iscsi&scripts/rpc: Add add/delete_iscsi_auth_group RPCs (dcafd5b1) · Commits · Public Repositories / spdk

doc/jsonrpc.md

+87 −0

Original line number	Diff line number	Diff line
		@@ -1919,6 +1919,93 @@ Example response:
		}
		~~~

		## add_iscsi_auth_group method {#rpc_add_iscsi_auth_group}

		Add an authentication group for CHAP authentication.

		### Parameters

		Name \| Optional \| Type \| Description
		--------------------------- \| -------- \| --------\| -----------
		tag \| Required \| number \| Authentication group tag (unique, integer > 0)
		secrets \| Optional \| array \| Array of @ref rpc_add_iscsi_auth_group_secret objects

		### secret {#rpc_add_iscsi_auth_group_secret}

		Name \| Optional \| Type \| Description
		--------------------------- \| ---------\| --------\| -----------
		user \| Required \| string \| Unidirectional CHAP name
		secret \| Required \| string \| Unidirectional CHAP secret
		muser \| Optional \| string \| Bidirectional CHAP name
		msecret \| Optional \| string \| Bidirectional CHAP secret

		### Example

		Example request:

		~~~
		{
		"params": {
		"secrets": [
		{
		"muser": "mu1",
		"secret": "s1",
		"user": "u1",
		"msecret": "ms1"
		}
		],
		"tag": 2
		},
		"jsonrpc": "2.0",
		"method": "add_iscsi_auth_group",
		"id": 1
		}
		~~~

		Example response:
		~~~
		{
		"jsonrpc": "2.0",
		"id": 1,
		"result": true
		}
		~~~

		## delete_iscsi_auth_group method {#rpc_delete_iscsi_auth_group}

		Delete an existing authentication group for CHAP authentication.

		### Parameters

		Name \| Optional \| Type \| Description
		--------------------------- \| -------- \| --------\| -----------
		tag \| Required \| number \| Authentication group tag (unique, integer > 0)

		### Example

		Example request:

		~~~
		{
		"params": {
		"tag": 2
		},
		"jsonrpc": "2.0",
		"method": "delete_iscsi_auth_group",
		"id": 1
		}
		~~~

		Example response:

		~~~
		{
		"jsonrpc": "2.0",
		"id": 1,
		"result": true
		}
		~~~

		## get_initiator_groups method {#rpc_get_initiator_groups}

		Show information about all available initiator groups.

lib/iscsi/iscsi.h

+6 −0

Original line number	Diff line number	Diff line
		@@ -401,6 +401,12 @@ int spdk_iscsi_set_discovery_auth(bool disable_chap, bool require_chap,
		bool mutual_chap, int32_t chap_group);
		int spdk_iscsi_chap_get_authinfo(struct iscsi_chap_auth auth, const char authuser,
		int ag_tag);
		int spdk_iscsi_add_auth_group(int32_t tag, struct spdk_iscsi_auth_group **_group);
		struct spdk_iscsi_auth_group *spdk_iscsi_find_auth_group_by_tag(int32_t tag);
		void spdk_iscsi_delete_auth_group(struct spdk_iscsi_auth_group *group);
		int spdk_iscsi_auth_group_add_secret(struct spdk_iscsi_auth_group *group,
		const char user, const char secret,
		const char muser, const char msecret);

		void spdk_iscsi_send_nopin(struct spdk_iscsi_conn *conn);
		void spdk_iscsi_task_response(struct spdk_iscsi_conn *conn,

lib/iscsi/iscsi_rpc.c

+189 −1

Original line number	Diff line number	Diff line
		@@ -1086,7 +1086,7 @@ spdk_rpc_set_iscsi_target_node_auth(struct spdk_jsonrpc_request *request,
		req.mutual_chap, req.chap_group);
		if (rc < 0) {
		spdk_jsonrpc_send_error_response(request, SPDK_JSONRPC_ERROR_INVALID_PARAMS,
		"Invalid combination of CHAP params");
		"Invalid combination of auth params");
		free_rpc_target_auth(&req);
		return;
		}
		@@ -1174,3 +1174,191 @@ spdk_rpc_set_iscsi_discovery_auth(struct spdk_jsonrpc_request *request,
		spdk_jsonrpc_end_result(request, w);
		}
		SPDK_RPC_REGISTER("set_iscsi_discovery_auth", spdk_rpc_set_iscsi_discovery_auth, SPDK_RPC_RUNTIME)


		#define MAX_AUTH_SECRETS 64

		struct rpc_auth_secret {
		char *user;
		char *secret;
		char *muser;
		char *msecret;
		};

		static void
		free_rpc_auth_secret(struct rpc_auth_secret *_secret)
		{
		free(_secret->user);
		free(_secret->secret);
		free(_secret->muser);
		free(_secret->msecret);
		}

		static const struct spdk_json_object_decoder rpc_auth_secret_decoders[] = {
		{"user", offsetof(struct rpc_auth_secret, user), spdk_json_decode_string},
		{"secret", offsetof(struct rpc_auth_secret, secret), spdk_json_decode_string},
		{"muser", offsetof(struct rpc_auth_secret, muser), spdk_json_decode_string, true},
		{"msecret", offsetof(struct rpc_auth_secret, msecret), spdk_json_decode_string, true},
		};

		static int
		decode_rpc_auth_secret(const struct spdk_json_val val, void out)
		{
		struct rpc_auth_secret *_secret = out;

		return spdk_json_decode_object(val, rpc_auth_secret_decoders,
		SPDK_COUNTOF(rpc_auth_secret_decoders), _secret);
		}

		struct rpc_auth_secrets {
		size_t num_secret;
		struct rpc_auth_secret secrets[MAX_AUTH_SECRETS];
		};

		static void
		free_rpc_auth_secrets(struct rpc_auth_secrets *secrets)
		{
		size_t i;

		for (i = 0; i < secrets->num_secret; i++) {
		free_rpc_auth_secret(&secrets->secrets[i]);
		}
		}

		static int
		decode_rpc_auth_secrets(const struct spdk_json_val val, void out)
		{
		struct rpc_auth_secrets *secrets = out;

		return spdk_json_decode_array(val, decode_rpc_auth_secret, secrets->secrets,
		MAX_AUTH_SECRETS, &secrets->num_secret,
		sizeof(struct rpc_auth_secret));
		}

		struct rpc_auth_group {
		int32_t tag;
		struct rpc_auth_secrets secrets;
		};

		static void
		free_rpc_auth_group(struct rpc_auth_group *group)
		{
		free_rpc_auth_secrets(&group->secrets);
		}

		static const struct spdk_json_object_decoder rpc_auth_group_decoders[] = {
		{"tag", offsetof(struct rpc_auth_group, tag), spdk_json_decode_int32},
		{"secrets", offsetof(struct rpc_auth_group, secrets), decode_rpc_auth_secrets, true},
		};

		static void
		spdk_rpc_add_iscsi_auth_group(struct spdk_jsonrpc_request *request,
		const struct spdk_json_val *params)
		{
		struct rpc_auth_group req = {};
		struct rpc_auth_secret *_secret;
		struct spdk_json_write_ctx *w;
		struct spdk_iscsi_auth_group *group = NULL;
		int rc;
		size_t i;

		if (spdk_json_decode_object(params, rpc_auth_group_decoders,
		SPDK_COUNTOF(rpc_auth_group_decoders), &req)) {
		SPDK_ERRLOG("spdk_json_decode_object failed\n");
		spdk_jsonrpc_send_error_response(request, SPDK_JSONRPC_ERROR_INVALID_PARAMS,
		"Invalid parameters");
		free_rpc_auth_group(&req);
		return;
		}

		pthread_mutex_lock(&g_spdk_iscsi.mutex);

		rc = spdk_iscsi_add_auth_group(req.tag, &group);
		if (rc != 0) {
		pthread_mutex_unlock(&g_spdk_iscsi.mutex);

		spdk_jsonrpc_send_error_response_fmt(request, SPDK_JSONRPC_ERROR_INVALID_PARAMS,
		"Could not add auth group (%d), %s",
		req.tag, spdk_strerror(-rc));
		free_rpc_auth_group(&req);
		return;
		}

		for (i = 0; i < req.secrets.num_secret; i++) {
		_secret = &req.secrets.secrets[i];
		rc = spdk_iscsi_auth_group_add_secret(group, _secret->user, _secret->secret,
		_secret->muser, _secret->msecret);
		if (rc != 0) {
		spdk_iscsi_delete_auth_group(group);
		pthread_mutex_unlock(&g_spdk_iscsi.mutex);

		spdk_jsonrpc_send_error_response_fmt(request, SPDK_JSONRPC_ERROR_INVALID_PARAMS,
		"Could not add secret to auth group (%d), %s",
		req.tag, spdk_strerror(-rc));
		free_rpc_auth_group(&req);
		return;
		}
		}

		pthread_mutex_unlock(&g_spdk_iscsi.mutex);

		free_rpc_auth_group(&req);

		w = spdk_jsonrpc_begin_result(request);
		if (w == NULL) {
		return;
		}

		spdk_json_write_bool(w, true);
		spdk_jsonrpc_end_result(request, w);
		}
		SPDK_RPC_REGISTER("add_iscsi_auth_group", spdk_rpc_add_iscsi_auth_group, SPDK_RPC_RUNTIME)

		struct rpc_delete_auth_group {
		int32_t tag;
		};

		static const struct spdk_json_object_decoder rpc_delete_auth_group_decoders[] = {
		{"tag", offsetof(struct rpc_delete_auth_group, tag), spdk_json_decode_int32},
		};

		static void
		spdk_rpc_delete_iscsi_auth_group(struct spdk_jsonrpc_request *request,
		const struct spdk_json_val *params)
		{
		struct rpc_delete_auth_group req = {};
		struct spdk_json_write_ctx *w;
		struct spdk_iscsi_auth_group *group;

		if (spdk_json_decode_object(params, rpc_delete_auth_group_decoders,
		SPDK_COUNTOF(rpc_delete_auth_group_decoders), &req)) {
		SPDK_ERRLOG("spdk_json_decode_object failed\n");
		spdk_jsonrpc_send_error_response(request, SPDK_JSONRPC_ERROR_INVALID_PARAMS,
		"Invalid parameters");
		return;
		}

		pthread_mutex_lock(&g_spdk_iscsi.mutex);

		group = spdk_iscsi_find_auth_group_by_tag(req.tag);
		if (group == NULL) {
		pthread_mutex_unlock(&g_spdk_iscsi.mutex);

		spdk_jsonrpc_send_error_response_fmt(request, SPDK_JSONRPC_ERROR_INVALID_PARAMS,
		"Could not find auth group (%d)", req.tag);
		return;
		}

		spdk_iscsi_delete_auth_group(group);

		pthread_mutex_unlock(&g_spdk_iscsi.mutex);

		w = spdk_jsonrpc_begin_result(request);
		if (w == NULL) {
		return;
		}

		spdk_json_write_bool(w, true);
		spdk_jsonrpc_end_result(request, w);
		}
		SPDK_RPC_REGISTER("delete_iscsi_auth_group", spdk_rpc_delete_iscsi_auth_group, SPDK_RPC_RUNTIME)

lib/iscsi/iscsi_subsystem.c

+22 −3

Original line number	Diff line number	Diff line
		@@ -801,7 +801,7 @@ spdk_iscsi_set_discovery_auth(bool disable_chap, bool require_chap, bool mutual_
		return 0;
		}

		static int
		int
		spdk_iscsi_auth_group_add_secret(struct spdk_iscsi_auth_group *group,
		const char user, const char secret,
		const char muser, const char msecret)
		@@ -874,7 +874,7 @@ spdk_iscsi_auth_group_add_secret(struct spdk_iscsi_auth_group *group,
		return 0;
		}

		static int
		int
		spdk_iscsi_add_auth_group(int32_t tag, struct spdk_iscsi_auth_group **_group)
		{
		struct spdk_iscsi_auth_group *group;
		@@ -901,7 +901,7 @@ spdk_iscsi_add_auth_group(int32_t tag, struct spdk_iscsi_auth_group **_group)
		return 0;
		}

		static void
		void
		spdk_iscsi_delete_auth_group(struct spdk_iscsi_auth_group *group)
		{
		struct spdk_iscsi_auth_secret _secret, tmp;
		@@ -915,6 +915,20 @@ spdk_iscsi_delete_auth_group(struct spdk_iscsi_auth_group *group)
		free(group);
		}

		struct spdk_iscsi_auth_group *
		spdk_iscsi_find_auth_group_by_tag(int32_t tag)
		{
		struct spdk_iscsi_auth_group *group;

		TAILQ_FOREACH(group, &g_spdk_iscsi.auth_group_head, tailq) {
		if (group->tag == tag) {
		return group;
		}
		}

		return NULL;
		}

		static void
		spdk_iscsi_auth_groups_destroy(void)
		{
		@@ -1050,8 +1064,12 @@ spdk_iscsi_chap_get_authinfo(struct iscsi_chap_auth auth, const char authuser,
		memset(auth->msecret, 0, sizeof(auth->msecret));
		}

		pthread_mutex_lock(&g_spdk_iscsi.mutex);

		_secret = spdk_iscsi_find_auth_secret(authuser, ag_tag);
		if (_secret == NULL) {
		pthread_mutex_unlock(&g_spdk_iscsi.mutex);

		SPDK_ERRLOG("CHAP secret is not found: user:%s, tag:%d\n",
		authuser, ag_tag);
		return -ENOENT;
		@@ -1065,6 +1083,7 @@ spdk_iscsi_chap_get_authinfo(struct iscsi_chap_auth auth, const char authuser,
		memcpy(auth->msecret, _secret->msecret, sizeof(auth->msecret));
		}

		pthread_mutex_unlock(&g_spdk_iscsi.mutex);
		return 0;
		}

scripts/rpc.py

+22 −0

Original line number	Diff line number	Diff line
		@@ -551,6 +551,28 @@ if __name__ == "__main__":
		* Authentication group must be precreated *""", type=int)
		p.set_defaults(func=set_iscsi_discovery_auth)

		def add_iscsi_auth_group(args):
		secrets = None
		if args.secrets:
		secrets = [dict(u.split(":") for u in a.split(" ")) for a in args.secrets.split(",")]

		rpc.iscsi.add_iscsi_auth_group(args.client, tag=args.tag, secrets=secrets)

		p = subparsers.add_parser('add_iscsi_auth_group', help='Add authentication group for CHAP authentication.')
		p.add_argument('tag', help='Authentication group tag (unique, integer > 0).', type=int)
		p.add_argument('-c', '--secrets', help="""Comma-separated list of CHAP secrets
		<user:user_name secret:chap_secret muser:mutual_user_name msecret:mutual_chap_secret> enclosed in quotes.
		Format: 'user:u1 secret:s1 muser:mu1 msecret:ms1,user:u2 secret:s2 muser:mu2 msecret:ms2'""", required=False)
		p.set_defaults(func=add_iscsi_auth_group)

		@call_cmd
		def delete_iscsi_auth_group(args):
		rpc.iscsi.delete_iscsi_auth_group(args.client, tag=args.tag)

		p = subparsers.add_parser('delete_iscsi_auth_group', help='Delete an authentication group.')
		p.add_argument('tag', help='Authentication group tag', type=int)
		p.set_defaults(func=delete_iscsi_auth_group)

		@call_cmd
		def get_portal_groups(args):
		print_dict(rpc.iscsi.get_portal_groups(args.client))