tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

scsi: target: iscsi: Control authentication per ACL

Add acls/{ACL}/attrib/authentication attribute that controls authentication
for particular ACL. By default, this attribute inherits a value of the
authentication attribute of the target port group to keep backward
compatibility.

Authentication attribute has 3 states:

"0" - authentication is turned off for this ACL

"1" - authentication is required for this ACL

"-1" - authentication is inherited from TPG

Link: https://lore.kernel.org/r/20220523095905.26070-4-d.bogdanov@yadro.com
Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com>
Reviewed-by: Konstantin Shelekhin <k.shelekhin@yadro.com>
Reviewed-by: Mike Christie <michael.christie@oracle.com>
Signed-off-by: Dmitry Bogdanov <d.bogdanov@yadro.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

authored by

Dmitry Bogdanov and committed by
Martin K. Petersen a6e0d179 a75fcb09

+41 -1
+31
drivers/target/iscsi/iscsi_target_configfs.c
··· 314 314 ISCSI_NACL_ATTR(random_datain_seq_offsets); 315 315 ISCSI_NACL_ATTR(random_r2t_offsets); 316 316 317 + static ssize_t iscsi_nacl_attrib_authentication_show(struct config_item *item, 318 + char *page) 319 + { 320 + struct se_node_acl *se_nacl = attrib_to_nacl(item); 321 + struct iscsi_node_acl *nacl = to_iscsi_nacl(se_nacl); 322 + 323 + return sprintf(page, "%d\n", nacl->node_attrib.authentication); 324 + } 325 + 326 + static ssize_t iscsi_nacl_attrib_authentication_store(struct config_item *item, 327 + const char *page, size_t count) 328 + { 329 + struct se_node_acl *se_nacl = attrib_to_nacl(item); 330 + struct iscsi_node_acl *nacl = to_iscsi_nacl(se_nacl); 331 + s32 val; 332 + int ret; 333 + 334 + ret = kstrtos32(page, 0, &val); 335 + if (ret) 336 + return ret; 337 + if (val != 0 && val != 1 && val != NA_AUTHENTICATION_INHERITED) 338 + return -EINVAL; 339 + 340 + nacl->node_attrib.authentication = val; 341 + 342 + return count; 343 + } 344 + 345 + CONFIGFS_ATTR(iscsi_nacl_attrib_, authentication); 346 + 317 347 static struct configfs_attribute *lio_target_nacl_attrib_attrs[] = { 318 348 &iscsi_nacl_attrib_attr_dataout_timeout, 319 349 &iscsi_nacl_attrib_attr_dataout_timeout_retries, ··· 353 323 &iscsi_nacl_attrib_attr_random_datain_pdu_offsets, 354 324 &iscsi_nacl_attrib_attr_random_datain_seq_offsets, 355 325 &iscsi_nacl_attrib_attr_random_r2t_offsets, 326 + &iscsi_nacl_attrib_attr_authentication, 356 327 NULL, 357 328 }; 358 329
+7 -1
drivers/target/iscsi/iscsi_target_nego.c
··· 813 813 814 814 static bool iscsi_conn_auth_required(struct iscsit_conn *conn) 815 815 { 816 + struct iscsi_node_acl *nacl; 816 817 struct se_node_acl *se_nacl; 817 818 818 819 if (conn->sess->sess_ops->SessionType) { ··· 840 839 841 840 pr_debug("Known ACL %s is trying to connect\n", 842 841 se_nacl->initiatorname); 843 - return conn->tpg->tpg_attrib.authentication; 842 + 843 + nacl = to_iscsi_nacl(se_nacl); 844 + if (nacl->node_attrib.authentication == NA_AUTHENTICATION_INHERITED) 845 + return conn->tpg->tpg_attrib.authentication; 846 + 847 + return nacl->node_attrib.authentication; 844 848 } 845 849 846 850 static int iscsi_target_handle_csg_zero(
+1
drivers/target/iscsi/iscsi_target_nodeattrib.c
··· 30 30 { 31 31 struct iscsi_node_attrib *a = &acl->node_attrib; 32 32 33 + a->authentication = NA_AUTHENTICATION_INHERITED; 33 34 a->dataout_timeout = NA_DATAOUT_TIMEOUT; 34 35 a->dataout_timeout_retries = NA_DATAOUT_TIMEOUT_RETRIES; 35 36 a->nopin_timeout = NA_NOPIN_TIMEOUT;
+2
include/target/iscsi/iscsi_target_core.h
··· 26 26 #define ISCSI_RX_THREAD_NAME "iscsi_trx" 27 27 #define ISCSI_TX_THREAD_NAME "iscsi_ttx" 28 28 #define ISCSI_IQN_LEN 224 29 + #define NA_AUTHENTICATION_INHERITED -1 29 30 30 31 /* struct iscsi_node_attrib sanity values */ 31 32 #define NA_DATAOUT_TIMEOUT 3 ··· 716 715 } ____cacheline_aligned; 717 716 718 717 struct iscsi_node_attrib { 718 + s32 authentication; 719 719 u32 dataout_timeout; 720 720 u32 dataout_timeout_retries; 721 721 u32 default_erl;