From: Dmitriy Bogdanov <d.bogdanov@yadro.com>
To: Mike Christie <michael.christie@oracle.com>,
Martin Petersen <martin.petersen@oracle.com>,
"target-devel@vger.kernel.org" <target-devel@vger.kernel.org>
Cc: "linux-scsi@vger.kernel.org" <linux-scsi@vger.kernel.org>,
"linux@yadro.com" <linux@yadro.com>,
Roman Bolshakov <r.bolshakov@yadro.com>,
Konstantin Shelekhin <k.shelekhin@yadro.com>
Subject: RE: [PATCH 3/3] target: iscsi: control authentication per ACL
Date: Mon, 4 Oct 2021 07:56:20 +0000 [thread overview]
Message-ID: <380d7926b0b6401fbf6c8e3dac4eb9b3@yadro.com> (raw)
In-Reply-To: <2f65a5a4-6296-cd72-b143-1053665fd4b3@oracle.com>
Hi Mike,
> > Add acls/{ACL}/attrib/authentication attribute that controls authentication
> > for the particular ACL. By default, this attribute inherits a value of
> > authentication attribute of the target port group to keep backward
> > compatibility.
> >
> > authentication attribute has 3 states:
> > "0" - authentication is turned off for this ACL
> > "1" - authentication is required for this ACL
> > "" - authentication is inherited from TPG
>
>
> Why the empty string for this value? Maybe 2 or -1?
That was design decision by logic that since that attribute has a precedence
to clear that precedence we must clear the attribute, i.e. set to the empty value.
> >
> > Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com>
> > Reviewed-by: Konstantin Shelekhin <k.shelekhin@yadro.com>
> > Signed-off-by: Dmitry Bogdanov <d.bogdanov@yadro.com>
> > ---
> > drivers/target/iscsi/iscsi_target_configfs.c | 41 +++++++++++++++++++
> > drivers/target/iscsi/iscsi_target_nego.c | 8 +++-
> > .../target/iscsi/iscsi_target_nodeattrib.c | 1 +
> > include/target/iscsi/iscsi_target_core.h | 2 +
> > 4 files changed, 51 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/target/iscsi/iscsi_target_configfs.c b/drivers/target/iscsi/iscsi_target_configfs.c
> > index e3750b64cc0c..2d70de342408 100644
> > --- a/drivers/target/iscsi/iscsi_target_configfs.c
> > +++ b/drivers/target/iscsi/iscsi_target_configfs.c
> > @@ -314,6 +314,46 @@ ISCSI_NACL_ATTR(random_datain_pdu_offsets);
> > ISCSI_NACL_ATTR(random_datain_seq_offsets);
> > ISCSI_NACL_ATTR(random_r2t_offsets);
> >
> > +static ssize_t iscsi_nacl_attrib_authentication_show(struct config_item *item,
> > + char *page)
> > +{
> > + struct se_node_acl *se_nacl = attrib_to_nacl(item);
> > + struct iscsi_node_acl *nacl = to_iscsi_nacl(se_nacl);
> > +
> > + if (nacl->node_attrib.authentication == NA_AUTHENTICATION_INHERITED) {
> > + struct iscsi_portal_group *tpg = to_iscsi_tpg(se_nacl->se_tpg);
> > +
> > + return sprintf(page, "%u (inherited)\n",
> > + tpg->tpg_attrib.authentication);
>
>
> I think we want a value of -1 or 2 for inherited then here it should print
> that value.
We decided to hide the internal value from userspace and represent it similar to
tpg.authentication to have the same handling there.
BR,
Dmitry
next prev parent reply other threads:[~2021-10-04 7:56 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-14 10:03 [PATCH 0/3] target: iscsi: control authentication per ACL Dmitry Bogdanov
2021-09-14 10:03 ` [PATCH 1/3] scsi: target: iscsi: Add upcast helpers Dmitry Bogdanov
2021-09-14 10:03 ` [PATCH 2/3] scsi: target: iscsi: extract auth functions Dmitry Bogdanov
2021-09-30 18:46 ` Mike Christie
2021-10-04 7:41 ` Dmitriy Bogdanov
2021-09-14 10:03 ` [PATCH 3/3] target: iscsi: control authentication per ACL Dmitry Bogdanov
2021-09-30 18:52 ` Mike Christie
2021-10-04 7:56 ` Dmitriy Bogdanov [this message]
2021-10-05 16:04 ` Mike Christie
2021-10-18 11:48 ` Dmitriy Bogdanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=380d7926b0b6401fbf6c8e3dac4eb9b3@yadro.com \
--to=d.bogdanov@yadro.com \
--cc=k.shelekhin@yadro.com \
--cc=linux-scsi@vger.kernel.org \
--cc=linux@yadro.com \
--cc=martin.petersen@oracle.com \
--cc=michael.christie@oracle.com \
--cc=r.bolshakov@yadro.com \
--cc=target-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).