1 /*******************************************************************************
2 * This file contains main functions related to iSCSI Parameter negotiation.
4 * \u00a9 Copyright 2007-2011 RisingTide Systems LLC.
6 * Licensed to the Linux Foundation under the General Public License (GPL) version 2.
8 * Author: Nicholas A. Bellinger <nab@linux-iscsi.org>
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 ******************************************************************************/
21 #include <linux/ctype.h>
22 #include <scsi/iscsi_proto.h>
23 #include <target/target_core_base.h>
24 #include <target/target_core_fabric.h>
25 #include <target/iscsi/iscsi_transport.h>
27 #include "iscsi_target_core.h"
28 #include "iscsi_target_parameters.h"
29 #include "iscsi_target_login.h"
30 #include "iscsi_target_nego.h"
31 #include "iscsi_target_tpg.h"
32 #include "iscsi_target_util.h"
33 #include "iscsi_target.h"
34 #include "iscsi_target_auth.h"
36 #define MAX_LOGIN_PDUS 7
39 void convert_null_to_semi(char *buf, int len)
43 for (i = 0; i < len; i++)
48 static int strlen_semi(char *buf)
52 while (buf[i] != '\0') {
64 unsigned int max_length,
71 if (!in_buf || !pattern || !out_buf || !type)
74 ptr = strstr(in_buf, pattern);
78 ptr = strstr(ptr, "=");
83 if (*ptr == '0' && (*(ptr+1) == 'x' || *(ptr+1) == 'X')) {
84 ptr += 2; /* skip 0x */
89 len = strlen_semi(ptr);
93 if (len > max_length) {
94 pr_err("Length of input: %d exceeds max_length:"
95 " %d\n", len, max_length);
98 memcpy(out_buf, ptr, len);
104 static u32 iscsi_handle_authentication(
105 struct iscsi_conn *conn,
110 unsigned char *authtype)
112 struct iscsi_session *sess = conn->sess;
113 struct iscsi_node_auth *auth;
114 struct iscsi_node_acl *iscsi_nacl;
115 struct iscsi_portal_group *iscsi_tpg;
116 struct se_node_acl *se_nacl;
118 if (!sess->sess_ops->SessionType) {
120 * For SessionType=Normal
122 se_nacl = conn->sess->se_sess->se_node_acl;
124 pr_err("Unable to locate struct se_node_acl for"
128 iscsi_nacl = container_of(se_nacl, struct iscsi_node_acl,
131 pr_err("Unable to locate struct iscsi_node_acl for"
136 if (se_nacl->dynamic_node_acl) {
137 iscsi_tpg = container_of(se_nacl->se_tpg,
138 struct iscsi_portal_group, tpg_se_tpg);
140 auth = &iscsi_tpg->tpg_demo_auth;
142 iscsi_nacl = container_of(se_nacl, struct iscsi_node_acl,
145 auth = ISCSI_NODE_AUTH(iscsi_nacl);
149 * For SessionType=Discovery
151 auth = &iscsit_global->discovery_acl.node_auth;
154 if (strstr("CHAP", authtype))
155 strcpy(conn->sess->auth_type, "CHAP");
157 strcpy(conn->sess->auth_type, NONE);
159 if (strstr("None", authtype))
162 else if (strstr("SRP", authtype))
163 return srp_main_loop(conn, auth, in_buf, out_buf,
164 &in_length, out_length);
166 else if (strstr("CHAP", authtype))
167 return chap_main_loop(conn, auth, in_buf, out_buf,
168 &in_length, out_length);
169 else if (strstr("SPKM1", authtype))
171 else if (strstr("SPKM2", authtype))
173 else if (strstr("KRB5", authtype))
179 static void iscsi_remove_failed_auth_entry(struct iscsi_conn *conn)
181 kfree(conn->auth_protocol);
184 int iscsi_target_check_login_request(
185 struct iscsi_conn *conn,
186 struct iscsi_login *login)
188 int req_csg, req_nsg;
190 struct iscsi_login_req *login_req;
192 login_req = (struct iscsi_login_req *) login->req;
193 payload_length = ntoh24(login_req->dlength);
195 switch (login_req->opcode & ISCSI_OPCODE_MASK) {
199 pr_err("Received unknown opcode 0x%02x.\n",
200 login_req->opcode & ISCSI_OPCODE_MASK);
201 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
202 ISCSI_LOGIN_STATUS_INIT_ERR);
206 if ((login_req->flags & ISCSI_FLAG_LOGIN_CONTINUE) &&
207 (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) {
208 pr_err("Login request has both ISCSI_FLAG_LOGIN_CONTINUE"
209 " and ISCSI_FLAG_LOGIN_TRANSIT set, protocol error.\n");
210 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
211 ISCSI_LOGIN_STATUS_INIT_ERR);
215 req_csg = ISCSI_LOGIN_CURRENT_STAGE(login_req->flags);
216 req_nsg = ISCSI_LOGIN_NEXT_STAGE(login_req->flags);
218 if (req_csg != login->current_stage) {
219 pr_err("Initiator unexpectedly changed login stage"
220 " from %d to %d, login failed.\n", login->current_stage,
222 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
223 ISCSI_LOGIN_STATUS_INIT_ERR);
227 if ((req_nsg == 2) || (req_csg >= 2) ||
228 ((login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT) &&
229 (req_nsg <= req_csg))) {
230 pr_err("Illegal login_req->flags Combination, CSG: %d,"
231 " NSG: %d, ISCSI_FLAG_LOGIN_TRANSIT: %d.\n", req_csg,
232 req_nsg, (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT));
233 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
234 ISCSI_LOGIN_STATUS_INIT_ERR);
238 if ((login_req->max_version != login->version_max) ||
239 (login_req->min_version != login->version_min)) {
240 pr_err("Login request changed Version Max/Nin"
241 " unexpectedly to 0x%02x/0x%02x, protocol error\n",
242 login_req->max_version, login_req->min_version);
243 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
244 ISCSI_LOGIN_STATUS_INIT_ERR);
248 if (memcmp(login_req->isid, login->isid, 6) != 0) {
249 pr_err("Login request changed ISID unexpectedly,"
250 " protocol error.\n");
251 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
252 ISCSI_LOGIN_STATUS_INIT_ERR);
256 if (login_req->itt != login->init_task_tag) {
257 pr_err("Login request changed ITT unexpectedly to"
258 " 0x%08x, protocol error.\n", login_req->itt);
259 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
260 ISCSI_LOGIN_STATUS_INIT_ERR);
264 if (payload_length > MAX_KEY_VALUE_PAIRS) {
265 pr_err("Login request payload exceeds default"
266 " MaxRecvDataSegmentLength: %u, protocol error.\n",
267 MAX_KEY_VALUE_PAIRS);
274 static int iscsi_target_check_first_request(
275 struct iscsi_conn *conn,
276 struct iscsi_login *login)
278 struct iscsi_param *param = NULL;
279 struct se_node_acl *se_nacl;
281 login->first_request = 0;
283 list_for_each_entry(param, &conn->param_list->param_list, p_list) {
284 if (!strncmp(param->name, SESSIONTYPE, 11)) {
285 if (!IS_PSTATE_ACCEPTOR(param)) {
286 pr_err("SessionType key not received"
287 " in first login request.\n");
288 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
289 ISCSI_LOGIN_STATUS_MISSING_FIELDS);
292 if (!strncmp(param->value, DISCOVERY, 9))
296 if (!strncmp(param->name, INITIATORNAME, 13)) {
297 if (!IS_PSTATE_ACCEPTOR(param)) {
298 if (!login->leading_connection)
301 pr_err("InitiatorName key not received"
302 " in first login request.\n");
303 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
304 ISCSI_LOGIN_STATUS_MISSING_FIELDS);
309 * For non-leading connections, double check that the
310 * received InitiatorName matches the existing session's
311 * struct iscsi_node_acl.
313 if (!login->leading_connection) {
314 se_nacl = conn->sess->se_sess->se_node_acl;
316 pr_err("Unable to locate"
317 " struct se_node_acl\n");
318 iscsit_tx_login_rsp(conn,
319 ISCSI_STATUS_CLS_INITIATOR_ERR,
320 ISCSI_LOGIN_STATUS_TGT_NOT_FOUND);
324 if (strcmp(param->value,
325 se_nacl->initiatorname)) {
327 " InitiatorName: %s for this"
328 " iSCSI Initiator Node.\n",
330 iscsit_tx_login_rsp(conn,
331 ISCSI_STATUS_CLS_INITIATOR_ERR,
332 ISCSI_LOGIN_STATUS_TGT_NOT_FOUND);
342 static int iscsi_target_do_tx_login_io(struct iscsi_conn *conn, struct iscsi_login *login)
345 struct iscsi_session *sess = conn->sess;
346 struct iscsi_login_rsp *login_rsp;
348 login_rsp = (struct iscsi_login_rsp *) login->rsp;
350 login_rsp->opcode = ISCSI_OP_LOGIN_RSP;
351 hton24(login_rsp->dlength, login->rsp_length);
352 memcpy(login_rsp->isid, login->isid, 6);
353 login_rsp->tsih = cpu_to_be16(login->tsih);
354 login_rsp->itt = login->init_task_tag;
355 login_rsp->statsn = cpu_to_be32(conn->stat_sn++);
356 login_rsp->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
357 login_rsp->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn);
359 pr_debug("Sending Login Response, Flags: 0x%02x, ITT: 0x%08x,"
360 " ExpCmdSN; 0x%08x, MaxCmdSN: 0x%08x, StatSN: 0x%08x, Length:"
361 " %u\n", login_rsp->flags, (__force u32)login_rsp->itt,
362 ntohl(login_rsp->exp_cmdsn), ntohl(login_rsp->max_cmdsn),
363 ntohl(login_rsp->statsn), login->rsp_length);
365 padding = ((-login->rsp_length) & 3);
367 if (conn->conn_transport->iscsit_put_login_tx(conn, login,
368 login->rsp_length + padding) < 0)
371 login->rsp_length = 0;
372 mutex_lock(&sess->cmdsn_mutex);
373 login_rsp->exp_cmdsn = cpu_to_be32(sess->exp_cmd_sn);
374 login_rsp->max_cmdsn = cpu_to_be32(sess->max_cmd_sn);
375 mutex_unlock(&sess->cmdsn_mutex);
380 static void iscsi_target_sk_data_ready(struct sock *sk, int count)
382 struct iscsi_conn *conn = sk->sk_user_data;
385 pr_debug("Entering iscsi_target_sk_data_ready: conn: %p\n", conn);
387 write_lock_bh(&sk->sk_callback_lock);
388 if (!sk->sk_user_data) {
389 write_unlock_bh(&sk->sk_callback_lock);
392 if (!test_bit(LOGIN_FLAGS_READY, &conn->login_flags)) {
393 write_unlock_bh(&sk->sk_callback_lock);
394 pr_debug("Got LOGIN_FLAGS_READY=0, conn: %p >>>>\n", conn);
397 if (test_bit(LOGIN_FLAGS_CLOSED, &conn->login_flags)) {
398 write_unlock_bh(&sk->sk_callback_lock);
399 pr_debug("Got LOGIN_FLAGS_CLOSED=1, conn: %p >>>>\n", conn);
402 if (test_and_set_bit(LOGIN_FLAGS_READ_ACTIVE, &conn->login_flags)) {
403 write_unlock_bh(&sk->sk_callback_lock);
404 pr_debug("Got LOGIN_FLAGS_READ_ACTIVE=1, conn: %p >>>>\n", conn);
408 rc = schedule_delayed_work(&conn->login_work, 0);
410 pr_debug("iscsi_target_sk_data_ready, schedule_delayed_work"
413 write_unlock_bh(&sk->sk_callback_lock);
416 static void iscsi_target_sk_state_change(struct sock *);
418 static void iscsi_target_set_sock_callbacks(struct iscsi_conn *conn)
426 pr_debug("Entering iscsi_target_set_sock_callbacks: conn: %p\n", conn);
428 write_lock_bh(&sk->sk_callback_lock);
429 sk->sk_user_data = conn;
430 conn->orig_data_ready = sk->sk_data_ready;
431 conn->orig_state_change = sk->sk_state_change;
432 sk->sk_data_ready = iscsi_target_sk_data_ready;
433 sk->sk_state_change = iscsi_target_sk_state_change;
434 write_unlock_bh(&sk->sk_callback_lock);
436 sk->sk_sndtimeo = TA_LOGIN_TIMEOUT * HZ;
437 sk->sk_rcvtimeo = TA_LOGIN_TIMEOUT * HZ;
440 static void iscsi_target_restore_sock_callbacks(struct iscsi_conn *conn)
448 pr_debug("Entering iscsi_target_restore_sock_callbacks: conn: %p\n", conn);
450 write_lock_bh(&sk->sk_callback_lock);
451 if (!sk->sk_user_data) {
452 write_unlock_bh(&sk->sk_callback_lock);
455 sk->sk_user_data = NULL;
456 sk->sk_data_ready = conn->orig_data_ready;
457 sk->sk_state_change = conn->orig_state_change;
458 write_unlock_bh(&sk->sk_callback_lock);
460 sk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
461 sk->sk_rcvtimeo = MAX_SCHEDULE_TIMEOUT;
464 static int iscsi_target_do_login(struct iscsi_conn *, struct iscsi_login *);
466 static bool iscsi_target_sk_state_check(struct sock *sk)
468 if (sk->sk_state == TCP_CLOSE_WAIT || sk->sk_state == TCP_CLOSE) {
469 pr_debug("iscsi_target_sk_state_check: TCP_CLOSE_WAIT|TCP_CLOSE,"
470 "returning FALSE\n");
476 static void iscsi_target_login_drop(struct iscsi_conn *conn, struct iscsi_login *login)
478 struct iscsi_np *np = login->np;
479 bool zero_tsih = login->zero_tsih;
481 iscsi_remove_failed_auth_entry(conn);
482 iscsi_target_nego_release(conn);
483 iscsi_target_login_sess_out(conn, np, zero_tsih, true);
486 static void iscsi_target_login_timeout(unsigned long data)
488 struct iscsi_conn *conn = (struct iscsi_conn *)data;
490 pr_debug("Entering iscsi_target_login_timeout >>>>>>>>>>>>>>>>>>>\n");
492 if (conn->login_kworker) {
493 pr_debug("Sending SIGINT to conn->login_kworker %s/%d\n",
494 conn->login_kworker->comm, conn->login_kworker->pid);
495 send_sig(SIGINT, conn->login_kworker, 1);
499 static void iscsi_target_do_login_rx(struct work_struct *work)
501 struct iscsi_conn *conn = container_of(work,
502 struct iscsi_conn, login_work.work);
503 struct iscsi_login *login = conn->login;
504 struct iscsi_np *np = login->np;
505 struct iscsi_portal_group *tpg = conn->tpg;
506 struct iscsi_tpg_np *tpg_np = conn->tpg_np;
507 struct timer_list login_timer;
508 int rc, zero_tsih = login->zero_tsih;
511 pr_debug("entering iscsi_target_do_login_rx, conn: %p, %s:%d\n",
512 conn, current->comm, current->pid);
514 spin_lock(&tpg->tpg_state_lock);
515 state = (tpg->tpg_state == TPG_STATE_ACTIVE);
516 spin_unlock(&tpg->tpg_state_lock);
518 if (state == false) {
519 pr_debug("iscsi_target_do_login_rx: tpg_state != TPG_STATE_ACTIVE\n");
520 iscsi_target_restore_sock_callbacks(conn);
521 iscsi_target_login_drop(conn, login);
522 iscsit_deaccess_np(np, tpg, tpg_np);
527 struct sock *sk = conn->sock->sk;
529 read_lock_bh(&sk->sk_callback_lock);
530 state = iscsi_target_sk_state_check(sk);
531 read_unlock_bh(&sk->sk_callback_lock);
533 if (state == false) {
534 pr_debug("iscsi_target_do_login_rx, TCP state CLOSE\n");
535 iscsi_target_restore_sock_callbacks(conn);
536 iscsi_target_login_drop(conn, login);
537 iscsit_deaccess_np(np, tpg, tpg_np);
542 conn->login_kworker = current;
543 allow_signal(SIGINT);
545 init_timer(&login_timer);
546 login_timer.expires = (get_jiffies_64() + TA_LOGIN_TIMEOUT * HZ);
547 login_timer.data = (unsigned long)conn;
548 login_timer.function = iscsi_target_login_timeout;
549 add_timer(&login_timer);
550 pr_debug("Starting login_timer for %s/%d\n", current->comm, current->pid);
552 rc = conn->conn_transport->iscsit_get_login_rx(conn, login);
553 del_timer_sync(&login_timer);
554 flush_signals(current);
555 conn->login_kworker = NULL;
558 iscsi_target_restore_sock_callbacks(conn);
559 iscsi_target_login_drop(conn, login);
560 iscsit_deaccess_np(np, tpg, tpg_np);
564 pr_debug("iscsi_target_do_login_rx after rx_login_io, %p, %s:%d\n",
565 conn, current->comm, current->pid);
567 rc = iscsi_target_do_login(conn, login);
569 iscsi_target_restore_sock_callbacks(conn);
570 iscsi_target_login_drop(conn, login);
571 iscsit_deaccess_np(np, tpg, tpg_np);
574 struct sock *sk = conn->sock->sk;
576 write_lock_bh(&sk->sk_callback_lock);
577 clear_bit(LOGIN_FLAGS_READ_ACTIVE, &conn->login_flags);
578 write_unlock_bh(&sk->sk_callback_lock);
580 } else if (rc == 1) {
581 iscsi_target_nego_release(conn);
582 iscsi_post_login_handler(np, conn, zero_tsih);
583 iscsit_deaccess_np(np, tpg, tpg_np);
587 static void iscsi_target_do_cleanup(struct work_struct *work)
589 struct iscsi_conn *conn = container_of(work,
590 struct iscsi_conn, login_cleanup_work.work);
591 struct sock *sk = conn->sock->sk;
592 struct iscsi_login *login = conn->login;
593 struct iscsi_np *np = login->np;
594 struct iscsi_portal_group *tpg = conn->tpg;
595 struct iscsi_tpg_np *tpg_np = conn->tpg_np;
597 pr_debug("Entering iscsi_target_do_cleanup\n");
599 cancel_delayed_work_sync(&conn->login_work);
600 conn->orig_state_change(sk);
602 iscsi_target_restore_sock_callbacks(conn);
603 iscsi_target_login_drop(conn, login);
604 iscsit_deaccess_np(np, tpg, tpg_np);
606 pr_debug("iscsi_target_do_cleanup done()\n");
609 static void iscsi_target_sk_state_change(struct sock *sk)
611 struct iscsi_conn *conn;
612 void (*orig_state_change)(struct sock *);
615 pr_debug("Entering iscsi_target_sk_state_change\n");
617 write_lock_bh(&sk->sk_callback_lock);
618 conn = sk->sk_user_data;
620 write_unlock_bh(&sk->sk_callback_lock);
623 orig_state_change = conn->orig_state_change;
625 if (!test_bit(LOGIN_FLAGS_READY, &conn->login_flags)) {
626 pr_debug("Got LOGIN_FLAGS_READY=0 sk_state_change conn: %p\n",
628 write_unlock_bh(&sk->sk_callback_lock);
629 orig_state_change(sk);
632 if (test_bit(LOGIN_FLAGS_READ_ACTIVE, &conn->login_flags)) {
633 pr_debug("Got LOGIN_FLAGS_READ_ACTIVE=1 sk_state_change"
634 " conn: %p\n", conn);
635 write_unlock_bh(&sk->sk_callback_lock);
636 orig_state_change(sk);
639 if (test_and_set_bit(LOGIN_FLAGS_CLOSED, &conn->login_flags)) {
640 pr_debug("Got LOGIN_FLAGS_CLOSED=1 sk_state_change conn: %p\n",
642 write_unlock_bh(&sk->sk_callback_lock);
643 orig_state_change(sk);
647 state = iscsi_target_sk_state_check(sk);
648 write_unlock_bh(&sk->sk_callback_lock);
650 pr_debug("iscsi_target_sk_state_change: state: %d\n", state);
653 pr_debug("iscsi_target_sk_state_change got failed state\n");
654 schedule_delayed_work(&conn->login_cleanup_work, 0);
657 orig_state_change(sk);
660 static int iscsi_target_do_login_io(struct iscsi_conn *conn, struct iscsi_login *login)
662 if (iscsi_target_do_tx_login_io(conn, login) < 0)
669 * NOTE: We check for existing sessions or connections AFTER the initiator
670 * has been successfully authenticated in order to protect against faked
671 * ISID/TSIH combinations.
673 static int iscsi_target_check_for_existing_instances(
674 struct iscsi_conn *conn,
675 struct iscsi_login *login)
677 if (login->checked_for_existing)
680 login->checked_for_existing = 1;
683 return iscsi_check_for_session_reinstatement(conn);
685 return iscsi_login_post_auth_non_zero_tsih(conn, login->cid,
686 login->initial_exp_statsn);
689 static int iscsi_target_do_authentication(
690 struct iscsi_conn *conn,
691 struct iscsi_login *login)
695 struct iscsi_param *param;
696 struct iscsi_login_req *login_req;
697 struct iscsi_login_rsp *login_rsp;
699 login_req = (struct iscsi_login_req *) login->req;
700 login_rsp = (struct iscsi_login_rsp *) login->rsp;
701 payload_length = ntoh24(login_req->dlength);
703 param = iscsi_find_param_from_key(AUTHMETHOD, conn->param_list);
707 authret = iscsi_handle_authentication(
716 pr_debug("Received OK response"
717 " from LIO Authentication, continuing.\n");
720 pr_debug("iSCSI security negotiation"
721 " completed successfully.\n");
722 login->auth_complete = 1;
723 if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE1) &&
724 (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) {
725 login_rsp->flags |= (ISCSI_FLAG_LOGIN_NEXT_STAGE1 |
726 ISCSI_FLAG_LOGIN_TRANSIT);
727 login->current_stage = 1;
729 return iscsi_target_check_for_existing_instances(
732 pr_err("Security negotiation"
734 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
735 ISCSI_LOGIN_STATUS_AUTH_FAILED);
738 pr_err("Received unknown error %d from LIO"
739 " Authentication\n", authret);
740 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
741 ISCSI_LOGIN_STATUS_TARGET_ERROR);
748 static int iscsi_target_handle_csg_zero(
749 struct iscsi_conn *conn,
750 struct iscsi_login *login)
754 struct iscsi_param *param;
755 struct iscsi_login_req *login_req;
756 struct iscsi_login_rsp *login_rsp;
758 login_req = (struct iscsi_login_req *) login->req;
759 login_rsp = (struct iscsi_login_rsp *) login->rsp;
760 payload_length = ntoh24(login_req->dlength);
762 param = iscsi_find_param_from_key(AUTHMETHOD, conn->param_list);
766 ret = iscsi_decode_text_input(
767 PHASE_SECURITY|PHASE_DECLARATIVE,
768 SENDER_INITIATOR|SENDER_RECEIVER,
776 if (login->auth_complete) {
777 pr_err("Initiator has already been"
778 " successfully authenticated, but is still"
779 " sending %s keys.\n", param->value);
780 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
781 ISCSI_LOGIN_STATUS_INIT_ERR);
788 if (login->first_request)
789 if (iscsi_target_check_first_request(conn, login) < 0)
792 ret = iscsi_encode_text_output(
793 PHASE_SECURITY|PHASE_DECLARATIVE,
801 if (!iscsi_check_negotiated_keys(conn->param_list)) {
802 if (ISCSI_TPG_ATTRIB(ISCSI_TPG_C(conn))->authentication &&
803 !strncmp(param->value, NONE, 4)) {
804 pr_err("Initiator sent AuthMethod=None but"
805 " Target is enforcing iSCSI Authentication,"
807 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
808 ISCSI_LOGIN_STATUS_AUTH_FAILED);
812 if (ISCSI_TPG_ATTRIB(ISCSI_TPG_C(conn))->authentication &&
813 !login->auth_complete)
816 if (strncmp(param->value, NONE, 4) && !login->auth_complete)
819 if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE1) &&
820 (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) {
821 login_rsp->flags |= ISCSI_FLAG_LOGIN_NEXT_STAGE1 |
822 ISCSI_FLAG_LOGIN_TRANSIT;
823 login->current_stage = 1;
829 return iscsi_target_do_authentication(conn, login);
832 static int iscsi_target_handle_csg_one(struct iscsi_conn *conn, struct iscsi_login *login)
836 struct iscsi_login_req *login_req;
837 struct iscsi_login_rsp *login_rsp;
839 login_req = (struct iscsi_login_req *) login->req;
840 login_rsp = (struct iscsi_login_rsp *) login->rsp;
841 payload_length = ntoh24(login_req->dlength);
843 ret = iscsi_decode_text_input(
844 PHASE_OPERATIONAL|PHASE_DECLARATIVE,
845 SENDER_INITIATOR|SENDER_RECEIVER,
850 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
851 ISCSI_LOGIN_STATUS_INIT_ERR);
855 if (login->first_request)
856 if (iscsi_target_check_first_request(conn, login) < 0)
859 if (iscsi_target_check_for_existing_instances(conn, login) < 0)
862 ret = iscsi_encode_text_output(
863 PHASE_OPERATIONAL|PHASE_DECLARATIVE,
869 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
870 ISCSI_LOGIN_STATUS_INIT_ERR);
874 if (!login->auth_complete &&
875 ISCSI_TPG_ATTRIB(ISCSI_TPG_C(conn))->authentication) {
876 pr_err("Initiator is requesting CSG: 1, has not been"
877 " successfully authenticated, and the Target is"
878 " enforcing iSCSI Authentication, login failed.\n");
879 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
880 ISCSI_LOGIN_STATUS_AUTH_FAILED);
884 if (!iscsi_check_negotiated_keys(conn->param_list))
885 if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE3) &&
886 (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT))
887 login_rsp->flags |= ISCSI_FLAG_LOGIN_NEXT_STAGE3 |
888 ISCSI_FLAG_LOGIN_TRANSIT;
893 static int iscsi_target_do_login(struct iscsi_conn *conn, struct iscsi_login *login)
896 struct iscsi_login_req *login_req;
897 struct iscsi_login_rsp *login_rsp;
899 login_req = (struct iscsi_login_req *) login->req;
900 login_rsp = (struct iscsi_login_rsp *) login->rsp;
903 if (++pdu_count > MAX_LOGIN_PDUS) {
904 pr_err("MAX_LOGIN_PDUS count reached.\n");
905 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
906 ISCSI_LOGIN_STATUS_TARGET_ERROR);
910 switch (ISCSI_LOGIN_CURRENT_STAGE(login_req->flags)) {
912 login_rsp->flags &= ~ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK;
913 if (iscsi_target_handle_csg_zero(conn, login) < 0)
917 login_rsp->flags |= ISCSI_FLAG_LOGIN_CURRENT_STAGE1;
918 if (iscsi_target_handle_csg_one(conn, login) < 0)
920 if (login_rsp->flags & ISCSI_FLAG_LOGIN_TRANSIT) {
921 login->tsih = conn->sess->tsih;
922 login->login_complete = 1;
923 iscsi_target_restore_sock_callbacks(conn);
924 if (iscsi_target_do_tx_login_io(conn,
931 pr_err("Illegal CSG: %d received from"
932 " Initiator, protocol error.\n",
933 ISCSI_LOGIN_CURRENT_STAGE(login_req->flags));
937 if (iscsi_target_do_login_io(conn, login) < 0)
940 if (login_rsp->flags & ISCSI_FLAG_LOGIN_TRANSIT) {
941 login_rsp->flags &= ~ISCSI_FLAG_LOGIN_TRANSIT;
942 login_rsp->flags &= ~ISCSI_FLAG_LOGIN_NEXT_STAGE_MASK;
948 struct sock *sk = conn->sock->sk;
951 read_lock_bh(&sk->sk_callback_lock);
952 state = iscsi_target_sk_state_check(sk);
953 read_unlock_bh(&sk->sk_callback_lock);
956 pr_debug("iscsi_target_do_login() failed state for"
957 " conn: %p\n", conn);
965 static void iscsi_initiatorname_tolower(
969 u32 iqn_size = strlen(param_buf), i;
971 for (i = 0; i < iqn_size; i++) {
981 * Processes the first Login Request..
983 int iscsi_target_locate_portal(
985 struct iscsi_conn *conn,
986 struct iscsi_login *login)
988 char *i_buf = NULL, *s_buf = NULL, *t_buf = NULL;
989 char *tmpbuf, *start = NULL, *end = NULL, *key, *value;
990 struct iscsi_session *sess = conn->sess;
991 struct iscsi_tiqn *tiqn;
992 struct iscsi_tpg_np *tpg_np = NULL;
993 struct iscsi_login_req *login_req;
995 int sessiontype = 0, ret = 0;
997 INIT_DELAYED_WORK(&conn->login_work, iscsi_target_do_login_rx);
998 INIT_DELAYED_WORK(&conn->login_cleanup_work, iscsi_target_do_cleanup);
999 iscsi_target_set_sock_callbacks(conn);
1003 login_req = (struct iscsi_login_req *) login->req;
1004 payload_length = ntoh24(login_req->dlength);
1006 tmpbuf = kzalloc(payload_length + 1, GFP_KERNEL);
1008 pr_err("Unable to allocate memory for tmpbuf.\n");
1012 memcpy(tmpbuf, login->req_buf, payload_length);
1013 tmpbuf[payload_length] = '\0';
1015 end = (start + payload_length);
1018 * Locate the initial keys expected from the Initiator node in
1019 * the first login request in order to progress with the login phase.
1021 while (start < end) {
1022 if (iscsi_extract_key_value(start, &key, &value) < 0) {
1027 if (!strncmp(key, "InitiatorName", 13))
1029 else if (!strncmp(key, "SessionType", 11))
1031 else if (!strncmp(key, "TargetName", 10))
1034 start += strlen(key) + strlen(value) + 2;
1037 * See 5.3. Login Phase.
1040 pr_err("InitiatorName key not received"
1041 " in first login request.\n");
1042 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
1043 ISCSI_LOGIN_STATUS_MISSING_FIELDS);
1048 * Convert the incoming InitiatorName to lowercase following
1049 * RFC-3720 3.2.6.1. section c) that says that iSCSI IQNs
1050 * are NOT case sensitive.
1052 iscsi_initiatorname_tolower(i_buf);
1055 if (!login->leading_connection)
1058 pr_err("SessionType key not received"
1059 " in first login request.\n");
1060 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
1061 ISCSI_LOGIN_STATUS_MISSING_FIELDS);
1067 * Use default portal group for discovery sessions.
1069 sessiontype = strncmp(s_buf, DISCOVERY, 9);
1071 conn->tpg = iscsit_global->discovery_tpg;
1072 if (!login->leading_connection)
1075 sess->sess_ops->SessionType = 1;
1077 * Setup crc32c modules from libcrypto
1079 if (iscsi_login_setup_crypto(conn) < 0) {
1080 pr_err("iscsi_login_setup_crypto() failed\n");
1085 * Serialize access across the discovery struct iscsi_portal_group to
1086 * process login attempt.
1088 if (iscsit_access_np(np, conn->tpg) < 0) {
1089 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
1090 ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
1100 pr_err("TargetName key not received"
1101 " in first login request while"
1102 " SessionType=Normal.\n");
1103 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
1104 ISCSI_LOGIN_STATUS_MISSING_FIELDS);
1110 * Locate Target IQN from Storage Node.
1112 tiqn = iscsit_get_tiqn_for_login(t_buf);
1114 pr_err("Unable to locate Target IQN: %s in"
1115 " Storage Node\n", t_buf);
1116 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
1117 ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
1121 pr_debug("Located Storage Object: %s\n", tiqn->tiqn);
1124 * Locate Target Portal Group from Storage Node.
1126 conn->tpg = iscsit_get_tpg_from_np(tiqn, np, &tpg_np);
1128 pr_err("Unable to locate Target Portal Group"
1129 " on %s\n", tiqn->tiqn);
1130 iscsit_put_tiqn_for_login(tiqn);
1131 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
1132 ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
1136 conn->tpg_np = tpg_np;
1137 pr_debug("Located Portal Group Object: %hu\n", conn->tpg->tpgt);
1139 * Setup crc32c modules from libcrypto
1141 if (iscsi_login_setup_crypto(conn) < 0) {
1142 pr_err("iscsi_login_setup_crypto() failed\n");
1143 kref_put(&tpg_np->tpg_np_kref, iscsit_login_kref_put);
1144 iscsit_put_tiqn_for_login(tiqn);
1150 * Serialize access across the struct iscsi_portal_group to
1151 * process login attempt.
1153 if (iscsit_access_np(np, conn->tpg) < 0) {
1154 kref_put(&tpg_np->tpg_np_kref, iscsit_login_kref_put);
1155 iscsit_put_tiqn_for_login(tiqn);
1156 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
1157 ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
1164 * conn->sess->node_acl will be set when the referenced
1165 * struct iscsi_session is located from received ISID+TSIH in
1166 * iscsi_login_non_zero_tsih_s2().
1168 if (!login->leading_connection) {
1174 * This value is required in iscsi_login_zero_tsih_s2()
1176 sess->sess_ops->SessionType = 0;
1179 * Locate incoming Initiator IQN reference from Storage Node.
1181 sess->se_sess->se_node_acl = core_tpg_check_initiator_node_acl(
1182 &conn->tpg->tpg_se_tpg, i_buf);
1183 if (!sess->se_sess->se_node_acl) {
1184 pr_err("iSCSI Initiator Node: %s is not authorized to"
1185 " access iSCSI target portal group: %hu.\n",
1186 i_buf, conn->tpg->tpgt);
1187 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
1188 ISCSI_LOGIN_STATUS_TGT_FORBIDDEN);
1199 int iscsi_target_start_negotiation(
1200 struct iscsi_login *login,
1201 struct iscsi_conn *conn)
1205 ret = iscsi_target_do_login(conn, login);
1208 struct sock *sk = conn->sock->sk;
1210 write_lock_bh(&sk->sk_callback_lock);
1211 set_bit(LOGIN_FLAGS_READY, &conn->login_flags);
1212 write_unlock_bh(&sk->sk_callback_lock);
1214 } else if (ret < 0) {
1215 cancel_delayed_work_sync(&conn->login_work);
1216 cancel_delayed_work_sync(&conn->login_cleanup_work);
1217 iscsi_target_restore_sock_callbacks(conn);
1218 iscsi_remove_failed_auth_entry(conn);
1221 iscsi_target_nego_release(conn);
1226 void iscsi_target_nego_release(struct iscsi_conn *conn)
1228 struct iscsi_login *login = conn->conn_login;
1233 kfree(login->req_buf);
1234 kfree(login->rsp_buf);
1237 conn->conn_login = NULL;
projects / karo-tx-linux.git / blob