lib/iscsi: Separate CHAP params setup and authentication process

This is a preparation to support per portal group CHAP authentication
for discovery session.

Previously require_chap, disable_chap, and mutual_chap had been set
and used in iscsi_negotiate_param(), and chap_group had been set
and used in iscsi_get_authinfo().

If a connection is in a discovery session, the connection can get
all CHAP params at its creation, spdk_iscsi_conn_construct().

If a connection is in a normal session, the connection can get all
CHAP params in iscsi_op_login_negotiate_chap_param().

Each connection is in either discovery session or normal session.

So the following change is possible and is done in this patch.

spdk_iscsi_conn_construct() sets all CHAP params of the connection
by global parameters. Then iscsi_op_login_negotiate_chap_param()
overwrites them by the corresponding target's parameters.
iscsi_negotiate_chap_param() and iscsi_get_authinfo() just refer
the CHAP params.

Besides, iscsi_get_authinfo() changed to call just
spdk_iscsi_chap_get_authinfo() inside, and so inline
spdk_iscsi_chap_get_authinfo() into iscsi_auth_params() and then
remove iscsi_get_authinfo().

Signed-off-by: Shuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com>
Change-Id: I8028673cc6923e1b8bc20af55e0c3cc933972fc0
Reviewed-on: https://review.gerrithub.io/c/spdk/spdk/+/469218
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Jim Harris <james.r.harris@intel.com>
Reviewed-by: Ben Walker <benjamin.walker@intel.com>

lib/iscsi/conn.c

@@ -222,6 +222,10 @@ spdk_iscsi_conn_construct(struct spdk_iscsi_portal *portal,
 	conn->nop_outstanding = false;
 	conn->data_out_cnt = 0;
 	conn->data_in_cnt = 0;
+	conn->disable_chap = g_spdk_iscsi.disable_chap;
+	conn->require_chap = g_spdk_iscsi.require_chap;
+	conn->mutual_chap = g_spdk_iscsi.mutual_chap;
+	conn->chap_group = g_spdk_iscsi.chap_group;
 	pthread_mutex_unlock(&g_spdk_iscsi.mutex);
 	conn->MaxRecvDataSegmentLength = 8192; /* RFC3720(12.12) */
 

lib/iscsi/conn.h

@@ -134,8 +134,10 @@ struct spdk_iscsi_conn {
 	bool conn_param_state_negotiated[MAX_CONNECTION_PARAMS];
 	struct iscsi_chap_auth auth;
 	bool authenticated;
+	bool disable_chap;
 	bool require_chap;
 	bool mutual_chap;
+	int32_t chap_group;
 	uint32_t pending_task_cnt;
 	uint32_t data_out_cnt;
 	uint32_t data_in_cnt;

lib/iscsi/iscsi.c

@@ -781,30 +781,6 @@ iscsi_append_param(struct spdk_iscsi_conn *conn, const char *key,
 	return rc;
 }
 
-static int
-iscsi_get_authinfo(struct spdk_iscsi_conn *conn, const char *authuser)
-{
-	int ag_tag;
-	int rc;
-
-	if (conn->sess->target != NULL) {
-		ag_tag = conn->sess->target->chap_group;
-	} else {
-		ag_tag = -1;
-	}
-	if (ag_tag < 0) {
-		ag_tag = g_spdk_iscsi.chap_group;
-	}
-	SPDK_DEBUGLOG(SPDK_LOG_ISCSI, "ag_tag=%d\n", ag_tag);
-
-	rc = spdk_iscsi_chap_get_authinfo(&conn->auth, authuser, ag_tag);
-	if (rc < 0) {
-		SPDK_ERRLOG("chap_get_authinfo() failed\n");
-		return -1;
-	}
-	return 0;
-}
-
 static int
 iscsi_auth_params(struct spdk_iscsi_conn *conn,
 		  struct iscsi_param *params, const char *method, uint8_t *data,
@@ -930,10 +906,12 @@ iscsi_auth_params(struct spdk_iscsi_conn *conn,
 		}
 		SPDK_DEBUGLOG(SPDK_LOG_ISCSI, "got CHAP_N/CHAP_R\n");
 
-		rc = iscsi_get_authinfo(conn, name);
+		SPDK_DEBUGLOG(SPDK_LOG_ISCSI, "ag_tag=%d\n", conn->chap_group);
+
+		rc = spdk_iscsi_chap_get_authinfo(&conn->auth, name, conn->chap_group);
 		if (rc < 0) {
 			/* SPDK_ERRLOG("auth user or secret is missing\n"); */
-			SPDK_ERRLOG("iscsi_get_authinfo() failed\n");
+			SPDK_ERRLOG("spdk_iscsi_chap_get_authinfo() failed\n");
 			goto error_return;
 		}
 		if (conn->auth.user[0] == '\0' || conn->auth.secret[0] == '\0') {
@@ -1277,26 +1255,14 @@ iscsi_op_login_update_param(struct spdk_iscsi_conn *conn,
 }
 
 static int
-iscsi_negotiate_chap_param(struct spdk_iscsi_conn *conn, bool disable_chap,
-			   bool require_chap, bool mutual_chap)
+iscsi_negotiate_chap_param(struct spdk_iscsi_conn *conn)
 {
 	int rc = 0;
 
-	if (disable_chap) {
-		conn->require_chap = false;
+	if (conn->disable_chap) {
 		rc = iscsi_op_login_update_param(conn, "AuthMethod", "None", "None");
-		if (rc < 0) {
-			return rc;
-		}
-	} else if (require_chap) {
-		conn->require_chap = true;
+	} else if (conn->require_chap) {
 		rc = iscsi_op_login_update_param(conn, "AuthMethod", "CHAP", "CHAP");
-		if (rc < 0) {
-			return rc;
-		}
-	}
-	if (mutual_chap) {
-		conn->mutual_chap = true;
 	}
 
 	return rc;
@@ -1311,9 +1277,7 @@ iscsi_negotiate_chap_param(struct spdk_iscsi_conn *conn, bool disable_chap,
 static int
 iscsi_op_login_session_discovery_chap(struct spdk_iscsi_conn *conn)
 {
-	return iscsi_negotiate_chap_param(conn, g_spdk_iscsi.disable_chap,
-					  g_spdk_iscsi.require_chap,
-					  g_spdk_iscsi.mutual_chap);
+	return iscsi_negotiate_chap_param(conn);
 }
 
 /*
@@ -1326,9 +1290,12 @@ static int
 iscsi_op_login_negotiate_chap_param(struct spdk_iscsi_conn *conn,
 				    struct spdk_iscsi_tgt_node *target)
 {
-	return iscsi_negotiate_chap_param(conn, target->disable_chap,
-					  target->require_chap,
-					  target->mutual_chap);
+	conn->disable_chap = target->disable_chap;
+	conn->require_chap = target->require_chap;
+	conn->mutual_chap = target->mutual_chap;
+	conn->chap_group = target->chap_group;
+
+	return iscsi_negotiate_chap_param(conn);
 }
 
 static int