1 /*******************************************************************************
2 * This file contains main functions related to iSCSI Parameter negotiation.
4 * \u00a9 Copyright 2007-2011 RisingTide Systems LLC.
6 * Licensed to the Linux Foundation under the General Public License (GPL) version 2.
8 * Author: Nicholas A. Bellinger <nab@linux-iscsi.org>
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 ******************************************************************************/
21 #include <linux/ctype.h>
22 #include <scsi/iscsi_proto.h>
23 #include <target/target_core_base.h>
24 #include <target/target_core_tpg.h>
26 #include "iscsi_target_core.h"
27 #include "iscsi_target_parameters.h"
28 #include "iscsi_target_login.h"
29 #include "iscsi_target_nego.h"
30 #include "iscsi_target_tpg.h"
31 #include "iscsi_target_util.h"
32 #include "iscsi_target.h"
33 #include "iscsi_target_auth.h"
35 #define MAX_LOGIN_PDUS 7
38 void convert_null_to_semi(char *buf
, int len
)
42 for (i
= 0; i
< len
; i
++)
47 int strlen_semi(char *buf
)
51 while (buf
[i
] != '\0') {
63 unsigned int max_length
,
70 if (!in_buf
|| !pattern
|| !out_buf
|| !type
)
73 ptr
= strstr(in_buf
, pattern
);
77 ptr
= strstr(ptr
, "=");
82 if (*ptr
== '0' && (*(ptr
+1) == 'x' || *(ptr
+1) == 'X')) {
83 ptr
+= 2; /* skip 0x */
88 len
= strlen_semi(ptr
);
92 if (len
> max_length
) {
93 pr_err("Length of input: %d exeeds max_length:"
94 " %d\n", len
, max_length
);
97 memcpy(out_buf
, ptr
, len
);
103 static u32
iscsi_handle_authentication(
104 struct iscsi_conn
*conn
,
109 unsigned char *authtype
)
111 struct iscsi_session
*sess
= conn
->sess
;
112 struct iscsi_node_auth
*auth
;
113 struct iscsi_node_acl
*iscsi_nacl
;
114 struct se_node_acl
*se_nacl
;
116 if (!sess
->sess_ops
->SessionType
) {
118 * For SessionType=Normal
120 se_nacl
= conn
->sess
->se_sess
->se_node_acl
;
122 pr_err("Unable to locate struct se_node_acl for"
126 iscsi_nacl
= container_of(se_nacl
, struct iscsi_node_acl
,
129 pr_err("Unable to locate struct iscsi_node_acl for"
134 auth
= ISCSI_NODE_AUTH(iscsi_nacl
);
137 * For SessionType=Discovery
139 auth
= &iscsit_global
->discovery_acl
.node_auth
;
142 if (strstr("CHAP", authtype
))
143 strcpy(conn
->sess
->auth_type
, "CHAP");
145 strcpy(conn
->sess
->auth_type
, NONE
);
147 if (strstr("None", authtype
))
150 else if (strstr("SRP", authtype
))
151 return srp_main_loop(conn
, auth
, in_buf
, out_buf
,
152 &in_length
, out_length
);
154 else if (strstr("CHAP", authtype
))
155 return chap_main_loop(conn
, auth
, in_buf
, out_buf
,
156 &in_length
, out_length
);
157 else if (strstr("SPKM1", authtype
))
159 else if (strstr("SPKM2", authtype
))
161 else if (strstr("KRB5", authtype
))
167 static void iscsi_remove_failed_auth_entry(struct iscsi_conn
*conn
)
169 kfree(conn
->auth_protocol
);
172 static int iscsi_target_check_login_request(
173 struct iscsi_conn
*conn
,
174 struct iscsi_login
*login
)
176 int req_csg
, req_nsg
, rsp_csg
, rsp_nsg
;
178 struct iscsi_login_req
*login_req
;
179 struct iscsi_login_rsp
*login_rsp
;
181 login_req
= (struct iscsi_login_req
*) login
->req
;
182 login_rsp
= (struct iscsi_login_rsp
*) login
->rsp
;
183 payload_length
= ntoh24(login_req
->dlength
);
185 switch (login_req
->opcode
& ISCSI_OPCODE_MASK
) {
189 pr_err("Received unknown opcode 0x%02x.\n",
190 login_req
->opcode
& ISCSI_OPCODE_MASK
);
191 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_INITIATOR_ERR
,
192 ISCSI_LOGIN_STATUS_INIT_ERR
);
196 if ((login_req
->flags
& ISCSI_FLAG_LOGIN_CONTINUE
) &&
197 (login_req
->flags
& ISCSI_FLAG_LOGIN_TRANSIT
)) {
198 pr_err("Login request has both ISCSI_FLAG_LOGIN_CONTINUE"
199 " and ISCSI_FLAG_LOGIN_TRANSIT set, protocol error.\n");
200 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_INITIATOR_ERR
,
201 ISCSI_LOGIN_STATUS_INIT_ERR
);
205 req_csg
= (login_req
->flags
& ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK
) >> 2;
206 rsp_csg
= (login_rsp
->flags
& ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK
) >> 2;
207 req_nsg
= (login_req
->flags
& ISCSI_FLAG_LOGIN_NEXT_STAGE_MASK
);
208 rsp_nsg
= (login_rsp
->flags
& ISCSI_FLAG_LOGIN_NEXT_STAGE_MASK
);
210 if (req_csg
!= login
->current_stage
) {
211 pr_err("Initiator unexpectedly changed login stage"
212 " from %d to %d, login failed.\n", login
->current_stage
,
214 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_INITIATOR_ERR
,
215 ISCSI_LOGIN_STATUS_INIT_ERR
);
219 if ((req_nsg
== 2) || (req_csg
>= 2) ||
220 ((login_req
->flags
& ISCSI_FLAG_LOGIN_TRANSIT
) &&
221 (req_nsg
<= req_csg
))) {
222 pr_err("Illegal login_req->flags Combination, CSG: %d,"
223 " NSG: %d, ISCSI_FLAG_LOGIN_TRANSIT: %d.\n", req_csg
,
224 req_nsg
, (login_req
->flags
& ISCSI_FLAG_LOGIN_TRANSIT
));
225 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_INITIATOR_ERR
,
226 ISCSI_LOGIN_STATUS_INIT_ERR
);
230 if ((login_req
->max_version
!= login
->version_max
) ||
231 (login_req
->min_version
!= login
->version_min
)) {
232 pr_err("Login request changed Version Max/Nin"
233 " unexpectedly to 0x%02x/0x%02x, protocol error\n",
234 login_req
->max_version
, login_req
->min_version
);
235 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_INITIATOR_ERR
,
236 ISCSI_LOGIN_STATUS_INIT_ERR
);
240 if (memcmp(login_req
->isid
, login
->isid
, 6) != 0) {
241 pr_err("Login request changed ISID unexpectedly,"
242 " protocol error.\n");
243 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_INITIATOR_ERR
,
244 ISCSI_LOGIN_STATUS_INIT_ERR
);
248 if (login_req
->itt
!= login
->init_task_tag
) {
249 pr_err("Login request changed ITT unexpectedly to"
250 " 0x%08x, protocol error.\n", login_req
->itt
);
251 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_INITIATOR_ERR
,
252 ISCSI_LOGIN_STATUS_INIT_ERR
);
256 if (payload_length
> MAX_KEY_VALUE_PAIRS
) {
257 pr_err("Login request payload exceeds default"
258 " MaxRecvDataSegmentLength: %u, protocol error.\n",
259 MAX_KEY_VALUE_PAIRS
);
266 static int iscsi_target_check_first_request(
267 struct iscsi_conn
*conn
,
268 struct iscsi_login
*login
)
270 struct iscsi_param
*param
= NULL
;
271 struct se_node_acl
*se_nacl
;
273 login
->first_request
= 0;
275 list_for_each_entry(param
, &conn
->param_list
->param_list
, p_list
) {
276 if (!strncmp(param
->name
, SESSIONTYPE
, 11)) {
277 if (!IS_PSTATE_ACCEPTOR(param
)) {
278 pr_err("SessionType key not received"
279 " in first login request.\n");
280 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_INITIATOR_ERR
,
281 ISCSI_LOGIN_STATUS_MISSING_FIELDS
);
284 if (!strncmp(param
->value
, DISCOVERY
, 9))
288 if (!strncmp(param
->name
, INITIATORNAME
, 13)) {
289 if (!IS_PSTATE_ACCEPTOR(param
)) {
290 if (!login
->leading_connection
)
293 pr_err("InitiatorName key not received"
294 " in first login request.\n");
295 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_INITIATOR_ERR
,
296 ISCSI_LOGIN_STATUS_MISSING_FIELDS
);
301 * For non-leading connections, double check that the
302 * received InitiatorName matches the existing session's
303 * struct iscsi_node_acl.
305 if (!login
->leading_connection
) {
306 se_nacl
= conn
->sess
->se_sess
->se_node_acl
;
308 pr_err("Unable to locate"
309 " struct se_node_acl\n");
310 iscsit_tx_login_rsp(conn
,
311 ISCSI_STATUS_CLS_INITIATOR_ERR
,
312 ISCSI_LOGIN_STATUS_TGT_NOT_FOUND
);
316 if (strcmp(param
->value
,
317 se_nacl
->initiatorname
)) {
319 " InitiatorName: %s for this"
320 " iSCSI Initiator Node.\n",
322 iscsit_tx_login_rsp(conn
,
323 ISCSI_STATUS_CLS_INITIATOR_ERR
,
324 ISCSI_LOGIN_STATUS_TGT_NOT_FOUND
);
334 static int iscsi_target_do_tx_login_io(struct iscsi_conn
*conn
, struct iscsi_login
*login
)
337 struct iscsi_session
*sess
= conn
->sess
;
338 struct iscsi_login_rsp
*login_rsp
;
340 login_rsp
= (struct iscsi_login_rsp
*) login
->rsp
;
342 login_rsp
->opcode
= ISCSI_OP_LOGIN_RSP
;
343 hton24(login_rsp
->dlength
, login
->rsp_length
);
344 memcpy(login_rsp
->isid
, login
->isid
, 6);
345 login_rsp
->tsih
= cpu_to_be16(login
->tsih
);
346 login_rsp
->itt
= cpu_to_be32(login
->init_task_tag
);
347 login_rsp
->statsn
= cpu_to_be32(conn
->stat_sn
++);
348 login_rsp
->exp_cmdsn
= cpu_to_be32(conn
->sess
->exp_cmd_sn
);
349 login_rsp
->max_cmdsn
= cpu_to_be32(conn
->sess
->max_cmd_sn
);
351 pr_debug("Sending Login Response, Flags: 0x%02x, ITT: 0x%08x,"
352 " ExpCmdSN; 0x%08x, MaxCmdSN: 0x%08x, StatSN: 0x%08x, Length:"
353 " %u\n", login_rsp
->flags
, ntohl(login_rsp
->itt
),
354 ntohl(login_rsp
->exp_cmdsn
), ntohl(login_rsp
->max_cmdsn
),
355 ntohl(login_rsp
->statsn
), login
->rsp_length
);
357 padding
= ((-login
->rsp_length
) & 3);
359 if (iscsi_login_tx_data(
363 login
->rsp_length
+ padding
) < 0)
366 login
->rsp_length
= 0;
367 login_rsp
->tsih
= be16_to_cpu(login_rsp
->tsih
);
368 login_rsp
->itt
= be32_to_cpu(login_rsp
->itt
);
369 login_rsp
->statsn
= be32_to_cpu(login_rsp
->statsn
);
370 mutex_lock(&sess
->cmdsn_mutex
);
371 login_rsp
->exp_cmdsn
= be32_to_cpu(sess
->exp_cmd_sn
);
372 login_rsp
->max_cmdsn
= be32_to_cpu(sess
->max_cmd_sn
);
373 mutex_unlock(&sess
->cmdsn_mutex
);
378 static int iscsi_target_do_rx_login_io(struct iscsi_conn
*conn
, struct iscsi_login
*login
)
380 u32 padding
= 0, payload_length
;
381 struct iscsi_login_req
*login_req
;
383 if (iscsi_login_rx_data(conn
, login
->req
, ISCSI_HDR_LEN
) < 0)
386 login_req
= (struct iscsi_login_req
*) login
->req
;
387 payload_length
= ntoh24(login_req
->dlength
);
388 login_req
->tsih
= be16_to_cpu(login_req
->tsih
);
389 login_req
->itt
= be32_to_cpu(login_req
->itt
);
390 login_req
->cid
= be16_to_cpu(login_req
->cid
);
391 login_req
->cmdsn
= be32_to_cpu(login_req
->cmdsn
);
392 login_req
->exp_statsn
= be32_to_cpu(login_req
->exp_statsn
);
394 pr_debug("Got Login Command, Flags 0x%02x, ITT: 0x%08x,"
395 " CmdSN: 0x%08x, ExpStatSN: 0x%08x, CID: %hu, Length: %u\n",
396 login_req
->flags
, login_req
->itt
, login_req
->cmdsn
,
397 login_req
->exp_statsn
, login_req
->cid
, payload_length
);
399 if (iscsi_target_check_login_request(conn
, login
) < 0)
402 padding
= ((-payload_length
) & 3);
403 memset(login
->req_buf
, 0, MAX_KEY_VALUE_PAIRS
);
405 if (iscsi_login_rx_data(
408 payload_length
+ padding
) < 0)
414 static int iscsi_target_do_login_io(struct iscsi_conn
*conn
, struct iscsi_login
*login
)
416 if (iscsi_target_do_tx_login_io(conn
, login
) < 0)
419 if (iscsi_target_do_rx_login_io(conn
, login
) < 0)
425 static int iscsi_target_get_initial_payload(
426 struct iscsi_conn
*conn
,
427 struct iscsi_login
*login
)
429 u32 padding
= 0, payload_length
;
430 struct iscsi_login_req
*login_req
;
432 login_req
= (struct iscsi_login_req
*) login
->req
;
433 payload_length
= ntoh24(login_req
->dlength
);
435 pr_debug("Got Login Command, Flags 0x%02x, ITT: 0x%08x,"
436 " CmdSN: 0x%08x, ExpStatSN: 0x%08x, Length: %u\n",
437 login_req
->flags
, login_req
->itt
, login_req
->cmdsn
,
438 login_req
->exp_statsn
, payload_length
);
440 if (iscsi_target_check_login_request(conn
, login
) < 0)
443 padding
= ((-payload_length
) & 3);
445 if (iscsi_login_rx_data(
448 payload_length
+ padding
) < 0)
455 * NOTE: We check for existing sessions or connections AFTER the initiator
456 * has been successfully authenticated in order to protect against faked
457 * ISID/TSIH combinations.
459 static int iscsi_target_check_for_existing_instances(
460 struct iscsi_conn
*conn
,
461 struct iscsi_login
*login
)
463 if (login
->checked_for_existing
)
466 login
->checked_for_existing
= 1;
469 return iscsi_check_for_session_reinstatement(conn
);
471 return iscsi_login_post_auth_non_zero_tsih(conn
, login
->cid
,
472 login
->initial_exp_statsn
);
475 static int iscsi_target_do_authentication(
476 struct iscsi_conn
*conn
,
477 struct iscsi_login
*login
)
481 struct iscsi_param
*param
;
482 struct iscsi_login_req
*login_req
;
483 struct iscsi_login_rsp
*login_rsp
;
485 login_req
= (struct iscsi_login_req
*) login
->req
;
486 login_rsp
= (struct iscsi_login_rsp
*) login
->rsp
;
487 payload_length
= ntoh24(login_req
->dlength
);
489 param
= iscsi_find_param_from_key(AUTHMETHOD
, conn
->param_list
);
493 authret
= iscsi_handle_authentication(
502 pr_debug("Received OK response"
503 " from LIO Authentication, continuing.\n");
506 pr_debug("iSCSI security negotiation"
507 " completed sucessfully.\n");
508 login
->auth_complete
= 1;
509 if ((login_req
->flags
& ISCSI_FLAG_LOGIN_NEXT_STAGE1
) &&
510 (login_req
->flags
& ISCSI_FLAG_LOGIN_TRANSIT
)) {
511 login_rsp
->flags
|= (ISCSI_FLAG_LOGIN_NEXT_STAGE1
|
512 ISCSI_FLAG_LOGIN_TRANSIT
);
513 login
->current_stage
= 1;
515 return iscsi_target_check_for_existing_instances(
518 pr_err("Security negotiation"
520 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_INITIATOR_ERR
,
521 ISCSI_LOGIN_STATUS_AUTH_FAILED
);
524 pr_err("Received unknown error %d from LIO"
525 " Authentication\n", authret
);
526 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_TARGET_ERR
,
527 ISCSI_LOGIN_STATUS_TARGET_ERROR
);
534 static int iscsi_target_handle_csg_zero(
535 struct iscsi_conn
*conn
,
536 struct iscsi_login
*login
)
540 struct iscsi_param
*param
;
541 struct iscsi_login_req
*login_req
;
542 struct iscsi_login_rsp
*login_rsp
;
544 login_req
= (struct iscsi_login_req
*) login
->req
;
545 login_rsp
= (struct iscsi_login_rsp
*) login
->rsp
;
546 payload_length
= ntoh24(login_req
->dlength
);
548 param
= iscsi_find_param_from_key(AUTHMETHOD
, conn
->param_list
);
552 ret
= iscsi_decode_text_input(
553 PHASE_SECURITY
|PHASE_DECLARATIVE
,
554 SENDER_INITIATOR
|SENDER_RECEIVER
,
562 if (login
->auth_complete
) {
563 pr_err("Initiator has already been"
564 " successfully authenticated, but is still"
565 " sending %s keys.\n", param
->value
);
566 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_INITIATOR_ERR
,
567 ISCSI_LOGIN_STATUS_INIT_ERR
);
574 if (login
->first_request
)
575 if (iscsi_target_check_first_request(conn
, login
) < 0)
578 ret
= iscsi_encode_text_output(
579 PHASE_SECURITY
|PHASE_DECLARATIVE
,
587 if (!iscsi_check_negotiated_keys(conn
->param_list
)) {
588 if (ISCSI_TPG_ATTRIB(ISCSI_TPG_C(conn
))->authentication
&&
589 !strncmp(param
->value
, NONE
, 4)) {
590 pr_err("Initiator sent AuthMethod=None but"
591 " Target is enforcing iSCSI Authentication,"
593 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_INITIATOR_ERR
,
594 ISCSI_LOGIN_STATUS_AUTH_FAILED
);
598 if (ISCSI_TPG_ATTRIB(ISCSI_TPG_C(conn
))->authentication
&&
599 !login
->auth_complete
)
602 if (strncmp(param
->value
, NONE
, 4) && !login
->auth_complete
)
605 if ((login_req
->flags
& ISCSI_FLAG_LOGIN_NEXT_STAGE1
) &&
606 (login_req
->flags
& ISCSI_FLAG_LOGIN_TRANSIT
)) {
607 login_rsp
->flags
|= ISCSI_FLAG_LOGIN_NEXT_STAGE1
|
608 ISCSI_FLAG_LOGIN_TRANSIT
;
609 login
->current_stage
= 1;
615 return iscsi_target_do_authentication(conn
, login
);
618 static int iscsi_target_handle_csg_one(struct iscsi_conn
*conn
, struct iscsi_login
*login
)
622 struct iscsi_login_req
*login_req
;
623 struct iscsi_login_rsp
*login_rsp
;
625 login_req
= (struct iscsi_login_req
*) login
->req
;
626 login_rsp
= (struct iscsi_login_rsp
*) login
->rsp
;
627 payload_length
= ntoh24(login_req
->dlength
);
629 ret
= iscsi_decode_text_input(
630 PHASE_OPERATIONAL
|PHASE_DECLARATIVE
,
631 SENDER_INITIATOR
|SENDER_RECEIVER
,
638 if (login
->first_request
)
639 if (iscsi_target_check_first_request(conn
, login
) < 0)
642 if (iscsi_target_check_for_existing_instances(conn
, login
) < 0)
645 ret
= iscsi_encode_text_output(
646 PHASE_OPERATIONAL
|PHASE_DECLARATIVE
,
654 if (!login
->auth_complete
&&
655 ISCSI_TPG_ATTRIB(ISCSI_TPG_C(conn
))->authentication
) {
656 pr_err("Initiator is requesting CSG: 1, has not been"
657 " successfully authenticated, and the Target is"
658 " enforcing iSCSI Authentication, login failed.\n");
659 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_INITIATOR_ERR
,
660 ISCSI_LOGIN_STATUS_AUTH_FAILED
);
664 if (!iscsi_check_negotiated_keys(conn
->param_list
))
665 if ((login_req
->flags
& ISCSI_FLAG_LOGIN_NEXT_STAGE3
) &&
666 (login_req
->flags
& ISCSI_FLAG_LOGIN_TRANSIT
))
667 login_rsp
->flags
|= ISCSI_FLAG_LOGIN_NEXT_STAGE3
|
668 ISCSI_FLAG_LOGIN_TRANSIT
;
673 static int iscsi_target_do_login(struct iscsi_conn
*conn
, struct iscsi_login
*login
)
676 struct iscsi_login_req
*login_req
;
677 struct iscsi_login_rsp
*login_rsp
;
679 login_req
= (struct iscsi_login_req
*) login
->req
;
680 login_rsp
= (struct iscsi_login_rsp
*) login
->rsp
;
683 if (++pdu_count
> MAX_LOGIN_PDUS
) {
684 pr_err("MAX_LOGIN_PDUS count reached.\n");
685 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_TARGET_ERR
,
686 ISCSI_LOGIN_STATUS_TARGET_ERROR
);
690 switch ((login_req
->flags
& ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK
) >> 2) {
692 login_rsp
->flags
|= (0 & ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK
);
693 if (iscsi_target_handle_csg_zero(conn
, login
) < 0)
697 login_rsp
->flags
|= ISCSI_FLAG_LOGIN_CURRENT_STAGE1
;
698 if (iscsi_target_handle_csg_one(conn
, login
) < 0)
700 if (login_rsp
->flags
& ISCSI_FLAG_LOGIN_TRANSIT
) {
701 login
->tsih
= conn
->sess
->tsih
;
702 if (iscsi_target_do_tx_login_io(conn
,
709 pr_err("Illegal CSG: %d received from"
710 " Initiator, protocol error.\n",
711 (login_req
->flags
& ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK
)
716 if (iscsi_target_do_login_io(conn
, login
) < 0)
719 if (login_rsp
->flags
& ISCSI_FLAG_LOGIN_TRANSIT
) {
720 login_rsp
->flags
&= ~ISCSI_FLAG_LOGIN_TRANSIT
;
721 login_rsp
->flags
&= ~ISCSI_FLAG_LOGIN_NEXT_STAGE_MASK
;
728 static void iscsi_initiatorname_tolower(
732 u32 iqn_size
= strlen(param_buf
), i
;
734 for (i
= 0; i
< iqn_size
; i
++) {
735 c
= (char *)¶m_buf
[i
];
744 * Processes the first Login Request..
746 static int iscsi_target_locate_portal(
748 struct iscsi_conn
*conn
,
749 struct iscsi_login
*login
)
751 char *i_buf
= NULL
, *s_buf
= NULL
, *t_buf
= NULL
;
752 char *tmpbuf
, *start
= NULL
, *end
= NULL
, *key
, *value
;
753 struct iscsi_session
*sess
= conn
->sess
;
754 struct iscsi_tiqn
*tiqn
;
755 struct iscsi_login_req
*login_req
;
756 struct iscsi_targ_login_rsp
*login_rsp
;
758 int sessiontype
= 0, ret
= 0;
760 login_req
= (struct iscsi_login_req
*) login
->req
;
761 login_rsp
= (struct iscsi_targ_login_rsp
*) login
->rsp
;
762 payload_length
= ntoh24(login_req
->dlength
);
764 login
->first_request
= 1;
765 login
->leading_connection
= (!login_req
->tsih
) ? 1 : 0;
766 login
->current_stage
=
767 (login_req
->flags
& ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK
) >> 2;
768 login
->version_min
= login_req
->min_version
;
769 login
->version_max
= login_req
->max_version
;
770 memcpy(login
->isid
, login_req
->isid
, 6);
771 login
->cmd_sn
= login_req
->cmdsn
;
772 login
->init_task_tag
= login_req
->itt
;
773 login
->initial_exp_statsn
= login_req
->exp_statsn
;
774 login
->cid
= login_req
->cid
;
775 login
->tsih
= login_req
->tsih
;
777 if (iscsi_target_get_initial_payload(conn
, login
) < 0)
780 tmpbuf
= kzalloc(payload_length
+ 1, GFP_KERNEL
);
782 pr_err("Unable to allocate memory for tmpbuf.\n");
786 memcpy(tmpbuf
, login
->req_buf
, payload_length
);
787 tmpbuf
[payload_length
] = '\0';
789 end
= (start
+ payload_length
);
792 * Locate the initial keys expected from the Initiator node in
793 * the first login request in order to progress with the login phase.
795 while (start
< end
) {
796 if (iscsi_extract_key_value(start
, &key
, &value
) < 0) {
801 if (!strncmp(key
, "InitiatorName", 13))
803 else if (!strncmp(key
, "SessionType", 11))
805 else if (!strncmp(key
, "TargetName", 10))
808 start
+= strlen(key
) + strlen(value
) + 2;
812 * See 5.3. Login Phase.
815 pr_err("InitiatorName key not received"
816 " in first login request.\n");
817 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_INITIATOR_ERR
,
818 ISCSI_LOGIN_STATUS_MISSING_FIELDS
);
823 * Convert the incoming InitiatorName to lowercase following
824 * RFC-3720 3.2.6.1. section c) that says that iSCSI IQNs
825 * are NOT case sensitive.
827 iscsi_initiatorname_tolower(i_buf
);
830 if (!login
->leading_connection
)
833 pr_err("SessionType key not received"
834 " in first login request.\n");
835 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_INITIATOR_ERR
,
836 ISCSI_LOGIN_STATUS_MISSING_FIELDS
);
842 * Use default portal group for discovery sessions.
844 sessiontype
= strncmp(s_buf
, DISCOVERY
, 9);
846 conn
->tpg
= iscsit_global
->discovery_tpg
;
847 if (!login
->leading_connection
)
850 sess
->sess_ops
->SessionType
= 1;
852 * Setup crc32c modules from libcrypto
854 if (iscsi_login_setup_crypto(conn
) < 0) {
855 pr_err("iscsi_login_setup_crypto() failed\n");
860 * Serialize access across the discovery struct iscsi_portal_group to
861 * process login attempt.
863 if (iscsit_access_np(np
, conn
->tpg
) < 0) {
864 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_TARGET_ERR
,
865 ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE
);
875 pr_err("TargetName key not received"
876 " in first login request while"
877 " SessionType=Normal.\n");
878 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_INITIATOR_ERR
,
879 ISCSI_LOGIN_STATUS_MISSING_FIELDS
);
885 * Locate Target IQN from Storage Node.
887 tiqn
= iscsit_get_tiqn_for_login(t_buf
);
889 pr_err("Unable to locate Target IQN: %s in"
890 " Storage Node\n", t_buf
);
891 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_TARGET_ERR
,
892 ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE
);
896 pr_debug("Located Storage Object: %s\n", tiqn
->tiqn
);
899 * Locate Target Portal Group from Storage Node.
901 conn
->tpg
= iscsit_get_tpg_from_np(tiqn
, np
);
903 pr_err("Unable to locate Target Portal Group"
904 " on %s\n", tiqn
->tiqn
);
905 iscsit_put_tiqn_for_login(tiqn
);
906 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_TARGET_ERR
,
907 ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE
);
911 pr_debug("Located Portal Group Object: %hu\n", conn
->tpg
->tpgt
);
913 * Setup crc32c modules from libcrypto
915 if (iscsi_login_setup_crypto(conn
) < 0) {
916 pr_err("iscsi_login_setup_crypto() failed\n");
921 * Serialize access across the struct iscsi_portal_group to
922 * process login attempt.
924 if (iscsit_access_np(np
, conn
->tpg
) < 0) {
925 iscsit_put_tiqn_for_login(tiqn
);
926 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_TARGET_ERR
,
927 ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE
);
934 * conn->sess->node_acl will be set when the referenced
935 * struct iscsi_session is located from received ISID+TSIH in
936 * iscsi_login_non_zero_tsih_s2().
938 if (!login
->leading_connection
) {
944 * This value is required in iscsi_login_zero_tsih_s2()
946 sess
->sess_ops
->SessionType
= 0;
949 * Locate incoming Initiator IQN reference from Storage Node.
951 sess
->se_sess
->se_node_acl
= core_tpg_check_initiator_node_acl(
952 &conn
->tpg
->tpg_se_tpg
, i_buf
);
953 if (!sess
->se_sess
->se_node_acl
) {
954 pr_err("iSCSI Initiator Node: %s is not authorized to"
955 " access iSCSI target portal group: %hu.\n",
956 i_buf
, conn
->tpg
->tpgt
);
957 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_INITIATOR_ERR
,
958 ISCSI_LOGIN_STATUS_TGT_FORBIDDEN
);
969 struct iscsi_login
*iscsi_target_init_negotiation(
971 struct iscsi_conn
*conn
,
974 struct iscsi_login
*login
;
976 login
= kzalloc(sizeof(struct iscsi_login
), GFP_KERNEL
);
978 pr_err("Unable to allocate memory for struct iscsi_login.\n");
979 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_TARGET_ERR
,
980 ISCSI_LOGIN_STATUS_NO_RESOURCES
);
984 login
->req
= kzalloc(ISCSI_HDR_LEN
, GFP_KERNEL
);
986 pr_err("Unable to allocate memory for Login Request.\n");
987 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_TARGET_ERR
,
988 ISCSI_LOGIN_STATUS_NO_RESOURCES
);
991 memcpy(login
->req
, login_pdu
, ISCSI_HDR_LEN
);
993 login
->req_buf
= kzalloc(MAX_KEY_VALUE_PAIRS
, GFP_KERNEL
);
994 if (!login
->req_buf
) {
995 pr_err("Unable to allocate memory for response buffer.\n");
996 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_TARGET_ERR
,
997 ISCSI_LOGIN_STATUS_NO_RESOURCES
);
1001 * SessionType: Discovery
1003 * Locates Default Portal
1005 * SessionType: Normal
1007 * Locates Target Portal from NP -> Target IQN
1009 if (iscsi_target_locate_portal(np
, conn
, login
) < 0) {
1010 pr_err("iSCSI Login negotiation failed.\n");
1017 kfree(login
->req_buf
);
1023 int iscsi_target_start_negotiation(
1024 struct iscsi_login
*login
,
1025 struct iscsi_conn
*conn
)
1029 login
->rsp
= kzalloc(ISCSI_HDR_LEN
, GFP_KERNEL
);
1031 pr_err("Unable to allocate memory for"
1032 " Login Response.\n");
1033 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_TARGET_ERR
,
1034 ISCSI_LOGIN_STATUS_NO_RESOURCES
);
1039 login
->rsp_buf
= kzalloc(MAX_KEY_VALUE_PAIRS
, GFP_KERNEL
);
1040 if (!login
->rsp_buf
) {
1041 pr_err("Unable to allocate memory for"
1042 " request buffer.\n");
1043 iscsit_tx_login_rsp(conn
, ISCSI_STATUS_CLS_TARGET_ERR
,
1044 ISCSI_LOGIN_STATUS_NO_RESOURCES
);
1049 ret
= iscsi_target_do_login(conn
, login
);
1052 iscsi_remove_failed_auth_entry(conn
);
1054 iscsi_target_nego_release(login
, conn
);
1058 void iscsi_target_nego_release(
1059 struct iscsi_login
*login
,
1060 struct iscsi_conn
*conn
)
1064 kfree(login
->req_buf
);
1065 kfree(login
->rsp_buf
);