From 4dd746a725f69d7b13b24dccff0112158c38dbe3 Mon Sep 17 00:00:00 2001
From: Michael Brown
Date: Fri, 20 Feb 2009 21:41:00 +0000
Subject: [iscsi] Include credentials in iBFT only if used during iSCSI login

Avoid passing credentials in the iBFT that were available but not
required for login.  This works around a problem in the Microsoft
iSCSI initiator, which will refuse to initiate sessions if the CHAP
password is fewer than 12 characters, even if the target ends up not
asking for CHAP authentication.
---
 src/include/gpxe/iscsi.h | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'src/include')

diff --git a/src/include/gpxe/iscsi.h b/src/include/gpxe/iscsi.h
index fd96fdfe0..0510974e8 100644
--- a/src/include/gpxe/iscsi.h
+++ b/src/include/gpxe/iscsi.h
@@ -530,8 +530,6 @@ struct iscsi_session {
 	char *target_username;
 	/** Target password (if any) */
 	char *target_password;
-	/** Target has authenticated acceptably */
-	int target_auth_ok;
 	/** CHAP challenge (for target auth only)
 	 *
 	 * This is a block of random data; the first byte is used as
@@ -664,6 +662,15 @@ struct iscsi_session {
 /** Mask for all iSCSI "needs to send" flags */
 #define ISCSI_STATUS_STRINGS_MASK 0xff00
 
+/** Target has requested forward (initiator) authentication */
+#define ISCSI_STATUS_AUTH_FORWARD_REQUIRED 0x00010000
+
+/** Initiator requires target (reverse) authentication */
+#define ISCSI_STATUS_AUTH_REVERSE_REQUIRED 0x00020000
+
+/** Target authenticated itself correctly */
+#define ISCSI_STATUS_AUTH_REVERSE_OK 0x00040000
+
 /** Maximum number of retries at connecting */
 #define ISCSI_MAX_RETRIES 2
 
-- 
cgit v1.2.3-55-g7522