diff options
| -rw-r--r-- | Changelog | 73 | ||||
| -rw-r--r-- | Makefile | 20 | ||||
| -rw-r--r-- | doc/Makefile | 12 | ||||
| -rw-r--r-- | doc/iscsistart.8.template (renamed from doc/iscsistart.8) | 4 | ||||
| -rw-r--r-- | etc/Makefile | 8 | ||||
| -rw-r--r-- | etc/iscsid.conf | 6 | ||||
| -rw-r--r-- | etc/systemd/ibft-rule-generator | 2 | ||||
| -rw-r--r-- | iscsiuio/src/unix/Makefile.am | 17 | ||||
| -rw-r--r-- | libopeniscsiusr/Makefile | 5 | ||||
| -rw-r--r-- | libopeniscsiusr/version.h | 2 | ||||
| -rw-r--r-- | usr/Makefile | 6 | ||||
| -rw-r--r-- | usr/event_poll.c | 12 | ||||
| -rw-r--r-- | usr/idbm.c | 65 | ||||
| -rw-r--r-- | usr/initiator.c | 15 | ||||
| -rw-r--r-- | usr/iscsi_ipc.h | 13 | ||||
| -rw-r--r-- | usr/iscsiadm.c | 8 | ||||
| -rw-r--r-- | usr/iscsid.c | 6 | ||||
| -rw-r--r-- | usr/iscsistart.c | 25 | ||||
| -rw-r--r-- | usr/mgmt_ipc.c | 54 | ||||
| -rw-r--r-- | usr/mgmt_ipc.h | 1 | ||||
| -rw-r--r-- | usr/statics.c | 19 | ||||
| -rw-r--r-- | usr/version.h | 2 | ||||
| -rw-r--r-- | utils/Makefile | 6 | ||||
| -rw-r--r-- | utils/sysdeps/Makefile | 4 |
24 files changed, 295 insertions, 90 deletions
@@ -1,3 +1,76 @@ +-> open-iscsi-2.1.6 - open-iscsi-2.1.7 + +Lee Duncan (48): + Remove HEREIS usage from iscsi-gen-initiatorname + Fix iscsi-init.service start time + test: Rename README to README.orig + test: Add new README, update old README and TODO + test: Fix bug/spelling error, cleanup messages + test: Fix mispelling of MaxBurst + test: fix error with verifying mkfs command + test: remove the ".setup" file, used for development + test: Cleanup README and TODO + test: Track time spent calling subprocesses + test: Add suggested test setup info to README + test: Add missing verbose print, and track more time values + test: Track time spent in sleep() more easily/accurately + test: fix message mispelling of "umount" + test: add item to TODO list + test: further improve test suite time display + Remove SUSE init.d startup files + Cleanup iscsiadm man page + Allow name/value args for firmware logins. + Update iscsiadm.8 for firmware name/value pairs + General Makefile/README cleanup + Clean up Makefile build system. + Clean up the usage info for iscsid + Remove no-longer-used Makefile target for subdir + Make DB and ISCSIHOME directories configurable. + Build: Cleanup fwparam_ibft and sysdeps subdirs. + Add a README for fwparam_ibft subdirectory. + Build: cleanup usr Makefile: remove obj files on "clean" + Remove unused fwparam_ibft.[ch] files in fwparam_ibft. + Build: upate "depend" target to include sysdeps + Fix gcc issues with unused params in fwparam + Use DESTDIR correctly for HOMEDIR and DBROOT + Be smarter about creating iscsiuio.8 man page + Build: remove unused Makefile HOMEDIR creation + Build: use upper- vs lower-case variable names correctly + Build: libopeniscsiusr install should install docs + Remove debug messages from libopeniscsiusr/Makefile + Build: cleanup libopeniscsiusr/Makefile + Build: add libsystemd CFLAGS for building objects + Build: remove redundant definition in utils Makefile + Build: add RULESDIR to top-level Makefile + Create an systemd iBFT rule generator + Build: install systemd generator file with svc files + Use kernel initiatorname when setting local iname + utils: remove errant spaces in script + Check for root in iscsi-gen-initiatorname + Make fwparam_ibft build more reliable. + Fix ibft-rule-generator shell error + +Sam James (5): + iscsiuio: don't clobber LDFLAGS in configure.ac + iscsiuio: respect LDFLAGS fully + Makefiles: respect $(CC) fully (don't hardcode GCC); use $(RM) + Makefiles: don't hardcode sed, pkg-config + libopeniscsiusr: fix version in installed pkgconfig (.pc) file + +Wenchao Hao (5): + Add conn_xxx() macros to print connection info in more details + Make session and connect log readable and helpful to locate problem + mgmt: print connection info when write qtask response failed + initiator: return ENOMEM if failed to get ev_context in iscsi_send_logout() + initiator:print failure reason of iscsi_send_logout() if failed + +ryancaicse (1): + Fix a missing-unlocking bug + +scaleoutSean (1): + Fix minor error string typos + + -> open-iscsi-2.1.5 - open-iscsi-2.1.6 Chris Leech (1): @@ -76,14 +76,14 @@ iscsiuio/configure: iscsiuio/configure.ac iscsiuio/Makefile.am force: ; -clean: - $(MAKE) $(MFLAGS) -C utils/sysdeps clean - $(MAKE) $(MFLAGS) -C utils clean - $(MAKE) $(MFLAGS) -C usr clean - $(MAKE) $(MFLAGS) -C etc clean - $(MAKE) $(MFLAGS) -C libopeniscsiusr clean - [ ! -f iscsiuio/Makefile ] || $(MAKE) $(MFLAGS) -C iscsiuio clean - [ ! -f iscsiuio/Makefile ] || $(MAKE) $(MFLAGS) -C iscsiuio distclean +clean distclean: + $(MAKE) $(MFLAGS) -C utils/sysdeps $@ + $(MAKE) $(MFLAGS) -C utils $@ + $(MAKE) $(MFLAGS) -C usr $@ + $(MAKE) $(MFLAGS) -C etc $@ + $(MAKE) $(MFLAGS) -C libopeniscsiusr $@ + $(MAKE) $(MFLAGS) -C doc $@ + [ ! -f iscsiuio/Makefile ] || $(MAKE) $(MFLAGS) -C iscsiuio $@ # this is for safety # now -jXXX will still be safe @@ -127,4 +127,6 @@ depend: .PHONY: all user install force clean install_user install_udev_rules install_systemd \ install_programs install_initrd install_initrd_redhat install_initrd_debian \ - install_doc install_iname install_libopeniscsiusr install_etc install_ec_all + install_doc install_iname install_libopeniscsiusr install_etc install_etc_all \ + distclean depend install_initd install_initd_redhat install_initd_debian \ + install_iscsiuio diff --git a/doc/Makefile b/doc/Makefile index 9ed025d..47e14a9 100644 --- a/doc/Makefile +++ b/doc/Makefile @@ -22,11 +22,11 @@ MAN8DIR = $(DESTDIR)$(mandir)/man8 MANPAGES_SOURCES = iscsi_discovery.8 \ iscsi_fw_login.8 \ - iscsi-iname.8 \ - iscsistart.8 + iscsi-iname.8 MANPAGES_TEMPLATES = iscsid.8.template \ iscsiadm.8.template \ - iscsi-gen-initiatorname.8 + iscsi-gen-initiatorname.8 \ + iscsistart.8.template MANPAGES_GENERATED = $(MANPAGES_TEMPLATES:.template=) MANPAGES_DEST = $(addprefix $(MAN8DIR)/,$(MANPAGES_GENERATED)) \ $(addprefix $(MAN8DIR)/,$(MANPAGES_SOURCES)) @@ -47,5 +47,9 @@ $(MANPAGES_DEST): $(MAN8DIR)/%: % $(MAN8DIR): [ -d $@ ] || $(INSTALL) -d $@ -clean: +clean: ; + +distclean: $(RM) $(MANPAGES_GENERATED) + +.PHONY: all install install_doc clean distclean diff --git a/doc/iscsistart.8 b/doc/iscsistart.8.template index 5aa7dd4..62fae4d 100644 --- a/doc/iscsistart.8 +++ b/doc/iscsistart.8.template @@ -12,6 +12,10 @@ not be run to manage sessions. Its primary use is to start sessions used for iSCSI root boot. .SH OPTIONS .TP +.BI [-c|--config=]\fIconfig\-file\fP +Read configuration from \fIconfig\-file\fR rather than the default +\fI@HOMEDIR@/iscsid.conf\fR file. +.TP .BI [-i|--initiatorname=]\fIname\fP Set InitiatorName to name (Required if not using iBFT or OF) .TP diff --git a/etc/Makefile b/etc/Makefile index d065319..6a03c32 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -104,8 +104,12 @@ $(DESTDIR)$(systemddir)/system $(DESTDIR)$(systemddir)/system-generators $(DESTD $(DESTDIR)$(DBROOT)/ifaces $(DESTDIR)$(initddir)/open-iscsi: [ -d $@ ] || $(INSTALL) -d -m 775 $@ -clean: +clean: ; + +distclean: $(RM) $(SYSTEMD_GENERATED_SERVICE_FILES) .PHONY: all clean install install_iface install_initd install_initd_redhat \ - install_initd_debian install_systemd + install_initd_debian install_systemd distclean install_iname \ + install_systemd_generator_files install_systemd_service_files \ + install_initd_distro install_etc diff --git a/etc/iscsid.conf b/etc/iscsid.conf index 2dc412f..79d8127 100644 --- a/etc/iscsid.conf +++ b/etc/iscsid.conf @@ -31,6 +31,12 @@ # and refuse to logout if there are any. Defaults to "No". # iscsid.safe_logout = Yes +# Only require UID auth for MGMT IPCs, and not username. +# Useful if you want to run iscsid in a constrained environment. +# Note: Only do this if you are aware of the security implications. +# Defaults to "No". +# iscsid.ipc_auth_uid = Yes + ############################# # NIC/HBA and driver settings ############################# diff --git a/etc/systemd/ibft-rule-generator b/etc/systemd/ibft-rule-generator index 038a4c2..a464fd6 100644 --- a/etc/systemd/ibft-rule-generator +++ b/etc/systemd/ibft-rule-generator @@ -18,7 +18,7 @@ # so we need to hook in before that. # IBFT_RULE_DIR=/run/udev/rules.d -IBFT_RULES=$(IBFT_RULE_DIR)/79-ibft.rules +IBFT_RULES=${IBFT_RULE_DIR}/79-ibft.rules # ensure we have a rules directory and no rules file if [ -d ${IBFT_RULE_DIR} ] ; then diff --git a/iscsiuio/src/unix/Makefile.am b/iscsiuio/src/unix/Makefile.am index 8a94371..4c10711 100644 --- a/iscsiuio/src/unix/Makefile.am +++ b/iscsiuio/src/unix/Makefile.am @@ -27,16 +27,13 @@ iscsiuio_CFLAGS = $(AM_CFLAGS) \ $(LIBNL_CFLAGS) \ -DBYTE_ORDER=@ENDIAN@ -iscsiuio_LIBS = $(AM_LIBS) \ - -ldl \ - -rdynamic \ - $(LIBNL_LIBS) \ - -lpthread - -iscsiuio_LDADD = $(AM_LDADD) \ - ${top_srcdir}/src/uip/lib_iscsi_uip.a \ - ${top_srcdir}/src/apps/dhcpc/lib_apps_dhcpc.a\ +iscsiuio_LDADD = ${top_srcdir}/src/uip/lib_iscsi_uip.a \ + ${top_srcdir}/src/apps/dhcpc/lib_apps_dhcpc.a \ ${top_srcdir}/src/apps/brcm-iscsi/lib_apps_brcm_iscsi.a \ - ${top_srcdir}/src/unix/libs/lib_iscsiuio_hw_cnic.a + ${top_srcdir}/src/unix/libs/lib_iscsiuio_hw_cnic.a \ + $(AM_LDADD) \ + -ldl \ + $(LIBNL_LIBS) \ + -lpthread iscsiuio_YFLAGS = -d diff --git a/libopeniscsiusr/Makefile b/libopeniscsiusr/Makefile index 52e453a..757a853 100644 --- a/libopeniscsiusr/Makefile +++ b/libopeniscsiusr/Makefile @@ -73,6 +73,8 @@ clean: $(RM) vgcore* core *.a *.o *.gz *.so *.so.* $(TESTS) $(RM) -r docs/man +distclean: ; + $(TESTS): $(LIBS) $(TESTS): CFLAGS += -I$(TOPDIR)/libopeniscsiusr -g $(TESTS): LDFLAGS += $(LIBADD) -L$(TOPDIR)/libopeniscsiusr -lopeniscsiusr @@ -121,3 +123,6 @@ docs/man/$(EXTRA_MAN_FILES).gz: $(HEADERS) gzip -f $$file; \ done find docs/man -type f -name \*[0-9].gz + +.PHONY: all install clean distclean doc install_pkg_files install_docs \ + install_libs check diff --git a/libopeniscsiusr/version.h b/libopeniscsiusr/version.h index 5a7ec53..fa6d502 100644 --- a/libopeniscsiusr/version.h +++ b/libopeniscsiusr/version.h @@ -25,6 +25,6 @@ * This may not be the same value as the kernel versions because * some other maintainer could merge a patch without going through us */ -#define ISCSI_VERSION_STR "2.1.6" +#define ISCSI_VERSION_STR "2.1.7" #endif /* End of __ISCSI_OPEN_USR_VERSION_H__ */ diff --git a/usr/Makefile b/usr/Makefile index 3fc2248..79840fc 100644 --- a/usr/Makefile +++ b/usr/Makefile @@ -64,7 +64,7 @@ PROGRAMS_DEST = $(addprefix $(DESTDIR)$(SBINDIR)/,$(PROGRAMS)) ISCSID_OBJS = iscsid.o session_mgmt.o discoveryd.o mntcheck.o ISCSIADM_OBJS = iscsiadm.o session_mgmt.o mntcheck.o -ISCSISTART_OBJS = iscsistart.o statics.o +ISCSISTART_OBJS = iscsistart.o # libc compat files SYSDEPS_DIR = $(TOPDIR)/utils/sysdeps @@ -120,6 +120,10 @@ clean: $(PROGRAMS) .depend $(MAKE) $(MFLAGS) -C $(FW_BOOT_DIR) clean +distclean: ; + +.PHONY: all install clean distclean depend + depend: $(CC) $(CFLAGS) -M `ls *.c` > .depend $(MAKE) $(MFLAGS) -C $(FW_BOOT_DIR) depend diff --git a/usr/event_poll.c b/usr/event_poll.c index ffd12a3..f39f899 100644 --- a/usr/event_poll.c +++ b/usr/event_poll.c @@ -195,8 +195,16 @@ void event_loop(struct iscsi_ipc *ipc, int control_fd, int mgmt_ipc_fd) if (poll_array[POLL_CTRL].revents) ipc->ctldev_handle(); - if (poll_array[POLL_IPC].revents) - mgmt_ipc_handle(mgmt_ipc_fd); + if (poll_array[POLL_IPC].revents) { + switch (ipc->auth_type) { + case ISCSI_IPC_AUTH_UID: + mgmt_ipc_handle_uid_only(mgmt_ipc_fd); + break; + default: + mgmt_ipc_handle(mgmt_ipc_fd); + break; + } + } if (poll_array[POLL_ALARM].revents) { struct signalfd_siginfo si; @@ -3055,6 +3055,32 @@ void idbm_terminate(void) free(db); } +static bool idbm_populate_rec(struct node_rec *rec, + char *targetname, int tpgt, char *ip, + int port, struct iface_rec *iface, + int verbose) +{ + if (targetname) + strlcpy(rec->name, targetname, TARGET_NAME_MAXLEN); + rec->tpgt = tpgt; + rec->conn[0].port = port; + if (ip) + strlcpy(rec->conn[0].address, ip, NI_MAXHOST); + memset(&rec->iface, 0, sizeof(struct iface_rec)); + if (iface) { + iface_copy(&rec->iface, iface); + if (strlen(iface->name)) { + if (iface_conf_read(&rec->iface)) { + if (verbose) + log_error("Could not read iface info " + "for %s.", iface->name); + return false; + } + } + } + return true; +} + /** * idbm_create_rec - allocate and setup a node record * @targetname: target name @@ -3081,23 +3107,9 @@ struct node_rec *idbm_create_rec(char *targetname, int tpgt, char *ip, } idbm_node_setup_defaults(rec); - if (targetname) - strlcpy(rec->name, targetname, TARGET_NAME_MAXLEN); - rec->tpgt = tpgt; - rec->conn[0].port = port; - if (ip) - strlcpy(rec->conn[0].address, ip, NI_MAXHOST); - memset(&rec->iface, 0, sizeof(struct iface_rec)); - if (iface) { - iface_copy(&rec->iface, iface); - if (strlen(iface->name)) { - if (iface_conf_read(&rec->iface)) { - if (verbose) - log_error("Could not read iface info " - "for %s.", iface->name); - goto free_rec; - } - } + + if (!idbm_populate_rec(rec, targetname, tpgt, ip, port, iface, verbose)) { + goto free_rec; } return rec; free_rec: @@ -3107,14 +3119,23 @@ free_rec: struct node_rec *idbm_create_rec_from_boot_context(struct boot_context *context) { - struct node_rec *rec; + node_rec_t *rec; - /* tpgt hard coded to 1 ??? */ - rec = idbm_create_rec(context->targetname, 1, - context->target_ipaddr, context->target_port, - NULL, 1); + rec = malloc(sizeof(*rec)); if (!rec) { + log_error("Could not not allocate memory to create node " + "record."); + return NULL; + } + + idbm_node_setup_from_conf(rec); + + /* tpgt hard coded to 1 ??? */ + if (!idbm_populate_rec(rec, context->targetname, 1, + context->target_ipaddr, context->target_port, + NULL, 1)) { log_error("Could not setup rec for fw discovery login."); + free(rec); return NULL; } diff --git a/usr/initiator.c b/usr/initiator.c index 7186729..56bf38b 100644 --- a/usr/initiator.c +++ b/usr/initiator.c @@ -1153,8 +1153,9 @@ static void iscsi_stop(void *data) rc = iscsi_send_logout(conn); if (!rc) return; - conn_error(conn, "Could not send logout pdu(%s) from iscsi_stop." - "Dropping session", strerror(rc)); + + conn_error(conn, "Could not send logout pdu(%s) from iscsi_stop. Dropping session", + strerror(rc)); } rc = session_conn_shutdown(conn, conn->logout_qtask, ISCSI_SUCCESS); @@ -1239,8 +1240,8 @@ static void iscsi_recv_async_msg(iscsi_conn_t *conn, struct iscsi_hdr *hdr) */ rc = iscsi_send_logout(conn); if (rc) - conn_error(conn, "Could not send logout in response to" - "logout request aen:%s", strerror(rc)); + conn_error(conn, "Could not send logout in response to logout request aen:%s", + strerror(rc)); break; case ISCSI_ASYNC_MSG_DROPPING_CONNECTION: conn_warn(conn, "Target dropping %u, reconnect min %u max %u", ntohs(async_hdr->param1), @@ -2146,12 +2147,12 @@ invalid_state: if (!(session->t->caps & CAP_LOGIN_OFFLOAD)) { /* unbind is not supported so just do old logout */ rc = iscsi_send_logout(conn); - if (rc) + if (!rc) return ISCSI_SUCCESS; } - conn_error(conn, "Could not send logout pdu(%s) from session_logout_task." - "Dropping session", strerror(rc)); + conn_error(conn, "Could not send logout pdu(%s) from session_logout_task. Dropping session", + strerror(rc)); /* fallthrough */ default: rc = session_conn_shutdown(conn, qtask, ISCSI_SUCCESS); diff --git a/usr/iscsi_ipc.h b/usr/iscsi_ipc.h index 47857dd..78bd29a 100644 --- a/usr/iscsi_ipc.h +++ b/usr/iscsi_ipc.h @@ -52,6 +52,17 @@ struct iscsi_ipc_ev_clbk { extern void ipc_register_ev_callback(struct iscsi_ipc_ev_clbk *ipc_ev_clbk); +enum iscsi_ipc_auth_type { + /* UID must have valid entry in user db */ + ISCSI_IPC_AUTH_DEFAULT = 0, + + /* Check only that UID==0 */ + ISCSI_IPC_AUTH_UID, + + /* Must be last */ + ISCSI_IPC_AUTH_MAX, +}; + /** * struct iscsi_ipc - Open-iSCSI Interface for Kernel IPC * @@ -63,6 +74,8 @@ struct iscsi_ipc { int ctldev_bufmax; + enum iscsi_ipc_auth_type auth_type; + int (*ctldev_open) (void); void (*ctldev_close) (void); diff --git a/usr/iscsiadm.c b/usr/iscsiadm.c index 161e81e..862bcb6 100644 --- a/usr/iscsiadm.c +++ b/usr/iscsiadm.c @@ -3865,11 +3865,6 @@ main(int argc, char **argv) if (mode < 0) usage(ISCSI_ERR_INVAL); - if (mode == MODE_FW) { - rc = exec_fw_op(NULL, NULL, info_level, do_login, op, wait, ¶ms); - goto out; - } - increase_max_files(); if (idbm_init(get_config_file)) { log_warning("exiting due to idbm configuration error"); @@ -3878,6 +3873,9 @@ main(int argc, char **argv) } switch (mode) { + case MODE_FW: + rc = exec_fw_op(NULL, NULL, info_level, do_login, op, wait, ¶ms); + break; case MODE_HOST: if (sub_mode != -1) { switch (sub_mode) { diff --git a/usr/iscsid.c b/usr/iscsid.c index d97738c..8441037 100644 --- a/usr/iscsid.c +++ b/usr/iscsid.c @@ -383,6 +383,7 @@ int main(int argc, char *argv[]) char *initiatorname_file = INITIATOR_NAME_FILE; char *pid_file = PID_FILE; char *safe_logout; + char *ipc_auth_uid; int ch, longindex; uid_t uid = 0; struct sigaction sa_old; @@ -583,6 +584,11 @@ int main(int argc, char *argv[]) daemon_config.safe_logout = 1; free(safe_logout); + ipc_auth_uid = cfg_get_string_param(config_file, "iscsid.ipc_auth_uid"); + if (ipc_auth_uid && !strcmp(ipc_auth_uid, "Yes")) + ipc->auth_type = ISCSI_IPC_AUTH_UID; + free(ipc_auth_uid); + /* see if we have any stale sessions to recover */ sessions_to_recover = iscsi_sysfs_count_sessions(); if (sessions_to_recover) { diff --git a/usr/iscsistart.c b/usr/iscsistart.c index b23751b..546840f 100644 --- a/usr/iscsistart.c +++ b/usr/iscsistart.c @@ -61,11 +61,13 @@ static LIST_HEAD(targets); static LIST_HEAD(user_params); static char program_name[] = "iscsistart"; +static char config_file[TARGET_NAME_MAXLEN]; /* used by initiator */ extern struct iscsi_ipc *ipc; static struct option const long_options[] = { + {"config", required_argument, NULL, 'c'}, {"initiatorname", required_argument, NULL, 'i'}, {"targetname", required_argument, NULL, 't'}, {"tgpt", required_argument, NULL, 'g'}, @@ -94,6 +96,7 @@ static void usage(int status) printf("Usage: %s [OPTION]\n", program_name); printf("\ Open-iSCSI initiator.\n\ + -c, --config=[path] set config file (default " CONFIG_FILE ").\n\ -i, --initiatorname=name set InitiatorName to name (Required)\n\ -t, --targetname=name set TargetName to name (Required)\n\ -g, --tgpt=N set target portal group tag to N (Required)\n\ @@ -270,6 +273,11 @@ static int login_session(struct node_rec *rec) return rc; } +static char *get_config_file(void) +{ + return config_file; +} + static int setup_session(void) { struct boot_context *context; @@ -278,6 +286,13 @@ static int setup_session(void) if (list_empty(&targets)) return login_session(&config_rec); + increase_max_files(); + if (idbm_init(get_config_file)) { + log_warning("exiting due to idbm configuration error"); + rc = ISCSI_ERR_IDBM; + goto out; + } + list_for_each_entry(context, &targets, list) { struct node_rec *rec; @@ -297,6 +312,7 @@ static int setup_session(void) free(rec); } fw_free_targets(&targets); +out: return rc; } @@ -357,6 +373,7 @@ int main(int argc, char *argv[]) int control_fd, mgmt_ipc_fd, err; pid_t pid; + strcpy(config_file, CONFIG_FILE); idbm_node_setup_defaults(&config_rec); config_rec.name[0] = '\0'; config_rec.conn[0].address[0] = '\0'; @@ -373,9 +390,13 @@ int main(int argc, char *argv[]) sysfs_init(); - while ((ch = getopt_long(argc, argv, "P:i:t:g:a:p:d:u:w:U:W:bNfvh", + while ((ch = getopt_long(argc, argv, "c:P:i:t:g:a:p:d:u:w:U:W:bNfvh", long_options, &longindex)) >= 0) { switch (ch) { + case 'c': + strncpy(config_file, optarg, TARGET_NAME_MAXLEN); + config_file[TARGET_NAME_MAXLEN-1] = 0; + break; case 'i': initiatorname = optarg; break; @@ -527,6 +548,8 @@ int main(int argc, char *argv[]) log_debug(1, "TPGT=%d", config_rec.tpgt); log_debug(1, "IP Address=%s", config_rec.conn[0].address); + ipc->auth_type = ISCSI_IPC_AUTH_UID; + /* log the version, so that we can tell if the daemon and kernel module * match based on what shows up in the syslog. Tarballs releases * always install both, but Linux distributors may put the kernel module diff --git a/usr/mgmt_ipc.c b/usr/mgmt_ipc.c index c23bcc0..0ee513f 100644 --- a/usr/mgmt_ipc.c +++ b/usr/mgmt_ipc.c @@ -27,6 +27,7 @@ #include <pwd.h> #include <sys/un.h> #include <string.h> +#include <stdbool.h> #include "iscsid.h" #include "idbm.h" @@ -379,6 +380,32 @@ mgmt_peeruser(int sock, char *user) return 1; } +static bool +mgmt_authorized_uid(int sock) +{ + int authorized = false; + struct ucred peercred = {0}; + socklen_t so_len = sizeof(peercred); + + errno = 0; + if (getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &peercred, + &so_len) != 0 || so_len != sizeof(peercred)) { + /* We didn't get a valid credentials struct. */ + log_error("Error receiving credentials: %m"); + goto ret_auth; + } + + /* Only UID==0 is authorized */ + authorized = peercred.uid ? false: true; + + if (!authorized) { + log_error("Unauthorized user with UID=%u", peercred.uid); + } + +ret_auth: + return authorized; +} + static void mgmt_ipc_destroy_queue_task(queue_task_t *qtask) { @@ -488,7 +515,7 @@ static mgmt_ipc_fn_t * mgmt_ipc_functions[__MGMT_IPC_MAX_COMMAND] = { [MGMT_IPC_NOTIFY_DEL_PORTAL] = mgmt_ipc_notify_del_portal, }; -void mgmt_ipc_handle(int accept_fd) +static void mgmt_ipc_handle_check_auth(int accept_fd, bool auth_uid_only) { unsigned int command; int fd, err; @@ -508,9 +535,16 @@ void mgmt_ipc_handle(int accept_fd) qtask->allocated = 1; qtask->mgmt_ipc_fd = fd; - if (!mgmt_peeruser(fd, user) || strncmp(user, "root", PEERUSER_MAX)) { - err = ISCSI_ERR_ACCESS; - goto err; + if (auth_uid_only) { + if (!mgmt_authorized_uid(fd)) { + err = ISCSI_ERR_ACCESS; + goto err; + } + } else { + if (!mgmt_peeruser(fd, user) || strncmp(user, "root", PEERUSER_MAX)) { + err = ISCSI_ERR_ACCESS; + goto err; + } } if (mgmt_ipc_read_req(qtask) < 0) { @@ -542,3 +576,15 @@ err: * connection and free the qtask */ mgmt_ipc_write_rsp(qtask, err); } + +void mgmt_ipc_handle(int accept_fd) +{ + /* Default behavior. Full auth check. */ + mgmt_ipc_handle_check_auth(accept_fd, false); +} + +void mgmt_ipc_handle_uid_only(int accept_fd) +{ + /* Check only originating UID. */ + mgmt_ipc_handle_check_auth(accept_fd, true); +} diff --git a/usr/mgmt_ipc.h b/usr/mgmt_ipc.h index 55972ed..cc6ef1b 100644 --- a/usr/mgmt_ipc.h +++ b/usr/mgmt_ipc.h @@ -115,5 +115,6 @@ int mgmt_ipc_listen(void); int mgmt_ipc_systemd(void); void mgmt_ipc_close(int fd); void mgmt_ipc_handle(int accept_fd); +void mgmt_ipc_handle_uid_only(int accept_fd); #endif /* MGMT_IPC_H */ diff --git a/usr/statics.c b/usr/statics.c deleted file mode 100644 index f59729b..0000000 --- a/usr/statics.c +++ /dev/null @@ -1,19 +0,0 @@ -#include <unistd.h> -#include <pwd.h> -#include <errno.h> -#include <sys/types.h> - -static struct passwd root_pw = { - .pw_name = "root", -}; - -struct passwd* -getpwuid(uid_t uid) -{ - if (uid == 0) - return &root_pw; - else { - errno = ENOENT; - return 0; - } -} diff --git a/usr/version.h b/usr/version.h index cc791cd..4b74514 100644 --- a/usr/version.h +++ b/usr/version.h @@ -6,7 +6,7 @@ * This may not be the same value as the kernel versions because * some other maintainer could merge a patch without going through us */ -#define ISCSI_VERSION_STR "2.1.6" +#define ISCSI_VERSION_STR "2.1.7" #define ISCSI_VERSION_FILE "/sys/module/scsi_transport_iscsi/version" #endif diff --git a/utils/Makefile b/utils/Makefile index a7eb352..d4b384d 100644 --- a/utils/Makefile +++ b/utils/Makefile @@ -68,9 +68,13 @@ $(DESTDIR)$(SBINDIR) $(DESTDIR)$(RULESDIR): clean: $(RM) $(OBJS) $(RM) $(PROGRAMS) + $(RM) .depend + +distclean: $(RM) $(SCRIPTS_GENERATED) $(RM) $(RULESFILES_GENERATED) - $(RM) .depend + +.PHONY: all install clean distclean depend install_udev_rules depend: $(CC) $(CFLAGS) -M `ls *.c` > .depend diff --git a/utils/sysdeps/Makefile b/utils/sysdeps/Makefile index 3387b57..d419dba 100644 --- a/utils/sysdeps/Makefile +++ b/utils/sysdeps/Makefile @@ -10,6 +10,10 @@ all: $(SYSDEPS_OBJS) clean: $(RM) *.o .depend +distclean: ; + +.PHONY: all clean distclean depend + depend: $(CC) $(CFLAGS) -M `ls *.c` > .depend |