rpms
/
udisks2
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Thu Aug 03 2023 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-16 

- iscsi: Fix login on firmware-discovered nodes (#2213193)
- tests: Extend iscsi method call timeouts (#2213715)

Resolves: #2213193,#2213715
This commit is contained in:
Tomas Bzatek 2023-08-03 13:21:47 +02:00
parent e4d528a2e5
commit 536c6860fb
3 changed files with 240 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
udisks-2.10.0-iscsi-ibft-chap-auth.patch Normal file
View File

@ -0,0 +1,73 @@
From 0441d0f93788b617a38b75e4a44744406976c822 Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Mon, 31 Jul 2023 16:48:28 +0200
Subject: [PATCH] iscsi: Fix login on firmware-discovered nodes
There's currently no way to distinguish between force-no-auth and
use-fw-discovered-auth-info scenarios from the D-Bus API so let's
assume that the caller wants to retain the firmware-discovered auth
info unless overriden with specific CHAP credentials.
---
.../data/org.freedesktop.UDisks2.iscsi.xml | 3 +++
modules/iscsi/udisksiscsiutil.c | 27 ++++++++++++++++++-
2 files changed, 29 insertions(+), 1 deletion(-)
diff --git a/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml b/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml
index cf262deb68..e8a717ff1d 100644
--- a/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml
+++ b/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml
@@ -162,6 +162,9 @@
<parameter>reverse-password</parameter> will be used for CHAP
authentication.
+ Firmware-discovered nodes retain their authentication info unless
+ overriden with specified credentials (see above).
+
All the additional options are transformed into the interface
parameters. For example, if an automatic node startup is desired, the
<parameter>node.startup</parameter> needs to be set to
diff --git a/modules/iscsi/udisksiscsiutil.c b/modules/iscsi/udisksiscsiutil.c
index b279442876..fb4f5ea167 100644
--- a/modules/iscsi/udisksiscsiutil.c
+++ b/modules/iscsi/udisksiscsiutil.c
@@ -264,6 +264,31 @@ iscsi_params_pop_chap_data (GVariant *params,
return g_variant_dict_end (&dict);
}
+static gboolean
+is_auth_required (struct libiscsi_context *ctx,
+ struct libiscsi_node *node,
+ struct libiscsi_auth_info *auth_info)
+{
+ char val[LIBISCSI_VALUE_MAXLEN + 1] = {'\0',};
+ int ret;
+
+ /* TODO: No way to distinguish between the "no auth requested" and
+ * "retain discovered auth info" scenarios from the D-Bus API.
+ */
+
+ /* In case CHAP auth is requested, let's use it unconditionally */
+ if (auth_info->method != libiscsi_auth_none)
+ return TRUE;
+
+ /* Avoid auth override on firmware-discovered nodes */
+ ret = libiscsi_node_get_parameter (ctx, node, "node.discovery_type", val);
+ if (ret == 0 && g_strcmp0 (val, "fw") == 0)
+ return FALSE;
+
+ /* Not a firmware-discovered node, maintain legacy rules */
+ return TRUE;
+}
+
gint
iscsi_login (UDisksLinuxModuleISCSI *module,
const gchar *name,
@@ -317,7 +342,7 @@ iscsi_login (UDisksLinuxModuleISCSI *module,
err = iscsi_perform_login_action (module,
ACTION_LOGIN,
&node,
- &auth_info,
+ is_auth_required (ctx, &node, &auth_info) ? &auth_info : NULL,
errorstr);
}

156
udisks-2.10.0-iscsi_timeout.patch Normal file
View File

@ -0,0 +1,156 @@
commit 4090b87a1468fcc479aafd264328abfed471daeb
Author: Tomas Bzatek <tbzatek@redhat.com>
Date: Thu Jun 3 16:09:10 2021 +0200
tests: Extend iscsi method call timeouts
The default tests 100 sec. D-Bus method call timeout is not enough as
the iscsi initiator timeouts are typically around 120 sec, e.g. for
the Login operation.
diff --git a/src/tests/dbus-tests/test_30_iscsi.py b/src/tests/dbus-tests/test_30_iscsi.py
index 8ec6858c..34bdfc4b 100644
--- a/src/tests/dbus-tests/test_30_iscsi.py
+++ b/src/tests/dbus-tests/test_30_iscsi.py
@@ -26,6 +26,12 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
chap_iqn = 'iqn.2003-01.udisks.test:iscsi-test-chap'
mutual_iqn = 'iqn.2003-01.udisks.test:iscsi-test-mutual'
+ # Define common D-Bus method call timeout that needs to be slightly longer
+ # than the corresponding timeout defined in libiscsi:
+ # #define ISCSID_REQ_TIMEOUT 1000
+ # In reality the timeout is typically around 120 sec for the 'login' operation.
+ iscsi_timeout = 1000 + 5
+
@classmethod
def setUpClass(cls):
udiskstestcase.UdisksTestCase.setUpClass()
@@ -78,7 +84,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
def test_login_noauth(self):
manager = self.get_object('/Manager')
nodes, _ = manager.DiscoverSendTargets(self.address, self.port, self.no_options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
node = next((node for node in nodes if node[0] == self.noauth_iqn), None)
self.assertIsNotNone(node)
@@ -90,7 +97,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
self.addCleanup(self._force_lougout, self.noauth_iqn)
manager.Login(iqn, tpg, host, port, iface, self.no_options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
self.assertEqual(len(devs), 1)
@@ -105,7 +113,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
self.assertIn(self.str_to_ay(devs[0]), symlinks)
manager.Logout(iqn, tpg, host, port, iface, self.no_options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
self.assertEqual(len(devs), 0)
@@ -120,7 +129,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
manager = self.get_object('/Manager')
nodes, _ = manager.DiscoverSendTargets(self.address, self.port, self.no_options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
node = next((node for node in nodes if node[0] == self.chap_iqn), None)
self.assertIsNotNone(node)
@@ -138,14 +148,16 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):
options['password'] = '12345'
manager.Login(iqn, tpg, host, port, iface, options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
# right password
options['password'] = self.password
self.addCleanup(self._force_lougout, self.chap_iqn)
manager.Login(iqn, tpg, host, port, iface, options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
self.assertEqual(len(devs), 1)
@@ -160,7 +172,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
self.assertIn(self.str_to_ay(devs[0]), symlinks)
manager.Logout(iqn, tpg, host, port, iface, self.no_options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
self.assertEqual(len(devs), 0)
@@ -175,7 +188,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
manager = self.get_object('/Manager')
nodes, _ = manager.DiscoverSendTargets(self.address, self.port, self.no_options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
node = next((node for node in nodes if node[0] == self.mutual_iqn), None)
self.assertIsNotNone(node)
@@ -193,7 +207,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
self.addCleanup(self._force_lougout, self.mutual_iqn)
manager.Login(iqn, tpg, host, port, iface, options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
self.assertEqual(len(devs), 1)
@@ -208,7 +223,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
self.assertIn(self.str_to_ay(devs[0]), symlinks)
manager.Logout(iqn, tpg, host, port, iface, self.no_options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
self.assertEqual(len(devs), 0)
@@ -228,7 +244,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
self.skipTest("ISCSI.Session objects not supported.")
nodes, _ = manager.DiscoverSendTargets(self.address, self.port, self.no_options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
node = next((node for node in nodes if node[0] == self.noauth_iqn), None)
self.assertIsNotNone(node)
@@ -237,7 +254,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
self.addCleanup(self._force_lougout, self.noauth_iqn)
manager.Login(iqn, tpg, host, port, iface, self.no_options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
# /org/freedesktop/UDisks2/iscsi/sessionX should be created
udisks = self.get_object('')
@@ -260,7 +278,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
# logout using session
session.Logout(self.no_options,
- dbus_interface=self.iface_prefix + '.ISCSI.Session')
+ dbus_interface=self.iface_prefix + '.ISCSI.Session',
+ timeout=self.iscsi_timeout)
# make sure the session object is no longer on dbus
objects = udisks.GetManagedObjects(dbus_interface='org.freedesktop.DBus.ObjectManager')

12
udisks2.spec
View File

@ -56,7 +56,7 @@
Name: udisks2
Summary: Disk Manager
Version: 2.9.0
Release: 15%{?dist}
Release: 16%{?dist}
License: GPLv2+
Group: System Environment/Libraries
URL: https://github.com/storaged-project/udisks
@ -79,6 +79,8 @@ Patch15: udisks-2.9.2-udisksdaemonutil-Refactor-udisks_daemon_util_trigger.patch
Patch16: udisks-2.9.2-udiskslinuxmanager-Trigger-uevent-after-loop-device-setup.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2004422
Patch17: udisks-2.9.4-ext-mount-options.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2213715
Patch18: udisks-2.10.0-iscsi_timeout.patch
Patch20: udisks-2.10.0-tests-drive_ata-apm.patch
Patch21: udisks-2.10.0-tests-no-dev_disk-by-path.patch
Patch22: tests-disable-zram.patch
@ -101,6 +103,8 @@ Patch34: udisks-2.9.4-FIPS_LUKS_fixes-2.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2039772
Patch35: udisks-2.10.0-lvm2_update_epoch.patch
Patch36: udisks-2.10.0-lvm2_vgcreate_uevent_sync.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2213193
Patch37: udisks-2.10.0-iscsi-ibft-chap-auth.patch
BuildRequires: glib2-devel >= %{glib2_version}
BuildRequires: gobject-introspection-devel >= %{gobject_introspection_version}
@ -318,6 +322,7 @@ This package contains module for VDO management.
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
@ -334,6 +339,7 @@ This package contains module for VDO management.
%patch34 -p1
%patch35 -p1
%patch36 -p1
%patch37 -p1
sed -i udisks/udisks2.conf.in -e "s/encryption=luks1/encryption=%{default_luks_encryption}/"
%build
@ -526,6 +532,10 @@ fi
%endif
%changelog
* Thu Aug 03 2023 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-16
- iscsi: Fix login on firmware-discovered nodes (#2213193)
- tests: Extend iscsi method call timeouts (#2213715)
* Tue Jun 06 2023 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-15
- Reimport gating tests