search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'v3.3.7' into 3.3/master
[zen-stable.git] / drivers / target / iscsi / iscsi_target_nego.c
blobe89fa7457254d6f44fde426dceaab84de0a99fa2
1 /*******************************************************************************
2 * This file contains main functions related to iSCSI Parameter negotiation.
3 *
4 * \u00a9 Copyright 2007-2011 RisingTide Systems LLC.
5 *
6 * Licensed to the Linux Foundation under the General Public License (GPL) version 2.
7 *
8 * Author: Nicholas A. Bellinger <nab@linux-iscsi.org>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 ******************************************************************************/
20
21 #include <linux/ctype.h>
22 #include <scsi/iscsi_proto.h>
23 #include <target/target_core_base.h>
24 #include <target/target_core_fabric.h>
25
26 #include "iscsi_target_core.h"
27 #include "iscsi_target_parameters.h"
28 #include "iscsi_target_login.h"
29 #include "iscsi_target_nego.h"
30 #include "iscsi_target_tpg.h"
31 #include "iscsi_target_util.h"
32 #include "iscsi_target.h"
33 #include "iscsi_target_auth.h"
34
35 #define MAX_LOGIN_PDUS 7
36 #define TEXT_LEN 4096
37
38 void convert_null_to_semi(char *buf, int len)
39 {
40 int i;
41
42 for (i = 0; i < len; i++)
43 if (buf[i] == '\0')
44 buf[i] = ';';
45 }
46
47 int strlen_semi(char *buf)
48 {
49 int i = 0;
50
51 while (buf[i] != '\0') {
52 if (buf[i] == ';')
53 return i;
54 i++;
55 }
56
57 return -1;
58 }
59
60 int extract_param(
61 const char *in_buf,
62 const char *pattern,
63 unsigned int max_length,
64 char *out_buf,
65 unsigned char *type)
66 {
67 char *ptr;
68 int len;
69
70 if (!in_buf || !pattern || !out_buf || !type)
71 return -1;
72
73 ptr = strstr(in_buf, pattern);
74 if (!ptr)
75 return -1;
76
77 ptr = strstr(ptr, "=");
78 if (!ptr)
79 return -1;
80
81 ptr += 1;
82 if (*ptr == '0' && (*(ptr+1) == 'x' || *(ptr+1) == 'X')) {
83 ptr += 2; /* skip 0x */
84 *type = HEX;
85 } else
86 *type = DECIMAL;
87
88 len = strlen_semi(ptr);
89 if (len < 0)
90 return -1;
91
92 if (len > max_length) {
93 pr_err("Length of input: %d exeeds max_length:"
94 " %d\n", len, max_length);
95 return -1;
96 }
97 memcpy(out_buf, ptr, len);
98 out_buf[len] = '\0';
99
100 return 0;
101 }
102
103 static u32 iscsi_handle_authentication(
104 struct iscsi_conn *conn,
105 char *in_buf,
106 char *out_buf,
107 int in_length,
108 int *out_length,
109 unsigned char *authtype)
110 {
111 struct iscsi_session *sess = conn->sess;
112 struct iscsi_node_auth *auth;
113 struct iscsi_node_acl *iscsi_nacl;
114 struct se_node_acl *se_nacl;
115
116 if (!sess->sess_ops->SessionType) {
117 /*
118 * For SessionType=Normal
119 */
120 se_nacl = conn->sess->se_sess->se_node_acl;
121 if (!se_nacl) {
122 pr_err("Unable to locate struct se_node_acl for"
123 " CHAP auth\n");
124 return -1;
125 }
126 iscsi_nacl = container_of(se_nacl, struct iscsi_node_acl,
127 se_node_acl);
128 if (!iscsi_nacl) {
129 pr_err("Unable to locate struct iscsi_node_acl for"
130 " CHAP auth\n");
131 return -1;
132 }
133
134 auth = ISCSI_NODE_AUTH(iscsi_nacl);
135 } else {
136 /*
137 * For SessionType=Discovery
138 */
139 auth = &iscsit_global->discovery_acl.node_auth;
140 }
141
142 if (strstr("CHAP", authtype))
143 strcpy(conn->sess->auth_type, "CHAP");
144 else
145 strcpy(conn->sess->auth_type, NONE);
146
147 if (strstr("None", authtype))
148 return 1;
149 #ifdef CANSRP
150 else if (strstr("SRP", authtype))
151 return srp_main_loop(conn, auth, in_buf, out_buf,
152 &in_length, out_length);
153 #endif
154 else if (strstr("CHAP", authtype))
155 return chap_main_loop(conn, auth, in_buf, out_buf,
156 &in_length, out_length);
157 else if (strstr("SPKM1", authtype))
158 return 2;
159 else if (strstr("SPKM2", authtype))
160 return 2;
161 else if (strstr("KRB5", authtype))
162 return 2;
163 else
164 return 2;
165 }
166
167 static void iscsi_remove_failed_auth_entry(struct iscsi_conn *conn)
168 {
169 kfree(conn->auth_protocol);
170 }
171
172 static int iscsi_target_check_login_request(
173 struct iscsi_conn *conn,
174 struct iscsi_login *login)
175 {
176 int req_csg, req_nsg, rsp_csg, rsp_nsg;
177 u32 payload_length;
178 struct iscsi_login_req *login_req;
179 struct iscsi_login_rsp *login_rsp;
180
181 login_req = (struct iscsi_login_req *) login->req;
182 login_rsp = (struct iscsi_login_rsp *) login->rsp;
183 payload_length = ntoh24(login_req->dlength);
184
185 switch (login_req->opcode & ISCSI_OPCODE_MASK) {
186 case ISCSI_OP_LOGIN:
187 break;
188 default:
189 pr_err("Received unknown opcode 0x%02x.\n",
190 login_req->opcode & ISCSI_OPCODE_MASK);
191 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
192 ISCSI_LOGIN_STATUS_INIT_ERR);
193 return -1;
194 }
195
196 if ((login_req->flags & ISCSI_FLAG_LOGIN_CONTINUE) &&
197 (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) {
198 pr_err("Login request has both ISCSI_FLAG_LOGIN_CONTINUE"
199 " and ISCSI_FLAG_LOGIN_TRANSIT set, protocol error.\n");
200 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
201 ISCSI_LOGIN_STATUS_INIT_ERR);
202 return -1;
203 }
204
205 req_csg = (login_req->flags & ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK) >> 2;
206 rsp_csg = (login_rsp->flags & ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK) >> 2;
207 req_nsg = (login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE_MASK);
208 rsp_nsg = (login_rsp->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE_MASK);
209
210 if (req_csg != login->current_stage) {
211 pr_err("Initiator unexpectedly changed login stage"
212 " from %d to %d, login failed.\n", login->current_stage,
213 req_csg);
214 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
215 ISCSI_LOGIN_STATUS_INIT_ERR);
216 return -1;
217 }
218
219 if ((req_nsg == 2) || (req_csg >= 2) ||
220 ((login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT) &&
221 (req_nsg <= req_csg))) {
222 pr_err("Illegal login_req->flags Combination, CSG: %d,"
223 " NSG: %d, ISCSI_FLAG_LOGIN_TRANSIT: %d.\n", req_csg,
224 req_nsg, (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT));
225 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
226 ISCSI_LOGIN_STATUS_INIT_ERR);
227 return -1;
228 }
229
230 if ((login_req->max_version != login->version_max) ||
231 (login_req->min_version != login->version_min)) {
232 pr_err("Login request changed Version Max/Nin"
233 " unexpectedly to 0x%02x/0x%02x, protocol error\n",
234 login_req->max_version, login_req->min_version);
235 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
236 ISCSI_LOGIN_STATUS_INIT_ERR);
237 return -1;
238 }
239
240 if (memcmp(login_req->isid, login->isid, 6) != 0) {
241 pr_err("Login request changed ISID unexpectedly,"
242 " protocol error.\n");
243 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
244 ISCSI_LOGIN_STATUS_INIT_ERR);
245 return -1;
246 }
247
248 if (login_req->itt != login->init_task_tag) {
249 pr_err("Login request changed ITT unexpectedly to"
250 " 0x%08x, protocol error.\n", login_req->itt);
251 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
252 ISCSI_LOGIN_STATUS_INIT_ERR);
253 return -1;
254 }
255
256 if (payload_length > MAX_KEY_VALUE_PAIRS) {
257 pr_err("Login request payload exceeds default"
258 " MaxRecvDataSegmentLength: %u, protocol error.\n",
259 MAX_KEY_VALUE_PAIRS);
260 return -1;
261 }
262
263 return 0;
264 }
265
266 static int iscsi_target_check_first_request(
267 struct iscsi_conn *conn,
268 struct iscsi_login *login)
269 {
270 struct iscsi_param *param = NULL;
271 struct se_node_acl *se_nacl;
272
273 login->first_request = 0;
274
275 list_for_each_entry(param, &conn->param_list->param_list, p_list) {
276 if (!strncmp(param->name, SESSIONTYPE, 11)) {
277 if (!IS_PSTATE_ACCEPTOR(param)) {
278 pr_err("SessionType key not received"
279 " in first login request.\n");
280 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
281 ISCSI_LOGIN_STATUS_MISSING_FIELDS);
282 return -1;
283 }
284 if (!strncmp(param->value, DISCOVERY, 9))
285 return 0;
286 }
287
288 if (!strncmp(param->name, INITIATORNAME, 13)) {
289 if (!IS_PSTATE_ACCEPTOR(param)) {
290 if (!login->leading_connection)
291 continue;
292
293 pr_err("InitiatorName key not received"
294 " in first login request.\n");
295 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
296 ISCSI_LOGIN_STATUS_MISSING_FIELDS);
297 return -1;
298 }
299
300 /*
301 * For non-leading connections, double check that the
302 * received InitiatorName matches the existing session's
303 * struct iscsi_node_acl.
304 */
305 if (!login->leading_connection) {
306 se_nacl = conn->sess->se_sess->se_node_acl;
307 if (!se_nacl) {
308 pr_err("Unable to locate"
309 " struct se_node_acl\n");
310 iscsit_tx_login_rsp(conn,
311 ISCSI_STATUS_CLS_INITIATOR_ERR,
312 ISCSI_LOGIN_STATUS_TGT_NOT_FOUND);
313 return -1;
314 }
315
316 if (strcmp(param->value,
317 se_nacl->initiatorname)) {
318 pr_err("Incorrect"
319 " InitiatorName: %s for this"
320 " iSCSI Initiator Node.\n",
321 param->value);
322 iscsit_tx_login_rsp(conn,
323 ISCSI_STATUS_CLS_INITIATOR_ERR,
324 ISCSI_LOGIN_STATUS_TGT_NOT_FOUND);
325 return -1;
326 }
327 }
328 }
329 }
330
331 return 0;
332 }
333
334 static int iscsi_target_do_tx_login_io(struct iscsi_conn *conn, struct iscsi_login *login)
335 {
336 u32 padding = 0;
337 struct iscsi_session *sess = conn->sess;
338 struct iscsi_login_rsp *login_rsp;
339
340 login_rsp = (struct iscsi_login_rsp *) login->rsp;
341
342 login_rsp->opcode = ISCSI_OP_LOGIN_RSP;
343 hton24(login_rsp->dlength, login->rsp_length);
344 memcpy(login_rsp->isid, login->isid, 6);
345 login_rsp->tsih = cpu_to_be16(login->tsih);
346 login_rsp->itt = cpu_to_be32(login->init_task_tag);
347 login_rsp->statsn = cpu_to_be32(conn->stat_sn++);
348 login_rsp->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
349 login_rsp->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn);
350
351 pr_debug("Sending Login Response, Flags: 0x%02x, ITT: 0x%08x,"
352 " ExpCmdSN; 0x%08x, MaxCmdSN: 0x%08x, StatSN: 0x%08x, Length:"
353 " %u\n", login_rsp->flags, ntohl(login_rsp->itt),
354 ntohl(login_rsp->exp_cmdsn), ntohl(login_rsp->max_cmdsn),
355 ntohl(login_rsp->statsn), login->rsp_length);
356
357 padding = ((-login->rsp_length) & 3);
358
359 if (iscsi_login_tx_data(
360 conn,
361 login->rsp,
362 login->rsp_buf,
363 login->rsp_length + padding) < 0)
364 return -1;
365
366 login->rsp_length = 0;
367 login_rsp->tsih = be16_to_cpu(login_rsp->tsih);
368 login_rsp->itt = be32_to_cpu(login_rsp->itt);
369 login_rsp->statsn = be32_to_cpu(login_rsp->statsn);
370 mutex_lock(&sess->cmdsn_mutex);
371 login_rsp->exp_cmdsn = be32_to_cpu(sess->exp_cmd_sn);
372 login_rsp->max_cmdsn = be32_to_cpu(sess->max_cmd_sn);
373 mutex_unlock(&sess->cmdsn_mutex);
374
375 return 0;
376 }
377
378 static int iscsi_target_do_rx_login_io(struct iscsi_conn *conn, struct iscsi_login *login)
379 {
380 u32 padding = 0, payload_length;
381 struct iscsi_login_req *login_req;
382
383 if (iscsi_login_rx_data(conn, login->req, ISCSI_HDR_LEN) < 0)
384 return -1;
385
386 login_req = (struct iscsi_login_req *) login->req;
387 payload_length = ntoh24(login_req->dlength);
388 login_req->tsih = be16_to_cpu(login_req->tsih);
389 login_req->itt = be32_to_cpu(login_req->itt);
390 login_req->cid = be16_to_cpu(login_req->cid);
391 login_req->cmdsn = be32_to_cpu(login_req->cmdsn);
392 login_req->exp_statsn = be32_to_cpu(login_req->exp_statsn);
393
394 pr_debug("Got Login Command, Flags 0x%02x, ITT: 0x%08x,"
395 " CmdSN: 0x%08x, ExpStatSN: 0x%08x, CID: %hu, Length: %u\n",
396 login_req->flags, login_req->itt, login_req->cmdsn,
397 login_req->exp_statsn, login_req->cid, payload_length);
398
399 if (iscsi_target_check_login_request(conn, login) < 0)
400 return -1;
401
402 padding = ((-payload_length) & 3);
403 memset(login->req_buf, 0, MAX_KEY_VALUE_PAIRS);
404
405 if (iscsi_login_rx_data(
406 conn,
407 login->req_buf,
408 payload_length + padding) < 0)
409 return -1;
410
411 return 0;
412 }
413
414 static int iscsi_target_do_login_io(struct iscsi_conn *conn, struct iscsi_login *login)
415 {
416 if (iscsi_target_do_tx_login_io(conn, login) < 0)
417 return -1;
418
419 if (iscsi_target_do_rx_login_io(conn, login) < 0)
420 return -1;
421
422 return 0;
423 }
424
425 static int iscsi_target_get_initial_payload(
426 struct iscsi_conn *conn,
427 struct iscsi_login *login)
428 {
429 u32 padding = 0, payload_length;
430 struct iscsi_login_req *login_req;
431
432 login_req = (struct iscsi_login_req *) login->req;
433 payload_length = ntoh24(login_req->dlength);
434
435 pr_debug("Got Login Command, Flags 0x%02x, ITT: 0x%08x,"
436 " CmdSN: 0x%08x, ExpStatSN: 0x%08x, Length: %u\n",
437 login_req->flags, login_req->itt, login_req->cmdsn,
438 login_req->exp_statsn, payload_length);
439
440 if (iscsi_target_check_login_request(conn, login) < 0)
441 return -1;
442
443 padding = ((-payload_length) & 3);
444
445 if (iscsi_login_rx_data(
446 conn,
447 login->req_buf,
448 payload_length + padding) < 0)
449 return -1;
450
451 return 0;
452 }
453
454 /*
455 * NOTE: We check for existing sessions or connections AFTER the initiator
456 * has been successfully authenticated in order to protect against faked
457 * ISID/TSIH combinations.
458 */
459 static int iscsi_target_check_for_existing_instances(
460 struct iscsi_conn *conn,
461 struct iscsi_login *login)
462 {
463 if (login->checked_for_existing)
464 return 0;
465
466 login->checked_for_existing = 1;
467
468 if (!login->tsih)
469 return iscsi_check_for_session_reinstatement(conn);
470 else
471 return iscsi_login_post_auth_non_zero_tsih(conn, login->cid,
472 login->initial_exp_statsn);
473 }
474
475 static int iscsi_target_do_authentication(
476 struct iscsi_conn *conn,
477 struct iscsi_login *login)
478 {
479 int authret;
480 u32 payload_length;
481 struct iscsi_param *param;
482 struct iscsi_login_req *login_req;
483 struct iscsi_login_rsp *login_rsp;
484
485 login_req = (struct iscsi_login_req *) login->req;
486 login_rsp = (struct iscsi_login_rsp *) login->rsp;
487 payload_length = ntoh24(login_req->dlength);
488
489 param = iscsi_find_param_from_key(AUTHMETHOD, conn->param_list);
490 if (!param)
491 return -1;
492
493 authret = iscsi_handle_authentication(
494 conn,
495 login->req_buf,
496 login->rsp_buf,
497 payload_length,
498 &login->rsp_length,
499 param->value);
500 switch (authret) {
501 case 0:
502 pr_debug("Received OK response"
503 " from LIO Authentication, continuing.\n");
504 break;
505 case 1:
506 pr_debug("iSCSI security negotiation"
507 " completed successfully.\n");
508 login->auth_complete = 1;
509 if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE1) &&
510 (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) {
511 login_rsp->flags |= (ISCSI_FLAG_LOGIN_NEXT_STAGE1 |
512 ISCSI_FLAG_LOGIN_TRANSIT);
513 login->current_stage = 1;
514 }
515 return iscsi_target_check_for_existing_instances(
516 conn, login);
517 case 2:
518 pr_err("Security negotiation"
519 " failed.\n");
520 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
521 ISCSI_LOGIN_STATUS_AUTH_FAILED);
522 return -1;
523 default:
524 pr_err("Received unknown error %d from LIO"
525 " Authentication\n", authret);
526 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
527 ISCSI_LOGIN_STATUS_TARGET_ERROR);
528 return -1;
529 }
530
531 return 0;
532 }
533
534 static int iscsi_target_handle_csg_zero(
535 struct iscsi_conn *conn,
536 struct iscsi_login *login)
537 {
538 int ret;
539 u32 payload_length;
540 struct iscsi_param *param;
541 struct iscsi_login_req *login_req;
542 struct iscsi_login_rsp *login_rsp;
543
544 login_req = (struct iscsi_login_req *) login->req;
545 login_rsp = (struct iscsi_login_rsp *) login->rsp;
546 payload_length = ntoh24(login_req->dlength);
547
548 param = iscsi_find_param_from_key(AUTHMETHOD, conn->param_list);
549 if (!param)
550 return -1;
551
552 ret = iscsi_decode_text_input(
553 PHASE_SECURITY|PHASE_DECLARATIVE,
554 SENDER_INITIATOR|SENDER_RECEIVER,
555 login->req_buf,
556 payload_length,
557 conn->param_list);
558 if (ret < 0)
559 return -1;
560
561 if (ret > 0) {
562 if (login->auth_complete) {
563 pr_err("Initiator has already been"
564 " successfully authenticated, but is still"
565 " sending %s keys.\n", param->value);
566 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
567 ISCSI_LOGIN_STATUS_INIT_ERR);
568 return -1;
569 }
570
571 goto do_auth;
572 }
573
574 if (login->first_request)
575 if (iscsi_target_check_first_request(conn, login) < 0)
576 return -1;
577
578 ret = iscsi_encode_text_output(
579 PHASE_SECURITY|PHASE_DECLARATIVE,
580 SENDER_TARGET,
581 login->rsp_buf,
582 &login->rsp_length,
583 conn->param_list);
584 if (ret < 0)
585 return -1;
586
587 if (!iscsi_check_negotiated_keys(conn->param_list)) {
588 if (ISCSI_TPG_ATTRIB(ISCSI_TPG_C(conn))->authentication &&
589 !strncmp(param->value, NONE, 4)) {
590 pr_err("Initiator sent AuthMethod=None but"
591 " Target is enforcing iSCSI Authentication,"
592 " login failed.\n");
593 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
594 ISCSI_LOGIN_STATUS_AUTH_FAILED);
595 return -1;
596 }
597
598 if (ISCSI_TPG_ATTRIB(ISCSI_TPG_C(conn))->authentication &&
599 !login->auth_complete)
600 return 0;
601
602 if (strncmp(param->value, NONE, 4) && !login->auth_complete)
603 return 0;
604
605 if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE1) &&
606 (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) {
607 login_rsp->flags |= ISCSI_FLAG_LOGIN_NEXT_STAGE1 |
608 ISCSI_FLAG_LOGIN_TRANSIT;
609 login->current_stage = 1;
610 }
611 }
612
613 return 0;
614 do_auth:
615 return iscsi_target_do_authentication(conn, login);
616 }
617
618 static int iscsi_target_handle_csg_one(struct iscsi_conn *conn, struct iscsi_login *login)
619 {
620 int ret;
621 u32 payload_length;
622 struct iscsi_login_req *login_req;
623 struct iscsi_login_rsp *login_rsp;
624
625 login_req = (struct iscsi_login_req *) login->req;
626 login_rsp = (struct iscsi_login_rsp *) login->rsp;
627 payload_length = ntoh24(login_req->dlength);
628
629 ret = iscsi_decode_text_input(
630 PHASE_OPERATIONAL|PHASE_DECLARATIVE,
631 SENDER_INITIATOR|SENDER_RECEIVER,
632 login->req_buf,
633 payload_length,
634 conn->param_list);
635 if (ret < 0)
636 return -1;
637
638 if (login->first_request)
639 if (iscsi_target_check_first_request(conn, login) < 0)
640 return -1;
641
642 if (iscsi_target_check_for_existing_instances(conn, login) < 0)
643 return -1;
644
645 ret = iscsi_encode_text_output(
646 PHASE_OPERATIONAL|PHASE_DECLARATIVE,
647 SENDER_TARGET,
648 login->rsp_buf,
649 &login->rsp_length,
650 conn->param_list);
651 if (ret < 0)
652 return -1;
653
654 if (!login->auth_complete &&
655 ISCSI_TPG_ATTRIB(ISCSI_TPG_C(conn))->authentication) {
656 pr_err("Initiator is requesting CSG: 1, has not been"
657 " successfully authenticated, and the Target is"
658 " enforcing iSCSI Authentication, login failed.\n");
659 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
660 ISCSI_LOGIN_STATUS_AUTH_FAILED);
661 return -1;
662 }
663
664 if (!iscsi_check_negotiated_keys(conn->param_list))
665 if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE3) &&
666 (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT))
667 login_rsp->flags |= ISCSI_FLAG_LOGIN_NEXT_STAGE3 |
668 ISCSI_FLAG_LOGIN_TRANSIT;
669
670 return 0;
671 }
672
673 static int iscsi_target_do_login(struct iscsi_conn *conn, struct iscsi_login *login)
674 {
675 int pdu_count = 0;
676 struct iscsi_login_req *login_req;
677 struct iscsi_login_rsp *login_rsp;
678
679 login_req = (struct iscsi_login_req *) login->req;
680 login_rsp = (struct iscsi_login_rsp *) login->rsp;
681
682 while (1) {
683 if (++pdu_count > MAX_LOGIN_PDUS) {
684 pr_err("MAX_LOGIN_PDUS count reached.\n");
685 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
686 ISCSI_LOGIN_STATUS_TARGET_ERROR);
687 return -1;
688 }
689
690 switch ((login_req->flags & ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK) >> 2) {
691 case 0:
692 login_rsp->flags |= (0 & ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK);
693 if (iscsi_target_handle_csg_zero(conn, login) < 0)
694 return -1;
695 break;
696 case 1:
697 login_rsp->flags |= ISCSI_FLAG_LOGIN_CURRENT_STAGE1;
698 if (iscsi_target_handle_csg_one(conn, login) < 0)
699 return -1;
700 if (login_rsp->flags & ISCSI_FLAG_LOGIN_TRANSIT) {
701 login->tsih = conn->sess->tsih;
702 if (iscsi_target_do_tx_login_io(conn,
703 login) < 0)
704 return -1;
705 return 0;
706 }
707 break;
708 default:
709 pr_err("Illegal CSG: %d received from"
710 " Initiator, protocol error.\n",
711 (login_req->flags & ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK)
712 >> 2);
713 break;
714 }
715
716 if (iscsi_target_do_login_io(conn, login) < 0)
717 return -1;
718
719 if (login_rsp->flags & ISCSI_FLAG_LOGIN_TRANSIT) {
720 login_rsp->flags &= ~ISCSI_FLAG_LOGIN_TRANSIT;
721 login_rsp->flags &= ~ISCSI_FLAG_LOGIN_NEXT_STAGE_MASK;
722 }
723 }
724
725 return 0;
726 }
727
728 static void iscsi_initiatorname_tolower(
729 char *param_buf)
730 {
731 char *c;
732 u32 iqn_size = strlen(param_buf), i;
733
734 for (i = 0; i < iqn_size; i++) {
735 c = &param_buf[i];
736 if (!isupper(*c))
737 continue;
738
739 *c = tolower(*c);
740 }
741 }
742
743 /*
744 * Processes the first Login Request..
745 */
746 static int iscsi_target_locate_portal(
747 struct iscsi_np *np,
748 struct iscsi_conn *conn,
749 struct iscsi_login *login)
750 {
751 char *i_buf = NULL, *s_buf = NULL, *t_buf = NULL;
752 char *tmpbuf, *start = NULL, *end = NULL, *key, *value;
753 struct iscsi_session *sess = conn->sess;
754 struct iscsi_tiqn *tiqn;
755 struct iscsi_login_req *login_req;
756 struct iscsi_targ_login_rsp *login_rsp;
757 u32 payload_length;
758 int sessiontype = 0, ret = 0;
759
760 login_req = (struct iscsi_login_req *) login->req;
761 login_rsp = (struct iscsi_targ_login_rsp *) login->rsp;
762 payload_length = ntoh24(login_req->dlength);
763
764 login->first_request = 1;
765 login->leading_connection = (!login_req->tsih) ? 1 : 0;
766 login->current_stage =
767 (login_req->flags & ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK) >> 2;
768 login->version_min = login_req->min_version;
769 login->version_max = login_req->max_version;
770 memcpy(login->isid, login_req->isid, 6);
771 login->cmd_sn = login_req->cmdsn;
772 login->init_task_tag = login_req->itt;
773 login->initial_exp_statsn = login_req->exp_statsn;
774 login->cid = login_req->cid;
775 login->tsih = login_req->tsih;
776
777 if (iscsi_target_get_initial_payload(conn, login) < 0)
778 return -1;
779
780 tmpbuf = kzalloc(payload_length + 1, GFP_KERNEL);
781 if (!tmpbuf) {
782 pr_err("Unable to allocate memory for tmpbuf.\n");
783 return -1;
784 }
785
786 memcpy(tmpbuf, login->req_buf, payload_length);
787 tmpbuf[payload_length] = '\0';
788 start = tmpbuf;
789 end = (start + payload_length);
790
791 /*
792 * Locate the initial keys expected from the Initiator node in
793 * the first login request in order to progress with the login phase.
794 */
795 while (start < end) {
796 if (iscsi_extract_key_value(start, &key, &value) < 0) {
797 ret = -1;
798 goto out;
799 }
800
801 if (!strncmp(key, "InitiatorName", 13))
802 i_buf = value;
803 else if (!strncmp(key, "SessionType", 11))
804 s_buf = value;
805 else if (!strncmp(key, "TargetName", 10))
806 t_buf = value;
807
808 start += strlen(key) + strlen(value) + 2;
809 }
810
811 /*
812 * See 5.3. Login Phase.
813 */
814 if (!i_buf) {
815 pr_err("InitiatorName key not received"
816 " in first login request.\n");
817 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
818 ISCSI_LOGIN_STATUS_MISSING_FIELDS);
819 ret = -1;
820 goto out;
821 }
822 /*
823 * Convert the incoming InitiatorName to lowercase following
824 * RFC-3720 3.2.6.1. section c) that says that iSCSI IQNs
825 * are NOT case sensitive.
826 */
827 iscsi_initiatorname_tolower(i_buf);
828
829 if (!s_buf) {
830 if (!login->leading_connection)
831 goto get_target;
832
833 pr_err("SessionType key not received"
834 " in first login request.\n");
835 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
836 ISCSI_LOGIN_STATUS_MISSING_FIELDS);
837 ret = -1;
838 goto out;
839 }
840
841 /*
842 * Use default portal group for discovery sessions.
843 */
844 sessiontype = strncmp(s_buf, DISCOVERY, 9);
845 if (!sessiontype) {
846 conn->tpg = iscsit_global->discovery_tpg;
847 if (!login->leading_connection)
848 goto get_target;
849
850 sess->sess_ops->SessionType = 1;
851 /*
852 * Setup crc32c modules from libcrypto
853 */
854 if (iscsi_login_setup_crypto(conn) < 0) {
855 pr_err("iscsi_login_setup_crypto() failed\n");
856 ret = -1;
857 goto out;
858 }
859 /*
860 * Serialize access across the discovery struct iscsi_portal_group to
861 * process login attempt.
862 */
863 if (iscsit_access_np(np, conn->tpg) < 0) {
864 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
865 ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
866 ret = -1;
867 goto out;
868 }
869 ret = 0;
870 goto out;
871 }
872
873 get_target:
874 if (!t_buf) {
875 pr_err("TargetName key not received"
876 " in first login request while"
877 " SessionType=Normal.\n");
878 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
879 ISCSI_LOGIN_STATUS_MISSING_FIELDS);
880 ret = -1;
881 goto out;
882 }
883
884 /*
885 * Locate Target IQN from Storage Node.
886 */
887 tiqn = iscsit_get_tiqn_for_login(t_buf);
888 if (!tiqn) {
889 pr_err("Unable to locate Target IQN: %s in"
890 " Storage Node\n", t_buf);
891 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
892 ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
893 ret = -1;
894 goto out;
895 }
896 pr_debug("Located Storage Object: %s\n", tiqn->tiqn);
897
898 /*
899 * Locate Target Portal Group from Storage Node.
900 */
901 conn->tpg = iscsit_get_tpg_from_np(tiqn, np);
902 if (!conn->tpg) {
903 pr_err("Unable to locate Target Portal Group"
904 " on %s\n", tiqn->tiqn);
905 iscsit_put_tiqn_for_login(tiqn);
906 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
907 ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
908 ret = -1;
909 goto out;
910 }
911 pr_debug("Located Portal Group Object: %hu\n", conn->tpg->tpgt);
912 /*
913 * Setup crc32c modules from libcrypto
914 */
915 if (iscsi_login_setup_crypto(conn) < 0) {
916 pr_err("iscsi_login_setup_crypto() failed\n");
917 ret = -1;
918 goto out;
919 }
920 /*
921 * Serialize access across the struct iscsi_portal_group to
922 * process login attempt.
923 */
924 if (iscsit_access_np(np, conn->tpg) < 0) {
925 iscsit_put_tiqn_for_login(tiqn);
926 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
927 ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE);
928 ret = -1;
929 conn->tpg = NULL;
930 goto out;
931 }
932
933 /*
934 * conn->sess->node_acl will be set when the referenced
935 * struct iscsi_session is located from received ISID+TSIH in
936 * iscsi_login_non_zero_tsih_s2().
937 */
938 if (!login->leading_connection) {
939 ret = 0;
940 goto out;
941 }
942
943 /*
944 * This value is required in iscsi_login_zero_tsih_s2()
945 */
946 sess->sess_ops->SessionType = 0;
947
948 /*
949 * Locate incoming Initiator IQN reference from Storage Node.
950 */
951 sess->se_sess->se_node_acl = core_tpg_check_initiator_node_acl(
952 &conn->tpg->tpg_se_tpg, i_buf);
953 if (!sess->se_sess->se_node_acl) {
954 pr_err("iSCSI Initiator Node: %s is not authorized to"
955 " access iSCSI target portal group: %hu.\n",
956 i_buf, conn->tpg->tpgt);
957 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR,
958 ISCSI_LOGIN_STATUS_TGT_FORBIDDEN);
959 ret = -1;
960 goto out;
961 }
962
963 ret = 0;
964 out:
965 kfree(tmpbuf);
966 return ret;
967 }
968
969 struct iscsi_login *iscsi_target_init_negotiation(
970 struct iscsi_np *np,
971 struct iscsi_conn *conn,
972 char *login_pdu)
973 {
974 struct iscsi_login *login;
975
976 login = kzalloc(sizeof(struct iscsi_login), GFP_KERNEL);
977 if (!login) {
978 pr_err("Unable to allocate memory for struct iscsi_login.\n");
979 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
980 ISCSI_LOGIN_STATUS_NO_RESOURCES);
981 return NULL;
982 }
983
984 login->req = kmemdup(login_pdu, ISCSI_HDR_LEN, GFP_KERNEL);
985 if (!login->req) {
986 pr_err("Unable to allocate memory for Login Request.\n");
987 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
988 ISCSI_LOGIN_STATUS_NO_RESOURCES);
989 goto out;
990 }
991
992 login->req_buf = kzalloc(MAX_KEY_VALUE_PAIRS, GFP_KERNEL);
993 if (!login->req_buf) {
994 pr_err("Unable to allocate memory for response buffer.\n");
995 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
996 ISCSI_LOGIN_STATUS_NO_RESOURCES);
997 goto out;
998 }
999 /*
1000 * SessionType: Discovery
1001 *
1002 * Locates Default Portal
1003 *
1004 * SessionType: Normal
1005 *
1006 * Locates Target Portal from NP -> Target IQN
1007 */
1008 if (iscsi_target_locate_portal(np, conn, login) < 0) {
1009 pr_err("iSCSI Login negotiation failed.\n");
1010 goto out;
1011 }
1012
1013 return login;
1014 out:
1015 kfree(login->req);
1016 kfree(login->req_buf);
1017 kfree(login);
1018
1019 return NULL;
1020 }
1021
1022 int iscsi_target_start_negotiation(
1023 struct iscsi_login *login,
1024 struct iscsi_conn *conn)
1025 {
1026 int ret = -1;
1027
1028 login->rsp = kzalloc(ISCSI_HDR_LEN, GFP_KERNEL);
1029 if (!login->rsp) {
1030 pr_err("Unable to allocate memory for"
1031 " Login Response.\n");
1032 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
1033 ISCSI_LOGIN_STATUS_NO_RESOURCES);
1034 ret = -1;
1035 goto out;
1036 }
1037
1038 login->rsp_buf = kzalloc(MAX_KEY_VALUE_PAIRS, GFP_KERNEL);
1039 if (!login->rsp_buf) {
1040 pr_err("Unable to allocate memory for"
1041 " request buffer.\n");
1042 iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
1043 ISCSI_LOGIN_STATUS_NO_RESOURCES);
1044 ret = -1;
1045 goto out;
1046 }
1047
1048 ret = iscsi_target_do_login(conn, login);
1049 out:
1050 if (ret != 0)
1051 iscsi_remove_failed_auth_entry(conn);
1052
1053 iscsi_target_nego_release(login, conn);
1054 return ret;
1055 }
1056
1057 void iscsi_target_nego_release(
1058 struct iscsi_login *login,
1059 struct iscsi_conn *conn)
1060 {
1061 kfree(login->req);
1062 kfree(login->rsp);
1063 kfree(login->req_buf);
1064 kfree(login->rsp_buf);
1065 kfree(login);
1066 }