diff --git a/udisks-2.10.0-iscsi_test_01_badauth.patch b/udisks-2.10.0-iscsi_test_01_badauth.patch new file mode 100644 index 0000000..48a41ff --- /dev/null +++ b/udisks-2.10.0-iscsi_test_01_badauth.patch @@ -0,0 +1,75 @@ +commit fab797fcf5e4c8e09e4cde45647951acd764415e +Author: Tomas Bzatek +Date: Mon Oct 10 13:58:15 2022 +0200 + + tests: Add bad auth test for iscsi + + This tests that the auth info is properly set for each login call, + overriding previously set auth info with no trace. + +diff --git a/src/tests/dbus-tests/test_30_iscsi.py b/src/tests/dbus-tests/test_30_iscsi.py +index 34bdfc4b..6ac8386b 100644 +--- a/src/tests/dbus-tests/test_30_iscsi.py ++++ b/src/tests/dbus-tests/test_30_iscsi.py +@@ -284,3 +284,61 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase): + # make sure the session object is no longer on dbus + objects = udisks.GetManagedObjects(dbus_interface='org.freedesktop.DBus.ObjectManager') + self.assertNotIn(session_path, objects.keys()) ++ ++ def test_login_noauth_badauth(self): ++ """ ++ Test auth info override ++ """ ++ manager = self.get_object('/Manager') ++ nodes, _ = manager.DiscoverSendTargets(self.address, self.port, self.no_options, ++ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator', ++ timeout=self.iscsi_timeout) ++ ++ node = next((node for node in nodes if node[0] == self.noauth_iqn), None) ++ self.assertIsNotNone(node) ++ ++ (iqn, tpg, host, port, iface) = node ++ self.assertEqual(iqn, self.noauth_iqn) ++ self.assertEqual(host, self.address) ++ self.assertEqual(port, self.port) ++ ++ self.addCleanup(self._force_lougout, self.noauth_iqn) ++ ++ # first attempt - wrong password ++ options = dbus.Dictionary(signature='sv') ++ options['username'] = self.initiator ++ msg = 'Login failed: initiator reported error' ++ with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg): ++ options['password'] = '12345' ++ manager.Login(iqn, tpg, host, port, iface, options, ++ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator', ++ timeout=self.iscsi_timeout) ++ ++ # second atttempt - no password ++ manager.Login(iqn, tpg, host, port, iface, self.no_options, ++ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator', ++ timeout=self.iscsi_timeout) ++ ++ devs = glob.glob('/dev/disk/by-path/*%s*' % iqn) ++ self.assertEqual(len(devs), 1) ++ ++ # check if the block device have 'Symlinks' property updated ++ disk_name = os.path.realpath(devs[0]).split('/')[-1] ++ disk_obj = self.get_object('/block_devices/' + disk_name) ++ dbus_path = str(disk_obj.object_path) ++ self.assertIsNotNone(disk_obj) ++ ++ symlinks = self.get_property_raw(disk_obj, '.Block', 'Symlinks') ++ self.assertIn(self.str_to_ay(devs[0]), symlinks) ++ ++ manager.Logout(iqn, tpg, host, port, iface, self.no_options, ++ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator', ++ timeout=self.iscsi_timeout) ++ ++ devs = glob.glob('/dev/disk/by-path/*%s*' % iqn) ++ self.assertEqual(len(devs), 0) ++ ++ # make sure the disk is no longer on dbus ++ udisks = self.get_object('') ++ objects = udisks.GetManagedObjects(dbus_interface='org.freedesktop.DBus.ObjectManager') ++ self.assertNotIn(dbus_path, objects.keys()) diff --git a/udisks-2.10.0-iscsi_test_02_lio_target_conf.patch b/udisks-2.10.0-iscsi_test_02_lio_target_conf.patch new file mode 100644 index 0000000..cf269a5 --- /dev/null +++ b/udisks-2.10.0-iscsi_test_02_lio_target_conf.patch @@ -0,0 +1,51 @@ +commit 13a6a27eecdd1fb527b9151309366970b182a58d +Author: Tomas Bzatek +Date: Thu Oct 20 17:17:10 2022 +0200 + + tests: Fix LIO target config auth + + Linux kernel 6.0 brought number of the LIO target changes related to authentication + that made our tests fail. Turned out our target config was incorrect, e.g. + not requiring auth for CHAP tests, etc. The kernel 6.0 looks to be more strict + in this regard. + +diff --git a/src/tests/dbus-tests/targetcli_config.json b/src/tests/dbus-tests/targetcli_config.json +index 25d506b6..3be9eac2 100644 +--- a/src/tests/dbus-tests/targetcli_config.json ++++ b/src/tests/dbus-tests/targetcli_config.json +@@ -385,7 +385,7 @@ + "tpgs": [ + { + "attributes": { +- "authentication": 0, ++ "authentication": 1, + "cache_dynamic_acls": 0, + "default_cmdsn_depth": 64, + "default_erl": 0, +@@ -432,7 +432,7 @@ + } + ], + "parameters": { +- "AuthMethod": "CHAP,None", ++ "AuthMethod": "CHAP", + "DataDigest": "CRC32C,None", + "DataPDUInOrder": "Yes", + "DataSequenceInOrder": "Yes", +@@ -471,7 +471,7 @@ + "tpgs": [ + { + "attributes": { +- "authentication": 0, ++ "authentication": 1, + "cache_dynamic_acls": 0, + "default_cmdsn_depth": 64, + "default_erl": 0, +@@ -520,7 +520,7 @@ + } + ], + "parameters": { +- "AuthMethod": "CHAP,None", ++ "AuthMethod": "CHAP", + "DataDigest": "CRC32C,None", + "DataPDUInOrder": "Yes", + "DataSequenceInOrder": "Yes", diff --git a/udisks-2.10.0-iscsi_test_03_iscsid_cache_clean.patch b/udisks-2.10.0-iscsi_test_03_iscsid_cache_clean.patch new file mode 100644 index 0000000..5473b8a --- /dev/null +++ b/udisks-2.10.0-iscsi_test_03_iscsid_cache_clean.patch @@ -0,0 +1,84 @@ +commit 68115b16181db7a38f852b101ec965b9fc3e59cb +Author: Tomas Bzatek +Date: Thu Oct 20 17:32:29 2022 +0200 + + tests: Clean the discovered test target iscsid node cache + + After each DiscoverSendTargets() and Login() calls iscsid caches + the node info in /var/lib/iscsi/nodes. That includes auth info and + passwords in plaintext. This might potentially lead to lingering + attributes sneaking into subsequent tests, affecting the results. + + Let's clean that after each test run. + +diff --git a/src/tests/dbus-tests/test_30_iscsi.py b/src/tests/dbus-tests/test_30_iscsi.py +index 6ac8386b..2b75462a 100644 +--- a/src/tests/dbus-tests/test_30_iscsi.py ++++ b/src/tests/dbus-tests/test_30_iscsi.py +@@ -6,6 +6,7 @@ import os + import re + import six + import time ++import shutil + import unittest + + +@@ -26,6 +27,7 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase): + chap_iqn = 'iqn.2003-01.udisks.test:iscsi-test-chap' + mutual_iqn = 'iqn.2003-01.udisks.test:iscsi-test-mutual' + ++ + # Define common D-Bus method call timeout that needs to be slightly longer + # than the corresponding timeout defined in libiscsi: + # #define ISCSID_REQ_TIMEOUT 1000 +@@ -61,6 +63,10 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase): + initiator = bytearray(data) + return initiator.strip().split(b"InitiatorName=")[1] + ++ def _clean_iscsid_node_dir(self): ++ for iqn in [self.noauth_iqn, self.chap_iqn, self.mutual_iqn]: ++ shutil.rmtree(os.path.join('/var/lib/iscsi/nodes/', iqn), ignore_errors=True) ++ + def test__manager_interface(self): + '''Test for module D-Bus Manager interface presence''' + +@@ -86,6 +92,7 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase): + nodes, _ = manager.DiscoverSendTargets(self.address, self.port, self.no_options, + dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator', + timeout=self.iscsi_timeout) ++ self.addCleanup(self._clean_iscsid_node_dir) + + node = next((node for node in nodes if node[0] == self.noauth_iqn), None) + self.assertIsNotNone(node) +@@ -131,6 +138,7 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase): + nodes, _ = manager.DiscoverSendTargets(self.address, self.port, self.no_options, + dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator', + timeout=self.iscsi_timeout) ++ self.addCleanup(self._clean_iscsid_node_dir) + + node = next((node for node in nodes if node[0] == self.chap_iqn), None) + self.assertIsNotNone(node) +@@ -190,6 +198,7 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase): + nodes, _ = manager.DiscoverSendTargets(self.address, self.port, self.no_options, + dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator', + timeout=self.iscsi_timeout) ++ self.addCleanup(self._clean_iscsid_node_dir) + + node = next((node for node in nodes if node[0] == self.mutual_iqn), None) + self.assertIsNotNone(node) +@@ -246,6 +255,7 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase): + nodes, _ = manager.DiscoverSendTargets(self.address, self.port, self.no_options, + dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator', + timeout=self.iscsi_timeout) ++ self.addCleanup(self._clean_iscsid_node_dir) + + node = next((node for node in nodes if node[0] == self.noauth_iqn), None) + self.assertIsNotNone(node) +@@ -293,6 +303,7 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase): + nodes, _ = manager.DiscoverSendTargets(self.address, self.port, self.no_options, + dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator', + timeout=self.iscsi_timeout) ++ self.addCleanup(self._clean_iscsid_node_dir) + + node = next((node for node in nodes if node[0] == self.noauth_iqn), None) + self.assertIsNotNone(node) diff --git a/udisks-2.10.0-iscsi_test_04_fix_test_login_chap_auth.patch b/udisks-2.10.0-iscsi_test_04_fix_test_login_chap_auth.patch new file mode 100644 index 0000000..bf759fe --- /dev/null +++ b/udisks-2.10.0-iscsi_test_04_fix_test_login_chap_auth.patch @@ -0,0 +1,37 @@ +commit 1bf172603e4cc77da70d8fd13b6ba6c8b8c91600 +Author: Tomas Bzatek +Date: Thu Oct 20 17:53:20 2022 +0200 + + tests: Test iscsi noauth in test_login_chap_auth + + The other way is already tested in test_login_noauth_badauth. + +diff --git a/src/tests/dbus-tests/test_30_iscsi.py b/src/tests/dbus-tests/test_30_iscsi.py +index 2b75462a..f2594d99 100644 +--- a/src/tests/dbus-tests/test_30_iscsi.py ++++ b/src/tests/dbus-tests/test_30_iscsi.py +@@ -151,8 +151,14 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase): + options = dbus.Dictionary(signature='sv') + options['username'] = self.initiator + ++ msg = 'Login failed: initiator reported error \(24 - iSCSI login failed due to authorization failure\)' ++ # missing auth info ++ with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg): ++ manager.Login(iqn, tpg, host, port, iface, self.no_options, ++ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator', ++ timeout=self.iscsi_timeout) ++ + # wrong password +- msg = 'Login failed: initiator reported error' + with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg): + options['password'] = '12345' + manager.Login(iqn, tpg, host, port, iface, options, +@@ -318,7 +324,7 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase): + # first attempt - wrong password + options = dbus.Dictionary(signature='sv') + options['username'] = self.initiator +- msg = 'Login failed: initiator reported error' ++ msg = r'Login failed: initiator reported error \((19 - encountered non-retryable iSCSI login failure|24 - iSCSI login failed due to authorization failure)\)' + with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg): + options['password'] = '12345' + manager.Login(iqn, tpg, host, port, iface, options, diff --git a/udisks2.spec b/udisks2.spec index 4842a51..256de29 100644 --- a/udisks2.spec +++ b/udisks2.spec @@ -48,7 +48,7 @@ Name: udisks2 Summary: Disk Manager Version: 2.9.4 -Release: 5%{?dist} +Release: 6%{?dist} License: GPLv2+ URL: https://github.com/storaged-project/udisks Source0: https://github.com/storaged-project/udisks/releases/download/udisks-%{version}/udisks-%{version}.tar.bz2 @@ -64,6 +64,12 @@ Patch4: udisks-2.10.0-block_format_ata_secure_erase.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1983602 Patch5: udisks-2.10.0-iscsi-auth-info.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2136557 +Patch10: udisks-2.10.0-iscsi_test_01_badauth.patch +Patch11: udisks-2.10.0-iscsi_test_02_lio_target_conf.patch +Patch12: udisks-2.10.0-iscsi_test_03_iscsid_cache_clean.patch +Patch13: udisks-2.10.0-iscsi_test_04_fix_test_login_chap_auth.patch + BuildRequires: make BuildRequires: glib2-devel >= %{glib2_version} BuildRequires: gobject-introspection-devel >= %{gobject_introspection_version} @@ -438,6 +444,9 @@ fi %endif %changelog +* Fri Oct 21 2022 Tomas Bzatek - 2.9.4-6 +- Fix iscsi test LIO target config (#2136557) + * Wed Oct 19 2022 Tomas Bzatek - 2.9.4-5 - Fix iscsi authentication info override (#1983602)