1] == 'X')) { 362 1.1 agc buf += 2; 363 1.1 agc while (*buf && *buf != '~') { 364 1.1 agc int n; 365 1.1 agc 366 1.1 agc if ((n = hexdig(*buf++)) < 0) 367 1.1 agc return NULL; 368 1.1 agc val = (val << 4) | n; 369 1.1 agc } 370 1.1 agc } else 371 1.1 agc while (*buf && *buf != '~') { 372 1.1 agc c = *buf++; 373 1.1 agc if (!isdigit(c)) 374 1.1 agc return NULL; 375 1.1 agc val = val * 10 + (c - '0'); 376 1.1 agc } 377 1.1 agc 378 1.1 agc *pval = val; 379 1.1 agc 380 1.1 agc return buf + 1; 381 1.1 agc } 382 1.1 agc 383 1.1 agc 384 1.1 agc /* 385 1.1 agc * get_range: 386 1.1 agc * Get a numeric range. 387 1.1 agc * 388 1.1 agc * Parameter: 389 1.1 agc * buf The buffer pointer 390 1.1 agc * pval1 The pointer to the first result. 391 1.1 agc * pval2 The pointer to the second result. 392 1.1 agc * 393 1.1 agc * Returns: The pointer to the next parameter, NULL on error. 394 1.1 agc */ 395 1.1 agc 396 1.1 agc STATIC uint8_t * 397 1.1 agc get_range(uint8_t *buf, uint32_t *pval1, uint32_t *pval2) 398 1.1 agc { 399 1.1 agc 400 1.1 agc if ((buf = get_numval(buf, pval1)) == NULL) 401 1.1 agc return NULL; 402 1.1 agc if (!*buf) 403 1.1 agc return NULL; 404 1.1 agc if ((buf = get_numval(buf, pval2)) == NULL) 405 1.1 agc return NULL; 406 1.1 agc return buf; 407 1.1 agc } 408 1.1 agc 409 1.1 agc 410 1.1 agc /* 411 1.1 agc * get_ynval: 412 1.1 agc * Get a yes/no selection. 413 1.1 agc * 414 1.1 agc * Parameter: 415 1.1 agc * buf The buffer pointer 416 1.1 agc * pval The pointer to the result. 417 1.1 agc * 418 1.1 agc * Returns: The pointer to the next parameter, NULL on error. 419 1.1 agc */ 420 1.1 agc 421 1.1 agc STATIC uint8_t * 422 1.1 agc get_ynval(uint8_t *buf, uint32_t *pval) 423 1.1 agc { 424 1.1 agc 425 1.1 agc if (strcmp(buf, "Yes") == 0) 426 1.1 agc *pval = 1; 427 1.1 agc else if (strcmp(buf, "No") == 0) 428 1.1 agc *pval = 0; 429 1.1 agc else 430 1.1 agc return NULL; 431 1.1 agc 432 1.1 agc return skiptozero(buf); 433 1.1 agc } 434 1.1 agc 435 1.1 agc 436 1.1 agc /* 437 1.1 agc * get_digestval: 438 1.1 agc * Get a digest selection. 439 1.1 agc * 440 1.1 agc * Parameter: 441 1.1 agc * buf The buffer pointer 442 1.1 agc * pval The pointer to the result. 443 1.1 agc * 444 1.1 agc * Returns: The pointer to the next parameter, NULL on error. 445 1.1 agc */ 446 1.1 agc 447 1.1 agc STATIC uint8_t * 448 1.1 agc get_digestval(uint8_t *buf, uint32_t *pval) 449 1.1 agc { 450 1.1 agc 451 1.1 agc if (strcmp(buf, "CRC32C") == 0) 452 1.1 agc *pval = 1; 453 1.1 agc else if (strcmp(buf, "None") == 0) 454 1.1 agc *pval = 0; 455 1.1 agc else 456 1.1 agc return NULL; 457 1.1 agc 458 1.1 agc return skiptozero(buf); 459 1.1 agc } 460 1.1 agc 461 1.1 agc 462 1.1 agc /* 463 1.1 agc * get_authval: 464 1.1 agc * Get an authentication method. 465 1.1 agc * 466 1.1 agc * Parameter: 467 1.1 agc * buf The buffer pointer 468 1.1 agc * pval The pointer to the result. 469 1.1 agc * 470 1.1 agc * Returns: The pointer to the next parameter, NULL on error. 471 1.1 agc */ 472 1.1 agc 473 1.1 agc STATIC uint8_t * 474 1.1 agc get_authval(uint8_t *buf, uint32_t *pval) 475 1.1 agc { 476 1.1 agc 477 1.1 agc if (strcmp(buf, "None") == 0) 478 1.1 agc *pval = ISCSI_AUTH_None; 479 1.1 agc else if (strcmp(buf, "CHAP") == 0) 480 1.1 agc *pval = ISCSI_AUTH_CHAP; 481 1.1 agc else if (strcmp(buf, "KRB5") == 0) 482 1.1 agc *pval = ISCSI_AUTH_KRB5; 483 1.1 agc else if (strcmp(buf, "SRP") == 0) 484 1.1 agc *pval = ISCSI_AUTH_SRP; 485 1.1 agc else 486 1.1 agc return NULL; 487 1.1 agc 488 1.1 agc return skiptozero(buf); 489 1.1 agc } 490 1.1 agc 491 1.1 agc 492 1.1 agc /* 493 1.1 agc * get_strval: 494 1.1 agc * Get a string value (returns pointer to original buffer, not a copy). 495 1.1 agc * 496 1.1 agc * Parameter: 497 1.1 agc * buf The buffer pointer 498 1.1 agc * pval The pointer to the result pointer. 499 1.1 agc * 500 1.1 agc * Returns: The pointer to the next parameter, NULL on error. 501 1.1 agc */ 502 1.1 agc 503 1.1 agc STATIC uint8_t * 504 1.1 agc get_strval(uint8_t *buf, uint8_t **pval) 505 1.1 agc { 506 1.1 agc 507 1.1 agc if (strlen(buf) > MAX_STRING) 508 1.1 agc return NULL; 509 1.1 agc 510 1.1 agc *pval = buf; 511 1.1 agc 512 1.1 agc return skiptozero(buf); 513 1.1 agc } 514 1.1 agc 515 1.1 agc 516 1.1 agc /* 517 1.1 agc * get_parameter: 518 1.1 agc * Analyze a key=value string. 519 1.1 agc * NOTE: The string is modified in the process. 520 1.1 agc * 521 1.1 agc * Parameter: 522 1.1 agc * buf The buffer pointer 523 1.1 agc * par The parameter descriptor to be filled in 524 1.1 agc * 525 1.1 agc * Returns: The pointer to the next parameter, NULL on error. 526 1.1 agc */ 527 1.1 agc 528 1.1 agc STATIC uint8_t * 529 1.1 agc get_parameter(uint8_t *buf, negotiation_parameter_t *par) 530 1.1 agc { 531 1.1 agc uint8_t *bp = buf; 532 1.1 agc int i; 533 1.1 agc 534 1.1 agc while (*bp && *bp != '=') { 535 1.1 agc bp++; 536 1.1 agc } 537 1.1 agc if (!*bp) { 538 1.1 agc DEBOUT(("get_parameter: Premature end of parameter\n")); 539 1.1 agc return NULL; 540 1.1 agc } 541 1.1 agc 542 1.1 agc *bp++ = 0; 543 1.1 agc 544 1.1 agc for (i = 0; i <= MAX_KEY; i++) 545 1.1 agc if (!strcmp(buf, entries[i].name)) 546 1.1 agc break; 547 1.1 agc 548 1.1 agc par->key = i; 549 1.1 agc par->list_num = 1; 550 1.1 agc 551 1.1 agc if (i > MAX_KEY) { 552 1.1 agc DEBOUT(("get_parameter: unrecognized key <%s>\n", buf)); 553 1.1 agc if (strlen(buf) > MAX_STRING) { 554 1.1 agc DEBOUT(("get_parameter: key name > MAX_STRING\n")); 555 1.1 agc return NULL; 556 1.1 agc } 557 1.1 agc par->val.sval = buf; 558 1.1 agc return skiptozero(bp); 559 1.1 agc } 560 1.1 agc 561 1.5 mlelstv DEB(10, ("get_par: key <%s>=%d, val=%d, ret %p\n", 562 1.5 mlelstv buf, i, entries[i].val, bp)); 563 1.5 mlelstv DEB(10, ("get_par: value '%s'\n",bp)); 564 1.5 mlelstv 565 1.1 agc switch (entries[i].val) { 566 1.1 agc case T_NUM: 567 1.1 agc bp = get_numval(bp, &par->val.nval[0]); 568 1.1 agc break; 569 1.1 agc 570 1.1 agc case T_BIGNUM: 571 1.1 agc bp = get_bignumval(bp, par); 572 1.1 agc break; 573 1.1 agc 574 1.1 agc case T_STRING: 575 1.1 agc bp = get_strval(bp, &par->val.sval); 576 1.1 agc break; 577 1.1 agc 578 1.1 agc case T_YESNO: 579 1.1 agc bp = get_ynval(bp, &par->val.nval[0]); 580 1.1 agc break; 581 1.1 agc 582 1.1 agc case T_AUTH: 583 1.1 agc bp = get_authval(bp, &par->val.nval[0]); 584 1.1 agc break; 585 1.1 agc 586 1.1 agc case T_DIGEST: 587 1.1 agc bp = get_digestval(bp, &par->val.nval[0]); 588 1.1 agc break; 589 1.1 agc 590 1.1 agc case T_RANGE: 591 1.1 agc bp = get_range(bp, &par->val.nval[0], &par->val.nval[1]); 592 1.1 agc break; 593 1.1 agc 594 1.1 agc default: 595 1.1 agc /* Target sending any other types is wrong */ 596 1.1 agc bp = NULL; 597 1.1 agc break; 598 1.1 agc } 599 1.1 agc return bp; 600 1.1 agc } 601 1.1 agc 602 1.1 agc /*****************************************************************************/ 603 1.1 agc 604 1.1 agc /* 605 1.1 agc * my_strcpy: 606 1.1 agc * Replacement for strcpy that returns the end of the result string 607 1.1 agc * 608 1.1 agc * Parameter: 609 1.1 agc * dest The destination buffer pointer 610 1.1 agc * src The source string 611 1.1 agc * 612 1.1 agc * Returns: A pointer to the terminating zero of the result. 613 1.1 agc */ 614 1.1 agc 615 1.1 agc static __inline unsigned 616 1.1 agc my_strcpy(uint8_t *dest, const uint8_t *src) 617 1.1 agc { 618 1.1 agc unsigned cc; 619 1.1 agc 620 1.1 agc for (cc = 0 ; (*dest = *src) != 0x0 ; cc++) { 621 1.1 agc dest++; 622 1.1 agc src++; 623 1.1 agc } 624 1.1 agc return cc; 625 1.1 agc } 626 1.1 agc 627 1.5 mlelstv /* 628 1.5 mlelstv * put_bignumval: 629 1.5 mlelstv * Write a large numeric value. 630 1.5 mlelstv * NOTE: Overwrites source string. 631 1.5 mlelstv * 632 1.5 mlelstv * Parameter: 633 1.5 mlelstv * buf The buffer pointer 634 1.5 mlelstv * par The parameter 635 1.5 mlelstv * 636 1.5 mlelstv * Returns: The pointer to the next parameter, NULL on error. 637 1.5 mlelstv */ 638 1.5 mlelstv 639 1.5 mlelstv STATIC unsigned 640 1.5 mlelstv put_bignumval(negotiation_parameter_t *par, uint8_t *buf) 641 1.5 mlelstv { 642 1.5 mlelstv #ifdef ISCSI_HEXBIGNUMS 643 1.5 mlelstv int k, c; 644 1.5 mlelstv 645 1.5 mlelstv my_strcpy(buf, "0x"); 646 1.5 mlelstv for (k=0; k<par->list_num; ++k) { 647 1.5 mlelstv c = par->val.sval[k] >> 4; 648 1.5 mlelstv buf[2+2*k] = c < 10 ? '0' + c : 'a' + (c-10); 649 1.5 mlelstv c = par->val.sval[k] & 0xf; 650 1.5 mlelstv buf[2+2*k+1] = c < 10 ? '0' + c : 'a' + (c-10); 651 1.5 mlelstv } 652 1.5 mlelstv buf[2+2*k] = '\0'; 653 1.5 mlelstv 654 1.5 mlelstv return 2+2*par->list_num; 655 1.5 mlelstv #else 656 1.5 mlelstv return base64_encode(par->val.sval, par->list_num, buf); 657 1.5 mlelstv #endif 658 1.5 mlelstv } 659 1.1 agc 660 1.1 agc /* 661 1.1 agc * put_parameter: 662 1.1 agc * Create a key=value string. 663 1.1 agc * 664 1.1 agc * Parameter: 665 1.1 agc * buf The buffer pointer 666 1.1 agc * par The parameter descriptor 667 1.1 agc * 668 1.1 agc * Returns: The pointer to the next free buffer space, NULL on error. 669 1.1 agc */ 670 1.1 agc 671 1.1 agc STATIC unsigned 672 1.1 agc put_parameter(uint8_t *buf, unsigned len, negotiation_parameter_t *par) 673 1.1 agc { 674 1.1 agc int i; 675 1.5 mlelstv unsigned cc, cl; 676 1.1 agc const uint8_t *sp; 677 1.1 agc 678 1.5 mlelstv DEB(10, ("put_par: key <%s>=%d, val=%d\n", 679 1.5 mlelstv entries[par->key].name, par->key, entries[par->key].val)); 680 1.5 mlelstv 681 1.1 agc if (par->key > MAX_KEY) { 682 1.1 agc return snprintf(buf, len, "%s=NotUnderstood", par->val.sval); 683 1.1 agc } 684 1.1 agc 685 1.1 agc cc = snprintf(buf, len, "%s=", entries[par->key].name); 686 1.1 agc 687 1.1 agc for (i = 0; i < par->list_num; i++) { 688 1.1 agc switch (entries[par->key].val) { 689 1.1 agc case T_NUM: 690 1.5 mlelstv cl = snprintf(&buf[cc], len - cc, "%d", 691 1.5 mlelstv par->val.nval[i]); 692 1.1 agc break; 693 1.1 agc 694 1.1 agc case T_BIGNUM: 695 1.5 mlelstv cl = put_bignumval(par, &buf[cc]); 696 1.1 agc i = par->list_num; 697 1.1 agc break; 698 1.1 agc 699 1.1 agc case T_STRING: 700 1.5 mlelstv cl = my_strcpy(&buf[cc], par->val.sval); 701 1.1 agc break; 702 1.1 agc 703 1.1 agc case T_YESNO: 704 1.5 mlelstv cl = my_strcpy(&buf[cc], 705 1.1 agc (par->val.nval[i]) ? "Yes" : "No"); 706 1.1 agc break; 707 1.1 agc 708 1.1 agc case T_AUTH: 709 1.1 agc switch (par->val.nval[i]) { 710 1.1 agc case ISCSI_AUTH_CHAP: 711 1.1 agc sp = "CHAP"; 712 1.1 agc break; 713 1.1 agc case ISCSI_AUTH_KRB5: 714 1.1 agc sp = "KRB5"; 715 1.1 agc break; 716 1.1 agc case ISCSI_AUTH_SRP: 717 1.1 agc sp = "SRP"; 718 1.1 agc break; 719 1.1 agc default: 720 1.1 agc sp = "None"; 721 1.1 agc break; 722 1.1 agc } 723 1.5 mlelstv cl = my_strcpy(&buf[cc], sp); 724 1.1 agc break; 725 1.1 agc 726 1.1 agc case T_DIGEST: 727 1.5 mlelstv cl = my_strcpy(&buf[cc], 728 1.5 mlelstv (par->val.nval[i]) ? "CRC32C" : "None"); 729 1.1 agc break; 730 1.1 agc 731 1.1 agc case T_RANGE: 732 1.1 agc if ((i + 1) >= par->list_num) { 733 1.5 mlelstv cl = my_strcpy(&buf[cc], "Reject"); 734 1.1 agc } else { 735 1.5 mlelstv cl = snprintf(&buf[cc], len - cc, 736 1.1 agc "%d~%d", par->val.nval[i], 737 1.1 agc par->val.nval[i + 1]); 738 1.1 agc i++; 739 1.1 agc } 740 1.1 agc break; 741 1.1 agc 742 1.1 agc case T_SENDT: 743 1.5 mlelstv cl = my_strcpy(&buf[cc], par->val.sval); 744 1.1 agc break; 745 1.1 agc 746 1.1 agc case T_SESS: 747 1.5 mlelstv cl = my_strcpy(&buf[cc], 748 1.1 agc (par->val.nval[i]) ? "Normal" : "Discovery"); 749 1.1 agc break; 750 1.1 agc 751 1.1 agc default: 752 1.5 mlelstv cl = 0; 753 1.1 agc /* We should't be here... */ 754 1.1 agc DEBOUT(("Invalid type %d in put_parameter!\n", 755 1.1 agc entries[par->key].val)); 756 1.1 agc break; 757 1.1 agc } 758 1.5 mlelstv 759 1.5 mlelstv DEB(10, ("put_par: value '%s'\n",&buf[cc])); 760 1.5 mlelstv 761 1.5 mlelstv cc += cl; 762 1.1 agc if ((i + 1) < par->list_num) { 763 1.1 agc buf[cc++] = ','; 764 1.1 agc } 765 1.1 agc } 766 1.1 agc 767 1.5 mlelstv buf[cc] = 0x0; /* make sure it's terminated */ 768 1.1 agc return cc + 1; /* return next place in list */ 769 1.1 agc } 770 1.1 agc 771 1.1 agc 772 1.1 agc /* 773 1.1 agc * put_par_block: 774 1.1 agc * Fill a parameter block 775 1.1 agc * 776 1.1 agc * Parameter: 777 1.1 agc * buf The buffer pointer 778 1.1 agc * pars The parameter descriptor array 779 1.1 agc * n The number of elements 780 1.1 agc * 781 1.1 agc * Returns: result from put_parameter (ptr to buffer, NULL on error) 782 1.1 agc */ 783 1.1 agc 784 1.1 agc static __inline unsigned 785 1.1 agc put_par_block(uint8_t *buf, unsigned len, negotiation_parameter_t *pars, int n) 786 1.1 agc { 787 1.1 agc unsigned cc; 788 1.1 agc int i; 789 1.1 agc 790 1.1 agc for (cc = 0, i = 0; i < n; i++) { 791 1.1 agc cc += put_parameter(&buf[cc], len - cc, pars++); 792 1.1 agc if (cc >= len) { 793 1.1 agc break; 794 1.1 agc } 795 1.1 agc } 796 1.1 agc return cc; 797 1.1 agc } 798 1.1 agc 799 1.1 agc /* 800 1.1 agc * parameter_size: 801 1.1 agc * Determine the size of a key=value string. 802 1.1 agc * 803 1.1 agc * Parameter: 804 1.1 agc * par The parameter descriptor 805 1.1 agc * 806 1.1 agc * Returns: The size of the resulting string. 807 1.1 agc */ 808 1.1 agc 809 1.1 agc STATIC int 810 1.1 agc parameter_size(negotiation_parameter_t *par) 811 1.1 agc { 812 1.1 agc int i, size; 813 1.1 agc char buf[24]; /* max. 2 10-digit numbers + sep. */ 814 1.1 agc 815 1.1 agc if (par->key > MAX_KEY) { 816 1.1 agc return strlen(par->val.sval) + 15; 817 1.1 agc } 818 1.1 agc /* count '=' and terminal zero */ 819 1.1 agc size = strlen(entries[par->key].name) + 2; 820 1.1 agc 821 1.1 agc for (i = 0; i < par->list_num; i++) { 822 1.1 agc switch (entries[par->key].val) { 823 1.1 agc case T_NUM: 824 1.1 agc size += snprintf(buf, sizeof(buf), "%d", 825 1.1 agc par->val.nval[i]); 826 1.1 agc break; 827 1.1 agc 828 1.1 agc case T_BIGNUM: 829 1.1 agc /* list_num holds value size */ 830 1.5 mlelstv #ifdef ISCSI_HEXBIGNUMS 831 1.5 mlelstv size += 2 + 2*par->list_num; 832 1.5 mlelstv #else 833 1.1 agc size += base64_enclen(par->list_num); 834 1.5 mlelstv #endif 835 1.1 agc i = par->list_num; 836 1.1 agc break; 837 1.1 agc 838 1.1 agc case T_STRING: 839 1.1 agc case T_SENDT: 840 1.1 agc size += strlen(par->val.sval); 841 1.1 agc break; 842 1.1 agc 843 1.1 agc case T_YESNO: 844 1.1 agc size += (par->val.nval[i]) ? 3 : 2; 845 1.1 agc break; 846 1.1 agc 847 1.1 agc case T_AUTH: 848 1.1 agc size += (par->val.nval[i] == ISCSI_AUTH_SRP) ? 3 : 4; 849 1.1 agc break; 850 1.1 agc 851 1.1 agc case T_DIGEST: 852 1.1 agc size += (par->val.nval[i]) ? 6 : 4; 853 1.1 agc break; 854 1.1 agc 855 1.1 agc case T_RANGE: 856 1.1 agc assert((i + 1) < par->list_num); 857 1.1 agc size += snprintf(buf, sizeof(buf), "%d~%d", 858 1.1 agc par->val.nval[i], 859 1.1 agc par->val.nval[i + 1]); 860 1.1 agc i++; 861 1.1 agc break; 862 1.1 agc 863 1.1 agc case T_SESS: 864 1.1 agc size += (par->val.nval[i]) ? 6 : 9; 865 1.1 agc break; 866 1.1 agc 867 1.1 agc default: 868 1.1 agc /* We should't be here... */ 869 1.1 agc DEBOUT(("Invalid type %d in parameter_size!\n", 870 1.1 agc entries[par->key].val)); 871 1.1 agc break; 872 1.1 agc } 873 1.1 agc if ((i + 1) < par->list_num) { 874 1.1 agc size++; 875 1.1 agc } 876 1.1 agc } 877 1.1 agc 878 1.1 agc return size; 879 1.1 agc } 880 1.1 agc 881 1.1 agc 882 1.1 agc /* 883 1.1 agc * total_size: 884 1.1 agc * Determine the size of a negotiation data block 885 1.1 agc * 886 1.1 agc * Parameter: 887 1.1 agc * pars The parameter descriptor array 888 1.1 agc * n The number of elements 889 1.1 agc * 890 1.1 agc * Returns: The size of the block 891 1.1 agc */ 892 1.1 agc 893 1.1 agc static __inline int 894 1.1 agc total_size(negotiation_parameter_t *pars, int n) 895 1.1 agc { 896 1.1 agc int i, size; 897 1.1 agc 898 1.1 agc for (i = 0, size = 0; i < n; i++) { 899 1.1 agc size += parameter_size(pars++); 900 1.1 agc } 901 1.1 agc return size; 902 1.1 agc } 903 1.1 agc 904 1.1 agc /*****************************************************************************/ 905 1.1 agc 906 1.1 agc 907 1.1 agc /* 908 1.1 agc * complete_pars: 909 1.1 agc * Allocate space for text parameters, translate parameter values into 910 1.1 agc * text. 911 1.1 agc * 912 1.1 agc * Parameter: 913 1.1 agc * state Negotiation state 914 1.1 agc * pdu The transmit PDU 915 1.1 agc * 916 1.1 agc * Returns: 0 On success 917 1.1 agc * > 0 (an ISCSI error code) if an error occurred. 918 1.1 agc */ 919 1.1 agc 920 1.1 agc STATIC int 921 1.1 agc complete_pars(negotiation_state_t *state, pdu_t *pdu) 922 1.1 agc { 923 1.1 agc int len; 924 1.1 agc uint8_t *bp; 925 1.1 agc #ifdef ISCSI_TEST_MODE 926 1.1 agc test_pars_t *tp = pdu->connection->test_pars; 927 1.1 agc neg_desc_t *nd = NULL; 928 1.1 agc #endif 929 1.1 agc 930 1.1 agc len = total_size(state->pars, state->num_pars); 931 1.1 agc 932 1.1 agc #ifdef ISCSI_TEST_MODE 933 1.1 agc if (tp != NULL) { 934 1.1 agc while ((nd = TAILQ_FIRST(&pdu->connection->test_pars->negs)) != NULL && 935 1.1 agc nd->entry.state < state->auth_state) { 936 1.1 agc TAILQ_REMOVE(&tp->negs, nd, link); 937 1.1 agc free(nd, M_TEMP); 938 1.1 agc } 939 1.1 agc if (nd != NULL && nd->entry.state == state->auth_state) { 940 1.1 agc if (nd->entry.flags & ISCSITEST_NEGOPT_REPLACE) 941 1.1 agc len = 0; 942 1.1 agc len += nd->entry.size; 943 1.1 agc } else 944 1.1 agc nd = NULL; 945 1.1 agc } 946 1.1 agc #endif 947 1.1 agc 948 1.1 agc DEB(10, ("complete_pars: n=%d, len=%d\n", state->num_pars, len)); 949 1.1 agc 950 1.1 agc if ((bp = malloc(len, M_TEMP, M_WAITOK)) == NULL) { 951 1.1 agc DEBOUT(("*** Out of memory in complete_pars\n")); 952 1.1 agc return ISCSI_STATUS_NO_RESOURCES; 953 1.1 agc } 954 1.1 agc pdu->temp_data = bp; 955 1.1 agc 956 1.1 agc #ifdef ISCSI_TEST_MODE 957 1.1 agc if (nd == NULL || !(nd->entry.flags & ISCSITEST_NEGOPT_REPLACE)) 958 1.1 agc if ((bp = put_par_block(pdu->temp_data, len, 959 1.1 agc state->pars, state->num_pars)) == NULL) { 960 1.1 agc DEBOUT(("Bad parameter in complete_pars\n")); 961 1.1 agc return ISCSI_STATUS_PARAMETER_INVALID; 962 1.1 agc } 963 1.1 agc if (nd != NULL) { 964 1.1 agc memcpy(bp, nd->entry.value, nd->entry.size); 965 1.1 agc TAILQ_REMOVE(&tp->negs, nd, link); 966 1.1 agc free(nd, M_TEMP); 967 1.1 agc } 968 1.1 agc #else 969 1.1 agc if (put_par_block(pdu->temp_data, len, state->pars, 970 1.1 agc state->num_pars) == 0) { 971 1.1 agc DEBOUT(("Bad parameter in complete_pars\n")); 972 1.1 agc return ISCSI_STATUS_PARAMETER_INVALID; 973 1.1 agc } 974 1.1 agc #endif 975 1.1 agc 976 1.1 agc pdu->temp_data_len = len; 977 1.1 agc return 0; 978 1.1 agc } 979 1.1 agc 980 1.1 agc 981 1.1 agc /* 982 1.1 agc * set_key_n: 983 1.1 agc * Initialize a key and its numeric value. 984 1.1 agc * 985 1.1 agc * Parameter: 986 1.1 agc * state Negotiation state 987 1.1 agc * key The key 988 1.1 agc * val The value 989 1.1 agc */ 990 1.1 agc 991 1.1 agc STATIC negotiation_parameter_t * 992 1.1 agc set_key_n(negotiation_state_t *state, text_key_t key, uint32_t val) 993 1.1 agc { 994 1.1 agc negotiation_parameter_t *par; 995 1.1 agc 996 1.1 agc if (state->num_pars >= MAX_NEG) { 997 1.1 agc DEBOUT(("set_key_n: num_pars (%d) >= MAX_NEG (%d)\n", 998 1.1 agc state->num_pars, MAX_NEG)); 999 1.1 agc return NULL; 1000 1.1 agc } 1001 1.1 agc par = &state->pars[state->num_pars]; 1002 1.1 agc par->key = key; 1003 1.1 agc par->list_num = 1; 1004 1.1 agc par->val.nval[0] = val; 1005 1.1 agc state->num_pars++; 1006 1.1 agc state->kflags[key] |= NS_SENT; 1007 1.1 agc 1008 1.1 agc return par; 1009 1.1 agc } 1010 1.1 agc 1011 1.1 agc /* 1012 1.1 agc * set_key_s: 1013 1.1 agc * Initialize a key and its string value. 1014 1.1 agc * 1015 1.1 agc * Parameter: 1016 1.1 agc * state Negotiation state 1017 1.1 agc * key The key 1018 1.1 agc * val The value 1019 1.1 agc */ 1020 1.1 agc 1021 1.1 agc STATIC negotiation_parameter_t * 1022 1.1 agc set_key_s(negotiation_state_t *state, text_key_t key, uint8_t *val) 1023 1.1 agc { 1024 1.1 agc negotiation_parameter_t *par; 1025 1.1 agc 1026 1.1 agc if (state->num_pars >= MAX_NEG) { 1027 1.1 agc DEBOUT(("set_key_s: num_pars (%d) >= MAX_NEG (%d)\n", 1028 1.1 agc state->num_pars, MAX_NEG)); 1029 1.1 agc return NULL; 1030 1.1 agc } 1031 1.1 agc par = &state->pars[state->num_pars]; 1032 1.1 agc par->key = key; 1033 1.1 agc par->list_num = 1; 1034 1.1 agc par->val.sval = val; 1035 1.1 agc state->num_pars++; 1036 1.1 agc state->kflags[key] |= NS_SENT; 1037 1.1 agc 1038 1.1 agc return par; 1039 1.1 agc } 1040 1.1 agc 1041 1.1 agc 1042 1.1 agc /*****************************************************************************/ 1043 1.1 agc 1044 1.1 agc /* 1045 1.1 agc * eval_parameter: 1046 1.1 agc * Evaluate a received negotiation value. 1047 1.1 agc * 1048 1.1 agc * Parameter: 1049 1.1 agc * conn The connection 1050 1.1 agc * state The negotiation state 1051 1.1 agc * par The parameter 1052 1.1 agc * 1053 1.1 agc * Returns: 0 on success, else an ISCSI status value. 1054 1.1 agc */ 1055 1.1 agc 1056 1.1 agc STATIC int 1057 1.1 agc eval_parameter(connection_t *conn, negotiation_state_t *state, 1058 1.1 agc negotiation_parameter_t *par) 1059 1.1 agc { 1060 1.1 agc uint32_t n = par->val.nval[0]; 1061 1.1 agc size_t sz; 1062 1.1 agc text_key_t key = par->key; 1063 1.1 agc bool sent = (state->kflags[key] & NS_SENT) != 0; 1064 1.1 agc 1065 1.1 agc state->kflags[key] |= NS_RECEIVED; 1066 1.1 agc 1067 1.1 agc switch (key) { 1068 1.1 agc /* 1069 1.1 agc * keys connected to security negotiation 1070 1.1 agc */ 1071 1.1 agc case K_AuthMethod: 1072 1.1 agc if (n) { 1073 1.1 agc DEBOUT(("eval_par: AuthMethod nonzero (%d)\n", n)); 1074 1.1 agc return ISCSI_STATUS_NEGOTIATION_ERROR; 1075 1.1 agc } 1076 1.1 agc break; 1077 1.1 agc 1078 1.1 agc case K_Auth_CHAP_Algorithm: 1079 1.1 agc case K_Auth_CHAP_Challenge: 1080 1.1 agc case K_Auth_CHAP_Identifier: 1081 1.1 agc case K_Auth_CHAP_Name: 1082 1.1 agc case K_Auth_CHAP_Response: 1083 1.1 agc DEBOUT(("eval_par: Authorization Key in Operational Phase\n")); 1084 1.1 agc return ISCSI_STATUS_NEGOTIATION_ERROR; 1085 1.1 agc 1086 1.1 agc /* 1087 1.1 agc * keys we always send 1088 1.1 agc */ 1089 1.1 agc case K_DataDigest: 1090 1.1 agc state->DataDigest = n; 1091 1.1 agc if (!sent) 1092 1.1 agc set_key_n(state, key, n); 1093 1.1 agc break; 1094 1.1 agc 1095 1.1 agc case K_HeaderDigest: 1096 1.1 agc state->HeaderDigest = n; 1097 1.1 agc if (!sent) 1098 1.1 agc set_key_n(state, key, n); 1099 1.1 agc break; 1100 1.1 agc 1101 1.1 agc case K_ErrorRecoveryLevel: 1102 1.1 agc state->ErrorRecoveryLevel = n; 1103 1.1 agc if (!sent) 1104 1.1 agc set_key_n(state, key, n); 1105 1.1 agc break; 1106 1.1 agc 1107 1.1 agc case K_ImmediateData: 1108 1.1 agc state->ImmediateData = n; 1109 1.1 agc if (!sent) 1110 1.1 agc set_key_n(state, key, n); 1111 1.1 agc break; 1112 1.1 agc 1113 1.1 agc case K_InitialR2T: 1114 1.1 agc state->InitialR2T = n; 1115 1.1 agc if (!sent) 1116 1.1 agc set_key_n(state, key, n); 1117 1.1 agc break; 1118 1.1 agc 1119 1.1 agc case K_MaxRecvDataSegmentLength: 1120 1.1 agc state->MaxRecvDataSegmentLength = n; 1121 1.1 agc /* this is basically declarative, not negotiated */ 1122 1.1 agc /* (each side has its own value) */ 1123 1.1 agc break; 1124 1.1 agc 1125 1.1 agc /* 1126 1.1 agc * keys we don't always send, so we may have to reflect the value 1127 1.1 agc */ 1128 1.1 agc case K_DefaultTime2Retain: 1129 1.1 agc state->DefaultTime2Retain = n = min(state->DefaultTime2Retain, n); 1130 1.1 agc if (!sent) 1131 1.1 agc set_key_n(state, key, n); 1132 1.1 agc break; 1133 1.1 agc 1134 1.1 agc case K_DefaultTime2Wait: 1135 1.1 agc state->DefaultTime2Wait = n = min(state->DefaultTime2Wait, n); 1136 1.1 agc if (!sent) 1137 1.1 agc set_key_n(state, key, n); 1138 1.1 agc break; 1139 1.1 agc 1140 1.1 agc case K_MaxConnections: 1141 1.1 agc if (state->MaxConnections) 1142 1.1 agc state->MaxConnections = n = min(state->MaxConnections, n); 1143 1.1 agc else 1144 1.1 agc state->MaxConnections = n; 1145 1.1 agc 1146 1.1 agc if (!sent) 1147 1.1 agc set_key_n(state, key, n); 1148 1.1 agc break; 1149 1.1 agc 1150 1.1 agc case K_MaxOutstandingR2T: 1151 1.1 agc state->MaxOutstandingR2T = n; 1152 1.1 agc if (!sent) 1153 1.1 agc set_key_n(state, key, n); 1154 1.1 agc break; 1155 1.1 agc 1156 1.1 agc case K_FirstBurstLength: 1157 1.1 agc state->FirstBurstLength = n; 1158 1.1 agc if (!sent) 1159 1.1 agc set_key_n(state, key, n); 1160 1.1 agc break; 1161 1.1 agc 1162 1.1 agc case K_MaxBurstLength: 1163 1.1 agc state->MaxBurstLength = n; 1164 1.1 agc if (!sent) 1165 1.1 agc set_key_n(state, key, n); 1166 1.1 agc break; 1167 1.1 agc 1168 1.1 agc case K_IFMarker: 1169 1.1 agc case K_OFMarker: 1170 1.1 agc /* not (yet) supported */ 1171 1.1 agc if (!sent) 1172 1.1 agc set_key_n(state, key, 0); 1173 1.1 agc break; 1174 1.1 agc 1175 1.1 agc case K_IFMarkInt: 1176 1.1 agc case K_OFMarkInt: 1177 1.1 agc /* it's a range, and list_num will be 1, so this will reply "Reject" */ 1178 1.1 agc if (!sent) 1179 1.1 agc set_key_n(state, key, 0); 1180 1.1 agc break; 1181 1.1 agc 1182 1.1 agc case K_DataPDUInOrder: 1183 1.1 agc case K_DataSequenceInOrder: 1184 1.1 agc /* values are don't care */ 1185 1.1 agc if (!sent) 1186 1.1 agc set_key_n(state, key, n); 1187 1.1 agc break; 1188 1.1 agc 1189 1.1 agc case K_NotUnderstood: 1190 1.1 agc /* return "NotUnderstood" */ 1191 1.1 agc set_key_s(state, key, par->val.sval); 1192 1.1 agc break; 1193 1.1 agc 1194 1.1 agc /* 1195 1.1 agc * Declarative keys (no response required) 1196 1.1 agc */ 1197 1.1 agc case K_TargetAddress: 1198 1.1 agc /* ignore for now... */ 1199 1.1 agc break; 1200 1.1 agc 1201 1.1 agc case K_TargetAlias: 1202 1.1 agc if (conn->login_par->is_present.TargetAlias) { 1203 1.1 agc copyoutstr(par->val.sval, conn->login_par->TargetAlias, 1204 1.1 agc ISCSI_STRING_LENGTH - 1, &sz); 1205 1.1 agc /* do anything with return code?? */ 1206 1.1 agc } 1207 1.1 agc break; 1208 1.1 agc 1209 1.1 agc case K_TargetPortalGroupTag: 1210 1.1 agc /* ignore for now... */ 1211 1.1 agc break; 1212 1.1 agc 1213 1.1 agc default: 1214 1.1 agc DEBOUT(("eval_par: Invalid parameter type %d\n", par->key)); 1215 1.1 agc return ISCSI_STATUS_NEGOTIATION_ERROR; 1216 1.1 agc } 1217 1.1 agc return 0; 1218 1.1 agc } 1219 1.1 agc 1220 1.1 agc /*****************************************************************************/ 1221 1.1 agc 1222 1.1 agc 1223 1.1 agc /* 1224 1.1 agc * init_session_parameters: 1225 1.1 agc * Initialize session-related negotiation parameters from existing session 1226 1.1 agc * 1227 1.1 agc * Parameter: 1228 1.1 agc * sess The session 1229 1.1 agc * state The negotiation state 1230 1.1 agc */ 1231 1.1 agc 1232 1.1 agc STATIC void 1233 1.1 agc init_session_parameters(session_t *sess, negotiation_state_t *state) 1234 1.1 agc { 1235 1.1 agc 1236 1.1 agc state->ErrorRecoveryLevel = sess->ErrorRecoveryLevel; 1237 1.1 agc state->InitialR2T = sess->InitialR2T; 1238 1.1 agc state->ImmediateData = sess->ImmediateData; 1239 1.1 agc state->MaxConnections = sess->MaxConnections; 1240 1.1 agc state->DefaultTime2Wait = sess->DefaultTime2Wait; 1241 1.1 agc state->DefaultTime2Retain = sess->DefaultTime2Retain; 1242 1.1 agc state->MaxBurstLength = sess->MaxBurstLength; 1243 1.1 agc state->FirstBurstLength = sess->FirstBurstLength; 1244 1.1 agc state->MaxOutstandingR2T = sess->MaxOutstandingR2T; 1245 1.1 agc } 1246 1.1 agc 1247 1.1 agc 1248 1.1 agc 1249 1.1 agc /* 1250 1.1 agc * assemble_login_parameters: 1251 1.1 agc * Assemble the initial login negotiation parameters. 1252 1.1 agc * 1253 1.1 agc * Parameter: 1254 1.1 agc * conn The connection 1255 1.1 agc * ccb The CCB for the login exchange 1256 1.1 agc * pdu The PDU to use for sending 1257 1.1 agc * 1258 1.1 agc * Returns: < 0 if more security negotiation is required 1259 1.1 agc * 0 if this is the last security negotiation block 1260 1.1 agc * > 0 (an ISCSI error code) if an error occurred. 1261 1.1 agc */ 1262 1.1 agc 1263 1.1 agc int 1264 1.1 agc assemble_login_parameters(connection_t *conn, ccb_t *ccb, pdu_t *pdu) 1265 1.1 agc { 1266 1.1 agc iscsi_login_parameters_t *par = conn->login_par; 1267 1.1 agc size_t sz; 1268 1.1 agc int rc, i, next; 1269 1.1 agc negotiation_state_t *state; 1270 1.1 agc negotiation_parameter_t *cpar; 1271 1.1 agc 1272 1.1 agc state = malloc(sizeof(*state), M_TEMP, M_WAITOK | M_ZERO); 1273 1.1 agc if (state == NULL) { 1274 1.1 agc DEBOUT(("*** Out of memory in assemble_login_params\n")); 1275 1.1 agc return ISCSI_STATUS_NO_RESOURCES; 1276 1.1 agc } 1277 1.1 agc ccb->temp_data = state; 1278 1.1 agc 1279 1.6 mlelstv if (!iscsi_InitiatorName[0]) { 1280 1.1 agc DEBOUT(("No InitiatorName\n")); 1281 1.1 agc return ISCSI_STATUS_PARAMETER_MISSING; 1282 1.1 agc } 1283 1.6 mlelstv set_key_s(state, K_InitiatorName, iscsi_InitiatorName); 1284 1.1 agc 1285 1.6 mlelstv if (iscsi_InitiatorAlias[0]) 1286 1.6 mlelstv set_key_s(state, K_InitiatorAlias, iscsi_InitiatorAlias); 1287 1.1 agc 1288 1.1 agc conn->Our_MaxRecvDataSegmentLength = 1289 1.1 agc (par->is_present.MaxRecvDataSegmentLength) 1290 1.1 agc ? par->MaxRecvDataSegmentLength : DEFAULT_MaxRecvDataSegmentLength; 1291 1.1 agc 1292 1.1 agc /* setup some values for authentication */ 1293 1.1 agc if (par->is_present.password) 1294 1.1 agc copyinstr(par->password, state->password, MAX_STRING, &sz); 1295 1.1 agc if (par->is_present.target_password) 1296 1.1 agc copyinstr(par->target_password, state->target_password, 1297 1.1 agc MAX_STRING, &sz); 1298 1.1 agc if (par->is_present.user_name) 1299 1.1 agc copyinstr(par->user_name, state->user_name, MAX_STRING, &sz); 1300 1.1 agc else 1301 1.6 mlelstv strlcpy(state->user_name, iscsi_InitiatorName, 1302 1.1 agc sizeof(state->user_name)); 1303 1.1 agc 1304 1.1 agc next = TRUE; 1305 1.1 agc 1306 1.1 agc set_key_n(state, K_SessionType, 1307 1.1 agc par->login_type > ISCSI_LOGINTYPE_DISCOVERY); 1308 1.1 agc 1309 1.1 agc cpar = set_key_n(state, K_AuthMethod, ISCSI_AUTH_None); 1310 1.1 agc 1311 1.1 agc if (cpar != NULL && par->is_present.auth_info && 1312 1.1 agc par->auth_info.auth_number > 0) { 1313 1.1 agc if (par->auth_info.auth_number > ISCSI_AUTH_OPTIONS) { 1314 1.1 agc DEBOUT(("Auth number too big in asm_login\n")); 1315 1.1 agc return ISCSI_STATUS_PARAMETER_INVALID; 1316 1.1 agc } 1317 1.1 agc cpar->list_num = par->auth_info.auth_number; 1318 1.1 agc for (i = 0; i < cpar->list_num; i++) { 1319 1.1 agc cpar->val.nval[i] = par->auth_info.auth_type[i]; 1320 1.1 agc if (par->auth_info.auth_type[i]) 1321 1.1 agc next = FALSE; 1322 1.1 agc } 1323 1.1 agc } 1324 1.1 agc 1325 1.1 agc if (par->is_present.TargetName) 1326 1.1 agc copyinstr(par->TargetName, state->temp_buf, ISCSI_STRING_LENGTH - 1, 1327 1.1 agc &sz); 1328 1.1 agc else { 1329 1.1 agc state->temp_buf[0] = 0; 1330 1.1 agc sz = 0; 1331 1.1 agc } 1332 1.1 agc 1333 1.1 agc if ((!sz || !state->temp_buf[0]) && 1334 1.1 agc par->login_type != ISCSI_LOGINTYPE_DISCOVERY) { 1335 1.1 agc DEBOUT(("No TargetName\n")); 1336 1.1 agc return ISCSI_STATUS_PARAMETER_MISSING; 1337 1.1 agc } 1338 1.1 agc 1339 1.1 agc if (state->temp_buf[0]) { 1340 1.1 agc set_key_s(state, K_TargetName, state->temp_buf); 1341 1.1 agc } 1342 1.1 agc 1343 1.1 agc if ((rc = complete_pars(state, pdu)) != 0) 1344 1.1 agc return rc; 1345 1.1 agc 1346 1.1 agc return (next) ? 0 : -1; 1347 1.1 agc } 1348 1.1 agc 1349 1.1 agc 1350 1.1 agc /* 1351 1.1 agc * assemble_security_parameters: 1352 1.1 agc * Assemble the security negotiation parameters. 1353 1.1 agc * 1354 1.1 agc * Parameter: 1355 1.1 agc * conn The connection 1356 1.1 agc * rx_pdu The received login response PDU 1357 1.1 agc * tx_pdu The transmit PDU 1358 1.1 agc * 1359 1.1 agc * Returns: < 0 if more security negotiation is required 1360 1.1 agc * 0 if this is the last security negotiation block 1361 1.1 agc * > 0 (an ISCSI error code) if an error occurred. 1362 1.1 agc */ 1363 1.1 agc 1364 1.1 agc int 1365 1.1 agc assemble_security_parameters(connection_t *conn, ccb_t *ccb, pdu_t *rx_pdu, 1366 1.1 agc pdu_t *tx_pdu) 1367 1.1 agc { 1368 1.1 agc negotiation_state_t *state = (negotiation_state_t *) ccb->temp_data; 1369 1.1 agc iscsi_login_parameters_t *par = conn->login_par; 1370 1.1 agc negotiation_parameter_t rxp, *cpar; 1371 1.1 agc uint8_t *rxpars; 1372 1.1 agc int rc, next; 1373 1.1 agc uint8_t identifier = 0; 1374 1.1 agc uint8_t *challenge = NULL; 1375 1.1 agc int challenge_size = 0; 1376 1.1 agc uint8_t *response = NULL; 1377 1.1 agc int response_size = 0; 1378 1.1 agc 1379 1.1 agc state->num_pars = 0; 1380 1.1 agc next = 0; 1381 1.1 agc 1382 1.1 agc rxpars = (uint8_t *) rx_pdu->temp_data; 1383 1.1 agc if (rxpars == NULL) { 1384 1.1 agc DEBOUT(("No received parameters!\n")); 1385 1.1 agc return ISCSI_STATUS_NEGOTIATION_ERROR; 1386 1.1 agc } 1387 1.1 agc /* Note: There are always at least 2 extra bytes past temp_data_len */ 1388 1.1 agc rxpars[rx_pdu->temp_data_len] = '\0'; 1389 1.1 agc rxpars[rx_pdu->temp_data_len + 1] = '\0'; 1390 1.1 agc 1391 1.1 agc while (*rxpars) { 1392 1.1 agc if ((rxpars = get_parameter(rxpars, &rxp)) == NULL) { 1393 1.1 agc DEBOUT(("get_parameter returned error\n")); 1394 1.1 agc return ISCSI_STATUS_NEGOTIATION_ERROR; 1395 1.1 agc } 1396 1.1 agc 1397 1.1 agc state->kflags[rxp.key] |= NS_RECEIVED; 1398 1.1 agc 1399 1.1 agc switch (rxp.key) { 1400 1.1 agc case K_AuthMethod: 1401 1.1 agc if (state->auth_state != AUTH_INITIAL) { 1402 1.1 agc DEBOUT(("AuthMethod received, auth_state = %d\n", 1403 1.1 agc state->auth_state)); 1404 1.1 agc return ISCSI_STATUS_NEGOTIATION_ERROR; 1405 1.1 agc } 1406 1.1 agc 1407 1.1 agc /* Note: if the selection is None, we shouldn't be here, 1408 1.1 agc * the target should have transited the state to op-neg. 1409 1.1 agc */ 1410 1.1 agc if (rxp.val.nval[0] != ISCSI_AUTH_CHAP) { 1411 1.1 agc DEBOUT(("AuthMethod isn't CHAP (%d)\n", rxp.val.nval[0])); 1412 1.1 agc return ISCSI_STATUS_NEGOTIATION_ERROR; 1413 1.1 agc } 1414 1.1 agc 1415 1.1 agc state->auth_state = AUTH_METHOD_SELECTED; 1416 1.1 agc state->auth_alg = rxp.val.nval[0]; 1417 1.1 agc break; 1418 1.1 agc 1419 1.1 agc case K_Auth_CHAP_Algorithm: 1420 1.1 agc if (state->auth_state != AUTH_CHAP_ALG_SENT || 1421 1.1 agc rxp.val.nval[0] != 5) { 1422 1.1 agc DEBOUT(("Bad algorithm, auth_state = %d, alg %d\n", 1423 1.1 agc state->auth_state, rxp.val.nval[0])); 1424 1.1 agc return ISCSI_STATUS_NEGOTIATION_ERROR; 1425 1.1 agc } 1426 1.1 agc break; 1427 1.1 agc 1428 1.1 agc case K_Auth_CHAP_Challenge: 1429 1.1 agc if (state->auth_state != AUTH_CHAP_ALG_SENT || !rxp.list_num) { 1430 1.1 agc DEBOUT(("Bad Challenge, auth_state = %d, len %d\n", 1431 1.1 agc state->auth_state, rxp.list_num)); 1432 1.1 agc return ISCSI_STATUS_NEGOTIATION_ERROR; 1433 1.1 agc } 1434 1.1 agc challenge = rxp.val.sval; 1435 1.1 agc challenge_size = rxp.list_num; 1436 1.1 agc break; 1437 1.1 agc 1438 1.1 agc case K_Auth_CHAP_Identifier: 1439 1.1 agc if (state->auth_state != AUTH_CHAP_ALG_SENT) { 1440 1.1 agc DEBOUT(("Bad ID, auth_state = %d, id %d\n", 1441 1.1 agc state->auth_state, rxp.val.nval[0])); 1442 1.1 agc return ISCSI_STATUS_NEGOTIATION_ERROR; 1443 1.1 agc } 1444 1.1 agc identifier = (uint8_t) rxp.val.nval[0]; 1445 1.1 agc break; 1446 1.1 agc 1447 1.1 agc case K_Auth_CHAP_Name: 1448 1.1 agc if (state->auth_state != AUTH_CHAP_RSP_SENT) { 1449 1.1 agc DEBOUT(("Bad Name, auth_state = %d, name <%s>\n", 1450 1.1 agc state->auth_state, rxp.val.sval)); 1451 1.1 agc return ISCSI_STATUS_NEGOTIATION_ERROR; 1452 1.1 agc } 1453 1.1 agc /* what do we do with the name?? */ 1454 1.1 agc break; 1455 1.1 agc 1456 1.1 agc case K_Auth_CHAP_Response: 1457 1.1 agc if (state->auth_state != AUTH_CHAP_RSP_SENT) { 1458 1.1 agc DEBOUT(("Bad Response, auth_state = %d, size %d\n", 1459 1.1 agc state->auth_state, rxp.list_num)); 1460 1.1 agc return ISCSI_STATUS_NEGOTIATION_ERROR; 1461 1.1 agc } 1462 1.1 agc response = rxp.val.sval; 1463 1.1 agc response_size = rxp.list_num; 1464 1.1 agc if (response_size != CHAP_MD5_SIZE) 1465 1.1 agc return ISCSI_STATUS_NEGOTIATION_ERROR; 1466 1.1 agc break; 1467 1.1 agc 1468 1.1 agc default: 1469 1.1 agc rc = eval_parameter(conn, state, &rxp); 1470 1.1 agc if (rc) 1471 1.1 agc return rc; 1472 1.1 agc break; 1473 1.1 agc } 1474 1.1 agc } 1475 1.1 agc 1476 1.1 agc switch (state->auth_state) { 1477 1.1 agc case AUTH_INITIAL: 1478 1.1 agc DEBOUT(("Didn't receive Method\n")); 1479 1.1 agc return ISCSI_STATUS_NEGOTIATION_ERROR; 1480 1.1 agc 1481 1.1 agc case AUTH_METHOD_SELECTED: 1482 1.1 agc set_key_n(state, K_Auth_CHAP_Algorithm, 5); 1483 1.1 agc state->auth_state = AUTH_CHAP_ALG_SENT; 1484 1.1 agc next = -1; 1485 1.1 agc break; 1486 1.1 agc 1487 1.1 agc case AUTH_CHAP_ALG_SENT: 1488 1.1 agc if (!RX(state, K_Auth_CHAP_Algorithm) || 1489 1.1 agc !RX(state, K_Auth_CHAP_Identifier) || 1490 1.1 agc !RX(state, K_Auth_CHAP_Challenge)) { 1491 1.1 agc DEBOUT(("Didn't receive all parameters\n")); 1492 1.1 agc return ISCSI_STATUS_NEGOTIATION_ERROR; 1493 1.1 agc } 1494 1.1 agc 1495 1.1 agc set_key_s(state, K_Auth_CHAP_Name, state->user_name); 1496 1.1 agc 1497 1.1 agc chap_md5_response(state->temp_buf, identifier, state->password, 1498 1.1 agc challenge, challenge_size); 1499 1.1 agc 1500 1.1 agc cpar = set_key_s(state, K_Auth_CHAP_Response, state->temp_buf); 1501 1.1 agc if (cpar != NULL) 1502 1.1 agc cpar->list_num = CHAP_MD5_SIZE; 1503 1.1 agc 1504 1.1 agc if (par->auth_info.mutual_auth) { 1505 1.1 agc if (!state->target_password[0]) { 1506 1.1 agc DEBOUT(("No target password with mutual authentication!\n")); 1507 1.1 agc return ISCSI_STATUS_PARAMETER_MISSING; 1508 1.1 agc } 1509 1.1 agc 1510 1.2 tls cprng_strong(kern_cprng, 1511 1.2 tls &state->temp_buf[CHAP_MD5_SIZE], 1512 1.3 tls CHAP_CHALLENGE_LEN + 1, 0); 1513 1.1 agc set_key_n(state, K_Auth_CHAP_Identifier, 1514 1.1 agc state->temp_buf[CHAP_MD5_SIZE]); 1515 1.1 agc cpar = set_key_s(state, K_Auth_CHAP_Challenge, 1516 1.1 agc &state->temp_buf[CHAP_MD5_SIZE + 1]); 1517 1.1 agc if (cpar != NULL) 1518 1.1 agc cpar->list_num = CHAP_CHALLENGE_LEN; 1519 1.1 agc next = -1; 1520 1.1 agc } 1521 1.1 agc state->auth_state = AUTH_CHAP_RSP_SENT; 1522 1.1 agc break; 1523 1.1 agc 1524 1.1 agc case AUTH_CHAP_RSP_SENT: 1525 1.1 agc /* we can only be here for mutual authentication */ 1526 1.1 agc if (!par->auth_info.mutual_auth || response == NULL) { 1527 1.1 agc DEBOUT(("Mutual authentication not requested\n")); 1528 1.1 agc return ISCSI_STATUS_NEGOTIATION_ERROR; 1529 1.1 agc } 1530 1.1 agc 1531 1.1 agc chap_md5_response(state->temp_buf, 1532 1.1 agc state->temp_buf[CHAP_MD5_SIZE], 1533 1.1 agc state->password, 1534 1.1 agc &state->temp_buf[CHAP_MD5_SIZE + 1], 1535 1.1 agc CHAP_CHALLENGE_LEN); 1536 1.1 agc 1537 1.1 agc if (memcmp(state->temp_buf, response, response_size)) { 1538 1.1 agc DEBOUT(("Mutual authentication mismatch\n")); 1539 1.1 agc return ISCSI_STATUS_AUTHENTICATION_FAILED; 1540 1.1 agc } 1541 1.1 agc break; 1542 1.1 agc 1543 1.1 agc default: 1544 1.1 agc break; 1545 1.1 agc } 1546 1.1 agc 1547 1.1 agc complete_pars(state, tx_pdu); 1548 1.1 agc 1549 1.1 agc return next; 1550 1.1 agc } 1551 1.1 agc 1552 1.1 agc 1553 1.1 agc /* 1554 1.1 agc * set_first_opnegs: 1555 1.1 agc * Set the operational negotiation parameters we want to negotiate in 1556 1.1 agc * the first login request in op_neg phase. 1557 1.1 agc * 1558 1.1 agc * Parameter: 1559 1.1 agc * conn The connection 1560 1.1 agc * state Negotiation state 1561 1.1 agc */ 1562 1.1 agc 1563 1.1 agc STATIC void 1564 1.1 agc set_first_opnegs(connection_t *conn, negotiation_state_t *state) 1565 1.1 agc { 1566 1.1 agc iscsi_login_parameters_t *lpar = conn->login_par; 1567 1.1 agc negotiation_parameter_t *cpar; 1568 1.1 agc 1569 1.1 agc /* Digests - suggest None,CRC32C unless the user forces a value */ 1570 1.1 agc cpar = set_key_n(state, K_HeaderDigest, 1571 1.1 agc (lpar->is_present.HeaderDigest) ? lpar->HeaderDigest : 0); 1572 1.1 agc if (cpar != NULL && !lpar->is_present.HeaderDigest) { 1573 1.1 agc cpar->list_num = 2; 1574 1.1 agc cpar->val.nval[1] = 1; 1575 1.1 agc } 1576 1.1 agc 1577 1.1 agc cpar = set_key_n(state, K_DataDigest, (lpar->is_present.DataDigest) 1578 1.1 agc ? lpar->DataDigest : 0); 1579 1.1 agc if (cpar != NULL && !lpar->is_present.DataDigest) { 1580 1.1 agc cpar->list_num = 2; 1581 1.1 agc cpar->val.nval[1] = 1; 1582 1.1 agc } 1583 1.1 agc 1584 1.1 agc set_key_n(state, K_MaxRecvDataSegmentLength, 1585 1.1 agc conn->Our_MaxRecvDataSegmentLength); 1586 1.1 agc /* This is direction-specific, we may have a different default */ 1587 1.1 agc state->MaxRecvDataSegmentLength = 1588 1.1 agc entries[K_MaxRecvDataSegmentLength].defval; 1589 1.1 agc 1590 1.1 agc /* First connection only */ 1591 1.1 agc if (!conn->session->TSIH) { 1592 1.1 agc state->ErrorRecoveryLevel = 1593 1.1 agc (lpar->is_present.ErrorRecoveryLevel) ? lpar->ErrorRecoveryLevel 1594 1.1 agc : 2; 1595 1.1 agc /* 1596 1.1 agc Negotiate InitialR2T to FALSE and ImmediateData to TRUE, should 1597 1.1 agc be slightly more efficient than the default InitialR2T=TRUE. 1598 1.1 agc */ 1599 1.1 agc state->InitialR2T = FALSE; 1600 1.1 agc state->ImmediateData = TRUE; 1601 1.1 agc 1602 1.1 agc /* We don't really care about this, so don't negotiate by default */ 1603 1.1 agc state->MaxBurstLength = entries[K_MaxBurstLength].defval; 1604 1.1 agc state->FirstBurstLength = entries[K_FirstBurstLength].defval; 1605 1.1 agc state->MaxOutstandingR2T = entries[K_MaxOutstandingR2T].defval; 1606 1.1 agc 1607 1.1 agc #ifdef ISCSI_TEST_MODE 1608 1.1 agc if (conn->test_pars != NULL) { 1609 1.1 agc test_pars_t *tp = conn->test_pars; 1610 1.1 agc 1611 1.1 agc if (tp->options & ISCSITEST_OVERRIDE_INITIALR2T) 1612 1.1 agc state->InitialR2T = TRUE; 1613 1.1 agc if (tp->options & ISCSITEST_OVERRIDE_IMMDATA) 1614 1.1 agc state->ImmediateData = FALSE; 1615 1.1 agc 1616 1.1 agc if (tp->options & ISCSITEST_NEGOTIATE_MAXBURST) { 1617 1.1 agc state->MaxBurstLength = tp->maxburst_val; 1618 1.1 agc set_key_n(state, K_MaxBurstLength, state->MaxBurstLength); 1619 1.1 agc } 1620 1.1 agc if (tp->options & ISCSITEST_NEGOTIATE_FIRSTBURST) { 1621 1.1 agc state->FirstBurstLength = tp->firstburst_val; 1622 1.1 agc set_key_n(state, K_FirstBurstLength, state->FirstBurstLength); 1623 1.1 agc } 1624 1.1 agc if (tp->options & ISCSITEST_NEGOTIATE_R2T) { 1625 1.1 agc state->MaxOutstandingR2T = tp->r2t_val; 1626 1.1 agc set_key_n(state, K_MaxOutstandingR2T, state->MaxOutstandingR2T); 1627 1.1 agc } 1628 1.1 agc } 1629 1.1 agc #endif 1630 1.1 agc 1631 1.1 agc set_key_n(state, K_ErrorRecoveryLevel, state->ErrorRecoveryLevel); 1632 1.1 agc set_key_n(state, K_InitialR2T, state->InitialR2T); 1633 1.1 agc set_key_n(state, K_ImmediateData, state->ImmediateData); 1634 1.1 agc 1635 1.1 agc if (lpar->is_present.MaxConnections) { 1636 1.1 agc state->MaxConnections = lpar->MaxConnections; 1637 1.1 agc set_key_n(state, K_MaxConnections, lpar->MaxConnections); 1638 1.1 agc } 1639 1.1 agc 1640 1.1 agc if (lpar->is_present.DefaultTime2Wait) 1641 1.1 agc set_key_n(state, K_DefaultTime2Wait, lpar->DefaultTime2Wait); 1642 1.1 agc else 1643 1.1 agc state->DefaultTime2Wait = entries[K_DefaultTime2Wait].defval; 1644 1.1 agc 1645 1.1 agc if (lpar->is_present.DefaultTime2Retain) 1646 1.1 agc set_key_n(state, K_DefaultTime2Retain, lpar->DefaultTime2Retain); 1647 1.1 agc else 1648 1.1 agc state->DefaultTime2Retain = entries[K_DefaultTime2Retain].defval; 1649 1.1 agc } else 1650 1.1 agc init_session_parameters(conn->session, state); 1651 1.1 agc 1652 1.1 agc DEBC(conn, 10, ("SetFirstOpnegs: recover=%d, MRDSL=%d\n", 1653 1.1 agc conn->recover, state->MaxRecvDataSegmentLength)); 1654 1.1 agc } 1655 1.1 agc 1656 1.1 agc 1657 1.1 agc /* 1658 1.1 agc * assemble_negotiation_parameters: 1659 1.1 agc * Assemble any negotiation parameters requested by the other side. 1660 1.1 agc * 1661 1.1 agc * Parameter: 1662 1.1 agc * conn The connection 1663 1.1 agc * ccb The login ccb 1664 1.1 agc * rx_pdu The received login response PDU 1665 1.1 agc * tx_pdu The transmit PDU 1666 1.1 agc * 1667 1.1 agc * Returns: 0 On success 1668 1.1 agc * > 0 (an ISCSI error code) if an error occurred. 1669 1.1 agc */ 1670 1.1 agc 1671 1.1 agc int 1672 1.1 agc assemble_negotiation_parameters(connection_t *conn, ccb_t *ccb, pdu_t *rx_pdu, 1673 1.1 agc pdu_t *tx_pdu) 1674 1.1 agc { 1675 1.1 agc negotiation_state_t *state = (negotiation_state_t *) ccb->temp_data; 1676 1.1 agc negotiation_parameter_t rxp; 1677 1.1 agc uint8_t *rxpars; 1678 1.1 agc int rc; 1679 1.1 agc 1680 1.1 agc state->num_pars = 0; 1681 1.1 agc 1682 1.1 agc DEBC(conn, 10, ("AsmNegParams: connState=%d, MRDSL=%d\n", 1683 1.1 agc conn->state, state->MaxRecvDataSegmentLength)); 1684 1.1 agc 1685 1.1 agc if (conn->state == ST_SEC_NEG) { 1686 1.1 agc conn->state = ST_OP_NEG; 1687 1.1 agc set_first_opnegs(conn, state); 1688 1.1 agc } 1689 1.1 agc 1690 1.1 agc rxpars = (uint8_t *) rx_pdu->temp_data; 1691 1.1 agc if (rxpars != NULL) { 1692 1.1 agc /* Note: There are always at least 2 extra bytes past temp_data_len */ 1693 1.1 agc rxpars[rx_pdu->temp_data_len] = '\0'; 1694 1.1 agc rxpars[rx_pdu->temp_data_len + 1] = '\0'; 1695 1.1 agc 1696 1.1 agc while (*rxpars) { 1697 1.1 agc if ((rxpars = get_parameter(rxpars, &rxp)) == NULL) 1698 1.1 agc return ISCSI_STATUS_NEGOTIATION_ERROR; 1699 1.1 agc 1700 1.1 agc rc = eval_parameter(conn, state, &rxp); 1701 1.1 agc if (rc) 1702 1.1 agc return rc; 1703 1.1 agc } 1704 1.1 agc } 1705 1.1 agc 1706 1.1 agc if (tx_pdu == NULL) 1707 1.1 agc return 0; 1708 1.1 agc 1709 1.1 agc complete_pars(state, tx_pdu); 1710 1.1 agc 1711 1.1 agc return 0; 1712 1.1 agc } 1713 1.1 agc 1714 1.1 agc /* 1715 1.1 agc * init_text_parameters: 1716 1.1 agc * Initialize text negotiation. 1717 1.1 agc * 1718 1.1 agc * Parameter: 1719 1.1 agc * conn The connection 1720 1.1 agc * tx_pdu The transmit PDU 1721 1.1 agc * 1722 1.1 agc * Returns: 0 On success 1723 1.1 agc * > 0 (an ISCSI error code) if an error occurred. 1724 1.1 agc */ 1725 1.1 agc 1726 1.1 agc int 1727 1.1 agc init_text_parameters(connection_t *conn, ccb_t *ccb) 1728 1.1 agc { 1729 1.1 agc negotiation_state_t *state; 1730 1.1 agc 1731 1.1 agc state = malloc(sizeof(*state), M_TEMP, M_WAITOK | M_ZERO); 1732 1.1 agc if (state == NULL) { 1733 1.1 agc DEBOUT(("*** Out of memory in init_text_params\n")); 1734 1.1 agc return ISCSI_STATUS_NO_RESOURCES; 1735 1.1 agc } 1736 1.1 agc ccb->temp_data = state; 1737 1.1 agc 1738 1.1 agc state->HeaderDigest = conn->HeaderDigest; 1739 1.1 agc state->DataDigest = conn->DataDigest; 1740 1.1 agc state->MaxRecvDataSegmentLength = conn->MaxRecvDataSegmentLength; 1741 1.1 agc init_session_parameters(conn->session, state); 1742 1.1 agc 1743 1.1 agc return 0; 1744 1.1 agc } 1745 1.1 agc 1746 1.1 agc 1747 1.1 agc /* 1748 1.1 agc * assemble_send_targets: 1749 1.1 agc * Assemble send targets request 1750 1.1 agc * 1751 1.1 agc * Parameter: 1752 1.1 agc * pdu The transmit PDU 1753 1.1 agc * val The SendTargets key value 1754 1.1 agc * 1755 1.1 agc * Returns: 0 On success 1756 1.1 agc * > 0 (an ISCSI error code) if an error occurred. 1757 1.1 agc */ 1758 1.1 agc 1759 1.1 agc int 1760 1.1 agc assemble_send_targets(pdu_t *pdu, uint8_t *val) 1761 1.1 agc { 1762 1.1 agc negotiation_parameter_t par; 1763 1.1 agc uint8_t *buf; 1764 1.1 agc int len; 1765 1.1 agc 1766 1.1 agc par.key = K_SendTargets; 1767 1.1 agc par.list_num = 1; 1768 1.1 agc par.val.sval = val; 1769 1.1 agc 1770 1.1 agc len = parameter_size(&par); 1771 1.1 agc 1772 1.1 agc if ((buf = malloc(len, M_TEMP, M_WAITOK)) == NULL) { 1773 1.1 agc DEBOUT(("*** Out of memory in assemble_send_targets\n")); 1774 1.1 agc return ISCSI_STATUS_NO_RESOURCES; 1775 1.1 agc } 1776 1.1 agc pdu->temp_data = buf; 1777 1.1 agc pdu->temp_data_len = len; 1778 1.1 agc 1779 1.1 agc if (put_parameter(buf, len, &par) == 0) 1780 1.1 agc return ISCSI_STATUS_PARAMETER_INVALID; 1781 1.1 agc 1782 1.1 agc return 0; 1783 1.1 agc } 1784 1.1 agc 1785 1.1 agc 1786 1.1 agc /* 1787 1.1 agc * set_negotiated_parameters: 1788 1.1 agc * Copy the negotiated parameters into the connection and session structure. 1789 1.1 agc * 1790 1.1 agc * Parameter: 1791 1.1 agc * ccb The ccb containing the state information 1792 1.1 agc */ 1793 1.1 agc 1794 1.1 agc void 1795 1.1 agc set_negotiated_parameters(ccb_t *ccb) 1796 1.1 agc { 1797 1.1 agc negotiation_state_t *state = (negotiation_state_t *) ccb->temp_data; 1798 1.1 agc connection_t *conn = ccb->connection; 1799 1.1 agc session_t *sess = ccb->session; 1800 1.1 agc 1801 1.1 agc conn->HeaderDigest = state->HeaderDigest; 1802 1.1 agc conn->DataDigest = state->DataDigest; 1803 1.1 agc sess->ErrorRecoveryLevel = state->ErrorRecoveryLevel; 1804 1.1 agc sess->InitialR2T = state->InitialR2T; 1805 1.1 agc sess->ImmediateData = state->ImmediateData; 1806 1.1 agc conn->MaxRecvDataSegmentLength = state->MaxRecvDataSegmentLength; 1807 1.1 agc sess->MaxConnections = state->MaxConnections; 1808 1.1 agc sess->DefaultTime2Wait = conn->Time2Wait = state->DefaultTime2Wait; 1809 1.1 agc sess->DefaultTime2Retain = conn->Time2Retain = 1810 1.1 agc state->DefaultTime2Retain; 1811 1.1 agc 1812 1.1 agc /* set idle connection timeout to half the Time2Retain window so we */ 1813 1.1 agc /* don't miss it, unless Time2Retain is ridiculously small. */ 1814 1.1 agc conn->idle_timeout_val = (conn->Time2Retain >= 10) ? 1815 1.1 agc (conn->Time2Retain / 2) * hz : CONNECTION_IDLE_TIMEOUT; 1816 1.1 agc 1817 1.1 agc sess->MaxBurstLength = state->MaxBurstLength; 1818 1.1 agc sess->FirstBurstLength = state->FirstBurstLength; 1819 1.1 agc sess->MaxOutstandingR2T = state->MaxOutstandingR2T; 1820 1.1 agc 1821 1.1 agc DEBC(conn, 10,("SetNegPar: MRDSL=%d, MBL=%d, FBL=%d, IR2T=%d, ImD=%d\n", 1822 1.1 agc state->MaxRecvDataSegmentLength, state->MaxBurstLength, 1823 1.1 agc state->FirstBurstLength, state->InitialR2T, 1824 1.1 agc state->ImmediateData)); 1825 1.1 agc 1826 1.4 mlelstv conn->max_transfer = min(sess->MaxBurstLength, conn->MaxRecvDataSegmentLength); 1827 1.1 agc 1828 1.1 agc conn->max_firstimmed = (!sess->ImmediateData) ? 0 : 1829 1.1 agc min(sess->FirstBurstLength, conn->max_transfer); 1830 1.1 agc 1831 1.4 mlelstv conn->max_firstdata = (sess->InitialR2T || sess->FirstBurstLength < conn->max_firstimmed) ? 0 : 1832 1.4 mlelstv min(sess->FirstBurstLength - conn->max_firstimmed, conn->max_transfer); 1833 1.4 mlelstv 1834 1.1 agc } 1835
Indexes created Mon Sep 22 13:09:51 GMT 2025