Commit a6e0d179 authored by Dmitry Bogdanov's avatar Dmitry Bogdanov Committed by Martin K. Petersen
Browse files

scsi: target: iscsi: Control authentication per ACL 

Add acls/{ACL}/attrib/authentication attribute that controls authentication
for particular ACL. By default, this attribute inherits a value of the
authentication attribute of the target port group to keep backward
compatibility.

Authentication attribute has 3 states:

 "0" - authentication is turned off for this ACL

 "1" - authentication is required for this ACL

 "-1" - authentication is inherited from TPG

Link: https://lore.kernel.org/r/20220523095905.26070-4-d.bogdanov@yadro.com


Reviewed-by: default avatarRoman Bolshakov <r.bolshakov@yadro.com>
Reviewed-by: default avatarKonstantin Shelekhin <k.shelekhin@yadro.com>
Reviewed-by: default avatarMike Christie <michael.christie@oracle.com>
Signed-off-by: default avatarDmitry Bogdanov <d.bogdanov@yadro.com>
Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
parent a75fcb09

drivers/target/iscsi/iscsi_target_configfs.c

+31 −0
Original line number Diff line number Diff line
@@ -314,6 +314,36 @@ ISCSI_NACL_ATTR(random_datain_pdu_offsets); 
ISCSI_NACL_ATTR(random_datain_seq_offsets);

ISCSI_NACL_ATTR(random_r2t_offsets);



static ssize_t iscsi_nacl_attrib_authentication_show(struct config_item *item,

		char *page)

{

	struct se_node_acl *se_nacl = attrib_to_nacl(item);

	struct iscsi_node_acl *nacl = to_iscsi_nacl(se_nacl);



	return sprintf(page, "%d\n", nacl->node_attrib.authentication);

}



static ssize_t iscsi_nacl_attrib_authentication_store(struct config_item *item,

		const char *page, size_t count)

{

	struct se_node_acl *se_nacl = attrib_to_nacl(item);

	struct iscsi_node_acl *nacl = to_iscsi_nacl(se_nacl);

	s32 val;

	int ret;



	ret = kstrtos32(page, 0, &val);

	if (ret)

		return ret;

	if (val != 0 && val != 1 && val != NA_AUTHENTICATION_INHERITED)

		return -EINVAL;



	nacl->node_attrib.authentication = val;



	return count;

}



CONFIGFS_ATTR(iscsi_nacl_attrib_, authentication);



static struct configfs_attribute *lio_target_nacl_attrib_attrs[] = {

	&iscsi_nacl_attrib_attr_dataout_timeout,

	&iscsi_nacl_attrib_attr_dataout_timeout_retries,
@@ -323,6 +353,7 @@ static struct configfs_attribute *lio_target_nacl_attrib_attrs[] = { 
	&iscsi_nacl_attrib_attr_random_datain_pdu_offsets,

	&iscsi_nacl_attrib_attr_random_datain_seq_offsets,

	&iscsi_nacl_attrib_attr_random_r2t_offsets,

	&iscsi_nacl_attrib_attr_authentication,

	NULL,

};

drivers/target/iscsi/iscsi_target_nego.c

+7 −1
Original line number Diff line number Diff line
@@ -813,6 +813,7 @@ static int iscsi_target_do_authentication( 


static bool iscsi_conn_auth_required(struct iscsit_conn *conn)

{

	struct iscsi_node_acl *nacl;

	struct se_node_acl *se_nacl;



	if (conn->sess->sess_ops->SessionType) {
@@ -839,7 +840,12 @@ static bool iscsi_conn_auth_required(struct iscsit_conn *conn) 


	pr_debug("Known ACL %s is trying to connect\n",

		 se_nacl->initiatorname);



	nacl = to_iscsi_nacl(se_nacl);

	if (nacl->node_attrib.authentication == NA_AUTHENTICATION_INHERITED)

		return conn->tpg->tpg_attrib.authentication;



	return nacl->node_attrib.authentication;

}



static int iscsi_target_handle_csg_zero(

drivers/target/iscsi/iscsi_target_nodeattrib.c

+1 −0
Original line number Diff line number Diff line
@@ -30,6 +30,7 @@ void iscsit_set_default_node_attribues( 
{

	struct iscsi_node_attrib *a = &acl->node_attrib;



	a->authentication = NA_AUTHENTICATION_INHERITED;

	a->dataout_timeout = NA_DATAOUT_TIMEOUT;

	a->dataout_timeout_retries = NA_DATAOUT_TIMEOUT_RETRIES;

	a->nopin_timeout = NA_NOPIN_TIMEOUT;

include/target/iscsi/iscsi_target_core.h

+2 −0
Original line number Diff line number Diff line
@@ -26,6 +26,7 @@ struct sock; 
#define ISCSI_RX_THREAD_NAME		"iscsi_trx"

#define ISCSI_TX_THREAD_NAME		"iscsi_ttx"

#define ISCSI_IQN_LEN			224

#define NA_AUTHENTICATION_INHERITED	-1



/* struct iscsi_node_attrib sanity values */

#define NA_DATAOUT_TIMEOUT		3
@@ -715,6 +716,7 @@ struct iscsi_login { 
} ____cacheline_aligned;



struct iscsi_node_attrib {

	s32			authentication;

	u32			dataout_timeout;

	u32			dataout_timeout_retries;

	u32			default_erl;