From 0bb86d1cf3b7f5c948918b3cad34960ff6ded172 Mon Sep 17 00:00:00 2001
From: Shuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com>
Date: Thu, 30 Aug 2018 08:02:58 +0900
Subject: [PATCH] iscsi: Fix the bug that mutual chap is not enabled by .ini
 config file

As long as source code and sample config file are checked, mutual
chap for discovery sessions should be enabled by either "Mutual"
or "CHAP Mutual". Especially SPDK iSCSI guides users to use not
"Mutual" but "CHAP Mutual".

The reason is that .INI config dump outputs "DiscoveryAuthMethod CHAP Mutual"
when g_spdk_iscsi.mutual_chap is true.

However "DiscoveryAuthMethod CHAP Mutual" doesn't work as expected.
When it is specified, g_spdk_iscsi.require_chap becomes true but
g_spdk_iscsi.mutual_chap becomes false.

When either "DiscoveryAuthMethod Mutual" or "DiscoveryAuthMethod Mutual CHAP"
is specified, both g_spdk_iscsi.require_chap and g_spdk_iscsi.mutual_chap
become true as expected. But any user cannot guess "Mutual CHAP".

On the other hand, CHAP feature for iSCSI target nodes works as
expected.

Fix this issue according to the implementation in iSCSI target nodes.

One difference between iSCSI target node and discovery service remains
that iSCSI target node doesn't allow "AuthMethod Mutual" but discovery
service allows "DiscoveryAuthMethod Mutual" to be compatible.

Change-Id: Ia3ce1640ffb1303ea77a05009bcabddaff080941
Signed-off-by: Shuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com>
Reviewed-on: https://review.gerrithub.io/423963
Chandler-Test-Pool: SPDK Automated Test System <sys_sgsw@intel.com>
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Ben Walker <benjamin.walker@intel.com>
Reviewed-by: Jim Harris <james.r.harris@intel.com>
---
 lib/iscsi/iscsi_subsystem.c | 44 ++++++++++++++++++++++---------------
 1 file changed, 26 insertions(+), 18 deletions(-)

diff --git a/lib/iscsi/iscsi_subsystem.c b/lib/iscsi/iscsi_subsystem.c
index 224f8977a..6cfa4f93a 100644
--- a/lib/iscsi/iscsi_subsystem.c
+++ b/lib/iscsi/iscsi_subsystem.c
@@ -499,6 +499,7 @@ spdk_iscsi_read_config_file_params(struct spdk_conf_section *sp,
 	int min_conn_per_core = 0;
 	const char *ag_tag;
 	int ag_tag_i;
+	int i;
 
 	val = spdk_conf_section_get_val(sp, "Comment");
 	if (val != NULL) {
@@ -578,24 +579,31 @@ spdk_iscsi_read_config_file_params(struct spdk_conf_section *sp,
 	}
 	val = spdk_conf_section_get_val(sp, "DiscoveryAuthMethod");
 	if (val != NULL) {
-		if (strcasecmp(val, "CHAP") == 0) {
-			opts->disable_chap = false;
-			opts->require_chap = true;
-			opts->mutual_chap = false;
-		} else if (strcasecmp(val, "Mutual") == 0) {
-			opts->disable_chap = false;
-			opts->require_chap = true;
-			opts->mutual_chap = true;
-		} else if (strcasecmp(val, "Auto") == 0) {
-			opts->disable_chap = false;
-			opts->require_chap = false;
-			opts->mutual_chap = false;
-		} else if (strcasecmp(val, "None") == 0) {
-			opts->disable_chap = true;
-			opts->require_chap = false;
-			opts->mutual_chap = false;
-		} else {
-			SPDK_ERRLOG("unknown auth %s, ignoring\n", val);
+		for (i = 0; ; i++) {
+			val = spdk_conf_section_get_nmval(sp, "DiscoveryAuthMethod", 0, i);
+			if (val == NULL) {
+				break;
+			}
+			if (strcasecmp(val, "CHAP") == 0) {
+				opts->require_chap = true;
+			} else if (strcasecmp(val, "Mutual") == 0) {
+				opts->require_chap = true;
+				opts->mutual_chap = true;
+			} else if (strcasecmp(val, "Auto") == 0) {
+				opts->disable_chap = false;
+				opts->require_chap = false;
+				opts->mutual_chap = false;
+			} else if (strcasecmp(val, "None") == 0) {
+				opts->disable_chap = true;
+				opts->require_chap = false;
+				opts->mutual_chap = false;
+			} else {
+				SPDK_ERRLOG("unknown CHAP mode %s\n", val);
+			}
+		}
+		if (opts->mutual_chap && !opts->require_chap) {
+			SPDK_ERRLOG("CHAP must set to be required when using mutual CHAP.\n");
+			return -EINVAL;
 		}
 	}
 	val = spdk_conf_section_get_val(sp, "DiscoveryAuthGroup");