[stgt] CHAP doesn't work as expected ?! Or user error :) ?
Chandra Seetharaman
sekharan at us.ibm.com
Tue Feb 23 01:04:57 CET 2010
Applied the patch to the latest RHEL 5.4 errata. Applied cleanly.
Tested it to be working fine (I bound the user as you bound it with the
bind command).
I have one question though. How do I specify it in targets.conf ?
Thanks
chandra
On Fri, 2010-02-19 at 11:36 +0900, FUJITA Tomonori wrote:
> On Wed, 17 Feb 2010 14:13:41 +0900
> FUJITA Tomonori <fujita.tomonori at lab.ntt.co.jp> wrote:
>
> > Seems that stgt at vger.kernel.org dropped this mail due to attachment.
> >
> > On Tue, 16 Feb 2010 10:47:11 -0800
> > Chandra Seetharaman <sekharan at us.ibm.com> wrote:
> >
> > > On Tue, 2010-02-16 at 10:38 +0900, FUJITA Tomonori wrote:
> > > > Hey,
> > > >
> > > > On Mon, 15 Feb 2010 11:46:51 -0800
> > > > Chandra Seetharaman <sekharan at us.ibm.com> wrote:
> > > >
> > > > > I just started testing some of the features of stgt.
> > > > >
> > > > > While trying stgt, realized that stgt provides the option of "CHAP" or
> > > > > "None" to the initiator. open-iscsi SW initiator chooses the lower
> > > > > "None", thereby it ends up not using the CHAP that I specified for the
> > > > > target in stgt.
> > > > >
> > > > > How do I tell stgt to _not_ provide "None" as an option ? IOW, makes
> > > > > sure CHAP _is_ used by the initiator ?
> > > >
> > > > Are you taking about a discovery or normal session?
> > >
> > > Discovery session.
> >
> > Ah, stgt doesn't support Discovery session authentication (like IET).
> >
> > Do you need this feature? If so, I can implement it (some time this
> > month probably).
>
> Ok, here's a patch. It's hacky a bit though.
>
> root at rose:~/git/tgt# ./usr/tgtadm --op show --mode sys
> System:
> State: ready
> iSNS:
> iSNS=Off
> iSNSServerIP=
> iSNSServerPort=3205
> iSNSAccessControl=Off
>
>
> root at rose:~/git/tgt# ./usr/tgtadm --op new --mode account --user fujita --password tomo
> root at rose:~/git/tgt# ./usr/tgtadm --op bind --mode account --user fujita
> root at rose:~/git/tgt# ./usr/tgtadm --op show --mode sys
> System:
> State: ready
> Account information:
> fujita
> iSNS:
> iSNS=Off
> iSNSServerIP=
> iSNSServerPort=3205
> iSNSAccessControl=Off
>
>
> =
> From: FUJITA Tomonori <fujita.tomonori at lab.ntt.co.jp>
> Subject: [PATCH] add discovery authentication support
>
> Signed-off-by: FUJITA Tomonori <fujita.tomonori at lab.ntt.co.jp>
> ---
> usr/iscsi/iscsid.c | 4 ++++
> usr/target.c | 44 +++++++++++++++++++++++++++++++++++++++++---
> usr/tgtadm.c | 12 ++++--------
> usr/tgtadm.h | 2 ++
> 4 files changed, 51 insertions(+), 11 deletions(-)
>
> diff --git a/usr/iscsi/iscsid.c b/usr/iscsi/iscsid.c
> index 2adc6a8..2ceb8be 100644
> --- a/usr/iscsi/iscsid.c
> +++ b/usr/iscsi/iscsid.c
> @@ -38,6 +38,7 @@
> #include "util.h"
> #include "driver.h"
> #include "scsi.h"
> +#include "tgtadm.h"
> #include "crc32c.h"
>
> #define MAX_QUEUE_CMD 128
> @@ -467,6 +468,9 @@ static void login_start(struct iscsi_connection *conn)
> }
> }
>
> + if (conn->session_type == SESSION_DISCOVERY)
> + conn->tid = GLOBAL_TID;
> +
> if (conn->session_type == SESSION_NORMAL) {
> if (!target_name) {
> rsp->status_class = ISCSI_STATUS_CLS_INITIATOR_ERR;
> diff --git a/usr/target.c b/usr/target.c
> index c848757..60e3179 100644
> --- a/usr/target.c
> +++ b/usr/target.c
> @@ -42,6 +42,8 @@
>
> static LIST_HEAD(device_type_list);
>
> +static struct target global_target;
> +
> int device_type_register(struct device_type_template *t)
> {
> list_add_tail(&t->device_type_siblings, &device_type_list);
> @@ -1165,7 +1167,10 @@ int account_lookup(int tid, int type, char *user, int ulen, char *password, int
> struct target *target;
> struct account_entry *ac;
>
> - target = target_lookup(tid);
> + if (tid == GLOBAL_TID)
> + target = &global_target;
> + else
> + target = target_lookup(tid);
> if (!target)
> return -ENOENT;
>
> @@ -1272,7 +1277,10 @@ int account_ctl(int tid, int type, char *user, int bind)
> struct account_entry *ac;
> int i, err = 0;
>
> - target = target_lookup(tid);
> + if (tid == GLOBAL_TID)
> + target = &global_target;
> + else
> + target = target_lookup(tid);
> if (!target)
> return TGTADM_NO_TARGET;
>
> @@ -1323,6 +1331,9 @@ void account_del(char *user)
> account_ctl(target->tid, ACCOUNT_TYPE_OUTGOING, ac->user, 0);
> }
>
> + account_ctl(GLOBAL_TID, ACCOUNT_TYPE_INCOMING, ac->user, 0);
> + account_ctl(GLOBAL_TID, ACCOUNT_TYPE_OUTGOING, ac->user, 0);
> +
> list_del(&ac->account_siblings);
> free(ac->user);
> free(ac->password);
> @@ -1333,7 +1344,10 @@ int account_available(int tid, int dir)
> {
> struct target *target;
>
> - target = target_lookup(tid);
> + if (tid == GLOBAL_TID)
> + target = &global_target;
> + else
> + target = target_lookup(tid);
> if (!target)
> return 0;
>
> @@ -1869,6 +1883,17 @@ int system_show(int mode, char *buf, int rest)
> shprintf(total, buf, rest, _TAB1 "State: %s\n",
> system_state_name(sys_state));
>
> + if (global_target.account.nr_inaccount) {
> + int i, aid;
> + shprintf(total, buf, rest,
> + "Account information:\n");
> + for (i = 0; i < global_target.account.nr_inaccount; i++) {
> + aid = global_target.account.in_aids[i];
> + shprintf(total, buf, rest, _TAB1 "%s\n",
> + __account_lookup_id(aid)->user);
> + }
> + }
> +
> return total;
> overflow:
> return max;
> @@ -1883,3 +1908,16 @@ int is_system_inactive(void)
> {
> return list_empty(&target_list);
> }
> +
> +__attribute__((constructor)) static void target_constructor(void)
> +{
> + static int global_target_aids[DEFAULT_NR_ACCOUNT];
> +
> + memset(global_target_aids, 0, sizeof(global_target_aids));
> + global_target.account.in_aids = global_target_aids;
> + global_target.account.max_inaccount = DEFAULT_NR_ACCOUNT;
> +
> + global_target.tid = GLOBAL_TID;
> +
> + INIT_LIST_HEAD(&global_target.acl_list);
> +}
> diff --git a/usr/tgtadm.c b/usr/tgtadm.c
> index dd46985..5d85c5f 100644
> --- a/usr/tgtadm.c
> +++ b/usr/tgtadm.c
> @@ -647,10 +647,8 @@ int main(int argc, char **argv)
> eprintf("'user' option is necessary\n");
> exit(EINVAL);
> }
> - if (tid <= 0) {
> - eprintf("'tid' option is necessary\n");
> - exit(EINVAL);
> - }
> + if (tid == -1)
> + tid = GLOBAL_TID;
> break;
> case OP_UNBIND:
> rc = verify_mode_params(argc, argv, "Lmou");
> @@ -663,10 +661,8 @@ int main(int argc, char **argv)
> eprintf("'user' option is necessary\n");
> exit(EINVAL);
> }
> - if (tid <= 0) {
> - eprintf("'tid' option is necessary\n");
> - exit(EINVAL);
> - }
> + if (tid == -1)
> + tid = GLOBAL_TID;
> break;
> default:
> eprintf("option %d not supported in account mode\n", op);
> diff --git a/usr/tgtadm.h b/usr/tgtadm.h
> index 60b984d..8e04a3c 100644
> --- a/usr/tgtadm.h
> +++ b/usr/tgtadm.h
> @@ -4,6 +4,8 @@
> #define TGT_IPC_NAMESPACE "/tmp/.TGT_IPC_ABSTRACT_NAMESPACE"
> #define TGT_LLD_NAME_LEN 64
>
> +#define GLOBAL_TID (~0U)
> +
> #include "tgtadm_error.h"
>
> enum tgtadm_op {
--
To unsubscribe from this list: send the line "unsubscribe stgt" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the stgt
mailing list