iscsi: Replace "ALL" by "ANY" for access control
In the accessibility control of iSCSI target, "ALL" is used to allow ANY IP address-port pair or iSCSI name of initiators. However iSCSI targets cannot know ALL initiators beforehand. Hence "ANY" will be better than "ALL" and will avoid misunderstanding. Comments and iscsi_tgt test code are also changed and UT code is added. Change-Id: Id004d819df6e9ee89f6c1db2e4b4c149be062733 Signed-off-by: Shuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com> Reviewed-on: https://review.gerrithub.io/385168 Tested-by: SPDK Automated Test System <sys_sgsw@intel.com> Reviewed-by: Ben Walker <benjamin.walker@intel.com> Reviewed-by: Jim Harris <james.r.harris@intel.com> Reviewed-by: Daniel Verkamp <daniel.verkamp@intel.com>
This commit is contained in:
parent
42e0a6531f
commit
eee268fea8
@ -76,7 +76,7 @@
|
||||
# Netmask 192.168.1.20 <== single IP address
|
||||
# Netmask 192.168.1.0/24 <== IP range 192.168.1.*
|
||||
[InitiatorGroup1]
|
||||
InitiatorName ALL
|
||||
InitiatorName ANY
|
||||
Netmask 192.168.2.0/24
|
||||
|
||||
# NVMe configuration options
|
||||
|
@ -84,6 +84,7 @@ static int
|
||||
spdk_iscsi_init_grp_add_initiator(struct spdk_iscsi_init_grp *ig, char *name)
|
||||
{
|
||||
struct spdk_iscsi_initiator_name *iname;
|
||||
char *p;
|
||||
|
||||
if (ig->ninitiators >= MAX_INITIATOR) {
|
||||
SPDK_ERRLOG("> MAX_INITIATOR(=%d) is not allowed\n", MAX_INITIATOR);
|
||||
@ -106,6 +107,14 @@ spdk_iscsi_init_grp_add_initiator(struct spdk_iscsi_init_grp *ig, char *name)
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
/* Replace "ALL" by "ANY" if set */
|
||||
p = strstr(iname->name, "ALL");
|
||||
if (p != NULL) {
|
||||
SPDK_WARNLOG("Please use \"%s\" instead of \"%s\"\n", "ANY", "ALL");
|
||||
SPDK_WARNLOG("Converting \"%s\" to \"%s\" automatically\n", "ALL", "ANY");
|
||||
strncpy(p, "ANY", 3);
|
||||
}
|
||||
|
||||
TAILQ_INSERT_TAIL(&ig->initiator_head, iname, tailq);
|
||||
ig->ninitiators++;
|
||||
|
||||
@ -181,6 +190,7 @@ static int
|
||||
spdk_iscsi_init_grp_add_netmask(struct spdk_iscsi_init_grp *ig, char *mask)
|
||||
{
|
||||
struct spdk_iscsi_initiator_netmask *imask;
|
||||
char *p;
|
||||
|
||||
if (ig->nnetmasks >= MAX_NETMASK) {
|
||||
SPDK_ERRLOG("> MAX_NETMASK(=%d) is not allowed\n", MAX_NETMASK);
|
||||
@ -203,6 +213,14 @@ spdk_iscsi_init_grp_add_netmask(struct spdk_iscsi_init_grp *ig, char *mask)
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
/* Replace "ALL" by "ANY" if set */
|
||||
p = strstr(imask->mask, "ALL");
|
||||
if (p != NULL) {
|
||||
SPDK_WARNLOG("Please use \"%s\" instead of \"%s\"\n", "ANY", "ALL");
|
||||
SPDK_WARNLOG("Converting \"%s\" to \"%s\" automatically\n", "ALL", "ANY");
|
||||
strncpy(p, "ANY", 3);
|
||||
}
|
||||
|
||||
TAILQ_INSERT_TAIL(&ig->netmask_head, imask, tailq);
|
||||
ig->nnetmasks++;
|
||||
|
||||
|
@ -198,12 +198,12 @@ spdk_iscsi_tgt_node_access(struct spdk_iscsi_conn *conn,
|
||||
TAILQ_FOREACH(iname, &igp->initiator_head, tailq) {
|
||||
/* denied if iqn is matched */
|
||||
if ((iname->name[0] == '!')
|
||||
&& (strcasecmp(&iname->name[1], "ALL") == 0
|
||||
&& (strcasecmp(&iname->name[1], "ANY") == 0
|
||||
|| strcasecmp(&iname->name[1], iqn) == 0)) {
|
||||
goto denied;
|
||||
}
|
||||
/* allowed if iqn is matched */
|
||||
if (strcasecmp(iname->name, "ALL") == 0
|
||||
if (strcasecmp(iname->name, "ANY") == 0
|
||||
|| strcasecmp(iname->name, iqn) == 0) {
|
||||
/* iqn is allowed, then check netmask */
|
||||
TAILQ_FOREACH(imask, &igp->netmask_head, tailq) {
|
||||
@ -240,11 +240,11 @@ spdk_iscsi_tgt_node_visible(struct spdk_iscsi_tgt_node *target, const char *iqn)
|
||||
igp = target->map[i].ig;
|
||||
TAILQ_FOREACH(iname, &igp->initiator_head, tailq) {
|
||||
if ((iname->name[0] == '!')
|
||||
&& (strcasecmp(&iname->name[1], "ALL") == 0
|
||||
&& (strcasecmp(&iname->name[1], "ANY") == 0
|
||||
|| strcasecmp(&iname->name[1], iqn) == 0)) {
|
||||
return false;
|
||||
}
|
||||
if (strcasecmp(iname->name, "ALL") == 0
|
||||
if (strcasecmp(iname->name, "ANY") == 0
|
||||
|| strcasecmp(iname->name, iqn) == 0) {
|
||||
return true;
|
||||
}
|
||||
|
@ -447,7 +447,7 @@ def add_initiator_group(args):
|
||||
p = subparsers.add_parser('add_initiator_group', help='Add an initiator group')
|
||||
p.add_argument('tag', help='Initiator group tag (unique, integer > 0)', type=int)
|
||||
p.add_argument('initiator_list', help="""Whitespace-separated list of initiator hostnames or IP addresses,
|
||||
enclosed in quotes. Example: 'ALL' or '127.0.0.1 192.168.200.100'""")
|
||||
enclosed in quotes. Example: 'ANY' or '127.0.0.1 192.168.200.100'""")
|
||||
p.add_argument('netmask_list', help="""Whitespace-separated list of initiator netmasks enclosed in quotes.
|
||||
Example: '255.255.0.0 255.248.0.0' etc""")
|
||||
p.set_defaults(func=add_initiator_group)
|
||||
|
@ -14,7 +14,7 @@ timing_enter calsoft
|
||||
# iSCSI target configuration
|
||||
PORT=3260
|
||||
INITIATOR_TAG=2
|
||||
INITIATOR_NAME=ALL
|
||||
INITIATOR_NAME=ANY
|
||||
NETMASK=$INITIATOR_IP/32
|
||||
MALLOC_BDEV_SIZE=64
|
||||
MALLOC_BLOCK_SIZE=512
|
||||
|
@ -17,7 +17,7 @@ $rootdir/scripts/gen_nvme.sh >> $testdir/iscsi.conf
|
||||
# iSCSI target configuration
|
||||
PORT=3260
|
||||
INITIATOR_TAG=2
|
||||
INITIATOR_NAME=ALL
|
||||
INITIATOR_NAME=ANY
|
||||
NETMASK=$INITIATOR_IP/32
|
||||
|
||||
rpc_py="python $rootdir/scripts/rpc.py"
|
||||
|
@ -10,7 +10,7 @@ timing_enter filesystem
|
||||
# iSCSI target configuration
|
||||
PORT=3260
|
||||
INITIATOR_TAG=2
|
||||
INITIATOR_NAME=ALL
|
||||
INITIATOR_NAME=ANY
|
||||
NETMASK=$INITIATOR_IP/32
|
||||
MALLOC_BDEV_SIZE=256
|
||||
MALLOC_BLOCK_SIZE=512
|
||||
|
@ -49,7 +49,7 @@ cp $testdir/iscsi.conf.in $testdir/iscsi.conf
|
||||
# iSCSI target configuration
|
||||
PORT=3260
|
||||
INITIATOR_TAG=2
|
||||
INITIATOR_NAME=ALL
|
||||
INITIATOR_NAME=ANY
|
||||
NETMASK=$INITIATOR_IP/32
|
||||
MALLOC_BDEV_SIZE=64
|
||||
MALLOC_BLOCK_SIZE=4096
|
||||
|
@ -5,7 +5,7 @@ rootdir=$(readlink -f $(dirname $0))/../../..
|
||||
|
||||
rpc_py=$rootdir/scripts/rpc.py
|
||||
|
||||
"$rpc_py" add_initiator_group 1 "ALL" "127.0.0.1/32"
|
||||
"$rpc_py" add_initiator_group 1 "ANY" "127.0.0.1/32"
|
||||
"$rpc_py" add_portal_group 1 '127.0.0.1:3260'
|
||||
|
||||
for i in $(seq 0 15); do
|
||||
|
@ -23,7 +23,7 @@ function kill_all_iscsi_target() {
|
||||
function rpc_config() {
|
||||
# $1 = RPC server address
|
||||
# $2 = Netmask
|
||||
$rpc_py -s $1 add_initiator_group 1 ALL $2
|
||||
$rpc_py -s $1 add_initiator_group 1 ANY $2
|
||||
$rpc_py -s $1 construct_malloc_bdev 64 512
|
||||
}
|
||||
function rpc_add_ip() {
|
||||
|
@ -13,7 +13,7 @@ timing_enter iscsi_lvol
|
||||
# iSCSI target configuration
|
||||
PORT=3260
|
||||
INITIATOR_TAG=2
|
||||
INITIATOR_NAME=ALL
|
||||
INITIATOR_NAME=ANY
|
||||
NETMASK=$INITIATOR_IP/32
|
||||
MALLOC_BDEV_SIZE=128
|
||||
MALLOC_BLOCK_SIZE=512
|
||||
|
@ -55,7 +55,7 @@ timing_exit start_iscsi_tgt
|
||||
|
||||
echo "Creating an iSCSI target node."
|
||||
$rpc_py -s "$iscsi_rpc_addr" add_portal_group 1 $TARGET_IP:$ISCSI_PORT
|
||||
$rpc_py -s "$iscsi_rpc_addr" add_initiator_group 1 ALL $INITIATOR_IP/32
|
||||
$rpc_py -s "$iscsi_rpc_addr" add_initiator_group 1 ANY $INITIATOR_IP/32
|
||||
if [ $1 -eq 0 ]; then
|
||||
$rpc_py -s "$iscsi_rpc_addr" construct_nvme_bdev -b "Nvme0" -t "rdma" -f "ipv4" -a $NVMF_FIRST_TARGET_IP -s $NVMF_PORT -n nqn.2016-06.io.spdk:cnode1
|
||||
fi
|
||||
|
@ -14,7 +14,7 @@ RUNTIME=$2
|
||||
PMEM_BDEVS=""
|
||||
PORT=3260
|
||||
INITIATOR_TAG=2
|
||||
INITIATOR_NAME=ALL
|
||||
INITIATOR_NAME=ANY
|
||||
NETMASK=$INITIATOR_IP/32
|
||||
PMEM_SIZE=128
|
||||
PMEM_BLOCK_SIZE=512
|
||||
|
@ -15,7 +15,7 @@ timing_enter rbd
|
||||
# iSCSI target configuration
|
||||
PORT=3260
|
||||
INITIATOR_TAG=2
|
||||
INITIATOR_NAME=ALL
|
||||
INITIATOR_NAME=ANY
|
||||
NETMASK=$INITIATOR_IP/32
|
||||
|
||||
rpc_py="python $rootdir/scripts/rpc.py"
|
||||
|
@ -12,7 +12,7 @@ timing_enter reset
|
||||
# iSCSI target configuration
|
||||
PORT=3260
|
||||
INITIATOR_TAG=2
|
||||
INITIATOR_NAME=ALL
|
||||
INITIATOR_NAME=ANY
|
||||
NETMASK=$INITIATOR_IP/32
|
||||
MALLOC_BDEV_SIZE=64
|
||||
MALLOC_BLOCK_SIZE=512
|
||||
|
@ -14,7 +14,7 @@ netmask = ('127.0.0.1', '127.0.0.0')
|
||||
rpc_param = {
|
||||
'target_ip': '127.0.0.1',
|
||||
'port': 3260,
|
||||
'initiator_name': 'ALL',
|
||||
'initiator_name': 'ANY',
|
||||
'netmask': netmask,
|
||||
'lun_total': 3,
|
||||
'malloc_bdev_size': 64,
|
||||
|
@ -10,7 +10,7 @@ timing_enter rpc_config
|
||||
# iSCSI target configuration
|
||||
PORT=3260
|
||||
INITIATOR_TAG=2
|
||||
INITIATOR_NAME=ALL
|
||||
INITIATOR_NAME=ANY
|
||||
NETMASK=$INITIATOR_IP/32
|
||||
MALLOC_BDEV_SIZE=64
|
||||
|
||||
|
@ -377,6 +377,74 @@ delete_all_netmasks_success_case(void)
|
||||
spdk_iscsi_init_grp_destroy(ig);
|
||||
}
|
||||
|
||||
static void
|
||||
initiator_name_overwrite_all_to_any_case(void)
|
||||
{
|
||||
int rc;
|
||||
struct spdk_iscsi_init_grp *ig;
|
||||
struct spdk_iscsi_initiator_name *iname;
|
||||
char *all = "ALL";
|
||||
char *any = "ANY";
|
||||
char *all_not = "!ALL";
|
||||
char *any_not = "!ANY";
|
||||
|
||||
ig = spdk_iscsi_init_grp_create(1);
|
||||
CU_ASSERT(ig != NULL);
|
||||
|
||||
rc = spdk_iscsi_init_grp_add_initiator(ig, all);
|
||||
CU_ASSERT(rc == 0);
|
||||
|
||||
iname = spdk_iscsi_init_grp_find_initiator(ig, all);
|
||||
CU_ASSERT(iname == NULL);
|
||||
|
||||
iname = spdk_iscsi_init_grp_find_initiator(ig, any);
|
||||
CU_ASSERT(iname != NULL);
|
||||
|
||||
rc = spdk_iscsi_init_grp_delete_initiator(ig, any);
|
||||
CU_ASSERT(rc == 0);
|
||||
|
||||
rc = spdk_iscsi_init_grp_add_initiator(ig, all_not);
|
||||
CU_ASSERT(rc == 0);
|
||||
|
||||
iname = spdk_iscsi_init_grp_find_initiator(ig, all_not);
|
||||
CU_ASSERT(iname == NULL);
|
||||
|
||||
iname = spdk_iscsi_init_grp_find_initiator(ig, any_not);
|
||||
CU_ASSERT(iname != NULL);
|
||||
|
||||
rc = spdk_iscsi_init_grp_delete_initiator(ig, any_not);
|
||||
CU_ASSERT(rc == 0);
|
||||
|
||||
spdk_iscsi_init_grp_destroy(ig);
|
||||
}
|
||||
|
||||
static void
|
||||
netmask_overwrite_all_to_any_case(void)
|
||||
{
|
||||
int rc;
|
||||
struct spdk_iscsi_init_grp *ig;
|
||||
struct spdk_iscsi_initiator_netmask *imask;
|
||||
char *all = "ALL";
|
||||
char *any = "ANY";
|
||||
|
||||
ig = spdk_iscsi_init_grp_create(1);
|
||||
CU_ASSERT(ig != NULL);
|
||||
|
||||
rc = spdk_iscsi_init_grp_add_netmask(ig, all);
|
||||
CU_ASSERT(rc == 0);
|
||||
|
||||
imask = spdk_iscsi_init_grp_find_netmask(ig, all);
|
||||
CU_ASSERT(imask == NULL);
|
||||
|
||||
imask = spdk_iscsi_init_grp_find_netmask(ig, any);
|
||||
CU_ASSERT(imask != NULL);
|
||||
|
||||
rc = spdk_iscsi_init_grp_delete_netmask(ig, any);
|
||||
CU_ASSERT(rc == 0);
|
||||
|
||||
spdk_iscsi_init_grp_destroy(ig);
|
||||
}
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
@ -421,7 +489,10 @@ main(int argc, char **argv)
|
||||
add_netmask_fail_case) == NULL
|
||||
|| CU_add_test(suite, "delete all initiator netmasks success case",
|
||||
delete_all_netmasks_success_case) == NULL
|
||||
|
||||
|| CU_add_test(suite, "overwrite all to any for name case",
|
||||
initiator_name_overwrite_all_to_any_case) == NULL
|
||||
|| CU_add_test(suite, "overwrite all to any for netmask case",
|
||||
netmask_overwrite_all_to_any_case) == NULL
|
||||
) {
|
||||
CU_cleanup_registry();
|
||||
return CU_get_error();
|
||||
|
Loading…
Reference in New Issue
Block a user