florian.haas at linbit
Jul 8, 2009, 2:40 AM
Post #1 of 1
(239 views)
Permalink
|
|
[PATCH] RA: iSCSITarget: rename CHAP authentication parameters, make username unique
|
|
# HG changeset patch
# User Florian Haas <florian.haas[at]linbit.com>
# Date 1247046005 -7200
# Node ID 5f8b253adccecf1262d3468ec061108af0a0ffc8
# Parent 5d87058f4c1ee7e2f667b83444e632765d96d02a
RA: iSCSITarget: rename CHAP authentication parameters, make username unique
Since CHAP authentication, as presently implemented in the RA, only
applies to "incoming user" authentication, rename parameters
accordingly:
* "username" -> "incoming_username"
* "password" -> "incoming_password"
This will allow us to add support for outgoing user authentication
without breaking compatibility.
Also, since CHAP authentication accounts are target specific in only
some iSCSI target implementations, make usernames unique. If in an
iSCSI implementation with no per-target user accounts the same
username were used for multiple targets, they would all map to one
account, with passwords overriding one another.
diff -r 5d87058f4c1e -r 5f8b253adcce resources/OCF/iSCSITarget
--- a/resources/OCF/iSCSITarget Tue Jul 07 18:52:03 2009 +0200
+++ b/resources/OCF/iSCSITarget Wed Jul 08 11:40:05 2009 +0200
@@ -88,18 +88,18 @@
<content type="string" default=""/>
</parameter>
-<parameter name="username" required="0" unique="0">
+<parameter name="incoming_username" required="0" unique="1">
<longdesc lang="en">
-A username used for initiator authentication. If unspecified,
+A username used for incoming initiator authentication. If unspecified,
allowed initiators will be able to log in without authentication.
</longdesc>
<shortdesc lang="en">Incoming account username</shortdesc>
<content type="string"/>
</parameter>
-<parameter name="password" required="0" unique="0">
+<parameter name="incoming_password" required="0" unique="0">
<longdesc lang="en">
-A password used for initiator authentication.
+A password used for incoming initiator authentication.
</longdesc>
<shortdesc lang="en">Incoming account password</shortdesc>
<content type="string"/>
@@ -206,10 +206,10 @@
fi
# In iet, adding a new user and assigning it to a target
# is one operation.
- if [ -n "${OCF_RESKEY_username}" ]; then
+ if [ -n "${OCF_RESKEY_incoming_username}" ]; then
do_cmd ietadm --op new --user \
--tid=${tid} \
- --params=IncomingUser=${OCF_RESKEY_username},Password=${OCF_RESKEY_password} \
+ --params=IncomingUser=${OCF_RESKEY_incoming_username},Password=${OCF_RESKEY_incoming_password} \
|| return $OCF_ERR_GENERIC
fi
return $OCF_SUCCESS
@@ -246,13 +246,13 @@
done
# In tgt, we must first create a user account, then assign
# it to a target using the "bind" operation.
- if [ -n "${OCF_RESKEY_username}" ]; then
+ if [ -n "${OCF_RESKEY_incoming_username}" ]; then
do_cmd tgtadm --lld iscsi --mode account --op new \
- --user=${OCF_RESKEY_username} \
- --password=${OCF_RESKEY_password} || return $OCF_ERR_GENERIC
+ --user=${OCF_RESKEY_incoming_username} \
+ --password=${OCF_RESKEY_incoming_password} || return $OCF_ERR_GENERIC
do_cmd tgtadm --lld iscsi --mode account --op bind \
--tid=${tid} \
- --user=${OCF_RESKEY_username} || return $OCF_ERR_GENERIC
+ --user=${OCF_RESKEY_incoming_username} || return $OCF_ERR_GENERIC
fi
return $OCF_SUCCESS
;;
@@ -291,10 +291,10 @@
done
# In iet, unassigning a user from a target and
# deleting the user account is one operation.
- if [ -n "${OCF_RESKEY_username}" ]; then
+ if [ -n "${OCF_RESKEY_incoming_username}" ]; then
do_cmd ietadm --op delete --user \
--tid=${tid} \
- --params=IncomingUser=${OCF_RESKEY_username} \
+ --params=IncomingUser=${OCF_RESKEY_incoming_username} \
|| return $OCF_ERR_GENERIC
fi
do_cmd ietadm --op delete \
@@ -336,12 +336,12 @@
done
# In tgt, we must first unbind the user account from
# the target, then remove the account itself.
- if [ -n "${OCF_RESKEY_username}" ]; then
+ if [ -n "${OCF_RESKEY_incoming_username}" ]; then
do_cmd tgtadm --lld iscsi --mode account --op unbind \
--tid=${tid} \
- --user=${OCF_RESKEY_username} || return $OCF_ERR_GENERIC
+ --user=${OCF_RESKEY_incoming_username} || return $OCF_ERR_GENERIC
do_cmd tgtadm --lld iscsi --mode account --op delete \
- --user=${OCF_RESKEY_username} || return $OCF_ERR_GENERIC
+ --user=${OCF_RESKEY_incoming_username} || return $OCF_ERR_GENERIC
fi
do_cmd tgtadm --lld iscsi --op delete --mode target \
--tid=${tid} && return $OCF_SUCCESS
_______________________________________________________
Linux-HA-Dev: Linux-HA-Dev[at]lists.linux-ha.org
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/
|
