tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

scsi: target: iscsi: Allow AuthMethod=None

Allow negotiating AuthMethod=None at CSG=0 (Security Negotiation) when
authentication is not required. That is required by the CHAP test in
Windows HLK.

Link: https://lore.kernel.org/r/20220718152555.17084-4-d.bogdanov@yadro.com
Reviewed-by: Mike Christie <michael.christie@oracle.com>
Signed-off-by: Dmitry Bogdanov <d.bogdanov@yadro.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

authored by

Dmitry Bogdanov and committed by
Martin K. Petersen e52b904b 1e573388

+15 -2
+13
drivers/target/iscsi/iscsi_target_login.c
··· 341 341 { 342 342 struct iscsi_node_attrib *na; 343 343 struct iscsit_session *sess = conn->sess; 344 + struct iscsi_param *param; 344 345 bool iser = false; 345 346 346 347 sess->tpg = conn->tpg; ··· 374 373 conn->param_list); 375 374 376 375 na = iscsit_tpg_get_node_attrib(sess); 376 + 377 + /* 378 + * If ACL allows non-authorized access in TPG with CHAP, 379 + * then set None to AuthMethod. 380 + */ 381 + param = iscsi_find_param_from_key(AUTHMETHOD, conn->param_list); 382 + if (param && !strstr(param->value, NONE)) { 383 + if (!iscsi_conn_auth_required(conn)) 384 + if (iscsi_change_param_sprintf(conn, "AuthMethod=%s", 385 + NONE)) 386 + return -1; 387 + } 377 388 378 389 /* 379 390 * Need to send TargetPortalGroupTag back in first login response
+1 -1
drivers/target/iscsi/iscsi_target_nego.c
··· 814 814 return 0; 815 815 } 816 816 817 - static bool iscsi_conn_auth_required(struct iscsit_conn *conn) 817 + bool iscsi_conn_auth_required(struct iscsit_conn *conn) 818 818 { 819 819 struct iscsi_node_acl *nacl; 820 820 struct se_node_acl *se_nacl;
+1 -1
drivers/target/iscsi/iscsi_target_nego.h
··· 22 22 extern int iscsi_target_start_negotiation( 23 23 struct iscsi_login *, struct iscsit_conn *); 24 24 extern void iscsi_target_nego_release(struct iscsit_conn *); 25 - 25 + extern bool iscsi_conn_auth_required(struct iscsit_conn *conn); 26 26 #endif /* ISCSI_TARGET_NEGO_H */