iscsi-target: Add demo-mode TPG authentication context support

This patch adds a auth configfs group context following existing
explict NodeACL and discovery auth within:

  /sys/kernel/config/target/iscsi/$TARGETNAME/$TPGT/auth/

This patch allows these attributes to be used for CHAP authentication
an TPG is configured in demo-mode (generate_node_acl=1).

Note this authentication information takes precedence over NodeACL
authentication when struct se_node_acl->dynamic_node_acl is present.

Cc: Dax Kelson <dkelson@gurulabs.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
This commit is contained in:
Nicholas Bellinger 2013-06-19 18:48:51 -07:00
Родитель e4b512e713
Коммит c3e5144271
3 изменённых файлов: 139 добавлений и 1 удалений

Просмотреть файл

@ -1052,6 +1052,131 @@ static struct configfs_attribute *lio_target_tpg_attrib_attrs[] = {
/* End items for lio_target_tpg_attrib_cit */ /* End items for lio_target_tpg_attrib_cit */
/* Start items for lio_target_tpg_auth_cit */
#define __DEF_TPG_AUTH_STR(prefix, name, flags) \
static ssize_t __iscsi_##prefix##_show_##name( \
struct se_portal_group *se_tpg, \
char *page) \
{ \
struct iscsi_portal_group *tpg = container_of(se_tpg, \
struct iscsi_portal_group, tpg_se_tpg); \
struct iscsi_node_auth *auth = &tpg->tpg_demo_auth; \
\
if (!capable(CAP_SYS_ADMIN)) \
return -EPERM; \
\
return snprintf(page, PAGE_SIZE, "%s\n", auth->name); \
} \
\
static ssize_t __iscsi_##prefix##_store_##name( \
struct se_portal_group *se_tpg, \
const char *page, \
size_t count) \
{ \
struct iscsi_portal_group *tpg = container_of(se_tpg, \
struct iscsi_portal_group, tpg_se_tpg); \
struct iscsi_node_auth *auth = &tpg->tpg_demo_auth; \
\
if (!capable(CAP_SYS_ADMIN)) \
return -EPERM; \
\
snprintf(auth->name, PAGE_SIZE, "%s", page); \
if (!(strncmp("NULL", auth->name, 4))) \
auth->naf_flags &= ~flags; \
else \
auth->naf_flags |= flags; \
\
if ((auth->naf_flags & NAF_USERID_IN_SET) && \
(auth->naf_flags & NAF_PASSWORD_IN_SET)) \
auth->authenticate_target = 1; \
else \
auth->authenticate_target = 0; \
\
return count; \
}
#define __DEF_TPG_AUTH_INT(prefix, name) \
static ssize_t __iscsi_##prefix##_show_##name( \
struct se_portal_group *se_tpg, \
char *page) \
{ \
struct iscsi_portal_group *tpg = container_of(se_tpg, \
struct iscsi_portal_group, tpg_se_tpg); \
struct iscsi_node_auth *auth = &tpg->tpg_demo_auth; \
\
if (!capable(CAP_SYS_ADMIN)) \
return -EPERM; \
\
return snprintf(page, PAGE_SIZE, "%d\n", auth->name); \
}
#define DEF_TPG_AUTH_STR(name, flags) \
__DEF_TPG_AUTH_STR(tpg_auth, name, flags) \
static ssize_t iscsi_tpg_auth_show_##name( \
struct se_portal_group *se_tpg, \
char *page) \
{ \
return __iscsi_tpg_auth_show_##name(se_tpg, page); \
} \
\
static ssize_t iscsi_tpg_auth_store_##name( \
struct se_portal_group *se_tpg, \
const char *page, \
size_t count) \
{ \
return __iscsi_tpg_auth_store_##name(se_tpg, page, count); \
}
#define DEF_TPG_AUTH_INT(name) \
__DEF_TPG_AUTH_INT(tpg_auth, name) \
static ssize_t iscsi_tpg_auth_show_##name( \
struct se_portal_group *se_tpg, \
char *page) \
{ \
return __iscsi_tpg_auth_show_##name(se_tpg, page); \
}
#define TPG_AUTH_ATTR(_name, _mode) TF_TPG_AUTH_ATTR(iscsi, _name, _mode);
#define TPG_AUTH_ATTR_RO(_name) TF_TPG_AUTH_ATTR_RO(iscsi, _name);
/*
* * One-way authentication userid
* */
DEF_TPG_AUTH_STR(userid, NAF_USERID_SET);
TPG_AUTH_ATTR(userid, S_IRUGO | S_IWUSR);
/*
* * One-way authentication password
* */
DEF_TPG_AUTH_STR(password, NAF_PASSWORD_SET);
TPG_AUTH_ATTR(password, S_IRUGO | S_IWUSR);
/*
* * Enforce mutual authentication
* */
DEF_TPG_AUTH_INT(authenticate_target);
TPG_AUTH_ATTR_RO(authenticate_target);
/*
* * Mutual authentication userid
* */
DEF_TPG_AUTH_STR(userid_mutual, NAF_USERID_IN_SET);
TPG_AUTH_ATTR(userid_mutual, S_IRUGO | S_IWUSR);
/*
* * Mutual authentication password
* */
DEF_TPG_AUTH_STR(password_mutual, NAF_PASSWORD_IN_SET);
TPG_AUTH_ATTR(password_mutual, S_IRUGO | S_IWUSR);
static struct configfs_attribute *lio_target_tpg_auth_attrs[] = {
&iscsi_tpg_auth_userid.attr,
&iscsi_tpg_auth_password.attr,
&iscsi_tpg_auth_authenticate_target.attr,
&iscsi_tpg_auth_userid_mutual.attr,
&iscsi_tpg_auth_password_mutual.attr,
NULL,
};
/* End items for lio_target_tpg_auth_cit */
/* Start items for lio_target_tpg_param_cit */ /* Start items for lio_target_tpg_param_cit */
#define DEF_TPG_PARAM(name) \ #define DEF_TPG_PARAM(name) \
@ -1865,6 +1990,7 @@ int iscsi_target_register_configfs(void)
TF_CIT_TMPL(fabric)->tfc_wwn_cit.ct_attrs = lio_target_wwn_attrs; TF_CIT_TMPL(fabric)->tfc_wwn_cit.ct_attrs = lio_target_wwn_attrs;
TF_CIT_TMPL(fabric)->tfc_tpg_base_cit.ct_attrs = lio_target_tpg_attrs; TF_CIT_TMPL(fabric)->tfc_tpg_base_cit.ct_attrs = lio_target_tpg_attrs;
TF_CIT_TMPL(fabric)->tfc_tpg_attrib_cit.ct_attrs = lio_target_tpg_attrib_attrs; TF_CIT_TMPL(fabric)->tfc_tpg_attrib_cit.ct_attrs = lio_target_tpg_attrib_attrs;
TF_CIT_TMPL(fabric)->tfc_tpg_auth_cit.ct_attrs = lio_target_tpg_auth_attrs;
TF_CIT_TMPL(fabric)->tfc_tpg_param_cit.ct_attrs = lio_target_tpg_param_attrs; TF_CIT_TMPL(fabric)->tfc_tpg_param_cit.ct_attrs = lio_target_tpg_param_attrs;
TF_CIT_TMPL(fabric)->tfc_tpg_np_base_cit.ct_attrs = lio_target_portal_attrs; TF_CIT_TMPL(fabric)->tfc_tpg_np_base_cit.ct_attrs = lio_target_portal_attrs;
TF_CIT_TMPL(fabric)->tfc_tpg_nacl_base_cit.ct_attrs = lio_target_initiator_attrs; TF_CIT_TMPL(fabric)->tfc_tpg_nacl_base_cit.ct_attrs = lio_target_initiator_attrs;

Просмотреть файл

@ -813,6 +813,7 @@ struct iscsi_portal_group {
struct mutex tpg_access_lock; struct mutex tpg_access_lock;
struct mutex np_login_lock; struct mutex np_login_lock;
struct iscsi_tpg_attrib tpg_attrib; struct iscsi_tpg_attrib tpg_attrib;
struct iscsi_node_auth tpg_demo_auth;
/* Pointer to default list of iSCSI parameters for TPG */ /* Pointer to default list of iSCSI parameters for TPG */
struct iscsi_param_list *param_list; struct iscsi_param_list *param_list;
struct iscsi_tiqn *tpg_tiqn; struct iscsi_tiqn *tpg_tiqn;

Просмотреть файл

@ -112,6 +112,7 @@ static u32 iscsi_handle_authentication(
struct iscsi_session *sess = conn->sess; struct iscsi_session *sess = conn->sess;
struct iscsi_node_auth *auth; struct iscsi_node_auth *auth;
struct iscsi_node_acl *iscsi_nacl; struct iscsi_node_acl *iscsi_nacl;
struct iscsi_portal_group *iscsi_tpg;
struct se_node_acl *se_nacl; struct se_node_acl *se_nacl;
if (!sess->sess_ops->SessionType) { if (!sess->sess_ops->SessionType) {
@ -132,7 +133,17 @@ static u32 iscsi_handle_authentication(
return -1; return -1;
} }
auth = ISCSI_NODE_AUTH(iscsi_nacl); if (se_nacl->dynamic_node_acl) {
iscsi_tpg = container_of(se_nacl->se_tpg,
struct iscsi_portal_group, tpg_se_tpg);
auth = &iscsi_tpg->tpg_demo_auth;
} else {
iscsi_nacl = container_of(se_nacl, struct iscsi_node_acl,
se_node_acl);
auth = ISCSI_NODE_AUTH(iscsi_nacl);
}
} else { } else {
/* /*
* For SessionType=Discovery * For SessionType=Discovery