openslx-ng/ipxe.git/src/net/tcp, branch master

[http] Work around stateful authentication schemes

2018-06-08T12:53:02+00:00

As pointedly documented in RFC7230 section 2.3, HTTP is a stateless protocol: each request message can be understood in isolation from any other requests or responses. Various authentication schemes such as NTLM break this fundamental property of HTTP and rely on the same TCP connection being reused. Work around these broken authentication schemes by ensuring that the most recently pooled connection is reused for the subsequent authentication retry. Reported-by: Andreas Hammarskjöld Tested-by: Andreas Hammarskjöld Signed-off-by: Michael Brown

[iscsi] Parse IPv6 address in root path

2018-03-01T13:30:41+00:00

The iSCSI root path may contain a literal IPv6 address. Update the parser to handle this address format correctly. Signed-off-by: Hannes Reinecke Modified-by: Michael Brown Signed-off-by: Michael Brown

[http] Allow for domain names within NTLM user names

2018-02-19T11:58:28+00:00

Allow a NetBIOS domain name to be specified within a URL using a syntax such as: http://domain%5Cusername:password@server/path Signed-off-by: Michael Brown

[http] Report unsuccessful response status lines at DBGVL_LOG

2017-12-28T13:04:59+00:00

The precise HTTP response status code is currently visible only at DBGLVL_EXTRA. Allow for easier debugging by reporting the whole status line at DBGLVL_LOG for any unsuccessful responses. Signed-off-by: Michael Brown

[http] Include error messages for 4xx and 5xx response codes

2017-12-28T12:34:07+00:00

Signed-off-by: Michael Brown

[http] Add support for NTLM authentication

2017-11-12T18:52:04+00:00

Signed-off-by: Michael Brown

[http] Handle parsing of WWW-Authenticate header within authentication scheme

2017-11-12T18:52:04+00:00

Allow individual authentication schemes to parse WWW-Authenticate headers that do not comply with RFC2617. Signed-off-by: Michael Brown

[http] Gracefully handle offers of multiple authentication schemes

2017-11-12T18:52:03+00:00

Servers may provide multiple WWW-Authenticate headers, each offering a different authentication scheme. We currently fail the request as soon as we encounter an unrecognised scheme, which prevents subsequent offers from succeeding. Fix by silently ignoring headers for schemes that we do not recognise. If no schemes are recognised then the request will eventually fail anyway due to the 401 response code. If multiple schemes are supported, arbitrarily choose the scheme appearing first within the response headers. Signed-off-by: Michael Brown

[iscsi] Always send FirstBurstLength parameter

2017-05-03T12:01:11+00:00

As of kernel 4.11, the LIO target will propose a value for FirstBurstLength if the initiator did not do so. This is entirely redundant in our case, since FirstBurstLength is defined by RFC 3720 to be "Irrelevant when: ( InitialR2T=Yes and ImmediateData=No )" and we already enforce both InitialR2T=Yes and ImmediateData=No in our initial proposal. However, LIO (arguably correctly) complains when we do not respond to its redundant proposal of an already-irrelevant value. Fix by always proposing the default value for FirstBurstLength. Debugged-by: Patrick Seeburger Tested-by: Patrick Seeburger Signed-off-by: Michael Brown

[http] Notify data transfer interface when underlying connection is ready

2017-03-28T20:40:52+00:00

HTTP implements xfer_window_changed() on the underlying server connection using http_step(), which does not propagate the window change notification to the data transfer interface. This breaks the multipath-capable SAN boot code, which relies on the window change notification to discover that the HTTP block device is ready for commands to be issued. Fix by sending xfer_window_changed() in http_step() once the underlying connection has been determined to be ready. Signed-off-by: Michael Brown