From 0441d0f93788b617a38b75e4a44744406976c822 Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Mon, 31 Jul 2023 16:48:28 +0200
Subject: [PATCH] iscsi: Fix login on firmware-discovered nodes

There's currently no way to distinguish between force-no-auth and
use-fw-discovered-auth-info scenarios from the D-Bus API so let's
assume that the caller wants to retain the firmware-discovered auth
info unless overriden with specific CHAP credentials.
---
 .../data/org.freedesktop.UDisks2.iscsi.xml    |  3 +++
 modules/iscsi/udisksiscsiutil.c               | 27 ++++++++++++++++++-
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml b/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml
index cf262deb68..e8a717ff1d 100644
--- a/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml
+++ b/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml
@@ -162,6 +162,9 @@
         <parameter>reverse-password</parameter> will be used for CHAP
         authentication.
 
+        Firmware-discovered nodes retain their authentication info unless
+        overriden with specified credentials (see above).
+
         All the additional options are transformed into the interface
         parameters.  For example, if an automatic node startup is desired, the
         <parameter>node.startup</parameter> needs to be set to
diff --git a/modules/iscsi/udisksiscsiutil.c b/modules/iscsi/udisksiscsiutil.c
index b279442876..fb4f5ea167 100644
--- a/modules/iscsi/udisksiscsiutil.c
+++ b/modules/iscsi/udisksiscsiutil.c
@@ -264,6 +264,31 @@ iscsi_params_pop_chap_data (GVariant      *params,
   return g_variant_dict_end (&dict);
 }
 
+static gboolean
+is_auth_required (struct libiscsi_context   *ctx,
+                  struct libiscsi_node      *node,
+                  struct libiscsi_auth_info *auth_info)
+{
+  char val[LIBISCSI_VALUE_MAXLEN + 1] = {'\0',};
+  int ret;
+
+  /* TODO: No way to distinguish between the "no auth requested" and
+   *       "retain discovered auth info" scenarios from the D-Bus API.
+   */
+
+  /* In case CHAP auth is requested, let's use it unconditionally */
+  if (auth_info->method != libiscsi_auth_none)
+    return TRUE;
+
+  /* Avoid auth override on firmware-discovered nodes */
+  ret = libiscsi_node_get_parameter (ctx, node, "node.discovery_type", val);
+  if (ret == 0 && g_strcmp0 (val, "fw") == 0)
+    return FALSE;
+
+  /* Not a firmware-discovered node, maintain legacy rules */
+  return TRUE;
+}
+
 gint
 iscsi_login (UDisksLinuxModuleISCSI *module,
              const gchar            *name,
@@ -317,7 +342,7 @@ iscsi_login (UDisksLinuxModuleISCSI *module,
       err = iscsi_perform_login_action (module,
                                         ACTION_LOGIN,
                                         &node,
-                                        &auth_info,
+                                        is_auth_required (ctx, &node, &auth_info) ? &auth_info : NULL,
                                         errorstr);
     }