Commit de70d712 authored by Shuhei Matsumoto's avatar Shuhei Matsumoto Committed by Jim Harris
Browse files

iscsi: Check CHAP params when a target is created by JSON-RPC



When a target is created by iSCSI.conf, only valid CHAP params
are passed to spdk_iscsi_tgt_node_construct().

When a target is created by JSON-RPC, help information encourages
users to specify valid CHAP params but
spdk_iscsi_tgt_node_construct() does not check CHAP params and
users can create targets whose CHAP params are invalid.

Change-Id: I7e9057a982f21f04782481cda74208a139c1fdad
Signed-off-by: default avatarShuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com>
Reviewed-on: https://review.gerrithub.io/394481


Tested-by: default avatarSPDK Automated Test System <sys_sgsw@intel.com>
Reviewed-by: default avatarJim Harris <james.r.harris@intel.com>
Reviewed-by: default avatarBen Walker <benjamin.walker@intel.com>
parent f0456914
Loading
Loading
Loading
Loading
+20 −2
Original line number Diff line number Diff line
@@ -843,6 +843,24 @@ spdk_check_iscsi_name(const char *name)
	return 0;
}

static bool
spdk_iscsi_check_chap_params(int disabled, int required, int mutual, int group)
{
	if (group < 0) {
		SPDK_ERRLOG("Invalid auth group ID (%d)\n", group);
		return false;
	}
	if ((disabled == 0 && required == 0 && mutual == 0) ||	/* Auto */
	    (disabled == 1 && required == 0 && mutual == 0) ||	/* None */
	    (disabled == 0 && required == 1 && mutual == 0) ||	/* CHAP */
	    (disabled == 0 && required == 1 && mutual == 1)) {	/* CHAP Mutual */
		return true;
	}
	SPDK_ERRLOG("Invalid combination of CHAP params (d=%d,r=%d,m=%d)\n",
		    disabled, required, mutual);
	return false;
}

_spdk_iscsi_tgt_node *
spdk_iscsi_tgt_node_construct(int target_index,
			      const char *name, const char *alias,
@@ -856,8 +874,8 @@ spdk_iscsi_tgt_node_construct(int target_index,
	struct spdk_iscsi_tgt_node	*target;
	int				rc;

	if (auth_chap_disabled && auth_chap_required) {
		SPDK_ERRLOG("auth_chap_disabled and auth_chap_required are mutually exclusive\n");
	if (!spdk_iscsi_check_chap_params(auth_chap_disabled, auth_chap_required,
					  auth_chap_mutual, auth_group)) {
		return NULL;
	}

+38 −0
Original line number Diff line number Diff line
@@ -794,6 +794,43 @@ allow_iscsi_name_multi_maps_case(void)
	spdk_iscsi_tgt_node_delete_pg_map(&tgtnode, &pg2);
}

/*
 * static bool
 * spdk_iscsi_check_chap_params(int auth_chap_disabled, int auth_chap_required,
 *                              int auth_chap_mutual, int auth_group);
 */
static void
chap_param_test_cases(void)
{
	/* Auto */
	CU_ASSERT(spdk_iscsi_check_chap_params(0, 0, 0, 0) == true);

	/* None */
	CU_ASSERT(spdk_iscsi_check_chap_params(1, 0, 0, 0) == true);

	/* CHAP */
	CU_ASSERT(spdk_iscsi_check_chap_params(0, 1, 0, 0) == true);

	/* CHAP Mutual */
	CU_ASSERT(spdk_iscsi_check_chap_params(0, 1, 1, 0) == true);

	/* Check mutual exclusiveness of disabled and required */
	CU_ASSERT(spdk_iscsi_check_chap_params(1, 1, 0, 0) == false);

	/* Mutual requires Required */
	CU_ASSERT(spdk_iscsi_check_chap_params(0, 0, 1, 0) == false);

	/* Remaining combinations */
	CU_ASSERT(spdk_iscsi_check_chap_params(1, 0, 1, 0) == false);
	CU_ASSERT(spdk_iscsi_check_chap_params(1, 1, 1, 0) == false);

	/* Valid auth group ID */
	CU_ASSERT(spdk_iscsi_check_chap_params(0, 0, 0, 1) == true);

	/* Invalid auth group ID */
	CU_ASSERT(spdk_iscsi_check_chap_params(0, 0, 0, -1) == false);
}

int
main(int argc, char **argv)
{
@@ -834,6 +871,7 @@ main(int argc, char **argv)
			       node_access_multi_initiator_groups_cases) == NULL
		|| CU_add_test(suite, "allow iscsi name case",
			       allow_iscsi_name_multi_maps_case) == NULL
		|| CU_add_test(suite, "chap param test cases", chap_param_test_cases) == NULL
	) {
		CU_cleanup_registry();
		return CU_get_error();