/******************************************************************************* * This file contains main functions related to iSCSI Parameter negotiation. * * \u00a9 Copyright 2007-2011 RisingTide Systems LLC. * * Licensed to the Linux Foundation under the General Public License (GPL) version 2. * * Author: Nicholas A. Bellinger * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. ******************************************************************************/ #include #include #include #include #include "iscsi_target_core.h" #include "iscsi_target_parameters.h" #include "iscsi_target_login.h" #include "iscsi_target_nego.h" #include "iscsi_target_tpg.h" #include "iscsi_target_util.h" #include "iscsi_target.h" #include "iscsi_target_auth.h" #define MAX_LOGIN_PDUS 7 #define TEXT_LEN 4096 void convert_null_to_semi(char *buf, int len) { int i; for (i = 0; i < len; i++) if (buf[i] == '\0') buf[i] = ';'; } int strlen_semi(char *buf) { int i = 0; while (buf[i] != '\0') { if (buf[i] == ';') return i; i++; } return -1; } int extract_param( const char *in_buf, const char *pattern, unsigned int max_length, char *out_buf, unsigned char *type) { char *ptr; int len; if (!in_buf || !pattern || !out_buf || !type) return -1; ptr = strstr(in_buf, pattern); if (!ptr) return -1; ptr = strstr(ptr, "="); if (!ptr) return -1; ptr += 1; if (*ptr == '0' && (*(ptr+1) == 'x' || *(ptr+1) == 'X')) { ptr += 2; /* skip 0x */ *type = HEX; } else *type = DECIMAL; len = strlen_semi(ptr); if (len < 0) return -1; if (len > max_length) { pr_err("Length of input: %d exceeds max_length:" " %d\n", len, max_length); return -1; } memcpy(out_buf, ptr, len); out_buf[len] = '\0'; return 0; } static u32 iscsi_handle_authentication( struct iscsi_conn *conn, char *in_buf, char *out_buf, int in_length, int *out_length, unsigned char *authtype) { struct iscsi_session *sess = conn->sess; struct iscsi_node_auth *auth; struct iscsi_node_acl *iscsi_nacl; struct se_node_acl *se_nacl; if (!sess->sess_ops->SessionType) { /* * For SessionType=Normal */ se_nacl = conn->sess->se_sess->se_node_acl; if (!se_nacl) { pr_err("Unable to locate struct se_node_acl for" " CHAP auth\n"); return -1; } iscsi_nacl = container_of(se_nacl, struct iscsi_node_acl, se_node_acl); if (!iscsi_nacl) { pr_err("Unable to locate struct iscsi_node_acl for" " CHAP auth\n"); return -1; } auth = ISCSI_NODE_AUTH(iscsi_nacl); } else { /* * For SessionType=Discovery */ auth = &iscsit_global->discovery_acl.node_auth; } if (strstr("CHAP", authtype)) strcpy(conn->sess->auth_type, "CHAP"); else strcpy(conn->sess->auth_type, NONE); if (strstr("None", authtype)) return 1; #ifdef CANSRP else if (strstr("SRP", authtype)) return srp_main_loop(conn, auth, in_buf, out_buf, &in_length, out_length); #endif else if (strstr("CHAP", authtype)) return chap_main_loop(conn, auth, in_buf, out_buf, &in_length, out_length); else if (strstr("SPKM1", authtype)) return 2; else if (strstr("SPKM2", authtype)) return 2; else if (strstr("KRB5", authtype)) return 2; else return 2; } static void iscsi_remove_failed_auth_entry(struct iscsi_conn *conn) { kfree(conn->auth_protocol); } static int iscsi_target_check_login_request( struct iscsi_conn *conn, struct iscsi_login *login) { int req_csg, req_nsg, rsp_csg, rsp_nsg; u32 payload_length; struct iscsi_login_req *login_req; struct iscsi_login_rsp *login_rsp; login_req = (struct iscsi_login_req *) login->req; login_rsp = (struct iscsi_login_rsp *) login->rsp; payload_length = ntoh24(login_req->dlength); switch (login_req->opcode & ISCSI_OPCODE_MASK) { case ISCSI_OP_LOGIN: break; default: pr_err("Received unknown opcode 0x%02x.\n", login_req->opcode & ISCSI_OPCODE_MASK); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, ISCSI_LOGIN_STATUS_INIT_ERR); return -1; } if ((login_req->flags & ISCSI_FLAG_LOGIN_CONTINUE) && (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) { pr_err("Login request has both ISCSI_FLAG_LOGIN_CONTINUE" " and ISCSI_FLAG_LOGIN_TRANSIT set, protocol error.\n"); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, ISCSI_LOGIN_STATUS_INIT_ERR); return -1; } req_csg = (login_req->flags & ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK) >> 2; rsp_csg = (login_rsp->flags & ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK) >> 2; req_nsg = (login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE_MASK); rsp_nsg = (login_rsp->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE_MASK); if (req_csg != login->current_stage) { pr_err("Initiator unexpectedly changed login stage" " from %d to %d, login failed.\n", login->current_stage, req_csg); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, ISCSI_LOGIN_STATUS_INIT_ERR); return -1; } if ((req_nsg == 2) || (req_csg >= 2) || ((login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT) && (req_nsg <= req_csg))) { pr_err("Illegal login_req->flags Combination, CSG: %d," " NSG: %d, ISCSI_FLAG_LOGIN_TRANSIT: %d.\n", req_csg, req_nsg, (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, ISCSI_LOGIN_STATUS_INIT_ERR); return -1; } if ((login_req->max_version != login->version_max) || (login_req->min_version != login->version_min)) { pr_err("Login request changed Version Max/Nin" " unexpectedly to 0x%02x/0x%02x, protocol error\n", login_req->max_version, login_req->min_version); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, ISCSI_LOGIN_STATUS_INIT_ERR); return -1; } if (memcmp(login_req->isid, login->isid, 6) != 0) { pr_err("Login request changed ISID unexpectedly," " protocol error.\n"); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, ISCSI_LOGIN_STATUS_INIT_ERR); return -1; } if (login_req->itt != login->init_task_tag) { pr_err("Login request changed ITT unexpectedly to" " 0x%08x, protocol error.\n", login_req->itt); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, ISCSI_LOGIN_STATUS_INIT_ERR); return -1; } if (payload_length > MAX_KEY_VALUE_PAIRS) { pr_err("Login request payload exceeds default" " MaxRecvDataSegmentLength: %u, protocol error.\n", MAX_KEY_VALUE_PAIRS); return -1; } return 0; } static int iscsi_target_check_first_request( struct iscsi_conn *conn, struct iscsi_login *login) { struct iscsi_param *param = NULL; struct se_node_acl *se_nacl; login->first_request = 0; list_for_each_entry(param, &conn->param_list->param_list, p_list) { if (!strncmp(param->name, SESSIONTYPE, 11)) { if (!IS_PSTATE_ACCEPTOR(param)) { pr_err("SessionType key not received" " in first login request.\n"); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, ISCSI_LOGIN_STATUS_MISSING_FIELDS); return -1; } if (!strncmp(param->value, DISCOVERY, 9)) return 0; } if (!strncmp(param->name, INITIATORNAME, 13)) { if (!IS_PSTATE_ACCEPTOR(param)) { if (!login->leading_connection) continue; pr_err("InitiatorName key not received" " in first login request.\n"); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, ISCSI_LOGIN_STATUS_MISSING_FIELDS); return -1; } /* * For non-leading connections, double check that the * received InitiatorName matches the existing session's * struct iscsi_node_acl. */ if (!login->leading_connection) { se_nacl = conn->sess->se_sess->se_node_acl; if (!se_nacl) { pr_err("Unable to locate" " struct se_node_acl\n"); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, ISCSI_LOGIN_STATUS_TGT_NOT_FOUND); return -1; } if (strcmp(param->value, se_nacl->initiatorname)) { pr_err("Incorrect" " InitiatorName: %s for this" " iSCSI Initiator Node.\n", param->value); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, ISCSI_LOGIN_STATUS_TGT_NOT_FOUND); return -1; } } } } return 0; } static int iscsi_target_do_tx_login_io(struct iscsi_conn *conn, struct iscsi_login *login) { u32 padding = 0; struct iscsi_session *sess = conn->sess; struct iscsi_login_rsp *login_rsp; login_rsp = (struct iscsi_login_rsp *) login->rsp; login_rsp->opcode = ISCSI_OP_LOGIN_RSP; hton24(login_rsp->dlength, login->rsp_length); memcpy(login_rsp->isid, login->isid, 6); login_rsp->tsih = cpu_to_be16(login->tsih); login_rsp->itt = cpu_to_be32(login->init_task_tag); login_rsp->statsn = cpu_to_be32(conn->stat_sn++); login_rsp->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn); login_rsp->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn); pr_debug("Sending Login Response, Flags: 0x%02x, ITT: 0x%08x," " ExpCmdSN; 0x%08x, MaxCmdSN: 0x%08x, StatSN: 0x%08x, Length:" " %u\n", login_rsp->flags, ntohl(login_rsp->itt), ntohl(login_rsp->exp_cmdsn), ntohl(login_rsp->max_cmdsn), ntohl(login_rsp->statsn), login->rsp_length); padding = ((-login->rsp_length) & 3); if (iscsi_login_tx_data( conn, login->rsp, login->rsp_buf, login->rsp_length + padding) < 0) return -1; login->rsp_length = 0; login_rsp->tsih = be16_to_cpu(login_rsp->tsih); login_rsp->itt = be32_to_cpu(login_rsp->itt); login_rsp->statsn = be32_to_cpu(login_rsp->statsn); mutex_lock(&sess->cmdsn_mutex); login_rsp->exp_cmdsn = be32_to_cpu(sess->exp_cmd_sn); login_rsp->max_cmdsn = be32_to_cpu(sess->max_cmd_sn); mutex_unlock(&sess->cmdsn_mutex); return 0; } static int iscsi_target_do_rx_login_io(struct iscsi_conn *conn, struct iscsi_login *login) { u32 padding = 0, payload_length; struct iscsi_login_req *login_req; if (iscsi_login_rx_data(conn, login->req, ISCSI_HDR_LEN) < 0) return -1; login_req = (struct iscsi_login_req *) login->req; payload_length = ntoh24(login_req->dlength); login_req->tsih = be16_to_cpu(login_req->tsih); login_req->itt = be32_to_cpu(login_req->itt); login_req->cid = be16_to_cpu(login_req->cid); login_req->cmdsn = be32_to_cpu(login_req->cmdsn); login_req->exp_statsn = be32_to_cpu(login_req->exp_statsn); pr_debug("Got Login Command, Flags 0x%02x, ITT: 0x%08x," " CmdSN: 0x%08x, ExpStatSN: 0x%08x, CID: %hu, Length: %u\n", login_req->flags, login_req->itt, login_req->cmdsn, login_req->exp_statsn, login_req->cid, payload_length); if (iscsi_target_check_login_request(conn, login) < 0) return -1; padding = ((-payload_length) & 3); memset(login->req_buf, 0, MAX_KEY_VALUE_PAIRS); if (iscsi_login_rx_data( conn, login->req_buf, payload_length + padding) < 0) return -1; return 0; } static int iscsi_target_do_login_io(struct iscsi_conn *conn, struct iscsi_login *login) { if (iscsi_target_do_tx_login_io(conn, login) < 0) return -1; if (iscsi_target_do_rx_login_io(conn, login) < 0) return -1; return 0; } static int iscsi_target_get_initial_payload( struct iscsi_conn *conn, struct iscsi_login *login) { u32 padding = 0, payload_length; struct iscsi_login_req *login_req; login_req = (struct iscsi_login_req *) login->req; payload_length = ntoh24(login_req->dlength); pr_debug("Got Login Command, Flags 0x%02x, ITT: 0x%08x," " CmdSN: 0x%08x, ExpStatSN: 0x%08x, Length: %u\n", login_req->flags, login_req->itt, login_req->cmdsn, login_req->exp_statsn, payload_length); if (iscsi_target_check_login_request(conn, login) < 0) return -1; padding = ((-payload_length) & 3); if (iscsi_login_rx_data( conn, login->req_buf, payload_length + padding) < 0) return -1; return 0; } /* * NOTE: We check for existing sessions or connections AFTER the initiator * has been successfully authenticated in order to protect against faked * ISID/TSIH combinations. */ static int iscsi_target_check_for_existing_instances( struct iscsi_conn *conn, struct iscsi_login *login) { if (login->checked_for_existing) return 0; login->checked_for_existing = 1; if (!login->tsih) return iscsi_check_for_session_reinstatement(conn); else return iscsi_login_post_auth_non_zero_tsih(conn, login->cid, login->initial_exp_statsn); } static int iscsi_target_do_authentication( struct iscsi_conn *conn, struct iscsi_login *login) { int authret; u32 payload_length; struct iscsi_param *param; struct iscsi_login_req *login_req; struct iscsi_login_rsp *login_rsp; login_req = (struct iscsi_login_req *) login->req; login_rsp = (struct iscsi_login_rsp *) login->rsp; payload_length = ntoh24(login_req->dlength); param = iscsi_find_param_from_key(AUTHMETHOD, conn->param_list); if (!param) return -1; authret = iscsi_handle_authentication( conn, login->req_buf, login->rsp_buf, payload_length, &login->rsp_length, param->value); switch (authret) { case 0: pr_debug("Received OK response" " from LIO Authentication, continuing.\n"); break; case 1: pr_debug("iSCSI security negotiation" " completed successfully.\n"); login->auth_complete = 1; if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE1) && (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) { login_rsp->flags |= (ISCSI_FLAG_LOGIN_NEXT_STAGE1 | ISCSI_FLAG_LOGIN_TRANSIT); login->current_stage = 1; } return iscsi_target_check_for_existing_instances( conn, login); case 2: pr_err("Security negotiation" " failed.\n"); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, ISCSI_LOGIN_STATUS_AUTH_FAILED); return -1; default: pr_err("Received unknown error %d from LIO" " Authentication\n", authret); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR, ISCSI_LOGIN_STATUS_TARGET_ERROR); return -1; } return 0; } static int iscsi_target_handle_csg_zero( struct iscsi_conn *conn, struct iscsi_login *login) { int ret; u32 payload_length; struct iscsi_param *param; struct iscsi_login_req *login_req; struct iscsi_login_rsp *login_rsp; login_req = (struct iscsi_login_req *) login->req; login_rsp = (struct iscsi_login_rsp *) login->rsp; payload_length = ntoh24(login_req->dlength); param = iscsi_find_param_from_key(AUTHMETHOD, conn->param_list); if (!param) return -1; ret = iscsi_decode_text_input( PHASE_SECURITY|PHASE_DECLARATIVE, SENDER_INITIATOR|SENDER_RECEIVER, login->req_buf, payload_length, conn->param_list); if (ret < 0) return -1; if (ret > 0) { if (login->auth_complete) { pr_err("Initiator has already been" " successfully authenticated, but is still" " sending %s keys.\n", param->value); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, ISCSI_LOGIN_STATUS_INIT_ERR); return -1; } goto do_auth; } if (login->first_request) if (iscsi_target_check_first_request(conn, login) < 0) return -1; ret = iscsi_encode_text_output( PHASE_SECURITY|PHASE_DECLARATIVE, SENDER_TARGET, login->rsp_buf, &login->rsp_length, conn->param_list); if (ret < 0) return -1; if (!iscsi_check_negotiated_keys(conn->param_list)) { if (ISCSI_TPG_ATTRIB(ISCSI_TPG_C(conn))->authentication && !strncmp(param->value, NONE, 4)) { pr_err("Initiator sent AuthMethod=None but" " Target is enforcing iSCSI Authentication," " login failed.\n"); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, ISCSI_LOGIN_STATUS_AUTH_FAILED); return -1; } if (ISCSI_TPG_ATTRIB(ISCSI_TPG_C(conn))->authentication && !login->auth_complete) return 0; if (strncmp(param->value, NONE, 4) && !login->auth_complete) return 0; if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE1) && (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) { login_rsp->flags |= ISCSI_FLAG_LOGIN_NEXT_STAGE1 | ISCSI_FLAG_LOGIN_TRANSIT; login->current_stage = 1; } } return 0; do_auth: return iscsi_target_do_authentication(conn, login); } static int iscsi_target_handle_csg_one(struct iscsi_conn *conn, struct iscsi_login *login) { int ret; u32 payload_length; struct iscsi_login_req *login_req; struct iscsi_login_rsp *login_rsp; login_req = (struct iscsi_login_req *) login->req; login_rsp = (struct iscsi_login_rsp *) login->rsp; payload_length = ntoh24(login_req->dlength); ret = iscsi_decode_text_input( PHASE_OPERATIONAL|PHASE_DECLARATIVE, SENDER_INITIATOR|SENDER_RECEIVER, login->req_buf, payload_length, conn->param_list); if (ret < 0) return -1; if (login->first_request) if (iscsi_target_check_first_request(conn, login) < 0) return -1; if (iscsi_target_check_for_existing_instances(conn, login) < 0) return -1; ret = iscsi_encode_text_output( PHASE_OPERATIONAL|PHASE_DECLARATIVE, SENDER_TARGET, login->rsp_buf, &login->rsp_length, conn->param_list); if (ret < 0) return -1; if (!login->auth_complete && ISCSI_TPG_ATTRIB(ISCSI_TPG_C(conn))->authentication) { pr_err("Initiator is requesting CSG: 1, has not been" " successfully authenticated, and the Target is" " enforcing iSCSI Authentication, login failed.\n"); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, ISCSI_LOGIN_STATUS_AUTH_FAILED); return -1; } if (!iscsi_check_negotiated_keys(conn->param_list)) if ((login_req->flags & ISCSI_FLAG_LOGIN_NEXT_STAGE3) && (login_req->flags & ISCSI_FLAG_LOGIN_TRANSIT)) login_rsp->flags |= ISCSI_FLAG_LOGIN_NEXT_STAGE3 | ISCSI_FLAG_LOGIN_TRANSIT; return 0; } static int iscsi_target_do_login(struct iscsi_conn *conn, struct iscsi_login *login) { int pdu_count = 0; struct iscsi_login_req *login_req; struct iscsi_login_rsp *login_rsp; login_req = (struct iscsi_login_req *) login->req; login_rsp = (struct iscsi_login_rsp *) login->rsp; while (1) { if (++pdu_count > MAX_LOGIN_PDUS) { pr_err("MAX_LOGIN_PDUS count reached.\n"); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR, ISCSI_LOGIN_STATUS_TARGET_ERROR); return -1; } switch ((login_req->flags & ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK) >> 2) { case 0: login_rsp->flags |= (0 & ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK); if (iscsi_target_handle_csg_zero(conn, login) < 0) return -1; break; case 1: login_rsp->flags |= ISCSI_FLAG_LOGIN_CURRENT_STAGE1; if (iscsi_target_handle_csg_one(conn, login) < 0) return -1; if (login_rsp->flags & ISCSI_FLAG_LOGIN_TRANSIT) { login->tsih = conn->sess->tsih; if (iscsi_target_do_tx_login_io(conn, login) < 0) return -1; return 0; } break; default: pr_err("Illegal CSG: %d received from" " Initiator, protocol error.\n", (login_req->flags & ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK) >> 2); break; } if (iscsi_target_do_login_io(conn, login) < 0) return -1; if (login_rsp->flags & ISCSI_FLAG_LOGIN_TRANSIT) { login_rsp->flags &= ~ISCSI_FLAG_LOGIN_TRANSIT; login_rsp->flags &= ~ISCSI_FLAG_LOGIN_NEXT_STAGE_MASK; } } return 0; } static void iscsi_initiatorname_tolower( char *param_buf) { char *c; u32 iqn_size = strlen(param_buf), i; for (i = 0; i < iqn_size; i++) { c = ¶m_buf[i]; if (!isupper(*c)) continue; *c = tolower(*c); } } /* * Processes the first Login Request.. */ static int iscsi_target_locate_portal( struct iscsi_np *np, struct iscsi_conn *conn, struct iscsi_login *login) { char *i_buf = NULL, *s_buf = NULL, *t_buf = NULL; char *tmpbuf, *start = NULL, *end = NULL, *key, *value; struct iscsi_session *sess = conn->sess; struct iscsi_tiqn *tiqn; struct iscsi_login_req *login_req; struct iscsi_targ_login_rsp *login_rsp; u32 payload_length; int sessiontype = 0, ret = 0; login_req = (struct iscsi_login_req *) login->req; login_rsp = (struct iscsi_targ_login_rsp *) login->rsp; payload_length = ntoh24(login_req->dlength); login->first_request = 1; login->leading_connection = (!login_req->tsih) ? 1 : 0; login->current_stage = (login_req->flags & ISCSI_FLAG_LOGIN_CURRENT_STAGE_MASK) >> 2; login->version_min = login_req->min_version; login->version_max = login_req->max_version; memcpy(login->isid, login_req->isid, 6); login->cmd_sn = login_req->cmdsn; login->init_task_tag = login_req->itt; login->initial_exp_statsn = login_req->exp_statsn; login->cid = login_req->cid; login->tsih = login_req->tsih; if (iscsi_target_get_initial_payload(conn, login) < 0) return -1; tmpbuf = kzalloc(payload_length + 1, GFP_KERNEL); if (!tmpbuf) { pr_err("Unable to allocate memory for tmpbuf.\n"); return -1; } memcpy(tmpbuf, login->req_buf, payload_length); tmpbuf[payload_length] = '\0'; start = tmpbuf; end = (start + payload_length); /* * Locate the initial keys expected from the Initiator node in * the first login request in order to progress with the login phase. */ while (start < end) { if (iscsi_extract_key_value(start, &key, &value) < 0) { ret = -1; goto out; } if (!strncmp(key, "InitiatorName", 13)) i_buf = value; else if (!strncmp(key, "SessionType", 11)) s_buf = value; else if (!strncmp(key, "TargetName", 10)) t_buf = value; start += strlen(key) + strlen(value) + 2; } /* * See 5.3. Login Phase. */ if (!i_buf) { pr_err("InitiatorName key not received" " in first login request.\n"); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, ISCSI_LOGIN_STATUS_MISSING_FIELDS); ret = -1; goto out; } /* * Convert the incoming InitiatorName to lowercase following * RFC-3720 3.2.6.1. section c) that says that iSCSI IQNs * are NOT case sensitive. */ iscsi_initiatorname_tolower(i_buf); if (!s_buf) { if (!login->leading_connection) goto get_target; pr_err("SessionType key not received" " in first login request.\n"); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, ISCSI_LOGIN_STATUS_MISSING_FIELDS); ret = -1; goto out; } /* * Use default portal group for discovery sessions. */ sessiontype = strncmp(s_buf, DISCOVERY, 9); if (!sessiontype) { conn->tpg = iscsit_global->discovery_tpg; if (!login->leading_connection) goto get_target; sess->sess_ops->SessionType = 1; /* * Setup crc32c modules from libcrypto */ if (iscsi_login_setup_crypto(conn) < 0) { pr_err("iscsi_login_setup_crypto() failed\n"); ret = -1; goto out; } /* * Serialize access across the discovery struct iscsi_portal_group to * process login attempt. */ if (iscsit_access_np(np, conn->tpg) < 0) { iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR, ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE); ret = -1; goto out; } ret = 0; goto out; } get_target: if (!t_buf) { pr_err("TargetName key not received" " in first login request while" " SessionType=Normal.\n"); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, ISCSI_LOGIN_STATUS_MISSING_FIELDS); ret = -1; goto out; } /* * Locate Target IQN from Storage Node. */ tiqn = iscsit_get_tiqn_for_login(t_buf); if (!tiqn) { pr_err("Unable to locate Target IQN: %s in" " Storage Node\n", t_buf); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR, ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE); ret = -1; goto out; } pr_debug("Located Storage Object: %s\n", tiqn->tiqn); /* * Locate Target Portal Group from Storage Node. */ conn->tpg = iscsit_get_tpg_from_np(tiqn, np); if (!conn->tpg) { pr_err("Unable to locate Target Portal Group" " on %s\n", tiqn->tiqn); iscsit_put_tiqn_for_login(tiqn); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR, ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE); ret = -1; goto out; } pr_debug("Located Portal Group Object: %hu\n", conn->tpg->tpgt); /* * Setup crc32c modules from libcrypto */ if (iscsi_login_setup_crypto(conn) < 0) { pr_err("iscsi_login_setup_crypto() failed\n"); ret = -1; goto out; } /* * Serialize access across the struct iscsi_portal_group to * process login attempt. */ if (iscsit_access_np(np, conn->tpg) < 0) { iscsit_put_tiqn_for_login(tiqn); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR, ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE); ret = -1; conn->tpg = NULL; goto out; } /* * conn->sess->node_acl will be set when the referenced * struct iscsi_session is located from received ISID+TSIH in * iscsi_login_non_zero_tsih_s2(). */ if (!login->leading_connection) { ret = 0; goto out; } /* * This value is required in iscsi_login_zero_tsih_s2() */ sess->sess_ops->SessionType = 0; /* * Locate incoming Initiator IQN reference from Storage Node. */ sess->se_sess->se_node_acl = core_tpg_check_initiator_node_acl( &conn->tpg->tpg_se_tpg, i_buf); if (!sess->se_sess->se_node_acl) { pr_err("iSCSI Initiator Node: %s is not authorized to" " access iSCSI target portal group: %hu.\n", i_buf, conn->tpg->tpgt); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_INITIATOR_ERR, ISCSI_LOGIN_STATUS_TGT_FORBIDDEN); ret = -1; goto out; } ret = 0; out: kfree(tmpbuf); return ret; } struct iscsi_login *iscsi_target_init_negotiation( struct iscsi_np *np, struct iscsi_conn *conn, char *login_pdu) { struct iscsi_login *login; login = kzalloc(sizeof(struct iscsi_login), GFP_KERNEL); if (!login) { pr_err("Unable to allocate memory for struct iscsi_login.\n"); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR, ISCSI_LOGIN_STATUS_NO_RESOURCES); return NULL; } login->req = kmemdup(login_pdu, ISCSI_HDR_LEN, GFP_KERNEL); if (!login->req) { pr_err("Unable to allocate memory for Login Request.\n"); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR, ISCSI_LOGIN_STATUS_NO_RESOURCES); goto out; } login->req_buf = kzalloc(MAX_KEY_VALUE_PAIRS, GFP_KERNEL); if (!login->req_buf) { pr_err("Unable to allocate memory for response buffer.\n"); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR, ISCSI_LOGIN_STATUS_NO_RESOURCES); goto out; } /* * SessionType: Discovery * * Locates Default Portal * * SessionType: Normal * * Locates Target Portal from NP -> Target IQN */ if (iscsi_target_locate_portal(np, conn, login) < 0) { pr_err("iSCSI Login negotiation failed.\n"); goto out; } return login; out: kfree(login->req); kfree(login->req_buf); kfree(login); return NULL; } int iscsi_target_start_negotiation( struct iscsi_login *login, struct iscsi_conn *conn) { int ret = -1; login->rsp = kzalloc(ISCSI_HDR_LEN, GFP_KERNEL); if (!login->rsp) { pr_err("Unable to allocate memory for" " Login Response.\n"); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR, ISCSI_LOGIN_STATUS_NO_RESOURCES); ret = -1; goto out; } login->rsp_buf = kzalloc(MAX_KEY_VALUE_PAIRS, GFP_KERNEL); if (!login->rsp_buf) { pr_err("Unable to allocate memory for" " request buffer.\n"); iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR, ISCSI_LOGIN_STATUS_NO_RESOURCES); ret = -1; goto out; } ret = iscsi_target_do_login(conn, login); out: if (ret != 0) iscsi_remove_failed_auth_entry(conn); iscsi_target_nego_release(login, conn); return ret; } void iscsi_target_nego_release( struct iscsi_login *login, struct iscsi_conn *conn) { kfree(login->req); kfree(login->rsp); kfree(login->req_buf); kfree(login->rsp_buf); kfree(login); }