Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / kernel / common / baa4d64b147a4064626f6597646ae8a330d9e2ed / . / drivers / target / iscsi / iscsi_target_nego.c
blob: 879a0cb44bc372c0d7039419a7d0924f69d67f65 [file] [log] [blame]
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]1/*******************************************************************************
2 * This file contains main functions related to iSCSI Parameter negotiation.
3 *
4 * \u00a9 Copyright 2007-2011 RisingTide Systems LLC.
5 *
6 * Licensed to the Linux Foundation under the General Public License (GPL) version 2.
7 *
8 * Author: Nicholas A. Bellinger <nab@linux-iscsi.org>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 ******************************************************************************/
20
21#include <linux/ctype.h>
22#include <scsi/iscsi_proto.h>
23#include <target/target_core_base.h>
Christoph Hellwigc4795fb2011-11-16 09:46:48 -0500[diff] [blame]24#include <target/target_core_fabric.h>
Nicholas Bellingerbaa4d642013-03-06 21:54:13 -0800[diff] [blame^]25#include <target/iscsi/iscsi_transport.h>
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]26
27#include "iscsi_target_core.h"
28#include "iscsi_target_parameters.h"
29#include "iscsi_target_login.h"
30#include "iscsi_target_nego.h"
31#include "iscsi_target_tpg.h"
32#include "iscsi_target_util.h"
33#include "iscsi_target.h"
34#include "iscsi_target_auth.h"
35
36#define MAX_LOGIN_PDUS 7
37#define TEXT_LEN 4096
38
39void convert_null_to_semi(char *buf, int len)
40{
41 int i;
42
43 for (i = 0; i < len; i++)
44 if (buf[i] == '\0')
45 buf[i] = ';';
46}
47
Christoph Hellwigfceb5bc2012-09-26 08:00:36 -0400[diff] [blame]48static int strlen_semi(char *buf)
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]49{
50 int i = 0;
51
52 while (buf[i] != '\0') {
53 if (buf[i] == ';')
54 return i;
55 i++;
56 }
57
58 return -1;
59}
60
61int extract_param(
62 const char *in_buf,
63 const char *pattern,
64 unsigned int max_length,
65 char *out_buf,
66 unsigned char *type)
67{
68 char *ptr;
69 int len;
70
71 if (!in_buf || !pattern || !out_buf || !type)
72 return -1;
73
74 ptr = strstr(in_buf, pattern);
75 if (!ptr)
76 return -1;
77
78 ptr = strstr(ptr, "=");
79 if (!ptr)
80 return -1;
81
82 ptr += 1;
83 if (*ptr == '0' && (*(ptr+1) == 'x' || *(ptr+1) == 'X')) {
84 ptr += 2; /* skip 0x */
85 *type = HEX;
86 } else
87 *type = DECIMAL;
88
89 len = strlen_semi(ptr);
90 if (len < 0)
91 return -1;
92
93 if (len > max_length) {
Masanari Iida5e58b022012-02-27 23:18:15 +0900[diff] [blame]94 pr_err("Length of input: %d exceeds max_length:"
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]95 " %d\n", len, max_length);
96 return -1;
97 }
98 memcpy(out_buf, ptr, len);
99 out_buf[len] = '\0';
100
101 return 0;
102}
103
104static u32 iscsi_handle_authentication(
105 struct iscsi_conn *conn,
106 char *in_buf,
107 char *out_buf,
108 int in_length,
109 int *out_length,
110 unsigned char *authtype)
111{
112 struct iscsi_session *sess = conn->sess;
113 struct iscsi_node_auth *auth;
114 struct iscsi_node_acl *iscsi_nacl;
115 struct se_node_acl *se_nacl;
116
117 if (!sess->sess_ops->SessionType) {
118 /*
119 * For SessionType=Normal
120 */
121 se_nacl = conn->sess->se_sess->se_node_acl;
122 if (!se_nacl) {
123 pr_err("Unable to locate struct se_node_acl for"
124 " CHAP auth\n");
125 return -1;
126 }
127 iscsi_nacl = container_of(se_nacl, struct iscsi_node_acl,
128 se_node_acl);
129 if (!iscsi_nacl) {
130 pr_err("Unable to locate struct iscsi_node_acl for"
131 " CHAP auth\n");
132 return -1;
133 }
134
135 auth = ISCSI_NODE_AUTH(iscsi_nacl);
136 } else {
137 /*
138 * For SessionType=Discovery
139 */
140 auth = &iscsit_global->discovery_acl.node_auth;
141 }
142
143 if (strstr("CHAP", authtype))
144 strcpy(conn->sess->auth_type, "CHAP");
145 else
146 strcpy(conn->sess->auth_type, NONE);
147
148 if (strstr("None", authtype))
149 return 1;
150#ifdef CANSRP
151 else if (strstr("SRP", authtype))
152 return srp_main_loop(conn, auth, in_buf, out_buf,
153 &in_length, out_length);
154#endif
155 else if (strstr("CHAP", authtype))
156 return chap_main_loop(conn, auth, in_buf, out_buf,
157 &in_length, out_length);
158 else if (strstr("SPKM1", authtype))
159 return 2;
160 else if (strstr("SPKM2", authtype))
161 return 2;
162 else if (strstr("KRB5", authtype))
163 return 2;
164 else
165 return 2;
166}
167
168static void iscsi_remove_failed_auth_entry(struct iscsi_conn *conn)
169{
170 kfree(conn->auth_protocol);
171}
172
Nicholas Bellingerbaa4d642013-03-06 21:54:13 -0800[diff] [blame^]173int iscsi_target_check_login_request(
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]174 struct iscsi_conn *conn,
175 struct iscsi_login *login)
176{
Jörn Engel28168902012-03-15 15:06:58 -0400[diff] [blame]177 int req_csg, req_nsg;
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]178 u32 payload_length;
179 struct iscsi_login_req *login_req;
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]180
181 login_req = (struct iscsi_login_req *) login->req;
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]182 payload_length = ntoh24(login_req->dlength);
183
184 switch (login_req->opcode & ISCSI_OPCODE_MASK) {
185 case ISCSI_OP_LOGIN:
186 break;
187 default:
188 pr_err("Received unknown opcode 0x%02x.\n",
189 login_req->opcode & ISCSI_OPCODE_MASK);
190 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
191 ISCSI_LOGIN_STATUS_INIT_ERR);
192 return -1;
193 }
194
195 if ((login_req->flags & ISCSI_FLAG_LOGIN_CONTINUE) &&
196 (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) {
197 pr_err("Login request has both ISCSI_FLAG_LOGIN_CONTINUE"
198 " and ISCSI_FLAG_LOGIN_TRANSIT set, protocol error.\n");
199 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
200 ISCSI_LOGIN_STATUS_INIT_ERR);
201 return -1;
202 }
203
Andy Grover5d358062013-03-04 13:52:08 -0800[diff] [blame]204 req_csg = ISCSI_LOGIN_CURRENT_STAGE(login_req->flags);
205 req_nsg = ISCSI_LOGIN_NEXT_STAGE(login_req->flags);
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]206
207 if (req_csg != login->current_stage) {
208 pr_err("Initiator unexpectedly changed login stage"
209 " from %d to %d, login failed.\n", login->current_stage,
210 req_csg);
211 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
212 ISCSI_LOGIN_STATUS_INIT_ERR);
213 return -1;
214 }
215
216 if ((req_nsg == 2) || (req_csg >= 2) ||
217 ((login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT) &&
218 (req_nsg <= req_csg))) {
219 pr_err("Illegal login_req->flags Combination, CSG: %d,"
220 " NSG: %d, ISCSI_FLAG_LOGIN_TRANSIT: %d.\n", req_csg,
221 req_nsg, (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT));
222 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
223 ISCSI_LOGIN_STATUS_INIT_ERR);
224 return -1;
225 }
226
227 if ((login_req->max_version != login->version_max) ||
228 (login_req->min_version != login->version_min)) {
229 pr_err("Login request changed Version Max/Nin"
230 " unexpectedly to 0x%02x/0x%02x, protocol error\n",
231 login_req->max_version, login_req->min_version);
232 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
233 ISCSI_LOGIN_STATUS_INIT_ERR);
234 return -1;
235 }
236
237 if (memcmp(login_req->isid, login->isid, 6) != 0) {
238 pr_err("Login request changed ISID unexpectedly,"
239 " protocol error.\n");
240 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
241 ISCSI_LOGIN_STATUS_INIT_ERR);
242 return -1;
243 }
244
245 if (login_req->itt != login->init_task_tag) {
246 pr_err("Login request changed ITT unexpectedly to"
247 " 0x%08x, protocol error.\n", login_req->itt);
248 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
249 ISCSI_LOGIN_STATUS_INIT_ERR);
250 return -1;
251 }
252
253 if (payload_length > MAX_KEY_VALUE_PAIRS) {
254 pr_err("Login request payload exceeds default"
255 " MaxRecvDataSegmentLength: %u, protocol error.\n",
256 MAX_KEY_VALUE_PAIRS);
257 return -1;
258 }
259
260 return 0;
261}
262
263static int iscsi_target_check_first_request(
264 struct iscsi_conn *conn,
265 struct iscsi_login *login)
266{
267 struct iscsi_param *param = NULL;
268 struct se_node_acl *se_nacl;
269
270 login->first_request = 0;
271
272 list_for_each_entry(param, &conn->param_list->param_list, p_list) {
273 if (!strncmp(param->name, SESSIONTYPE, 11)) {
274 if (!IS_PSTATE_ACCEPTOR(param)) {
275 pr_err("SessionType key not received"
276 " in first login request.\n");
277 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
278 ISCSI_LOGIN_STATUS_MISSING_FIELDS);
279 return -1;
280 }
281 if (!strncmp(param->value, DISCOVERY, 9))
282 return 0;
283 }
284
285 if (!strncmp(param->name, INITIATORNAME, 13)) {
286 if (!IS_PSTATE_ACCEPTOR(param)) {
287 if (!login->leading_connection)
288 continue;
289
290 pr_err("InitiatorName key not received"
291 " in first login request.\n");
292 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
293 ISCSI_LOGIN_STATUS_MISSING_FIELDS);
294 return -1;
295 }
296
297 /*
298 * For non-leading connections, double check that the
299 * received InitiatorName matches the existing session's
300 * struct iscsi_node_acl.
301 */
302 if (!login->leading_connection) {
303 se_nacl = conn->sess->se_sess->se_node_acl;
304 if (!se_nacl) {
305 pr_err("Unable to locate"
306 " struct se_node_acl\n");
307 iscsit_tx_login_rsp(conn,
308 ISCSI_STATUS_CLS_INITIATOR_ERR,
309 ISCSI_LOGIN_STATUS_TGT_NOT_FOUND);
310 return -1;
311 }
312
313 if (strcmp(param->value,
314 se_nacl->initiatorname)) {
315 pr_err("Incorrect"
316 " InitiatorName: %s for this"
317 " iSCSI Initiator Node.\n",
318 param->value);
319 iscsit_tx_login_rsp(conn,
320 ISCSI_STATUS_CLS_INITIATOR_ERR,
321 ISCSI_LOGIN_STATUS_TGT_NOT_FOUND);
322 return -1;
323 }
324 }
325 }
326 }
327
328 return 0;
329}
330
331static int iscsi_target_do_tx_login_io(struct iscsi_conn *conn, struct iscsi_login *login)
332{
333 u32 padding = 0;
334 struct iscsi_session *sess = conn->sess;
335 struct iscsi_login_rsp *login_rsp;
336
337 login_rsp = (struct iscsi_login_rsp *) login->rsp;
338
339 login_rsp->opcode = ISCSI_OP_LOGIN_RSP;
340 hton24(login_rsp->dlength, login->rsp_length);
341 memcpy(login_rsp->isid, login->isid, 6);
342 login_rsp->tsih = cpu_to_be16(login->tsih);
Christoph Hellwig66c7db62012-09-26 08:00:39 -0400[diff] [blame]343 login_rsp->itt = login->init_task_tag;
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]344 login_rsp->statsn = cpu_to_be32(conn->stat_sn++);
345 login_rsp->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
346 login_rsp->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn);
347
348 pr_debug("Sending Login Response, Flags: 0x%02x, ITT: 0x%08x,"
349 " ExpCmdSN; 0x%08x, MaxCmdSN: 0x%08x, StatSN: 0x%08x, Length:"
Christoph Hellwig66c7db62012-09-26 08:00:39 -0400[diff] [blame]350 " %u\n", login_rsp->flags, (__force u32)login_rsp->itt,
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]351 ntohl(login_rsp->exp_cmdsn), ntohl(login_rsp->max_cmdsn),
352 ntohl(login_rsp->statsn), login->rsp_length);
353
354 padding = ((-login->rsp_length) & 3);
355
Nicholas Bellingerbaa4d642013-03-06 21:54:13 -0800[diff] [blame^]356 if (conn->conn_transport->iscsit_put_login_tx(conn, login,
357 login->rsp_length + padding) < 0)
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]358 return -1;
359
360 login->rsp_length = 0;
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]361 mutex_lock(&sess->cmdsn_mutex);
Christoph Hellwig50e5c872012-09-26 08:00:40 -0400[diff] [blame]362 login_rsp->exp_cmdsn = cpu_to_be32(sess->exp_cmd_sn);
363 login_rsp->max_cmdsn = cpu_to_be32(sess->max_cmd_sn);
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]364 mutex_unlock(&sess->cmdsn_mutex);
365
366 return 0;
367}
368
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]369static int iscsi_target_do_login_io(struct iscsi_conn *conn, struct iscsi_login *login)
370{
371 if (iscsi_target_do_tx_login_io(conn, login) < 0)
372 return -1;
373
Nicholas Bellingerbaa4d642013-03-06 21:54:13 -0800[diff] [blame^]374 if (conn->conn_transport->iscsit_get_login_rx(conn, login) < 0)
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]375 return -1;
376
377 return 0;
378}
379
380/*
381 * NOTE: We check for existing sessions or connections AFTER the initiator
382 * has been successfully authenticated in order to protect against faked
383 * ISID/TSIH combinations.
384 */
385static int iscsi_target_check_for_existing_instances(
386 struct iscsi_conn *conn,
387 struct iscsi_login *login)
388{
389 if (login->checked_for_existing)
390 return 0;
391
392 login->checked_for_existing = 1;
393
394 if (!login->tsih)
395 return iscsi_check_for_session_reinstatement(conn);
396 else
397 return iscsi_login_post_auth_non_zero_tsih(conn, login->cid,
398 login->initial_exp_statsn);
399}
400
401static int iscsi_target_do_authentication(
402 struct iscsi_conn *conn,
403 struct iscsi_login *login)
404{
405 int authret;
406 u32 payload_length;
407 struct iscsi_param *param;
408 struct iscsi_login_req *login_req;
409 struct iscsi_login_rsp *login_rsp;
410
411 login_req = (struct iscsi_login_req *) login->req;
412 login_rsp = (struct iscsi_login_rsp *) login->rsp;
413 payload_length = ntoh24(login_req->dlength);
414
415 param = iscsi_find_param_from_key(AUTHMETHOD, conn->param_list);
416 if (!param)
417 return -1;
418
419 authret = iscsi_handle_authentication(
420 conn,
421 login->req_buf,
422 login->rsp_buf,
423 payload_length,
424 &login->rsp_length,
425 param->value);
426 switch (authret) {
427 case 0:
428 pr_debug("Received OK response"
429 " from LIO Authentication, continuing.\n");
430 break;
431 case 1:
432 pr_debug("iSCSI security negotiation"
Joe Perchesbfb90352011-08-17 06:58:04 -0700[diff] [blame]433 " completed successfully.\n");
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]434 login->auth_complete = 1;
435 if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE1) &&
436 (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) {
437 login_rsp->flags |= (ISCSI_FLAG_LOGIN_NEXT_STAGE1 |
438 ISCSI_FLAG_LOGIN_TRANSIT);
439 login->current_stage = 1;
440 }
441 return iscsi_target_check_for_existing_instances(
442 conn, login);
443 case 2:
444 pr_err("Security negotiation"
445 " failed.\n");
446 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
447 ISCSI_LOGIN_STATUS_AUTH_FAILED);
448 return -1;
449 default:
450 pr_err("Received unknown error %d from LIO"
451 " Authentication\n", authret);
452 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
453 ISCSI_LOGIN_STATUS_TARGET_ERROR);
454 return -1;
455 }
456
457 return 0;
458}
459
460static int iscsi_target_handle_csg_zero(
461 struct iscsi_conn *conn,
462 struct iscsi_login *login)
463{
464 int ret;
465 u32 payload_length;
466 struct iscsi_param *param;
467 struct iscsi_login_req *login_req;
468 struct iscsi_login_rsp *login_rsp;
469
470 login_req = (struct iscsi_login_req *) login->req;
471 login_rsp = (struct iscsi_login_rsp *) login->rsp;
472 payload_length = ntoh24(login_req->dlength);
473
474 param = iscsi_find_param_from_key(AUTHMETHOD, conn->param_list);
475 if (!param)
476 return -1;
477
478 ret = iscsi_decode_text_input(
479 PHASE_SECURITY|PHASE_DECLARATIVE,
480 SENDER_INITIATOR|SENDER_RECEIVER,
481 login->req_buf,
482 payload_length,
Nicholas Bellinger9977bb12012-09-29 21:49:59 -0700[diff] [blame]483 conn);
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]484 if (ret < 0)
485 return -1;
486
487 if (ret > 0) {
488 if (login->auth_complete) {
489 pr_err("Initiator has already been"
490 " successfully authenticated, but is still"
491 " sending %s keys.\n", param->value);
492 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
493 ISCSI_LOGIN_STATUS_INIT_ERR);
494 return -1;
495 }
496
497 goto do_auth;
498 }
499
500 if (login->first_request)
501 if (iscsi_target_check_first_request(conn, login) < 0)
502 return -1;
503
504 ret = iscsi_encode_text_output(
505 PHASE_SECURITY|PHASE_DECLARATIVE,
506 SENDER_TARGET,
507 login->rsp_buf,
508 &login->rsp_length,
509 conn->param_list);
510 if (ret < 0)
511 return -1;
512
513 if (!iscsi_check_negotiated_keys(conn->param_list)) {
514 if (ISCSI_TPG_ATTRIB(ISCSI_TPG_C(conn))->authentication &&
515 !strncmp(param->value, NONE, 4)) {
516 pr_err("Initiator sent AuthMethod=None but"
517 " Target is enforcing iSCSI Authentication,"
518 " login failed.\n");
519 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
520 ISCSI_LOGIN_STATUS_AUTH_FAILED);
521 return -1;
522 }
523
524 if (ISCSI_TPG_ATTRIB(ISCSI_TPG_C(conn))->authentication &&
525 !login->auth_complete)
526 return 0;
527
528 if (strncmp(param->value, NONE, 4) && !login->auth_complete)
529 return 0;
530
531 if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE1) &&
532 (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) {
533 login_rsp->flags |= ISCSI_FLAG_LOGIN_NEXT_STAGE1 |
534 ISCSI_FLAG_LOGIN_TRANSIT;
535 login->current_stage = 1;
536 }
537 }
538
539 return 0;
540do_auth:
541 return iscsi_target_do_authentication(conn, login);
542}
543
544static int iscsi_target_handle_csg_one(struct iscsi_conn *conn, struct iscsi_login *login)
545{
546 int ret;
547 u32 payload_length;
548 struct iscsi_login_req *login_req;
549 struct iscsi_login_rsp *login_rsp;
550
551 login_req = (struct iscsi_login_req *) login->req;
552 login_rsp = (struct iscsi_login_rsp *) login->rsp;
553 payload_length = ntoh24(login_req->dlength);
554
555 ret = iscsi_decode_text_input(
556 PHASE_OPERATIONAL|PHASE_DECLARATIVE,
557 SENDER_INITIATOR|SENDER_RECEIVER,
558 login->req_buf,
559 payload_length,
Nicholas Bellinger9977bb12012-09-29 21:49:59 -0700[diff] [blame]560 conn);
Roland Dreier1c5c12c2012-11-05 18:02:42 -0800[diff] [blame]561 if (ret < 0) {
562 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
563 ISCSI_LOGIN_STATUS_INIT_ERR);
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]564 return -1;
Roland Dreier1c5c12c2012-11-05 18:02:42 -0800[diff] [blame]565 }
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]566
567 if (login->first_request)
568 if (iscsi_target_check_first_request(conn, login) < 0)
569 return -1;
570
571 if (iscsi_target_check_for_existing_instances(conn, login) < 0)
572 return -1;
573
574 ret = iscsi_encode_text_output(
575 PHASE_OPERATIONAL|PHASE_DECLARATIVE,
576 SENDER_TARGET,
577 login->rsp_buf,
578 &login->rsp_length,
579 conn->param_list);
Roland Dreier1c5c12c2012-11-05 18:02:42 -0800[diff] [blame]580 if (ret < 0) {
581 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
582 ISCSI_LOGIN_STATUS_INIT_ERR);
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]583 return -1;
Roland Dreier1c5c12c2012-11-05 18:02:42 -0800[diff] [blame]584 }
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]585
586 if (!login->auth_complete &&
587 ISCSI_TPG_ATTRIB(ISCSI_TPG_C(conn))->authentication) {
588 pr_err("Initiator is requesting CSG: 1, has not been"
589 " successfully authenticated, and the Target is"
590 " enforcing iSCSI Authentication, login failed.\n");
591 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
592 ISCSI_LOGIN_STATUS_AUTH_FAILED);
593 return -1;
594 }
595
596 if (!iscsi_check_negotiated_keys(conn->param_list))
597 if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE3) &&
598 (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT))
599 login_rsp->flags |= ISCSI_FLAG_LOGIN_NEXT_STAGE3 |
600 ISCSI_FLAG_LOGIN_TRANSIT;
601
602 return 0;
603}
604
605static int iscsi_target_do_login(struct iscsi_conn *conn, struct iscsi_login *login)
606{
607 int pdu_count = 0;
608 struct iscsi_login_req *login_req;
609 struct iscsi_login_rsp *login_rsp;
610
611 login_req = (struct iscsi_login_req *) login->req;
612 login_rsp = (struct iscsi_login_rsp *) login->rsp;
613
614 while (1) {
615 if (++pdu_count > MAX_LOGIN_PDUS) {
616 pr_err("MAX_LOGIN_PDUS count reached.\n");
617 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
618 ISCSI_LOGIN_STATUS_TARGET_ERROR);
619 return -1;
620 }
621
Andy Grover5d358062013-03-04 13:52:08 -0800[diff] [blame]622 switch (ISCSI_LOGIN_CURRENT_STAGE(login_req->flags)) {
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]623 case 0:
Andy Grover5d358062013-03-04 13:52:08 -0800[diff] [blame]624 login_rsp->flags &= ~ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK;
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]625 if (iscsi_target_handle_csg_zero(conn, login) < 0)
626 return -1;
627 break;
628 case 1:
629 login_rsp->flags |= ISCSI_FLAG_LOGIN_CURRENT_STAGE1;
630 if (iscsi_target_handle_csg_one(conn, login) < 0)
631 return -1;
632 if (login_rsp->flags & ISCSI_FLAG_LOGIN_TRANSIT) {
633 login->tsih = conn->sess->tsih;
Nicholas Bellingerbaa4d642013-03-06 21:54:13 -0800[diff] [blame^]634 login->login_complete = 1;
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]635 if (iscsi_target_do_tx_login_io(conn,
636 login) < 0)
637 return -1;
638 return 0;
639 }
640 break;
641 default:
642 pr_err("Illegal CSG: %d received from"
643 " Initiator, protocol error.\n",
Andy Grover5d358062013-03-04 13:52:08 -0800[diff] [blame]644 ISCSI_LOGIN_CURRENT_STAGE(login_req->flags));
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]645 break;
646 }
647
648 if (iscsi_target_do_login_io(conn, login) < 0)
649 return -1;
650
651 if (login_rsp->flags & ISCSI_FLAG_LOGIN_TRANSIT) {
652 login_rsp->flags &= ~ISCSI_FLAG_LOGIN_TRANSIT;
653 login_rsp->flags &= ~ISCSI_FLAG_LOGIN_NEXT_STAGE_MASK;
654 }
655 }
656
657 return 0;
658}
659
660static void iscsi_initiatorname_tolower(
661 char *param_buf)
662{
663 char *c;
664 u32 iqn_size = strlen(param_buf), i;
665
666 for (i = 0; i < iqn_size; i++) {
Jörn Engel8359cf42011-11-24 02:05:51 +0100[diff] [blame]667 c = &param_buf[i];
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]668 if (!isupper(*c))
669 continue;
670
671 *c = tolower(*c);
672 }
673}
674
675/*
676 * Processes the first Login Request..
677 */
Nicholas Bellingerbaa4d642013-03-06 21:54:13 -0800[diff] [blame^]678int iscsi_target_locate_portal(
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]679 struct iscsi_np *np,
680 struct iscsi_conn *conn,
681 struct iscsi_login *login)
682{
683 char *i_buf = NULL, *s_buf = NULL, *t_buf = NULL;
684 char *tmpbuf, *start = NULL, *end = NULL, *key, *value;
685 struct iscsi_session *sess = conn->sess;
686 struct iscsi_tiqn *tiqn;
687 struct iscsi_login_req *login_req;
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]688 u32 payload_length;
689 int sessiontype = 0, ret = 0;
690
691 login_req = (struct iscsi_login_req *) login->req;
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]692 payload_length = ntoh24(login_req->dlength);
693
694 login->first_request = 1;
695 login->leading_connection = (!login_req->tsih) ? 1 : 0;
Andy Grover5d358062013-03-04 13:52:08 -0800[diff] [blame]696 login->current_stage = ISCSI_LOGIN_CURRENT_STAGE(login_req->flags);
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]697 login->version_min = login_req->min_version;
698 login->version_max = login_req->max_version;
699 memcpy(login->isid, login_req->isid, 6);
Christoph Hellwig50e5c872012-09-26 08:00:40 -0400[diff] [blame]700 login->cmd_sn = be32_to_cpu(login_req->cmdsn);
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]701 login->init_task_tag = login_req->itt;
Christoph Hellwig50e5c872012-09-26 08:00:40 -0400[diff] [blame]702 login->initial_exp_statsn = be32_to_cpu(login_req->exp_statsn);
703 login->cid = be16_to_cpu(login_req->cid);
704 login->tsih = be16_to_cpu(login_req->tsih);
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]705
706 if (iscsi_target_get_initial_payload(conn, login) < 0)
707 return -1;
708
709 tmpbuf = kzalloc(payload_length + 1, GFP_KERNEL);
710 if (!tmpbuf) {
711 pr_err("Unable to allocate memory for tmpbuf.\n");
712 return -1;
713 }
714
715 memcpy(tmpbuf, login->req_buf, payload_length);
716 tmpbuf[payload_length] = '\0';
717 start = tmpbuf;
718 end = (start + payload_length);
719
720 /*
721 * Locate the initial keys expected from the Initiator node in
722 * the first login request in order to progress with the login phase.
723 */
724 while (start < end) {
725 if (iscsi_extract_key_value(start, &key, &value) < 0) {
726 ret = -1;
727 goto out;
728 }
729
730 if (!strncmp(key, "InitiatorName", 13))
731 i_buf = value;
732 else if (!strncmp(key, "SessionType", 11))
733 s_buf = value;
734 else if (!strncmp(key, "TargetName", 10))
735 t_buf = value;
736
737 start += strlen(key) + strlen(value) + 2;
738 }
739
Nicholas Bellingerbaa4d642013-03-06 21:54:13 -0800[diff] [blame^]740 printk("i_buf: %s, s_buf: %s, t_buf: %s\n", i_buf, s_buf, t_buf);
741
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]742 /*
743 * See 5.3. Login Phase.
744 */
745 if (!i_buf) {
746 pr_err("InitiatorName key not received"
747 " in first login request.\n");
748 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
749 ISCSI_LOGIN_STATUS_MISSING_FIELDS);
750 ret = -1;
751 goto out;
752 }
753 /*
754 * Convert the incoming InitiatorName to lowercase following
755 * RFC-3720 3.2.6.1. section c) that says that iSCSI IQNs
756 * are NOT case sensitive.
757 */
758 iscsi_initiatorname_tolower(i_buf);
759
760 if (!s_buf) {
761 if (!login->leading_connection)
762 goto get_target;
763
764 pr_err("SessionType key not received"
765 " in first login request.\n");
766 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
767 ISCSI_LOGIN_STATUS_MISSING_FIELDS);
768 ret = -1;
769 goto out;
770 }
771
772 /*
773 * Use default portal group for discovery sessions.
774 */
775 sessiontype = strncmp(s_buf, DISCOVERY, 9);
776 if (!sessiontype) {
777 conn->tpg = iscsit_global->discovery_tpg;
778 if (!login->leading_connection)
779 goto get_target;
780
781 sess->sess_ops->SessionType = 1;
782 /*
783 * Setup crc32c modules from libcrypto
784 */
785 if (iscsi_login_setup_crypto(conn) < 0) {
786 pr_err("iscsi_login_setup_crypto() failed\n");
787 ret = -1;
788 goto out;
789 }
790 /*
791 * Serialize access across the discovery struct iscsi_portal_group to
792 * process login attempt.
793 */
794 if (iscsit_access_np(np, conn->tpg) < 0) {
795 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
796 ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
797 ret = -1;
798 goto out;
799 }
800 ret = 0;
801 goto out;
802 }
803
804get_target:
805 if (!t_buf) {
806 pr_err("TargetName key not received"
807 " in first login request while"
808 " SessionType=Normal.\n");
809 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
810 ISCSI_LOGIN_STATUS_MISSING_FIELDS);
811 ret = -1;
812 goto out;
813 }
814
815 /*
816 * Locate Target IQN from Storage Node.
817 */
818 tiqn = iscsit_get_tiqn_for_login(t_buf);
819 if (!tiqn) {
820 pr_err("Unable to locate Target IQN: %s in"
821 " Storage Node\n", t_buf);
822 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
823 ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
824 ret = -1;
825 goto out;
826 }
827 pr_debug("Located Storage Object: %s\n", tiqn->tiqn);
828
829 /*
830 * Locate Target Portal Group from Storage Node.
831 */
832 conn->tpg = iscsit_get_tpg_from_np(tiqn, np);
833 if (!conn->tpg) {
834 pr_err("Unable to locate Target Portal Group"
835 " on %s\n", tiqn->tiqn);
836 iscsit_put_tiqn_for_login(tiqn);
837 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
838 ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
839 ret = -1;
840 goto out;
841 }
842 pr_debug("Located Portal Group Object: %hu\n", conn->tpg->tpgt);
843 /*
844 * Setup crc32c modules from libcrypto
845 */
846 if (iscsi_login_setup_crypto(conn) < 0) {
847 pr_err("iscsi_login_setup_crypto() failed\n");
848 ret = -1;
849 goto out;
850 }
851 /*
852 * Serialize access across the struct iscsi_portal_group to
853 * process login attempt.
854 */
855 if (iscsit_access_np(np, conn->tpg) < 0) {
856 iscsit_put_tiqn_for_login(tiqn);
857 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
858 ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
859 ret = -1;
860 conn->tpg = NULL;
861 goto out;
862 }
863
864 /*
865 * conn->sess->node_acl will be set when the referenced
866 * struct iscsi_session is located from received ISID+TSIH in
867 * iscsi_login_non_zero_tsih_s2().
868 */
869 if (!login->leading_connection) {
870 ret = 0;
871 goto out;
872 }
873
874 /*
875 * This value is required in iscsi_login_zero_tsih_s2()
876 */
877 sess->sess_ops->SessionType = 0;
878
879 /*
880 * Locate incoming Initiator IQN reference from Storage Node.
881 */
882 sess->se_sess->se_node_acl = core_tpg_check_initiator_node_acl(
883 &conn->tpg->tpg_se_tpg, i_buf);
884 if (!sess->se_sess->se_node_acl) {
885 pr_err("iSCSI Initiator Node: %s is not authorized to"
886 " access iSCSI target portal group: %hu.\n",
887 i_buf, conn->tpg->tpgt);
888 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
889 ISCSI_LOGIN_STATUS_TGT_FORBIDDEN);
890 ret = -1;
891 goto out;
892 }
893
894 ret = 0;
895out:
896 kfree(tmpbuf);
897 return ret;
898}
899
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]900int iscsi_target_start_negotiation(
901 struct iscsi_login *login,
902 struct iscsi_conn *conn)
903{
Nicholas Bellingerbaa4d642013-03-06 21:54:13 -0800[diff] [blame^]904 int ret;
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]905
906 ret = iscsi_target_do_login(conn, login);
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]907 if (ret != 0)
908 iscsi_remove_failed_auth_entry(conn);
909
Nicholas Bellingerbaa4d642013-03-06 21:54:13 -0800[diff] [blame^]910 iscsi_target_nego_release(conn);
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]911 return ret;
912}
913
Nicholas Bellingerbaa4d642013-03-06 21:54:13 -0800[diff] [blame^]914void iscsi_target_nego_release(struct iscsi_conn *conn)
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]915{
Nicholas Bellingerbaa4d642013-03-06 21:54:13 -0800[diff] [blame^]916 struct iscsi_login *login = conn->conn_login;
917
918 if (!login)
919 return;
920
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]921 kfree(login->req_buf);
922 kfree(login->rsp_buf);
923 kfree(login);
Nicholas Bellingerbaa4d642013-03-06 21:54:13 -0800[diff] [blame^]924
925 conn->conn_login = NULL;
Nicholas Bellingere48354c2011-07-23 06:43:04 +0000[diff] [blame]926}