1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
3 *
4 * Copyright (c) 2012 The FreeBSD Foundation
5 *
6 * This software was developed by Edward Tomasz Napierala under sponsorship
7 * from the FreeBSD Foundation.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 * SUCH DAMAGE.
29 *
30 */
31
32 #include <sys/types.h>
33 #include <sys/event.h>
34 #include <sys/nv.h>
35 #include <sys/time.h>
36 #include <sys/socket.h>
37 #include <sys/stat.h>
38 #include <sys/wait.h>
39 #include <netinet/in.h>
40 #include <arpa/inet.h>
41 #include <assert.h>
42 #include <ctype.h>
43 #include <errno.h>
44 #include <netdb.h>
45 #include <signal.h>
46 #include <stdbool.h>
47 #include <stdio.h>
48 #include <stdint.h>
49 #include <stdlib.h>
50 #include <string.h>
51 #include <unistd.h>
52 #include <cam/scsi/scsi_all.h>
53
54 #include "conf.h"
55 #include "ctld.h"
56 #include "isns.h"
57
58 static bool timed_out(void);
59 #ifdef ICL_KERNEL_PROXY
60 static void pdu_receive_proxy(struct pdu *pdu);
61 static void pdu_send_proxy(struct pdu *pdu);
62 #endif /* ICL_KERNEL_PROXY */
63 static void pdu_fail(const struct connection *conn, const char *reason);
64
65 bool proxy_mode = false;
66
67 static volatile bool sighup_received = false;
68 static volatile bool sigterm_received = false;
69 static volatile bool sigalrm_received = false;
70
71 static int kqfd;
72 static int nchildren = 0;
73 static uint16_t last_portal_group_tag = 0xff;
74
75 static struct connection_ops conn_ops = {
76 .timed_out = timed_out,
77 #ifdef ICL_KERNEL_PROXY
78 .pdu_receive_proxy = pdu_receive_proxy,
79 .pdu_send_proxy = pdu_send_proxy,
80 #endif
81 .fail = pdu_fail,
82 };
83
84 static void
usage(void)85 usage(void)
86 {
87
88 fprintf(stderr, "usage: ctld [-d][-u][-f config-file]\n");
89 fprintf(stderr, " ctld -t [-u][-f config-file]\n");
90 exit(1);
91 }
92
93 struct conf *
conf_new(void)94 conf_new(void)
95 {
96 struct conf *conf;
97
98 conf = calloc(1, sizeof(*conf));
99 if (conf == NULL)
100 log_err(1, "calloc");
101 TAILQ_INIT(&conf->conf_luns);
102 TAILQ_INIT(&conf->conf_targets);
103 TAILQ_INIT(&conf->conf_auth_groups);
104 TAILQ_INIT(&conf->conf_ports);
105 TAILQ_INIT(&conf->conf_portal_groups);
106 TAILQ_INIT(&conf->conf_isns);
107
108 conf->conf_isns_period = 900;
109 conf->conf_isns_timeout = 5;
110 conf->conf_debug = 0;
111 conf->conf_timeout = 60;
112 conf->conf_maxproc = 30;
113
114 return (conf);
115 }
116
117 void
conf_delete(struct conf * conf)118 conf_delete(struct conf *conf)
119 {
120 struct lun *lun, *ltmp;
121 struct target *targ, *tmp;
122 struct auth_group *ag, *cagtmp;
123 struct portal_group *pg, *cpgtmp;
124 struct isns *is, *istmp;
125
126 assert(conf->conf_pidfh == NULL);
127
128 TAILQ_FOREACH_SAFE(lun, &conf->conf_luns, l_next, ltmp)
129 lun_delete(lun);
130 TAILQ_FOREACH_SAFE(targ, &conf->conf_targets, t_next, tmp)
131 target_delete(targ);
132 TAILQ_FOREACH_SAFE(ag, &conf->conf_auth_groups, ag_next, cagtmp)
133 auth_group_delete(ag);
134 TAILQ_FOREACH_SAFE(pg, &conf->conf_portal_groups, pg_next, cpgtmp)
135 portal_group_delete(pg);
136 TAILQ_FOREACH_SAFE(is, &conf->conf_isns, i_next, istmp)
137 isns_delete(is);
138 assert(TAILQ_EMPTY(&conf->conf_ports));
139 free(conf->conf_pidfile_path);
140 free(conf);
141 }
142
143 static struct auth *
auth_new(struct auth_group * ag)144 auth_new(struct auth_group *ag)
145 {
146 struct auth *auth;
147
148 auth = calloc(1, sizeof(*auth));
149 if (auth == NULL)
150 log_err(1, "calloc");
151 auth->a_auth_group = ag;
152 TAILQ_INSERT_TAIL(&ag->ag_auths, auth, a_next);
153 return (auth);
154 }
155
156 static void
auth_delete(struct auth * auth)157 auth_delete(struct auth *auth)
158 {
159 TAILQ_REMOVE(&auth->a_auth_group->ag_auths, auth, a_next);
160
161 free(auth->a_user);
162 free(auth->a_secret);
163 free(auth->a_mutual_user);
164 free(auth->a_mutual_secret);
165 free(auth);
166 }
167
168 const struct auth *
auth_find(const struct auth_group * ag,const char * user)169 auth_find(const struct auth_group *ag, const char *user)
170 {
171 const struct auth *auth;
172
173 TAILQ_FOREACH(auth, &ag->ag_auths, a_next) {
174 if (strcmp(auth->a_user, user) == 0)
175 return (auth);
176 }
177
178 return (NULL);
179 }
180
181 static void
auth_check_secret_length(struct auth * auth)182 auth_check_secret_length(struct auth *auth)
183 {
184 size_t len;
185
186 len = strlen(auth->a_secret);
187 if (len > 16) {
188 if (auth->a_auth_group->ag_name != NULL)
189 log_warnx("secret for user \"%s\", auth-group \"%s\", "
190 "is too long; it should be at most 16 characters "
191 "long", auth->a_user, auth->a_auth_group->ag_name);
192 else
193 log_warnx("secret for user \"%s\", target \"%s\", "
194 "is too long; it should be at most 16 characters "
195 "long", auth->a_user,
196 auth->a_auth_group->ag_target->t_name);
197 }
198 if (len < 12) {
199 if (auth->a_auth_group->ag_name != NULL)
200 log_warnx("secret for user \"%s\", auth-group \"%s\", "
201 "is too short; it should be at least 12 characters "
202 "long", auth->a_user,
203 auth->a_auth_group->ag_name);
204 else
205 log_warnx("secret for user \"%s\", target \"%s\", "
206 "is too short; it should be at least 12 characters "
207 "long", auth->a_user,
208 auth->a_auth_group->ag_target->t_name);
209 }
210
211 if (auth->a_mutual_secret != NULL) {
212 len = strlen(auth->a_mutual_secret);
213 if (len > 16) {
214 if (auth->a_auth_group->ag_name != NULL)
215 log_warnx("mutual secret for user \"%s\", "
216 "auth-group \"%s\", is too long; it should "
217 "be at most 16 characters long",
218 auth->a_user, auth->a_auth_group->ag_name);
219 else
220 log_warnx("mutual secret for user \"%s\", "
221 "target \"%s\", is too long; it should "
222 "be at most 16 characters long",
223 auth->a_user,
224 auth->a_auth_group->ag_target->t_name);
225 }
226 if (len < 12) {
227 if (auth->a_auth_group->ag_name != NULL)
228 log_warnx("mutual secret for user \"%s\", "
229 "auth-group \"%s\", is too short; it "
230 "should be at least 12 characters long",
231 auth->a_user, auth->a_auth_group->ag_name);
232 else
233 log_warnx("mutual secret for user \"%s\", "
234 "target \"%s\", is too short; it should be "
235 "at least 12 characters long",
236 auth->a_user,
237 auth->a_auth_group->ag_target->t_name);
238 }
239 }
240 }
241
242 bool
auth_new_chap(struct auth_group * ag,const char * user,const char * secret)243 auth_new_chap(struct auth_group *ag, const char *user,
244 const char *secret)
245 {
246 struct auth *auth;
247
248 if (ag->ag_type == AG_TYPE_UNKNOWN)
249 ag->ag_type = AG_TYPE_CHAP;
250 if (ag->ag_type != AG_TYPE_CHAP) {
251 if (ag->ag_name != NULL)
252 log_warnx("cannot mix \"chap\" authentication with "
253 "other types for auth-group \"%s\"", ag->ag_name);
254 else
255 log_warnx("cannot mix \"chap\" authentication with "
256 "other types for target \"%s\"",
257 ag->ag_target->t_name);
258 return (false);
259 }
260
261 auth = auth_new(ag);
262 auth->a_user = checked_strdup(user);
263 auth->a_secret = checked_strdup(secret);
264
265 auth_check_secret_length(auth);
266
267 return (true);
268 }
269
270 bool
auth_new_chap_mutual(struct auth_group * ag,const char * user,const char * secret,const char * user2,const char * secret2)271 auth_new_chap_mutual(struct auth_group *ag, const char *user,
272 const char *secret, const char *user2, const char *secret2)
273 {
274 struct auth *auth;
275
276 if (ag->ag_type == AG_TYPE_UNKNOWN)
277 ag->ag_type = AG_TYPE_CHAP_MUTUAL;
278 if (ag->ag_type != AG_TYPE_CHAP_MUTUAL) {
279 if (ag->ag_name != NULL)
280 log_warnx("cannot mix \"chap-mutual\" authentication "
281 "with other types for auth-group \"%s\"",
282 ag->ag_name);
283 else
284 log_warnx("cannot mix \"chap-mutual\" authentication "
285 "with other types for target \"%s\"",
286 ag->ag_target->t_name);
287 return (false);
288 }
289
290 auth = auth_new(ag);
291 auth->a_user = checked_strdup(user);
292 auth->a_secret = checked_strdup(secret);
293 auth->a_mutual_user = checked_strdup(user2);
294 auth->a_mutual_secret = checked_strdup(secret2);
295
296 auth_check_secret_length(auth);
297
298 return (true);
299 }
300
301 bool
auth_name_new(struct auth_group * ag,const char * name)302 auth_name_new(struct auth_group *ag, const char *name)
303 {
304 struct auth_name *an;
305
306 an = calloc(1, sizeof(*an));
307 if (an == NULL)
308 log_err(1, "calloc");
309 an->an_auth_group = ag;
310 an->an_initiator_name = checked_strdup(name);
311 TAILQ_INSERT_TAIL(&ag->ag_names, an, an_next);
312 return (true);
313 }
314
315 static void
auth_name_delete(struct auth_name * an)316 auth_name_delete(struct auth_name *an)
317 {
318 TAILQ_REMOVE(&an->an_auth_group->ag_names, an, an_next);
319
320 free(an->an_initiator_name);
321 free(an);
322 }
323
324 bool
auth_name_defined(const struct auth_group * ag)325 auth_name_defined(const struct auth_group *ag)
326 {
327 if (TAILQ_EMPTY(&ag->ag_names))
328 return (false);
329 return (true);
330 }
331
332 const struct auth_name *
auth_name_find(const struct auth_group * ag,const char * name)333 auth_name_find(const struct auth_group *ag, const char *name)
334 {
335 const struct auth_name *auth_name;
336
337 TAILQ_FOREACH(auth_name, &ag->ag_names, an_next) {
338 if (strcmp(auth_name->an_initiator_name, name) == 0)
339 return (auth_name);
340 }
341
342 return (NULL);
343 }
344
345 bool
auth_name_check(const struct auth_group * ag,const char * initiator_name)346 auth_name_check(const struct auth_group *ag, const char *initiator_name)
347 {
348 if (!auth_name_defined(ag))
349 return (true);
350
351 if (auth_name_find(ag, initiator_name) == NULL)
352 return (false);
353
354 return (true);
355 }
356
357 bool
auth_portal_new(struct auth_group * ag,const char * portal)358 auth_portal_new(struct auth_group *ag, const char *portal)
359 {
360 struct auth_portal *ap;
361 char *net, *mask, *str, *tmp;
362 int len, dm, m;
363
364 ap = calloc(1, sizeof(*ap));
365 if (ap == NULL)
366 log_err(1, "calloc");
367 ap->ap_auth_group = ag;
368 ap->ap_initiator_portal = checked_strdup(portal);
369 mask = str = checked_strdup(portal);
370 net = strsep(&mask, "/");
371 if (net[0] == '[')
372 net++;
373 len = strlen(net);
374 if (len == 0)
375 goto error;
376 if (net[len - 1] == ']')
377 net[len - 1] = 0;
378 if (strchr(net, ':') != NULL) {
379 struct sockaddr_in6 *sin6 =
380 (struct sockaddr_in6 *)&ap->ap_sa;
381
382 sin6->sin6_len = sizeof(*sin6);
383 sin6->sin6_family = AF_INET6;
384 if (inet_pton(AF_INET6, net, &sin6->sin6_addr) <= 0)
385 goto error;
386 dm = 128;
387 } else {
388 struct sockaddr_in *sin =
389 (struct sockaddr_in *)&ap->ap_sa;
390
391 sin->sin_len = sizeof(*sin);
392 sin->sin_family = AF_INET;
393 if (inet_pton(AF_INET, net, &sin->sin_addr) <= 0)
394 goto error;
395 dm = 32;
396 }
397 if (mask != NULL) {
398 m = strtol(mask, &tmp, 0);
399 if (m < 0 || m > dm || tmp[0] != 0)
400 goto error;
401 } else
402 m = dm;
403 ap->ap_mask = m;
404 free(str);
405 TAILQ_INSERT_TAIL(&ag->ag_portals, ap, ap_next);
406 return (true);
407
408 error:
409 free(str);
410 free(ap);
411 log_warnx("incorrect initiator portal \"%s\"", portal);
412 return (false);
413 }
414
415 static void
auth_portal_delete(struct auth_portal * ap)416 auth_portal_delete(struct auth_portal *ap)
417 {
418 TAILQ_REMOVE(&ap->ap_auth_group->ag_portals, ap, ap_next);
419
420 free(ap->ap_initiator_portal);
421 free(ap);
422 }
423
424 bool
auth_portal_defined(const struct auth_group * ag)425 auth_portal_defined(const struct auth_group *ag)
426 {
427 if (TAILQ_EMPTY(&ag->ag_portals))
428 return (false);
429 return (true);
430 }
431
432 const struct auth_portal *
auth_portal_find(const struct auth_group * ag,const struct sockaddr_storage * ss)433 auth_portal_find(const struct auth_group *ag, const struct sockaddr_storage *ss)
434 {
435 const struct auth_portal *ap;
436 const uint8_t *a, *b;
437 int i;
438 uint8_t bmask;
439
440 TAILQ_FOREACH(ap, &ag->ag_portals, ap_next) {
441 if (ap->ap_sa.ss_family != ss->ss_family)
442 continue;
443 if (ss->ss_family == AF_INET) {
444 a = (const uint8_t *)
445 &((const struct sockaddr_in *)ss)->sin_addr;
446 b = (const uint8_t *)
447 &((const struct sockaddr_in *)&ap->ap_sa)->sin_addr;
448 } else {
449 a = (const uint8_t *)
450 &((const struct sockaddr_in6 *)ss)->sin6_addr;
451 b = (const uint8_t *)
452 &((const struct sockaddr_in6 *)&ap->ap_sa)->sin6_addr;
453 }
454 for (i = 0; i < ap->ap_mask / 8; i++) {
455 if (a[i] != b[i])
456 goto next;
457 }
458 if (ap->ap_mask % 8) {
459 bmask = 0xff << (8 - (ap->ap_mask % 8));
460 if ((a[i] & bmask) != (b[i] & bmask))
461 goto next;
462 }
463 return (ap);
464 next:
465 ;
466 }
467
468 return (NULL);
469 }
470
471 bool
auth_portal_check(const struct auth_group * ag,const struct sockaddr_storage * sa)472 auth_portal_check(const struct auth_group *ag, const struct sockaddr_storage *sa)
473 {
474
475 if (!auth_portal_defined(ag))
476 return (true);
477
478 if (auth_portal_find(ag, sa) == NULL)
479 return (false);
480
481 return (true);
482 }
483
484 struct auth_group *
auth_group_new(struct conf * conf,const char * name)485 auth_group_new(struct conf *conf, const char *name)
486 {
487 struct auth_group *ag;
488
489 if (name != NULL) {
490 ag = auth_group_find(conf, name);
491 if (ag != NULL) {
492 log_warnx("duplicated auth-group \"%s\"", name);
493 return (NULL);
494 }
495 }
496
497 ag = calloc(1, sizeof(*ag));
498 if (ag == NULL)
499 log_err(1, "calloc");
500 if (name != NULL)
501 ag->ag_name = checked_strdup(name);
502 TAILQ_INIT(&ag->ag_auths);
503 TAILQ_INIT(&ag->ag_names);
504 TAILQ_INIT(&ag->ag_portals);
505 ag->ag_conf = conf;
506 TAILQ_INSERT_TAIL(&conf->conf_auth_groups, ag, ag_next);
507
508 return (ag);
509 }
510
511 void
auth_group_delete(struct auth_group * ag)512 auth_group_delete(struct auth_group *ag)
513 {
514 struct auth *auth, *auth_tmp;
515 struct auth_name *auth_name, *auth_name_tmp;
516 struct auth_portal *auth_portal, *auth_portal_tmp;
517
518 TAILQ_REMOVE(&ag->ag_conf->conf_auth_groups, ag, ag_next);
519
520 TAILQ_FOREACH_SAFE(auth, &ag->ag_auths, a_next, auth_tmp)
521 auth_delete(auth);
522 TAILQ_FOREACH_SAFE(auth_name, &ag->ag_names, an_next, auth_name_tmp)
523 auth_name_delete(auth_name);
524 TAILQ_FOREACH_SAFE(auth_portal, &ag->ag_portals, ap_next,
525 auth_portal_tmp)
526 auth_portal_delete(auth_portal);
527 free(ag->ag_name);
528 free(ag);
529 }
530
531 struct auth_group *
auth_group_find(const struct conf * conf,const char * name)532 auth_group_find(const struct conf *conf, const char *name)
533 {
534 struct auth_group *ag;
535
536 assert(name != NULL);
537 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
538 if (ag->ag_name != NULL && strcmp(ag->ag_name, name) == 0)
539 return (ag);
540 }
541
542 return (NULL);
543 }
544
545 static struct portal *
portal_new(struct portal_group * pg)546 portal_new(struct portal_group *pg)
547 {
548 struct portal *portal;
549
550 portal = calloc(1, sizeof(*portal));
551 if (portal == NULL)
552 log_err(1, "calloc");
553 TAILQ_INIT(&portal->p_targets);
554 portal->p_portal_group = pg;
555 TAILQ_INSERT_TAIL(&pg->pg_portals, portal, p_next);
556 return (portal);
557 }
558
559 static void
portal_delete(struct portal * portal)560 portal_delete(struct portal *portal)
561 {
562
563 TAILQ_REMOVE(&portal->p_portal_group->pg_portals, portal, p_next);
564 if (portal->p_ai != NULL)
565 freeaddrinfo(portal->p_ai);
566 free(portal->p_listen);
567 free(portal);
568 }
569
570 struct portal_group *
portal_group_new(struct conf * conf,const char * name)571 portal_group_new(struct conf *conf, const char *name)
572 {
573 struct portal_group *pg;
574
575 pg = portal_group_find(conf, name);
576 if (pg != NULL) {
577 log_warnx("duplicated portal-group \"%s\"", name);
578 return (NULL);
579 }
580
581 pg = calloc(1, sizeof(*pg));
582 if (pg == NULL)
583 log_err(1, "calloc");
584 pg->pg_name = checked_strdup(name);
585 pg->pg_options = nvlist_create(0);
586 TAILQ_INIT(&pg->pg_portals);
587 TAILQ_INIT(&pg->pg_ports);
588 pg->pg_conf = conf;
589 pg->pg_tag = 0; /* Assigned later in conf_apply(). */
590 pg->pg_dscp = -1;
591 pg->pg_pcp = -1;
592 TAILQ_INSERT_TAIL(&conf->conf_portal_groups, pg, pg_next);
593
594 return (pg);
595 }
596
597 void
portal_group_delete(struct portal_group * pg)598 portal_group_delete(struct portal_group *pg)
599 {
600 struct portal *portal, *tmp;
601 struct port *port, *tport;
602
603 TAILQ_FOREACH_SAFE(port, &pg->pg_ports, p_pgs, tport)
604 port_delete(port);
605 TAILQ_REMOVE(&pg->pg_conf->conf_portal_groups, pg, pg_next);
606
607 TAILQ_FOREACH_SAFE(portal, &pg->pg_portals, p_next, tmp)
608 portal_delete(portal);
609 nvlist_destroy(pg->pg_options);
610 free(pg->pg_name);
611 free(pg->pg_offload);
612 free(pg->pg_redirection);
613 free(pg);
614 }
615
616 struct portal_group *
portal_group_find(const struct conf * conf,const char * name)617 portal_group_find(const struct conf *conf, const char *name)
618 {
619 struct portal_group *pg;
620
621 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
622 if (strcmp(pg->pg_name, name) == 0)
623 return (pg);
624 }
625
626 return (NULL);
627 }
628
629 static int
parse_addr_port(char * arg,const char * def_port,struct addrinfo ** ai)630 parse_addr_port(char *arg, const char *def_port, struct addrinfo **ai)
631 {
632 struct addrinfo hints;
633 char *str, *addr, *ch;
634 const char *port;
635 int error, colons = 0;
636
637 str = arg = strdup(arg);
638 if (arg[0] == '[') {
639 /*
640 * IPv6 address in square brackets, perhaps with port.
641 */
642 arg++;
643 addr = strsep(&arg, "]");
644 if (arg == NULL) {
645 free(str);
646 return (1);
647 }
648 if (arg[0] == '\0') {
649 port = def_port;
650 } else if (arg[0] == ':') {
651 port = arg + 1;
652 } else {
653 free(str);
654 return (1);
655 }
656 } else {
657 /*
658 * Either IPv6 address without brackets - and without
659 * a port - or IPv4 address. Just count the colons.
660 */
661 for (ch = arg; *ch != '\0'; ch++) {
662 if (*ch == ':')
663 colons++;
664 }
665 if (colons > 1) {
666 addr = arg;
667 port = def_port;
668 } else {
669 addr = strsep(&arg, ":");
670 if (arg == NULL)
671 port = def_port;
672 else
673 port = arg;
674 }
675 }
676
677 memset(&hints, 0, sizeof(hints));
678 hints.ai_family = PF_UNSPEC;
679 hints.ai_socktype = SOCK_STREAM;
680 hints.ai_flags = AI_PASSIVE;
681 error = getaddrinfo(addr, port, &hints, ai);
682 free(str);
683 return ((error != 0) ? 1 : 0);
684 }
685
686 bool
portal_group_add_portal(struct portal_group * pg,const char * value,bool iser)687 portal_group_add_portal(struct portal_group *pg, const char *value, bool iser)
688 {
689 struct portal *portal;
690
691 portal = portal_new(pg);
692 portal->p_listen = checked_strdup(value);
693 portal->p_iser = iser;
694
695 if (parse_addr_port(portal->p_listen, "3260", &portal->p_ai)) {
696 log_warnx("invalid listen address %s", portal->p_listen);
697 portal_delete(portal);
698 return (false);
699 }
700
701 /*
702 * XXX: getaddrinfo(3) may return multiple addresses; we should turn
703 * those into multiple portals.
704 */
705
706 return (true);
707 }
708
709 bool
isns_new(struct conf * conf,const char * addr)710 isns_new(struct conf *conf, const char *addr)
711 {
712 struct isns *isns;
713
714 isns = calloc(1, sizeof(*isns));
715 if (isns == NULL)
716 log_err(1, "calloc");
717 isns->i_conf = conf;
718 TAILQ_INSERT_TAIL(&conf->conf_isns, isns, i_next);
719 isns->i_addr = checked_strdup(addr);
720
721 if (parse_addr_port(isns->i_addr, "3205", &isns->i_ai)) {
722 log_warnx("invalid iSNS address %s", isns->i_addr);
723 isns_delete(isns);
724 return (false);
725 }
726
727 /*
728 * XXX: getaddrinfo(3) may return multiple addresses; we should turn
729 * those into multiple servers.
730 */
731
732 return (true);
733 }
734
735 void
isns_delete(struct isns * isns)736 isns_delete(struct isns *isns)
737 {
738
739 TAILQ_REMOVE(&isns->i_conf->conf_isns, isns, i_next);
740 free(isns->i_addr);
741 if (isns->i_ai != NULL)
742 freeaddrinfo(isns->i_ai);
743 free(isns);
744 }
745
746 static int
isns_do_connect(struct isns * isns)747 isns_do_connect(struct isns *isns)
748 {
749 int s;
750
751 s = socket(isns->i_ai->ai_family, isns->i_ai->ai_socktype,
752 isns->i_ai->ai_protocol);
753 if (s < 0) {
754 log_warn("socket(2) failed for %s", isns->i_addr);
755 return (-1);
756 }
757 if (connect(s, isns->i_ai->ai_addr, isns->i_ai->ai_addrlen)) {
758 log_warn("connect(2) failed for %s", isns->i_addr);
759 close(s);
760 return (-1);
761 }
762 return(s);
763 }
764
765 static int
isns_do_register(struct isns * isns,int s,const char * hostname)766 isns_do_register(struct isns *isns, int s, const char *hostname)
767 {
768 struct conf *conf = isns->i_conf;
769 struct target *target;
770 struct portal *portal;
771 struct portal_group *pg;
772 struct port *port;
773 struct isns_req *req;
774 int res = 0;
775 uint32_t error;
776
777 req = isns_req_create(ISNS_FUNC_DEVATTRREG, ISNS_FLAG_CLIENT);
778 isns_req_add_str(req, 32, TAILQ_FIRST(&conf->conf_targets)->t_name);
779 isns_req_add_delim(req);
780 isns_req_add_str(req, 1, hostname);
781 isns_req_add_32(req, 2, 2); /* 2 -- iSCSI */
782 isns_req_add_32(req, 6, conf->conf_isns_period);
783 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
784 if (pg->pg_unassigned)
785 continue;
786 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
787 isns_req_add_addr(req, 16, portal->p_ai);
788 isns_req_add_port(req, 17, portal->p_ai);
789 }
790 }
791 TAILQ_FOREACH(target, &conf->conf_targets, t_next) {
792 isns_req_add_str(req, 32, target->t_name);
793 isns_req_add_32(req, 33, 1); /* 1 -- Target*/
794 if (target->t_alias != NULL)
795 isns_req_add_str(req, 34, target->t_alias);
796 TAILQ_FOREACH(port, &target->t_ports, p_ts) {
797 if ((pg = port->p_portal_group) == NULL)
798 continue;
799 isns_req_add_32(req, 51, pg->pg_tag);
800 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
801 isns_req_add_addr(req, 49, portal->p_ai);
802 isns_req_add_port(req, 50, portal->p_ai);
803 }
804 }
805 }
806 res = isns_req_send(s, req);
807 if (res < 0) {
808 log_warn("send(2) failed for %s", isns->i_addr);
809 goto quit;
810 }
811 res = isns_req_receive(s, req);
812 if (res < 0) {
813 log_warn("receive(2) failed for %s", isns->i_addr);
814 goto quit;
815 }
816 error = isns_req_get_status(req);
817 if (error != 0) {
818 log_warnx("iSNS register error %d for %s", error, isns->i_addr);
819 res = -1;
820 }
821 quit:
822 isns_req_free(req);
823 return (res);
824 }
825
826 static int
isns_do_check(struct isns * isns,int s,const char * hostname)827 isns_do_check(struct isns *isns, int s, const char *hostname)
828 {
829 struct conf *conf = isns->i_conf;
830 struct isns_req *req;
831 int res = 0;
832 uint32_t error;
833
834 req = isns_req_create(ISNS_FUNC_DEVATTRQRY, ISNS_FLAG_CLIENT);
835 isns_req_add_str(req, 32, TAILQ_FIRST(&conf->conf_targets)->t_name);
836 isns_req_add_str(req, 1, hostname);
837 isns_req_add_delim(req);
838 isns_req_add(req, 2, 0, NULL);
839 res = isns_req_send(s, req);
840 if (res < 0) {
841 log_warn("send(2) failed for %s", isns->i_addr);
842 goto quit;
843 }
844 res = isns_req_receive(s, req);
845 if (res < 0) {
846 log_warn("receive(2) failed for %s", isns->i_addr);
847 goto quit;
848 }
849 error = isns_req_get_status(req);
850 if (error != 0) {
851 log_warnx("iSNS check error %d for %s", error, isns->i_addr);
852 res = -1;
853 }
854 quit:
855 isns_req_free(req);
856 return (res);
857 }
858
859 static int
isns_do_deregister(struct isns * isns,int s,const char * hostname)860 isns_do_deregister(struct isns *isns, int s, const char *hostname)
861 {
862 struct conf *conf = isns->i_conf;
863 struct isns_req *req;
864 int res = 0;
865 uint32_t error;
866
867 req = isns_req_create(ISNS_FUNC_DEVDEREG, ISNS_FLAG_CLIENT);
868 isns_req_add_str(req, 32, TAILQ_FIRST(&conf->conf_targets)->t_name);
869 isns_req_add_delim(req);
870 isns_req_add_str(req, 1, hostname);
871 res = isns_req_send(s, req);
872 if (res < 0) {
873 log_warn("send(2) failed for %s", isns->i_addr);
874 goto quit;
875 }
876 res = isns_req_receive(s, req);
877 if (res < 0) {
878 log_warn("receive(2) failed for %s", isns->i_addr);
879 goto quit;
880 }
881 error = isns_req_get_status(req);
882 if (error != 0) {
883 log_warnx("iSNS deregister error %d for %s", error, isns->i_addr);
884 res = -1;
885 }
886 quit:
887 isns_req_free(req);
888 return (res);
889 }
890
891 void
isns_register(struct isns * isns,struct isns * oldisns)892 isns_register(struct isns *isns, struct isns *oldisns)
893 {
894 struct conf *conf = isns->i_conf;
895 int error, s;
896 char hostname[256];
897
898 if (TAILQ_EMPTY(&conf->conf_targets) ||
899 TAILQ_EMPTY(&conf->conf_portal_groups))
900 return;
901 set_timeout(conf->conf_isns_timeout, false);
902 s = isns_do_connect(isns);
903 if (s < 0) {
904 set_timeout(0, false);
905 return;
906 }
907 error = gethostname(hostname, sizeof(hostname));
908 if (error != 0)
909 log_err(1, "gethostname");
910
911 if (oldisns == NULL || TAILQ_EMPTY(&oldisns->i_conf->conf_targets))
912 oldisns = isns;
913 isns_do_deregister(oldisns, s, hostname);
914 isns_do_register(isns, s, hostname);
915 close(s);
916 set_timeout(0, false);
917 }
918
919 void
isns_check(struct isns * isns)920 isns_check(struct isns *isns)
921 {
922 struct conf *conf = isns->i_conf;
923 int error, s, res;
924 char hostname[256];
925
926 if (TAILQ_EMPTY(&conf->conf_targets) ||
927 TAILQ_EMPTY(&conf->conf_portal_groups))
928 return;
929 set_timeout(conf->conf_isns_timeout, false);
930 s = isns_do_connect(isns);
931 if (s < 0) {
932 set_timeout(0, false);
933 return;
934 }
935 error = gethostname(hostname, sizeof(hostname));
936 if (error != 0)
937 log_err(1, "gethostname");
938
939 res = isns_do_check(isns, s, hostname);
940 if (res < 0) {
941 isns_do_deregister(isns, s, hostname);
942 isns_do_register(isns, s, hostname);
943 }
944 close(s);
945 set_timeout(0, false);
946 }
947
948 void
isns_deregister(struct isns * isns)949 isns_deregister(struct isns *isns)
950 {
951 struct conf *conf = isns->i_conf;
952 int error, s;
953 char hostname[256];
954
955 if (TAILQ_EMPTY(&conf->conf_targets) ||
956 TAILQ_EMPTY(&conf->conf_portal_groups))
957 return;
958 set_timeout(conf->conf_isns_timeout, false);
959 s = isns_do_connect(isns);
960 if (s < 0)
961 return;
962 error = gethostname(hostname, sizeof(hostname));
963 if (error != 0)
964 log_err(1, "gethostname");
965
966 isns_do_deregister(isns, s, hostname);
967 close(s);
968 set_timeout(0, false);
969 }
970
971 struct pport *
pport_new(struct kports * kports,const char * name,uint32_t ctl_port)972 pport_new(struct kports *kports, const char *name, uint32_t ctl_port)
973 {
974 struct pport *pp;
975
976 pp = calloc(1, sizeof(*pp));
977 if (pp == NULL)
978 log_err(1, "calloc");
979 pp->pp_kports = kports;
980 pp->pp_name = checked_strdup(name);
981 pp->pp_ctl_port = ctl_port;
982 TAILQ_INIT(&pp->pp_ports);
983 TAILQ_INSERT_TAIL(&kports->pports, pp, pp_next);
984 return (pp);
985 }
986
987 struct pport *
pport_find(const struct kports * kports,const char * name)988 pport_find(const struct kports *kports, const char *name)
989 {
990 struct pport *pp;
991
992 TAILQ_FOREACH(pp, &kports->pports, pp_next) {
993 if (strcasecmp(pp->pp_name, name) == 0)
994 return (pp);
995 }
996 return (NULL);
997 }
998
999 struct pport *
pport_copy(struct pport * pp,struct kports * kports)1000 pport_copy(struct pport *pp, struct kports *kports)
1001 {
1002 struct pport *ppnew;
1003
1004 ppnew = pport_new(kports, pp->pp_name, pp->pp_ctl_port);
1005 return (ppnew);
1006 }
1007
1008 void
pport_delete(struct pport * pp)1009 pport_delete(struct pport *pp)
1010 {
1011 struct port *port, *tport;
1012
1013 TAILQ_FOREACH_SAFE(port, &pp->pp_ports, p_ts, tport)
1014 port_delete(port);
1015 TAILQ_REMOVE(&pp->pp_kports->pports, pp, pp_next);
1016 free(pp->pp_name);
1017 free(pp);
1018 }
1019
1020 struct port *
port_new(struct conf * conf,struct target * target,struct portal_group * pg)1021 port_new(struct conf *conf, struct target *target, struct portal_group *pg)
1022 {
1023 struct port *port;
1024 char *name;
1025 int ret;
1026
1027 ret = asprintf(&name, "%s-%s", pg->pg_name, target->t_name);
1028 if (ret <= 0)
1029 log_err(1, "asprintf");
1030 if (port_find(conf, name) != NULL) {
1031 log_warnx("duplicate port \"%s\"", name);
1032 free(name);
1033 return (NULL);
1034 }
1035 port = calloc(1, sizeof(*port));
1036 if (port == NULL)
1037 log_err(1, "calloc");
1038 port->p_conf = conf;
1039 port->p_name = name;
1040 TAILQ_INSERT_TAIL(&conf->conf_ports, port, p_next);
1041 TAILQ_INSERT_TAIL(&target->t_ports, port, p_ts);
1042 port->p_target = target;
1043 TAILQ_INSERT_TAIL(&pg->pg_ports, port, p_pgs);
1044 port->p_portal_group = pg;
1045 return (port);
1046 }
1047
1048 struct port *
port_new_ioctl(struct conf * conf,struct kports * kports,struct target * target,int pp,int vp)1049 port_new_ioctl(struct conf *conf, struct kports *kports, struct target *target,
1050 int pp, int vp)
1051 {
1052 struct pport *pport;
1053 struct port *port;
1054 char *pname;
1055 char *name;
1056 int ret;
1057
1058 ret = asprintf(&pname, "ioctl/%d/%d", pp, vp);
1059 if (ret <= 0) {
1060 log_err(1, "asprintf");
1061 return (NULL);
1062 }
1063
1064 pport = pport_find(kports, pname);
1065 if (pport != NULL) {
1066 free(pname);
1067 return (port_new_pp(conf, target, pport));
1068 }
1069
1070 ret = asprintf(&name, "%s-%s", pname, target->t_name);
1071 free(pname);
1072
1073 if (ret <= 0)
1074 log_err(1, "asprintf");
1075 if (port_find(conf, name) != NULL) {
1076 log_warnx("duplicate port \"%s\"", name);
1077 free(name);
1078 return (NULL);
1079 }
1080 port = calloc(1, sizeof(*port));
1081 if (port == NULL)
1082 log_err(1, "calloc");
1083 port->p_conf = conf;
1084 port->p_name = name;
1085 port->p_ioctl_port = true;
1086 port->p_ioctl_pp = pp;
1087 port->p_ioctl_vp = vp;
1088 TAILQ_INSERT_TAIL(&conf->conf_ports, port, p_next);
1089 TAILQ_INSERT_TAIL(&target->t_ports, port, p_ts);
1090 port->p_target = target;
1091 return (port);
1092 }
1093
1094 struct port *
port_new_pp(struct conf * conf,struct target * target,struct pport * pp)1095 port_new_pp(struct conf *conf, struct target *target, struct pport *pp)
1096 {
1097 struct port *port;
1098 char *name;
1099 int ret;
1100
1101 ret = asprintf(&name, "%s-%s", pp->pp_name, target->t_name);
1102 if (ret <= 0)
1103 log_err(1, "asprintf");
1104 if (port_find(conf, name) != NULL) {
1105 log_warnx("duplicate port \"%s\"", name);
1106 free(name);
1107 return (NULL);
1108 }
1109 port = calloc(1, sizeof(*port));
1110 if (port == NULL)
1111 log_err(1, "calloc");
1112 port->p_conf = conf;
1113 port->p_name = name;
1114 TAILQ_INSERT_TAIL(&conf->conf_ports, port, p_next);
1115 TAILQ_INSERT_TAIL(&target->t_ports, port, p_ts);
1116 port->p_target = target;
1117 TAILQ_INSERT_TAIL(&pp->pp_ports, port, p_pps);
1118 port->p_pport = pp;
1119 return (port);
1120 }
1121
1122 struct port *
port_find(const struct conf * conf,const char * name)1123 port_find(const struct conf *conf, const char *name)
1124 {
1125 struct port *port;
1126
1127 TAILQ_FOREACH(port, &conf->conf_ports, p_next) {
1128 if (strcasecmp(port->p_name, name) == 0)
1129 return (port);
1130 }
1131
1132 return (NULL);
1133 }
1134
1135 struct port *
port_find_in_pg(const struct portal_group * pg,const char * target)1136 port_find_in_pg(const struct portal_group *pg, const char *target)
1137 {
1138 struct port *port;
1139
1140 TAILQ_FOREACH(port, &pg->pg_ports, p_pgs) {
1141 if (strcasecmp(port->p_target->t_name, target) == 0)
1142 return (port);
1143 }
1144
1145 return (NULL);
1146 }
1147
1148 void
port_delete(struct port * port)1149 port_delete(struct port *port)
1150 {
1151
1152 if (port->p_portal_group)
1153 TAILQ_REMOVE(&port->p_portal_group->pg_ports, port, p_pgs);
1154 if (port->p_pport)
1155 TAILQ_REMOVE(&port->p_pport->pp_ports, port, p_pps);
1156 if (port->p_target)
1157 TAILQ_REMOVE(&port->p_target->t_ports, port, p_ts);
1158 TAILQ_REMOVE(&port->p_conf->conf_ports, port, p_next);
1159 free(port->p_name);
1160 free(port);
1161 }
1162
1163 bool
port_is_dummy(struct port * port)1164 port_is_dummy(struct port *port)
1165 {
1166
1167 if (port->p_portal_group) {
1168 if (port->p_portal_group->pg_foreign)
1169 return (true);
1170 if (TAILQ_EMPTY(&port->p_portal_group->pg_portals))
1171 return (true);
1172 }
1173 return (false);
1174 }
1175
1176 struct target *
target_new(struct conf * conf,const char * name)1177 target_new(struct conf *conf, const char *name)
1178 {
1179 struct target *targ;
1180 int i, len;
1181
1182 targ = target_find(conf, name);
1183 if (targ != NULL) {
1184 log_warnx("duplicated target \"%s\"", name);
1185 return (NULL);
1186 }
1187 if (valid_iscsi_name(name, log_warnx) == false) {
1188 return (NULL);
1189 }
1190 targ = calloc(1, sizeof(*targ));
1191 if (targ == NULL)
1192 log_err(1, "calloc");
1193 targ->t_name = checked_strdup(name);
1194
1195 /*
1196 * RFC 3722 requires us to normalize the name to lowercase.
1197 */
1198 len = strlen(name);
1199 for (i = 0; i < len; i++)
1200 targ->t_name[i] = tolower(targ->t_name[i]);
1201
1202 targ->t_conf = conf;
1203 TAILQ_INIT(&targ->t_ports);
1204 TAILQ_INSERT_TAIL(&conf->conf_targets, targ, t_next);
1205
1206 return (targ);
1207 }
1208
1209 void
target_delete(struct target * targ)1210 target_delete(struct target *targ)
1211 {
1212 struct port *port, *tport;
1213
1214 TAILQ_FOREACH_SAFE(port, &targ->t_ports, p_ts, tport)
1215 port_delete(port);
1216 TAILQ_REMOVE(&targ->t_conf->conf_targets, targ, t_next);
1217
1218 free(targ->t_pport);
1219 free(targ->t_name);
1220 free(targ->t_redirection);
1221 free(targ);
1222 }
1223
1224 struct target *
target_find(struct conf * conf,const char * name)1225 target_find(struct conf *conf, const char *name)
1226 {
1227 struct target *targ;
1228
1229 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1230 if (strcasecmp(targ->t_name, name) == 0)
1231 return (targ);
1232 }
1233
1234 return (NULL);
1235 }
1236
1237 struct lun *
lun_new(struct conf * conf,const char * name)1238 lun_new(struct conf *conf, const char *name)
1239 {
1240 struct lun *lun;
1241
1242 lun = lun_find(conf, name);
1243 if (lun != NULL) {
1244 log_warnx("duplicated lun \"%s\"", name);
1245 return (NULL);
1246 }
1247
1248 lun = calloc(1, sizeof(*lun));
1249 if (lun == NULL)
1250 log_err(1, "calloc");
1251 lun->l_conf = conf;
1252 lun->l_name = checked_strdup(name);
1253 lun->l_options = nvlist_create(0);
1254 TAILQ_INSERT_TAIL(&conf->conf_luns, lun, l_next);
1255 lun->l_ctl_lun = -1;
1256
1257 return (lun);
1258 }
1259
1260 void
lun_delete(struct lun * lun)1261 lun_delete(struct lun *lun)
1262 {
1263 struct target *targ;
1264 int i;
1265
1266 TAILQ_FOREACH(targ, &lun->l_conf->conf_targets, t_next) {
1267 for (i = 0; i < MAX_LUNS; i++) {
1268 if (targ->t_luns[i] == lun)
1269 targ->t_luns[i] = NULL;
1270 }
1271 }
1272 TAILQ_REMOVE(&lun->l_conf->conf_luns, lun, l_next);
1273
1274 nvlist_destroy(lun->l_options);
1275 free(lun->l_name);
1276 free(lun->l_backend);
1277 free(lun->l_device_id);
1278 free(lun->l_path);
1279 free(lun->l_scsiname);
1280 free(lun->l_serial);
1281 free(lun);
1282 }
1283
1284 struct lun *
lun_find(const struct conf * conf,const char * name)1285 lun_find(const struct conf *conf, const char *name)
1286 {
1287 struct lun *lun;
1288
1289 TAILQ_FOREACH(lun, &conf->conf_luns, l_next) {
1290 if (strcmp(lun->l_name, name) == 0)
1291 return (lun);
1292 }
1293
1294 return (NULL);
1295 }
1296
1297 void
lun_set_scsiname(struct lun * lun,const char * value)1298 lun_set_scsiname(struct lun *lun, const char *value)
1299 {
1300 free(lun->l_scsiname);
1301 lun->l_scsiname = checked_strdup(value);
1302 }
1303
1304 bool
option_new(nvlist_t * nvl,const char * name,const char * value)1305 option_new(nvlist_t *nvl, const char *name, const char *value)
1306 {
1307 int error;
1308
1309 if (nvlist_exists_string(nvl, name)) {
1310 log_warnx("duplicated option \"%s\"", name);
1311 return (false);
1312 }
1313
1314 nvlist_add_string(nvl, name, value);
1315 error = nvlist_error(nvl);
1316 if (error != 0) {
1317 log_warnc(error, "failed to add option \"%s\"", name);
1318 return (false);
1319 }
1320 return (true);
1321 }
1322
1323 #ifdef ICL_KERNEL_PROXY
1324
1325 static void
pdu_receive_proxy(struct pdu * pdu)1326 pdu_receive_proxy(struct pdu *pdu)
1327 {
1328 struct connection *conn;
1329 size_t len;
1330
1331 assert(proxy_mode);
1332 conn = pdu->pdu_connection;
1333
1334 kernel_receive(pdu);
1335
1336 len = pdu_ahs_length(pdu);
1337 if (len > 0)
1338 log_errx(1, "protocol error: non-empty AHS");
1339
1340 len = pdu_data_segment_length(pdu);
1341 assert(len <= (size_t)conn->conn_max_recv_data_segment_length);
1342 pdu->pdu_data_len = len;
1343 }
1344
1345 static void
pdu_send_proxy(struct pdu * pdu)1346 pdu_send_proxy(struct pdu *pdu)
1347 {
1348
1349 assert(proxy_mode);
1350
1351 pdu_set_data_segment_length(pdu, pdu->pdu_data_len);
1352 kernel_send(pdu);
1353 }
1354
1355 #endif /* ICL_KERNEL_PROXY */
1356
1357 static void
pdu_fail(const struct connection * conn __unused,const char * reason __unused)1358 pdu_fail(const struct connection *conn __unused, const char *reason __unused)
1359 {
1360 }
1361
1362 static struct ctld_connection *
connection_new(struct portal * portal,int fd,const char * host,const struct sockaddr * client_sa)1363 connection_new(struct portal *portal, int fd, const char *host,
1364 const struct sockaddr *client_sa)
1365 {
1366 struct ctld_connection *conn;
1367
1368 conn = calloc(1, sizeof(*conn));
1369 if (conn == NULL)
1370 log_err(1, "calloc");
1371 connection_init(&conn->conn, &conn_ops, proxy_mode);
1372 conn->conn.conn_socket = fd;
1373 conn->conn_portal = portal;
1374 conn->conn_initiator_addr = checked_strdup(host);
1375 memcpy(&conn->conn_initiator_sa, client_sa, client_sa->sa_len);
1376
1377 return (conn);
1378 }
1379
1380 #if 0
1381 static void
1382 options_print(const char *prefix, nvlist_t *nvl)
1383 {
1384 const char *name;
1385 void *cookie;
1386
1387 cookie = NULL;
1388 while ((name = nvlist_next(nvl, NULL, &cookie)) != NULL) {
1389 fprintf(stderr, "%soption %s %s\n", prefix, name,
1390 nvlist_get_string(nvl, name));
1391 }
1392 }
1393
1394 static void
1395 conf_print(struct conf *conf)
1396 {
1397 struct auth_group *ag;
1398 struct auth *auth;
1399 struct auth_name *auth_name;
1400 struct auth_portal *auth_portal;
1401 struct portal_group *pg;
1402 struct portal *portal;
1403 struct target *targ;
1404 struct lun *lun;
1405
1406 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
1407 fprintf(stderr, "auth-group %s {\n", ag->ag_name);
1408 TAILQ_FOREACH(auth, &ag->ag_auths, a_next)
1409 fprintf(stderr, "\t chap-mutual %s %s %s %s\n",
1410 auth->a_user, auth->a_secret,
1411 auth->a_mutual_user, auth->a_mutual_secret);
1412 TAILQ_FOREACH(auth_name, &ag->ag_names, an_next)
1413 fprintf(stderr, "\t initiator-name %s\n",
1414 auth_name->an_initiator_name);
1415 TAILQ_FOREACH(auth_portal, &ag->ag_portals, ap_next)
1416 fprintf(stderr, "\t initiator-portal %s\n",
1417 auth_portal->ap_initiator_portal);
1418 fprintf(stderr, "}\n");
1419 }
1420 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1421 fprintf(stderr, "portal-group %s {\n", pg->pg_name);
1422 TAILQ_FOREACH(portal, &pg->pg_portals, p_next)
1423 fprintf(stderr, "\t listen %s\n", portal->p_listen);
1424 options_print("\t", pg->pg_options);
1425 fprintf(stderr, "}\n");
1426 }
1427 TAILQ_FOREACH(lun, &conf->conf_luns, l_next) {
1428 fprintf(stderr, "\tlun %s {\n", lun->l_name);
1429 fprintf(stderr, "\t\tpath %s\n", lun->l_path);
1430 options_print("\t\t", lun->l_options);
1431 fprintf(stderr, "\t}\n");
1432 }
1433 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1434 fprintf(stderr, "target %s {\n", targ->t_name);
1435 if (targ->t_alias != NULL)
1436 fprintf(stderr, "\t alias %s\n", targ->t_alias);
1437 fprintf(stderr, "}\n");
1438 }
1439 }
1440 #endif
1441
1442 static bool
conf_verify_lun(struct lun * lun)1443 conf_verify_lun(struct lun *lun)
1444 {
1445 const struct lun *lun2;
1446
1447 if (lun->l_backend == NULL)
1448 lun->l_backend = checked_strdup("block");
1449 if (strcmp(lun->l_backend, "block") == 0) {
1450 if (lun->l_path == NULL) {
1451 log_warnx("missing path for lun \"%s\"",
1452 lun->l_name);
1453 return (false);
1454 }
1455 } else if (strcmp(lun->l_backend, "ramdisk") == 0) {
1456 if (lun->l_size == 0) {
1457 log_warnx("missing size for ramdisk-backed lun \"%s\"",
1458 lun->l_name);
1459 return (false);
1460 }
1461 if (lun->l_path != NULL) {
1462 log_warnx("path must not be specified "
1463 "for ramdisk-backed lun \"%s\"",
1464 lun->l_name);
1465 return (false);
1466 }
1467 }
1468 if (lun->l_blocksize == 0) {
1469 if (lun->l_device_type == T_CDROM)
1470 lun->l_blocksize = DEFAULT_CD_BLOCKSIZE;
1471 else
1472 lun->l_blocksize = DEFAULT_BLOCKSIZE;
1473 } else if (lun->l_blocksize < 0) {
1474 log_warnx("invalid blocksize for lun \"%s\"; "
1475 "must be larger than 0", lun->l_name);
1476 return (false);
1477 }
1478 if (lun->l_size != 0 && lun->l_size % lun->l_blocksize != 0) {
1479 log_warnx("invalid size for lun \"%s\"; "
1480 "must be multiple of blocksize", lun->l_name);
1481 return (false);
1482 }
1483 TAILQ_FOREACH(lun2, &lun->l_conf->conf_luns, l_next) {
1484 if (lun == lun2)
1485 continue;
1486 if (lun->l_path != NULL && lun2->l_path != NULL &&
1487 strcmp(lun->l_path, lun2->l_path) == 0) {
1488 log_debugx("WARNING: path \"%s\" duplicated "
1489 "between lun \"%s\", and "
1490 "lun \"%s\"", lun->l_path,
1491 lun->l_name, lun2->l_name);
1492 }
1493 }
1494
1495 return (true);
1496 }
1497
1498 bool
conf_verify(struct conf * conf)1499 conf_verify(struct conf *conf)
1500 {
1501 struct auth_group *ag;
1502 struct portal_group *pg;
1503 struct port *port;
1504 struct target *targ;
1505 struct lun *lun;
1506 bool found;
1507 int i;
1508
1509 if (conf->conf_pidfile_path == NULL)
1510 conf->conf_pidfile_path = checked_strdup(DEFAULT_PIDFILE);
1511
1512 TAILQ_FOREACH(lun, &conf->conf_luns, l_next) {
1513 if (!conf_verify_lun(lun))
1514 return (false);
1515 }
1516 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1517 if (targ->t_auth_group == NULL) {
1518 targ->t_auth_group = auth_group_find(conf,
1519 "default");
1520 assert(targ->t_auth_group != NULL);
1521 }
1522 if (TAILQ_EMPTY(&targ->t_ports)) {
1523 pg = portal_group_find(conf, "default");
1524 assert(pg != NULL);
1525 port_new(conf, targ, pg);
1526 }
1527 found = false;
1528 for (i = 0; i < MAX_LUNS; i++) {
1529 if (targ->t_luns[i] != NULL)
1530 found = true;
1531 }
1532 if (!found && targ->t_redirection == NULL) {
1533 log_warnx("no LUNs defined for target \"%s\"",
1534 targ->t_name);
1535 }
1536 if (found && targ->t_redirection != NULL) {
1537 log_debugx("target \"%s\" contains luns, "
1538 " but configured for redirection",
1539 targ->t_name);
1540 }
1541 }
1542 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1543 assert(pg->pg_name != NULL);
1544 if (pg->pg_discovery_auth_group == NULL) {
1545 pg->pg_discovery_auth_group =
1546 auth_group_find(conf, "default");
1547 assert(pg->pg_discovery_auth_group != NULL);
1548 }
1549
1550 if (pg->pg_discovery_filter == PG_FILTER_UNKNOWN)
1551 pg->pg_discovery_filter = PG_FILTER_NONE;
1552
1553 if (pg->pg_redirection != NULL) {
1554 if (!TAILQ_EMPTY(&pg->pg_ports)) {
1555 log_debugx("portal-group \"%s\" assigned "
1556 "to target, but configured "
1557 "for redirection",
1558 pg->pg_name);
1559 }
1560 pg->pg_unassigned = false;
1561 } else if (!TAILQ_EMPTY(&pg->pg_ports)) {
1562 pg->pg_unassigned = false;
1563 } else {
1564 if (strcmp(pg->pg_name, "default") != 0)
1565 log_warnx("portal-group \"%s\" not assigned "
1566 "to any target", pg->pg_name);
1567 pg->pg_unassigned = true;
1568 }
1569 }
1570 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
1571 if (ag->ag_name == NULL)
1572 assert(ag->ag_target != NULL);
1573 else
1574 assert(ag->ag_target == NULL);
1575
1576 found = false;
1577 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1578 if (targ->t_auth_group == ag) {
1579 found = true;
1580 break;
1581 }
1582 }
1583 TAILQ_FOREACH(port, &conf->conf_ports, p_next) {
1584 if (port->p_auth_group == ag) {
1585 found = true;
1586 break;
1587 }
1588 }
1589 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1590 if (pg->pg_discovery_auth_group == ag) {
1591 found = true;
1592 break;
1593 }
1594 }
1595 if (!found && ag->ag_name != NULL &&
1596 strcmp(ag->ag_name, "default") != 0 &&
1597 strcmp(ag->ag_name, "no-authentication") != 0 &&
1598 strcmp(ag->ag_name, "no-access") != 0) {
1599 log_warnx("auth-group \"%s\" not assigned "
1600 "to any target", ag->ag_name);
1601 }
1602 }
1603
1604 return (true);
1605 }
1606
1607 static bool
portal_reuse_socket(struct portal * oldp,struct portal * newp)1608 portal_reuse_socket(struct portal *oldp, struct portal *newp)
1609 {
1610 struct kevent kev;
1611
1612 if (strcmp(newp->p_listen, oldp->p_listen) != 0)
1613 return (false);
1614
1615 if (oldp->p_socket <= 0)
1616 return (false);
1617
1618 EV_SET(&kev, oldp->p_socket, EVFILT_READ, EV_ADD, 0, 0, newp);
1619 if (kevent(kqfd, &kev, 1, NULL, 0, NULL) == -1)
1620 return (false);
1621
1622 newp->p_socket = oldp->p_socket;
1623 oldp->p_socket = 0;
1624 return (true);
1625 }
1626
1627 static bool
portal_init_socket(struct portal * p)1628 portal_init_socket(struct portal *p)
1629 {
1630 struct portal_group *pg = p->p_portal_group;
1631 struct kevent kev;
1632 int error, sockbuf;
1633 int one = 1;
1634
1635 log_debugx("listening on %s, portal-group \"%s\"",
1636 p->p_listen, pg->pg_name);
1637 p->p_socket = socket(p->p_ai->ai_family, p->p_ai->ai_socktype,
1638 p->p_ai->ai_protocol);
1639 if (p->p_socket < 0) {
1640 log_warn("socket(2) failed for %s",
1641 p->p_listen);
1642 return (false);
1643 }
1644
1645 sockbuf = SOCKBUF_SIZE;
1646 if (setsockopt(p->p_socket, SOL_SOCKET, SO_RCVBUF, &sockbuf,
1647 sizeof(sockbuf)) == -1)
1648 log_warn("setsockopt(SO_RCVBUF) failed for %s",
1649 p->p_listen);
1650 sockbuf = SOCKBUF_SIZE;
1651 if (setsockopt(p->p_socket, SOL_SOCKET, SO_SNDBUF, &sockbuf,
1652 sizeof(sockbuf)) == -1)
1653 log_warn("setsockopt(SO_SNDBUF) failed for %s", p->p_listen);
1654 if (setsockopt(p->p_socket, SOL_SOCKET, SO_NO_DDP, &one,
1655 sizeof(one)) == -1)
1656 log_warn("setsockopt(SO_NO_DDP) failed for %s", p->p_listen);
1657 error = setsockopt(p->p_socket, SOL_SOCKET, SO_REUSEADDR, &one,
1658 sizeof(one));
1659 if (error != 0) {
1660 log_warn("setsockopt(SO_REUSEADDR) failed for %s", p->p_listen);
1661 close(p->p_socket);
1662 p->p_socket = 0;
1663 return (false);
1664 }
1665
1666 if (pg->pg_dscp != -1) {
1667 /* Only allow the 6-bit DSCP field to be modified */
1668 int tos = pg->pg_dscp << 2;
1669 switch (p->p_ai->ai_family) {
1670 case AF_INET:
1671 if (setsockopt(p->p_socket, IPPROTO_IP, IP_TOS,
1672 &tos, sizeof(tos)) == -1)
1673 log_warn("setsockopt(IP_TOS) failed for %s",
1674 p->p_listen);
1675 break;
1676 case AF_INET6:
1677 if (setsockopt(p->p_socket, IPPROTO_IPV6, IPV6_TCLASS,
1678 &tos, sizeof(tos)) == -1)
1679 log_warn("setsockopt(IPV6_TCLASS) failed for %s",
1680 p->p_listen);
1681 break;
1682 }
1683 }
1684 if (pg->pg_pcp != -1) {
1685 int pcp = pg->pg_pcp;
1686 switch (p->p_ai->ai_family) {
1687 case AF_INET:
1688 if (setsockopt(p->p_socket, IPPROTO_IP, IP_VLAN_PCP,
1689 &pcp, sizeof(pcp)) == -1)
1690 log_warn("setsockopt(IP_VLAN_PCP) failed for %s",
1691 p->p_listen);
1692 break;
1693 case AF_INET6:
1694 if (setsockopt(p->p_socket, IPPROTO_IPV6, IPV6_VLAN_PCP,
1695 &pcp, sizeof(pcp)) == -1)
1696 log_warn("setsockopt(IPV6_VLAN_PCP) failed for %s",
1697 p->p_listen);
1698 break;
1699 }
1700 }
1701
1702 error = bind(p->p_socket, p->p_ai->ai_addr,
1703 p->p_ai->ai_addrlen);
1704 if (error != 0) {
1705 log_warn("bind(2) failed for %s", p->p_listen);
1706 close(p->p_socket);
1707 p->p_socket = 0;
1708 return (false);
1709 }
1710 error = listen(p->p_socket, -1);
1711 if (error != 0) {
1712 log_warn("listen(2) failed for %s", p->p_listen);
1713 close(p->p_socket);
1714 p->p_socket = 0;
1715 return (false);
1716 }
1717 EV_SET(&kev, p->p_socket, EVFILT_READ, EV_ADD, 0, 0, p);
1718 error = kevent(kqfd, &kev, 1, NULL, 0, NULL);
1719 if (error == -1) {
1720 log_warn("kevent(2) failed to register for %s", p->p_listen);
1721 close(p->p_socket);
1722 p->p_socket = 0;
1723 return (false);
1724 }
1725 return (true);
1726 }
1727
1728 static int
conf_apply(struct conf * oldconf,struct conf * newconf)1729 conf_apply(struct conf *oldconf, struct conf *newconf)
1730 {
1731 struct lun *oldlun, *newlun, *tmplun;
1732 struct portal_group *oldpg, *newpg;
1733 struct portal *oldp, *newp;
1734 struct port *oldport, *newport, *tmpport;
1735 struct isns *oldns, *newns;
1736 int changed, cumulated_error = 0, error;
1737
1738 if (oldconf->conf_debug != newconf->conf_debug) {
1739 log_debugx("changing debug level to %d", newconf->conf_debug);
1740 log_init(newconf->conf_debug);
1741 }
1742
1743 if (oldconf->conf_pidfile_path != NULL &&
1744 newconf->conf_pidfile_path != NULL)
1745 {
1746 if (strcmp(oldconf->conf_pidfile_path,
1747 newconf->conf_pidfile_path) != 0)
1748 {
1749 /* pidfile has changed. rename it */
1750 log_debugx("moving pidfile to %s",
1751 newconf->conf_pidfile_path);
1752 if (rename(oldconf->conf_pidfile_path,
1753 newconf->conf_pidfile_path))
1754 {
1755 log_err(1, "renaming pidfile %s -> %s",
1756 oldconf->conf_pidfile_path,
1757 newconf->conf_pidfile_path);
1758 }
1759 }
1760 newconf->conf_pidfh = oldconf->conf_pidfh;
1761 oldconf->conf_pidfh = NULL;
1762 }
1763
1764 /*
1765 * Go through the new portal groups, assigning tags or preserving old.
1766 */
1767 TAILQ_FOREACH(newpg, &newconf->conf_portal_groups, pg_next) {
1768 if (newpg->pg_tag != 0)
1769 continue;
1770 oldpg = portal_group_find(oldconf, newpg->pg_name);
1771 if (oldpg != NULL)
1772 newpg->pg_tag = oldpg->pg_tag;
1773 else
1774 newpg->pg_tag = ++last_portal_group_tag;
1775 }
1776
1777 /* Deregister on removed iSNS servers. */
1778 TAILQ_FOREACH(oldns, &oldconf->conf_isns, i_next) {
1779 TAILQ_FOREACH(newns, &newconf->conf_isns, i_next) {
1780 if (strcmp(oldns->i_addr, newns->i_addr) == 0)
1781 break;
1782 }
1783 if (newns == NULL)
1784 isns_deregister(oldns);
1785 }
1786
1787 /*
1788 * XXX: If target or lun removal fails, we should somehow "move"
1789 * the old lun or target into newconf, so that subsequent
1790 * conf_apply() would try to remove them again. That would
1791 * be somewhat hairy, though, and lun deletion failures don't
1792 * really happen, so leave it as it is for now.
1793 */
1794 /*
1795 * First, remove any ports present in the old configuration
1796 * and missing in the new one.
1797 */
1798 TAILQ_FOREACH_SAFE(oldport, &oldconf->conf_ports, p_next, tmpport) {
1799 if (port_is_dummy(oldport))
1800 continue;
1801 newport = port_find(newconf, oldport->p_name);
1802 if (newport != NULL && !port_is_dummy(newport))
1803 continue;
1804 log_debugx("removing port \"%s\"", oldport->p_name);
1805 error = kernel_port_remove(oldport);
1806 if (error != 0) {
1807 log_warnx("failed to remove port %s",
1808 oldport->p_name);
1809 /*
1810 * XXX: Uncomment after fixing the root cause.
1811 *
1812 * cumulated_error++;
1813 */
1814 }
1815 }
1816
1817 /*
1818 * Second, remove any LUNs present in the old configuration
1819 * and missing in the new one.
1820 */
1821 TAILQ_FOREACH_SAFE(oldlun, &oldconf->conf_luns, l_next, tmplun) {
1822 newlun = lun_find(newconf, oldlun->l_name);
1823 if (newlun == NULL) {
1824 log_debugx("lun \"%s\", CTL lun %d "
1825 "not found in new configuration; "
1826 "removing", oldlun->l_name, oldlun->l_ctl_lun);
1827 error = kernel_lun_remove(oldlun);
1828 if (error != 0) {
1829 log_warnx("failed to remove lun \"%s\", "
1830 "CTL lun %d",
1831 oldlun->l_name, oldlun->l_ctl_lun);
1832 cumulated_error++;
1833 }
1834 continue;
1835 }
1836
1837 /*
1838 * Also remove the LUNs changed by more than size.
1839 */
1840 changed = 0;
1841 assert(oldlun->l_backend != NULL);
1842 assert(newlun->l_backend != NULL);
1843 if (strcmp(newlun->l_backend, oldlun->l_backend) != 0) {
1844 log_debugx("backend for lun \"%s\", "
1845 "CTL lun %d changed; removing",
1846 oldlun->l_name, oldlun->l_ctl_lun);
1847 changed = 1;
1848 }
1849 if (oldlun->l_blocksize != newlun->l_blocksize) {
1850 log_debugx("blocksize for lun \"%s\", "
1851 "CTL lun %d changed; removing",
1852 oldlun->l_name, oldlun->l_ctl_lun);
1853 changed = 1;
1854 }
1855 if (newlun->l_device_id != NULL &&
1856 (oldlun->l_device_id == NULL ||
1857 strcmp(oldlun->l_device_id, newlun->l_device_id) !=
1858 0)) {
1859 log_debugx("device-id for lun \"%s\", "
1860 "CTL lun %d changed; removing",
1861 oldlun->l_name, oldlun->l_ctl_lun);
1862 changed = 1;
1863 }
1864 if (newlun->l_path != NULL &&
1865 (oldlun->l_path == NULL ||
1866 strcmp(oldlun->l_path, newlun->l_path) != 0)) {
1867 log_debugx("path for lun \"%s\", "
1868 "CTL lun %d, changed; removing",
1869 oldlun->l_name, oldlun->l_ctl_lun);
1870 changed = 1;
1871 }
1872 if (newlun->l_serial != NULL &&
1873 (oldlun->l_serial == NULL ||
1874 strcmp(oldlun->l_serial, newlun->l_serial) != 0)) {
1875 log_debugx("serial for lun \"%s\", "
1876 "CTL lun %d changed; removing",
1877 oldlun->l_name, oldlun->l_ctl_lun);
1878 changed = 1;
1879 }
1880 if (changed) {
1881 error = kernel_lun_remove(oldlun);
1882 if (error != 0) {
1883 log_warnx("failed to remove lun \"%s\", "
1884 "CTL lun %d",
1885 oldlun->l_name, oldlun->l_ctl_lun);
1886 cumulated_error++;
1887 }
1888 lun_delete(oldlun);
1889 continue;
1890 }
1891
1892 newlun->l_ctl_lun = oldlun->l_ctl_lun;
1893 }
1894
1895 TAILQ_FOREACH_SAFE(newlun, &newconf->conf_luns, l_next, tmplun) {
1896 oldlun = lun_find(oldconf, newlun->l_name);
1897 if (oldlun != NULL) {
1898 log_debugx("modifying lun \"%s\", CTL lun %d",
1899 newlun->l_name, newlun->l_ctl_lun);
1900 error = kernel_lun_modify(newlun);
1901 if (error != 0) {
1902 log_warnx("failed to "
1903 "modify lun \"%s\", CTL lun %d",
1904 newlun->l_name, newlun->l_ctl_lun);
1905 cumulated_error++;
1906 }
1907 continue;
1908 }
1909 log_debugx("adding lun \"%s\"", newlun->l_name);
1910 error = kernel_lun_add(newlun);
1911 if (error != 0) {
1912 log_warnx("failed to add lun \"%s\"", newlun->l_name);
1913 lun_delete(newlun);
1914 cumulated_error++;
1915 }
1916 }
1917
1918 /*
1919 * Now add new ports or modify existing ones.
1920 */
1921 TAILQ_FOREACH_SAFE(newport, &newconf->conf_ports, p_next, tmpport) {
1922 if (port_is_dummy(newport))
1923 continue;
1924 oldport = port_find(oldconf, newport->p_name);
1925
1926 if (oldport == NULL || port_is_dummy(oldport)) {
1927 log_debugx("adding port \"%s\"", newport->p_name);
1928 error = kernel_port_add(newport);
1929 } else {
1930 log_debugx("updating port \"%s\"", newport->p_name);
1931 newport->p_ctl_port = oldport->p_ctl_port;
1932 error = kernel_port_update(newport, oldport);
1933 }
1934 if (error != 0) {
1935 log_warnx("failed to %s port %s",
1936 (oldport == NULL) ? "add" : "update",
1937 newport->p_name);
1938 if (oldport == NULL || port_is_dummy(oldport))
1939 port_delete(newport);
1940 /*
1941 * XXX: Uncomment after fixing the root cause.
1942 *
1943 * cumulated_error++;
1944 */
1945 }
1946 }
1947
1948 /*
1949 * Go through the new portals, opening the sockets as necessary.
1950 */
1951 TAILQ_FOREACH(newpg, &newconf->conf_portal_groups, pg_next) {
1952 if (newpg->pg_foreign)
1953 continue;
1954 if (newpg->pg_unassigned) {
1955 log_debugx("not listening on portal-group \"%s\", "
1956 "not assigned to any target",
1957 newpg->pg_name);
1958 continue;
1959 }
1960 TAILQ_FOREACH(newp, &newpg->pg_portals, p_next) {
1961 /*
1962 * Try to find already open portal and reuse
1963 * the listening socket. We don't care about
1964 * what portal or portal group that was, what
1965 * matters is the listening address.
1966 */
1967 TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups,
1968 pg_next) {
1969 TAILQ_FOREACH(oldp, &oldpg->pg_portals,
1970 p_next) {
1971 if (portal_reuse_socket(oldp, newp))
1972 goto reused;
1973 }
1974 }
1975 reused:
1976 if (newp->p_socket > 0) {
1977 /*
1978 * We're done with this portal.
1979 */
1980 continue;
1981 }
1982
1983 #ifdef ICL_KERNEL_PROXY
1984 if (proxy_mode) {
1985 newpg->pg_conf->conf_portal_id++;
1986 newp->p_id = newpg->pg_conf->conf_portal_id;
1987 log_debugx("listening on %s, portal-group "
1988 "\"%s\", portal id %d, using ICL proxy",
1989 newp->p_listen, newpg->pg_name, newp->p_id);
1990 kernel_listen(newp->p_ai, newp->p_iser,
1991 newp->p_id);
1992 continue;
1993 }
1994 #endif
1995 assert(proxy_mode == false);
1996 assert(newp->p_iser == false);
1997
1998 if (!portal_init_socket(newp)) {
1999 cumulated_error++;
2000 continue;
2001 }
2002 }
2003 }
2004
2005 /*
2006 * Go through the no longer used sockets, closing them.
2007 */
2008 TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups, pg_next) {
2009 TAILQ_FOREACH(oldp, &oldpg->pg_portals, p_next) {
2010 if (oldp->p_socket <= 0)
2011 continue;
2012 log_debugx("closing socket for %s, portal-group \"%s\"",
2013 oldp->p_listen, oldpg->pg_name);
2014 close(oldp->p_socket);
2015 oldp->p_socket = 0;
2016 }
2017 }
2018
2019 /* (Re-)Register on remaining/new iSNS servers. */
2020 TAILQ_FOREACH(newns, &newconf->conf_isns, i_next) {
2021 TAILQ_FOREACH(oldns, &oldconf->conf_isns, i_next) {
2022 if (strcmp(oldns->i_addr, newns->i_addr) == 0)
2023 break;
2024 }
2025 isns_register(newns, oldns);
2026 }
2027
2028 /* Schedule iSNS update */
2029 if (!TAILQ_EMPTY(&newconf->conf_isns))
2030 set_timeout((newconf->conf_isns_period + 2) / 3, false);
2031
2032 return (cumulated_error);
2033 }
2034
2035 static bool
timed_out(void)2036 timed_out(void)
2037 {
2038
2039 return (sigalrm_received);
2040 }
2041
2042 static void
sigalrm_handler_fatal(int dummy __unused)2043 sigalrm_handler_fatal(int dummy __unused)
2044 {
2045 /*
2046 * It would be easiest to just log an error and exit. We can't
2047 * do this, though, because log_errx() is not signal safe, since
2048 * it calls syslog(3). Instead, set a flag checked by pdu_send()
2049 * and pdu_receive(), to call log_errx() there. Should they fail
2050 * to notice, we'll exit here one second later.
2051 */
2052 if (sigalrm_received) {
2053 /*
2054 * Oh well. Just give up and quit.
2055 */
2056 _exit(2);
2057 }
2058
2059 sigalrm_received = true;
2060 }
2061
2062 static void
sigalrm_handler(int dummy __unused)2063 sigalrm_handler(int dummy __unused)
2064 {
2065
2066 sigalrm_received = true;
2067 }
2068
2069 void
set_timeout(int timeout,int fatal)2070 set_timeout(int timeout, int fatal)
2071 {
2072 struct sigaction sa;
2073 struct itimerval itv;
2074 int error;
2075
2076 if (timeout <= 0) {
2077 log_debugx("session timeout disabled");
2078 bzero(&itv, sizeof(itv));
2079 error = setitimer(ITIMER_REAL, &itv, NULL);
2080 if (error != 0)
2081 log_err(1, "setitimer");
2082 sigalrm_received = false;
2083 return;
2084 }
2085
2086 sigalrm_received = false;
2087 bzero(&sa, sizeof(sa));
2088 if (fatal)
2089 sa.sa_handler = sigalrm_handler_fatal;
2090 else
2091 sa.sa_handler = sigalrm_handler;
2092 sigfillset(&sa.sa_mask);
2093 error = sigaction(SIGALRM, &sa, NULL);
2094 if (error != 0)
2095 log_err(1, "sigaction");
2096
2097 /*
2098 * First SIGALRM will arive after conf_timeout seconds.
2099 * If we do nothing, another one will arrive a second later.
2100 */
2101 log_debugx("setting session timeout to %d seconds", timeout);
2102 bzero(&itv, sizeof(itv));
2103 itv.it_interval.tv_sec = 1;
2104 itv.it_value.tv_sec = timeout;
2105 error = setitimer(ITIMER_REAL, &itv, NULL);
2106 if (error != 0)
2107 log_err(1, "setitimer");
2108 }
2109
2110 static int
wait_for_children(bool block)2111 wait_for_children(bool block)
2112 {
2113 pid_t pid;
2114 int status;
2115 int num = 0;
2116
2117 for (;;) {
2118 /*
2119 * If "block" is true, wait for at least one process.
2120 */
2121 if (block && num == 0)
2122 pid = wait4(-1, &status, 0, NULL);
2123 else
2124 pid = wait4(-1, &status, WNOHANG, NULL);
2125 if (pid <= 0)
2126 break;
2127 if (WIFSIGNALED(status)) {
2128 log_warnx("child process %d terminated with signal %d",
2129 pid, WTERMSIG(status));
2130 } else if (WEXITSTATUS(status) != 0) {
2131 log_warnx("child process %d terminated with exit status %d",
2132 pid, WEXITSTATUS(status));
2133 } else {
2134 log_debugx("child process %d terminated gracefully", pid);
2135 }
2136 num++;
2137 }
2138
2139 return (num);
2140 }
2141
2142 static void
handle_connection(struct portal * portal,int fd,const struct sockaddr * client_sa,bool dont_fork)2143 handle_connection(struct portal *portal, int fd,
2144 const struct sockaddr *client_sa, bool dont_fork)
2145 {
2146 struct ctld_connection *conn;
2147 int error;
2148 pid_t pid;
2149 char host[NI_MAXHOST + 1];
2150 struct conf *conf;
2151
2152 conf = portal->p_portal_group->pg_conf;
2153
2154 if (dont_fork) {
2155 log_debugx("incoming connection; not forking due to -d flag");
2156 } else {
2157 nchildren -= wait_for_children(false);
2158 assert(nchildren >= 0);
2159
2160 while (conf->conf_maxproc > 0 && nchildren >= conf->conf_maxproc) {
2161 log_debugx("maxproc limit of %d child processes hit; "
2162 "waiting for child process to exit", conf->conf_maxproc);
2163 nchildren -= wait_for_children(true);
2164 assert(nchildren >= 0);
2165 }
2166 log_debugx("incoming connection; forking child process #%d",
2167 nchildren);
2168 nchildren++;
2169 pid = fork();
2170 if (pid < 0)
2171 log_err(1, "fork");
2172 if (pid > 0) {
2173 close(fd);
2174 return;
2175 }
2176 pidfile_close(conf->conf_pidfh);
2177 }
2178
2179 error = getnameinfo(client_sa, client_sa->sa_len,
2180 host, sizeof(host), NULL, 0, NI_NUMERICHOST);
2181 if (error != 0)
2182 log_errx(1, "getnameinfo: %s", gai_strerror(error));
2183
2184 log_debugx("accepted connection from %s; portal group \"%s\"",
2185 host, portal->p_portal_group->pg_name);
2186 log_set_peer_addr(host);
2187 setproctitle("%s", host);
2188
2189 conn = connection_new(portal, fd, host, client_sa);
2190 set_timeout(conf->conf_timeout, true);
2191 kernel_capsicate();
2192 login(conn);
2193 if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) {
2194 kernel_handoff(conn);
2195 log_debugx("connection handed off to the kernel");
2196 } else {
2197 assert(conn->conn_session_type == CONN_SESSION_TYPE_DISCOVERY);
2198 discovery(conn);
2199 }
2200 log_debugx("nothing more to do; exiting");
2201 exit(0);
2202 }
2203
2204 static void
main_loop(bool dont_fork)2205 main_loop(bool dont_fork)
2206 {
2207 struct kevent kev;
2208 struct portal *portal;
2209 struct sockaddr_storage client_sa;
2210 socklen_t client_salen;
2211 #ifdef ICL_KERNEL_PROXY
2212 int connection_id;
2213 int portal_id;
2214 #endif
2215 int error, client_fd;
2216
2217 for (;;) {
2218 if (sighup_received || sigterm_received || timed_out())
2219 return;
2220
2221 #ifdef ICL_KERNEL_PROXY
2222 if (proxy_mode) {
2223 client_salen = sizeof(client_sa);
2224 kernel_accept(&connection_id, &portal_id,
2225 (struct sockaddr *)&client_sa, &client_salen);
2226 assert(client_salen >= client_sa.ss_len);
2227
2228 log_debugx("incoming connection, id %d, portal id %d",
2229 connection_id, portal_id);
2230 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
2231 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
2232 if (portal->p_id == portal_id) {
2233 goto found;
2234 }
2235 }
2236 }
2237
2238 log_errx(1, "kernel returned invalid portal_id %d",
2239 portal_id);
2240
2241 found:
2242 handle_connection(portal, connection_id,
2243 (struct sockaddr *)&client_sa, dont_fork);
2244 } else {
2245 #endif
2246 assert(proxy_mode == false);
2247
2248 error = kevent(kqfd, NULL, 0, &kev, 1, NULL);
2249 if (error == -1) {
2250 if (errno == EINTR)
2251 continue;
2252 log_err(1, "kevent");
2253 }
2254
2255 switch (kev.filter) {
2256 case EVFILT_READ:
2257 portal = kev.udata;
2258 assert(portal->p_socket == (int)kev.ident);
2259
2260 client_salen = sizeof(client_sa);
2261 client_fd = accept(portal->p_socket,
2262 (struct sockaddr *)&client_sa,
2263 &client_salen);
2264 if (client_fd < 0) {
2265 if (errno == ECONNABORTED)
2266 continue;
2267 log_err(1, "accept");
2268 }
2269 assert(client_salen >= client_sa.ss_len);
2270
2271 handle_connection(portal, client_fd,
2272 (struct sockaddr *)&client_sa, dont_fork);
2273 break;
2274 default:
2275 __assert_unreachable();
2276 }
2277 #ifdef ICL_KERNEL_PROXY
2278 }
2279 #endif
2280 }
2281 }
2282
2283 static void
sighup_handler(int dummy __unused)2284 sighup_handler(int dummy __unused)
2285 {
2286
2287 sighup_received = true;
2288 }
2289
2290 static void
sigterm_handler(int dummy __unused)2291 sigterm_handler(int dummy __unused)
2292 {
2293
2294 sigterm_received = true;
2295 }
2296
2297 static void
sigchld_handler(int dummy __unused)2298 sigchld_handler(int dummy __unused)
2299 {
2300
2301 /*
2302 * The only purpose of this handler is to make SIGCHLD
2303 * interrupt the ISCSIDWAIT ioctl(2), so we can call
2304 * wait_for_children().
2305 */
2306 }
2307
2308 static void
register_signals(void)2309 register_signals(void)
2310 {
2311 struct sigaction sa;
2312 int error;
2313
2314 bzero(&sa, sizeof(sa));
2315 sa.sa_handler = sighup_handler;
2316 sigfillset(&sa.sa_mask);
2317 error = sigaction(SIGHUP, &sa, NULL);
2318 if (error != 0)
2319 log_err(1, "sigaction");
2320
2321 sa.sa_handler = sigterm_handler;
2322 error = sigaction(SIGTERM, &sa, NULL);
2323 if (error != 0)
2324 log_err(1, "sigaction");
2325
2326 sa.sa_handler = sigterm_handler;
2327 error = sigaction(SIGINT, &sa, NULL);
2328 if (error != 0)
2329 log_err(1, "sigaction");
2330
2331 sa.sa_handler = sigchld_handler;
2332 error = sigaction(SIGCHLD, &sa, NULL);
2333 if (error != 0)
2334 log_err(1, "sigaction");
2335 }
2336
2337 static void
check_perms(const char * path)2338 check_perms(const char *path)
2339 {
2340 struct stat sb;
2341 int error;
2342
2343 error = stat(path, &sb);
2344 if (error != 0) {
2345 log_warn("stat");
2346 return;
2347 }
2348 if (sb.st_mode & S_IWOTH) {
2349 log_warnx("%s is world-writable", path);
2350 } else if (sb.st_mode & S_IROTH) {
2351 log_warnx("%s is world-readable", path);
2352 } else if (sb.st_mode & S_IXOTH) {
2353 /*
2354 * Ok, this one doesn't matter, but still do it,
2355 * just for consistency.
2356 */
2357 log_warnx("%s is world-executable", path);
2358 }
2359
2360 /*
2361 * XXX: Should we also check for owner != 0?
2362 */
2363 }
2364
2365 static struct conf *
conf_new_from_file(const char * path,bool ucl)2366 conf_new_from_file(const char *path, bool ucl)
2367 {
2368 struct conf *conf;
2369 struct auth_group *ag;
2370 struct portal_group *pg;
2371 bool valid;
2372
2373 log_debugx("obtaining configuration from %s", path);
2374
2375 conf = conf_new();
2376
2377 ag = auth_group_new(conf, "default");
2378 assert(ag != NULL);
2379
2380 ag = auth_group_new(conf, "no-authentication");
2381 assert(ag != NULL);
2382 ag->ag_type = AG_TYPE_NO_AUTHENTICATION;
2383
2384 ag = auth_group_new(conf, "no-access");
2385 assert(ag != NULL);
2386 ag->ag_type = AG_TYPE_DENY;
2387
2388 pg = portal_group_new(conf, "default");
2389 assert(pg != NULL);
2390
2391 conf_start(conf);
2392 if (ucl)
2393 valid = uclparse_conf(path);
2394 else
2395 valid = parse_conf(path);
2396 conf_finish();
2397
2398 if (!valid) {
2399 conf_delete(conf);
2400 return (NULL);
2401 }
2402
2403 check_perms(path);
2404
2405 if (conf->conf_default_ag_defined == false) {
2406 log_debugx("auth-group \"default\" not defined; "
2407 "going with defaults");
2408 ag = auth_group_find(conf, "default");
2409 assert(ag != NULL);
2410 ag->ag_type = AG_TYPE_DENY;
2411 }
2412
2413 if (conf->conf_default_pg_defined == false) {
2414 log_debugx("portal-group \"default\" not defined; "
2415 "going with defaults");
2416 pg = portal_group_find(conf, "default");
2417 assert(pg != NULL);
2418 portal_group_add_portal(pg, "0.0.0.0", false);
2419 portal_group_add_portal(pg, "[::]", false);
2420 }
2421
2422 conf->conf_kernel_port_on = true;
2423
2424 if (!conf_verify(conf)) {
2425 conf_delete(conf);
2426 return (NULL);
2427 }
2428
2429 return (conf);
2430 }
2431
2432 /*
2433 * If the config file specifies physical ports for any target, associate them
2434 * with the config file. If necessary, create them.
2435 */
2436 static bool
new_pports_from_conf(struct conf * conf,struct kports * kports)2437 new_pports_from_conf(struct conf *conf, struct kports *kports)
2438 {
2439 struct target *targ;
2440 struct pport *pp;
2441 struct port *tp;
2442 int ret, i_pp, i_vp;
2443
2444 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
2445 if (!targ->t_pport)
2446 continue;
2447
2448 ret = sscanf(targ->t_pport, "ioctl/%d/%d", &i_pp, &i_vp);
2449 if (ret > 0) {
2450 tp = port_new_ioctl(conf, kports, targ, i_pp, i_vp);
2451 if (tp == NULL) {
2452 log_warnx("can't create new ioctl port "
2453 "for target \"%s\"", targ->t_name);
2454 return (false);
2455 }
2456
2457 continue;
2458 }
2459
2460 pp = pport_find(kports, targ->t_pport);
2461 if (pp == NULL) {
2462 log_warnx("unknown port \"%s\" for target \"%s\"",
2463 targ->t_pport, targ->t_name);
2464 return (false);
2465 }
2466 if (!TAILQ_EMPTY(&pp->pp_ports)) {
2467 log_warnx("can't link port \"%s\" to target \"%s\", "
2468 "port already linked to some target",
2469 targ->t_pport, targ->t_name);
2470 return (false);
2471 }
2472 tp = port_new_pp(conf, targ, pp);
2473 if (tp == NULL) {
2474 log_warnx("can't link port \"%s\" to target \"%s\"",
2475 targ->t_pport, targ->t_name);
2476 return (false);
2477 }
2478 }
2479 return (true);
2480 }
2481
2482 int
main(int argc,char ** argv)2483 main(int argc, char **argv)
2484 {
2485 struct kports kports;
2486 struct conf *oldconf, *newconf, *tmpconf;
2487 struct isns *newns;
2488 const char *config_path = DEFAULT_CONFIG_PATH;
2489 int debug = 0, ch, error;
2490 pid_t otherpid;
2491 bool daemonize = true;
2492 bool test_config = false;
2493 bool use_ucl = false;
2494
2495 while ((ch = getopt(argc, argv, "dtuf:R")) != -1) {
2496 switch (ch) {
2497 case 'd':
2498 daemonize = false;
2499 debug++;
2500 break;
2501 case 't':
2502 test_config = true;
2503 break;
2504 case 'u':
2505 use_ucl = true;
2506 break;
2507 case 'f':
2508 config_path = optarg;
2509 break;
2510 case 'R':
2511 #ifndef ICL_KERNEL_PROXY
2512 log_errx(1, "ctld(8) compiled without ICL_KERNEL_PROXY "
2513 "does not support iSER protocol");
2514 #endif
2515 proxy_mode = true;
2516 break;
2517 case '?':
2518 default:
2519 usage();
2520 }
2521 }
2522 argc -= optind;
2523 if (argc != 0)
2524 usage();
2525
2526 log_init(debug);
2527 kernel_init();
2528
2529 TAILQ_INIT(&kports.pports);
2530 newconf = conf_new_from_file(config_path, use_ucl);
2531
2532 if (newconf == NULL)
2533 log_errx(1, "configuration error; exiting");
2534
2535 if (test_config)
2536 return (0);
2537
2538 assert(newconf->conf_pidfile_path != NULL);
2539 log_debugx("opening pidfile %s", newconf->conf_pidfile_path);
2540 newconf->conf_pidfh = pidfile_open(newconf->conf_pidfile_path, 0600,
2541 &otherpid);
2542 if (newconf->conf_pidfh == NULL) {
2543 if (errno == EEXIST)
2544 log_errx(1, "daemon already running, pid: %jd.",
2545 (intmax_t)otherpid);
2546 log_err(1, "cannot open or create pidfile \"%s\"",
2547 newconf->conf_pidfile_path);
2548 }
2549
2550 register_signals();
2551
2552 oldconf = conf_new_from_kernel(&kports);
2553
2554 if (debug > 0) {
2555 oldconf->conf_debug = debug;
2556 newconf->conf_debug = debug;
2557 }
2558
2559 if (!new_pports_from_conf(newconf, &kports))
2560 log_errx(1, "Error associating physical ports; exiting");
2561
2562 if (daemonize) {
2563 log_debugx("daemonizing");
2564 if (daemon(0, 0) == -1) {
2565 log_warn("cannot daemonize");
2566 pidfile_remove(newconf->conf_pidfh);
2567 exit(1);
2568 }
2569 }
2570
2571 kqfd = kqueue();
2572 if (kqfd == -1) {
2573 log_warn("Cannot create kqueue");
2574 pidfile_remove(newconf->conf_pidfh);
2575 exit(1);
2576 }
2577
2578 error = conf_apply(oldconf, newconf);
2579 if (error != 0)
2580 log_errx(1, "failed to apply configuration; exiting");
2581
2582 conf_delete(oldconf);
2583 oldconf = NULL;
2584
2585 pidfile_write(newconf->conf_pidfh);
2586
2587 /* Schedule iSNS update */
2588 if (!TAILQ_EMPTY(&newconf->conf_isns))
2589 set_timeout((newconf->conf_isns_period + 2) / 3, false);
2590
2591 for (;;) {
2592 main_loop(!daemonize);
2593 if (sighup_received) {
2594 sighup_received = false;
2595 log_debugx("received SIGHUP, reloading configuration");
2596 tmpconf = conf_new_from_file(config_path, use_ucl);
2597
2598 if (tmpconf == NULL) {
2599 log_warnx("configuration error, "
2600 "continuing with old configuration");
2601 } else if (new_pports_from_conf(tmpconf, &kports)) {
2602 log_warnx("Error associating physical ports, "
2603 "continuing with old configuration");
2604 conf_delete(tmpconf);
2605 } else {
2606 if (debug > 0)
2607 tmpconf->conf_debug = debug;
2608 oldconf = newconf;
2609 newconf = tmpconf;
2610
2611 error = conf_apply(oldconf, newconf);
2612 if (error != 0)
2613 log_warnx("failed to reload "
2614 "configuration");
2615 conf_delete(oldconf);
2616 oldconf = NULL;
2617 }
2618 } else if (sigterm_received) {
2619 log_debugx("exiting on signal; "
2620 "reloading empty configuration");
2621
2622 log_debugx("removing CTL iSCSI ports "
2623 "and terminating all connections");
2624
2625 oldconf = newconf;
2626 newconf = conf_new();
2627 if (debug > 0)
2628 newconf->conf_debug = debug;
2629 error = conf_apply(oldconf, newconf);
2630 if (error != 0)
2631 log_warnx("failed to apply configuration");
2632 if (oldconf->conf_pidfh) {
2633 pidfile_remove(oldconf->conf_pidfh);
2634 oldconf->conf_pidfh = NULL;
2635 }
2636 conf_delete(newconf);
2637 conf_delete(oldconf);
2638 oldconf = NULL;
2639
2640 log_warnx("exiting on signal");
2641 exit(0);
2642 } else {
2643 nchildren -= wait_for_children(false);
2644 assert(nchildren >= 0);
2645 if (timed_out()) {
2646 set_timeout(0, false);
2647 TAILQ_FOREACH(newns, &newconf->conf_isns, i_next)
2648 isns_check(newns);
2649 /* Schedule iSNS update */
2650 if (!TAILQ_EMPTY(&newconf->conf_isns)) {
2651 set_timeout((newconf->conf_isns_period
2652 + 2) / 3,
2653 false);
2654 }
2655 }
2656 }
2657 }
2658 /* NOTREACHED */
2659 }
2660