From 0441d0f93788b617a38b75e4a44744406976c822 Mon Sep 17 00:00:00 2001

From: Tomas Bzatek <tbzatek@redhat.com>

Date: Mon, 31 Jul 2023 16:48:28 +0200

Subject: [PATCH] iscsi: Fix login on firmware-discovered nodes

There's currently no way to distinguish between force-no-auth and

use-fw-discovered-auth-info scenarios from the D-Bus API so let's

assume that the caller wants to retain the firmware-discovered auth

info unless overriden with specific CHAP credentials.

---

 .../data/org.freedesktop.UDisks2.iscsi.xml    |  3 +++

 modules/iscsi/udisksiscsiutil.c               | 27 ++++++++++++++++++-

 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml b/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml

index cf262deb68..e8a717ff1d 100644

--- a/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml

+++ b/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml

@@ -162,6 +162,9 @@

         <parameter>reverse-password</parameter> will be used for CHAP

         authentication.

+        Firmware-discovered nodes retain their authentication info unless

+        overriden with specified credentials (see above).

+

         All the additional options are transformed into the interface

         parameters.  For example, if an automatic node startup is desired, the

         <parameter>node.startup</parameter> needs to be set to

diff --git a/modules/iscsi/udisksiscsiutil.c b/modules/iscsi/udisksiscsiutil.c

index b279442876..fb4f5ea167 100644

--- a/modules/iscsi/udisksiscsiutil.c

+++ b/modules/iscsi/udisksiscsiutil.c

@@ -264,6 +264,31 @@ iscsi_params_pop_chap_data (GVariant      *params,

   return g_variant_dict_end (&dict);

 }

+static gboolean

+is_auth_required (struct libiscsi_context   *ctx,

+                  struct libiscsi_node      *node,

+                  struct libiscsi_auth_info *auth_info)

+{

+  char val[LIBISCSI_VALUE_MAXLEN + 1] = {'\0',};

+  int ret;

+

+  /* TODO: No way to distinguish between the "no auth requested" and

+   *       "retain discovered auth info" scenarios from the D-Bus API.

+   */

+

+  /* In case CHAP auth is requested, let's use it unconditionally */

+  if (auth_info->method != libiscsi_auth_none)

+    return TRUE;

+

+  /* Avoid auth override on firmware-discovered nodes */

+  ret = libiscsi_node_get_parameter (ctx, node, "node.discovery_type", val);

+  if (ret == 0 && g_strcmp0 (val, "fw") == 0)

+    return FALSE;

+

+  /* Not a firmware-discovered node, maintain legacy rules */

+  return TRUE;

+}

+

 gint

 iscsi_login (UDisksLinuxModuleISCSI *module,

              const gchar            *name,

@@ -317,7 +342,7 @@ iscsi_login (UDisksLinuxModuleISCSI *module,

       err = iscsi_perform_login_action (module,

                                         ACTION_LOGIN,

                                         &node,

-                                        &auth_info,

+                                        is_auth_required (ctx, &node, &auth_info) ? &auth_info : NULL,

                                         errorstr);

     }