iscsi-target: Add demo-mode TPG authentication context support
authorNicholas Bellinger <nab@linux-iscsi.org>
Thu, 20 Jun 2013 01:48:51 +0000 (18:48 -0700)
committerNicholas Bellinger <nab@linux-iscsi.org>
Thu, 4 Jul 2013 02:44:32 +0000 (19:44 -0700)
This patch adds a auth configfs group context following existing
explict NodeACL and discovery auth within:

  /sys/kernel/config/target/iscsi/$TARGETNAME/$TPGT/auth/

This patch allows these attributes to be used for CHAP authentication
an TPG is configured in demo-mode (generate_node_acl=1).

Note this authentication information takes precedence over NodeACL
authentication when struct se_node_acl->dynamic_node_acl is present.

Cc: Dax Kelson <dkelson@gurulabs.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
drivers/target/iscsi/iscsi_target_configfs.c
drivers/target/iscsi/iscsi_target_core.h
drivers/target/iscsi/iscsi_target_nego.c

index 13e9e71..e251849 100644 (file)
@@ -1052,6 +1052,131 @@ static struct configfs_attribute *lio_target_tpg_attrib_attrs[] = {
 
 /* End items for lio_target_tpg_attrib_cit */
 
+/* Start items for lio_target_tpg_auth_cit */
+
+#define __DEF_TPG_AUTH_STR(prefix, name, flags)                                        \
+static ssize_t __iscsi_##prefix##_show_##name(                                 \
+       struct se_portal_group *se_tpg,                                         \
+       char *page)                                                             \
+{                                                                              \
+       struct iscsi_portal_group *tpg = container_of(se_tpg,                   \
+                               struct iscsi_portal_group, tpg_se_tpg);         \
+       struct iscsi_node_auth *auth = &tpg->tpg_demo_auth;                     \
+                                                                               \
+       if (!capable(CAP_SYS_ADMIN))                                            \
+               return -EPERM;                                                  \
+                                                                               \
+       return snprintf(page, PAGE_SIZE, "%s\n", auth->name);                   \
+}                                                                              \
+                                                                               \
+static ssize_t __iscsi_##prefix##_store_##name(                                        \
+       struct se_portal_group *se_tpg,                                         \
+       const char *page,                                                       \
+       size_t count)                                                           \
+{                                                                              \
+       struct iscsi_portal_group *tpg = container_of(se_tpg,                   \
+                               struct iscsi_portal_group, tpg_se_tpg);         \
+       struct iscsi_node_auth *auth = &tpg->tpg_demo_auth;                     \
+                                                                               \
+       if (!capable(CAP_SYS_ADMIN))                                            \
+               return -EPERM;                                                  \
+                                                                               \
+       snprintf(auth->name, PAGE_SIZE, "%s", page);                            \
+       if (!(strncmp("NULL", auth->name, 4)))                                  \
+               auth->naf_flags &= ~flags;                                      \
+       else                                                                    \
+               auth->naf_flags |= flags;                                       \
+                                                                               \
+       if ((auth->naf_flags & NAF_USERID_IN_SET) &&                            \
+           (auth->naf_flags & NAF_PASSWORD_IN_SET))                            \
+               auth->authenticate_target = 1;                                  \
+       else                                                                    \
+               auth->authenticate_target = 0;                                  \
+                                                                               \
+       return count;                                                           \
+}
+
+#define __DEF_TPG_AUTH_INT(prefix, name)                                       \
+static ssize_t __iscsi_##prefix##_show_##name(                                 \
+       struct se_portal_group *se_tpg,                                         \
+       char *page)                                                             \
+{                                                                              \
+       struct iscsi_portal_group *tpg = container_of(se_tpg,                   \
+                               struct iscsi_portal_group, tpg_se_tpg);         \
+       struct iscsi_node_auth *auth = &tpg->tpg_demo_auth;                     \
+                                                                               \
+       if (!capable(CAP_SYS_ADMIN))                                            \
+               return -EPERM;                                                  \
+                                                                               \
+       return snprintf(page, PAGE_SIZE, "%d\n", auth->name);                   \
+}
+
+#define DEF_TPG_AUTH_STR(name, flags)                                          \
+       __DEF_TPG_AUTH_STR(tpg_auth, name, flags)                               \
+static ssize_t iscsi_tpg_auth_show_##name(                                     \
+       struct se_portal_group *se_tpg,                                         \
+       char *page)                                                             \
+{                                                                              \
+       return __iscsi_tpg_auth_show_##name(se_tpg, page);                      \
+}                                                                              \
+                                                                               \
+static ssize_t iscsi_tpg_auth_store_##name(                                    \
+       struct se_portal_group *se_tpg,                                         \
+       const char *page,                                                       \
+       size_t count)                                                           \
+{                                                                              \
+       return __iscsi_tpg_auth_store_##name(se_tpg, page, count);              \
+}
+
+#define DEF_TPG_AUTH_INT(name)                                                 \
+       __DEF_TPG_AUTH_INT(tpg_auth, name)                                      \
+static ssize_t iscsi_tpg_auth_show_##name(                                     \
+       struct se_portal_group *se_tpg,                                         \
+       char *page)                                                             \
+{                                                                              \
+       return __iscsi_tpg_auth_show_##name(se_tpg, page);                      \
+}
+
+#define TPG_AUTH_ATTR(_name, _mode) TF_TPG_AUTH_ATTR(iscsi, _name, _mode);
+#define TPG_AUTH_ATTR_RO(_name) TF_TPG_AUTH_ATTR_RO(iscsi, _name);
+
+/*
+ *  * One-way authentication userid
+ *   */
+DEF_TPG_AUTH_STR(userid, NAF_USERID_SET);
+TPG_AUTH_ATTR(userid, S_IRUGO | S_IWUSR);
+/*
+ *  * One-way authentication password
+ *   */
+DEF_TPG_AUTH_STR(password, NAF_PASSWORD_SET);
+TPG_AUTH_ATTR(password, S_IRUGO | S_IWUSR);
+/*
+ *  * Enforce mutual authentication
+ *   */
+DEF_TPG_AUTH_INT(authenticate_target);
+TPG_AUTH_ATTR_RO(authenticate_target);
+/*
+ *  * Mutual authentication userid
+ *   */
+DEF_TPG_AUTH_STR(userid_mutual, NAF_USERID_IN_SET);
+TPG_AUTH_ATTR(userid_mutual, S_IRUGO | S_IWUSR);
+/*
+ *  * Mutual authentication password
+ *   */
+DEF_TPG_AUTH_STR(password_mutual, NAF_PASSWORD_IN_SET);
+TPG_AUTH_ATTR(password_mutual, S_IRUGO | S_IWUSR);
+
+static struct configfs_attribute *lio_target_tpg_auth_attrs[] = {
+       &iscsi_tpg_auth_userid.attr,
+       &iscsi_tpg_auth_password.attr,
+       &iscsi_tpg_auth_authenticate_target.attr,
+       &iscsi_tpg_auth_userid_mutual.attr,
+       &iscsi_tpg_auth_password_mutual.attr,
+       NULL,
+};
+
+/* End items for lio_target_tpg_auth_cit */
+
 /* Start items for lio_target_tpg_param_cit */
 
 #define DEF_TPG_PARAM(name)                                            \
@@ -1865,6 +1990,7 @@ int iscsi_target_register_configfs(void)
        TF_CIT_TMPL(fabric)->tfc_wwn_cit.ct_attrs = lio_target_wwn_attrs;
        TF_CIT_TMPL(fabric)->tfc_tpg_base_cit.ct_attrs = lio_target_tpg_attrs;
        TF_CIT_TMPL(fabric)->tfc_tpg_attrib_cit.ct_attrs = lio_target_tpg_attrib_attrs;
+       TF_CIT_TMPL(fabric)->tfc_tpg_auth_cit.ct_attrs = lio_target_tpg_auth_attrs;
        TF_CIT_TMPL(fabric)->tfc_tpg_param_cit.ct_attrs = lio_target_tpg_param_attrs;
        TF_CIT_TMPL(fabric)->tfc_tpg_np_base_cit.ct_attrs = lio_target_portal_attrs;
        TF_CIT_TMPL(fabric)->tfc_tpg_nacl_base_cit.ct_attrs = lio_target_initiator_attrs;
index 3436a2c..391283c 100644 (file)
@@ -813,6 +813,7 @@ struct iscsi_portal_group {
        struct mutex            tpg_access_lock;
        struct mutex            np_login_lock;
        struct iscsi_tpg_attrib tpg_attrib;
+       struct iscsi_node_auth  tpg_demo_auth;
        /* Pointer to default list of iSCSI parameters for TPG */
        struct iscsi_param_list *param_list;
        struct iscsi_tiqn       *tpg_tiqn;
index 7ad9120..6b5fc27 100644 (file)
@@ -112,6 +112,7 @@ static u32 iscsi_handle_authentication(
        struct iscsi_session *sess = conn->sess;
        struct iscsi_node_auth *auth;
        struct iscsi_node_acl *iscsi_nacl;
+       struct iscsi_portal_group *iscsi_tpg;
        struct se_node_acl *se_nacl;
 
        if (!sess->sess_ops->SessionType) {
@@ -132,7 +133,17 @@ static u32 iscsi_handle_authentication(
                        return -1;
                }
 
-               auth = ISCSI_NODE_AUTH(iscsi_nacl);
+               if (se_nacl->dynamic_node_acl) {
+                       iscsi_tpg = container_of(se_nacl->se_tpg,
+                                       struct iscsi_portal_group, tpg_se_tpg);
+
+                       auth = &iscsi_tpg->tpg_demo_auth;
+               } else {
+                       iscsi_nacl = container_of(se_nacl, struct iscsi_node_acl,
+                                                 se_node_acl);
+
+                       auth = ISCSI_NODE_AUTH(iscsi_nacl);
+               }
        } else {
                /*
                 * For SessionType=Discovery