From patchwork Sun Apr 28 04:17:19 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mike Christie X-Patchwork-Id: 10920635 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7317018EC for ; Sun, 28 Apr 2019 04:17:29 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5B6BF28870 for ; Sun, 28 Apr 2019 04:17:29 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4FE11288D0; Sun, 28 Apr 2019 04:17:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 94D4C28870 for ; Sun, 28 Apr 2019 04:17:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725982AbfD1ERY (ORCPT ); Sun, 28 Apr 2019 00:17:24 -0400 Received: from mx1.redhat.com ([209.132.183.28]:59576 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725818AbfD1ERX (ORCPT ); Sun, 28 Apr 2019 00:17:23 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id AB60A308620C; Sun, 28 Apr 2019 04:17:23 +0000 (UTC) Received: from rh2.redhat.com (ovpn-120-174.rdu2.redhat.com [10.10.120.174]) by smtp.corp.redhat.com (Postfix) with ESMTP id D16E06B8D6; Sun, 28 Apr 2019 04:17:22 +0000 (UTC) From: Mike Christie To: martin.petersen@oracle.com, linux-scsi@vger.kernel.org, target-devel@vger.kernel.org, nab@linux-iscsi.org Cc: Mike Christie Subject: [PATCH 1/2] iscsi target: make function to get auth from conn Date: Sat, 27 Apr 2019 23:17:19 -0500 Message-Id: <20190428041720.9119-2-mchristi@redhat.com> In-Reply-To: <20190428041720.9119-1-mchristi@redhat.com> References: <20190428041720.9119-1-mchristi@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]); Sun, 28 Apr 2019 04:17:23 +0000 (UTC) Sender: target-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: target-devel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Move the code to go from iscsi conn to iscsi node auth to a helper function which will also be used in the next patch. Signed-off-by: Mike Christie --- drivers/target/iscsi/iscsi_target_nego.c | 35 +++++++++++++++++++++----------- 1 file changed, 23 insertions(+), 12 deletions(-) diff --git a/drivers/target/iscsi/iscsi_target_nego.c b/drivers/target/iscsi/iscsi_target_nego.c index 8a5e8d1..7d794be 100644 --- a/drivers/target/iscsi/iscsi_target_nego.c +++ b/drivers/target/iscsi/iscsi_target_nego.c @@ -103,13 +103,8 @@ int extract_param( return 0; } -static u32 iscsi_handle_authentication( - struct iscsi_conn *conn, - char *in_buf, - char *out_buf, - int in_length, - int *out_length, - unsigned char *authtype) +static struct iscsi_node_auth *iscsi_target_get_auth_from_conn( + struct iscsi_conn *conn) { struct iscsi_session *sess = conn->sess; struct iscsi_node_auth *auth; @@ -125,25 +120,24 @@ static u32 iscsi_handle_authentication( if (!se_nacl) { pr_err("Unable to locate struct se_node_acl for" " CHAP auth\n"); - return -1; + return NULL; } iscsi_nacl = container_of(se_nacl, struct iscsi_node_acl, se_node_acl); if (!iscsi_nacl) { pr_err("Unable to locate struct iscsi_node_acl for" " CHAP auth\n"); - return -1; + return NULL; } if (se_nacl->dynamic_node_acl) { iscsi_tpg = container_of(se_nacl->se_tpg, - struct iscsi_portal_group, tpg_se_tpg); - + struct iscsi_portal_group, + tpg_se_tpg); auth = &iscsi_tpg->tpg_demo_auth; } else { iscsi_nacl = container_of(se_nacl, struct iscsi_node_acl, se_node_acl); - auth = &iscsi_nacl->node_auth; } } else { @@ -153,6 +147,23 @@ static u32 iscsi_handle_authentication( auth = &iscsit_global->discovery_acl.node_auth; } + return auth; +} + +static u32 iscsi_handle_authentication( + struct iscsi_conn *conn, + char *in_buf, + char *out_buf, + int in_length, + int *out_length, + unsigned char *authtype) +{ + struct iscsi_node_auth *auth; + + auth = iscsi_target_get_auth_from_conn(conn); + if (!auth) + return -1; + if (strstr("CHAP", authtype)) strcpy(conn->sess->auth_type, "CHAP"); else From patchwork Sun Apr 28 04:17:20 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mike Christie X-Patchwork-Id: 10920641 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 88F3A1921 for ; Sun, 28 Apr 2019 04:17:29 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 78E042884A for ; Sun, 28 Apr 2019 04:17:29 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 62CAA288EA; Sun, 28 Apr 2019 04:17:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D60502888B for ; Sun, 28 Apr 2019 04:17:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726023AbfD1ERZ (ORCPT ); Sun, 28 Apr 2019 00:17:25 -0400 Received: from mx1.redhat.com ([209.132.183.28]:45964 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725818AbfD1ERY (ORCPT ); Sun, 28 Apr 2019 00:17:24 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B107F20269; Sun, 28 Apr 2019 04:17:24 +0000 (UTC) Received: from rh2.redhat.com (ovpn-120-174.rdu2.redhat.com [10.10.120.174]) by smtp.corp.redhat.com (Postfix) with ESMTP id DBFBD6BF8A; Sun, 28 Apr 2019 04:17:23 +0000 (UTC) From: Mike Christie To: martin.petersen@oracle.com, linux-scsi@vger.kernel.org, target-devel@vger.kernel.org, nab@linux-iscsi.org Cc: Mike Christie Subject: [PATCH 2/2] iscsi target: Fix CHAP negotiation setup Date: Sat, 27 Apr 2019 23:17:20 -0500 Message-Id: <20190428041720.9119-3-mchristi@redhat.com> In-Reply-To: <20190428041720.9119-1-mchristi@redhat.com> References: <20190428041720.9119-1-mchristi@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Sun, 28 Apr 2019 04:17:24 +0000 (UTC) Sender: target-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: target-devel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP If the user has disabled authentication and not setup CHAP, we will still try to use CHAP if the initiator sends CHAP,None. The login will then fail because the user didn't setup CHAP. This patch just has us detect when CHAP/authentication has been turned off so we negotiate for None instead of CHAP. Signed-off-by: Mike Christie --- drivers/target/iscsi/iscsi_target_nego.c | 41 +++++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/drivers/target/iscsi/iscsi_target_nego.c b/drivers/target/iscsi/iscsi_target_nego.c index 7d794be..055c1cc 100644 --- a/drivers/target/iscsi/iscsi_target_nego.c +++ b/drivers/target/iscsi/iscsi_target_nego.c @@ -828,6 +828,45 @@ static int iscsi_target_do_authentication( return 0; } +static struct iscsi_param *iscsi_target_init_auth_param(struct iscsi_conn *conn) +{ + struct iscsi_session *sess = conn->sess; + struct iscsi_node_auth *auth; + struct iscsi_portal_group *iscsi_tpg; + struct se_node_acl *se_nacl; + struct iscsi_param *param; + + param = iscsi_find_param_from_key(AUTHMETHOD, conn->param_list); + if (!param) + return NULL; + + if (sess->sess_ops->SessionType) { + iscsi_tpg = iscsit_global->discovery_tpg; + } else { + se_nacl = conn->sess->se_sess->se_node_acl; + + iscsi_tpg = container_of(se_nacl->se_tpg, + struct iscsi_portal_group, tpg_se_tpg); + } + + auth = iscsi_target_get_auth_from_conn(conn); + if (!auth) + return NULL; + /* + * If we have CHAP,None but have not setup any CHAP values and have + * disabled enforcement then use None. If the user has partially setup + * CHAP then still use CHAP, so login fails and we do not allow access + * due to user misconfiguration. + */ + if (strstr("CHAP,None", param->value) && !auth->naf_flags && + !iscsi_tpg->tpg_attrib.authentication) { + if (iscsi_update_param_value(param, NONE) < 0) + return NULL; + } + + return param; +} + static int iscsi_target_handle_csg_zero( struct iscsi_conn *conn, struct iscsi_login *login) @@ -842,7 +881,7 @@ static int iscsi_target_handle_csg_zero( login_rsp = (struct iscsi_login_rsp *) login->rsp; payload_length = ntoh24(login_req->dlength); - param = iscsi_find_param_from_key(AUTHMETHOD, conn->param_list); + param = iscsi_target_init_auth_param(conn); if (!param) return -1;