Commit | Line | Data |
---|---|---|
e48354ce NB |
1 | /******************************************************************************* |
2 | * This file contains main functions related to iSCSI Parameter negotiation. | |
3 | * | |
4 | * \u00a9 Copyright 2007-2011 RisingTide Systems LLC. | |
5 | * | |
6 | * Licensed to the Linux Foundation under the General Public License (GPL) version 2. | |
7 | * | |
8 | * Author: Nicholas A. Bellinger <nab@linux-iscsi.org> | |
9 | * | |
10 | * This program is free software; you can redistribute it and/or modify | |
11 | * it under the terms of the GNU General Public License as published by | |
12 | * the Free Software Foundation; either version 2 of the License, or | |
13 | * (at your option) any later version. | |
14 | * | |
15 | * This program is distributed in the hope that it will be useful, | |
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
18 | * GNU General Public License for more details. | |
19 | ******************************************************************************/ | |
20 | ||
21 | #include <linux/ctype.h> | |
22 | #include <scsi/iscsi_proto.h> | |
23 | #include <target/target_core_base.h> | |
c4795fb2 | 24 | #include <target/target_core_fabric.h> |
e48354ce NB |
25 | |
26 | #include "iscsi_target_core.h" | |
27 | #include "iscsi_target_parameters.h" | |
28 | #include "iscsi_target_login.h" | |
29 | #include "iscsi_target_nego.h" | |
30 | #include "iscsi_target_tpg.h" | |
31 | #include "iscsi_target_util.h" | |
32 | #include "iscsi_target.h" | |
33 | #include "iscsi_target_auth.h" | |
34 | ||
35 | #define MAX_LOGIN_PDUS 7 | |
36 | #define TEXT_LEN 4096 | |
37 | ||
38 | void convert_null_to_semi(char *buf, int len) | |
39 | { | |
40 | int i; | |
41 | ||
42 | for (i = 0; i < len; i++) | |
43 | if (buf[i] == '\0') | |
44 | buf[i] = ';'; | |
45 | } | |
46 | ||
47 | int strlen_semi(char *buf) | |
48 | { | |
49 | int i = 0; | |
50 | ||
51 | while (buf[i] != '\0') { | |
52 | if (buf[i] == ';') | |
53 | return i; | |
54 | i++; | |
55 | } | |
56 | ||
57 | return -1; | |
58 | } | |
59 | ||
60 | int extract_param( | |
61 | const char *in_buf, | |
62 | const char *pattern, | |
63 | unsigned int max_length, | |
64 | char *out_buf, | |
65 | unsigned char *type) | |
66 | { | |
67 | char *ptr; | |
68 | int len; | |
69 | ||
70 | if (!in_buf || !pattern || !out_buf || !type) | |
71 | return -1; | |
72 | ||
73 | ptr = strstr(in_buf, pattern); | |
74 | if (!ptr) | |
75 | return -1; | |
76 | ||
77 | ptr = strstr(ptr, "="); | |
78 | if (!ptr) | |
79 | return -1; | |
80 | ||
81 | ptr += 1; | |
82 | if (*ptr == '0' && (*(ptr+1) == 'x' || *(ptr+1) == 'X')) { | |
83 | ptr += 2; /* skip 0x */ | |
84 | *type = HEX; | |
85 | } else | |
86 | *type = DECIMAL; | |
87 | ||
88 | len = strlen_semi(ptr); | |
89 | if (len < 0) | |
90 | return -1; | |
91 | ||
92 | if (len > max_length) { | |
5e58b029 | 93 | pr_err("Length of input: %d exceeds max_length:" |
e48354ce NB |
94 | " %d\n", len, max_length); |
95 | return -1; | |
96 | } | |
97 | memcpy(out_buf, ptr, len); | |
98 | out_buf[len] = '\0'; | |
99 | ||
100 | return 0; | |
101 | } | |
102 | ||
103 | static u32 iscsi_handle_authentication( | |
104 | struct iscsi_conn *conn, | |
105 | char *in_buf, | |
106 | char *out_buf, | |
107 | int in_length, | |
108 | int *out_length, | |
109 | unsigned char *authtype) | |
110 | { | |
111 | struct iscsi_session *sess = conn->sess; | |
112 | struct iscsi_node_auth *auth; | |
113 | struct iscsi_node_acl *iscsi_nacl; | |
114 | struct se_node_acl *se_nacl; | |
115 | ||
116 | if (!sess->sess_ops->SessionType) { | |
117 | /* | |
118 | * For SessionType=Normal | |
119 | */ | |
120 | se_nacl = conn->sess->se_sess->se_node_acl; | |
121 | if (!se_nacl) { | |
122 | pr_err("Unable to locate struct se_node_acl for" | |
123 | " CHAP auth\n"); | |
124 | return -1; | |
125 | } | |
126 | iscsi_nacl = container_of(se_nacl, struct iscsi_node_acl, | |
127 | se_node_acl); | |
128 | if (!iscsi_nacl) { | |
129 | pr_err("Unable to locate struct iscsi_node_acl for" | |
130 | " CHAP auth\n"); | |
131 | return -1; | |
132 | } | |
133 | ||
134 | auth = ISCSI_NODE_AUTH(iscsi_nacl); | |
135 | } else { | |
136 | /* | |
137 | * For SessionType=Discovery | |
138 | */ | |
139 | auth = &iscsit_global->discovery_acl.node_auth; | |
140 | } | |
141 | ||
142 | if (strstr("CHAP", authtype)) | |
143 | strcpy(conn->sess->auth_type, "CHAP"); | |
144 | else | |
145 | strcpy(conn->sess->auth_type, NONE); | |
146 | ||
147 | if (strstr("None", authtype)) | |
148 | return 1; | |
149 | #ifdef CANSRP | |
150 | else if (strstr("SRP", authtype)) | |
151 | return srp_main_loop(conn, auth, in_buf, out_buf, | |
152 | &in_length, out_length); | |
153 | #endif | |
154 | else if (strstr("CHAP", authtype)) | |
155 | return chap_main_loop(conn, auth, in_buf, out_buf, | |
156 | &in_length, out_length); | |
157 | else if (strstr("SPKM1", authtype)) | |
158 | return 2; | |
159 | else if (strstr("SPKM2", authtype)) | |
160 | return 2; | |
161 | else if (strstr("KRB5", authtype)) | |
162 | return 2; | |
163 | else | |
164 | return 2; | |
165 | } | |
166 | ||
167 | static void iscsi_remove_failed_auth_entry(struct iscsi_conn *conn) | |
168 | { | |
169 | kfree(conn->auth_protocol); | |
170 | } | |
171 | ||
172 | static int iscsi_target_check_login_request( | |
173 | struct iscsi_conn *conn, | |
174 | struct iscsi_login *login) | |
175 | { | |
176 | int req_csg, req_nsg, rsp_csg, rsp_nsg; | |
177 | u32 payload_length; | |
178 | struct iscsi_login_req *login_req; | |
179 | struct iscsi_login_rsp *login_rsp; | |
180 | ||
181 | login_req = (struct iscsi_login_req *) login->req; | |
182 | login_rsp = (struct iscsi_login_rsp *) login->rsp; | |
183 | payload_length = ntoh24(login_req->dlength); | |
184 | ||
185 | switch (login_req->opcode & ISCSI_OPCODE_MASK) { | |
186 | case ISCSI_OP_LOGIN: | |
187 | break; | |
188 | default: | |
189 | pr_err("Received unknown opcode 0x%02x.\n", | |
190 | login_req->opcode & ISCSI_OPCODE_MASK); | |
191 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, | |
192 | ISCSI_LOGIN_STATUS_INIT_ERR); | |
193 | return -1; | |
194 | } | |
195 | ||
196 | if ((login_req->flags & ISCSI_FLAG_LOGIN_CONTINUE) && | |
197 | (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) { | |
198 | pr_err("Login request has both ISCSI_FLAG_LOGIN_CONTINUE" | |
199 | " and ISCSI_FLAG_LOGIN_TRANSIT set, protocol error.\n"); | |
200 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, | |
201 | ISCSI_LOGIN_STATUS_INIT_ERR); | |
202 | return -1; | |
203 | } | |
204 | ||
205 | req_csg = (login_req->flags & ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK) >> 2; | |
206 | rsp_csg = (login_rsp->flags & ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK) >> 2; | |
207 | req_nsg = (login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE_MASK); | |
208 | rsp_nsg = (login_rsp->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE_MASK); | |
209 | ||
210 | if (req_csg != login->current_stage) { | |
211 | pr_err("Initiator unexpectedly changed login stage" | |
212 | " from %d to %d, login failed.\n", login->current_stage, | |
213 | req_csg); | |
214 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, | |
215 | ISCSI_LOGIN_STATUS_INIT_ERR); | |
216 | return -1; | |
217 | } | |
218 | ||
219 | if ((req_nsg == 2) || (req_csg >= 2) || | |
220 | ((login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT) && | |
221 | (req_nsg <= req_csg))) { | |
222 | pr_err("Illegal login_req->flags Combination, CSG: %d," | |
223 | " NSG: %d, ISCSI_FLAG_LOGIN_TRANSIT: %d.\n", req_csg, | |
224 | req_nsg, (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)); | |
225 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, | |
226 | ISCSI_LOGIN_STATUS_INIT_ERR); | |
227 | return -1; | |
228 | } | |
229 | ||
230 | if ((login_req->max_version != login->version_max) || | |
231 | (login_req->min_version != login->version_min)) { | |
232 | pr_err("Login request changed Version Max/Nin" | |
233 | " unexpectedly to 0x%02x/0x%02x, protocol error\n", | |
234 | login_req->max_version, login_req->min_version); | |
235 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, | |
236 | ISCSI_LOGIN_STATUS_INIT_ERR); | |
237 | return -1; | |
238 | } | |
239 | ||
240 | if (memcmp(login_req->isid, login->isid, 6) != 0) { | |
241 | pr_err("Login request changed ISID unexpectedly," | |
242 | " protocol error.\n"); | |
243 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, | |
244 | ISCSI_LOGIN_STATUS_INIT_ERR); | |
245 | return -1; | |
246 | } | |
247 | ||
248 | if (login_req->itt != login->init_task_tag) { | |
249 | pr_err("Login request changed ITT unexpectedly to" | |
250 | " 0x%08x, protocol error.\n", login_req->itt); | |
251 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, | |
252 | ISCSI_LOGIN_STATUS_INIT_ERR); | |
253 | return -1; | |
254 | } | |
255 | ||
256 | if (payload_length > MAX_KEY_VALUE_PAIRS) { | |
257 | pr_err("Login request payload exceeds default" | |
258 | " MaxRecvDataSegmentLength: %u, protocol error.\n", | |
259 | MAX_KEY_VALUE_PAIRS); | |
260 | return -1; | |
261 | } | |
262 | ||
263 | return 0; | |
264 | } | |
265 | ||
266 | static int iscsi_target_check_first_request( | |
267 | struct iscsi_conn *conn, | |
268 | struct iscsi_login *login) | |
269 | { | |
270 | struct iscsi_param *param = NULL; | |
271 | struct se_node_acl *se_nacl; | |
272 | ||
273 | login->first_request = 0; | |
274 | ||
275 | list_for_each_entry(param, &conn->param_list->param_list, p_list) { | |
276 | if (!strncmp(param->name, SESSIONTYPE, 11)) { | |
277 | if (!IS_PSTATE_ACCEPTOR(param)) { | |
278 | pr_err("SessionType key not received" | |
279 | " in first login request.\n"); | |
280 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, | |
281 | ISCSI_LOGIN_STATUS_MISSING_FIELDS); | |
282 | return -1; | |
283 | } | |
284 | if (!strncmp(param->value, DISCOVERY, 9)) | |
285 | return 0; | |
286 | } | |
287 | ||
288 | if (!strncmp(param->name, INITIATORNAME, 13)) { | |
289 | if (!IS_PSTATE_ACCEPTOR(param)) { | |
290 | if (!login->leading_connection) | |
291 | continue; | |
292 | ||
293 | pr_err("InitiatorName key not received" | |
294 | " in first login request.\n"); | |
295 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, | |
296 | ISCSI_LOGIN_STATUS_MISSING_FIELDS); | |
297 | return -1; | |
298 | } | |
299 | ||
300 | /* | |
301 | * For non-leading connections, double check that the | |
302 | * received InitiatorName matches the existing session's | |
303 | * struct iscsi_node_acl. | |
304 | */ | |
305 | if (!login->leading_connection) { | |
306 | se_nacl = conn->sess->se_sess->se_node_acl; | |
307 | if (!se_nacl) { | |
308 | pr_err("Unable to locate" | |
309 | " struct se_node_acl\n"); | |
310 | iscsit_tx_login_rsp(conn, | |
311 | ISCSI_STATUS_CLS_INITIATOR_ERR, | |
312 | ISCSI_LOGIN_STATUS_TGT_NOT_FOUND); | |
313 | return -1; | |
314 | } | |
315 | ||
316 | if (strcmp(param->value, | |
317 | se_nacl->initiatorname)) { | |
318 | pr_err("Incorrect" | |
319 | " InitiatorName: %s for this" | |
320 | " iSCSI Initiator Node.\n", | |
321 | param->value); | |
322 | iscsit_tx_login_rsp(conn, | |
323 | ISCSI_STATUS_CLS_INITIATOR_ERR, | |
324 | ISCSI_LOGIN_STATUS_TGT_NOT_FOUND); | |
325 | return -1; | |
326 | } | |
327 | } | |
328 | } | |
329 | } | |
330 | ||
331 | return 0; | |
332 | } | |
333 | ||
334 | static int iscsi_target_do_tx_login_io(struct iscsi_conn *conn, struct iscsi_login *login) | |
335 | { | |
336 | u32 padding = 0; | |
337 | struct iscsi_session *sess = conn->sess; | |
338 | struct iscsi_login_rsp *login_rsp; | |
339 | ||
340 | login_rsp = (struct iscsi_login_rsp *) login->rsp; | |
341 | ||
342 | login_rsp->opcode = ISCSI_OP_LOGIN_RSP; | |
343 | hton24(login_rsp->dlength, login->rsp_length); | |
344 | memcpy(login_rsp->isid, login->isid, 6); | |
345 | login_rsp->tsih = cpu_to_be16(login->tsih); | |
346 | login_rsp->itt = cpu_to_be32(login->init_task_tag); | |
347 | login_rsp->statsn = cpu_to_be32(conn->stat_sn++); | |
348 | login_rsp->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn); | |
349 | login_rsp->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn); | |
350 | ||
351 | pr_debug("Sending Login Response, Flags: 0x%02x, ITT: 0x%08x," | |
352 | " ExpCmdSN; 0x%08x, MaxCmdSN: 0x%08x, StatSN: 0x%08x, Length:" | |
353 | " %u\n", login_rsp->flags, ntohl(login_rsp->itt), | |
354 | ntohl(login_rsp->exp_cmdsn), ntohl(login_rsp->max_cmdsn), | |
355 | ntohl(login_rsp->statsn), login->rsp_length); | |
356 | ||
357 | padding = ((-login->rsp_length) & 3); | |
358 | ||
359 | if (iscsi_login_tx_data( | |
360 | conn, | |
361 | login->rsp, | |
362 | login->rsp_buf, | |
363 | login->rsp_length + padding) < 0) | |
364 | return -1; | |
365 | ||
366 | login->rsp_length = 0; | |
367 | login_rsp->tsih = be16_to_cpu(login_rsp->tsih); | |
368 | login_rsp->itt = be32_to_cpu(login_rsp->itt); | |
369 | login_rsp->statsn = be32_to_cpu(login_rsp->statsn); | |
370 | mutex_lock(&sess->cmdsn_mutex); | |
371 | login_rsp->exp_cmdsn = be32_to_cpu(sess->exp_cmd_sn); | |
372 | login_rsp->max_cmdsn = be32_to_cpu(sess->max_cmd_sn); | |
373 | mutex_unlock(&sess->cmdsn_mutex); | |
374 | ||
375 | return 0; | |
376 | } | |
377 | ||
378 | static int iscsi_target_do_rx_login_io(struct iscsi_conn *conn, struct iscsi_login *login) | |
379 | { | |
380 | u32 padding = 0, payload_length; | |
381 | struct iscsi_login_req *login_req; | |
382 | ||
383 | if (iscsi_login_rx_data(conn, login->req, ISCSI_HDR_LEN) < 0) | |
384 | return -1; | |
385 | ||
386 | login_req = (struct iscsi_login_req *) login->req; | |
387 | payload_length = ntoh24(login_req->dlength); | |
388 | login_req->tsih = be16_to_cpu(login_req->tsih); | |
389 | login_req->itt = be32_to_cpu(login_req->itt); | |
390 | login_req->cid = be16_to_cpu(login_req->cid); | |
391 | login_req->cmdsn = be32_to_cpu(login_req->cmdsn); | |
392 | login_req->exp_statsn = be32_to_cpu(login_req->exp_statsn); | |
393 | ||
394 | pr_debug("Got Login Command, Flags 0x%02x, ITT: 0x%08x," | |
395 | " CmdSN: 0x%08x, ExpStatSN: 0x%08x, CID: %hu, Length: %u\n", | |
396 | login_req->flags, login_req->itt, login_req->cmdsn, | |
397 | login_req->exp_statsn, login_req->cid, payload_length); | |
398 | ||
399 | if (iscsi_target_check_login_request(conn, login) < 0) | |
400 | return -1; | |
401 | ||
402 | padding = ((-payload_length) & 3); | |
403 | memset(login->req_buf, 0, MAX_KEY_VALUE_PAIRS); | |
404 | ||
405 | if (iscsi_login_rx_data( | |
406 | conn, | |
407 | login->req_buf, | |
408 | payload_length + padding) < 0) | |
409 | return -1; | |
410 | ||
411 | return 0; | |
412 | } | |
413 | ||
414 | static int iscsi_target_do_login_io(struct iscsi_conn *conn, struct iscsi_login *login) | |
415 | { | |
416 | if (iscsi_target_do_tx_login_io(conn, login) < 0) | |
417 | return -1; | |
418 | ||
419 | if (iscsi_target_do_rx_login_io(conn, login) < 0) | |
420 | return -1; | |
421 | ||
422 | return 0; | |
423 | } | |
424 | ||
425 | static int iscsi_target_get_initial_payload( | |
426 | struct iscsi_conn *conn, | |
427 | struct iscsi_login *login) | |
428 | { | |
429 | u32 padding = 0, payload_length; | |
430 | struct iscsi_login_req *login_req; | |
431 | ||
432 | login_req = (struct iscsi_login_req *) login->req; | |
433 | payload_length = ntoh24(login_req->dlength); | |
434 | ||
435 | pr_debug("Got Login Command, Flags 0x%02x, ITT: 0x%08x," | |
436 | " CmdSN: 0x%08x, ExpStatSN: 0x%08x, Length: %u\n", | |
437 | login_req->flags, login_req->itt, login_req->cmdsn, | |
438 | login_req->exp_statsn, payload_length); | |
439 | ||
440 | if (iscsi_target_check_login_request(conn, login) < 0) | |
441 | return -1; | |
442 | ||
443 | padding = ((-payload_length) & 3); | |
444 | ||
445 | if (iscsi_login_rx_data( | |
446 | conn, | |
447 | login->req_buf, | |
448 | payload_length + padding) < 0) | |
449 | return -1; | |
450 | ||
451 | return 0; | |
452 | } | |
453 | ||
454 | /* | |
455 | * NOTE: We check for existing sessions or connections AFTER the initiator | |
456 | * has been successfully authenticated in order to protect against faked | |
457 | * ISID/TSIH combinations. | |
458 | */ | |
459 | static int iscsi_target_check_for_existing_instances( | |
460 | struct iscsi_conn *conn, | |
461 | struct iscsi_login *login) | |
462 | { | |
463 | if (login->checked_for_existing) | |
464 | return 0; | |
465 | ||
466 | login->checked_for_existing = 1; | |
467 | ||
468 | if (!login->tsih) | |
469 | return iscsi_check_for_session_reinstatement(conn); | |
470 | else | |
471 | return iscsi_login_post_auth_non_zero_tsih(conn, login->cid, | |
472 | login->initial_exp_statsn); | |
473 | } | |
474 | ||
475 | static int iscsi_target_do_authentication( | |
476 | struct iscsi_conn *conn, | |
477 | struct iscsi_login *login) | |
478 | { | |
479 | int authret; | |
480 | u32 payload_length; | |
481 | struct iscsi_param *param; | |
482 | struct iscsi_login_req *login_req; | |
483 | struct iscsi_login_rsp *login_rsp; | |
484 | ||
485 | login_req = (struct iscsi_login_req *) login->req; | |
486 | login_rsp = (struct iscsi_login_rsp *) login->rsp; | |
487 | payload_length = ntoh24(login_req->dlength); | |
488 | ||
489 | param = iscsi_find_param_from_key(AUTHMETHOD, conn->param_list); | |
490 | if (!param) | |
491 | return -1; | |
492 | ||
493 | authret = iscsi_handle_authentication( | |
494 | conn, | |
495 | login->req_buf, | |
496 | login->rsp_buf, | |
497 | payload_length, | |
498 | &login->rsp_length, | |
499 | param->value); | |
500 | switch (authret) { | |
501 | case 0: | |
502 | pr_debug("Received OK response" | |
503 | " from LIO Authentication, continuing.\n"); | |
504 | break; | |
505 | case 1: | |
506 | pr_debug("iSCSI security negotiation" | |
bfb9035c | 507 | " completed successfully.\n"); |
e48354ce NB |
508 | login->auth_complete = 1; |
509 | if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE1) && | |
510 | (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) { | |
511 | login_rsp->flags |= (ISCSI_FLAG_LOGIN_NEXT_STAGE1 | | |
512 | ISCSI_FLAG_LOGIN_TRANSIT); | |
513 | login->current_stage = 1; | |
514 | } | |
515 | return iscsi_target_check_for_existing_instances( | |
516 | conn, login); | |
517 | case 2: | |
518 | pr_err("Security negotiation" | |
519 | " failed.\n"); | |
520 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, | |
521 | ISCSI_LOGIN_STATUS_AUTH_FAILED); | |
522 | return -1; | |
523 | default: | |
524 | pr_err("Received unknown error %d from LIO" | |
525 | " Authentication\n", authret); | |
526 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR, | |
527 | ISCSI_LOGIN_STATUS_TARGET_ERROR); | |
528 | return -1; | |
529 | } | |
530 | ||
531 | return 0; | |
532 | } | |
533 | ||
534 | static int iscsi_target_handle_csg_zero( | |
535 | struct iscsi_conn *conn, | |
536 | struct iscsi_login *login) | |
537 | { | |
538 | int ret; | |
539 | u32 payload_length; | |
540 | struct iscsi_param *param; | |
541 | struct iscsi_login_req *login_req; | |
542 | struct iscsi_login_rsp *login_rsp; | |
543 | ||
544 | login_req = (struct iscsi_login_req *) login->req; | |
545 | login_rsp = (struct iscsi_login_rsp *) login->rsp; | |
546 | payload_length = ntoh24(login_req->dlength); | |
547 | ||
548 | param = iscsi_find_param_from_key(AUTHMETHOD, conn->param_list); | |
549 | if (!param) | |
550 | return -1; | |
551 | ||
552 | ret = iscsi_decode_text_input( | |
553 | PHASE_SECURITY|PHASE_DECLARATIVE, | |
554 | SENDER_INITIATOR|SENDER_RECEIVER, | |
555 | login->req_buf, | |
556 | payload_length, | |
557 | conn->param_list); | |
558 | if (ret < 0) | |
559 | return -1; | |
560 | ||
561 | if (ret > 0) { | |
562 | if (login->auth_complete) { | |
563 | pr_err("Initiator has already been" | |
564 | " successfully authenticated, but is still" | |
565 | " sending %s keys.\n", param->value); | |
566 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, | |
567 | ISCSI_LOGIN_STATUS_INIT_ERR); | |
568 | return -1; | |
569 | } | |
570 | ||
571 | goto do_auth; | |
572 | } | |
573 | ||
574 | if (login->first_request) | |
575 | if (iscsi_target_check_first_request(conn, login) < 0) | |
576 | return -1; | |
577 | ||
578 | ret = iscsi_encode_text_output( | |
579 | PHASE_SECURITY|PHASE_DECLARATIVE, | |
580 | SENDER_TARGET, | |
581 | login->rsp_buf, | |
582 | &login->rsp_length, | |
583 | conn->param_list); | |
584 | if (ret < 0) | |
585 | return -1; | |
586 | ||
587 | if (!iscsi_check_negotiated_keys(conn->param_list)) { | |
588 | if (ISCSI_TPG_ATTRIB(ISCSI_TPG_C(conn))->authentication && | |
589 | !strncmp(param->value, NONE, 4)) { | |
590 | pr_err("Initiator sent AuthMethod=None but" | |
591 | " Target is enforcing iSCSI Authentication," | |
592 | " login failed.\n"); | |
593 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, | |
594 | ISCSI_LOGIN_STATUS_AUTH_FAILED); | |
595 | return -1; | |
596 | } | |
597 | ||
598 | if (ISCSI_TPG_ATTRIB(ISCSI_TPG_C(conn))->authentication && | |
599 | !login->auth_complete) | |
600 | return 0; | |
601 | ||
602 | if (strncmp(param->value, NONE, 4) && !login->auth_complete) | |
603 | return 0; | |
604 | ||
605 | if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE1) && | |
606 | (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) { | |
607 | login_rsp->flags |= ISCSI_FLAG_LOGIN_NEXT_STAGE1 | | |
608 | ISCSI_FLAG_LOGIN_TRANSIT; | |
609 | login->current_stage = 1; | |
610 | } | |
611 | } | |
612 | ||
613 | return 0; | |
614 | do_auth: | |
615 | return iscsi_target_do_authentication(conn, login); | |
616 | } | |
617 | ||
618 | static int iscsi_target_handle_csg_one(struct iscsi_conn *conn, struct iscsi_login *login) | |
619 | { | |
620 | int ret; | |
621 | u32 payload_length; | |
622 | struct iscsi_login_req *login_req; | |
623 | struct iscsi_login_rsp *login_rsp; | |
624 | ||
625 | login_req = (struct iscsi_login_req *) login->req; | |
626 | login_rsp = (struct iscsi_login_rsp *) login->rsp; | |
627 | payload_length = ntoh24(login_req->dlength); | |
628 | ||
629 | ret = iscsi_decode_text_input( | |
630 | PHASE_OPERATIONAL|PHASE_DECLARATIVE, | |
631 | SENDER_INITIATOR|SENDER_RECEIVER, | |
632 | login->req_buf, | |
633 | payload_length, | |
634 | conn->param_list); | |
635 | if (ret < 0) | |
636 | return -1; | |
637 | ||
638 | if (login->first_request) | |
639 | if (iscsi_target_check_first_request(conn, login) < 0) | |
640 | return -1; | |
641 | ||
642 | if (iscsi_target_check_for_existing_instances(conn, login) < 0) | |
643 | return -1; | |
644 | ||
645 | ret = iscsi_encode_text_output( | |
646 | PHASE_OPERATIONAL|PHASE_DECLARATIVE, | |
647 | SENDER_TARGET, | |
648 | login->rsp_buf, | |
649 | &login->rsp_length, | |
650 | conn->param_list); | |
651 | if (ret < 0) | |
652 | return -1; | |
653 | ||
654 | if (!login->auth_complete && | |
655 | ISCSI_TPG_ATTRIB(ISCSI_TPG_C(conn))->authentication) { | |
656 | pr_err("Initiator is requesting CSG: 1, has not been" | |
657 | " successfully authenticated, and the Target is" | |
658 | " enforcing iSCSI Authentication, login failed.\n"); | |
659 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, | |
660 | ISCSI_LOGIN_STATUS_AUTH_FAILED); | |
661 | return -1; | |
662 | } | |
663 | ||
664 | if (!iscsi_check_negotiated_keys(conn->param_list)) | |
665 | if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE3) && | |
666 | (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) | |
667 | login_rsp->flags |= ISCSI_FLAG_LOGIN_NEXT_STAGE3 | | |
668 | ISCSI_FLAG_LOGIN_TRANSIT; | |
669 | ||
670 | return 0; | |
671 | } | |
672 | ||
673 | static int iscsi_target_do_login(struct iscsi_conn *conn, struct iscsi_login *login) | |
674 | { | |
675 | int pdu_count = 0; | |
676 | struct iscsi_login_req *login_req; | |
677 | struct iscsi_login_rsp *login_rsp; | |
678 | ||
679 | login_req = (struct iscsi_login_req *) login->req; | |
680 | login_rsp = (struct iscsi_login_rsp *) login->rsp; | |
681 | ||
682 | while (1) { | |
683 | if (++pdu_count > MAX_LOGIN_PDUS) { | |
684 | pr_err("MAX_LOGIN_PDUS count reached.\n"); | |
685 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR, | |
686 | ISCSI_LOGIN_STATUS_TARGET_ERROR); | |
687 | return -1; | |
688 | } | |
689 | ||
690 | switch ((login_req->flags & ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK) >> 2) { | |
691 | case 0: | |
692 | login_rsp->flags |= (0 & ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK); | |
693 | if (iscsi_target_handle_csg_zero(conn, login) < 0) | |
694 | return -1; | |
695 | break; | |
696 | case 1: | |
697 | login_rsp->flags |= ISCSI_FLAG_LOGIN_CURRENT_STAGE1; | |
698 | if (iscsi_target_handle_csg_one(conn, login) < 0) | |
699 | return -1; | |
700 | if (login_rsp->flags & ISCSI_FLAG_LOGIN_TRANSIT) { | |
701 | login->tsih = conn->sess->tsih; | |
702 | if (iscsi_target_do_tx_login_io(conn, | |
703 | login) < 0) | |
704 | return -1; | |
705 | return 0; | |
706 | } | |
707 | break; | |
708 | default: | |
709 | pr_err("Illegal CSG: %d received from" | |
710 | " Initiator, protocol error.\n", | |
711 | (login_req->flags & ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK) | |
712 | >> 2); | |
713 | break; | |
714 | } | |
715 | ||
716 | if (iscsi_target_do_login_io(conn, login) < 0) | |
717 | return -1; | |
718 | ||
719 | if (login_rsp->flags & ISCSI_FLAG_LOGIN_TRANSIT) { | |
720 | login_rsp->flags &= ~ISCSI_FLAG_LOGIN_TRANSIT; | |
721 | login_rsp->flags &= ~ISCSI_FLAG_LOGIN_NEXT_STAGE_MASK; | |
722 | } | |
723 | } | |
724 | ||
725 | return 0; | |
726 | } | |
727 | ||
728 | static void iscsi_initiatorname_tolower( | |
729 | char *param_buf) | |
730 | { | |
731 | char *c; | |
732 | u32 iqn_size = strlen(param_buf), i; | |
733 | ||
734 | for (i = 0; i < iqn_size; i++) { | |
8359cf43 | 735 | c = ¶m_buf[i]; |
e48354ce NB |
736 | if (!isupper(*c)) |
737 | continue; | |
738 | ||
739 | *c = tolower(*c); | |
740 | } | |
741 | } | |
742 | ||
743 | /* | |
744 | * Processes the first Login Request.. | |
745 | */ | |
746 | static int iscsi_target_locate_portal( | |
747 | struct iscsi_np *np, | |
748 | struct iscsi_conn *conn, | |
749 | struct iscsi_login *login) | |
750 | { | |
751 | char *i_buf = NULL, *s_buf = NULL, *t_buf = NULL; | |
752 | char *tmpbuf, *start = NULL, *end = NULL, *key, *value; | |
753 | struct iscsi_session *sess = conn->sess; | |
754 | struct iscsi_tiqn *tiqn; | |
755 | struct iscsi_login_req *login_req; | |
756 | struct iscsi_targ_login_rsp *login_rsp; | |
757 | u32 payload_length; | |
758 | int sessiontype = 0, ret = 0; | |
759 | ||
760 | login_req = (struct iscsi_login_req *) login->req; | |
761 | login_rsp = (struct iscsi_targ_login_rsp *) login->rsp; | |
762 | payload_length = ntoh24(login_req->dlength); | |
763 | ||
764 | login->first_request = 1; | |
765 | login->leading_connection = (!login_req->tsih) ? 1 : 0; | |
766 | login->current_stage = | |
767 | (login_req->flags & ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK) >> 2; | |
768 | login->version_min = login_req->min_version; | |
769 | login->version_max = login_req->max_version; | |
770 | memcpy(login->isid, login_req->isid, 6); | |
771 | login->cmd_sn = login_req->cmdsn; | |
772 | login->init_task_tag = login_req->itt; | |
773 | login->initial_exp_statsn = login_req->exp_statsn; | |
774 | login->cid = login_req->cid; | |
775 | login->tsih = login_req->tsih; | |
776 | ||
777 | if (iscsi_target_get_initial_payload(conn, login) < 0) | |
778 | return -1; | |
779 | ||
780 | tmpbuf = kzalloc(payload_length + 1, GFP_KERNEL); | |
781 | if (!tmpbuf) { | |
782 | pr_err("Unable to allocate memory for tmpbuf.\n"); | |
783 | return -1; | |
784 | } | |
785 | ||
786 | memcpy(tmpbuf, login->req_buf, payload_length); | |
787 | tmpbuf[payload_length] = '\0'; | |
788 | start = tmpbuf; | |
789 | end = (start + payload_length); | |
790 | ||
791 | /* | |
792 | * Locate the initial keys expected from the Initiator node in | |
793 | * the first login request in order to progress with the login phase. | |
794 | */ | |
795 | while (start < end) { | |
796 | if (iscsi_extract_key_value(start, &key, &value) < 0) { | |
797 | ret = -1; | |
798 | goto out; | |
799 | } | |
800 | ||
801 | if (!strncmp(key, "InitiatorName", 13)) | |
802 | i_buf = value; | |
803 | else if (!strncmp(key, "SessionType", 11)) | |
804 | s_buf = value; | |
805 | else if (!strncmp(key, "TargetName", 10)) | |
806 | t_buf = value; | |
807 | ||
808 | start += strlen(key) + strlen(value) + 2; | |
809 | } | |
810 | ||
811 | /* | |
812 | * See 5.3. Login Phase. | |
813 | */ | |
814 | if (!i_buf) { | |
815 | pr_err("InitiatorName key not received" | |
816 | " in first login request.\n"); | |
817 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, | |
818 | ISCSI_LOGIN_STATUS_MISSING_FIELDS); | |
819 | ret = -1; | |
820 | goto out; | |
821 | } | |
822 | /* | |
823 | * Convert the incoming InitiatorName to lowercase following | |
824 | * RFC-3720 3.2.6.1. section c) that says that iSCSI IQNs | |
825 | * are NOT case sensitive. | |
826 | */ | |
827 | iscsi_initiatorname_tolower(i_buf); | |
828 | ||
829 | if (!s_buf) { | |
830 | if (!login->leading_connection) | |
831 | goto get_target; | |
832 | ||
833 | pr_err("SessionType key not received" | |
834 | " in first login request.\n"); | |
835 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, | |
836 | ISCSI_LOGIN_STATUS_MISSING_FIELDS); | |
837 | ret = -1; | |
838 | goto out; | |
839 | } | |
840 | ||
841 | /* | |
842 | * Use default portal group for discovery sessions. | |
843 | */ | |
844 | sessiontype = strncmp(s_buf, DISCOVERY, 9); | |
845 | if (!sessiontype) { | |
846 | conn->tpg = iscsit_global->discovery_tpg; | |
847 | if (!login->leading_connection) | |
848 | goto get_target; | |
849 | ||
850 | sess->sess_ops->SessionType = 1; | |
851 | /* | |
852 | * Setup crc32c modules from libcrypto | |
853 | */ | |
854 | if (iscsi_login_setup_crypto(conn) < 0) { | |
855 | pr_err("iscsi_login_setup_crypto() failed\n"); | |
856 | ret = -1; | |
857 | goto out; | |
858 | } | |
859 | /* | |
860 | * Serialize access across the discovery struct iscsi_portal_group to | |
861 | * process login attempt. | |
862 | */ | |
863 | if (iscsit_access_np(np, conn->tpg) < 0) { | |
864 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR, | |
865 | ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE); | |
866 | ret = -1; | |
867 | goto out; | |
868 | } | |
869 | ret = 0; | |
870 | goto out; | |
871 | } | |
872 | ||
873 | get_target: | |
874 | if (!t_buf) { | |
875 | pr_err("TargetName key not received" | |
876 | " in first login request while" | |
877 | " SessionType=Normal.\n"); | |
878 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, | |
879 | ISCSI_LOGIN_STATUS_MISSING_FIELDS); | |
880 | ret = -1; | |
881 | goto out; | |
882 | } | |
883 | ||
884 | /* | |
885 | * Locate Target IQN from Storage Node. | |
886 | */ | |
887 | tiqn = iscsit_get_tiqn_for_login(t_buf); | |
888 | if (!tiqn) { | |
889 | pr_err("Unable to locate Target IQN: %s in" | |
890 | " Storage Node\n", t_buf); | |
891 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR, | |
892 | ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE); | |
893 | ret = -1; | |
894 | goto out; | |
895 | } | |
896 | pr_debug("Located Storage Object: %s\n", tiqn->tiqn); | |
897 | ||
898 | /* | |
899 | * Locate Target Portal Group from Storage Node. | |
900 | */ | |
901 | conn->tpg = iscsit_get_tpg_from_np(tiqn, np); | |
902 | if (!conn->tpg) { | |
903 | pr_err("Unable to locate Target Portal Group" | |
904 | " on %s\n", tiqn->tiqn); | |
905 | iscsit_put_tiqn_for_login(tiqn); | |
906 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR, | |
907 | ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE); | |
908 | ret = -1; | |
909 | goto out; | |
910 | } | |
911 | pr_debug("Located Portal Group Object: %hu\n", conn->tpg->tpgt); | |
912 | /* | |
913 | * Setup crc32c modules from libcrypto | |
914 | */ | |
915 | if (iscsi_login_setup_crypto(conn) < 0) { | |
916 | pr_err("iscsi_login_setup_crypto() failed\n"); | |
917 | ret = -1; | |
918 | goto out; | |
919 | } | |
920 | /* | |
921 | * Serialize access across the struct iscsi_portal_group to | |
922 | * process login attempt. | |
923 | */ | |
924 | if (iscsit_access_np(np, conn->tpg) < 0) { | |
925 | iscsit_put_tiqn_for_login(tiqn); | |
926 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR, | |
927 | ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE); | |
928 | ret = -1; | |
929 | conn->tpg = NULL; | |
930 | goto out; | |
931 | } | |
932 | ||
933 | /* | |
934 | * conn->sess->node_acl will be set when the referenced | |
935 | * struct iscsi_session is located from received ISID+TSIH in | |
936 | * iscsi_login_non_zero_tsih_s2(). | |
937 | */ | |
938 | if (!login->leading_connection) { | |
939 | ret = 0; | |
940 | goto out; | |
941 | } | |
942 | ||
943 | /* | |
944 | * This value is required in iscsi_login_zero_tsih_s2() | |
945 | */ | |
946 | sess->sess_ops->SessionType = 0; | |
947 | ||
948 | /* | |
949 | * Locate incoming Initiator IQN reference from Storage Node. | |
950 | */ | |
951 | sess->se_sess->se_node_acl = core_tpg_check_initiator_node_acl( | |
952 | &conn->tpg->tpg_se_tpg, i_buf); | |
953 | if (!sess->se_sess->se_node_acl) { | |
954 | pr_err("iSCSI Initiator Node: %s is not authorized to" | |
955 | " access iSCSI target portal group: %hu.\n", | |
956 | i_buf, conn->tpg->tpgt); | |
957 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, | |
958 | ISCSI_LOGIN_STATUS_TGT_FORBIDDEN); | |
959 | ret = -1; | |
960 | goto out; | |
961 | } | |
962 | ||
963 | ret = 0; | |
964 | out: | |
965 | kfree(tmpbuf); | |
966 | return ret; | |
967 | } | |
968 | ||
969 | struct iscsi_login *iscsi_target_init_negotiation( | |
970 | struct iscsi_np *np, | |
971 | struct iscsi_conn *conn, | |
972 | char *login_pdu) | |
973 | { | |
974 | struct iscsi_login *login; | |
975 | ||
976 | login = kzalloc(sizeof(struct iscsi_login), GFP_KERNEL); | |
977 | if (!login) { | |
978 | pr_err("Unable to allocate memory for struct iscsi_login.\n"); | |
979 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR, | |
980 | ISCSI_LOGIN_STATUS_NO_RESOURCES); | |
4a28a3fa | 981 | return NULL; |
e48354ce NB |
982 | } |
983 | ||
1c3d5794 | 984 | login->req = kmemdup(login_pdu, ISCSI_HDR_LEN, GFP_KERNEL); |
e48354ce NB |
985 | if (!login->req) { |
986 | pr_err("Unable to allocate memory for Login Request.\n"); | |
987 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR, | |
988 | ISCSI_LOGIN_STATUS_NO_RESOURCES); | |
989 | goto out; | |
990 | } | |
e48354ce NB |
991 | |
992 | login->req_buf = kzalloc(MAX_KEY_VALUE_PAIRS, GFP_KERNEL); | |
993 | if (!login->req_buf) { | |
994 | pr_err("Unable to allocate memory for response buffer.\n"); | |
995 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR, | |
996 | ISCSI_LOGIN_STATUS_NO_RESOURCES); | |
997 | goto out; | |
998 | } | |
999 | /* | |
1000 | * SessionType: Discovery | |
1001 | * | |
1002 | * Locates Default Portal | |
1003 | * | |
1004 | * SessionType: Normal | |
1005 | * | |
1006 | * Locates Target Portal from NP -> Target IQN | |
1007 | */ | |
1008 | if (iscsi_target_locate_portal(np, conn, login) < 0) { | |
1009 | pr_err("iSCSI Login negotiation failed.\n"); | |
1010 | goto out; | |
1011 | } | |
1012 | ||
1013 | return login; | |
1014 | out: | |
1015 | kfree(login->req); | |
1016 | kfree(login->req_buf); | |
1017 | kfree(login); | |
1018 | ||
1019 | return NULL; | |
1020 | } | |
1021 | ||
1022 | int iscsi_target_start_negotiation( | |
1023 | struct iscsi_login *login, | |
1024 | struct iscsi_conn *conn) | |
1025 | { | |
1026 | int ret = -1; | |
1027 | ||
1028 | login->rsp = kzalloc(ISCSI_HDR_LEN, GFP_KERNEL); | |
1029 | if (!login->rsp) { | |
1030 | pr_err("Unable to allocate memory for" | |
1031 | " Login Response.\n"); | |
1032 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR, | |
1033 | ISCSI_LOGIN_STATUS_NO_RESOURCES); | |
1034 | ret = -1; | |
1035 | goto out; | |
1036 | } | |
1037 | ||
1038 | login->rsp_buf = kzalloc(MAX_KEY_VALUE_PAIRS, GFP_KERNEL); | |
1039 | if (!login->rsp_buf) { | |
1040 | pr_err("Unable to allocate memory for" | |
1041 | " request buffer.\n"); | |
1042 | iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR, | |
1043 | ISCSI_LOGIN_STATUS_NO_RESOURCES); | |
1044 | ret = -1; | |
1045 | goto out; | |
1046 | } | |
1047 | ||
1048 | ret = iscsi_target_do_login(conn, login); | |
1049 | out: | |
1050 | if (ret != 0) | |
1051 | iscsi_remove_failed_auth_entry(conn); | |
1052 | ||
1053 | iscsi_target_nego_release(login, conn); | |
1054 | return ret; | |
1055 | } | |
1056 | ||
1057 | void iscsi_target_nego_release( | |
1058 | struct iscsi_login *login, | |
1059 | struct iscsi_conn *conn) | |
1060 | { | |
1061 | kfree(login->req); | |
1062 | kfree(login->rsp); | |
1063 | kfree(login->req_buf); | |
1064 | kfree(login->rsp_buf); | |
1065 | kfree(login); | |
1066 | } |