From 878886e4b690460e97333d307af59052f03b1d51 Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Wed, 2 Aug 2023 17:17:27 +0200
Subject: [PATCH] * Fri Jun 02 2023 Tomas Bzatek <tbzatek@redhat.com> - 2.9.4-9
 - iscsi: Fix login on firmware-discovered nodes (#2213769)

Resolves: #2213769
---
 udisks-2.10.0-iscsi-ibft-chap-auth.patch | 73 ++++++++++++++++++++++++
 udisks2.spec                             |  7 ++-
 2 files changed, 79 insertions(+), 1 deletion(-)
 create mode 100644 udisks-2.10.0-iscsi-ibft-chap-auth.patch

diff --git a/udisks-2.10.0-iscsi-ibft-chap-auth.patch b/udisks-2.10.0-iscsi-ibft-chap-auth.patch
new file mode 100644
index 0000000..2074422
--- /dev/null
+++ b/udisks-2.10.0-iscsi-ibft-chap-auth.patch
@@ -0,0 +1,73 @@
+From 0441d0f93788b617a38b75e4a44744406976c822 Mon Sep 17 00:00:00 2001
+From: Tomas Bzatek <tbzatek@redhat.com>
+Date: Mon, 31 Jul 2023 16:48:28 +0200
+Subject: [PATCH] iscsi: Fix login on firmware-discovered nodes
+
+There's currently no way to distinguish between force-no-auth and
+use-fw-discovered-auth-info scenarios from the D-Bus API so let's
+assume that the caller wants to retain the firmware-discovered auth
+info unless overriden with specific CHAP credentials.
+---
+ .../data/org.freedesktop.UDisks2.iscsi.xml    |  3 +++
+ modules/iscsi/udisksiscsiutil.c               | 27 ++++++++++++++++++-
+ 2 files changed, 29 insertions(+), 1 deletion(-)
+
+diff --git a/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml b/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml
+index cf262deb68..e8a717ff1d 100644
+--- a/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml
++++ b/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml
+@@ -162,6 +162,9 @@
+         <parameter>reverse-password</parameter> will be used for CHAP
+         authentication.
+ 
++        Firmware-discovered nodes retain their authentication info unless
++        overriden with specified credentials (see above).
++
+         All the additional options are transformed into the interface
+         parameters.  For example, if an automatic node startup is desired, the
+         <parameter>node.startup</parameter> needs to be set to
+diff --git a/modules/iscsi/udisksiscsiutil.c b/modules/iscsi/udisksiscsiutil.c
+index b279442876..fb4f5ea167 100644
+--- a/modules/iscsi/udisksiscsiutil.c
++++ b/modules/iscsi/udisksiscsiutil.c
+@@ -264,6 +264,31 @@ iscsi_params_pop_chap_data (GVariant      *params,
+   return g_variant_dict_end (&dict);
+ }
+ 
++static gboolean
++is_auth_required (struct libiscsi_context   *ctx,
++                  struct libiscsi_node      *node,
++                  struct libiscsi_auth_info *auth_info)
++{
++  char val[LIBISCSI_VALUE_MAXLEN + 1] = {'\0',};
++  int ret;
++
++  /* TODO: No way to distinguish between the "no auth requested" and
++   *       "retain discovered auth info" scenarios from the D-Bus API.
++   */
++
++  /* In case CHAP auth is requested, let's use it unconditionally */
++  if (auth_info->method != libiscsi_auth_none)
++    return TRUE;
++
++  /* Avoid auth override on firmware-discovered nodes */
++  ret = libiscsi_node_get_parameter (ctx, node, "node.discovery_type", val);
++  if (ret == 0 && g_strcmp0 (val, "fw") == 0)
++    return FALSE;
++
++  /* Not a firmware-discovered node, maintain legacy rules */
++  return TRUE;
++}
++
+ gint
+ iscsi_login (UDisksLinuxModuleISCSI *module,
+              const gchar            *name,
+@@ -317,7 +342,7 @@ iscsi_login (UDisksLinuxModuleISCSI *module,
+       err = iscsi_perform_login_action (module,
+                                         ACTION_LOGIN,
+                                         &node,
+-                                        &auth_info,
++                                        is_auth_required (ctx, &node, &auth_info) ? &auth_info : NULL,
+                                         errorstr);
+     }
+ 
diff --git a/udisks2.spec b/udisks2.spec
index 69969d8..f1800b1 100644
--- a/udisks2.spec
+++ b/udisks2.spec
@@ -48,7 +48,7 @@
 Name:    udisks2
 Summary: Disk Manager
 Version: 2.9.4
-Release: 8%{?dist}
+Release: 9%{?dist}
 License: GPLv2+
 URL:     https://github.com/storaged-project/udisks
 Source0: https://github.com/storaged-project/udisks/releases/download/udisks-%{version}/udisks-%{version}.tar.bz2
@@ -83,6 +83,8 @@ Patch18: udisks-2.10.0-lvm2_update_epoch.patch
 Patch19: udisks-2.10.0-lvm2_vgcreate_uevent_sync.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2148844
 Patch20: udisks-2.9.4-tests_job_unstable.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2213769
+Patch21: udisks-2.10.0-iscsi-ibft-chap-auth.patch
 
 BuildRequires: make
 BuildRequires: glib2-devel >= %{glib2_version}
@@ -458,6 +460,9 @@ fi
 %endif
 
 %changelog
+* Fri Jun 02 2023 Tomas Bzatek <tbzatek@redhat.com> - 2.9.4-9
+- iscsi: Fix login on firmware-discovered nodes (#2213769)
+
 * Fri Jun 02 2023 Tomas Bzatek <tbzatek@redhat.com> - 2.9.4-8
 - iscsi: CHAP auth algorithm selection fixes (#2188916)
 - tests: Use stronger passphrases for LUKS tests (#2188750,#2188752)