1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*******************************************************************************
3 * This file contains main functions related to iSCSI Parameter negotiation.
5 * (c) Copyright 2007-2013 Datera, Inc.
7 * Author: Nicholas A. Bellinger <nab@linux-iscsi.org>
9 ******************************************************************************/
11 #include <linux/ctype.h>
12 #include <linux/kthread.h>
13 #include <linux/slab.h>
14 #include <linux/sched/signal.h>
16 #include <trace/events/sock.h>
17 #include <scsi/iscsi_proto.h>
18 #include <target/target_core_base.h>
19 #include <target/target_core_fabric.h>
20 #include <target/iscsi/iscsi_transport.h>
22 #include <target/iscsi/iscsi_target_core.h>
23 #include "iscsi_target_parameters.h"
24 #include "iscsi_target_login.h"
25 #include "iscsi_target_nego.h"
26 #include "iscsi_target_tpg.h"
27 #include "iscsi_target_util.h"
28 #include "iscsi_target.h"
29 #include "iscsi_target_auth.h"
31 #define MAX_LOGIN_PDUS 7
33 void convert_null_to_semi(char *buf, int len)
37 for (i = 0; i < len; i++)
42 static int strlen_semi(char *buf)
46 while (buf[i] != '\0') {
58 unsigned int max_length,
65 if (!in_buf || !pattern || !out_buf || !type)
68 ptr = strstr(in_buf, pattern);
72 ptr = strstr(ptr, "=");
77 if (*ptr == '0' && (*(ptr+1) == 'x' || *(ptr+1) == 'X')) {
78 ptr += 2; /* skip 0x */
80 } else if (*ptr == '0' && (*(ptr+1) == 'b' || *(ptr+1) == 'B')) {
81 ptr += 2; /* skip 0b */
86 len = strlen_semi(ptr);
90 if (len >= max_length) {
91 pr_err("Length of input: %d exceeds max_length:"
92 " %d\n", len, max_length);
95 memcpy(out_buf, ptr, len);
101 static struct iscsi_node_auth *iscsi_get_node_auth(struct iscsit_conn *conn)
103 struct iscsi_portal_group *tpg;
104 struct iscsi_node_acl *nacl;
105 struct se_node_acl *se_nacl;
107 if (conn->sess->sess_ops->SessionType)
108 return &iscsit_global->discovery_acl.node_auth;
110 se_nacl = conn->sess->se_sess->se_node_acl;
112 pr_err("Unable to locate struct se_node_acl for CHAP auth\n");
116 if (se_nacl->dynamic_node_acl) {
117 tpg = to_iscsi_tpg(se_nacl->se_tpg);
118 return &tpg->tpg_demo_auth;
121 nacl = to_iscsi_nacl(se_nacl);
123 return &nacl->node_auth;
126 static u32 iscsi_handle_authentication(
127 struct iscsit_conn *conn,
132 unsigned char *authtype)
134 struct iscsi_node_auth *auth;
136 auth = iscsi_get_node_auth(conn);
140 if (strstr("CHAP", authtype))
141 strcpy(conn->sess->auth_type, "CHAP");
143 strcpy(conn->sess->auth_type, NONE);
145 if (strstr("None", authtype))
147 else if (strstr("CHAP", authtype))
148 return chap_main_loop(conn, auth, in_buf, out_buf,
149 &in_length, out_length);
150 /* SRP, SPKM1, SPKM2 and KRB5 are unsupported */
154 static void iscsi_remove_failed_auth_entry(struct iscsit_conn *conn)
156 kfree(conn->auth_protocol);
159 int iscsi_target_check_login_request(
160 struct iscsit_conn *conn,
161 struct iscsi_login *login)
163 int req_csg, req_nsg;
165 struct iscsi_login_req *login_req;
167 login_req = (struct iscsi_login_req *) login->req;
168 payload_length = ntoh24(login_req->dlength);
170 switch (login_req->opcode & ISCSI_OPCODE_MASK) {
174 pr_err("Received unknown opcode 0x%02x.\n",
175 login_req->opcode & ISCSI_OPCODE_MASK);
176 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
177 ISCSI_LOGIN_STATUS_INIT_ERR);
181 if ((login_req->flags & ISCSI_FLAG_LOGIN_CONTINUE) &&
182 (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) {
183 pr_err("Login request has both ISCSI_FLAG_LOGIN_CONTINUE"
184 " and ISCSI_FLAG_LOGIN_TRANSIT set, protocol error.\n");
185 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
186 ISCSI_LOGIN_STATUS_INIT_ERR);
190 req_csg = ISCSI_LOGIN_CURRENT_STAGE(login_req->flags);
191 req_nsg = ISCSI_LOGIN_NEXT_STAGE(login_req->flags);
193 if (req_csg != login->current_stage) {
194 pr_err("Initiator unexpectedly changed login stage"
195 " from %d to %d, login failed.\n", login->current_stage,
197 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
198 ISCSI_LOGIN_STATUS_INIT_ERR);
202 if ((req_nsg == 2) || (req_csg >= 2) ||
203 ((login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT) &&
204 (req_nsg <= req_csg))) {
205 pr_err("Illegal login_req->flags Combination, CSG: %d,"
206 " NSG: %d, ISCSI_FLAG_LOGIN_TRANSIT: %d.\n", req_csg,
207 req_nsg, (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT));
208 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
209 ISCSI_LOGIN_STATUS_INIT_ERR);
213 if ((login_req->max_version != login->version_max) ||
214 (login_req->min_version != login->version_min)) {
215 pr_err("Login request changed Version Max/Nin"
216 " unexpectedly to 0x%02x/0x%02x, protocol error\n",
217 login_req->max_version, login_req->min_version);
218 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
219 ISCSI_LOGIN_STATUS_INIT_ERR);
223 if (memcmp(login_req->isid, login->isid, 6) != 0) {
224 pr_err("Login request changed ISID unexpectedly,"
225 " protocol error.\n");
226 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
227 ISCSI_LOGIN_STATUS_INIT_ERR);
231 if (login_req->itt != login->init_task_tag) {
232 pr_err("Login request changed ITT unexpectedly to"
233 " 0x%08x, protocol error.\n", login_req->itt);
234 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
235 ISCSI_LOGIN_STATUS_INIT_ERR);
239 if (payload_length > MAX_KEY_VALUE_PAIRS) {
240 pr_err("Login request payload exceeds default"
241 " MaxRecvDataSegmentLength: %u, protocol error.\n",
242 MAX_KEY_VALUE_PAIRS);
248 EXPORT_SYMBOL(iscsi_target_check_login_request);
250 static int iscsi_target_check_first_request(
251 struct iscsit_conn *conn,
252 struct iscsi_login *login)
254 struct iscsi_param *param = NULL;
255 struct se_node_acl *se_nacl;
257 login->first_request = 0;
259 list_for_each_entry(param, &conn->param_list->param_list, p_list) {
260 if (!strncmp(param->name, SESSIONTYPE, 11)) {
261 if (!IS_PSTATE_ACCEPTOR(param)) {
262 pr_err("SessionType key not received"
263 " in first login request.\n");
264 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
265 ISCSI_LOGIN_STATUS_MISSING_FIELDS);
268 if (!strncmp(param->value, DISCOVERY, 9))
272 if (!strncmp(param->name, INITIATORNAME, 13)) {
273 if (!IS_PSTATE_ACCEPTOR(param)) {
274 if (!login->leading_connection)
277 pr_err("InitiatorName key not received"
278 " in first login request.\n");
279 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
280 ISCSI_LOGIN_STATUS_MISSING_FIELDS);
285 * For non-leading connections, double check that the
286 * received InitiatorName matches the existing session's
287 * struct iscsi_node_acl.
289 if (!login->leading_connection) {
290 se_nacl = conn->sess->se_sess->se_node_acl;
292 pr_err("Unable to locate"
293 " struct se_node_acl\n");
294 iscsit_tx_login_rsp(conn,
295 ISCSI_STATUS_CLS_INITIATOR_ERR,
296 ISCSI_LOGIN_STATUS_TGT_NOT_FOUND);
300 if (strcmp(param->value,
301 se_nacl->initiatorname)) {
303 " InitiatorName: %s for this"
304 " iSCSI Initiator Node.\n",
306 iscsit_tx_login_rsp(conn,
307 ISCSI_STATUS_CLS_INITIATOR_ERR,
308 ISCSI_LOGIN_STATUS_TGT_NOT_FOUND);
318 static int iscsi_target_do_tx_login_io(struct iscsit_conn *conn, struct iscsi_login *login)
321 struct iscsi_login_rsp *login_rsp;
323 login_rsp = (struct iscsi_login_rsp *) login->rsp;
325 login_rsp->opcode = ISCSI_OP_LOGIN_RSP;
326 hton24(login_rsp->dlength, login->rsp_length);
327 memcpy(login_rsp->isid, login->isid, 6);
328 login_rsp->tsih = cpu_to_be16(login->tsih);
329 login_rsp->itt = login->init_task_tag;
330 login_rsp->statsn = cpu_to_be32(conn->stat_sn++);
331 login_rsp->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
332 login_rsp->max_cmdsn = cpu_to_be32((u32) atomic_read(&conn->sess->max_cmd_sn));
334 pr_debug("Sending Login Response, Flags: 0x%02x, ITT: 0x%08x,"
335 " ExpCmdSN; 0x%08x, MaxCmdSN: 0x%08x, StatSN: 0x%08x, Length:"
336 " %u\n", login_rsp->flags, (__force u32)login_rsp->itt,
337 ntohl(login_rsp->exp_cmdsn), ntohl(login_rsp->max_cmdsn),
338 ntohl(login_rsp->statsn), login->rsp_length);
340 padding = ((-login->rsp_length) & 3);
342 * Before sending the last login response containing the transition
343 * bit for full-feature-phase, go ahead and start up TX/RX threads
344 * now to avoid potential resource allocation failures after the
345 * final login response has been sent.
347 if (login->login_complete) {
348 int rc = iscsit_start_kthreads(conn);
350 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
351 ISCSI_LOGIN_STATUS_NO_RESOURCES);
356 if (conn->conn_transport->iscsit_put_login_tx(conn, login,
357 login->rsp_length + padding) < 0)
360 login->rsp_length = 0;
365 if (login->login_complete) {
366 if (conn->rx_thread && conn->rx_thread_active) {
367 send_sig(SIGINT, conn->rx_thread, 1);
368 complete(&conn->rx_login_comp);
369 kthread_stop(conn->rx_thread);
371 if (conn->tx_thread && conn->tx_thread_active) {
372 send_sig(SIGINT, conn->tx_thread, 1);
373 kthread_stop(conn->tx_thread);
375 spin_lock(&iscsit_global->ts_bitmap_lock);
376 bitmap_release_region(iscsit_global->ts_bitmap, conn->bitmap_id,
378 spin_unlock(&iscsit_global->ts_bitmap_lock);
383 static void iscsi_target_sk_data_ready(struct sock *sk)
385 struct iscsit_conn *conn = sk->sk_user_data;
388 trace_sk_data_ready(sk);
389 pr_debug("Entering iscsi_target_sk_data_ready: conn: %p\n", conn);
391 write_lock_bh(&sk->sk_callback_lock);
392 if (!sk->sk_user_data) {
393 write_unlock_bh(&sk->sk_callback_lock);
396 if (!test_bit(LOGIN_FLAGS_READY, &conn->login_flags)) {
397 write_unlock_bh(&sk->sk_callback_lock);
398 pr_debug("Got LOGIN_FLAGS_READY=0, conn: %p >>>>\n", conn);
401 if (test_bit(LOGIN_FLAGS_CLOSED, &conn->login_flags)) {
402 write_unlock_bh(&sk->sk_callback_lock);
403 pr_debug("Got LOGIN_FLAGS_CLOSED=1, conn: %p >>>>\n", conn);
406 if (test_and_set_bit(LOGIN_FLAGS_READ_ACTIVE, &conn->login_flags)) {
407 write_unlock_bh(&sk->sk_callback_lock);
408 pr_debug("Got LOGIN_FLAGS_READ_ACTIVE=1, conn: %p >>>>\n", conn);
409 if (iscsi_target_sk_data_ready == conn->orig_data_ready)
411 conn->orig_data_ready(sk);
415 rc = schedule_delayed_work(&conn->login_work, 0);
417 pr_debug("iscsi_target_sk_data_ready, schedule_delayed_work"
420 write_unlock_bh(&sk->sk_callback_lock);
423 static void iscsi_target_sk_state_change(struct sock *);
425 static void iscsi_target_set_sock_callbacks(struct iscsit_conn *conn)
433 pr_debug("Entering iscsi_target_set_sock_callbacks: conn: %p\n", conn);
435 write_lock_bh(&sk->sk_callback_lock);
436 sk->sk_user_data = conn;
437 conn->orig_data_ready = sk->sk_data_ready;
438 conn->orig_state_change = sk->sk_state_change;
439 sk->sk_data_ready = iscsi_target_sk_data_ready;
440 sk->sk_state_change = iscsi_target_sk_state_change;
441 write_unlock_bh(&sk->sk_callback_lock);
443 sk->sk_sndtimeo = TA_LOGIN_TIMEOUT * HZ;
444 sk->sk_rcvtimeo = TA_LOGIN_TIMEOUT * HZ;
447 static void iscsi_target_restore_sock_callbacks(struct iscsit_conn *conn)
455 pr_debug("Entering iscsi_target_restore_sock_callbacks: conn: %p\n", conn);
457 write_lock_bh(&sk->sk_callback_lock);
458 if (!sk->sk_user_data) {
459 write_unlock_bh(&sk->sk_callback_lock);
462 sk->sk_user_data = NULL;
463 sk->sk_data_ready = conn->orig_data_ready;
464 sk->sk_state_change = conn->orig_state_change;
465 write_unlock_bh(&sk->sk_callback_lock);
467 sk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
468 sk->sk_rcvtimeo = MAX_SCHEDULE_TIMEOUT;
471 static int iscsi_target_do_login(struct iscsit_conn *, struct iscsi_login *);
473 static bool __iscsi_target_sk_check_close(struct sock *sk)
475 if (sk->sk_state == TCP_CLOSE_WAIT || sk->sk_state == TCP_CLOSE) {
476 pr_debug("__iscsi_target_sk_check_close: TCP_CLOSE_WAIT|TCP_CLOSE,"
483 static bool iscsi_target_sk_check_close(struct iscsit_conn *conn)
488 struct sock *sk = conn->sock->sk;
490 read_lock_bh(&sk->sk_callback_lock);
491 state = (__iscsi_target_sk_check_close(sk) ||
492 test_bit(LOGIN_FLAGS_CLOSED, &conn->login_flags));
493 read_unlock_bh(&sk->sk_callback_lock);
498 static bool iscsi_target_sk_check_flag(struct iscsit_conn *conn, unsigned int flag)
503 struct sock *sk = conn->sock->sk;
505 read_lock_bh(&sk->sk_callback_lock);
506 state = test_bit(flag, &conn->login_flags);
507 read_unlock_bh(&sk->sk_callback_lock);
512 static bool iscsi_target_sk_check_and_clear(struct iscsit_conn *conn, unsigned int flag)
517 struct sock *sk = conn->sock->sk;
519 write_lock_bh(&sk->sk_callback_lock);
520 state = (__iscsi_target_sk_check_close(sk) ||
521 test_bit(LOGIN_FLAGS_CLOSED, &conn->login_flags));
523 clear_bit(flag, &conn->login_flags);
524 write_unlock_bh(&sk->sk_callback_lock);
529 static void iscsi_target_login_drop(struct iscsit_conn *conn, struct iscsi_login *login)
531 bool zero_tsih = login->zero_tsih;
533 iscsi_remove_failed_auth_entry(conn);
534 iscsi_target_nego_release(conn);
535 iscsi_target_login_sess_out(conn, zero_tsih, true);
538 static void iscsi_target_do_login_rx(struct work_struct *work)
540 struct iscsit_conn *conn = container_of(work,
541 struct iscsit_conn, login_work.work);
542 struct iscsi_login *login = conn->login;
543 struct iscsi_np *np = login->np;
544 struct iscsi_portal_group *tpg = conn->tpg;
545 struct iscsi_tpg_np *tpg_np = conn->tpg_np;
546 int rc, zero_tsih = login->zero_tsih;
549 pr_debug("entering iscsi_target_do_login_rx, conn: %p, %s:%d\n",
550 conn, current->comm, current->pid);
552 spin_lock(&conn->login_worker_lock);
553 set_bit(LOGIN_FLAGS_WORKER_RUNNING, &conn->login_flags);
554 spin_unlock(&conn->login_worker_lock);
556 * If iscsi_target_do_login_rx() has been invoked by ->sk_data_ready()
557 * before initial PDU processing in iscsi_target_start_negotiation()
558 * has completed, go ahead and retry until it's cleared.
560 * Otherwise if the TCP connection drops while this is occuring,
561 * iscsi_target_start_negotiation() will detect the failure, call
562 * cancel_delayed_work_sync(&conn->login_work), and cleanup the
563 * remaining iscsi connection resources from iscsi_np process context.
565 if (iscsi_target_sk_check_flag(conn, LOGIN_FLAGS_INITIAL_PDU)) {
566 schedule_delayed_work(&conn->login_work, msecs_to_jiffies(10));
570 spin_lock(&tpg->tpg_state_lock);
571 state = (tpg->tpg_state == TPG_STATE_ACTIVE);
572 spin_unlock(&tpg->tpg_state_lock);
575 pr_debug("iscsi_target_do_login_rx: tpg_state != TPG_STATE_ACTIVE\n");
579 if (iscsi_target_sk_check_close(conn)) {
580 pr_debug("iscsi_target_do_login_rx, TCP state CLOSE\n");
584 allow_signal(SIGINT);
585 rc = iscsit_set_login_timer_kworker(conn, current);
587 /* The login timer has already expired */
588 pr_debug("iscsi_target_do_login_rx, login failed\n");
592 rc = conn->conn_transport->iscsit_get_login_rx(conn, login);
593 flush_signals(current);
598 pr_debug("iscsi_target_do_login_rx after rx_login_io, %p, %s:%d\n",
599 conn, current->comm, current->pid);
602 * LOGIN_FLAGS_READ_ACTIVE is cleared so that sk_data_ready
603 * could be triggered again after this.
605 * LOGIN_FLAGS_WRITE_ACTIVE is cleared after we successfully
606 * process a login PDU, so that sk_state_chage can do login
607 * cleanup as needed if the socket is closed. If a delayed work is
608 * ongoing (LOGIN_FLAGS_WRITE_ACTIVE or LOGIN_FLAGS_READ_ACTIVE),
609 * sk_state_change will leave the cleanup to the delayed work or
610 * it will schedule a delayed work to do cleanup.
613 struct sock *sk = conn->sock->sk;
615 write_lock_bh(&sk->sk_callback_lock);
616 if (!test_bit(LOGIN_FLAGS_INITIAL_PDU, &conn->login_flags)) {
617 clear_bit(LOGIN_FLAGS_READ_ACTIVE, &conn->login_flags);
618 set_bit(LOGIN_FLAGS_WRITE_ACTIVE, &conn->login_flags);
620 write_unlock_bh(&sk->sk_callback_lock);
623 rc = iscsi_target_do_login(conn, login);
627 if (iscsi_target_sk_check_and_clear(conn,
628 LOGIN_FLAGS_WRITE_ACTIVE))
632 * Set the login timer thread pointer to NULL to prevent the
633 * login process from getting stuck if the initiator
634 * stops sending data.
636 rc = iscsit_set_login_timer_kworker(conn, NULL);
639 } else if (rc == 1) {
640 iscsit_stop_login_timer(conn);
641 cancel_delayed_work(&conn->login_work);
642 iscsi_target_nego_release(conn);
643 iscsi_post_login_handler(np, conn, zero_tsih);
644 iscsit_deaccess_np(np, tpg, tpg_np);
649 iscsi_target_restore_sock_callbacks(conn);
650 iscsit_stop_login_timer(conn);
651 cancel_delayed_work(&conn->login_work);
652 iscsi_target_login_drop(conn, login);
653 iscsit_deaccess_np(np, tpg, tpg_np);
656 static void iscsi_target_sk_state_change(struct sock *sk)
658 struct iscsit_conn *conn;
659 void (*orig_state_change)(struct sock *);
662 pr_debug("Entering iscsi_target_sk_state_change\n");
664 write_lock_bh(&sk->sk_callback_lock);
665 conn = sk->sk_user_data;
667 write_unlock_bh(&sk->sk_callback_lock);
670 orig_state_change = conn->orig_state_change;
672 if (!test_bit(LOGIN_FLAGS_READY, &conn->login_flags)) {
673 pr_debug("Got LOGIN_FLAGS_READY=0 sk_state_change conn: %p\n",
675 write_unlock_bh(&sk->sk_callback_lock);
676 orig_state_change(sk);
679 state = __iscsi_target_sk_check_close(sk);
680 pr_debug("__iscsi_target_sk_close_change: state: %d\n", state);
682 if (test_bit(LOGIN_FLAGS_READ_ACTIVE, &conn->login_flags) ||
683 test_bit(LOGIN_FLAGS_WRITE_ACTIVE, &conn->login_flags)) {
684 pr_debug("Got LOGIN_FLAGS_{READ|WRITE}_ACTIVE=1"
685 " sk_state_change conn: %p\n", conn);
687 set_bit(LOGIN_FLAGS_CLOSED, &conn->login_flags);
688 write_unlock_bh(&sk->sk_callback_lock);
689 orig_state_change(sk);
692 if (test_bit(LOGIN_FLAGS_CLOSED, &conn->login_flags)) {
693 pr_debug("Got LOGIN_FLAGS_CLOSED=1 sk_state_change conn: %p\n",
695 write_unlock_bh(&sk->sk_callback_lock);
696 orig_state_change(sk);
700 * If the TCP connection has dropped, go ahead and set LOGIN_FLAGS_CLOSED,
701 * but only queue conn->login_work -> iscsi_target_do_login_rx()
702 * processing if LOGIN_FLAGS_INITIAL_PDU has already been cleared.
704 * When iscsi_target_do_login_rx() runs, iscsi_target_sk_check_close()
705 * will detect the dropped TCP connection from delayed workqueue context.
707 * If LOGIN_FLAGS_INITIAL_PDU is still set, which means the initial
708 * iscsi_target_start_negotiation() is running, iscsi_target_do_login()
709 * via iscsi_target_sk_check_close() or iscsi_target_start_negotiation()
710 * via iscsi_target_sk_check_and_clear() is responsible for detecting the
711 * dropped TCP connection in iscsi_np process context, and cleaning up
712 * the remaining iscsi connection resources.
715 pr_debug("iscsi_target_sk_state_change got failed state\n");
716 set_bit(LOGIN_FLAGS_CLOSED, &conn->login_flags);
717 state = test_bit(LOGIN_FLAGS_INITIAL_PDU, &conn->login_flags);
718 write_unlock_bh(&sk->sk_callback_lock);
720 orig_state_change(sk);
723 schedule_delayed_work(&conn->login_work, 0);
726 write_unlock_bh(&sk->sk_callback_lock);
728 orig_state_change(sk);
732 * NOTE: We check for existing sessions or connections AFTER the initiator
733 * has been successfully authenticated in order to protect against faked
734 * ISID/TSIH combinations.
736 static int iscsi_target_check_for_existing_instances(
737 struct iscsit_conn *conn,
738 struct iscsi_login *login)
740 if (login->checked_for_existing)
743 login->checked_for_existing = 1;
746 return iscsi_check_for_session_reinstatement(conn);
748 return iscsi_login_post_auth_non_zero_tsih(conn, login->cid,
749 login->initial_exp_statsn);
752 static int iscsi_target_do_authentication(
753 struct iscsit_conn *conn,
754 struct iscsi_login *login)
758 struct iscsi_param *param;
759 struct iscsi_login_req *login_req;
760 struct iscsi_login_rsp *login_rsp;
762 login_req = (struct iscsi_login_req *) login->req;
763 login_rsp = (struct iscsi_login_rsp *) login->rsp;
764 payload_length = ntoh24(login_req->dlength);
766 param = iscsi_find_param_from_key(AUTHMETHOD, conn->param_list);
770 authret = iscsi_handle_authentication(
779 pr_debug("Received OK response"
780 " from LIO Authentication, continuing.\n");
783 pr_debug("iSCSI security negotiation"
784 " completed successfully.\n");
785 login->auth_complete = 1;
786 if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE1) &&
787 (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) {
788 login_rsp->flags |= (ISCSI_FLAG_LOGIN_NEXT_STAGE1 |
789 ISCSI_FLAG_LOGIN_TRANSIT);
790 login->current_stage = 1;
792 return iscsi_target_check_for_existing_instances(
795 pr_err("Security negotiation"
797 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
798 ISCSI_LOGIN_STATUS_AUTH_FAILED);
801 pr_err("Received unknown error %d from LIO"
802 " Authentication\n", authret);
803 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
804 ISCSI_LOGIN_STATUS_TARGET_ERROR);
811 bool iscsi_conn_auth_required(struct iscsit_conn *conn)
813 struct iscsi_node_acl *nacl;
814 struct se_node_acl *se_nacl;
816 if (conn->sess->sess_ops->SessionType) {
818 * For SessionType=Discovery
820 return conn->tpg->tpg_attrib.authentication;
823 * For SessionType=Normal
825 se_nacl = conn->sess->se_sess->se_node_acl;
827 pr_debug("Unknown ACL is trying to connect\n");
831 if (se_nacl->dynamic_node_acl) {
832 pr_debug("Dynamic ACL %s is trying to connect\n",
833 se_nacl->initiatorname);
834 return conn->tpg->tpg_attrib.authentication;
837 pr_debug("Known ACL %s is trying to connect\n",
838 se_nacl->initiatorname);
840 nacl = to_iscsi_nacl(se_nacl);
841 if (nacl->node_attrib.authentication == NA_AUTHENTICATION_INHERITED)
842 return conn->tpg->tpg_attrib.authentication;
844 return nacl->node_attrib.authentication;
847 static int iscsi_target_handle_csg_zero(
848 struct iscsit_conn *conn,
849 struct iscsi_login *login)
853 struct iscsi_param *param;
854 struct iscsi_login_req *login_req;
855 struct iscsi_login_rsp *login_rsp;
857 login_req = (struct iscsi_login_req *) login->req;
858 login_rsp = (struct iscsi_login_rsp *) login->rsp;
859 payload_length = ntoh24(login_req->dlength);
861 param = iscsi_find_param_from_key(AUTHMETHOD, conn->param_list);
865 ret = iscsi_decode_text_input(
866 PHASE_SECURITY|PHASE_DECLARATIVE,
867 SENDER_INITIATOR|SENDER_RECEIVER,
875 if (login->auth_complete) {
876 pr_err("Initiator has already been"
877 " successfully authenticated, but is still"
878 " sending %s keys.\n", param->value);
879 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
880 ISCSI_LOGIN_STATUS_INIT_ERR);
885 } else if (!payload_length) {
886 pr_err("Initiator sent zero length security payload,"
888 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
889 ISCSI_LOGIN_STATUS_AUTH_FAILED);
893 if (login->first_request)
894 if (iscsi_target_check_first_request(conn, login) < 0)
897 ret = iscsi_encode_text_output(
898 PHASE_SECURITY|PHASE_DECLARATIVE,
903 conn->tpg->tpg_attrib.login_keys_workaround);
907 if (!iscsi_check_negotiated_keys(conn->param_list)) {
908 bool auth_required = iscsi_conn_auth_required(conn);
911 if (!strncmp(param->value, NONE, 4)) {
912 pr_err("Initiator sent AuthMethod=None but"
913 " Target is enforcing iSCSI Authentication,"
915 iscsit_tx_login_rsp(conn,
916 ISCSI_STATUS_CLS_INITIATOR_ERR,
917 ISCSI_LOGIN_STATUS_AUTH_FAILED);
921 if (!login->auth_complete)
924 if (strncmp(param->value, NONE, 4) &&
925 !login->auth_complete)
929 if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE1) &&
930 (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) {
931 login_rsp->flags |= ISCSI_FLAG_LOGIN_NEXT_STAGE1 |
932 ISCSI_FLAG_LOGIN_TRANSIT;
933 login->current_stage = 1;
939 return iscsi_target_do_authentication(conn, login);
942 static bool iscsi_conn_authenticated(struct iscsit_conn *conn,
943 struct iscsi_login *login)
945 if (!iscsi_conn_auth_required(conn))
948 if (login->auth_complete)
954 static int iscsi_target_handle_csg_one(struct iscsit_conn *conn, struct iscsi_login *login)
958 struct iscsi_login_req *login_req;
959 struct iscsi_login_rsp *login_rsp;
961 login_req = (struct iscsi_login_req *) login->req;
962 login_rsp = (struct iscsi_login_rsp *) login->rsp;
963 payload_length = ntoh24(login_req->dlength);
965 ret = iscsi_decode_text_input(
966 PHASE_OPERATIONAL|PHASE_DECLARATIVE,
967 SENDER_INITIATOR|SENDER_RECEIVER,
972 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
973 ISCSI_LOGIN_STATUS_INIT_ERR);
977 if (login->first_request)
978 if (iscsi_target_check_first_request(conn, login) < 0)
981 if (iscsi_target_check_for_existing_instances(conn, login) < 0)
984 ret = iscsi_encode_text_output(
985 PHASE_OPERATIONAL|PHASE_DECLARATIVE,
990 conn->tpg->tpg_attrib.login_keys_workaround);
992 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
993 ISCSI_LOGIN_STATUS_INIT_ERR);
997 if (!iscsi_conn_authenticated(conn, login)) {
998 pr_err("Initiator is requesting CSG: 1, has not been"
999 " successfully authenticated, and the Target is"
1000 " enforcing iSCSI Authentication, login failed.\n");
1001 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
1002 ISCSI_LOGIN_STATUS_AUTH_FAILED);
1006 if (!iscsi_check_negotiated_keys(conn->param_list))
1007 if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE3) &&
1008 (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT))
1009 login_rsp->flags |= ISCSI_FLAG_LOGIN_NEXT_STAGE3 |
1010 ISCSI_FLAG_LOGIN_TRANSIT;
1018 * 1 = Login successful
1020 * 0 = More PDU exchanges required
1022 static int iscsi_target_do_login(struct iscsit_conn *conn, struct iscsi_login *login)
1025 struct iscsi_login_req *login_req;
1026 struct iscsi_login_rsp *login_rsp;
1028 login_req = (struct iscsi_login_req *) login->req;
1029 login_rsp = (struct iscsi_login_rsp *) login->rsp;
1032 if (++pdu_count > MAX_LOGIN_PDUS) {
1033 pr_err("MAX_LOGIN_PDUS count reached.\n");
1034 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
1035 ISCSI_LOGIN_STATUS_TARGET_ERROR);
1039 switch (ISCSI_LOGIN_CURRENT_STAGE(login_req->flags)) {
1041 login_rsp->flags &= ~ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK;
1042 if (iscsi_target_handle_csg_zero(conn, login) < 0)
1046 login_rsp->flags |= ISCSI_FLAG_LOGIN_CURRENT_STAGE1;
1047 if (iscsi_target_handle_csg_one(conn, login) < 0)
1049 if (login_rsp->flags & ISCSI_FLAG_LOGIN_TRANSIT) {
1051 * Check to make sure the TCP connection has not
1052 * dropped asynchronously while session reinstatement
1053 * was occuring in this kthread context, before
1054 * transitioning to full feature phase operation.
1056 if (iscsi_target_sk_check_close(conn))
1059 login->tsih = conn->sess->tsih;
1060 login->login_complete = 1;
1061 iscsi_target_restore_sock_callbacks(conn);
1062 if (iscsi_target_do_tx_login_io(conn,
1069 pr_err("Illegal CSG: %d received from"
1070 " Initiator, protocol error.\n",
1071 ISCSI_LOGIN_CURRENT_STAGE(login_req->flags));
1075 if (iscsi_target_do_tx_login_io(conn, login) < 0)
1078 if (login_rsp->flags & ISCSI_FLAG_LOGIN_TRANSIT) {
1079 login_rsp->flags &= ~ISCSI_FLAG_LOGIN_TRANSIT;
1080 login_rsp->flags &= ~ISCSI_FLAG_LOGIN_NEXT_STAGE_MASK;
1088 static void iscsi_initiatorname_tolower(
1092 u32 iqn_size = strlen(param_buf), i;
1094 for (i = 0; i < iqn_size; i++) {
1104 * Processes the first Login Request..
1106 int iscsi_target_locate_portal(
1107 struct iscsi_np *np,
1108 struct iscsit_conn *conn,
1109 struct iscsi_login *login)
1111 char *i_buf = NULL, *s_buf = NULL, *t_buf = NULL;
1112 char *tmpbuf, *start = NULL, *end = NULL, *key, *value;
1113 struct iscsit_session *sess = conn->sess;
1114 struct iscsi_tiqn *tiqn;
1115 struct iscsi_tpg_np *tpg_np = NULL;
1116 struct iscsi_login_req *login_req;
1117 struct se_node_acl *se_nacl;
1118 u32 payload_length, queue_depth = 0;
1119 int sessiontype = 0, ret = 0, tag_num, tag_size;
1121 INIT_DELAYED_WORK(&conn->login_work, iscsi_target_do_login_rx);
1122 iscsi_target_set_sock_callbacks(conn);
1127 login_req = (struct iscsi_login_req *) login->req;
1128 payload_length = ntoh24(login_req->dlength);
1130 tmpbuf = kmemdup_nul(login->req_buf, payload_length, GFP_KERNEL);
1132 pr_err("Unable to allocate memory for tmpbuf.\n");
1137 end = (start + payload_length);
1140 * Locate the initial keys expected from the Initiator node in
1141 * the first login request in order to progress with the login phase.
1143 while (start < end) {
1144 if (iscsi_extract_key_value(start, &key, &value) < 0) {
1149 if (!strncmp(key, "InitiatorName", 13))
1151 else if (!strncmp(key, "SessionType", 11))
1153 else if (!strncmp(key, "TargetName", 10))
1156 start += strlen(key) + strlen(value) + 2;
1159 * See 5.3. Login Phase.
1162 pr_err("InitiatorName key not received"
1163 " in first login request.\n");
1164 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
1165 ISCSI_LOGIN_STATUS_MISSING_FIELDS);
1170 * Convert the incoming InitiatorName to lowercase following
1171 * RFC-3720 3.2.6.1. section c) that says that iSCSI IQNs
1172 * are NOT case sensitive.
1174 iscsi_initiatorname_tolower(i_buf);
1177 if (!login->leading_connection)
1180 pr_err("SessionType key not received"
1181 " in first login request.\n");
1182 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
1183 ISCSI_LOGIN_STATUS_MISSING_FIELDS);
1189 * Use default portal group for discovery sessions.
1191 sessiontype = strncmp(s_buf, DISCOVERY, 9);
1193 if (!login->leading_connection)
1196 sess->sess_ops->SessionType = 1;
1198 * Setup crc32c modules from libcrypto
1200 if (iscsi_login_setup_crypto(conn) < 0) {
1201 pr_err("iscsi_login_setup_crypto() failed\n");
1206 * Serialize access across the discovery struct iscsi_portal_group to
1207 * process login attempt.
1209 conn->tpg = iscsit_global->discovery_tpg;
1210 if (iscsit_access_np(np, conn->tpg) < 0) {
1211 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
1212 ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
1223 pr_err("TargetName key not received"
1224 " in first login request while"
1225 " SessionType=Normal.\n");
1226 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
1227 ISCSI_LOGIN_STATUS_MISSING_FIELDS);
1233 * Locate Target IQN from Storage Node.
1235 tiqn = iscsit_get_tiqn_for_login(t_buf);
1237 pr_err("Unable to locate Target IQN: %s in"
1238 " Storage Node\n", t_buf);
1239 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
1240 ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
1244 pr_debug("Located Storage Object: %s\n", tiqn->tiqn);
1247 * Locate Target Portal Group from Storage Node.
1249 conn->tpg = iscsit_get_tpg_from_np(tiqn, np, &tpg_np);
1251 pr_err("Unable to locate Target Portal Group"
1252 " on %s\n", tiqn->tiqn);
1253 iscsit_put_tiqn_for_login(tiqn);
1254 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
1255 ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
1259 conn->tpg_np = tpg_np;
1260 pr_debug("Located Portal Group Object: %hu\n", conn->tpg->tpgt);
1262 * Setup crc32c modules from libcrypto
1264 if (iscsi_login_setup_crypto(conn) < 0) {
1265 pr_err("iscsi_login_setup_crypto() failed\n");
1266 kref_put(&tpg_np->tpg_np_kref, iscsit_login_kref_put);
1267 iscsit_put_tiqn_for_login(tiqn);
1273 * Serialize access across the struct iscsi_portal_group to
1274 * process login attempt.
1276 if (iscsit_access_np(np, conn->tpg) < 0) {
1277 kref_put(&tpg_np->tpg_np_kref, iscsit_login_kref_put);
1278 iscsit_put_tiqn_for_login(tiqn);
1279 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
1280 ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
1287 * conn->sess->node_acl will be set when the referenced
1288 * struct iscsit_session is located from received ISID+TSIH in
1289 * iscsi_login_non_zero_tsih_s2().
1291 if (!login->leading_connection) {
1297 * This value is required in iscsi_login_zero_tsih_s2()
1299 sess->sess_ops->SessionType = 0;
1302 * Locate incoming Initiator IQN reference from Storage Node.
1304 sess->se_sess->se_node_acl = core_tpg_check_initiator_node_acl(
1305 &conn->tpg->tpg_se_tpg, i_buf);
1306 if (!sess->se_sess->se_node_acl) {
1307 pr_err("iSCSI Initiator Node: %s is not authorized to"
1308 " access iSCSI target portal group: %hu.\n",
1309 i_buf, conn->tpg->tpgt);
1310 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
1311 ISCSI_LOGIN_STATUS_TGT_FORBIDDEN);
1315 se_nacl = sess->se_sess->se_node_acl;
1316 queue_depth = se_nacl->queue_depth;
1318 * Setup pre-allocated tags based upon allowed per NodeACL CmdSN
1319 * depth for non immediate commands, plus extra tags for immediate
1322 * Also enforce a ISCSIT_MIN_TAGS to prevent unnecessary contention
1323 * in per-cpu-ida tag allocation logic + small queue_depth.
1326 tag_num = max_t(u32, ISCSIT_MIN_TAGS, queue_depth);
1327 tag_num = (tag_num * 2) + ISCSIT_EXTRA_TAGS;
1328 tag_size = sizeof(struct iscsit_cmd) + conn->conn_transport->priv_size;
1330 ret = transport_alloc_session_tags(sess->se_sess, tag_num, tag_size);
1332 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
1333 ISCSI_LOGIN_STATUS_NO_RESOURCES);
1341 int iscsi_target_start_negotiation(
1342 struct iscsi_login *login,
1343 struct iscsit_conn *conn)
1348 struct sock *sk = conn->sock->sk;
1350 write_lock_bh(&sk->sk_callback_lock);
1351 set_bit(LOGIN_FLAGS_READY, &conn->login_flags);
1352 set_bit(LOGIN_FLAGS_INITIAL_PDU, &conn->login_flags);
1353 write_unlock_bh(&sk->sk_callback_lock);
1356 * If iscsi_target_do_login returns zero to signal more PDU
1357 * exchanges are required to complete the login, go ahead and
1358 * clear LOGIN_FLAGS_INITIAL_PDU but only if the TCP connection
1361 * Otherwise if TCP connection dropped asynchronously, go ahead
1362 * and perform connection cleanup now.
1364 ret = iscsi_target_do_login(conn, login);
1366 spin_lock(&conn->login_worker_lock);
1368 if (iscsi_target_sk_check_and_clear(conn, LOGIN_FLAGS_INITIAL_PDU))
1370 else if (!test_bit(LOGIN_FLAGS_WORKER_RUNNING, &conn->login_flags)) {
1371 if (iscsit_set_login_timer_kworker(conn, NULL) < 0) {
1373 * The timeout has expired already.
1374 * Schedule login_work to perform the cleanup.
1376 schedule_delayed_work(&conn->login_work, 0);
1380 spin_unlock(&conn->login_worker_lock);
1384 iscsi_target_restore_sock_callbacks(conn);
1385 iscsi_remove_failed_auth_entry(conn);
1388 iscsit_stop_login_timer(conn);
1389 cancel_delayed_work_sync(&conn->login_work);
1390 iscsi_target_nego_release(conn);
1396 void iscsi_target_nego_release(struct iscsit_conn *conn)
1398 struct iscsi_login *login = conn->conn_login;
1403 kfree(login->req_buf);
1404 kfree(login->rsp_buf);
1407 conn->conn_login = NULL;
git.samba.org / sfrench / cifs-2.6.git / blob