[PATCH 2/2] iscsi-target: Implement hide_from_unauthorized logic

[Thomas Glanzmann <thomas@xxxxxxxxxxxx>]

If hide_from_unauthorized=1 and generate_node_acls=0 (demo mode dislabed) do not
return TargetName+TargetAddress unless a NodeACL exists.

Signed-off-by: Thomas Glanzmann <thomas@xxxxxxxxxxxx>
---
 drivers/target/iscsi/iscsi_target.c |   39 +++++++++++++++++++++++++++--------
 drivers/target/target_core_tpg.c    |    1 +
 2 files changed, 31 insertions(+), 9 deletions(-)

diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c
index 35b61f7..8e1b3ff 100644
--- a/drivers/target/iscsi/iscsi_target.c
+++ b/drivers/target/iscsi/iscsi_target.c
@@ -3369,6 +3369,7 @@ static int iscsit_build_sendtargets_response(struct iscsi_cmd *cmd)
 	struct iscsi_tiqn *tiqn;
 	struct iscsi_tpg_np *tpg_np;
 	int buffer_len, end_of_buf = 0, len = 0, payload_len = 0;
+	int target_name_printed;
 	unsigned char buf[ISCSI_IQN_LEN+12]; /* iqn + "TargetName=" + \0 */
 	unsigned char *text_in = cmd->text_in_ptr, *text_ptr = NULL;
 
@@ -3406,19 +3407,23 @@ static int iscsit_build_sendtargets_response(struct iscsi_cmd *cmd)
 			continue;
 		}
 
-		len = sprintf(buf, "TargetName=%s", tiqn->tiqn);
-		len += 1;
-
-		if ((len + payload_len) > buffer_len) {
-			end_of_buf = 1;
-			goto eob;
-		}
-		memcpy(payload + payload_len, buf, len);
-		payload_len += len;
+                target_name_printed = 0;
 
 		spin_lock(&tiqn->tiqn_tpg_lock);
 		list_for_each_entry(tpg, &tiqn->tiqn_tpg_list, tpg_list) {
 
+                        /* If hide_from_unauthorized and generate_node_acls=0
+                         * (demo mode dislabed) do not return
+                         * TargetName+TargetAddress unless a NodeACL exists.
+                         */
+
+                        if ((tpg->tpg_attrib.generate_node_acls == 0)
+                         && (tpg->tpg_attrib.hide_from_unauthorized == 1)
+                         && (! core_tpg_get_initiator_node_acl(&tpg->tpg_se_tpg,
+                             cmd->conn->sess->sess_ops->InitiatorName))) {
+                                continue;
+                        }
+
 			spin_lock(&tpg->tpg_state_lock);
 			if ((tpg->tpg_state == TPG_STATE_FREE) ||
 			    (tpg->tpg_state == TPG_STATE_INACTIVE)) {
@@ -3433,6 +3438,22 @@ static int iscsit_build_sendtargets_response(struct iscsi_cmd *cmd)
 				struct iscsi_np *np = tpg_np->tpg_np;
 				bool inaddr_any = iscsit_check_inaddr_any(np);
 
+                                if (! target_name_printed) {
+                                        len = sprintf(buf, "TargetName=%s",
+                                                tiqn->tiqn);
+                                        len += 1;
+
+                                        if ((len + payload_len) > buffer_len) {
+                                                spin_unlock(&tpg->tpg_np_lock);
+                                                spin_unlock(&tiqn->tiqn_tpg_lock);
+                                                end_of_buf = 1;
+                                                goto eob;
+                                        }
+                                        memcpy(payload + payload_len, buf, len);
+                                        payload_len += len;
+                                        target_name_printed = 1;
+                                }
+
 				len = sprintf(buf, "TargetAddress="
 					"%s:%hu,%hu",
 					(inaddr_any == false) ?
diff --git a/drivers/target/target_core_tpg.c b/drivers/target/target_core_tpg.c
index b9a6ec0..ec99220 100644
--- a/drivers/target/target_core_tpg.c
+++ b/drivers/target/target_core_tpg.c
@@ -116,6 +116,7 @@ struct se_node_acl *core_tpg_get_initiator_node_acl(
 
 	return acl;
 }
+EXPORT_SYMBOL(core_tpg_get_initiator_node_acl);
 
 /*	core_tpg_add_node_to_devs():
  *
-- 
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe target-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html