* Fri Jun 02 2023 Tomas Bzatek <tbzatek@redhat.com> - 2.9.4-9

- iscsi: Fix login on firmware-discovered nodes (#2213769) Resolves: #2213769
2023-08-02 17:17:27 +02:00 · 2023-08-02 17:17:27 +02:00 · 878886e4b6
commit 878886e4b6
parent 10280ed660
2 changed files with 79 additions and 1 deletions
--- a/udisks-2.10.0-iscsi-ibft-chap-auth.patch
+++ b/udisks-2.10.0-iscsi-ibft-chap-auth.patch
@ -0,0 +1,73 @@
+From 0441d0f93788b617a38b75e4a44744406976c822 Mon Sep 17 00:00:00 2001
+From: Tomas Bzatek <tbzatek@redhat.com>
+Date: Mon, 31 Jul 2023 16:48:28 +0200
+Subject: [PATCH] iscsi: Fix login on firmware-discovered nodes
+
+There's currently no way to distinguish between force-no-auth and
+use-fw-discovered-auth-info scenarios from the D-Bus API so let's
+assume that the caller wants to retain the firmware-discovered auth
+info unless overriden with specific CHAP credentials.
+---
+ .../data/org.freedesktop.UDisks2.iscsi.xml    |  3 +++
+ modules/iscsi/udisksiscsiutil.c               | 27 ++++++++++++++++++-
+ 2 files changed, 29 insertions(+), 1 deletion(-)
+
+diff --git a/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml b/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml
+index cf262deb68..e8a717ff1d 100644
+--- a/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml
+++ b/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml
+@@ -162,6 +162,9 @@
+         <parameter>reverse-password</parameter> will be used for CHAP
+         authentication.
+ 
+        Firmware-discovered nodes retain their authentication info unless
+        overriden with specified credentials (see above).
+
+         All the additional options are transformed into the interface
+         parameters.  For example, if an automatic node startup is desired, the
+         <parameter>node.startup</parameter> needs to be set to
+diff --git a/modules/iscsi/udisksiscsiutil.c b/modules/iscsi/udisksiscsiutil.c
+index b279442876..fb4f5ea167 100644
+--- a/modules/iscsi/udisksiscsiutil.c
+++ b/modules/iscsi/udisksiscsiutil.c
+@@ -264,6 +264,31 @@ iscsi_params_pop_chap_data (GVariant      *params,
+   return g_variant_dict_end (&dict);
+ }
+ 
+static gboolean
+is_auth_required (struct libiscsi_context   *ctx,
+                  struct libiscsi_node      *node,
+                  struct libiscsi_auth_info *auth_info)
+{
+  char val[LIBISCSI_VALUE_MAXLEN + 1] = {'\0',};
+  int ret;
+
+  /* TODO: No way to distinguish between the "no auth requested" and
+   *       "retain discovered auth info" scenarios from the D-Bus API.
+   */
+
+  /* In case CHAP auth is requested, let's use it unconditionally */
+  if (auth_info->method != libiscsi_auth_none)
+    return TRUE;
+
+  /* Avoid auth override on firmware-discovered nodes */
+  ret = libiscsi_node_get_parameter (ctx, node, "node.discovery_type", val);
+  if (ret == 0 && g_strcmp0 (val, "fw") == 0)
+    return FALSE;
+
+  /* Not a firmware-discovered node, maintain legacy rules */
+  return TRUE;
+}
+
+ gint
+ iscsi_login (UDisksLinuxModuleISCSI *module,
+              const gchar            *name,
+@@ -317,7 +342,7 @@ iscsi_login (UDisksLinuxModuleISCSI *module,
+       err = iscsi_perform_login_action (module,
+                                         ACTION_LOGIN,
+                                         &node,
+-                                        &auth_info,
+                                        is_auth_required (ctx, &node, &auth_info) ? &auth_info : NULL,
+                                         errorstr);
+     }
+ 
--- a/udisks2.spec
+++ b/udisks2.spec
@ -48,7 +48,7 @@
 Name:    udisks2
 Summary: Disk Manager
 Version: 2.9.4
-Release: 8%{?dist}
+Release: 9%{?dist}
 License: GPLv2+
 URL:     https://github.com/storaged-project/udisks
 Source0: https://github.com/storaged-project/udisks/releases/download/udisks-%{version}/udisks-%{version}.tar.bz2
@ -83,6 +83,8 @@ Patch18: udisks-2.10.0-lvm2_update_epoch.patch
 Patch19: udisks-2.10.0-lvm2_vgcreate_uevent_sync.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2148844
 Patch20: udisks-2.9.4-tests_job_unstable.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2213769
+Patch21: udisks-2.10.0-iscsi-ibft-chap-auth.patch

 BuildRequires: make
 BuildRequires: glib2-devel >= %{glib2_version}
@ -458,6 +460,9 @@ fi
 %endif

 %changelog
+* Fri Jun 02 2023 Tomas Bzatek <tbzatek@redhat.com> - 2.9.4-9
+- iscsi: Fix login on firmware-discovered nodes (#2213769)
+
 * Fri Jun 02 2023 Tomas Bzatek <tbzatek@redhat.com> - 2.9.4-8
 - iscsi: CHAP auth algorithm selection fixes (#2188916)
 - tests: Use stronger passphrases for LUKS tests (#2188750,#2188752)