scsi: target: iscsi: Extract auth functions

+93 -49

1 changed file

expand all

drivers

target

iscsi

iscsi_target_nego.c

+93 -49

drivers/target/iscsi/iscsi_target_nego.c

··· 94 94 return 0; 95 95 } 96 96 97 + static struct iscsi_node_auth *iscsi_get_node_auth(struct iscsit_conn *conn) 98 + { 99 + struct iscsi_portal_group *tpg; 100 + struct iscsi_node_acl *nacl; 101 + struct se_node_acl *se_nacl; 102 + 103 + if (conn->sess->sess_ops->SessionType) 104 + return &iscsit_global->discovery_acl.node_auth; 105 + 106 + se_nacl = conn->sess->se_sess->se_node_acl; 107 + if (!se_nacl) { 108 + pr_err("Unable to locate struct se_node_acl for CHAP auth\n"); 109 + return NULL; 110 + } 111 + 112 + if (se_nacl->dynamic_node_acl) { 113 + tpg = to_iscsi_tpg(se_nacl->se_tpg); 114 + return &tpg->tpg_demo_auth; 115 + } 116 + 117 + nacl = to_iscsi_nacl(se_nacl); 118 + 119 + return &nacl->node_auth; 120 + } 121 + 97 122 static u32 iscsi_handle_authentication( 98 123 struct iscsit_conn *conn, 99 124 char *in_buf, ··· 127 102 int *out_length, 128 103 unsigned char *authtype) 129 104 { 130 - struct iscsit_session *sess = conn->sess; 131 105 struct iscsi_node_auth *auth; 132 - struct iscsi_node_acl *nacl; 133 - struct iscsi_portal_group *tpg; 134 - struct se_node_acl *se_nacl; 135 106 136 - if (!sess->sess_ops->SessionType) { 137 - /* 138 - * For SessionType=Normal 139 - */ 140 - se_nacl = conn->sess->se_sess->se_node_acl; 141 - if (!se_nacl) { 142 - pr_err("Unable to locate struct se_node_acl for" 143 - " CHAP auth\n"); 144 - return -1; 145 - } 146 - 147 - if (se_nacl->dynamic_node_acl) { 148 - tpg = to_iscsi_tpg(se_nacl->se_tpg); 149 - 150 - auth = &tpg->tpg_demo_auth; 151 - } else { 152 - nacl = to_iscsi_nacl(se_nacl); 153 - 154 - auth = &nacl->node_auth; 155 - } 156 - } else { 157 - /* 158 - * For SessionType=Discovery 159 - */ 160 - auth = &iscsit_global->discovery_acl.node_auth; 161 - } 107 + auth = iscsi_get_node_auth(conn); 108 + if (!auth) 109 + return -1; 162 110 163 111 if (strstr("CHAP", authtype)) 164 112 strcpy(conn->sess->auth_type, "CHAP"); ··· 811 813 return 0; 812 814 } 813 815 816 + static bool iscsi_conn_auth_required(struct iscsit_conn *conn) 817 + { 818 + struct se_node_acl *se_nacl; 819 + 820 + if (conn->sess->sess_ops->SessionType) { 821 + /* 822 + * For SessionType=Discovery 823 + */ 824 + return conn->tpg->tpg_attrib.authentication; 825 + } 826 + /* 827 + * For SessionType=Normal 828 + */ 829 + se_nacl = conn->sess->se_sess->se_node_acl; 830 + if (!se_nacl) { 831 + pr_debug("Unknown ACL %s is trying to connect\n", 832 + se_nacl->initiatorname); 833 + return true; 834 + } 835 + 836 + if (se_nacl->dynamic_node_acl) { 837 + pr_debug("Dynamic ACL %s is trying to connect\n", 838 + se_nacl->initiatorname); 839 + return conn->tpg->tpg_attrib.authentication; 840 + } 841 + 842 + pr_debug("Known ACL %s is trying to connect\n", 843 + se_nacl->initiatorname); 844 + return conn->tpg->tpg_attrib.authentication; 845 + } 846 + 814 847 static int iscsi_target_handle_csg_zero( 815 848 struct iscsit_conn *conn, 816 849 struct iscsi_login *login) ··· 903 874 return -1; 904 875 905 876 if (!iscsi_check_negotiated_keys(conn->param_list)) { 906 - if (conn->tpg->tpg_attrib.authentication && 907 - !strncmp(param->value, NONE, 4)) { 908 - pr_err("Initiator sent AuthMethod=None but" 909 - " Target is enforcing iSCSI Authentication," 910 - " login failed.\n"); 911 - iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, 912 - ISCSI_LOGIN_STATUS_AUTH_FAILED); 913 - return -1; 877 + bool auth_required = iscsi_conn_auth_required(conn); 878 + 879 + if (auth_required) { 880 + if (!strncmp(param->value, NONE, 4)) { 881 + pr_err("Initiator sent AuthMethod=None but" 882 + " Target is enforcing iSCSI Authentication," 883 + " login failed.\n"); 884 + iscsit_tx_login_rsp(conn, 885 + ISCSI_STATUS_CLS_INITIATOR_ERR, 886 + ISCSI_LOGIN_STATUS_AUTH_FAILED); 887 + return -1; 888 + } 889 + 890 + if (!login->auth_complete) 891 + return 0; 892 + 893 + if (strncmp(param->value, NONE, 4) && 894 + !login->auth_complete) 895 + return 0; 914 896 } 915 - 916 - if (conn->tpg->tpg_attrib.authentication && 917 - !login->auth_complete) 918 - return 0; 919 - 920 - if (strncmp(param->value, NONE, 4) && !login->auth_complete) 921 - return 0; 922 897 923 898 if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE1) && 924 899 (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) { ··· 935 902 return 0; 936 903 do_auth: 937 904 return iscsi_target_do_authentication(conn, login); 905 + } 906 + 907 + static bool iscsi_conn_authenticated(struct iscsit_conn *conn, 908 + struct iscsi_login *login) 909 + { 910 + if (!iscsi_conn_auth_required(conn)) 911 + return true; 912 + 913 + if (login->auth_complete) 914 + return true; 915 + 916 + return false; 938 917 } 939 918 940 919 static int iscsi_target_handle_csg_one(struct iscsit_conn *conn, struct iscsi_login *login) ··· 992 947 return -1; 993 948 } 994 949 995 - if (!login->auth_complete && 996 - conn->tpg->tpg_attrib.authentication) { 950 + if (!iscsi_conn_authenticated(conn, login)) { 997 951 pr_err("Initiator is requesting CSG: 1, has not been" 998 - " successfully authenticated, and the Target is" 999 - " enforcing iSCSI Authentication, login failed.\n"); 952 + " successfully authenticated, and the Target is" 953 + " enforcing iSCSI Authentication, login failed.\n"); 1000 954 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, 1001 955 ISCSI_LOGIN_STATUS_AUTH_FAILED); 1002 956 return -1;

Configure Feed

Configure Feed