Re: CHAP doesn't work as expected ?! Or user error :) ?

Chandra Seetharaman <sekharan@xxxxxxxxxx> · Mon, 22 Feb 2010 16:04:57 -0800

Applied the patch to the latest RHEL 5.4 errata. Applied cleanly.

Tested it to be working fine (I bound the user as you bound it with the
bind command).

I have one question though. How do I specify it in targets.conf ?

Thanks

chandra
On Fri, 2010-02-19 at 11:36 +0900, FUJITA Tomonori wrote:
> On Wed, 17 Feb 2010 14:13:41 +0900
> FUJITA Tomonori <fujita.tomonori@xxxxxxxxxxxxx> wrote:
> 
> > Seems that stgt@xxxxxxxxxxxxxxx dropped this mail due to attachment.
> > 
> > On Tue, 16 Feb 2010 10:47:11 -0800
> > Chandra Seetharaman <sekharan@xxxxxxxxxx> wrote:
> > 
> > > On Tue, 2010-02-16 at 10:38 +0900, FUJITA Tomonori wrote:
> > > > Hey,
> > > > 
> > > > On Mon, 15 Feb 2010 11:46:51 -0800
> > > > Chandra Seetharaman <sekharan@xxxxxxxxxx> wrote:
> > > > 
> > > > > I just started testing some of the features of stgt.
> > > > > 
> > > > > While trying stgt, realized that stgt provides the option of "CHAP" or
> > > > > "None" to the initiator. open-iscsi SW initiator chooses the lower
> > > > > "None", thereby it ends up not using the CHAP that I specified for the
> > > > > target in stgt.
> > > > > 
> > > > > How do I tell stgt to _not_ provide "None" as an option ? IOW, makes
> > > > > sure CHAP _is_ used by the initiator ?
> > > > 
> > > > Are you taking about a discovery or normal session?
> > > 
> > > Discovery session.
> > 
> > Ah, stgt doesn't support Discovery session authentication (like IET).
> > 
> > Do you need this feature? If so, I can implement it (some time this
> > month probably).
> 
> Ok, here's a patch. It's hacky a bit though.
> 
> root@rose:~/git/tgt# ./usr/tgtadm --op show --mode sys
> System:
>     State: ready
> iSNS:
>     iSNS=Off
>     iSNSServerIP=
>     iSNSServerPort=3205
>     iSNSAccessControl=Off
> 
> 
> root@rose:~/git/tgt# ./usr/tgtadm --op new --mode account --user fujita --password tomo
> root@rose:~/git/tgt# ./usr/tgtadm --op bind --mode account --user fujita
> root@rose:~/git/tgt# ./usr/tgtadm --op show --mode sys
> System:
>     State: ready
> Account information:
>     fujita
> iSNS:
>     iSNS=Off
>     iSNSServerIP=
>     iSNSServerPort=3205
>     iSNSAccessControl=Off
> 
> 
> =
> From: FUJITA Tomonori <fujita.tomonori@xxxxxxxxxxxxx>
> Subject: [PATCH] add discovery authentication support
> 
> Signed-off-by: FUJITA Tomonori <fujita.tomonori@xxxxxxxxxxxxx>
> ---
>  usr/iscsi/iscsid.c |    4 ++++
>  usr/target.c       |   44 +++++++++++++++++++++++++++++++++++++++++---
>  usr/tgtadm.c       |   12 ++++--------
>  usr/tgtadm.h       |    2 ++
>  4 files changed, 51 insertions(+), 11 deletions(-)
> 
> diff --git a/usr/iscsi/iscsid.c b/usr/iscsi/iscsid.c
> index 2adc6a8..2ceb8be 100644
> --- a/usr/iscsi/iscsid.c
> +++ b/usr/iscsi/iscsid.c
> @@ -38,6 +38,7 @@
>  #include "util.h"
>  #include "driver.h"
>  #include "scsi.h"
> +#include "tgtadm.h"
>  #include "crc32c.h"
> 
>  #define MAX_QUEUE_CMD	128
> @@ -467,6 +468,9 @@ static void login_start(struct iscsi_connection *conn)
>  		}
>  	}
> 
> +	if (conn->session_type == SESSION_DISCOVERY)
> +		conn->tid = GLOBAL_TID;
> +
>  	if (conn->session_type == SESSION_NORMAL) {
>  		if (!target_name) {
>  			rsp->status_class = ISCSI_STATUS_CLS_INITIATOR_ERR;
> diff --git a/usr/target.c b/usr/target.c
> index c848757..60e3179 100644
> --- a/usr/target.c
> +++ b/usr/target.c
> @@ -42,6 +42,8 @@
> 
>  static LIST_HEAD(device_type_list);
> 
> +static struct target global_target;
> +
>  int device_type_register(struct device_type_template *t)
>  {
>  	list_add_tail(&t->device_type_siblings, &device_type_list);
> @@ -1165,7 +1167,10 @@ int account_lookup(int tid, int type, char *user, int ulen, char *password, int
>  	struct target *target;
>  	struct account_entry *ac;
> 
> -	target = target_lookup(tid);
> +	if (tid == GLOBAL_TID)
> +		target = &global_target;
> +	else
> +		target = target_lookup(tid);
>  	if (!target)
>  		return -ENOENT;
> 
> @@ -1272,7 +1277,10 @@ int account_ctl(int tid, int type, char *user, int bind)
>  	struct account_entry *ac;
>  	int i, err = 0;
> 
> -	target = target_lookup(tid);
> +	if (tid == GLOBAL_TID)
> +		target = &global_target;
> +	else
> +		target = target_lookup(tid);
>  	if (!target)
>  		return TGTADM_NO_TARGET;
> 
> @@ -1323,6 +1331,9 @@ void account_del(char *user)
>  		account_ctl(target->tid, ACCOUNT_TYPE_OUTGOING, ac->user, 0);
>  	}
> 
> +	account_ctl(GLOBAL_TID, ACCOUNT_TYPE_INCOMING, ac->user, 0);
> +	account_ctl(GLOBAL_TID, ACCOUNT_TYPE_OUTGOING, ac->user, 0);
> +
>  	list_del(&ac->account_siblings);
>  	free(ac->user);
>  	free(ac->password);
> @@ -1333,7 +1344,10 @@ int account_available(int tid, int dir)
>  {
>  	struct target *target;
> 
> -	target = target_lookup(tid);
> +	if (tid == GLOBAL_TID)
> +		target = &global_target;
> +	else
> +		target = target_lookup(tid);
>  	if (!target)
>  		return 0;
> 
> @@ -1869,6 +1883,17 @@ int system_show(int mode, char *buf, int rest)
>  	shprintf(total, buf, rest, _TAB1 "State: %s\n",
>  		 system_state_name(sys_state));
> 
> +	if (global_target.account.nr_inaccount) {
> +		int i, aid;
> +		shprintf(total, buf, rest,
> +			 "Account information:\n");
> +		for (i = 0; i < global_target.account.nr_inaccount; i++) {
> +			aid = global_target.account.in_aids[i];
> +			shprintf(total, buf, rest, _TAB1 "%s\n",
> +				 __account_lookup_id(aid)->user);
> +		}
> +	}
> +
>  	return total;
>  overflow:
>  	return max;
> @@ -1883,3 +1908,16 @@ int is_system_inactive(void)
>  {
>  	return list_empty(&target_list);
>  }
> +
> +__attribute__((constructor)) static void target_constructor(void)
> +{
> +	static int global_target_aids[DEFAULT_NR_ACCOUNT];
> +
> +	memset(global_target_aids, 0, sizeof(global_target_aids));
> +	global_target.account.in_aids = global_target_aids;
> +	global_target.account.max_inaccount = DEFAULT_NR_ACCOUNT;
> +
> +	global_target.tid = GLOBAL_TID;
> +
> +	INIT_LIST_HEAD(&global_target.acl_list);
> +}
> diff --git a/usr/tgtadm.c b/usr/tgtadm.c
> index dd46985..5d85c5f 100644
> --- a/usr/tgtadm.c
> +++ b/usr/tgtadm.c
> @@ -647,10 +647,8 @@ int main(int argc, char **argv)
>  				eprintf("'user' option is necessary\n");
>  				exit(EINVAL);
>  			}
> -			if (tid <= 0) {
> -				eprintf("'tid' option is necessary\n");
> -				exit(EINVAL);
> -			}
> +			if (tid == -1)
> +				tid = GLOBAL_TID;
>  			break;
>  		case OP_UNBIND:
>  			rc = verify_mode_params(argc, argv, "Lmou");
> @@ -663,10 +661,8 @@ int main(int argc, char **argv)
>  				eprintf("'user' option is necessary\n");
>  				exit(EINVAL);
>  			}
> -			if (tid <= 0) {
> -				eprintf("'tid' option is necessary\n");
> -				exit(EINVAL);
> -			}
> +			if (tid == -1)
> +				tid = GLOBAL_TID;
>  			break;
>  		default:
>  			eprintf("option %d not supported in account mode\n", op);
> diff --git a/usr/tgtadm.h b/usr/tgtadm.h
> index 60b984d..8e04a3c 100644
> --- a/usr/tgtadm.h
> +++ b/usr/tgtadm.h
> @@ -4,6 +4,8 @@
>  #define TGT_IPC_NAMESPACE	"/tmp/.TGT_IPC_ABSTRACT_NAMESPACE"
>  #define TGT_LLD_NAME_LEN	64
> 
> +#define GLOBAL_TID (~0U)
> +
>  #include "tgtadm_error.h"
> 
>  enum tgtadm_op {

--
To unsubscribe from this list: send the line "unsubscribe stgt" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html