tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
iscsi-target: Add demo-mode TPG authentication context support
This patch adds a auth configfs group context following existing
explict NodeACL and discovery auth within:
/sys/kernel/config/target/iscsi/$TARGETNAME/$TPGT/auth/
This patch allows these attributes to be used for CHAP authentication
an TPG is configured in demo-mode (generate_node_acl=1).
Note this authentication information takes precedence over NodeACL
authentication when struct se_node_acl->dynamic_node_acl is present.
Cc: Dax Kelson <dkelson@gurulabs.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
+139
-1
+126
drivers/target/iscsi/iscsi_target_configfs.c
+126
drivers/target/iscsi/iscsi_target_configfs.c
···
1052
1052
1053
1053
/* End items for lio_target_tpg_attrib_cit */
1054
1054
1055
+
/* Start items for lio_target_tpg_auth_cit */
1056
+
1057
+
#define __DEF_TPG_AUTH_STR(prefix, name, flags) \
1058
+
static ssize_t __iscsi_##prefix##_show_##name( \
1059
+
struct se_portal_group *se_tpg, \
1060
+
char *page) \
1061
+
{ \
1062
+
struct iscsi_portal_group *tpg = container_of(se_tpg, \
1063
+
struct iscsi_portal_group, tpg_se_tpg); \
1064
+
struct iscsi_node_auth *auth = &tpg->tpg_demo_auth; \
1065
+
\
1066
+
if (!capable(CAP_SYS_ADMIN)) \
1067
+
return -EPERM; \
1068
+
\
1069
+
return snprintf(page, PAGE_SIZE, "%s\n", auth->name); \
1070
+
} \
1071
+
\
1072
+
static ssize_t __iscsi_##prefix##_store_##name( \
1073
+
struct se_portal_group *se_tpg, \
1074
+
const char *page, \
1075
+
size_t count) \
1076
+
{ \
1077
+
struct iscsi_portal_group *tpg = container_of(se_tpg, \
1078
+
struct iscsi_portal_group, tpg_se_tpg); \
1079
+
struct iscsi_node_auth *auth = &tpg->tpg_demo_auth; \
1080
+
\
1081
+
if (!capable(CAP_SYS_ADMIN)) \
1082
+
return -EPERM; \
1083
+
\
1084
+
snprintf(auth->name, PAGE_SIZE, "%s", page); \
1085
+
if (!(strncmp("NULL", auth->name, 4))) \
1086
+
auth->naf_flags &= ~flags; \
1087
+
else \
1088
+
auth->naf_flags |= flags; \
1089
+
\
1090
+
if ((auth->naf_flags & NAF_USERID_IN_SET) && \
1091
+
(auth->naf_flags & NAF_PASSWORD_IN_SET)) \
1092
+
auth->authenticate_target = 1; \
1093
+
else \
1094
+
auth->authenticate_target = 0; \
1095
+
\
1096
+
return count; \
1097
+
}
1098
+
1099
+
#define __DEF_TPG_AUTH_INT(prefix, name) \
1100
+
static ssize_t __iscsi_##prefix##_show_##name( \
1101
+
struct se_portal_group *se_tpg, \
1102
+
char *page) \
1103
+
{ \
1104
+
struct iscsi_portal_group *tpg = container_of(se_tpg, \
1105
+
struct iscsi_portal_group, tpg_se_tpg); \
1106
+
struct iscsi_node_auth *auth = &tpg->tpg_demo_auth; \
1107
+
\
1108
+
if (!capable(CAP_SYS_ADMIN)) \
1109
+
return -EPERM; \
1110
+
\
1111
+
return snprintf(page, PAGE_SIZE, "%d\n", auth->name); \
1112
+
}
1113
+
1114
+
#define DEF_TPG_AUTH_STR(name, flags) \
1115
+
__DEF_TPG_AUTH_STR(tpg_auth, name, flags) \
1116
+
static ssize_t iscsi_tpg_auth_show_##name( \
1117
+
struct se_portal_group *se_tpg, \
1118
+
char *page) \
1119
+
{ \
1120
+
return __iscsi_tpg_auth_show_##name(se_tpg, page); \
1121
+
} \
1122
+
\
1123
+
static ssize_t iscsi_tpg_auth_store_##name( \
1124
+
struct se_portal_group *se_tpg, \
1125
+
const char *page, \
1126
+
size_t count) \
1127
+
{ \
1128
+
return __iscsi_tpg_auth_store_##name(se_tpg, page, count); \
1129
+
}
1130
+
1131
+
#define DEF_TPG_AUTH_INT(name) \
1132
+
__DEF_TPG_AUTH_INT(tpg_auth, name) \
1133
+
static ssize_t iscsi_tpg_auth_show_##name( \
1134
+
struct se_portal_group *se_tpg, \
1135
+
char *page) \
1136
+
{ \
1137
+
return __iscsi_tpg_auth_show_##name(se_tpg, page); \
1138
+
}
1139
+
1140
+
#define TPG_AUTH_ATTR(_name, _mode) TF_TPG_AUTH_ATTR(iscsi, _name, _mode);
1141
+
#define TPG_AUTH_ATTR_RO(_name) TF_TPG_AUTH_ATTR_RO(iscsi, _name);
1142
+
1143
+
/*
1144
+
* * One-way authentication userid
1145
+
* */
1146
+
DEF_TPG_AUTH_STR(userid, NAF_USERID_SET);
1147
+
TPG_AUTH_ATTR(userid, S_IRUGO | S_IWUSR);
1148
+
/*
1149
+
* * One-way authentication password
1150
+
* */
1151
+
DEF_TPG_AUTH_STR(password, NAF_PASSWORD_SET);
1152
+
TPG_AUTH_ATTR(password, S_IRUGO | S_IWUSR);
1153
+
/*
1154
+
* * Enforce mutual authentication
1155
+
* */
1156
+
DEF_TPG_AUTH_INT(authenticate_target);
1157
+
TPG_AUTH_ATTR_RO(authenticate_target);
1158
+
/*
1159
+
* * Mutual authentication userid
1160
+
* */
1161
+
DEF_TPG_AUTH_STR(userid_mutual, NAF_USERID_IN_SET);
1162
+
TPG_AUTH_ATTR(userid_mutual, S_IRUGO | S_IWUSR);
1163
+
/*
1164
+
* * Mutual authentication password
1165
+
* */
1166
+
DEF_TPG_AUTH_STR(password_mutual, NAF_PASSWORD_IN_SET);
1167
+
TPG_AUTH_ATTR(password_mutual, S_IRUGO | S_IWUSR);
1168
+
1169
+
static struct configfs_attribute *lio_target_tpg_auth_attrs[] = {
1170
+
&iscsi_tpg_auth_userid.attr,
1171
+
&iscsi_tpg_auth_password.attr,
1172
+
&iscsi_tpg_auth_authenticate_target.attr,
1173
+
&iscsi_tpg_auth_userid_mutual.attr,
1174
+
&iscsi_tpg_auth_password_mutual.attr,
1175
+
NULL,
1176
+
};
1177
+
1178
+
/* End items for lio_target_tpg_auth_cit */
1179
+
1055
1180
/* Start items for lio_target_tpg_param_cit */
1056
1181
1057
1182
#define DEF_TPG_PARAM(name) \
···
1990
1865
TF_CIT_TMPL(fabric)->tfc_wwn_cit.ct_attrs = lio_target_wwn_attrs;
1991
1866
TF_CIT_TMPL(fabric)->tfc_tpg_base_cit.ct_attrs = lio_target_tpg_attrs;
1992
1867
TF_CIT_TMPL(fabric)->tfc_tpg_attrib_cit.ct_attrs = lio_target_tpg_attrib_attrs;
1868
+
TF_CIT_TMPL(fabric)->tfc_tpg_auth_cit.ct_attrs = lio_target_tpg_auth_attrs;
1993
1869
TF_CIT_TMPL(fabric)->tfc_tpg_param_cit.ct_attrs = lio_target_tpg_param_attrs;
1994
1870
TF_CIT_TMPL(fabric)->tfc_tpg_np_base_cit.ct_attrs = lio_target_portal_attrs;
1995
1871
TF_CIT_TMPL(fabric)->tfc_tpg_nacl_base_cit.ct_attrs = lio_target_initiator_attrs;
+1
drivers/target/iscsi/iscsi_target_core.h
+1
drivers/target/iscsi/iscsi_target_core.h
···
813
813
struct mutex tpg_access_lock;
814
814
struct mutex np_login_lock;
815
815
struct iscsi_tpg_attrib tpg_attrib;
816
+
struct iscsi_node_auth tpg_demo_auth;
816
817
/* Pointer to default list of iSCSI parameters for TPG */
817
818
struct iscsi_param_list *param_list;
818
819
struct iscsi_tiqn *tpg_tiqn;
+12
-1
drivers/target/iscsi/iscsi_target_nego.c
+12
-1
drivers/target/iscsi/iscsi_target_nego.c
···
112
112
struct iscsi_session *sess = conn->sess;
113
113
struct iscsi_node_auth *auth;
114
114
struct iscsi_node_acl *iscsi_nacl;
115
+
struct iscsi_portal_group *iscsi_tpg;
115
116
struct se_node_acl *se_nacl;
116
117
117
118
if (!sess->sess_ops->SessionType) {
···
133
132
return -1;
134
133
}
135
134
136
-
auth = ISCSI_NODE_AUTH(iscsi_nacl);
135
+
if (se_nacl->dynamic_node_acl) {
136
+
iscsi_tpg = container_of(se_nacl->se_tpg,
137
+
struct iscsi_portal_group, tpg_se_tpg);
138
+
139
+
auth = &iscsi_tpg->tpg_demo_auth;
140
+
} else {
141
+
iscsi_nacl = container_of(se_nacl, struct iscsi_node_acl,
142
+
se_node_acl);
143
+
144
+
auth = ISCSI_NODE_AUTH(iscsi_nacl);
145
+
}
137
146
} else {
138
147
/*
139
148
* For SessionType=Discovery