From 536c6860fb77b72cf717dc8ffeaa9c4e1d8231f7 Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Thu, 3 Aug 2023 13:21:47 +0200
Subject: [PATCH] * Thu Aug 03 2023 Tomas Bzatek <tbzatek@redhat.com> -
 2.9.0-16 - iscsi: Fix login on firmware-discovered nodes (#2213193) - tests:
 Extend iscsi method call timeouts (#2213715)

Resolves: #2213193,#2213715
---
 udisks-2.10.0-iscsi-ibft-chap-auth.patch |  73 +++++++++++
 udisks-2.10.0-iscsi_timeout.patch        | 156 +++++++++++++++++++++++
 udisks2.spec                             |  12 +-
 3 files changed, 240 insertions(+), 1 deletion(-)
 create mode 100644 udisks-2.10.0-iscsi-ibft-chap-auth.patch
 create mode 100644 udisks-2.10.0-iscsi_timeout.patch

diff --git a/udisks-2.10.0-iscsi-ibft-chap-auth.patch b/udisks-2.10.0-iscsi-ibft-chap-auth.patch
new file mode 100644
index 0000000..2074422
--- /dev/null
+++ b/udisks-2.10.0-iscsi-ibft-chap-auth.patch
@@ -0,0 +1,73 @@
+From 0441d0f93788b617a38b75e4a44744406976c822 Mon Sep 17 00:00:00 2001
+From: Tomas Bzatek <tbzatek@redhat.com>
+Date: Mon, 31 Jul 2023 16:48:28 +0200
+Subject: [PATCH] iscsi: Fix login on firmware-discovered nodes
+
+There's currently no way to distinguish between force-no-auth and
+use-fw-discovered-auth-info scenarios from the D-Bus API so let's
+assume that the caller wants to retain the firmware-discovered auth
+info unless overriden with specific CHAP credentials.
+---
+ .../data/org.freedesktop.UDisks2.iscsi.xml    |  3 +++
+ modules/iscsi/udisksiscsiutil.c               | 27 ++++++++++++++++++-
+ 2 files changed, 29 insertions(+), 1 deletion(-)
+
+diff --git a/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml b/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml
+index cf262deb68..e8a717ff1d 100644
+--- a/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml
++++ b/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml
+@@ -162,6 +162,9 @@
+         <parameter>reverse-password</parameter> will be used for CHAP
+         authentication.
+ 
++        Firmware-discovered nodes retain their authentication info unless
++        overriden with specified credentials (see above).
++
+         All the additional options are transformed into the interface
+         parameters.  For example, if an automatic node startup is desired, the
+         <parameter>node.startup</parameter> needs to be set to
+diff --git a/modules/iscsi/udisksiscsiutil.c b/modules/iscsi/udisksiscsiutil.c
+index b279442876..fb4f5ea167 100644
+--- a/modules/iscsi/udisksiscsiutil.c
++++ b/modules/iscsi/udisksiscsiutil.c
+@@ -264,6 +264,31 @@ iscsi_params_pop_chap_data (GVariant      *params,
+   return g_variant_dict_end (&dict);
+ }
+ 
++static gboolean
++is_auth_required (struct libiscsi_context   *ctx,
++                  struct libiscsi_node      *node,
++                  struct libiscsi_auth_info *auth_info)
++{
++  char val[LIBISCSI_VALUE_MAXLEN + 1] = {'\0',};
++  int ret;
++
++  /* TODO: No way to distinguish between the "no auth requested" and
++   *       "retain discovered auth info" scenarios from the D-Bus API.
++   */
++
++  /* In case CHAP auth is requested, let's use it unconditionally */
++  if (auth_info->method != libiscsi_auth_none)
++    return TRUE;
++
++  /* Avoid auth override on firmware-discovered nodes */
++  ret = libiscsi_node_get_parameter (ctx, node, "node.discovery_type", val);
++  if (ret == 0 && g_strcmp0 (val, "fw") == 0)
++    return FALSE;
++
++  /* Not a firmware-discovered node, maintain legacy rules */
++  return TRUE;
++}
++
+ gint
+ iscsi_login (UDisksLinuxModuleISCSI *module,
+              const gchar            *name,
+@@ -317,7 +342,7 @@ iscsi_login (UDisksLinuxModuleISCSI *module,
+       err = iscsi_perform_login_action (module,
+                                         ACTION_LOGIN,
+                                         &node,
+-                                        &auth_info,
++                                        is_auth_required (ctx, &node, &auth_info) ? &auth_info : NULL,
+                                         errorstr);
+     }
+ 
diff --git a/udisks-2.10.0-iscsi_timeout.patch b/udisks-2.10.0-iscsi_timeout.patch
new file mode 100644
index 0000000..0e9fe5d
--- /dev/null
+++ b/udisks-2.10.0-iscsi_timeout.patch
@@ -0,0 +1,156 @@
+commit 4090b87a1468fcc479aafd264328abfed471daeb
+Author: Tomas Bzatek <tbzatek@redhat.com>
+Date:   Thu Jun 3 16:09:10 2021 +0200
+
+    tests: Extend iscsi method call timeouts
+    
+    The default tests 100 sec. D-Bus method call timeout is not enough as
+    the iscsi initiator timeouts are typically around 120 sec, e.g. for
+    the Login operation.
+
+diff --git a/src/tests/dbus-tests/test_30_iscsi.py b/src/tests/dbus-tests/test_30_iscsi.py
+index 8ec6858c..34bdfc4b 100644
+--- a/src/tests/dbus-tests/test_30_iscsi.py
++++ b/src/tests/dbus-tests/test_30_iscsi.py
+@@ -26,6 +26,12 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
+     chap_iqn = 'iqn.2003-01.udisks.test:iscsi-test-chap'
+     mutual_iqn = 'iqn.2003-01.udisks.test:iscsi-test-mutual'
+ 
++    # Define common D-Bus method call timeout that needs to be slightly longer
++    # than the corresponding timeout defined in libiscsi:
++    #   #define ISCSID_REQ_TIMEOUT 1000
++    # In reality the timeout is typically around 120 sec for the 'login' operation.
++    iscsi_timeout = 1000 + 5
++
+     @classmethod
+     def setUpClass(cls):
+         udiskstestcase.UdisksTestCase.setUpClass()
+@@ -78,7 +84,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
+     def test_login_noauth(self):
+         manager = self.get_object('/Manager')
+         nodes, _ = manager.DiscoverSendTargets(self.address, self.port, self.no_options,
+-                                               dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
++                                               dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
++                                               timeout=self.iscsi_timeout)
+ 
+         node = next((node for node in nodes if node[0] == self.noauth_iqn), None)
+         self.assertIsNotNone(node)
+@@ -90,7 +97,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
+ 
+         self.addCleanup(self._force_lougout, self.noauth_iqn)
+         manager.Login(iqn, tpg, host, port, iface, self.no_options,
+-                      dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
++                      dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
++                      timeout=self.iscsi_timeout)
+ 
+         devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
+         self.assertEqual(len(devs), 1)
+@@ -105,7 +113,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
+         self.assertIn(self.str_to_ay(devs[0]), symlinks)
+ 
+         manager.Logout(iqn, tpg, host, port, iface, self.no_options,
+-                       dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
++                       dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
++                       timeout=self.iscsi_timeout)
+ 
+         devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
+         self.assertEqual(len(devs), 0)
+@@ -120,7 +129,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
+ 
+         manager = self.get_object('/Manager')
+         nodes, _ = manager.DiscoverSendTargets(self.address, self.port, self.no_options,
+-                                               dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
++                                               dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
++                                               timeout=self.iscsi_timeout)
+ 
+         node = next((node for node in nodes if node[0] == self.chap_iqn), None)
+         self.assertIsNotNone(node)
+@@ -138,14 +148,16 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
+         with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):
+             options['password'] = '12345'
+             manager.Login(iqn, tpg, host, port, iface, options,
+-                          dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
++                          dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
++                          timeout=self.iscsi_timeout)
+ 
+         # right password
+         options['password'] = self.password
+ 
+         self.addCleanup(self._force_lougout, self.chap_iqn)
+         manager.Login(iqn, tpg, host, port, iface, options,
+-                      dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
++                      dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
++                      timeout=self.iscsi_timeout)
+ 
+         devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
+         self.assertEqual(len(devs), 1)
+@@ -160,7 +172,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
+         self.assertIn(self.str_to_ay(devs[0]), symlinks)
+ 
+         manager.Logout(iqn, tpg, host, port, iface, self.no_options,
+-                       dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
++                       dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
++                       timeout=self.iscsi_timeout)
+ 
+         devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
+         self.assertEqual(len(devs), 0)
+@@ -175,7 +188,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
+ 
+         manager = self.get_object('/Manager')
+         nodes, _ = manager.DiscoverSendTargets(self.address, self.port, self.no_options,
+-                                               dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
++                                               dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
++                                               timeout=self.iscsi_timeout)
+ 
+         node = next((node for node in nodes if node[0] == self.mutual_iqn), None)
+         self.assertIsNotNone(node)
+@@ -193,7 +207,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
+ 
+         self.addCleanup(self._force_lougout, self.mutual_iqn)
+         manager.Login(iqn, tpg, host, port, iface, options,
+-                      dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
++                      dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
++                      timeout=self.iscsi_timeout)
+ 
+         devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
+         self.assertEqual(len(devs), 1)
+@@ -208,7 +223,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
+         self.assertIn(self.str_to_ay(devs[0]), symlinks)
+ 
+         manager.Logout(iqn, tpg, host, port, iface, self.no_options,
+-                       dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
++                       dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
++                       timeout=self.iscsi_timeout)
+ 
+         devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
+         self.assertEqual(len(devs), 0)
+@@ -228,7 +244,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
+             self.skipTest("ISCSI.Session objects not supported.")
+ 
+         nodes, _ = manager.DiscoverSendTargets(self.address, self.port, self.no_options,
+-                                               dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
++                                               dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
++                                               timeout=self.iscsi_timeout)
+ 
+         node = next((node for node in nodes if node[0] == self.noauth_iqn), None)
+         self.assertIsNotNone(node)
+@@ -237,7 +254,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
+ 
+         self.addCleanup(self._force_lougout, self.noauth_iqn)
+         manager.Login(iqn, tpg, host, port, iface, self.no_options,
+-                      dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
++                      dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
++                      timeout=self.iscsi_timeout)
+ 
+         # /org/freedesktop/UDisks2/iscsi/sessionX should be created
+         udisks = self.get_object('')
+@@ -260,7 +278,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
+ 
+         # logout using session
+         session.Logout(self.no_options,
+-                       dbus_interface=self.iface_prefix + '.ISCSI.Session')
++                       dbus_interface=self.iface_prefix + '.ISCSI.Session',
++                       timeout=self.iscsi_timeout)
+ 
+         # make sure the session object is no longer on dbus
+         objects = udisks.GetManagedObjects(dbus_interface='org.freedesktop.DBus.ObjectManager')
diff --git a/udisks2.spec b/udisks2.spec
index ec63d0c..5236217 100644
--- a/udisks2.spec
+++ b/udisks2.spec
@@ -56,7 +56,7 @@
 Name:    udisks2
 Summary: Disk Manager
 Version: 2.9.0
-Release: 15%{?dist}
+Release: 16%{?dist}
 License: GPLv2+
 Group:   System Environment/Libraries
 URL:     https://github.com/storaged-project/udisks
@@ -79,6 +79,8 @@ Patch15: udisks-2.9.2-udisksdaemonutil-Refactor-udisks_daemon_util_trigger.patch
 Patch16: udisks-2.9.2-udiskslinuxmanager-Trigger-uevent-after-loop-device-setup.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2004422
 Patch17: udisks-2.9.4-ext-mount-options.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2213715
+Patch18: udisks-2.10.0-iscsi_timeout.patch
 Patch20: udisks-2.10.0-tests-drive_ata-apm.patch
 Patch21: udisks-2.10.0-tests-no-dev_disk-by-path.patch
 Patch22: tests-disable-zram.patch
@@ -101,6 +103,8 @@ Patch34: udisks-2.9.4-FIPS_LUKS_fixes-2.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2039772
 Patch35: udisks-2.10.0-lvm2_update_epoch.patch
 Patch36: udisks-2.10.0-lvm2_vgcreate_uevent_sync.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2213193
+Patch37: udisks-2.10.0-iscsi-ibft-chap-auth.patch
 
 BuildRequires: glib2-devel >= %{glib2_version}
 BuildRequires: gobject-introspection-devel >= %{gobject_introspection_version}
@@ -318,6 +322,7 @@ This package contains module for VDO management.
 %patch15 -p1
 %patch16 -p1
 %patch17 -p1
+%patch18 -p1
 %patch20 -p1
 %patch21 -p1
 %patch22 -p1
@@ -334,6 +339,7 @@ This package contains module for VDO management.
 %patch34 -p1
 %patch35 -p1
 %patch36 -p1
+%patch37 -p1
 sed -i udisks/udisks2.conf.in -e "s/encryption=luks1/encryption=%{default_luks_encryption}/"
 
 %build
@@ -526,6 +532,10 @@ fi
 %endif
 
 %changelog
+* Thu Aug 03 2023 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-16
+- iscsi: Fix login on firmware-discovered nodes (#2213193)
+- tests: Extend iscsi method call timeouts (#2213715)
+
 * Tue Jun 06 2023 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-15
 - Reimport gating tests