[stgt] authentication by initiator's name

FUJITA Tomonori fujita.tomonori at lab.ntt.co.jp
Fri Jun 17 15:53:40 CEST 2011 

On Fri, 17 Jun 2011 19:49:33 +0900
Shuko Yasumoto <yasumoto.shuko at jp.fujitsu.com> wrote:

> Could you please review the attached?

Inline please.

> diff -uprN tgt-1.0.16/usr/iscsi/iscsid.c tgt-1.0.16-ho/usr/iscsi/iscsid.c
> --- tgt-1.0.16/usr/iscsi/iscsid.c	2011-05-01 17:29:56.000000000 +0900
> +++ tgt-1.0.16-ho/usr/iscsi/iscsid.c	2011-06-15 15:07:08.000000000 +0900
> @@ -527,6 +527,13 @@ static void login_start(struct iscsi_con
>  			return;
>  		}
>  
> +		if (iqn_acl(conn->tid, conn)) {
> +			rsp->status_class = ISCSI_STATUS_CLS_INITIATOR_ERR;
> +			rsp->status_detail = ISCSI_LOGIN_STATUS_TGT_NOT_FOUND;
> +			conn->state = STATE_EXIT;
> +			return;
> +		}
> +
>  		if (isns_scn_access(conn->tid, name)) {
>  			rsp->status_class = ISCSI_STATUS_CLS_INITIATOR_ERR;
>  			rsp->status_detail = ISCSI_LOGIN_STATUS_TGT_NOT_FOUND;
> diff -uprN tgt-1.0.16/usr/iscsi/iscsid.h tgt-1.0.16-ho/usr/iscsi/iscsid.h
> --- tgt-1.0.16/usr/iscsi/iscsid.h	2011-05-01 17:29:56.000000000 +0900
> +++ tgt-1.0.16-ho/usr/iscsi/iscsid.h	2011-05-14 19:33:27.000000000 +0900
> @@ -328,6 +328,7 @@ struct iscsi_target * target_find_by_nam
>  struct iscsi_target * target_find_by_id(int tid);
>  extern void target_list_build(struct iscsi_connection *, char *, char *);
>  extern int ip_acl(int tid, struct iscsi_connection *conn);
> +extern int iqn_acl(int tid, struct iscsi_connection *conn);
>  extern int iscsi_target_create(struct target *);
>  extern void iscsi_target_destroy(int);
>  extern int iscsi_target_show(int mode, int tid, uint64_t sid, uint32_t cid,
> diff -uprN tgt-1.0.16/usr/iscsi/iser_text.c tgt-1.0.16-ho/usr/iscsi/iser_text.c
> --- tgt-1.0.16/usr/iscsi/iser_text.c	2011-05-01 17:29:56.000000000 +0900
> +++ tgt-1.0.16-ho/usr/iscsi/iser_text.c	2011-06-15 14:59:30.000000000 +0900
> @@ -499,6 +499,13 @@ static void iser_login_start(struct iscs
>  			return;
>  		}
>  
> +		if (iqn_acl(iscsi_conn->tid, iscsi_conn)) {
> +			rsp_bhs->status_class = ISCSI_STATUS_CLS_INITIATOR_ERR;
> +			rsp_bhs->status_detail = ISCSI_LOGIN_STATUS_TGT_NOT_FOUND;
> +			iscsi_conn->state = STATE_EXIT;
> +			return;
> +		}
> +
>  		if (isns_scn_access(iscsi_conn->tid, name)) {
>  			rsp_bhs->status_class = ISCSI_STATUS_CLS_INITIATOR_ERR;
>  			rsp_bhs->status_detail = ISCSI_LOGIN_STATUS_TGT_NOT_FOUND;
> diff -uprN tgt-1.0.16/usr/iscsi/target.c tgt-1.0.16-ho/usr/iscsi/target.c
> --- tgt-1.0.16/usr/iscsi/target.c	2011-05-01 17:29:56.000000000 +0900
> +++ tgt-1.0.16-ho/usr/iscsi/target.c	2011-06-15 15:10:17.000000000 +0900
> @@ -188,6 +188,40 @@ int ip_acl(int tid, struct iscsi_connect
>  	}
>  	return -EPERM;
>  }
> +
> +static int iqn_match(struct iscsi_connection *conn, char *name)
> +{
> +	int err = 1;
> +
> +	if (!strcmp(conn->initiator, name))
> +		err = 0;
> +
> +	return err;
> +}

Hmm, why not?

static int iqn_match(struct iscsi_connection *conn, char *name)
{
	return strcmp(conn->initiator, name);
}


The rest looks ok but please update doc/tgtadm.8.xml too.

Can you send the updated patch with your Signed-off-by and the proper
patch description?

If you are not familiar with the Linux kernel development style,
please read the following doc:

http://sourceforge.jp/projects/linuxjf/wiki/SubmittingPatches
--
To unsubscribe from this list: send the line "unsubscribe stgt" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

More information about the stgt mailing list