1 /*******************************************************************************
2 * This file contains main functions related to iSCSI Parameter negotiation.
4 * (c) Copyright 2007-2013 Datera, Inc.
6 * Author: Nicholas A. Bellinger <nab@linux-iscsi.org>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 ******************************************************************************/
19 #include <linux/ctype.h>
20 #include <linux/kthread.h>
21 #include <linux/slab.h>
22 #include <linux/sched/signal.h>
24 #include <scsi/iscsi_proto.h>
25 #include <target/target_core_base.h>
26 #include <target/target_core_fabric.h>
27 #include <target/iscsi/iscsi_transport.h>
29 #include <target/iscsi/iscsi_target_core.h>
30 #include "iscsi_target_parameters.h"
31 #include "iscsi_target_login.h"
32 #include "iscsi_target_nego.h"
33 #include "iscsi_target_tpg.h"
34 #include "iscsi_target_util.h"
35 #include "iscsi_target.h"
36 #include "iscsi_target_auth.h"
38 #define MAX_LOGIN_PDUS 7
41 void convert_null_to_semi(char *buf, int len)
45 for (i = 0; i < len; i++)
50 static int strlen_semi(char *buf)
54 while (buf[i] != '\0') {
66 unsigned int max_length,
73 if (!in_buf || !pattern || !out_buf || !type)
76 ptr = strstr(in_buf, pattern);
80 ptr = strstr(ptr, "=");
85 if (*ptr == '0' && (*(ptr+1) == 'x' || *(ptr+1) == 'X')) {
86 ptr += 2; /* skip 0x */
91 len = strlen_semi(ptr);
95 if (len >= max_length) {
96 pr_err("Length of input: %d exceeds max_length:"
97 " %d\n", len, max_length);
100 memcpy(out_buf, ptr, len);
106 static u32 iscsi_handle_authentication(
107 struct iscsi_conn *conn,
112 unsigned char *authtype)
114 struct iscsi_session *sess = conn->sess;
115 struct iscsi_node_auth *auth;
116 struct iscsi_node_acl *iscsi_nacl;
117 struct iscsi_portal_group *iscsi_tpg;
118 struct se_node_acl *se_nacl;
120 if (!sess->sess_ops->SessionType) {
122 * For SessionType=Normal
124 se_nacl = conn->sess->se_sess->se_node_acl;
126 pr_err("Unable to locate struct se_node_acl for"
130 iscsi_nacl = container_of(se_nacl, struct iscsi_node_acl,
133 pr_err("Unable to locate struct iscsi_node_acl for"
138 if (se_nacl->dynamic_node_acl) {
139 iscsi_tpg = container_of(se_nacl->se_tpg,
140 struct iscsi_portal_group, tpg_se_tpg);
142 auth = &iscsi_tpg->tpg_demo_auth;
144 iscsi_nacl = container_of(se_nacl, struct iscsi_node_acl,
147 auth = &iscsi_nacl->node_auth;
151 * For SessionType=Discovery
153 auth = &iscsit_global->discovery_acl.node_auth;
156 if (strstr("CHAP", authtype))
157 strcpy(conn->sess->auth_type, "CHAP");
159 strcpy(conn->sess->auth_type, NONE);
161 if (strstr("None", authtype))
164 else if (strstr("SRP", authtype))
165 return srp_main_loop(conn, auth, in_buf, out_buf,
166 &in_length, out_length);
168 else if (strstr("CHAP", authtype))
169 return chap_main_loop(conn, auth, in_buf, out_buf,
170 &in_length, out_length);
171 else if (strstr("SPKM1", authtype))
173 else if (strstr("SPKM2", authtype))
175 else if (strstr("KRB5", authtype))
181 static void iscsi_remove_failed_auth_entry(struct iscsi_conn *conn)
183 kfree(conn->auth_protocol);
186 int iscsi_target_check_login_request(
187 struct iscsi_conn *conn,
188 struct iscsi_login *login)
190 int req_csg, req_nsg;
192 struct iscsi_login_req *login_req;
194 login_req = (struct iscsi_login_req *) login->req;
195 payload_length = ntoh24(login_req->dlength);
197 switch (login_req->opcode & ISCSI_OPCODE_MASK) {
201 pr_err("Received unknown opcode 0x%02x.\n",
202 login_req->opcode & ISCSI_OPCODE_MASK);
203 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
204 ISCSI_LOGIN_STATUS_INIT_ERR);
208 if ((login_req->flags & ISCSI_FLAG_LOGIN_CONTINUE) &&
209 (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) {
210 pr_err("Login request has both ISCSI_FLAG_LOGIN_CONTINUE"
211 " and ISCSI_FLAG_LOGIN_TRANSIT set, protocol error.\n");
212 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
213 ISCSI_LOGIN_STATUS_INIT_ERR);
217 req_csg = ISCSI_LOGIN_CURRENT_STAGE(login_req->flags);
218 req_nsg = ISCSI_LOGIN_NEXT_STAGE(login_req->flags);
220 if (req_csg != login->current_stage) {
221 pr_err("Initiator unexpectedly changed login stage"
222 " from %d to %d, login failed.\n", login->current_stage,
224 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
225 ISCSI_LOGIN_STATUS_INIT_ERR);
229 if ((req_nsg == 2) || (req_csg >= 2) ||
230 ((login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT) &&
231 (req_nsg <= req_csg))) {
232 pr_err("Illegal login_req->flags Combination, CSG: %d,"
233 " NSG: %d, ISCSI_FLAG_LOGIN_TRANSIT: %d.\n", req_csg,
234 req_nsg, (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT));
235 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
236 ISCSI_LOGIN_STATUS_INIT_ERR);
240 if ((login_req->max_version != login->version_max) ||
241 (login_req->min_version != login->version_min)) {
242 pr_err("Login request changed Version Max/Nin"
243 " unexpectedly to 0x%02x/0x%02x, protocol error\n",
244 login_req->max_version, login_req->min_version);
245 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
246 ISCSI_LOGIN_STATUS_INIT_ERR);
250 if (memcmp(login_req->isid, login->isid, 6) != 0) {
251 pr_err("Login request changed ISID unexpectedly,"
252 " protocol error.\n");
253 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
254 ISCSI_LOGIN_STATUS_INIT_ERR);
258 if (login_req->itt != login->init_task_tag) {
259 pr_err("Login request changed ITT unexpectedly to"
260 " 0x%08x, protocol error.\n", login_req->itt);
261 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
262 ISCSI_LOGIN_STATUS_INIT_ERR);
266 if (payload_length > MAX_KEY_VALUE_PAIRS) {
267 pr_err("Login request payload exceeds default"
268 " MaxRecvDataSegmentLength: %u, protocol error.\n",
269 MAX_KEY_VALUE_PAIRS);
275 EXPORT_SYMBOL(iscsi_target_check_login_request);
277 static int iscsi_target_check_first_request(
278 struct iscsi_conn *conn,
279 struct iscsi_login *login)
281 struct iscsi_param *param = NULL;
282 struct se_node_acl *se_nacl;
284 login->first_request = 0;
286 list_for_each_entry(param, &conn->param_list->param_list, p_list) {
287 if (!strncmp(param->name, SESSIONTYPE, 11)) {
288 if (!IS_PSTATE_ACCEPTOR(param)) {
289 pr_err("SessionType key not received"
290 " in first login request.\n");
291 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
292 ISCSI_LOGIN_STATUS_MISSING_FIELDS);
295 if (!strncmp(param->value, DISCOVERY, 9))
299 if (!strncmp(param->name, INITIATORNAME, 13)) {
300 if (!IS_PSTATE_ACCEPTOR(param)) {
301 if (!login->leading_connection)
304 pr_err("InitiatorName key not received"
305 " in first login request.\n");
306 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
307 ISCSI_LOGIN_STATUS_MISSING_FIELDS);
312 * For non-leading connections, double check that the
313 * received InitiatorName matches the existing session's
314 * struct iscsi_node_acl.
316 if (!login->leading_connection) {
317 se_nacl = conn->sess->se_sess->se_node_acl;
319 pr_err("Unable to locate"
320 " struct se_node_acl\n");
321 iscsit_tx_login_rsp(conn,
322 ISCSI_STATUS_CLS_INITIATOR_ERR,
323 ISCSI_LOGIN_STATUS_TGT_NOT_FOUND);
327 if (strcmp(param->value,
328 se_nacl->initiatorname)) {
330 " InitiatorName: %s for this"
331 " iSCSI Initiator Node.\n",
333 iscsit_tx_login_rsp(conn,
334 ISCSI_STATUS_CLS_INITIATOR_ERR,
335 ISCSI_LOGIN_STATUS_TGT_NOT_FOUND);
345 static int iscsi_target_do_tx_login_io(struct iscsi_conn *conn, struct iscsi_login *login)
348 struct iscsi_login_rsp *login_rsp;
350 login_rsp = (struct iscsi_login_rsp *) login->rsp;
352 login_rsp->opcode = ISCSI_OP_LOGIN_RSP;
353 hton24(login_rsp->dlength, login->rsp_length);
354 memcpy(login_rsp->isid, login->isid, 6);
355 login_rsp->tsih = cpu_to_be16(login->tsih);
356 login_rsp->itt = login->init_task_tag;
357 login_rsp->statsn = cpu_to_be32(conn->stat_sn++);
358 login_rsp->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
359 login_rsp->max_cmdsn = cpu_to_be32((u32) atomic_read(&conn->sess->max_cmd_sn));
361 pr_debug("Sending Login Response, Flags: 0x%02x, ITT: 0x%08x,"
362 " ExpCmdSN; 0x%08x, MaxCmdSN: 0x%08x, StatSN: 0x%08x, Length:"
363 " %u\n", login_rsp->flags, (__force u32)login_rsp->itt,
364 ntohl(login_rsp->exp_cmdsn), ntohl(login_rsp->max_cmdsn),
365 ntohl(login_rsp->statsn), login->rsp_length);
367 padding = ((-login->rsp_length) & 3);
369 * Before sending the last login response containing the transition
370 * bit for full-feature-phase, go ahead and start up TX/RX threads
371 * now to avoid potential resource allocation failures after the
372 * final login response has been sent.
374 if (login->login_complete) {
375 int rc = iscsit_start_kthreads(conn);
377 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
378 ISCSI_LOGIN_STATUS_NO_RESOURCES);
383 if (conn->conn_transport->iscsit_put_login_tx(conn, login,
384 login->rsp_length + padding) < 0)
387 login->rsp_length = 0;
392 if (login->login_complete) {
393 if (conn->rx_thread && conn->rx_thread_active) {
394 send_sig(SIGINT, conn->rx_thread, 1);
395 complete(&conn->rx_login_comp);
396 kthread_stop(conn->rx_thread);
398 if (conn->tx_thread && conn->tx_thread_active) {
399 send_sig(SIGINT, conn->tx_thread, 1);
400 kthread_stop(conn->tx_thread);
402 spin_lock(&iscsit_global->ts_bitmap_lock);
403 bitmap_release_region(iscsit_global->ts_bitmap, conn->bitmap_id,
405 spin_unlock(&iscsit_global->ts_bitmap_lock);
410 static void iscsi_target_sk_data_ready(struct sock *sk)
412 struct iscsi_conn *conn = sk->sk_user_data;
415 pr_debug("Entering iscsi_target_sk_data_ready: conn: %p\n", conn);
417 write_lock_bh(&sk->sk_callback_lock);
418 if (!sk->sk_user_data) {
419 write_unlock_bh(&sk->sk_callback_lock);
422 if (!test_bit(LOGIN_FLAGS_READY, &conn->login_flags)) {
423 write_unlock_bh(&sk->sk_callback_lock);
424 pr_debug("Got LOGIN_FLAGS_READY=0, conn: %p >>>>\n", conn);
427 if (test_bit(LOGIN_FLAGS_CLOSED, &conn->login_flags)) {
428 write_unlock_bh(&sk->sk_callback_lock);
429 pr_debug("Got LOGIN_FLAGS_CLOSED=1, conn: %p >>>>\n", conn);
432 if (test_and_set_bit(LOGIN_FLAGS_READ_ACTIVE, &conn->login_flags)) {
433 write_unlock_bh(&sk->sk_callback_lock);
434 pr_debug("Got LOGIN_FLAGS_READ_ACTIVE=1, conn: %p >>>>\n", conn);
438 rc = schedule_delayed_work(&conn->login_work, 0);
440 pr_debug("iscsi_target_sk_data_ready, schedule_delayed_work"
443 write_unlock_bh(&sk->sk_callback_lock);
446 static void iscsi_target_sk_state_change(struct sock *);
448 static void iscsi_target_set_sock_callbacks(struct iscsi_conn *conn)
456 pr_debug("Entering iscsi_target_set_sock_callbacks: conn: %p\n", conn);
458 write_lock_bh(&sk->sk_callback_lock);
459 sk->sk_user_data = conn;
460 conn->orig_data_ready = sk->sk_data_ready;
461 conn->orig_state_change = sk->sk_state_change;
462 sk->sk_data_ready = iscsi_target_sk_data_ready;
463 sk->sk_state_change = iscsi_target_sk_state_change;
464 write_unlock_bh(&sk->sk_callback_lock);
466 sk->sk_sndtimeo = TA_LOGIN_TIMEOUT * HZ;
467 sk->sk_rcvtimeo = TA_LOGIN_TIMEOUT * HZ;
470 static void iscsi_target_restore_sock_callbacks(struct iscsi_conn *conn)
478 pr_debug("Entering iscsi_target_restore_sock_callbacks: conn: %p\n", conn);
480 write_lock_bh(&sk->sk_callback_lock);
481 if (!sk->sk_user_data) {
482 write_unlock_bh(&sk->sk_callback_lock);
485 sk->sk_user_data = NULL;
486 sk->sk_data_ready = conn->orig_data_ready;
487 sk->sk_state_change = conn->orig_state_change;
488 write_unlock_bh(&sk->sk_callback_lock);
490 sk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
491 sk->sk_rcvtimeo = MAX_SCHEDULE_TIMEOUT;
494 static int iscsi_target_do_login(struct iscsi_conn *, struct iscsi_login *);
496 static bool iscsi_target_sk_state_check(struct sock *sk)
498 if (sk->sk_state == TCP_CLOSE_WAIT || sk->sk_state == TCP_CLOSE) {
499 pr_debug("iscsi_target_sk_state_check: TCP_CLOSE_WAIT|TCP_CLOSE,"
500 "returning FALSE\n");
506 static void iscsi_target_login_drop(struct iscsi_conn *conn, struct iscsi_login *login)
508 struct iscsi_np *np = login->np;
509 bool zero_tsih = login->zero_tsih;
511 iscsi_remove_failed_auth_entry(conn);
512 iscsi_target_nego_release(conn);
513 iscsi_target_login_sess_out(conn, np, zero_tsih, true);
516 static void iscsi_target_login_timeout(unsigned long data)
518 struct iscsi_conn *conn = (struct iscsi_conn *)data;
520 pr_debug("Entering iscsi_target_login_timeout >>>>>>>>>>>>>>>>>>>\n");
522 if (conn->login_kworker) {
523 pr_debug("Sending SIGINT to conn->login_kworker %s/%d\n",
524 conn->login_kworker->comm, conn->login_kworker->pid);
525 send_sig(SIGINT, conn->login_kworker, 1);
529 static void iscsi_target_do_login_rx(struct work_struct *work)
531 struct iscsi_conn *conn = container_of(work,
532 struct iscsi_conn, login_work.work);
533 struct iscsi_login *login = conn->login;
534 struct iscsi_np *np = login->np;
535 struct iscsi_portal_group *tpg = conn->tpg;
536 struct iscsi_tpg_np *tpg_np = conn->tpg_np;
537 struct timer_list login_timer;
538 int rc, zero_tsih = login->zero_tsih;
541 pr_debug("entering iscsi_target_do_login_rx, conn: %p, %s:%d\n",
542 conn, current->comm, current->pid);
544 spin_lock(&tpg->tpg_state_lock);
545 state = (tpg->tpg_state == TPG_STATE_ACTIVE);
546 spin_unlock(&tpg->tpg_state_lock);
549 pr_debug("iscsi_target_do_login_rx: tpg_state != TPG_STATE_ACTIVE\n");
550 iscsi_target_restore_sock_callbacks(conn);
551 iscsi_target_login_drop(conn, login);
552 iscsit_deaccess_np(np, tpg, tpg_np);
557 struct sock *sk = conn->sock->sk;
559 read_lock_bh(&sk->sk_callback_lock);
560 state = iscsi_target_sk_state_check(sk);
561 read_unlock_bh(&sk->sk_callback_lock);
564 pr_debug("iscsi_target_do_login_rx, TCP state CLOSE\n");
565 iscsi_target_restore_sock_callbacks(conn);
566 iscsi_target_login_drop(conn, login);
567 iscsit_deaccess_np(np, tpg, tpg_np);
572 conn->login_kworker = current;
573 allow_signal(SIGINT);
575 init_timer(&login_timer);
576 login_timer.expires = (get_jiffies_64() + TA_LOGIN_TIMEOUT * HZ);
577 login_timer.data = (unsigned long)conn;
578 login_timer.function = iscsi_target_login_timeout;
579 add_timer(&login_timer);
580 pr_debug("Starting login_timer for %s/%d\n", current->comm, current->pid);
582 rc = conn->conn_transport->iscsit_get_login_rx(conn, login);
583 del_timer_sync(&login_timer);
584 flush_signals(current);
585 conn->login_kworker = NULL;
588 iscsi_target_restore_sock_callbacks(conn);
589 iscsi_target_login_drop(conn, login);
590 iscsit_deaccess_np(np, tpg, tpg_np);
594 pr_debug("iscsi_target_do_login_rx after rx_login_io, %p, %s:%d\n",
595 conn, current->comm, current->pid);
597 rc = iscsi_target_do_login(conn, login);
599 iscsi_target_restore_sock_callbacks(conn);
600 iscsi_target_login_drop(conn, login);
601 iscsit_deaccess_np(np, tpg, tpg_np);
604 struct sock *sk = conn->sock->sk;
606 write_lock_bh(&sk->sk_callback_lock);
607 clear_bit(LOGIN_FLAGS_READ_ACTIVE, &conn->login_flags);
608 write_unlock_bh(&sk->sk_callback_lock);
610 } else if (rc == 1) {
611 iscsi_target_nego_release(conn);
612 iscsi_post_login_handler(np, conn, zero_tsih);
613 iscsit_deaccess_np(np, tpg, tpg_np);
617 static void iscsi_target_do_cleanup(struct work_struct *work)
619 struct iscsi_conn *conn = container_of(work,
620 struct iscsi_conn, login_cleanup_work.work);
621 struct sock *sk = conn->sock->sk;
622 struct iscsi_login *login = conn->login;
623 struct iscsi_np *np = login->np;
624 struct iscsi_portal_group *tpg = conn->tpg;
625 struct iscsi_tpg_np *tpg_np = conn->tpg_np;
627 pr_debug("Entering iscsi_target_do_cleanup\n");
629 cancel_delayed_work_sync(&conn->login_work);
630 conn->orig_state_change(sk);
632 iscsi_target_restore_sock_callbacks(conn);
633 iscsi_target_login_drop(conn, login);
634 iscsit_deaccess_np(np, tpg, tpg_np);
636 pr_debug("iscsi_target_do_cleanup done()\n");
639 static void iscsi_target_sk_state_change(struct sock *sk)
641 struct iscsi_conn *conn;
642 void (*orig_state_change)(struct sock *);
645 pr_debug("Entering iscsi_target_sk_state_change\n");
647 write_lock_bh(&sk->sk_callback_lock);
648 conn = sk->sk_user_data;
650 write_unlock_bh(&sk->sk_callback_lock);
653 orig_state_change = conn->orig_state_change;
655 if (!test_bit(LOGIN_FLAGS_READY, &conn->login_flags)) {
656 pr_debug("Got LOGIN_FLAGS_READY=0 sk_state_change conn: %p\n",
658 write_unlock_bh(&sk->sk_callback_lock);
659 orig_state_change(sk);
662 if (test_bit(LOGIN_FLAGS_READ_ACTIVE, &conn->login_flags)) {
663 pr_debug("Got LOGIN_FLAGS_READ_ACTIVE=1 sk_state_change"
664 " conn: %p\n", conn);
665 write_unlock_bh(&sk->sk_callback_lock);
666 orig_state_change(sk);
669 if (test_and_set_bit(LOGIN_FLAGS_CLOSED, &conn->login_flags)) {
670 pr_debug("Got LOGIN_FLAGS_CLOSED=1 sk_state_change conn: %p\n",
672 write_unlock_bh(&sk->sk_callback_lock);
673 orig_state_change(sk);
677 state = iscsi_target_sk_state_check(sk);
678 write_unlock_bh(&sk->sk_callback_lock);
680 pr_debug("iscsi_target_sk_state_change: state: %d\n", state);
683 pr_debug("iscsi_target_sk_state_change got failed state\n");
684 schedule_delayed_work(&conn->login_cleanup_work, 0);
687 orig_state_change(sk);
691 * NOTE: We check for existing sessions or connections AFTER the initiator
692 * has been successfully authenticated in order to protect against faked
693 * ISID/TSIH combinations.
695 static int iscsi_target_check_for_existing_instances(
696 struct iscsi_conn *conn,
697 struct iscsi_login *login)
699 if (login->checked_for_existing)
702 login->checked_for_existing = 1;
705 return iscsi_check_for_session_reinstatement(conn);
707 return iscsi_login_post_auth_non_zero_tsih(conn, login->cid,
708 login->initial_exp_statsn);
711 static int iscsi_target_do_authentication(
712 struct iscsi_conn *conn,
713 struct iscsi_login *login)
717 struct iscsi_param *param;
718 struct iscsi_login_req *login_req;
719 struct iscsi_login_rsp *login_rsp;
721 login_req = (struct iscsi_login_req *) login->req;
722 login_rsp = (struct iscsi_login_rsp *) login->rsp;
723 payload_length = ntoh24(login_req->dlength);
725 param = iscsi_find_param_from_key(AUTHMETHOD, conn->param_list);
729 authret = iscsi_handle_authentication(
738 pr_debug("Received OK response"
739 " from LIO Authentication, continuing.\n");
742 pr_debug("iSCSI security negotiation"
743 " completed successfully.\n");
744 login->auth_complete = 1;
745 if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE1) &&
746 (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) {
747 login_rsp->flags |= (ISCSI_FLAG_LOGIN_NEXT_STAGE1 |
748 ISCSI_FLAG_LOGIN_TRANSIT);
749 login->current_stage = 1;
751 return iscsi_target_check_for_existing_instances(
754 pr_err("Security negotiation"
756 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
757 ISCSI_LOGIN_STATUS_AUTH_FAILED);
760 pr_err("Received unknown error %d from LIO"
761 " Authentication\n", authret);
762 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
763 ISCSI_LOGIN_STATUS_TARGET_ERROR);
770 static int iscsi_target_handle_csg_zero(
771 struct iscsi_conn *conn,
772 struct iscsi_login *login)
776 struct iscsi_param *param;
777 struct iscsi_login_req *login_req;
778 struct iscsi_login_rsp *login_rsp;
780 login_req = (struct iscsi_login_req *) login->req;
781 login_rsp = (struct iscsi_login_rsp *) login->rsp;
782 payload_length = ntoh24(login_req->dlength);
784 param = iscsi_find_param_from_key(AUTHMETHOD, conn->param_list);
788 ret = iscsi_decode_text_input(
789 PHASE_SECURITY|PHASE_DECLARATIVE,
790 SENDER_INITIATOR|SENDER_RECEIVER,
798 if (login->auth_complete) {
799 pr_err("Initiator has already been"
800 " successfully authenticated, but is still"
801 " sending %s keys.\n", param->value);
802 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
803 ISCSI_LOGIN_STATUS_INIT_ERR);
808 } else if (!payload_length) {
809 pr_err("Initiator sent zero length security payload,"
811 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
812 ISCSI_LOGIN_STATUS_AUTH_FAILED);
816 if (login->first_request)
817 if (iscsi_target_check_first_request(conn, login) < 0)
820 ret = iscsi_encode_text_output(
821 PHASE_SECURITY|PHASE_DECLARATIVE,
829 if (!iscsi_check_negotiated_keys(conn->param_list)) {
830 if (conn->tpg->tpg_attrib.authentication &&
831 !strncmp(param->value, NONE, 4)) {
832 pr_err("Initiator sent AuthMethod=None but"
833 " Target is enforcing iSCSI Authentication,"
835 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
836 ISCSI_LOGIN_STATUS_AUTH_FAILED);
840 if (conn->tpg->tpg_attrib.authentication &&
841 !login->auth_complete)
844 if (strncmp(param->value, NONE, 4) && !login->auth_complete)
847 if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE1) &&
848 (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) {
849 login_rsp->flags |= ISCSI_FLAG_LOGIN_NEXT_STAGE1 |
850 ISCSI_FLAG_LOGIN_TRANSIT;
851 login->current_stage = 1;
857 return iscsi_target_do_authentication(conn, login);
860 static int iscsi_target_handle_csg_one(struct iscsi_conn *conn, struct iscsi_login *login)
864 struct iscsi_login_req *login_req;
865 struct iscsi_login_rsp *login_rsp;
867 login_req = (struct iscsi_login_req *) login->req;
868 login_rsp = (struct iscsi_login_rsp *) login->rsp;
869 payload_length = ntoh24(login_req->dlength);
871 ret = iscsi_decode_text_input(
872 PHASE_OPERATIONAL|PHASE_DECLARATIVE,
873 SENDER_INITIATOR|SENDER_RECEIVER,
878 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
879 ISCSI_LOGIN_STATUS_INIT_ERR);
883 if (login->first_request)
884 if (iscsi_target_check_first_request(conn, login) < 0)
887 if (iscsi_target_check_for_existing_instances(conn, login) < 0)
890 ret = iscsi_encode_text_output(
891 PHASE_OPERATIONAL|PHASE_DECLARATIVE,
897 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
898 ISCSI_LOGIN_STATUS_INIT_ERR);
902 if (!login->auth_complete &&
903 conn->tpg->tpg_attrib.authentication) {
904 pr_err("Initiator is requesting CSG: 1, has not been"
905 " successfully authenticated, and the Target is"
906 " enforcing iSCSI Authentication, login failed.\n");
907 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
908 ISCSI_LOGIN_STATUS_AUTH_FAILED);
912 if (!iscsi_check_negotiated_keys(conn->param_list))
913 if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE3) &&
914 (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT))
915 login_rsp->flags |= ISCSI_FLAG_LOGIN_NEXT_STAGE3 |
916 ISCSI_FLAG_LOGIN_TRANSIT;
921 static int iscsi_target_do_login(struct iscsi_conn *conn, struct iscsi_login *login)
924 struct iscsi_login_req *login_req;
925 struct iscsi_login_rsp *login_rsp;
927 login_req = (struct iscsi_login_req *) login->req;
928 login_rsp = (struct iscsi_login_rsp *) login->rsp;
931 if (++pdu_count > MAX_LOGIN_PDUS) {
932 pr_err("MAX_LOGIN_PDUS count reached.\n");
933 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
934 ISCSI_LOGIN_STATUS_TARGET_ERROR);
938 switch (ISCSI_LOGIN_CURRENT_STAGE(login_req->flags)) {
940 login_rsp->flags &= ~ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK;
941 if (iscsi_target_handle_csg_zero(conn, login) < 0)
945 login_rsp->flags |= ISCSI_FLAG_LOGIN_CURRENT_STAGE1;
946 if (iscsi_target_handle_csg_one(conn, login) < 0)
948 if (login_rsp->flags & ISCSI_FLAG_LOGIN_TRANSIT) {
949 login->tsih = conn->sess->tsih;
950 login->login_complete = 1;
951 iscsi_target_restore_sock_callbacks(conn);
952 if (iscsi_target_do_tx_login_io(conn,
959 pr_err("Illegal CSG: %d received from"
960 " Initiator, protocol error.\n",
961 ISCSI_LOGIN_CURRENT_STAGE(login_req->flags));
965 if (iscsi_target_do_tx_login_io(conn, login) < 0)
968 if (login_rsp->flags & ISCSI_FLAG_LOGIN_TRANSIT) {
969 login_rsp->flags &= ~ISCSI_FLAG_LOGIN_TRANSIT;
970 login_rsp->flags &= ~ISCSI_FLAG_LOGIN_NEXT_STAGE_MASK;
976 struct sock *sk = conn->sock->sk;
979 read_lock_bh(&sk->sk_callback_lock);
980 state = iscsi_target_sk_state_check(sk);
981 read_unlock_bh(&sk->sk_callback_lock);
984 pr_debug("iscsi_target_do_login() failed state for"
985 " conn: %p\n", conn);
993 static void iscsi_initiatorname_tolower(
997 u32 iqn_size = strlen(param_buf), i;
999 for (i = 0; i < iqn_size; i++) {
1009 * Processes the first Login Request..
1011 int iscsi_target_locate_portal(
1012 struct iscsi_np *np,
1013 struct iscsi_conn *conn,
1014 struct iscsi_login *login)
1016 char *i_buf = NULL, *s_buf = NULL, *t_buf = NULL;
1017 char *tmpbuf, *start = NULL, *end = NULL, *key, *value;
1018 struct iscsi_session *sess = conn->sess;
1019 struct iscsi_tiqn *tiqn;
1020 struct iscsi_tpg_np *tpg_np = NULL;
1021 struct iscsi_login_req *login_req;
1022 struct se_node_acl *se_nacl;
1023 u32 payload_length, queue_depth = 0;
1024 int sessiontype = 0, ret = 0, tag_num, tag_size;
1026 INIT_DELAYED_WORK(&conn->login_work, iscsi_target_do_login_rx);
1027 INIT_DELAYED_WORK(&conn->login_cleanup_work, iscsi_target_do_cleanup);
1028 iscsi_target_set_sock_callbacks(conn);
1032 login_req = (struct iscsi_login_req *) login->req;
1033 payload_length = ntoh24(login_req->dlength);
1035 tmpbuf = kzalloc(payload_length + 1, GFP_KERNEL);
1037 pr_err("Unable to allocate memory for tmpbuf.\n");
1041 memcpy(tmpbuf, login->req_buf, payload_length);
1042 tmpbuf[payload_length] = '\0';
1044 end = (start + payload_length);
1047 * Locate the initial keys expected from the Initiator node in
1048 * the first login request in order to progress with the login phase.
1050 while (start < end) {
1051 if (iscsi_extract_key_value(start, &key, &value) < 0) {
1056 if (!strncmp(key, "InitiatorName", 13))
1058 else if (!strncmp(key, "SessionType", 11))
1060 else if (!strncmp(key, "TargetName", 10))
1063 start += strlen(key) + strlen(value) + 2;
1066 * See 5.3. Login Phase.
1069 pr_err("InitiatorName key not received"
1070 " in first login request.\n");
1071 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
1072 ISCSI_LOGIN_STATUS_MISSING_FIELDS);
1077 * Convert the incoming InitiatorName to lowercase following
1078 * RFC-3720 3.2.6.1. section c) that says that iSCSI IQNs
1079 * are NOT case sensitive.
1081 iscsi_initiatorname_tolower(i_buf);
1084 if (!login->leading_connection)
1087 pr_err("SessionType key not received"
1088 " in first login request.\n");
1089 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
1090 ISCSI_LOGIN_STATUS_MISSING_FIELDS);
1096 * Use default portal group for discovery sessions.
1098 sessiontype = strncmp(s_buf, DISCOVERY, 9);
1100 conn->tpg = iscsit_global->discovery_tpg;
1101 if (!login->leading_connection)
1104 sess->sess_ops->SessionType = 1;
1106 * Setup crc32c modules from libcrypto
1108 if (iscsi_login_setup_crypto(conn) < 0) {
1109 pr_err("iscsi_login_setup_crypto() failed\n");
1114 * Serialize access across the discovery struct iscsi_portal_group to
1115 * process login attempt.
1117 if (iscsit_access_np(np, conn->tpg) < 0) {
1118 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
1119 ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
1129 pr_err("TargetName key not received"
1130 " in first login request while"
1131 " SessionType=Normal.\n");
1132 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
1133 ISCSI_LOGIN_STATUS_MISSING_FIELDS);
1139 * Locate Target IQN from Storage Node.
1141 tiqn = iscsit_get_tiqn_for_login(t_buf);
1143 pr_err("Unable to locate Target IQN: %s in"
1144 " Storage Node\n", t_buf);
1145 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
1146 ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
1150 pr_debug("Located Storage Object: %s\n", tiqn->tiqn);
1153 * Locate Target Portal Group from Storage Node.
1155 conn->tpg = iscsit_get_tpg_from_np(tiqn, np, &tpg_np);
1157 pr_err("Unable to locate Target Portal Group"
1158 " on %s\n", tiqn->tiqn);
1159 iscsit_put_tiqn_for_login(tiqn);
1160 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
1161 ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
1165 conn->tpg_np = tpg_np;
1166 pr_debug("Located Portal Group Object: %hu\n", conn->tpg->tpgt);
1168 * Setup crc32c modules from libcrypto
1170 if (iscsi_login_setup_crypto(conn) < 0) {
1171 pr_err("iscsi_login_setup_crypto() failed\n");
1172 kref_put(&tpg_np->tpg_np_kref, iscsit_login_kref_put);
1173 iscsit_put_tiqn_for_login(tiqn);
1179 * Serialize access across the struct iscsi_portal_group to
1180 * process login attempt.
1182 if (iscsit_access_np(np, conn->tpg) < 0) {
1183 kref_put(&tpg_np->tpg_np_kref, iscsit_login_kref_put);
1184 iscsit_put_tiqn_for_login(tiqn);
1185 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
1186 ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
1193 * conn->sess->node_acl will be set when the referenced
1194 * struct iscsi_session is located from received ISID+TSIH in
1195 * iscsi_login_non_zero_tsih_s2().
1197 if (!login->leading_connection) {
1203 * This value is required in iscsi_login_zero_tsih_s2()
1205 sess->sess_ops->SessionType = 0;
1208 * Locate incoming Initiator IQN reference from Storage Node.
1210 sess->se_sess->se_node_acl = core_tpg_check_initiator_node_acl(
1211 &conn->tpg->tpg_se_tpg, i_buf);
1212 if (!sess->se_sess->se_node_acl) {
1213 pr_err("iSCSI Initiator Node: %s is not authorized to"
1214 " access iSCSI target portal group: %hu.\n",
1215 i_buf, conn->tpg->tpgt);
1216 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
1217 ISCSI_LOGIN_STATUS_TGT_FORBIDDEN);
1221 se_nacl = sess->se_sess->se_node_acl;
1222 queue_depth = se_nacl->queue_depth;
1224 * Setup pre-allocated tags based upon allowed per NodeACL CmdSN
1225 * depth for non immediate commands, plus extra tags for immediate
1228 * Also enforce a ISCSIT_MIN_TAGS to prevent unnecessary contention
1229 * in per-cpu-ida tag allocation logic + small queue_depth.
1232 tag_num = max_t(u32, ISCSIT_MIN_TAGS, queue_depth);
1233 tag_num = (tag_num * 2) + ISCSIT_EXTRA_TAGS;
1234 tag_size = sizeof(struct iscsi_cmd) + conn->conn_transport->priv_size;
1236 ret = transport_alloc_session_tags(sess->se_sess, tag_num, tag_size);
1238 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
1239 ISCSI_LOGIN_STATUS_NO_RESOURCES);
1247 int iscsi_target_start_negotiation(
1248 struct iscsi_login *login,
1249 struct iscsi_conn *conn)
1254 struct sock *sk = conn->sock->sk;
1256 write_lock_bh(&sk->sk_callback_lock);
1257 set_bit(LOGIN_FLAGS_READY, &conn->login_flags);
1258 write_unlock_bh(&sk->sk_callback_lock);
1261 ret = iscsi_target_do_login(conn, login);
1263 cancel_delayed_work_sync(&conn->login_work);
1264 cancel_delayed_work_sync(&conn->login_cleanup_work);
1265 iscsi_target_restore_sock_callbacks(conn);
1266 iscsi_remove_failed_auth_entry(conn);
1269 iscsi_target_nego_release(conn);
1274 void iscsi_target_nego_release(struct iscsi_conn *conn)
1276 struct iscsi_login *login = conn->conn_login;
1281 kfree(login->req_buf);
1282 kfree(login->rsp_buf);
1285 conn->conn_login = NULL;
git.samba.org / sfrench / cifs-2.6.git / blob