ctld.hh (revision ed076901ec80e23804ef432cfa7edeb10c4f9ede) - OpenGrok cross reference for /freebsd/usr.sbin/ctld/ctld.hh

/*-
 * SPDX-License-Identifier: BSD-2-Clause
 *
 * Copyright (c) 2012 The FreeBSD Foundation
 *
 * This software was developed by Edward Tomasz Napierala under sponsorship
 * from the FreeBSD Foundation.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#ifndef __CTLD_HH__
#define	__CTLD_HH__

#include <sys/_nv.h>
#include <sys/queue.h>
#ifdef ICL_KERNEL_PROXY
#include <sys/types.h>
#endif
#include <sys/socket.h>
#include <stdbool.h>
#include <libiscsiutil.h>
#include <libutil.h>

#include <array>
#include <list>
#include <memory>
#include <string>
#include <string_view>
#include <unordered_map>
#include <unordered_set>
#include <libutil++.hh>

#define	DEFAULT_CONFIG_PATH		"/etc/ctl.conf"
#define	DEFAULT_PIDFILE			"/var/run/ctld.pid"
#define	DEFAULT_BLOCKSIZE		512
#define	DEFAULT_CD_BLOCKSIZE		2048

#define	MAX_LUNS			1024
#define	SOCKBUF_SIZE			1048576

struct isns_req;
struct port;

struct auth {
	auth(std::string_view secret) : a_secret(secret) {}
	auth(std::string_view secret, std::string_view mutual_user,
	    std::string_view mutual_secret) :
		a_secret(secret), a_mutual_user(mutual_user),
		a_mutual_secret(mutual_secret) {}

	bool mutual() const { return !a_mutual_user.empty(); }

	const char *secret() const { return a_secret.c_str(); }
	const char *mutual_user() const { return a_mutual_user.c_str(); }
	const char *mutual_secret() const { return a_mutual_secret.c_str(); }

private:
	std::string			a_secret;
	std::string			a_mutual_user;
	std::string			a_mutual_secret;
};

struct auth_portal {
	bool matches(const struct sockaddr *sa) const;
	bool parse(const char *portal);

private:
	struct sockaddr_storage		ap_sa;
	int				ap_mask = 0;
};

enum class auth_type {
	UNKNOWN,
	DENY,
	NO_AUTHENTICATION,
	CHAP,
	CHAP_MUTUAL
};

struct auth_group {
	auth_group(std::string label) : ag_label(label) {}

	auth_type type() const { return ag_type; }
	bool set_type(const char *str);
	void set_type(auth_type type);

	const char *label() const { return ag_label.c_str(); }

	bool add_chap(const char *user, const char *secret);
	bool add_chap_mutual(const char *user, const char *secret,
	    const char *user2, const char *secret2);
	const struct auth *find_auth(std::string_view user) const;

	bool add_initiator_name(std::string_view initiator_name);
	bool initiator_permitted(std::string_view initiator_name) const;

	bool add_initiator_portal(const char *initiator_portal);
	bool initiator_permitted(const struct sockaddr *sa) const;

private:
	void check_secret_length(const char *user, const char *secret,
	    const char *secret_type);

	std::string			ag_label;
	auth_type			ag_type = auth_type::UNKNOWN;
	std::unordered_map<std::string, auth> ag_auths;
	std::unordered_set<std::string> ag_names;
	std::list<auth_portal>		ag_portals;
};

using auth_group_sp = std::shared_ptr<auth_group>;

struct portal {
	portal(struct portal_group *pg, std::string_view listen, bool iser,
	    freebsd::addrinfo_up ai) :
		p_portal_group(pg), p_listen(listen), p_ai(std::move(ai)),
		p_iser(iser) {}

	bool reuse_socket(portal &oldp);
	bool init_socket();

	portal_group *portal_group() { return p_portal_group; }
	const char *listen() const { return p_listen.c_str(); }
	const addrinfo *ai() const { return p_ai.get(); }
	int socket() const { return p_socket; }
	void close() { p_socket.reset(); }

private:
	struct portal_group		*p_portal_group;
	std::string			p_listen;
	freebsd::addrinfo_up		p_ai;
	bool				p_iser;

	freebsd::fd_up			p_socket;
};

using portal_up = std::unique_ptr<portal>;

enum class discovery_filter {
	UNKNOWN,
	NONE,
	PORTAL,
	PORTAL_NAME,
	PORTAL_NAME_AUTH
};

struct portal_group {
	portal_group(struct conf *conf, std::string_view name);

	struct conf *conf() const { return pg_conf; }
	const char *name() const { return pg_name.c_str(); }
	bool assigned() const { return pg_assigned; }
	bool is_dummy() const;
	bool is_redirecting() const { return !pg_redirection.empty(); }
	struct auth_group *discovery_auth_group() const
	{ return pg_discovery_auth_group.get(); }
	discovery_filter discovery_filter() const
	{ return pg_discovery_filter; }
	int dscp() const { return pg_dscp; }
	const char *offload() const { return pg_offload.c_str(); }
	const char *redirection() const { return pg_redirection.c_str(); }
	int pcp() const { return pg_pcp; }
	uint16_t tag() const { return pg_tag; }

	freebsd::nvlist_up options() const;

	const std::list<portal_up> &portals() const { return pg_portals; }
	const std::unordered_map<std::string, port *> &ports() const
	{ return pg_ports; }

	bool add_portal(const char *value, bool iser);
	bool add_option(const char *name, const char *value);
	bool set_discovery_auth_group(const char *name);
	bool set_dscp(u_int dscp);
	bool set_filter(const char *str);
	void set_foreign();
	bool set_offload(const char *offload);
	bool set_pcp(u_int pcp);
	bool set_redirection(const char *addr);
	void set_tag(uint16_t tag);

	void add_port(struct portal_group_port *port);
	const struct port *find_port(std::string_view target) const;
	void remove_port(struct portal_group_port *port);
	void verify(struct conf *conf);

	bool reuse_socket(struct portal &newp);
	int open_sockets(struct conf &oldconf);
	void close_sockets();

private:
	struct conf			*pg_conf;
	freebsd::nvlist_up		pg_options;
	std::string			pg_name;
	auth_group_sp			pg_discovery_auth_group;
	enum discovery_filter		pg_discovery_filter =
	    discovery_filter::UNKNOWN;
	bool				pg_foreign = false;
	bool				pg_assigned = false;
	std::list<portal_up>	        pg_portals;
	std::unordered_map<std::string, port *> pg_ports;
	std::string			pg_offload;
	std::string			pg_redirection;
	int				pg_dscp = -1;
	int				pg_pcp = -1;

	uint16_t			pg_tag = 0;
};

using portal_group_up = std::unique_ptr<portal_group>;

struct port {
	port(struct target *target);
	virtual ~port() = default;

	struct target *target() const { return p_target; }
	virtual struct auth_group *auth_group() const { return nullptr; }
	virtual struct portal_group *portal_group() const { return nullptr; }

	virtual bool is_dummy() const { return true; }

	virtual void clear_references();

	bool kernel_add();
	bool kernel_update(const port *oport);
	bool kernel_remove();

	virtual bool kernel_create_port() = 0;
	virtual bool kernel_remove_port() = 0;

protected:
	struct target			*p_target;

	uint32_t			p_ctl_port = 0;
};

struct portal_group_port final : public port {
	portal_group_port(struct target *target, struct portal_group *pg,
	    auth_group_sp ag);
	portal_group_port(struct target *target, struct portal_group *pg,
	    uint32_t ctl_port);
	~portal_group_port() override = default;

	struct auth_group *auth_group() const override
	{ return p_auth_group.get(); }
	struct portal_group *portal_group() const override
	{ return p_portal_group; }

	bool is_dummy() const override;

	void clear_references() override;

	bool kernel_create_port() override;
	bool kernel_remove_port() override;

private:
	auth_group_sp			p_auth_group;
	struct portal_group		*p_portal_group;
};

struct ioctl_port final : public port {
	ioctl_port(struct target *target, int pp, int vp) :
		port(target), p_ioctl_pp(pp), p_ioctl_vp(vp) {}
	~ioctl_port() override = default;

	bool kernel_create_port() override;
	bool kernel_remove_port() override;

private:
	int				p_ioctl_pp;
	int				p_ioctl_vp;
};

struct kernel_port final : public port {
	kernel_port(struct target *target, struct pport *pp) :
		port(target), p_pport(pp) {}
	~kernel_port() override = default;

	bool kernel_create_port() override;
	bool kernel_remove_port() override;

private:
	struct pport			*p_pport;
};

struct lun {
	lun(struct conf *conf, std::string_view name);

	const char *name() const { return l_name.c_str(); }
	const std::string &path() const { return l_path; }
	int ctl_lun() const { return l_ctl_lun; }

	freebsd::nvlist_up options() const;

	bool add_option(const char *name, const char *value);
	bool set_backend(std::string_view value);
	bool set_blocksize(size_t value);
	bool set_ctl_lun(uint32_t value);
	bool set_device_type(uint8_t device_type);
	bool set_device_type(const char *value);
	bool set_device_id(std::string_view value);
	bool set_path(std::string_view value);
	void set_scsiname(std::string_view value);
	bool set_serial(std::string_view value);
	bool set_size(uint64_t value);

	bool changed(const struct lun &old) const;
	bool verify();

	bool kernel_add();
	bool kernel_modify() const;
	bool kernel_remove() const;

private:
	struct conf			*l_conf;
	freebsd::nvlist_up		l_options;
	std::string			l_name;
	std::string			l_backend;
	uint8_t				l_device_type = 0;
	int				l_blocksize = 0;
	std::string			l_device_id;
	std::string			l_path;
	std::string			l_scsiname;
	std::string			l_serial;
	uint64_t			l_size = 0;

	int				l_ctl_lun = -1;
};

struct target {
	target(struct conf *conf, std::string_view name) :
		t_conf(conf), t_name(name) {}

	bool has_alias() const { return !t_alias.empty(); }
	bool has_pport() const { return !t_pport.empty(); }
	bool has_redirection() const { return !t_redirection.empty(); }
	const char *alias() const { return t_alias.c_str(); }
	const char *name() const { return t_name.c_str(); }
	const char *pport() const { return t_pport.c_str(); }
	bool private_auth() const { return t_private_auth; }
	const char *redirection() const { return t_redirection.c_str(); }

	struct auth_group *auth_group() const { return t_auth_group.get(); }
	const std::list<port *> &ports() const { return t_ports; }
	const struct lun *lun(int idx) const { return t_luns[idx]; }

	bool add_chap(const char *user, const char *secret);
	bool add_chap_mutual(const char *user, const char *secret,
	    const char *user2, const char *secret2);
	bool add_initiator_name(std::string_view name);
	bool add_initiator_portal(const char *addr);
	bool add_lun(u_int id, const char *lun_name);
	bool add_portal_group(const char *pg_name, const char *ag_name);
	bool set_alias(std::string_view alias);
	bool set_auth_group(const char *ag_name);
	bool set_auth_type(const char *type);
	bool set_physical_port(std::string_view pport);
	bool set_redirection(const char *addr);
	struct lun *start_lun(u_int id);

	void add_port(struct port *port);
	void remove_lun(struct lun *lun);
	void remove_port(struct port *port);
	void verify();

private:
	bool use_private_auth(const char *keyword);

	struct conf			*t_conf;
	std::array<struct lun *, MAX_LUNS> t_luns;
	auth_group_sp			t_auth_group;
	std::list<port *>		t_ports;
	std::string			t_name;
	std::string			t_alias;
	std::string			t_redirection;
	/* Name of this target's physical port, if any, i.e. "isp0" */
	std::string			t_pport;
	bool				t_private_auth;
};

struct isns {
	isns(std::string_view addr, freebsd::addrinfo_up ai) :
		i_addr(addr), i_ai(std::move(ai)) {}

	const char *addr() const { return i_addr.c_str(); }

	freebsd::fd_up connect();
	bool send_request(int s, struct isns_req req);

private:
	std::string			i_addr;
	freebsd::addrinfo_up		i_ai;
};

struct conf {
	int maxproc() const { return conf_maxproc; }
	int timeout() const { return conf_timeout; }

	bool default_auth_group_defined() const
	{ return conf_default_ag_defined; }
	bool default_portal_group_defined() const
	{ return conf_default_pg_defined; }

	struct auth_group *add_auth_group(const char *ag_name);
	struct auth_group *define_default_auth_group();
	auth_group_sp find_auth_group(std::string_view ag_name);

	struct portal_group *add_portal_group(const char *name);
	struct portal_group *define_default_portal_group();
	struct portal_group *find_portal_group(std::string_view name);

	bool add_port(struct target *target, struct portal_group *pg,
	    auth_group_sp ag);
	bool add_port(struct target *target, struct portal_group *pg,
	    uint32_t ctl_port);
	bool add_port(struct target *target, struct pport *pp);
	bool add_port(struct kports &kports, struct target *target, int pp,
	    int vp);
	bool add_pports(struct kports &kports);

	struct target *add_target(const char *name);
	struct target *find_target(std::string_view name);

	struct lun *add_lun(const char *name);
	struct lun *find_lun(std::string_view name);

	void set_debug(int debug);
	void set_isns_period(int period);
	void set_isns_timeout(int timeout);
	void set_maxproc(int maxproc);
	bool set_pidfile_path(std::string_view path);
	void set_timeout(int timeout);

	void open_pidfile();
	void write_pidfile();
	void close_pidfile();

	bool add_isns(const char *addr);
	void isns_register_targets(struct isns *isns, struct conf *oldconf);
	void isns_deregister_targets(struct isns *isns);
	void isns_schedule_update();
	void isns_update();

	int apply(struct conf *oldconf);
	void delete_target_luns(struct lun *lun);
	bool reuse_portal_group_socket(struct portal &newp);
	bool verify();

private:
	struct isns_req isns_register_request(const char *hostname);
	struct isns_req isns_check_request(const char *hostname);
	struct isns_req isns_deregister_request(const char *hostname);
	void isns_check(struct isns *isns);

	std::string			conf_pidfile_path;
	std::unordered_map<std::string, std::unique_ptr<lun>> conf_luns;
	std::unordered_map<std::string, std::unique_ptr<target>> conf_targets;
	std::unordered_map<std::string, auth_group_sp> conf_auth_groups;
	std::unordered_map<std::string, std::unique_ptr<port>> conf_ports;
	std::unordered_map<std::string, portal_group_up> conf_portal_groups;
	std::unordered_map<std::string, isns> conf_isns;
	struct target			*conf_first_target = nullptr;
	int				conf_isns_period = 900;
	int				conf_isns_timeout = 5;
	int				conf_debug = 0;
	int				conf_timeout = 60;
	int				conf_maxproc = 30;

	freebsd::pidfile		conf_pidfile;

	bool				conf_default_pg_defined = false;
	bool				conf_default_ag_defined = false;

#ifdef ICL_KERNEL_PROXY
public:
	int add_proxy_portal(portal *);
	portal *proxy_portal(int);
private:
	std::vector<portal *>		conf_proxy_portals;
#endif
};

using conf_up = std::unique_ptr<conf>;

/* Physical ports exposed by the kernel */
struct pport {
	pport(std::string_view name, uint32_t ctl_port) : pp_name(name),
	    pp_ctl_port(ctl_port) {}

	const char *name() const { return pp_name.c_str(); }
	uint32_t ctl_port() const { return pp_ctl_port; }

	bool linked() const { return pp_linked; }
	void link() { pp_linked = true; }

private:
	std::string			pp_name;
	uint32_t			pp_ctl_port;
	bool				pp_linked;
};

struct kports {
	bool add_port(std::string &name, uint32_t ctl_port);
	bool has_port(std::string_view name);
	struct pport *find_port(std::string_view name);

private:
	std::unordered_map<std::string, struct pport> pports;
};

#define	CONN_SESSION_TYPE_NONE		0
#define	CONN_SESSION_TYPE_DISCOVERY	1
#define	CONN_SESSION_TYPE_NORMAL	2

struct ctld_connection {
	ctld_connection(struct portal *portal, int fd, const char *host,
	    const struct sockaddr *client_sa);
	~ctld_connection();

	int session_type() const { return conn_session_type; }

	void login();
	void discovery();
	void kernel_handoff();
private:
	void login_chap(struct auth_group *ag);
	void login_negotiate_key(struct pdu *request, const char *name,
	    const char *value, bool skipped_security,
	    struct keys *response_keys);
	bool login_portal_redirect(struct pdu *request);
	bool login_target_redirect(struct pdu *request);
	void login_negotiate(struct pdu *request);
	void login_wait_transition();

	bool discovery_target_filtered_out(const struct port *port) const;

	struct connection	conn;
	struct portal		*conn_portal = nullptr;
	const struct port	*conn_port = nullptr;
	struct target		*conn_target = nullptr;
	int			conn_session_type = CONN_SESSION_TYPE_NONE;
	std::string		conn_initiator_name;
	std::string		conn_initiator_addr;
	std::string		conn_initiator_alias;
	uint8_t			conn_initiator_isid[6];
	const struct sockaddr	*conn_initiator_sa = nullptr;
	int			conn_max_recv_data_segment_limit = 0;
	int			conn_max_send_data_segment_limit = 0;
	int			conn_max_burst_limit = 0;
	int			conn_first_burst_limit = 0;
	std::string		conn_user;
	struct chap		*conn_chap = nullptr;
};

extern int ctl_fd;

bool			parse_conf(const char *path);
bool			uclparse_conf(const char *path);

conf_up			conf_new_from_kernel(struct kports &kports);
void			conf_finish(void);
void			conf_start(struct conf *new_conf);

bool			option_new(nvlist_t *nvl,
			    const char *name, const char *value);

void			kernel_init(void);
void			kernel_capsicate(void);

#ifdef ICL_KERNEL_PROXY
void			kernel_listen(struct addrinfo *ai, bool iser,
			    int portal_id);
void			kernel_accept(int *connection_id, int *portal_id,
			    struct sockaddr *client_sa,
			    socklen_t *client_salen);
void			kernel_send(struct pdu *pdu);
void			kernel_receive(struct pdu *pdu);
#endif

void			start_timer(int timeout, bool fatal = false);
void			stop_timer();

#endif /* !__CTLD_HH__ */