xref: /freebsd/usr.sbin/ctld/discovery.c (revision 1d386b48a555f61cb7325543adbbb5c3f3407a66) 
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause
3  *
4  * Copyright (c) 2012 The FreeBSD Foundation
5  *
6  * This software was developed by Edward Tomasz Napierala under sponsorship
7  * from the FreeBSD Foundation.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28  * SUCH DAMAGE.
29  *
30  */
31 
32 #include <sys/cdefs.h>
33 #include <assert.h>
34 #include <stdio.h>
35 #include <stdlib.h>
36 #include <string.h>
37 #include <netinet/in.h>
38 #include <netdb.h>
39 #include <sys/socket.h>
40 
41 #include "ctld.h"
42 #include "iscsi_proto.h"
43 
44 static struct pdu *
logout_receive(struct connection * conn)45 logout_receive(struct connection *conn)
46 {
47 	struct pdu *request;
48 	struct iscsi_bhs_logout_request *bhslr;
49 
50 	request = pdu_new(conn);
51 	pdu_receive(request);
52 	if ((request->pdu_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) !=
53 	    ISCSI_BHS_OPCODE_LOGOUT_REQUEST)
54 		log_errx(1, "protocol error: received invalid opcode 0x%x",
55 		    request->pdu_bhs->bhs_opcode);
56 	bhslr = (struct iscsi_bhs_logout_request *)request->pdu_bhs;
57 	if ((bhslr->bhslr_reason & 0x7f) != BHSLR_REASON_CLOSE_SESSION)
58 		log_debugx("received Logout PDU with invalid reason 0x%x; "
59 		    "continuing anyway", bhslr->bhslr_reason & 0x7f);
60 	if (ISCSI_SNLT(ntohl(bhslr->bhslr_cmdsn), conn->conn_cmdsn)) {
61 		log_errx(1, "received Logout PDU with decreasing CmdSN: "
62 		    "was %u, is %u", conn->conn_cmdsn,
63 		    ntohl(bhslr->bhslr_cmdsn));
64 	}
65 	if (ntohl(bhslr->bhslr_expstatsn) != conn->conn_statsn) {
66 		log_errx(1, "received Logout PDU with wrong ExpStatSN: "
67 		    "is %u, should be %u", ntohl(bhslr->bhslr_expstatsn),
68 		    conn->conn_statsn);
69 	}
70 	conn->conn_cmdsn = ntohl(bhslr->bhslr_cmdsn);
71 	if ((bhslr->bhslr_opcode & ISCSI_BHS_OPCODE_IMMEDIATE) == 0)
72 		conn->conn_cmdsn++;
73 
74 	return (request);
75 }
76 
77 static struct pdu *
logout_new_response(struct pdu * request)78 logout_new_response(struct pdu *request)
79 {
80 	struct pdu *response;
81 	struct connection *conn;
82 	struct iscsi_bhs_logout_request *bhslr;
83 	struct iscsi_bhs_logout_response *bhslr2;
84 
85 	bhslr = (struct iscsi_bhs_logout_request *)request->pdu_bhs;
86 	conn = request->pdu_connection;
87 
88 	response = pdu_new_response(request);
89 	bhslr2 = (struct iscsi_bhs_logout_response *)response->pdu_bhs;
90 	bhslr2->bhslr_opcode = ISCSI_BHS_OPCODE_LOGOUT_RESPONSE;
91 	bhslr2->bhslr_flags = 0x80;
92 	bhslr2->bhslr_response = BHSLR_RESPONSE_CLOSED_SUCCESSFULLY;
93 	bhslr2->bhslr_initiator_task_tag = bhslr->bhslr_initiator_task_tag;
94 	bhslr2->bhslr_statsn = htonl(conn->conn_statsn++);
95 	bhslr2->bhslr_expcmdsn = htonl(conn->conn_cmdsn);
96 	bhslr2->bhslr_maxcmdsn = htonl(conn->conn_cmdsn);
97 
98 	return (response);
99 }
100 
101 static void
discovery_add_target(struct keys * response_keys,const struct target * targ)102 discovery_add_target(struct keys *response_keys, const struct target *targ)
103 {
104 	struct port *port;
105 	struct portal *portal;
106 	char *buf;
107 	char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
108 	struct addrinfo *ai;
109 	int ret;
110 
111 	keys_add(response_keys, "TargetName", targ->t_name);
112 	TAILQ_FOREACH(port, &targ->t_ports, p_ts) {
113 	    if (port->p_portal_group == NULL)
114 		continue;
115 	    TAILQ_FOREACH(portal, &port->p_portal_group->pg_portals, p_next) {
116 		ai = portal->p_ai;
117 		ret = getnameinfo(ai->ai_addr, ai->ai_addrlen,
118 		    hbuf, sizeof(hbuf), sbuf, sizeof(sbuf),
119 		    NI_NUMERICHOST | NI_NUMERICSERV);
120 		if (ret != 0) {
121 			log_warnx("getnameinfo: %s", gai_strerror(ret));
122 			continue;
123 		}
124 		switch (ai->ai_addr->sa_family) {
125 		case AF_INET:
126 			if (strcmp(hbuf, "0.0.0.0") == 0)
127 				continue;
128 			ret = asprintf(&buf, "%s:%s,%d", hbuf, sbuf,
129 			    port->p_portal_group->pg_tag);
130 			break;
131 		case AF_INET6:
132 			if (strcmp(hbuf, "::") == 0)
133 				continue;
134 			ret = asprintf(&buf, "[%s]:%s,%d", hbuf, sbuf,
135 			    port->p_portal_group->pg_tag);
136 			break;
137 		default:
138 			continue;
139 		}
140 		if (ret <= 0)
141 		    log_err(1, "asprintf");
142 		keys_add(response_keys, "TargetAddress", buf);
143 		free(buf);
144 	    }
145 	}
146 }
147 
148 static bool
discovery_target_filtered_out(const struct ctld_connection * conn,const struct port * port)149 discovery_target_filtered_out(const struct ctld_connection *conn,
150     const struct port *port)
151 {
152 	const struct auth_group *ag;
153 	const struct portal_group *pg;
154 	const struct target *targ;
155 	const struct auth *auth;
156 	int error;
157 
158 	targ = port->p_target;
159 	ag = port->p_auth_group;
160 	if (ag == NULL)
161 		ag = targ->t_auth_group;
162 	pg = conn->conn_portal->p_portal_group;
163 
164 	assert(pg->pg_discovery_auth_group != PG_FILTER_UNKNOWN);
165 
166 	if (pg->pg_discovery_filter >= PG_FILTER_PORTAL &&
167 	    auth_portal_check(ag, &conn->conn_initiator_sa) != 0) {
168 		log_debugx("initiator does not match initiator portals "
169 		    "allowed for target \"%s\"; skipping", targ->t_name);
170 		return (true);
171 	}
172 
173 	if (pg->pg_discovery_filter >= PG_FILTER_PORTAL_NAME &&
174 	    auth_name_check(ag, conn->conn_initiator_name) != 0) {
175 		log_debugx("initiator does not match initiator names "
176 		    "allowed for target \"%s\"; skipping", targ->t_name);
177 		return (true);
178 	}
179 
180 	if (pg->pg_discovery_filter >= PG_FILTER_PORTAL_NAME_AUTH &&
181 	    ag->ag_type != AG_TYPE_NO_AUTHENTICATION) {
182 		if (conn->conn_chap == NULL) {
183 			assert(pg->pg_discovery_auth_group->ag_type ==
184 			    AG_TYPE_NO_AUTHENTICATION);
185 
186 			log_debugx("initiator didn't authenticate, but target "
187 			    "\"%s\" requires CHAP; skipping", targ->t_name);
188 			return (true);
189 		}
190 
191 		assert(conn->conn_user != NULL);
192 		auth = auth_find(ag, conn->conn_user);
193 		if (auth == NULL) {
194 			log_debugx("CHAP user \"%s\" doesn't match target "
195 			    "\"%s\"; skipping", conn->conn_user, targ->t_name);
196 			return (true);
197 		}
198 
199 		error = chap_authenticate(conn->conn_chap, auth->a_secret);
200 		if (error != 0) {
201 			log_debugx("password for CHAP user \"%s\" doesn't "
202 			    "match target \"%s\"; skipping",
203 			    conn->conn_user, targ->t_name);
204 			return (true);
205 		}
206 	}
207 
208 	return (false);
209 }
210 
211 void
discovery(struct ctld_connection * conn)212 discovery(struct ctld_connection *conn)
213 {
214 	struct pdu *request, *response;
215 	struct keys *request_keys, *response_keys;
216 	const struct port *port;
217 	const struct portal_group *pg;
218 	const char *send_targets;
219 
220 	pg = conn->conn_portal->p_portal_group;
221 
222 	log_debugx("beginning discovery session; waiting for TextRequest PDU");
223 	request_keys = text_read_request(&conn->conn, &request);
224 
225 	send_targets = keys_find(request_keys, "SendTargets");
226 	if (send_targets == NULL)
227 		log_errx(1, "received TextRequest PDU without SendTargets");
228 
229 	response_keys = keys_new();
230 
231 	if (strcmp(send_targets, "All") == 0) {
232 		TAILQ_FOREACH(port, &pg->pg_ports, p_pgs) {
233 			if (discovery_target_filtered_out(conn, port)) {
234 				/* Ignore this target. */
235 				continue;
236 			}
237 			discovery_add_target(response_keys, port->p_target);
238 		}
239 	} else {
240 		port = port_find_in_pg(pg, send_targets);
241 		if (port == NULL) {
242 			log_debugx("initiator requested information on unknown "
243 			    "target \"%s\"; returning nothing", send_targets);
244 		} else {
245 			if (discovery_target_filtered_out(conn, port)) {
246 				/* Ignore this target. */
247 			} else {
248 				discovery_add_target(response_keys, port->p_target);
249 			}
250 		}
251 	}
252 
253 	text_send_response(request, response_keys);
254 	keys_delete(response_keys);
255 	pdu_delete(request);
256 	keys_delete(request_keys);
257 
258 	log_debugx("done sending targets; waiting for Logout PDU");
259 	request = logout_receive(&conn->conn);
260 	response = logout_new_response(request);
261 
262 	pdu_send(response);
263 	pdu_delete(response);
264 	pdu_delete(request);
265 
266 	log_debugx("discovery session done");
267 }
268