[stgt] authentication by initiator's name
Shuko Yasumoto
yasumoto.shuko at jp.fujitsu.com
Thu Jun 16 08:10:09 CEST 2011
Dear developers,
# My colleague tried to send the following email several times
# but it didn't work and he could't find out the reason so I send
# this email on behalf of him (Hisashi Osanai).
I would like to have the following command option "--initiator-name"
in addition to the option "--initiator-address" to realize not show targets
to initiators by initiators' names (iqn).
--lld <driver> --mode target --op bind --tid <id> --initiator-address
<address> [--initiator-name <name>]
--lld <driver> --mode target --op unbind --tid <id> {--initiator-address
<address> | --initiator-name <name>}
What do you think the necessity of this function?
I attached diff of source code to get your better understanding.
===
diff tgt-1.0.16/usr/mgmt.c tgt-1.0.16+/usr/mgmt.c
95c95
< p = strchr(mtask->buf, '=');
---
> p = strstr(mtask->buf, "initiator-address=");
97c97,101
< err = acl_add(req->tid, p + 1);
---
> err = acl_add(req->tid, p +
strlen("initiator-address="));
>
> p = strstr(mtask->buf, "initiator-name=");
> if (p)
> err = iqn_acl_add(req->tid, p +
strlen("initiator-name="));
106c110,116
< p = strchr(mtask->buf, '=');
---
> p = strstr(mtask->buf, "initiator-address=");
> if (p) {
> err = 0;
> acl_del(req->tid, p +
strlen("initiator-address="));
> }
>
> p = strstr(mtask->buf, "initiator-name=");
109c119
< acl_del(req->tid, p + 1);
---
> iqn_acl_del(req->tid, p +
strlen("initiator-name="));
diff tgt-1.0.16/usr/target.c tgt-1.0.16+/usr/target.c
1566a1567,1633
> int iqn_acl_add(int tid, char *name)
> {
> char *str;
> struct target *target;
> struct iqn_acl_entry *iqn_acl, *tmp;
>
> target = target_lookup(tid);
> if (!target)
> return TGTADM_NO_TARGET;
>
> list_for_each_entry_safe(iqn_acl, tmp, &target->iqn_acl_list,
iqn_aclent_list)
> if (!strcmp(name, iqn_acl->name))
> return TGTADM_ACL_EXIST;
>
> iqn_acl = zalloc(sizeof(*iqn_acl));
> if (!iqn_acl)
> return TGTADM_NOMEM;
>
> str = strdup(name);
> if (!str) {
> free(iqn_acl);
> return TGTADM_NOMEM;
> }
>
> iqn_acl->name = str;
> list_add_tail(&iqn_acl->iqn_aclent_list, &target->iqn_acl_list);
>
> return 0;
> }
>
> void iqn_acl_del(int tid, char *name)
> {
> struct target *target;
> struct iqn_acl_entry *iqn_acl, *tmp;
>
> target = target_lookup(tid);
> if (!target)
> return;
>
> list_for_each_entry_safe(iqn_acl, tmp, &target->iqn_acl_list,
iqn_aclent_list) {
> if (!strcmp(name, iqn_acl->name)) {
> list_del(&iqn_acl->iqn_aclent_list);
> free(iqn_acl->name);
> free(iqn_acl);
> break;
> }
> }
> }
>
> char *iqn_acl_get(int tid, int idx)
> {
> int i = 0;
> struct target *target;
> struct iqn_acl_entry *iqn_acl;
>
> target = target_lookup(tid);
> if (!target)
> return NULL;
>
> list_for_each_entry(iqn_acl, &target->iqn_acl_list, iqn_aclent_list)
{
> if (idx == i++)
> return iqn_acl->name;
> }
>
> return NULL;
> }
>
1746a1814
> struct iqn_acl_entry *iqn_acl;
1819a1888,1891
>
> list_for_each_entry(iqn_acl, &target->iqn_acl_list,
iqn_aclent_list)
> shprintf(total, buf, rest, _TAB2 "%s\n",
iqn_acl->name);
>
1911a1984
> INIT_LIST_HEAD(&target->iqn_acl_list);
1928a2002
> struct iqn_acl_entry *iqn_acl, *tmp1;
1959a2034,2039
> list_for_each_entry_safe(iqn_acl, tmp1, &target->iqn_acl_list,
iqn_aclent_list) {
> list_del(&iqn_acl->iqn_aclent_list);
> free(iqn_acl->name);
> free(iqn_acl);
> }
>
2125a2206
> INIT_LIST_HEAD(&global_target.iqn_acl_list);
diff tgt-1.0.16/usr/target.h tgt-1.0.16+/usr/target.h 15a16,20
> struct iqn_acl_entry {
> char *name;
> struct list_head iqn_aclent_list;
> };
>
40a46,47
> struct list_head iqn_acl_list;
>
diff tgt-1.0.16/usr/tgtadm.c tgt-1.0.16+/usr/tgtadm.c
107a108
> {"initiator-name", required_argument, NULL, 'Q'},
120c121
< static char *short_options =
"dhVL:o:m:t:s:c:l:n:v:b:E:f:T:I:u:p:H:P:B:Y:O:C:";
---
> static char *short_options =
> "dhVL:o:m:t:s:c:l:n:v:b:E:f:T:I:Q:u:p:H:P:B:Y:O:C:";
143c144
< --lld <driver> --mode target --op bind --tid <id> --initiator-address
<src>\n\
---
> --lld <driver> --mode target --op bind --tid <id>
> --initiator-address <address> [--initiator-name <name>]\n\
145c146
< --lld <driver> --mode target --op unbind --tid <id> --initiator-address
<src>\n\
---
> --lld <driver> --mode target --op unbind --tid <id>
> {--initiator-address <address> | --initiator-name <name>}\n\
436c437
< char *name, *value, *path, *targetname, *params, *address,
*targetOps;
---
> char *name, *value, *path, *targetname, *params, *address, *iqnname,
> *targetOps;
452c453
< name = value = path = targetname = address = NULL;
---
> name = value = path = targetname = address = iqnname = NULL;
515a517,519
> case 'Q':
> iqnname = optarg;
> break;
626c630
< rc = verify_mode_params(argc, argv, "LmotIBHC");
---
> rc = verify_mode_params(argc, argv, "LmotIQBHC");
632c636
< if (!address && !hostno) {
---
> if (!address && !iqnname && !hostno) {
634c638
< " initiator-address or bus\n",
---
> " initiator-address, initiator-name
or bus\n",
847a852,854
> if (iqnname)
> shprintf(total, params, rest, "%sinitiator-name=%s",
> rest == BUFSIZE ? "" : ",", iqnname);
diff tgt-1.0.16/usr/tgtd.h tgt-1.0.16+/usr/tgtd.h
308a309,312
> extern int iqn_acl_add(int tid, char *name); extern void
> iqn_acl_del(int tid, char *name); extern char *iqn_acl_get(int tid,
> int idx);
>
diff tgt-1.0.16/usr/iscsi/iscsid.c tgt-1.0.16+/usr/iscsi/iscsid.c
529a530,536
> if (iqn_acl(conn->tid, conn)) {
> rsp->status_class = ISCSI_STATUS_CLS_INITIATOR_ERR;
> rsp->status_detail =
ISCSI_LOGIN_STATUS_TGT_NOT_FOUND;
> conn->state = STATE_EXIT;
> return;
> }
>
diff tgt-1.0.16/usr/iscsi/iscsid.h tgt-1.0.16+/usr/iscsi/iscsid.h
330a331
> extern int iqn_acl(int tid, struct iscsi_connection *conn);
diff tgt-1.0.16/usr/iscsi/iser_text.c tgt-1.0.16+/usr/iscsi/iser_text.c
501a502,508
> if (iqn_acl(iscsi_conn->tid, iscsi_conn)) {
> rsp_bhs->status_class =
ISCSI_STATUS_CLS_INITIATOR_ERR;
> rsp_bhs->status_detail =
ISCSI_LOGIN_STATUS_TGT_NOT_FOUND;
> iscsi_conn->state = STATE_EXIT;
> return;
> }
>
diff tgt-1.0.16/usr/iscsi/target.c tgt-1.0.16+/usr/iscsi/target.c
190a191,224
>
> static int iqn_match(struct iscsi_connection *conn, char *name) {
> int err = 1;
>
> if (!strcmp(conn->initiator, name))
> err = 0;
>
> return err;
> }
>
> int iqn_acl(int tid, struct iscsi_connection *conn) {
> int idx, enable, err;
> char *name;
>
> enable = 0;
> for (idx = 0;; idx++) {
> name = iqn_acl_get(tid, idx);
> if (!name)
> break;
>
> enable = 1;
> err = iqn_match(conn, name);
> if (!err)
> return 0;
> }
>
> if (!enable)
> return 0;
> else
> return -EPERM;
> }
>
327a362,364
> if (iqn_acl(target->tid, conn))
> continue;
>
===
# /usr/sbin/tgtd --iscsi portal=xx.xx.xx.xx:3260
# /usr/sbin/tgtadm --lld iscsi --op new --mode target --tid 1 -T
iqn.2001-04.com.example:storage.disk2.amiens.sys1.xyz1
# /usr/sbin/tgtadm --lld iscsi --op bind --mode target --tid 1 -I ALL
# /usr/sbin/tgtadm --lld iscsi --op bind --mode target --tid 1 -Q
iqn.1991-05.com.microsoft:host1
# /usr/sbin/tgtadm --lld iscsi --op show --mode target
Target 1: iqn.2001-04.com.example:storage.disk2.amiens.sys1.xyz1
System information:
Driver: iscsi
State: ready
I_T nexus information:
LUN information:
LUN: 0
Type: controller
SCSI ID: IET 00010000
SCSI SN: beaf10
Size: 0 MB, Block size: 1
Online: Yes
Removable media: No
Readonly: No
Backing store type: null
Backing store path: None
Backing store flags:
Account information:
ACL information:
ALL
iqn.1991-05.com.microsoft:host1
Best Regards,
Shuko Yasumoto
--
To unsubscribe from this list: send the line "unsubscribe stgt" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the stgt
mailing list