initiator_negotiate.c

iscsi源代码 UNH的progect 有initiator端和target端的源码

		 * to his challenge 
		 */
		our_chap_n = CHAP_GetName(targ_ctx);
		if (our_chap_n == NULL) {
			TRACE_ERROR("CHAP_N to Target not configured\n");
			goto out;
		}
		our_chap_r =
		    CHAP_GetResponse(chap_i, his_chap_c,
				     MAX_CHAP_BINARY_LENGTH, targ_ctx);
		if (our_chap_r == NULL) {
			TRACE_ERROR("CHAP_R to Target cannot be generated\n");
			my_kfree((void **) &our_chap_n, "CHAP Get Name");
			goto out;
		}
		temp_len = sprintf(dummy_string, "CHAP_N=%s", our_chap_n);
		TRACE(TRACE_ISCSI, "Attach key: %s\n", dummy_string);
		my_kfree((void **) &our_chap_n, "CHAP Get Name");
		add_length = (temp_len + 1);
		temp_len =
		    sprintf(dummy_string + add_length, "CHAP_R=%s", our_chap_r);
		TRACE(TRACE_ISCSI, "Attach key: %s\n",
		      dummy_string + add_length);
		my_kfree((void **) &our_chap_r, "CHAP Response");
		add_length += (temp_len + 1);
		if (p_auth_param.auth_flags & USE_TARGET_CONFIRMATION) {
			chap_i = CHAP_GetIdentifier(init_ctx);
			our_chap_c = CHAP_GetChallenge(init_ctx);
			if (our_chap_c == NULL) {
				TRACE_ERROR("second exchange of chap failed\n");
				goto out;
			}
			temp_len =
			    sprintf(dummy_string +
				    add_length, "CHAP_I=%d", chap_i);
			TRACE(TRACE_ISCSI,
			      "Attach key: %s\n", dummy_string + add_length);
			add_length += (temp_len + 1);
			temp_len =
			    sprintf(dummy_string +
				    add_length, "CHAP_C=%s", our_chap_c);
			TRACE(TRACE_ISCSI,
			      "Attach key: %s\n", dummy_string + add_length);
			add_length += (temp_len + 1);
			my_kfree((void **) &our_chap_c, "CHAP Challenge");

			/* expect target reply to challenge */
			*security_step = ss_find_chap_n_r;
		} else {
			/* we are not challenging target */
			*security_step = ss_done;
		}

		memcpy(outputpdu->text +
		       outputpdu->text_length, dummy_string, add_length);
		outputpdu->text_length += add_length;

		/* regardless of whether we challenge target or
		 * not, this is the last pdu we need to send, so 
		 * offer transition 
		 */
		if (noperational == 0)
			outputpdu->flags |= (NSG3 | T_BIT);
		else
			outputpdu->flags |= (NSG1 | T_BIT);
	}


	TRACE(TRACE_ENTER_LEAVE, "Leaving ss_find_chap_a_i_c()OK Next %d\n",
				*security_step);
	FREE_STRING(dummy_string);
	return 0;
out:

	TRACE(TRACE_ENTER_LEAVE, "Leaving ss_find_chap_a_i_c() Failure Next %d\n",
				*security_step);
	FREE_STRING(dummy_string);
	return -1;

}				

int
ss_find_chap_n_r_func(enum security_steps *security_step,
        struct unknown_key **   unknown_key_list,
        struct parameter_type *p_param_tbl,
        struct auth_parameter_type p_auth_param,
        int noperational,
        struct generic_pdu *inputpdu,
        struct generic_pdu *outputpdu,
        __u32 * got_keys,
        __u32 * got_value,
	int *count)

{

	int got_bitmask;
	struct unknown_key *key;
	char *his_chap_r = NULL;
        struct CHAP_Context *init_ctx ;
        struct CHAP_Context *targ_ctx ;

	init_ctx = p_auth_param.chap_local_ctx;
	targ_ctx = p_auth_param.chap_peer_ctx;

	TRACE(TRACE_ENTER_LEAVE, "Enter ss_find_chap_n_r_func()  %d\n",
				*security_step);

	/* expecting target to reply to our previously sent challenge */
	for (key = *unknown_key_list; key != NULL; key = key->next) {
		if (!key->processed) {
			key->processed = 1;
			got_bitmask = print_bad_security_key(key);
			if (got_bitmask == GOT_CHAP_N) {
				if (check_step_key(key, got_keys, GOT_CHAP_N))
					goto out;
				if (strcmp(key->keyvalue, init_ctx->name)) {
					TRACE_ERROR
					    ("got %s = \"%s\", expected \"%s\"\n",
					     key->
					     keyname,
					     key->keyvalue, init_ctx->name);
					goto out;
				}
			} else if (got_bitmask == GOT_CHAP_R) {
				if (check_step_key(key, got_keys, GOT_CHAP_R))
					goto out;
				his_chap_r = key->keyvalue;
			} else {
				if (got_bitmask) {
					print_not_allowed_security_key(key);
				}
				goto out;
			}
		}
	}
	if ((*got_keys & (GOT_CHAP_A | GOT_CHAP_I | GOT_CHAP_C |
		GOT_CHAP_N | GOT_CHAP_R)) ==
	    (GOT_CHAP_A | GOT_CHAP_I | GOT_CHAP_C | GOT_CHAP_N | GOT_CHAP_R)) {

		/* target sent complete reply to our 
		 * challenge, check it now 
		 */
		if (CHAP_CheckResponse
		    (his_chap_r, MAX_CHAP_BINARY_LENGTH, init_ctx) <= 0) {
			TRACE_ERROR("CHAP failed to authenticate target\n");
			goto out;
		}

		TRACE(TRACE_ISCSI, "CHAP successfully authenticated target\n");

		if (inputpdu->flags & T_BIT) {
			/* target agreed to transition out of security stage */
			*count = LOOP_TIMES;
			goto break_out;
		}

		TRACE(TRACE_ISCSI, "end up the security phase\n");
		*security_step = ss_done;
		if (noperational == 0)
			outputpdu->flags |= (NSG3 | T_BIT);
		else
			outputpdu->flags |= (NSG1 | T_BIT);
	}

break_out:
	TRACE(TRACE_ENTER_LEAVE, "Leaving ss_find_chap_n_r.c_func Ok Next %d\n",
				*security_step);
	return 0;

out:
	TRACE(TRACE_ENTER_LEAVE, "Leaving ss_find_chap_n_r.c_func Failure Next %d\n",
				*security_step);
	return -1;

}

int
ss_find_srp_g_s_func( enum security_steps *security_step,
        struct unknown_key **   unknown_key_list,
        struct parameter_type *p_param_tbl,
        struct auth_parameter_type p_auth_param,
        int noperational,
        struct generic_pdu *inputpdu,
        struct generic_pdu *outputpdu,
        __u32 * got_keys)

{		

    	char *dummy_string;
	int got_bitmask;
	struct unknown_key *key;
	int temp_len,i;
	char *ptr = NULL;
	char **srp_argv = NULL;
	char *srp_group =NULL;
	char *srp_a =NULL;

	struct SRP_Context *srp_ctx = p_auth_param.srp_ctx;

	TRACE(TRACE_ENTER_LEAVE," Enter ss_find_srp_g_s_func %d srp_ctx %p\n",
				*security_step,srp_ctx );

	ALLOCATE_MAX_TEXT_LEN(dummy_string);

	/* previously sent SRP_U, expecting SRP_GROUP, SRP_s */
	for (key = *unknown_key_list; key != NULL; key = key->next) {
		if (!key->processed) {
			key->processed = 1;
			got_bitmask = print_bad_security_key(key);
			if (got_bitmask == GOT_SRP_GROUP) {
				if (check_step_key
				    (key, got_keys, GOT_SRP_GROUP))
					goto out;
				/* process the SRP_GROUP key value */
				/* first see how many items are in the list */
				/* always at least 1 item plus NULL at end */
				i = 2;	
				ptr = key->keyvalue;
				do {
					if (*ptr == '\0')
						break;
					if (*ptr++ == ',')
						i++;
				}
				while (1);

				if ((srp_argv = my_kmalloc(i * sizeof(void *),
						 "SRP argv")) == NULL)
					goto out;

				/* tokenize the value list into 
				 * an argv[] list 
				 */
				i = 0;
				ptr = key->keyvalue;
				srp_argv[0] = ptr;
				do {
					if (*ptr == '\0') {
						/* end of list */
						srp_argv[++i] = NULL;	
						break;
					}
					if (*ptr == ',') {
						/* nul-terminate string */
						*ptr = '\0';	
						/* start of next str */
						srp_argv[++i]
						    = ptr + 1;
					}
					ptr++;
				}
				while (1);

				if ((srp_group = SRP_Initiator_GetGroup(
					srp_argv, srp_ctx)) == NULL) {
					/* to give error message, fix 
					 *      tokenizing damage 
					 */
					for (i -= 2; i >= 0; i--) {
						ptr = srp_argv[i];
						*(ptr + strlen(ptr))
						    = ',';
					}
					TRACE_ERROR
					    ("desired group choice not in list %s\n",
					     key->keyvalue);
					goto out;
				} else {
					TRACE
					    (TRACE_ISCSI,
					     "Selected Group %s\n", srp_group);
				}
			} else if (got_bitmask == GOT_SRP_S) {
				if (check_step_key(key, got_keys, GOT_SRP_S))
					goto out;
					TRACE(TRACE_DEBUG,
					    "key %s\n",key->keyvalue);
				if (SRP_Initiator_SetSalt
				    (key->keyvalue, MAX_SRP_BINARY_LENGTH,
				     srp_ctx) == 0) {
					TRACE_ERROR("illegal SRP_s\n");
					goto out;
				}
			} else {
				if (got_bitmask) {
					print_not_allowed_security_key(key);
				}
				goto out;
			}
		}
	}
	if ((*got_keys & (GOT_SRP_GROUP | GOT_SRP_S))
	    == (GOT_SRP_GROUP | GOT_SRP_S)) {
		/* have all target keys needed to send him a challenge */

		if ((srp_a = SRP_Initiator_GetA(srp_ctx)) == NULL) {
			TRACE_ERROR("unable to generate SRP_A\n");
			goto out;
		}
		/* have srp_a and srp_group, send them */
		*security_step = ss_find_srp_b;

		/* generate and attach key SRP_A=value */
		temp_len = sprintf(dummy_string, "%s=%s", SRP_A, srp_a);
		TRACE(TRACE_ISCSI, "Attach key: %s\n", dummy_string);
		strcpy(outputpdu->text + outputpdu->text_length, dummy_string);
		outputpdu->text_length += temp_len + 1;

		/* generate and attach key SRP_GROUP=value */
		temp_len = sprintf(dummy_string, "%s=%s", SRP_GROUP, srp_group);
		TRACE(TRACE_ISCSI, "Attach key: %s\n", dummy_string);
		strcpy(outputpdu->text + outputpdu->text_length, dummy_string);
		outputpdu->text_length += temp_len + 1;

	}

	my_kfree((void **) &srp_group, "selected SRP_GROUP");
	my_kfree((void **) &srp_argv, "SRP argv");
	my_kfree((void **) &srp_a, "SRP_A");
	FREE_STRING(dummy_string);
	TRACE(TRACE_ENTER_LEAVE, "Leaving ss_find_srp_g_s_func Ok Next %d\n",
				*security_step);
	return 0;

out:
	my_kfree((void **) &srp_group, "selected SRP_GROUP");
	my_kfree((void **) &srp_argv, "SRP argv");
	my_kfree((void **) &srp_a, "SRP_A");
	FREE_STRING(dummy_string);
	TRACE(TRACE_ENTER_LEAVE, "Leaving ss_find_srp_g_s_func Failure Next %d\n",
				*security_step);

	return -1;
}
int
ss_find_srp_b_func( enum security_steps *security_step,
        struct unknown_key **   unknown_key_list,
        struct parameter_type *p_param_tbl,
        struct auth_parameter_type p_auth_param,
        int noperational,
        struct generic_pdu *inputpdu,
        struct generic_pdu *outputpdu,
        __u32 * got_keys)


{		

    	char *dummy_string;
	int got_bitmask;
	struct unknown_key *key;
	int temp_len;
	char *srp_m =NULL;

	struct SRP_Context *srp_ctx = p_auth_param.srp_ctx;

	TRACE(TRACE_ENTER_LEAVE, "Enter ss_find_srp_b Ok Next %d\n",
				*security_step);

	ALLOCATE_MAX_TEXT_LEN(dummy_string);

	/* previously sent SRP_A and SRP_GROUP, expecting SRP_B */
	for (key = *unknown_key_list; key != NULL; key = key->next) {
		if (!key->processed) {
			key->processed = 1;
			got_bitmask = print_bad_security_key(key);
			if (got_bitmask == GOT_SRP_B) {
				if (check_step_key(key, got_keys, GOT_SRP_B))
					goto out;
				if (SRP_Initiator_SetB
				    (key->keyvalue,
				     MAX_SRP_BINARY_LENGTH, srp_ctx) == 0) {
					TRACE_ERROR
					    ("unacceptable value for SRP_B\n");
					goto out;
				}
			} else {
				if (got_bitmask) {
					print_not_allowed_security_key(key);
				}
				goto out;
			}
		}
	}
	if ((*got_keys & (GOT_SRP_GROUP | GOT_SRP_S | GOT_SRP_B))
	    == (GOT_SRP_GROUP | GOT_SRP_S | GOT_SRP_B)) {
		if ((srp_m = SRP_Initiator_GetM(srp_ctx)) == NULL) {
			TRACE_ERROR("unable to generate SRP_M\n");
			goto out;
		}

		/* generate and attach key SRP_M=value */
		temp_len = sprintf(dummy_string, "%s=%s", SRP_M, srp_m);
		TRACE(TRACE_ISCSI, "Attach key: %s\n", dummy_string);
		strcpy(outputpdu->text + outputpdu->text_length, dummy_string);
		outputpdu->text_length += temp_len + 1;

		if (p_auth_param.auth_flags & USE_TARGET_CONFIRMATION) {
			/* we previously sent TargetAuth=Yes, so we 
			 * expect the target to reply with SRP_HM next 
			 */
			*security_step = ss_find_srp_h;
		} else
			*security_step = ss_done;

		/*  regardless of whether we expect target to 
		 * send back SRP_HM or not, this is the last 
		 * pdu we need to send, so offer transition 
		 */
		if (noperational == 0)
			outputpdu->flags |= (NSG3 | T_BIT);
		else
			outputpdu->flags |= (NSG1 | T_BIT);
	}

	my_kfree((void **) &srp_m, "SRP_M");
	FREE_STRING(dummy_string);
	TRACE(TRACE_ENTER_LEAVE, "Leaving ss_find_srp_b Ok Next %d\n",
				*security_step);
	return 0;

out:
	my_kfree((void **) &srp_m, "SRP_M");
	FREE_STRING(dummy_string);
	TRACE(TRACE_ENTER_LEAVE, "Leaving ss_find_srp_b Failure Next %d\n",
				*security_step);
	return -1;
}

/* expecting target to send SRP_HM */

int
ss_find_srp_h_func( enum security_steps *security_step,
        struct unknown_key **   unknown_key_list,
        struct parameter_type *p_param_tbl,
        struct auth_parameter_type p_auth_param,
        int noperational,
        struct generic_pdu *inputpdu,
        struct generic_pdu *outputpdu,
        __u32 * got_keys,
	int *count )


{		

	int got_bitmask;
	struct unknown_key *key;
	struct SRP_Context *srp_ctx = p_auth_param.srp_ctx;

	TRACE(TRACE_ENTER_LEAVE, "Enter ss_find_srp_h %d\n",
				*security_step);

	/* expecting target to send SRP_HM */
	for (key = *unknown_key_list; key != NULL; key = key->next) {
		if (!key->processed) {
			key->processed = 1;
			got_bitmask = print_bad_security_key(key);
			if (got_bitmask == GOT_SRP_HM) {
				if (check_step_key(key, got_keys, GOT_SRP_HM))
					goto out;
				if (SRP_Initiator_SetHM
				    (key->keyvalue,
				     MAX_SRP_BINARY_LENGTH, srp_ctx) == 0) {
					TRACE_ERROR
					    ("SRP authentication failed\n");
					goto out;
				}
			} else {
				if (got_bitmask) {
					print_not_allowed_security_key(key);
				}
				goto out;
			}
		}
	}
	if ((*got_keys & (GOT_SRP_GROUP | GOT_SRP_S | GOT_SRP_B | GOT_SRP_HM))
	    == (GOT_SRP_GROUP | GOT_SRP_S | GOT_SRP_B | GOT_SRP_HM)) {
		/* target sent complete reply to our 
		 * challenge, check it now 
		 */

		TRACE(TRACE_ISCSI, "SRP successfully authenticated target\n");

		if (inputpdu->flags & T_BIT) {
			/* target agreed to transition out of security stage */
			*count = LOOP_TIMES;
			goto break_out;
		}

		TRACE(TRACE_ISCSI, "end up the security phase\n");
		*security_step = ss_done;
		if (noperational == 0)
			outputpdu->flags |= (NSG3 | T_BIT);
		else
			outputpdu->flags |= (NSG1 | T_BIT);
	}

break_out:

	TRACE(TRACE_ENTER_LEAVE, "Leaving ss_find_srp_h %d\n",
				*security_step);
	return 0;

out:
	TRACE(TRACE_ENTER_LEAVE, "Leaving ss_find_srp_h Failure Next %d\n",
				*security_step);
	return -1;
}


/* 
 * done with authentication (may never have done any)