target-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Dmitriy Bogdanov <d.bogdanov@yadro.com>
To: Mike Christie <michael.christie@oracle.com>,
	Martin Petersen <martin.petersen@oracle.com>,
	"target-devel@vger.kernel.org" <target-devel@vger.kernel.org>
Cc: "linux-scsi@vger.kernel.org" <linux-scsi@vger.kernel.org>,
	"linux@yadro.com" <linux@yadro.com>,
	Roman Bolshakov <r.bolshakov@yadro.com>,
	Konstantin Shelekhin <k.shelekhin@yadro.com>
Subject: RE: [PATCH 3/3] target: iscsi: control authentication per ACL
Date: Mon, 4 Oct 2021 07:56:20 +0000	[thread overview]
Message-ID: <380d7926b0b6401fbf6c8e3dac4eb9b3@yadro.com> (raw)
In-Reply-To: <2f65a5a4-6296-cd72-b143-1053665fd4b3@oracle.com>

Hi Mike,

> > Add acls/{ACL}/attrib/authentication attribute that controls authentication
> > for the particular ACL. By default, this attribute inherits a value of
> > authentication attribute of the target port group to keep backward
> > compatibility.
> > 
> > authentication attribute has 3 states:
> >  "0" - authentication is turned off for this ACL
> >  "1" - authentication is required for this ACL
> >  "" - authentication is inherited from TPG
>
>
> Why the empty string for this value? Maybe 2 or -1?
That was design decision by logic that since that attribute has a precedence 
to clear that precedence we must clear the attribute, i.e. set to the empty value.

> > 
> > Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com>
> > Reviewed-by: Konstantin Shelekhin <k.shelekhin@yadro.com>
> > Signed-off-by: Dmitry Bogdanov <d.bogdanov@yadro.com>
> > ---
> >  drivers/target/iscsi/iscsi_target_configfs.c  | 41 +++++++++++++++++++
> >  drivers/target/iscsi/iscsi_target_nego.c      |  8 +++-
> >  .../target/iscsi/iscsi_target_nodeattrib.c    |  1 +
> >  include/target/iscsi/iscsi_target_core.h      |  2 +
> >  4 files changed, 51 insertions(+), 1 deletion(-)
> > 
> > diff --git a/drivers/target/iscsi/iscsi_target_configfs.c b/drivers/target/iscsi/iscsi_target_configfs.c
> > index e3750b64cc0c..2d70de342408 100644
> > --- a/drivers/target/iscsi/iscsi_target_configfs.c
> > +++ b/drivers/target/iscsi/iscsi_target_configfs.c
> > @@ -314,6 +314,46 @@ ISCSI_NACL_ATTR(random_datain_pdu_offsets);
> >  ISCSI_NACL_ATTR(random_datain_seq_offsets);
> >  ISCSI_NACL_ATTR(random_r2t_offsets);
> >  
> > +static ssize_t iscsi_nacl_attrib_authentication_show(struct config_item *item,
> > +		char *page)
> > +{
> > +	struct se_node_acl *se_nacl = attrib_to_nacl(item);
> > +	struct iscsi_node_acl *nacl = to_iscsi_nacl(se_nacl);
> > +
> > +	if (nacl->node_attrib.authentication == NA_AUTHENTICATION_INHERITED) {
> > +		struct iscsi_portal_group *tpg = to_iscsi_tpg(se_nacl->se_tpg);
> > +
> > +		return sprintf(page, "%u (inherited)\n",
> > +				tpg->tpg_attrib.authentication);
>
>
> I think we want a value of -1 or 2 for inherited then here it should print
> that value.

We decided to hide the internal value from userspace and represent it similar to
tpg.authentication to have the same handling there.

BR,
 Dmitry

  reply	other threads:[~2021-10-04  7:56 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-14 10:03 [PATCH 0/3] target: iscsi: control authentication per ACL Dmitry Bogdanov
2021-09-14 10:03 ` [PATCH 1/3] scsi: target: iscsi: Add upcast helpers Dmitry Bogdanov
2021-09-14 10:03 ` [PATCH 2/3] scsi: target: iscsi: extract auth functions Dmitry Bogdanov
2021-09-30 18:46   ` Mike Christie
2021-10-04  7:41     ` Dmitriy Bogdanov
2021-09-14 10:03 ` [PATCH 3/3] target: iscsi: control authentication per ACL Dmitry Bogdanov
2021-09-30 18:52   ` Mike Christie
2021-10-04  7:56     ` Dmitriy Bogdanov [this message]
2021-10-05 16:04       ` Mike Christie
2021-10-18 11:48         ` Dmitriy Bogdanov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=380d7926b0b6401fbf6c8e3dac4eb9b3@yadro.com \
    --to=d.bogdanov@yadro.com \
    --cc=k.shelekhin@yadro.com \
    --cc=linux-scsi@vger.kernel.org \
    --cc=linux@yadro.com \
    --cc=martin.petersen@oracle.com \
    --cc=michael.christie@oracle.com \
    --cc=r.bolshakov@yadro.com \
    --cc=target-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).