📄 iscsiauthclient.c

📁 这个linux源代码是很全面的~基本完整了~使用c编译的~由于时间问题我没有亲自测试~但就算用来做参考资料也是非常好的
💻 C
📖 第 1 页 / 共 4 页
字号:
	}	client->transitBitSentFlag = client->sendKeyBlock.transitBit;	iscsiAuthClientInitKeyBlock(&client->recvKeyBlock);	iscsiAuthClientInitKeyBlock(&client->sendKeyBlock);	return iscsiAuthStatusNoError;}intiscsiAuthClientRecvEnd(	IscsiAuthClient *client,	IscsiAuthClientCallback *callback,	void *userHandle,	void *messageHandle){	int nextPhaseFlag = FALSE;	if (!client || client->signature != iscsiAuthClientSignature) {		return iscsiAuthStatusError;	}	if (client->phase == iscsiAuthPhaseError) {		return iscsiAuthStatusError;	}	if (!callback || !client->recvInProgressFlag) {		client->phase = iscsiAuthPhaseError;		return iscsiAuthStatusError;	}	if (client->recvEndCount > iscsiAuthRecvEndMaxCount) {		client->remoteAuthStatus = iscsiAuthStatusFail;		client->phase = iscsiAuthPhaseDone;		client->debugStatus = iscsiAuthDebugStatusMessageCountLimit;	} else if (client->recvKeyBlock.duplicateSet) {		client->remoteAuthStatus = iscsiAuthStatusFail;		client->phase = iscsiAuthPhaseDone;		client->debugStatus = iscsiAuthDebugStatusRecvDuplicateSetKeyValue;	} else if (client->recvKeyBlock.stringTooLong) {		client->remoteAuthStatus = iscsiAuthStatusFail;		client->phase = iscsiAuthPhaseDone;		client->debugStatus = iscsiAuthDebugStatusRecvStringTooLong;	} else if (client->recvKeyBlock.tooMuchData) {		client->remoteAuthStatus = iscsiAuthStatusFail;		client->phase = iscsiAuthPhaseDone;		client->debugStatus = iscsiAuthDebugStatusRecvTooMuchData;	}	client->recvEndCount++;	client->callback = callback;	client->userHandle = userHandle;	client->messageHandle = messageHandle;	switch (client->phase) {	case iscsiAuthPhaseNegotiate:		iscsiAuthClientCheckAuthMethodKey(client);		if (client->authMethodValidNegRole == iscsiAuthNegRoleResponder) {			if (client->negotiatedAuthMethod ==	iscsiAuthOptionNotPresent) {				if (client->authRemote || !client->recvKeyBlock.transitBit) {					/*					 * No AuthMethod key from peer on first message,					 * try moving the process along by sending the					 * AuthMethod key.					 */					client->authMethodValidNegRole =						iscsiAuthNegRoleOriginator;					iscsiAuthClientSetAuthMethodKey(						client,						client->authMethodValidCount,						client->authMethodValidList);					break;				}				/*				 * Special case if peer sent no AuthMethod key,				 * but did set Transit Bit, allowing this side				 * to do a null authentication, and compelete				 * the iSCSI security phase without either side				 * sending the AuthMethod key.				 */			} else {				/* Send response to AuthMethod key. */				iscsiAuthClientSetAuthMethodKey(					client, 1, &client->negotiatedAuthMethod);			}			if (client->nodeType == iscsiAuthNodeTypeInitiator) {				iscsiAuthClientNextPhase(client);			} else {				nextPhaseFlag = TRUE;			}		} else {			iscsiAuthClientNextPhase(client);		}		break;	case iscsiAuthPhaseAuthenticate:	case iscsiAuthPhaseDone:		break;	default:		client->phase = iscsiAuthPhaseError;		return iscsiAuthStatusError;	}	switch (client->phase) {	case iscsiAuthPhaseNegotiate:		if (nextPhaseFlag) {			iscsiAuthClientNextPhase(client);		}		break;	case iscsiAuthPhaseAuthenticate:		/*		 * Must call iscsiAuthClientLocalAuthentication()		 * before iscsiAuthClientRemoteAuthentication()		 * to insure processing of the CHAP algorithm key,		 * and to avoid leaving an in progress request to the		 * authentication service.		 */		iscsiAuthClientLocalAuthentication(client);		if (client->localState != iscsiAuthLocalStateError) {			iscsiAuthClientRemoteAuthentication(client);		}		if (client->localState == iscsiAuthLocalStateError ||			client->remoteState == iscsiAuthRemoteStateError) {			client->remoteAuthStatus = iscsiAuthStatusFail;			client->phase = iscsiAuthPhaseDone;			/* client->debugStatus should already be set. */		}		break;	case iscsiAuthPhaseDone:		break;	default:		client->phase = iscsiAuthPhaseError;		return iscsiAuthStatusError;	}	iscsiAuthClientHandshake(client);	return iscsiAuthClientRecvEndStatus(client);}voidiscsiAuthClientAuthResponse(IscsiAuthClient *client, int authStatus){	iscsiAuthClientGlobalStats.responseReceived++;	if (!client || client->signature != iscsiAuthClientSignature) {		return;	}	if (!client->recvInProgressFlag ||		client->phase != iscsiAuthPhaseAuthenticate ||		client->remoteState != iscsiAuthRemoteStateAuthRequest) {		client->phase = iscsiAuthPhaseError;		return;	}	client->remoteAuthStatus = (IscsiAuthStatus)authStatus;	client->authResponseFlag = TRUE;	iscsiAuthClientRemoteAuthentication(client);	iscsiAuthClientHandshake(client);	authStatus = iscsiAuthClientRecvEndStatus(client);	client->callback(		client->userHandle, client->messageHandle, authStatus);}const char *iscsiAuthClientGetKeyName(int keyType){	if (keyType < iscsiAuthKeyTypeFirst ||		keyType > iscsiAuthKeyTypeLast) {		return NULL;	}	return iscsiAuthClientKeyInfo[keyType].name;}intiscsiAuthClientGetNextKeyType(int *pKeyType){	int keyType = *pKeyType;	if (keyType >= iscsiAuthKeyTypeLast) {		return iscsiAuthStatusError;	}	if (keyType < iscsiAuthKeyTypeFirst) {		keyType = iscsiAuthKeyTypeFirst;	} else {		keyType++;	}	*pKeyType = keyType;	return iscsiAuthStatusNoError;}intiscsiAuthClientKeyNameToKeyType(const char *keyName){	int keyType = iscsiAuthKeyTypeNone;	while (iscsiAuthClientGetNextKeyType(&keyType) == iscsiAuthStatusNoError) {		const char *keyName2 = iscsiAuthClientGetKeyName(keyType);		if (!keyName2) {			return iscsiAuthKeyTypeNone;		}		if (strcmp(keyName, keyName2) == 0) {			return keyType;		}	}	return iscsiAuthKeyTypeNone;}intiscsiAuthClientRecvKeyValue(	IscsiAuthClient *client, int keyType, const char *userKeyValue){	if (!client || client->signature != iscsiAuthClientSignature) {		return iscsiAuthStatusError;	}	if (client->phase != iscsiAuthPhaseNegotiate &&		client->phase != iscsiAuthPhaseAuthenticate) {		client->phase = iscsiAuthPhaseError;		return iscsiAuthStatusError;	}	if (keyType < iscsiAuthKeyTypeFirst ||		keyType > iscsiAuthKeyTypeLast) {		client->phase = iscsiAuthPhaseError;		return iscsiAuthStatusError;	}	iscsiAuthClientSetKeyValue(&client->recvKeyBlock, keyType, userKeyValue);	return iscsiAuthStatusNoError;}intiscsiAuthClientSendKeyValue(	IscsiAuthClient *client, int keyType, int *keyPresent, char *userKeyValue){	const char *keyValue;	if (!client || client->signature != iscsiAuthClientSignature) {		return iscsiAuthStatusError;	}	if (client->phase != iscsiAuthPhaseConfigure &&		client->phase != iscsiAuthPhaseNegotiate &&		client->phase != iscsiAuthPhaseAuthenticate &&		client->phase != iscsiAuthPhaseDone) {		client->phase = iscsiAuthPhaseError;		return iscsiAuthStatusError;	}	if (keyType < iscsiAuthKeyTypeFirst ||		keyType > iscsiAuthKeyTypeLast) {		client->phase = iscsiAuthPhaseError;		return iscsiAuthStatusError;	}	keyValue = iscsiAuthClientGetKeyValue(&client->sendKeyBlock, keyType);	if (keyValue) {		strcpy(userKeyValue, keyValue);		*keyPresent = TRUE;	} else {		*keyPresent = FALSE;	}	return iscsiAuthStatusNoError;}intiscsiAuthClientRecvTransitBit(	IscsiAuthClient *client, int value){	if (!client || client->signature != iscsiAuthClientSignature) {		return iscsiAuthStatusError;	}	if (client->phase != iscsiAuthPhaseNegotiate &&		client->phase != iscsiAuthPhaseAuthenticate) {		client->phase = iscsiAuthPhaseError;		return iscsiAuthStatusError;	}	if (value) {		client->recvKeyBlock.transitBit = TRUE;	} else {		client->recvKeyBlock.transitBit = FALSE;	}	return iscsiAuthStatusNoError;}intiscsiAuthClientSendTransitBit(	IscsiAuthClient *client, int *value){	if (!client || client->signature != iscsiAuthClientSignature) {		return iscsiAuthStatusError;	}	if (client->phase != iscsiAuthPhaseConfigure &&		client->phase != iscsiAuthPhaseNegotiate &&		client->phase != iscsiAuthPhaseAuthenticate &&		client->phase != iscsiAuthPhaseDone) {		client->phase = iscsiAuthPhaseError;		return iscsiAuthStatusError;	}	*value = client->sendKeyBlock.transitBit;	return iscsiAuthStatusNoError;}intiscsiAuthClientInit(IscsiAuthClient *client, int nodeType){	int valueList[2];	if (!client) {		return iscsiAuthStatusError;	}	memset(client, 0, sizeof(*client));	if (iscsiAuthClientCheckNodeType(nodeType)) {		client->phase = iscsiAuthPhaseError;		return iscsiAuthStatusError;	}	client->signature = iscsiAuthClientSignature;	client->nodeType = (IscsiAuthNodeType)nodeType;	client->authRemote = TRUE;	client->passwordPresent = FALSE;	client->ipSec = TRUE;	client->base64 = FALSE;	client->phase = iscsiAuthPhaseConfigure;	client->negotiatedAuthMethod = iscsiAuthOptionNotPresent;	client->negotiatedChapAlgorithm = iscsiAuthOptionNotPresent;	if (client->nodeType == iscsiAuthNodeTypeInitiator) {		client->authMethodNegRole = iscsiAuthNegRoleOriginator;	} else {		/* Initial value ignored for Target. */		client->authMethodNegRole = iscsiAuthNegRoleResponder;	}	client->version = iscsiAuthVersionDraft8;	valueList[0] = iscsiAuthMethodChap;	valueList[1] = iscsiAuthOptionNone;	/*	 * Must call after setting authRemote, password,	 * version and authMethodNegRole	 */	if (iscsiAuthClientSetAuthMethodList(client, 2, valueList) !=		iscsiAuthStatusNoError) {		client->phase = iscsiAuthPhaseError;		return iscsiAuthStatusError;	}	valueList[0] = iscsiAuthChapAlgorithmMd5;	if (iscsiAuthClientSetChapAlgorithmList(client, 1, valueList) !=		iscsiAuthStatusNoError) {		client->phase = iscsiAuthPhaseError;		return iscsiAuthStatusError;	}	return iscsiAuthStatusNoError;}intiscsiAuthClientFinish(IscsiAuthClient *client){	if (!client || client->signature != iscsiAuthClientSignature) {		return iscsiAuthStatusError;	}	iscsiAuthClientChapAuthCancel(client);	memset(client, 0, sizeof(*client));	return iscsiAuthStatusNoError;}static intiscsiAuthClientSetOptionList(	IscsiAuthClient *client,	unsigned int optionCount,	const int *optionList,	unsigned int *clientOptionCount,	int *clientOptionList,	unsigned int optionMaxCount,	int (*checkOption)(int),	int (*checkList)(unsigned int optionCount, const int *optionList)){	unsigned int i;	unsigned int j;	if (!client || client->signature != iscsiAuthClientSignature) {		return iscsiAuthStatusError;	}	if (client->phase != iscsiAuthPhaseConfigure ||		optionCount > optionMaxCount) {		client->phase = iscsiAuthPhaseError;		return iscsiAuthStatusError;	}	for (i = 0; i < optionCount; i++) {		if ((*checkOption)(optionList[i])) {			client->phase = iscsiAuthPhaseError;			return iscsiAuthStatusError;		}	}	/* Check for duplicate entries. */	for (i = 0; i < optionCount; i++) {		for (j = 0; j < optionCount; j++) {			if (j == i) continue;			if (optionList[i] == optionList[j]) {				client->phase = iscsiAuthPhaseError;				return iscsiAuthStatusError;			}		}	}	/* Check for key specific constraints. */	if (checkList) {		if ((*checkList)(optionCount, optionList)) {			client->phase = iscsiAuthPhaseError;			return iscsiAuthStatusError;		}	}	for (i = 0; i < optionCount; i++) {		clientOptionList[i] = optionList[i];	}	*clientOptionCount = optionCount;	return iscsiAuthStatusNoError;}static voidiscsiAuthClientSetAuthMethodValid(IscsiAuthClient *client){	static const char rejectOptionNameDraft8[] = "reject";	static const char rejectOptionNameRfc[] = "Reject";	static const char noneOptionNameDraft8[] = "none";	static const char noneOptionNameRfc[] = "None";	unsigned int i;	unsigned int j = 0;	int option = 0;	if (client->version == iscsiAuthVersionDraft8) {		client->rejectOptionName = rejectOptionNameDraft8;		client->noneOptionName = noneOptionNameDraft8;	} else {		client->rejectOptionName = rejectOptionNameRfc;		client->noneOptionName = noneOptionNameRfc;	}	/*	 * Following checks may need to be revised if	 * authentication options other than CHAP and none	 * are supported.	 */	if (client->nodeType == iscsiAuthNodeTypeInitiator) {		if (client->authRemote) {			/*			 * If initiator doing authentication,			 * don't offer authentication option none.			 */			option = 1;		} else if (!client->passwordPresent) {			/*			 * If initiator password not set,			 * only offer authentication option none.			 */			option = 2;		}	}	if (client->nodeType == iscsiAuthNodeTypeTarget) {		if (client->authRemote) {			/*			 * If target doing authentication,			 * don't accept authentication option none.			 */			option = 1;		} else {			/*			 * If target not doing authentication,			 * only accept authentication option none.			 */			option = 2;		}	}	for (i = 0; i < client->authMethodCount; i++) {		if (option == 1) {			if (client->authMethodList[i] == iscsiAuthOptionNone) {				continue;			}		} else if (option == 2) {			if (client->authMethodList[i] != iscsiAuthOptionNone) {				continue;			}		}		client->authMethodValidList[j++] = client->authMethodList[i];	}	client->authMethodValidCount = j;	iscsiAuthClientInitKeyBlock(&client->sendKeyBlock);	if (client->nodeType == iscsiAuthNodeTypeInitiator) {		if (client->authRemote) {			/*			 * Initiator wants to authenticate target,			 * always send AuthMethod key.			 */			client->sendKeyBlock.transitBit = FALSE;			client->authMethodValidNegRole = iscsiAuthNegRoleOriginator;		} else {			client->sendKeyBlock.transitBit = TRUE;			client->authMethodValidNegRole = client->authMethodNegRole;		}	} else {		client->sendKeyBlock.transitBit = FALSE;		client->authMethodValidNegRole = iscsiAuthNegRoleResponder;	}	if (client->authMethodValidNegRole == iscsiAuthNegRoleOriginator) {		iscsiAuthClientSetAuthMethodKey(			client, client->authMethodValidCount, client->authMethodValidList);	} else {		int value = iscsiAuthOptionNotPresent;		iscsiAuthClientSetAuthMethodKey(client, 1, &value);	}}static intiscsiAuthClientCheckAuthMethodList(	unsigned int optionCount,	const int *optionList){	unsigned int i;	if (!optionList || optionCount < 2) {		return TRUE;	}	if (optionList[optionCount - 1] != iscsiAuthOptionNone) {		return TRUE;	}	for (i = 0; i < (optionCount - 1); i++) {		if (optionList[i] != iscsiAuthOptionNone) {			return FALSE;		}	}	return FALSE;}intiscsiAuthClientSetAuthMethodList(	IscsiAuthClient *client,
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -