Commit de70d712 authored by Shuhei Matsumoto's avatar Shuhei Matsumoto Committed by Jim Harris
Browse files

iscsi: Check CHAP params when a target is created by JSON-RPC 



When a target is created by iSCSI.conf, only valid CHAP params
are passed to spdk_iscsi_tgt_node_construct().

When a target is created by JSON-RPC, help information encourages
users to specify valid CHAP params but
spdk_iscsi_tgt_node_construct() does not check CHAP params and
users can create targets whose CHAP params are invalid.

Change-Id: I7e9057a982f21f04782481cda74208a139c1fdad
Signed-off-by: default avatarShuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com>
Reviewed-on: https://review.gerrithub.io/394481


Tested-by: default avatarSPDK Automated Test System <sys_sgsw@intel.com>
Reviewed-by: default avatarJim Harris <james.r.harris@intel.com>
Reviewed-by: default avatarBen Walker <benjamin.walker@intel.com>
parent f0456914

lib/iscsi/tgt_node.c

+20 −2
Original line number Diff line number Diff line
@@ -843,6 +843,24 @@ spdk_check_iscsi_name(const char *name) 
	return 0;

}



static bool

spdk_iscsi_check_chap_params(int disabled, int required, int mutual, int group)

{

	if (group < 0) {

		SPDK_ERRLOG("Invalid auth group ID (%d)\n", group);

		return false;

	}

	if ((disabled == 0 && required == 0 && mutual == 0) ||	/* Auto */

	    (disabled == 1 && required == 0 && mutual == 0) ||	/* None */

	    (disabled == 0 && required == 1 && mutual == 0) ||	/* CHAP */

	    (disabled == 0 && required == 1 && mutual == 1)) {	/* CHAP Mutual */

		return true;

	}

	SPDK_ERRLOG("Invalid combination of CHAP params (d=%d,r=%d,m=%d)\n",

		    disabled, required, mutual);

	return false;

}



_spdk_iscsi_tgt_node *

spdk_iscsi_tgt_node_construct(int target_index,

			      const char *name, const char *alias,
@@ -856,8 +874,8 @@ spdk_iscsi_tgt_node_construct(int target_index, 
	struct spdk_iscsi_tgt_node	*target;

	int				rc;



	if (auth_chap_disabled && auth_chap_required) {

		SPDK_ERRLOG("auth_chap_disabled and auth_chap_required are mutually exclusive\n");

	if (!spdk_iscsi_check_chap_params(auth_chap_disabled, auth_chap_required,

					  auth_chap_mutual, auth_group)) {

		return NULL;

	}

test/unit/lib/iscsi/tgt_node.c/tgt_node_ut.c

+38 −0
Original line number Diff line number Diff line
@@ -794,6 +794,43 @@ allow_iscsi_name_multi_maps_case(void) 
	spdk_iscsi_tgt_node_delete_pg_map(&tgtnode, &pg2);

}



/*

 * static bool

 * spdk_iscsi_check_chap_params(int auth_chap_disabled, int auth_chap_required,

 *                              int auth_chap_mutual, int auth_group);

 */

static void

chap_param_test_cases(void)

{

	/* Auto */

	CU_ASSERT(spdk_iscsi_check_chap_params(0, 0, 0, 0) == true);



	/* None */

	CU_ASSERT(spdk_iscsi_check_chap_params(1, 0, 0, 0) == true);



	/* CHAP */

	CU_ASSERT(spdk_iscsi_check_chap_params(0, 1, 0, 0) == true);



	/* CHAP Mutual */

	CU_ASSERT(spdk_iscsi_check_chap_params(0, 1, 1, 0) == true);



	/* Check mutual exclusiveness of disabled and required */

	CU_ASSERT(spdk_iscsi_check_chap_params(1, 1, 0, 0) == false);



	/* Mutual requires Required */

	CU_ASSERT(spdk_iscsi_check_chap_params(0, 0, 1, 0) == false);



	/* Remaining combinations */

	CU_ASSERT(spdk_iscsi_check_chap_params(1, 0, 1, 0) == false);

	CU_ASSERT(spdk_iscsi_check_chap_params(1, 1, 1, 0) == false);



	/* Valid auth group ID */

	CU_ASSERT(spdk_iscsi_check_chap_params(0, 0, 0, 1) == true);



	/* Invalid auth group ID */

	CU_ASSERT(spdk_iscsi_check_chap_params(0, 0, 0, -1) == false);

}



int

main(int argc, char **argv)

{
@@ -834,6 +871,7 @@ main(int argc, char **argv) 
			       node_access_multi_initiator_groups_cases) == NULL

		|| CU_add_test(suite, "allow iscsi name case",

			       allow_iscsi_name_multi_maps_case) == NULL

		|| CU_add_test(suite, "chap param test cases", chap_param_test_cases) == NULL

	) {

		CU_cleanup_registry();

		return CU_get_error();