iscsi: Check CHAP params when a target is created by JSON-RPC

When a target is created by iSCSI.conf, only valid CHAP params are passed to spdk_iscsi_tgt_node_construct(). When a target is created by JSON-RPC, help information encourages users to specify valid CHAP params but spdk_iscsi_tgt_node_construct() does not check CHAP params and users can create targets whose CHAP params are invalid. Change-Id: I7e9057a982f21f04782481cda74208a139c1fdad Signed-off-by: Shuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com> Reviewed-on: https://review.gerrithub.io/394481 Tested-by: SPDK Automated Test System <sys_sgsw@intel.com> Reviewed-by: Jim Harris <james.r.harris@intel.com> Reviewed-by: Ben Walker <benjamin.walker@intel.com>
2018-01-12 11:02:53 +09:00 · 2018-01-12 11:02:53 +09:00 · de70d712fb
commit de70d712fb
parent f04569140c
2 changed files with 58 additions and 2 deletions
--- a/lib/iscsi/tgt_node.c
+++ b/lib/iscsi/tgt_node.c
@ -843,6 +843,24 @@ spdk_check_iscsi_name(const char *name)
 	return 0;
 }

+static bool
+spdk_iscsi_check_chap_params(int disabled, int required, int mutual, int group)
+{
+	if (group < 0) {
+		SPDK_ERRLOG("Invalid auth group ID (%d)\n", group);
+		return false;
+	}
+	if ((disabled == 0 && required == 0 && mutual == 0) ||	/* Auto */
+	    (disabled == 1 && required == 0 && mutual == 0) ||	/* None */
+	    (disabled == 0 && required == 1 && mutual == 0) ||	/* CHAP */
+	    (disabled == 0 && required == 1 && mutual == 1)) {	/* CHAP Mutual */
+		return true;
+	}
+	SPDK_ERRLOG("Invalid combination of CHAP params (d=%d,r=%d,m=%d)\n",
+		    disabled, required, mutual);
+	return false;
+}
+
 _spdk_iscsi_tgt_node *
 spdk_iscsi_tgt_node_construct(int target_index,
 			      const char *name, const char *alias,
@ -856,8 +874,8 @@ spdk_iscsi_tgt_node_construct(int target_index,
 	struct spdk_iscsi_tgt_node	*target;
 	int				rc;

-	if (auth_chap_disabled && auth_chap_required) {
-		SPDK_ERRLOG("auth_chap_disabled and auth_chap_required are mutually exclusive\n");
+	if (!spdk_iscsi_check_chap_params(auth_chap_disabled, auth_chap_required,
+					  auth_chap_mutual, auth_group)) {
 		return NULL;
 	}

--- a/test/unit/lib/iscsi/tgt_node.c/tgt_node_ut.c
+++ b/test/unit/lib/iscsi/tgt_node.c/tgt_node_ut.c
@ -794,6 +794,43 @@ allow_iscsi_name_multi_maps_case(void)
 	spdk_iscsi_tgt_node_delete_pg_map(&tgtnode, &pg2);
 }

+/*
+ * static bool
+ * spdk_iscsi_check_chap_params(int auth_chap_disabled, int auth_chap_required,
+ *                              int auth_chap_mutual, int auth_group);
+ */
+static void
+chap_param_test_cases(void)
+{
+	/* Auto */
+	CU_ASSERT(spdk_iscsi_check_chap_params(0, 0, 0, 0) == true);
+
+	/* None */
+	CU_ASSERT(spdk_iscsi_check_chap_params(1, 0, 0, 0) == true);
+
+	/* CHAP */
+	CU_ASSERT(spdk_iscsi_check_chap_params(0, 1, 0, 0) == true);
+
+	/* CHAP Mutual */
+	CU_ASSERT(spdk_iscsi_check_chap_params(0, 1, 1, 0) == true);
+
+	/* Check mutual exclusiveness of disabled and required */
+	CU_ASSERT(spdk_iscsi_check_chap_params(1, 1, 0, 0) == false);
+
+	/* Mutual requires Required */
+	CU_ASSERT(spdk_iscsi_check_chap_params(0, 0, 1, 0) == false);
+
+	/* Remaining combinations */
+	CU_ASSERT(spdk_iscsi_check_chap_params(1, 0, 1, 0) == false);
+	CU_ASSERT(spdk_iscsi_check_chap_params(1, 1, 1, 0) == false);
+
+	/* Valid auth group ID */
+	CU_ASSERT(spdk_iscsi_check_chap_params(0, 0, 0, 1) == true);
+
+	/* Invalid auth group ID */
+	CU_ASSERT(spdk_iscsi_check_chap_params(0, 0, 0, -1) == false);
+}
+
 int
 main(int argc, char **argv)
 {
@ -834,6 +871,7 @@ main(int argc, char **argv)
 			       node_access_multi_initiator_groups_cases) == NULL
 		|| CU_add_test(suite, "allow iscsi name case",
 			       allow_iscsi_name_multi_maps_case) == NULL
+		|| CU_add_test(suite, "chap param test cases", chap_param_test_cases) == NULL
 	) {
 		CU_cleanup_registry();
 		return CU_get_error();