iscsi-target: Add demo-mode TPG authentication context support

This patch adds a auth configfs group context following existing explict NodeACL and discovery auth within: /sys/kernel/config/target/iscsi/$TARGETNAME/$TPGT/auth/ This patch allows these attributes to be used for CHAP authentication an TPG is configured in demo-mode (generate_node_acl=1). Note this authentication information takes precedence over NodeACL authentication when struct se_node_acl->dynamic_node_acl is present. Cc: Dax Kelson <dkelson@gurulabs.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
author: Nicholas Bellinger <nab@linux-iscsi.org> 2013-06-19 21:48:51 -0400
committer: Nicholas Bellinger <nab@linux-iscsi.org> 2013-07-03 22:44:32 -0400
commit: c3e51442711d20ea1245bb6d260aa05593849e82 (patch)
tree: 746a99fb66a70c138247cac66655a7971bce07e0 /drivers/target
parent: e4b512e7133f5243f080db8238c5be8434cbcdfd (diff)
3 files changed, 139 insertions, 1 deletions
diff --git a/drivers/target/iscsi/iscsi_target_configfs.c b/drivers/target/iscsi/iscsi_target_configfs.c
index 13e9e715ad2e..e251849a6140 100644
--- a/drivers/target/iscsi/iscsi_target_configfs.c
+++ b/drivers/target/iscsi/iscsi_target_configfs.c
@@ -1052,6 +1052,131 @@ static struct configfs_attribute *lio_target_tpg_attrib_attrs[] = {
 /* End items for lio_target_tpg_attrib_cit */
+/* Start items for lio_target_tpg_auth_cit */
+#define __DEF_TPG_AUTH_STR(prefix, name, flags)                                 \
+static ssize_t __iscsi_##prefix##_show_##name(                                  \
+        struct se_portal_group *se_tpg,                                         \
+        char *page)                                                             \
+{                                                                               \
+        struct iscsi_portal_group *tpg = container_of(se_tpg,                   \
+                                struct iscsi_portal_group, tpg_se_tpg);         \
+        struct iscsi_node_auth *auth = &tpg->tpg_demo_auth;                     \
+                                                                                \
+        if (!capable(CAP_SYS_ADMIN))                                            \
+                return -EPERM;                                                  \
+                                                                                \
+        return snprintf(page, PAGE_SIZE, "%s\n", auth->name);                   \
+}                                                                               \
+                                                                                \
+static ssize_t __iscsi_##prefix##_store_##name(                                 \
+        struct se_portal_group *se_tpg,                                         \
+        const char *page,                                                       \
+        size_t count)                                                           \
+{                                                                               \
+        struct iscsi_portal_group *tpg = container_of(se_tpg,                   \
+                                struct iscsi_portal_group, tpg_se_tpg);         \
+        struct iscsi_node_auth *auth = &tpg->tpg_demo_auth;                     \
+                                                                                \
+        if (!capable(CAP_SYS_ADMIN))                                            \
+                return -EPERM;                                                  \
+                                                                                \
+        snprintf(auth->name, PAGE_SIZE, "%s", page);                            \
+        if (!(strncmp("NULL", auth->name, 4)))                                  \
+                auth->naf_flags &= ~flags;                                      \
+        else                                                                    \
+                auth->naf_flags |= flags;                                       \
+                                                                                \
+        if ((auth->naf_flags & NAF_USERID_IN_SET) &&                            \
+            (auth->naf_flags & NAF_PASSWORD_IN_SET))                            \
+                auth->authenticate_target = 1;                                  \
+        else                                                                    \
+                auth->authenticate_target = 0;                                  \
+                                                                                \
+        return count;                                                           \
+}
+#define __DEF_TPG_AUTH_INT(prefix, name)                                        \
+static ssize_t __iscsi_##prefix##_show_##name(                                  \
+        struct se_portal_group *se_tpg,                                         \
+        char *page)                                                             \
+{                                                                               \
+        struct iscsi_portal_group *tpg = container_of(se_tpg,                   \
+                                struct iscsi_portal_group, tpg_se_tpg);         \
+        struct iscsi_node_auth *auth = &tpg->tpg_demo_auth;                     \
+                                                                                \
+        if (!capable(CAP_SYS_ADMIN))                                            \
+                return -EPERM;                                                  \
+                                                                                \
+        return snprintf(page, PAGE_SIZE, "%d\n", auth->name);                   \
+}
+#define DEF_TPG_AUTH_STR(name, flags)                                           \
+        __DEF_TPG_AUTH_STR(tpg_auth, name, flags)                               \
+static ssize_t iscsi_tpg_auth_show_##name(                                      \
+        struct se_portal_group *se_tpg,                                         \
+        char *page)                                                             \
+{                                                                               \
+        return __iscsi_tpg_auth_show_##name(se_tpg, page);                      \
+}                                                                               \
+                                                                                \
+static ssize_t iscsi_tpg_auth_store_##name(                                     \
+        struct se_portal_group *se_tpg,                                         \
+        const char *page,                                                       \
+        size_t count)                                                           \
+{                                                                               \
+        return __iscsi_tpg_auth_store_##name(se_tpg, page, count);              \
+}
+#define DEF_TPG_AUTH_INT(name)                                                  \
+        __DEF_TPG_AUTH_INT(tpg_auth, name)                                      \
+static ssize_t iscsi_tpg_auth_show_##name(                                      \
+        struct se_portal_group *se_tpg,                                         \
+        char *page)                                                             \
+{                                                                               \
+        return __iscsi_tpg_auth_show_##name(se_tpg, page);                      \
+}
+#define TPG_AUTH_ATTR(_name, _mode) TF_TPG_AUTH_ATTR(iscsi, _name, _mode);
+#define TPG_AUTH_ATTR_RO(_name) TF_TPG_AUTH_ATTR_RO(iscsi, _name);
+/*
+ *  * One-way authentication userid
+ *   */
+DEF_TPG_AUTH_STR(userid, NAF_USERID_SET);
+TPG_AUTH_ATTR(userid, S_IRUGO | S_IWUSR);
+/*
+ *  * One-way authentication password
+ *   */
+DEF_TPG_AUTH_STR(password, NAF_PASSWORD_SET);
+TPG_AUTH_ATTR(password, S_IRUGO | S_IWUSR);
+/*
+ *  * Enforce mutual authentication
+ *   */
+DEF_TPG_AUTH_INT(authenticate_target);
+TPG_AUTH_ATTR_RO(authenticate_target);
+/*
+ *  * Mutual authentication userid
+ *   */
+DEF_TPG_AUTH_STR(userid_mutual, NAF_USERID_IN_SET);
+TPG_AUTH_ATTR(userid_mutual, S_IRUGO | S_IWUSR);
+/*
+ *  * Mutual authentication password
+ *   */
+DEF_TPG_AUTH_STR(password_mutual, NAF_PASSWORD_IN_SET);
+TPG_AUTH_ATTR(password_mutual, S_IRUGO | S_IWUSR);
+static struct configfs_attribute *lio_target_tpg_auth_attrs[] = {
+        &iscsi_tpg_auth_userid.attr,
+        &iscsi_tpg_auth_password.attr,
+        &iscsi_tpg_auth_authenticate_target.attr,
+        &iscsi_tpg_auth_userid_mutual.attr,
+        &iscsi_tpg_auth_password_mutual.attr,
+        NULL,
+};
+/* End items for lio_target_tpg_auth_cit */
 /* Start items for lio_target_tpg_param_cit */
 #define DEF_TPG_PARAM(name)                                             \
@@ -1865,6 +1990,7 @@ int iscsi_target_register_configfs(void)
        TF_CIT_TMPL(fabric)->tfc_wwn_cit.ct_attrs = lio_target_wwn_attrs;
        TF_CIT_TMPL(fabric)->tfc_tpg_base_cit.ct_attrs = lio_target_tpg_attrs;
        TF_CIT_TMPL(fabric)->tfc_tpg_attrib_cit.ct_attrs = lio_target_tpg_attrib_attrs;
+        TF_CIT_TMPL(fabric)->tfc_tpg_auth_cit.ct_attrs = lio_target_tpg_auth_attrs;
        TF_CIT_TMPL(fabric)->tfc_tpg_param_cit.ct_attrs = lio_target_tpg_param_attrs;
        TF_CIT_TMPL(fabric)->tfc_tpg_np_base_cit.ct_attrs = lio_target_portal_attrs;
        TF_CIT_TMPL(fabric)->tfc_tpg_nacl_base_cit.ct_attrs = lio_target_initiator_attrs;
diff --git a/drivers/target/iscsi/iscsi_target_core.h b/drivers/target/iscsi/iscsi_target_core.h
index 3436a2cc1d35..391283c85313 100644
--- a/drivers/target/iscsi/iscsi_target_core.h
+++ b/drivers/target/iscsi/iscsi_target_core.h
@@ -813,6 +813,7 @@ struct iscsi_portal_group {
        struct mutex            tpg_access_lock;
        struct mutex            np_login_lock;
        struct iscsi_tpg_attrib tpg_attrib;
+        struct iscsi_node_auth  tpg_demo_auth;
        /* Pointer to default list of iSCSI parameters for TPG */
        struct iscsi_param_list *param_list;
        struct iscsi_tiqn       *tpg_tiqn;
diff --git a/drivers/target/iscsi/iscsi_target_nego.c b/drivers/target/iscsi/iscsi_target_nego.c
index 7ad912060e21..6b5fc27a770d 100644
--- a/drivers/target/iscsi/iscsi_target_nego.c
+++ b/drivers/target/iscsi/iscsi_target_nego.c
@@ -112,6 +112,7 @@ static u32 iscsi_handle_authentication(
        struct iscsi_session *sess = conn->sess;
        struct iscsi_node_auth *auth;
        struct iscsi_node_acl *iscsi_nacl;
+        struct iscsi_portal_group *iscsi_tpg;
        struct se_node_acl *se_nacl;
        if (!sess->sess_ops->SessionType) {
@@ -132,7 +133,17 @@ static u32 iscsi_handle_authentication(
                        return -1;
                }
-                auth = ISCSI_NODE_AUTH(iscsi_nacl);
+                if (se_nacl->dynamic_node_acl) {
+                        iscsi_tpg = container_of(se_nacl->se_tpg,
+                                        struct iscsi_portal_group, tpg_se_tpg);
+                        auth = &iscsi_tpg->tpg_demo_auth;
+                } else {
+                        iscsi_nacl = container_of(se_nacl, struct iscsi_node_acl,
+                                                  se_node_acl);
+                        auth = ISCSI_NODE_AUTH(iscsi_nacl);
+                }
        } else {
                /*
                 * For SessionType=Discovery
author	Nicholas Bellinger <nab@linux-iscsi.org>	2013-06-19 21:48:51 -0400
committer	Nicholas Bellinger <nab@linux-iscsi.org>	2013-07-03 22:44:32 -0400
commit	c3e51442711d20ea1245bb6d260aa05593849e82 (patch)
tree	746a99fb66a70c138247cac66655a7971bce07e0 /drivers/target
parent	e4b512e7133f5243f080db8238c5be8434cbcdfd (diff)

diff --git a/drivers/target/iscsi/iscsi_target_configfs.c b/drivers/target/iscsi/iscsi_target_configfs.c index 13e9e715ad2e..e251849a6140 100644 --- a/drivers/target/iscsi/iscsi_target_configfs.c +++ b/drivers/target/iscsi/iscsi_target_configfs.c
@@ -1052,6 +1052,131 @@ static struct configfs_attribute *lio_target_tpg_attrib_attrs[] = {
1052		1052
1053	/* End items for lio_target_tpg_attrib_cit */	1053	/* End items for lio_target_tpg_attrib_cit */
1054		1054
		1055	/* Start items for lio_target_tpg_auth_cit */
		1056
		1057	#define __DEF_TPG_AUTH_STR(prefix, name, flags) \
		1058	static ssize_t __iscsi_##prefix##_show_##name( \
		1059	struct se_portal_group *se_tpg, \
		1060	char *page) \
		1061	{ \
		1062	struct iscsi_portal_group *tpg = container_of(se_tpg, \
		1063	struct iscsi_portal_group, tpg_se_tpg); \
		1064	struct iscsi_node_auth *auth = &tpg->tpg_demo_auth; \
		1065	\
		1066	if (!capable(CAP_SYS_ADMIN)) \
		1067	return -EPERM; \
		1068	\
		1069	return snprintf(page, PAGE_SIZE, "%s\n", auth->name); \
		1070	} \
		1071	\
		1072	static ssize_t __iscsi_##prefix##_store_##name( \
		1073	struct se_portal_group *se_tpg, \
		1074	const char *page, \
		1075	size_t count) \
		1076	{ \
		1077	struct iscsi_portal_group *tpg = container_of(se_tpg, \
		1078	struct iscsi_portal_group, tpg_se_tpg); \
		1079	struct iscsi_node_auth *auth = &tpg->tpg_demo_auth; \
		1080	\
		1081	if (!capable(CAP_SYS_ADMIN)) \
		1082	return -EPERM; \
		1083	\
		1084	snprintf(auth->name, PAGE_SIZE, "%s", page); \
		1085	if (!(strncmp("NULL", auth->name, 4))) \
		1086	auth->naf_flags &= ~flags; \
		1087	else \
		1088	auth->naf_flags \|= flags; \
		1089	\
		1090	if ((auth->naf_flags & NAF_USERID_IN_SET) && \
		1091	(auth->naf_flags & NAF_PASSWORD_IN_SET)) \
		1092	auth->authenticate_target = 1; \
		1093	else \
		1094	auth->authenticate_target = 0; \
		1095	\
		1096	return count; \
		1097	}
		1098
		1099	#define __DEF_TPG_AUTH_INT(prefix, name) \
		1100	static ssize_t __iscsi_##prefix##_show_##name( \
		1101	struct se_portal_group *se_tpg, \
		1102	char *page) \
		1103	{ \
		1104	struct iscsi_portal_group *tpg = container_of(se_tpg, \
		1105	struct iscsi_portal_group, tpg_se_tpg); \
		1106	struct iscsi_node_auth *auth = &tpg->tpg_demo_auth; \
		1107	\
		1108	if (!capable(CAP_SYS_ADMIN)) \
		1109	return -EPERM; \
		1110	\
		1111	return snprintf(page, PAGE_SIZE, "%d\n", auth->name); \
		1112	}
		1113
		1114	#define DEF_TPG_AUTH_STR(name, flags) \
		1115	__DEF_TPG_AUTH_STR(tpg_auth, name, flags) \
		1116	static ssize_t iscsi_tpg_auth_show_##name( \
		1117	struct se_portal_group *se_tpg, \
		1118	char *page) \
		1119	{ \
		1120	return __iscsi_tpg_auth_show_##name(se_tpg, page); \
		1121	} \
		1122	\
		1123	static ssize_t iscsi_tpg_auth_store_##name( \
		1124	struct se_portal_group *se_tpg, \
		1125	const char *page, \
		1126	size_t count) \
		1127	{ \
		1128	return __iscsi_tpg_auth_store_##name(se_tpg, page, count); \
		1129	}
		1130
		1131	#define DEF_TPG_AUTH_INT(name) \
		1132	__DEF_TPG_AUTH_INT(tpg_auth, name) \
		1133	static ssize_t iscsi_tpg_auth_show_##name( \
		1134	struct se_portal_group *se_tpg, \
		1135	char *page) \
		1136	{ \
		1137	return __iscsi_tpg_auth_show_##name(se_tpg, page); \
		1138	}
		1139
		1140	#define TPG_AUTH_ATTR(_name, _mode) TF_TPG_AUTH_ATTR(iscsi, _name, _mode);
		1141	#define TPG_AUTH_ATTR_RO(_name) TF_TPG_AUTH_ATTR_RO(iscsi, _name);
		1142
		1143	/*
		1144	* * One-way authentication userid
		1145	* */
		1146	DEF_TPG_AUTH_STR(userid, NAF_USERID_SET);
		1147	TPG_AUTH_ATTR(userid, S_IRUGO \| S_IWUSR);
		1148	/*
		1149	* * One-way authentication password
		1150	* */
		1151	DEF_TPG_AUTH_STR(password, NAF_PASSWORD_SET);
		1152	TPG_AUTH_ATTR(password, S_IRUGO \| S_IWUSR);
		1153	/*
		1154	* * Enforce mutual authentication
		1155	* */
		1156	DEF_TPG_AUTH_INT(authenticate_target);
		1157	TPG_AUTH_ATTR_RO(authenticate_target);
		1158	/*
		1159	* * Mutual authentication userid
		1160	* */
		1161	DEF_TPG_AUTH_STR(userid_mutual, NAF_USERID_IN_SET);
		1162	TPG_AUTH_ATTR(userid_mutual, S_IRUGO \| S_IWUSR);
		1163	/*
		1164	* * Mutual authentication password
		1165	* */
		1166	DEF_TPG_AUTH_STR(password_mutual, NAF_PASSWORD_IN_SET);
		1167	TPG_AUTH_ATTR(password_mutual, S_IRUGO \| S_IWUSR);
		1168
		1169	static struct configfs_attribute *lio_target_tpg_auth_attrs[] = {
		1170	&iscsi_tpg_auth_userid.attr,
		1171	&iscsi_tpg_auth_password.attr,
		1172	&iscsi_tpg_auth_authenticate_target.attr,
		1173	&iscsi_tpg_auth_userid_mutual.attr,
		1174	&iscsi_tpg_auth_password_mutual.attr,
		1175	NULL,
		1176	};
		1177
		1178	/* End items for lio_target_tpg_auth_cit */
		1179
1055	/* Start items for lio_target_tpg_param_cit */	1180	/* Start items for lio_target_tpg_param_cit */
1056		1181
1057	#define DEF_TPG_PARAM(name) \	1182	#define DEF_TPG_PARAM(name) \
@@ -1865,6 +1990,7 @@ int iscsi_target_register_configfs(void)
1865	TF_CIT_TMPL(fabric)->tfc_wwn_cit.ct_attrs = lio_target_wwn_attrs;	1990	TF_CIT_TMPL(fabric)->tfc_wwn_cit.ct_attrs = lio_target_wwn_attrs;
1866	TF_CIT_TMPL(fabric)->tfc_tpg_base_cit.ct_attrs = lio_target_tpg_attrs;	1991	TF_CIT_TMPL(fabric)->tfc_tpg_base_cit.ct_attrs = lio_target_tpg_attrs;
1867	TF_CIT_TMPL(fabric)->tfc_tpg_attrib_cit.ct_attrs = lio_target_tpg_attrib_attrs;	1992	TF_CIT_TMPL(fabric)->tfc_tpg_attrib_cit.ct_attrs = lio_target_tpg_attrib_attrs;
		1993	TF_CIT_TMPL(fabric)->tfc_tpg_auth_cit.ct_attrs = lio_target_tpg_auth_attrs;
1868	TF_CIT_TMPL(fabric)->tfc_tpg_param_cit.ct_attrs = lio_target_tpg_param_attrs;	1994	TF_CIT_TMPL(fabric)->tfc_tpg_param_cit.ct_attrs = lio_target_tpg_param_attrs;
1869	TF_CIT_TMPL(fabric)->tfc_tpg_np_base_cit.ct_attrs = lio_target_portal_attrs;	1995	TF_CIT_TMPL(fabric)->tfc_tpg_np_base_cit.ct_attrs = lio_target_portal_attrs;
1870	TF_CIT_TMPL(fabric)->tfc_tpg_nacl_base_cit.ct_attrs = lio_target_initiator_attrs;	1996	TF_CIT_TMPL(fabric)->tfc_tpg_nacl_base_cit.ct_attrs = lio_target_initiator_attrs;


diff --git a/drivers/target/iscsi/iscsi_target_core.h b/drivers/target/iscsi/iscsi_target_core.h index 3436a2cc1d35..391283c85313 100644 --- a/drivers/target/iscsi/iscsi_target_core.h +++ b/drivers/target/iscsi/iscsi_target_core.h
@@ -813,6 +813,7 @@ struct iscsi_portal_group {
813	struct mutex tpg_access_lock;	813	struct mutex tpg_access_lock;
814	struct mutex np_login_lock;	814	struct mutex np_login_lock;
815	struct iscsi_tpg_attrib tpg_attrib;	815	struct iscsi_tpg_attrib tpg_attrib;
		816	struct iscsi_node_auth tpg_demo_auth;
816	/* Pointer to default list of iSCSI parameters for TPG */	817	/* Pointer to default list of iSCSI parameters for TPG */
817	struct iscsi_param_list *param_list;	818	struct iscsi_param_list *param_list;
818	struct iscsi_tiqn *tpg_tiqn;	819	struct iscsi_tiqn *tpg_tiqn;


diff --git a/drivers/target/iscsi/iscsi_target_nego.c b/drivers/target/iscsi/iscsi_target_nego.c index 7ad912060e21..6b5fc27a770d 100644 --- a/drivers/target/iscsi/iscsi_target_nego.c +++ b/drivers/target/iscsi/iscsi_target_nego.c
@@ -112,6 +112,7 @@ static u32 iscsi_handle_authentication(
112	struct iscsi_session *sess = conn->sess;	112	struct iscsi_session *sess = conn->sess;
113	struct iscsi_node_auth *auth;	113	struct iscsi_node_auth *auth;
114	struct iscsi_node_acl *iscsi_nacl;	114	struct iscsi_node_acl *iscsi_nacl;
		115	struct iscsi_portal_group *iscsi_tpg;
115	struct se_node_acl *se_nacl;	116	struct se_node_acl *se_nacl;
116		117
117	if (!sess->sess_ops->SessionType) {	118	if (!sess->sess_ops->SessionType) {
@@ -132,7 +133,17 @@ static u32 iscsi_handle_authentication(
132	return -1;	133	return -1;
133	}	134	}
134		135
135	auth = ISCSI_NODE_AUTH(iscsi_nacl);	136	if (se_nacl->dynamic_node_acl) {
		137	iscsi_tpg = container_of(se_nacl->se_tpg,
		138	struct iscsi_portal_group, tpg_se_tpg);
		139
		140	auth = &iscsi_tpg->tpg_demo_auth;
		141	} else {
		142	iscsi_nacl = container_of(se_nacl, struct iscsi_node_acl,
		143	se_node_acl);
		144
		145	auth = ISCSI_NODE_AUTH(iscsi_nacl);
		146	}
136	} else {	147	} else {
137	/*	148	/*
138	* For SessionType=Discovery	149	* For SessionType=Discovery