Commit a398d874 authored by Shuhei Matsumoto's avatar Shuhei Matsumoto Committed by Jim Harris
Browse files

lib/iscsi: Separate CHAP params setup and authentication process 



This is a preparation to support per portal group CHAP authentication
for discovery session.

Previously require_chap, disable_chap, and mutual_chap had been set
and used in iscsi_negotiate_param(), and chap_group had been set
and used in iscsi_get_authinfo().

If a connection is in a discovery session, the connection can get
all CHAP params at its creation, spdk_iscsi_conn_construct().

If a connection is in a normal session, the connection can get all
CHAP params in iscsi_op_login_negotiate_chap_param().

Each connection is in either discovery session or normal session.

So the following change is possible and is done in this patch.

spdk_iscsi_conn_construct() sets all CHAP params of the connection
by global parameters. Then iscsi_op_login_negotiate_chap_param()
overwrites them by the corresponding target's parameters.
iscsi_negotiate_chap_param() and iscsi_get_authinfo() just refer
the CHAP params.

Besides, iscsi_get_authinfo() changed to call just
spdk_iscsi_chap_get_authinfo() inside, and so inline
spdk_iscsi_chap_get_authinfo() into iscsi_auth_params() and then
remove iscsi_get_authinfo().

Signed-off-by: default avatarShuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com>
Change-Id: I8028673cc6923e1b8bc20af55e0c3cc933972fc0
Reviewed-on: https://review.gerrithub.io/c/spdk/spdk/+/469218


Tested-by: default avatarSPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: default avatarJim Harris <james.r.harris@intel.com>
Reviewed-by: default avatarBen Walker <benjamin.walker@intel.com>
parent a6e3a930

lib/iscsi/conn.c

+4 −0
Original line number Diff line number Diff line
@@ -222,6 +222,10 @@ spdk_iscsi_conn_construct(struct spdk_iscsi_portal *portal, 
	conn->nop_outstanding = false;

	conn->data_out_cnt = 0;

	conn->data_in_cnt = 0;

	conn->disable_chap = g_spdk_iscsi.disable_chap;

	conn->require_chap = g_spdk_iscsi.require_chap;

	conn->mutual_chap = g_spdk_iscsi.mutual_chap;

	conn->chap_group = g_spdk_iscsi.chap_group;

	pthread_mutex_unlock(&g_spdk_iscsi.mutex);

	conn->MaxRecvDataSegmentLength = 8192; /* RFC3720(12.12) */

lib/iscsi/conn.h

+2 −0
Original line number Diff line number Diff line
@@ -134,8 +134,10 @@ struct spdk_iscsi_conn { 
	bool conn_param_state_negotiated[MAX_CONNECTION_PARAMS];

	struct iscsi_chap_auth auth;

	bool authenticated;

	bool disable_chap;

	bool require_chap;

	bool mutual_chap;

	int32_t chap_group;

	uint32_t pending_task_cnt;

	uint32_t data_out_cnt;

	uint32_t data_in_cnt;

lib/iscsi/iscsi.c

+14 −47
Original line number Diff line number Diff line
@@ -781,30 +781,6 @@ iscsi_append_param(struct spdk_iscsi_conn *conn, const char *key, 
	return rc;

}



static int

iscsi_get_authinfo(struct spdk_iscsi_conn *conn, const char *authuser)

{

	int ag_tag;

	int rc;



	if (conn->sess->target != NULL) {

		ag_tag = conn->sess->target->chap_group;

	} else {

		ag_tag = -1;

	}

	if (ag_tag < 0) {

		ag_tag = g_spdk_iscsi.chap_group;

	}

	SPDK_DEBUGLOG(SPDK_LOG_ISCSI, "ag_tag=%d\n", ag_tag);



	rc = spdk_iscsi_chap_get_authinfo(&conn->auth, authuser, ag_tag);

	if (rc < 0) {

		SPDK_ERRLOG("chap_get_authinfo() failed\n");

		return -1;

	}

	return 0;

}



static int

iscsi_auth_params(struct spdk_iscsi_conn *conn,

		  struct iscsi_param *params, const char *method, uint8_t *data,
@@ -930,10 +906,12 @@ iscsi_auth_params(struct spdk_iscsi_conn *conn, 
		}

		SPDK_DEBUGLOG(SPDK_LOG_ISCSI, "got CHAP_N/CHAP_R\n");



		rc = iscsi_get_authinfo(conn, name);

		SPDK_DEBUGLOG(SPDK_LOG_ISCSI, "ag_tag=%d\n", conn->chap_group);



		rc = spdk_iscsi_chap_get_authinfo(&conn->auth, name, conn->chap_group);

		if (rc < 0) {

			/* SPDK_ERRLOG("auth user or secret is missing\n"); */

			SPDK_ERRLOG("iscsi_get_authinfo() failed\n");

			SPDK_ERRLOG("spdk_iscsi_chap_get_authinfo() failed\n");

			goto error_return;

		}

		if (conn->auth.user[0] == '\0' || conn->auth.secret[0] == '\0') {
@@ -1277,26 +1255,14 @@ iscsi_op_login_update_param(struct spdk_iscsi_conn *conn, 
}



static int

iscsi_negotiate_chap_param(struct spdk_iscsi_conn *conn, bool disable_chap,

			   bool require_chap, bool mutual_chap)

iscsi_negotiate_chap_param(struct spdk_iscsi_conn *conn)

{

	int rc = 0;



	if (disable_chap) {

		conn->require_chap = false;

	if (conn->disable_chap) {

		rc = iscsi_op_login_update_param(conn, "AuthMethod", "None", "None");

		if (rc < 0) {

			return rc;

		}

	} else if (require_chap) {

		conn->require_chap = true;

	} else if (conn->require_chap) {

		rc = iscsi_op_login_update_param(conn, "AuthMethod", "CHAP", "CHAP");

		if (rc < 0) {

			return rc;

		}

	}

	if (mutual_chap) {

		conn->mutual_chap = true;

	}



	return rc;
@@ -1311,9 +1277,7 @@ iscsi_negotiate_chap_param(struct spdk_iscsi_conn *conn, bool disable_chap, 
static int

iscsi_op_login_session_discovery_chap(struct spdk_iscsi_conn *conn)

{

	return iscsi_negotiate_chap_param(conn, g_spdk_iscsi.disable_chap,

					  g_spdk_iscsi.require_chap,

					  g_spdk_iscsi.mutual_chap);

	return iscsi_negotiate_chap_param(conn);

}



/*
@@ -1326,9 +1290,12 @@ static int 
iscsi_op_login_negotiate_chap_param(struct spdk_iscsi_conn *conn,

				    struct spdk_iscsi_tgt_node *target)

{

	return iscsi_negotiate_chap_param(conn, target->disable_chap,

					  target->require_chap,

					  target->mutual_chap);

	conn->disable_chap = target->disable_chap;

	conn->require_chap = target->require_chap;

	conn->mutual_chap = target->mutual_chap;

	conn->chap_group = target->chap_group;



	return iscsi_negotiate_chap_param(conn);

}



static int