1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2012 The FreeBSD Foundation 5 * 6 * This software was developed by Edward Tomasz Napierala under sponsorship 7 * from the FreeBSD Foundation. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 * 30 */ 31 32 #include <sys/types.h> 33 #include <sys/event.h> 34 #include <sys/nv.h> 35 #include <sys/time.h> 36 #include <sys/socket.h> 37 #include <sys/stat.h> 38 #include <sys/wait.h> 39 #include <netinet/in.h> 40 #include <arpa/inet.h> 41 #include <assert.h> 42 #include <ctype.h> 43 #include <errno.h> 44 #include <netdb.h> 45 #include <signal.h> 46 #include <stdbool.h> 47 #include <stdio.h> 48 #include <stdint.h> 49 #include <stdlib.h> 50 #include <string.h> 51 #include <unistd.h> 52 53 #include "ctld.h" 54 #include "isns.h" 55 56 static bool timed_out(void); 57 #ifdef ICL_KERNEL_PROXY 58 static void pdu_receive_proxy(struct pdu *pdu); 59 static void pdu_send_proxy(struct pdu *pdu); 60 #endif /* ICL_KERNEL_PROXY */ 61 static void pdu_fail(const struct connection *conn, const char *reason); 62 63 bool proxy_mode = false; 64 65 static volatile bool sighup_received = false; 66 static volatile bool sigterm_received = false; 67 static volatile bool sigalrm_received = false; 68 69 static int kqfd; 70 static int nchildren = 0; 71 static uint16_t last_portal_group_tag = 0xff; 72 73 static struct connection_ops conn_ops = { 74 .timed_out = timed_out, 75 #ifdef ICL_KERNEL_PROXY 76 .pdu_receive_proxy = pdu_receive_proxy, 77 .pdu_send_proxy = pdu_send_proxy, 78 #endif 79 .fail = pdu_fail, 80 }; 81 82 static void 83 usage(void) 84 { 85 86 fprintf(stderr, "usage: ctld [-d][-u][-f config-file]\n"); 87 fprintf(stderr, " ctld -t [-u][-f config-file]\n"); 88 exit(1); 89 } 90 91 struct conf * 92 conf_new(void) 93 { 94 struct conf *conf; 95 96 conf = calloc(1, sizeof(*conf)); 97 if (conf == NULL) 98 log_err(1, "calloc"); 99 TAILQ_INIT(&conf->conf_luns); 100 TAILQ_INIT(&conf->conf_targets); 101 TAILQ_INIT(&conf->conf_auth_groups); 102 TAILQ_INIT(&conf->conf_ports); 103 TAILQ_INIT(&conf->conf_portal_groups); 104 TAILQ_INIT(&conf->conf_isns); 105 106 conf->conf_isns_period = 900; 107 conf->conf_isns_timeout = 5; 108 conf->conf_debug = 0; 109 conf->conf_timeout = 60; 110 conf->conf_maxproc = 30; 111 112 return (conf); 113 } 114 115 void 116 conf_delete(struct conf *conf) 117 { 118 struct lun *lun, *ltmp; 119 struct target *targ, *tmp; 120 struct auth_group *ag, *cagtmp; 121 struct portal_group *pg, *cpgtmp; 122 struct isns *is, *istmp; 123 124 assert(conf->conf_pidfh == NULL); 125 126 TAILQ_FOREACH_SAFE(lun, &conf->conf_luns, l_next, ltmp) 127 lun_delete(lun); 128 TAILQ_FOREACH_SAFE(targ, &conf->conf_targets, t_next, tmp) 129 target_delete(targ); 130 TAILQ_FOREACH_SAFE(ag, &conf->conf_auth_groups, ag_next, cagtmp) 131 auth_group_delete(ag); 132 TAILQ_FOREACH_SAFE(pg, &conf->conf_portal_groups, pg_next, cpgtmp) 133 portal_group_delete(pg); 134 TAILQ_FOREACH_SAFE(is, &conf->conf_isns, i_next, istmp) 135 isns_delete(is); 136 assert(TAILQ_EMPTY(&conf->conf_ports)); 137 free(conf->conf_pidfile_path); 138 free(conf); 139 } 140 141 static struct auth * 142 auth_new(struct auth_group *ag) 143 { 144 struct auth *auth; 145 146 auth = calloc(1, sizeof(*auth)); 147 if (auth == NULL) 148 log_err(1, "calloc"); 149 auth->a_auth_group = ag; 150 TAILQ_INSERT_TAIL(&ag->ag_auths, auth, a_next); 151 return (auth); 152 } 153 154 static void 155 auth_delete(struct auth *auth) 156 { 157 TAILQ_REMOVE(&auth->a_auth_group->ag_auths, auth, a_next); 158 159 free(auth->a_user); 160 free(auth->a_secret); 161 free(auth->a_mutual_user); 162 free(auth->a_mutual_secret); 163 free(auth); 164 } 165 166 const struct auth * 167 auth_find(const struct auth_group *ag, const char *user) 168 { 169 const struct auth *auth; 170 171 TAILQ_FOREACH(auth, &ag->ag_auths, a_next) { 172 if (strcmp(auth->a_user, user) == 0) 173 return (auth); 174 } 175 176 return (NULL); 177 } 178 179 static void 180 auth_check_secret_length(struct auth *auth) 181 { 182 size_t len; 183 184 len = strlen(auth->a_secret); 185 if (len > 16) { 186 if (auth->a_auth_group->ag_name != NULL) 187 log_warnx("secret for user \"%s\", auth-group \"%s\", " 188 "is too long; it should be at most 16 characters " 189 "long", auth->a_user, auth->a_auth_group->ag_name); 190 else 191 log_warnx("secret for user \"%s\", target \"%s\", " 192 "is too long; it should be at most 16 characters " 193 "long", auth->a_user, 194 auth->a_auth_group->ag_target->t_name); 195 } 196 if (len < 12) { 197 if (auth->a_auth_group->ag_name != NULL) 198 log_warnx("secret for user \"%s\", auth-group \"%s\", " 199 "is too short; it should be at least 12 characters " 200 "long", auth->a_user, 201 auth->a_auth_group->ag_name); 202 else 203 log_warnx("secret for user \"%s\", target \"%s\", " 204 "is too short; it should be at least 12 characters " 205 "long", auth->a_user, 206 auth->a_auth_group->ag_target->t_name); 207 } 208 209 if (auth->a_mutual_secret != NULL) { 210 len = strlen(auth->a_mutual_secret); 211 if (len > 16) { 212 if (auth->a_auth_group->ag_name != NULL) 213 log_warnx("mutual secret for user \"%s\", " 214 "auth-group \"%s\", is too long; it should " 215 "be at most 16 characters long", 216 auth->a_user, auth->a_auth_group->ag_name); 217 else 218 log_warnx("mutual secret for user \"%s\", " 219 "target \"%s\", is too long; it should " 220 "be at most 16 characters long", 221 auth->a_user, 222 auth->a_auth_group->ag_target->t_name); 223 } 224 if (len < 12) { 225 if (auth->a_auth_group->ag_name != NULL) 226 log_warnx("mutual secret for user \"%s\", " 227 "auth-group \"%s\", is too short; it " 228 "should be at least 12 characters long", 229 auth->a_user, auth->a_auth_group->ag_name); 230 else 231 log_warnx("mutual secret for user \"%s\", " 232 "target \"%s\", is too short; it should be " 233 "at least 12 characters long", 234 auth->a_user, 235 auth->a_auth_group->ag_target->t_name); 236 } 237 } 238 } 239 240 const struct auth * 241 auth_new_chap(struct auth_group *ag, const char *user, 242 const char *secret) 243 { 244 struct auth *auth; 245 246 if (ag->ag_type == AG_TYPE_UNKNOWN) 247 ag->ag_type = AG_TYPE_CHAP; 248 if (ag->ag_type != AG_TYPE_CHAP) { 249 if (ag->ag_name != NULL) 250 log_warnx("cannot mix \"chap\" authentication with " 251 "other types for auth-group \"%s\"", ag->ag_name); 252 else 253 log_warnx("cannot mix \"chap\" authentication with " 254 "other types for target \"%s\"", 255 ag->ag_target->t_name); 256 return (NULL); 257 } 258 259 auth = auth_new(ag); 260 auth->a_user = checked_strdup(user); 261 auth->a_secret = checked_strdup(secret); 262 263 auth_check_secret_length(auth); 264 265 return (auth); 266 } 267 268 const struct auth * 269 auth_new_chap_mutual(struct auth_group *ag, const char *user, 270 const char *secret, const char *user2, const char *secret2) 271 { 272 struct auth *auth; 273 274 if (ag->ag_type == AG_TYPE_UNKNOWN) 275 ag->ag_type = AG_TYPE_CHAP_MUTUAL; 276 if (ag->ag_type != AG_TYPE_CHAP_MUTUAL) { 277 if (ag->ag_name != NULL) 278 log_warnx("cannot mix \"chap-mutual\" authentication " 279 "with other types for auth-group \"%s\"", 280 ag->ag_name); 281 else 282 log_warnx("cannot mix \"chap-mutual\" authentication " 283 "with other types for target \"%s\"", 284 ag->ag_target->t_name); 285 return (NULL); 286 } 287 288 auth = auth_new(ag); 289 auth->a_user = checked_strdup(user); 290 auth->a_secret = checked_strdup(secret); 291 auth->a_mutual_user = checked_strdup(user2); 292 auth->a_mutual_secret = checked_strdup(secret2); 293 294 auth_check_secret_length(auth); 295 296 return (auth); 297 } 298 299 const struct auth_name * 300 auth_name_new(struct auth_group *ag, const char *name) 301 { 302 struct auth_name *an; 303 304 an = calloc(1, sizeof(*an)); 305 if (an == NULL) 306 log_err(1, "calloc"); 307 an->an_auth_group = ag; 308 an->an_initiator_name = checked_strdup(name); 309 TAILQ_INSERT_TAIL(&ag->ag_names, an, an_next); 310 return (an); 311 } 312 313 static void 314 auth_name_delete(struct auth_name *an) 315 { 316 TAILQ_REMOVE(&an->an_auth_group->ag_names, an, an_next); 317 318 free(an->an_initiator_name); 319 free(an); 320 } 321 322 bool 323 auth_name_defined(const struct auth_group *ag) 324 { 325 if (TAILQ_EMPTY(&ag->ag_names)) 326 return (false); 327 return (true); 328 } 329 330 const struct auth_name * 331 auth_name_find(const struct auth_group *ag, const char *name) 332 { 333 const struct auth_name *auth_name; 334 335 TAILQ_FOREACH(auth_name, &ag->ag_names, an_next) { 336 if (strcmp(auth_name->an_initiator_name, name) == 0) 337 return (auth_name); 338 } 339 340 return (NULL); 341 } 342 343 int 344 auth_name_check(const struct auth_group *ag, const char *initiator_name) 345 { 346 if (!auth_name_defined(ag)) 347 return (0); 348 349 if (auth_name_find(ag, initiator_name) == NULL) 350 return (1); 351 352 return (0); 353 } 354 355 const struct auth_portal * 356 auth_portal_new(struct auth_group *ag, const char *portal) 357 { 358 struct auth_portal *ap; 359 char *net, *mask, *str, *tmp; 360 int len, dm, m; 361 362 ap = calloc(1, sizeof(*ap)); 363 if (ap == NULL) 364 log_err(1, "calloc"); 365 ap->ap_auth_group = ag; 366 ap->ap_initiator_portal = checked_strdup(portal); 367 mask = str = checked_strdup(portal); 368 net = strsep(&mask, "/"); 369 if (net[0] == '[') 370 net++; 371 len = strlen(net); 372 if (len == 0) 373 goto error; 374 if (net[len - 1] == ']') 375 net[len - 1] = 0; 376 if (strchr(net, ':') != NULL) { 377 struct sockaddr_in6 *sin6 = 378 (struct sockaddr_in6 *)&ap->ap_sa; 379 380 sin6->sin6_len = sizeof(*sin6); 381 sin6->sin6_family = AF_INET6; 382 if (inet_pton(AF_INET6, net, &sin6->sin6_addr) <= 0) 383 goto error; 384 dm = 128; 385 } else { 386 struct sockaddr_in *sin = 387 (struct sockaddr_in *)&ap->ap_sa; 388 389 sin->sin_len = sizeof(*sin); 390 sin->sin_family = AF_INET; 391 if (inet_pton(AF_INET, net, &sin->sin_addr) <= 0) 392 goto error; 393 dm = 32; 394 } 395 if (mask != NULL) { 396 m = strtol(mask, &tmp, 0); 397 if (m < 0 || m > dm || tmp[0] != 0) 398 goto error; 399 } else 400 m = dm; 401 ap->ap_mask = m; 402 free(str); 403 TAILQ_INSERT_TAIL(&ag->ag_portals, ap, ap_next); 404 return (ap); 405 406 error: 407 free(str); 408 free(ap); 409 log_warnx("incorrect initiator portal \"%s\"", portal); 410 return (NULL); 411 } 412 413 static void 414 auth_portal_delete(struct auth_portal *ap) 415 { 416 TAILQ_REMOVE(&ap->ap_auth_group->ag_portals, ap, ap_next); 417 418 free(ap->ap_initiator_portal); 419 free(ap); 420 } 421 422 bool 423 auth_portal_defined(const struct auth_group *ag) 424 { 425 if (TAILQ_EMPTY(&ag->ag_portals)) 426 return (false); 427 return (true); 428 } 429 430 const struct auth_portal * 431 auth_portal_find(const struct auth_group *ag, const struct sockaddr_storage *ss) 432 { 433 const struct auth_portal *ap; 434 const uint8_t *a, *b; 435 int i; 436 uint8_t bmask; 437 438 TAILQ_FOREACH(ap, &ag->ag_portals, ap_next) { 439 if (ap->ap_sa.ss_family != ss->ss_family) 440 continue; 441 if (ss->ss_family == AF_INET) { 442 a = (const uint8_t *) 443 &((const struct sockaddr_in *)ss)->sin_addr; 444 b = (const uint8_t *) 445 &((const struct sockaddr_in *)&ap->ap_sa)->sin_addr; 446 } else { 447 a = (const uint8_t *) 448 &((const struct sockaddr_in6 *)ss)->sin6_addr; 449 b = (const uint8_t *) 450 &((const struct sockaddr_in6 *)&ap->ap_sa)->sin6_addr; 451 } 452 for (i = 0; i < ap->ap_mask / 8; i++) { 453 if (a[i] != b[i]) 454 goto next; 455 } 456 if (ap->ap_mask % 8) { 457 bmask = 0xff << (8 - (ap->ap_mask % 8)); 458 if ((a[i] & bmask) != (b[i] & bmask)) 459 goto next; 460 } 461 return (ap); 462 next: 463 ; 464 } 465 466 return (NULL); 467 } 468 469 int 470 auth_portal_check(const struct auth_group *ag, const struct sockaddr_storage *sa) 471 { 472 473 if (!auth_portal_defined(ag)) 474 return (0); 475 476 if (auth_portal_find(ag, sa) == NULL) 477 return (1); 478 479 return (0); 480 } 481 482 struct auth_group * 483 auth_group_new(struct conf *conf, const char *name) 484 { 485 struct auth_group *ag; 486 487 if (name != NULL) { 488 ag = auth_group_find(conf, name); 489 if (ag != NULL) { 490 log_warnx("duplicated auth-group \"%s\"", name); 491 return (NULL); 492 } 493 } 494 495 ag = calloc(1, sizeof(*ag)); 496 if (ag == NULL) 497 log_err(1, "calloc"); 498 if (name != NULL) 499 ag->ag_name = checked_strdup(name); 500 TAILQ_INIT(&ag->ag_auths); 501 TAILQ_INIT(&ag->ag_names); 502 TAILQ_INIT(&ag->ag_portals); 503 ag->ag_conf = conf; 504 TAILQ_INSERT_TAIL(&conf->conf_auth_groups, ag, ag_next); 505 506 return (ag); 507 } 508 509 void 510 auth_group_delete(struct auth_group *ag) 511 { 512 struct auth *auth, *auth_tmp; 513 struct auth_name *auth_name, *auth_name_tmp; 514 struct auth_portal *auth_portal, *auth_portal_tmp; 515 516 TAILQ_REMOVE(&ag->ag_conf->conf_auth_groups, ag, ag_next); 517 518 TAILQ_FOREACH_SAFE(auth, &ag->ag_auths, a_next, auth_tmp) 519 auth_delete(auth); 520 TAILQ_FOREACH_SAFE(auth_name, &ag->ag_names, an_next, auth_name_tmp) 521 auth_name_delete(auth_name); 522 TAILQ_FOREACH_SAFE(auth_portal, &ag->ag_portals, ap_next, 523 auth_portal_tmp) 524 auth_portal_delete(auth_portal); 525 free(ag->ag_name); 526 free(ag); 527 } 528 529 struct auth_group * 530 auth_group_find(const struct conf *conf, const char *name) 531 { 532 struct auth_group *ag; 533 534 assert(name != NULL); 535 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) { 536 if (ag->ag_name != NULL && strcmp(ag->ag_name, name) == 0) 537 return (ag); 538 } 539 540 return (NULL); 541 } 542 543 int 544 auth_group_set_type(struct auth_group *ag, const char *str) 545 { 546 int type; 547 548 if (strcmp(str, "none") == 0) { 549 type = AG_TYPE_NO_AUTHENTICATION; 550 } else if (strcmp(str, "deny") == 0) { 551 type = AG_TYPE_DENY; 552 } else if (strcmp(str, "chap") == 0) { 553 type = AG_TYPE_CHAP; 554 } else if (strcmp(str, "chap-mutual") == 0) { 555 type = AG_TYPE_CHAP_MUTUAL; 556 } else { 557 if (ag->ag_name != NULL) 558 log_warnx("invalid auth-type \"%s\" for auth-group " 559 "\"%s\"", str, ag->ag_name); 560 else 561 log_warnx("invalid auth-type \"%s\" for target " 562 "\"%s\"", str, ag->ag_target->t_name); 563 return (1); 564 } 565 566 if (ag->ag_type != AG_TYPE_UNKNOWN && ag->ag_type != type) { 567 if (ag->ag_name != NULL) { 568 log_warnx("cannot set auth-type to \"%s\" for " 569 "auth-group \"%s\"; already has a different " 570 "type", str, ag->ag_name); 571 } else { 572 log_warnx("cannot set auth-type to \"%s\" for target " 573 "\"%s\"; already has a different type", 574 str, ag->ag_target->t_name); 575 } 576 return (1); 577 } 578 579 ag->ag_type = type; 580 581 return (0); 582 } 583 584 static struct portal * 585 portal_new(struct portal_group *pg) 586 { 587 struct portal *portal; 588 589 portal = calloc(1, sizeof(*portal)); 590 if (portal == NULL) 591 log_err(1, "calloc"); 592 TAILQ_INIT(&portal->p_targets); 593 portal->p_portal_group = pg; 594 TAILQ_INSERT_TAIL(&pg->pg_portals, portal, p_next); 595 return (portal); 596 } 597 598 static void 599 portal_delete(struct portal *portal) 600 { 601 602 TAILQ_REMOVE(&portal->p_portal_group->pg_portals, portal, p_next); 603 if (portal->p_ai != NULL) 604 freeaddrinfo(portal->p_ai); 605 free(portal->p_listen); 606 free(portal); 607 } 608 609 struct portal_group * 610 portal_group_new(struct conf *conf, const char *name) 611 { 612 struct portal_group *pg; 613 614 pg = portal_group_find(conf, name); 615 if (pg != NULL) { 616 log_warnx("duplicated portal-group \"%s\"", name); 617 return (NULL); 618 } 619 620 pg = calloc(1, sizeof(*pg)); 621 if (pg == NULL) 622 log_err(1, "calloc"); 623 pg->pg_name = checked_strdup(name); 624 pg->pg_options = nvlist_create(0); 625 TAILQ_INIT(&pg->pg_portals); 626 TAILQ_INIT(&pg->pg_ports); 627 pg->pg_conf = conf; 628 pg->pg_tag = 0; /* Assigned later in conf_apply(). */ 629 pg->pg_dscp = -1; 630 pg->pg_pcp = -1; 631 TAILQ_INSERT_TAIL(&conf->conf_portal_groups, pg, pg_next); 632 633 return (pg); 634 } 635 636 void 637 portal_group_delete(struct portal_group *pg) 638 { 639 struct portal *portal, *tmp; 640 struct port *port, *tport; 641 642 TAILQ_FOREACH_SAFE(port, &pg->pg_ports, p_pgs, tport) 643 port_delete(port); 644 TAILQ_REMOVE(&pg->pg_conf->conf_portal_groups, pg, pg_next); 645 646 TAILQ_FOREACH_SAFE(portal, &pg->pg_portals, p_next, tmp) 647 portal_delete(portal); 648 nvlist_destroy(pg->pg_options); 649 free(pg->pg_name); 650 free(pg->pg_offload); 651 free(pg->pg_redirection); 652 free(pg); 653 } 654 655 struct portal_group * 656 portal_group_find(const struct conf *conf, const char *name) 657 { 658 struct portal_group *pg; 659 660 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 661 if (strcmp(pg->pg_name, name) == 0) 662 return (pg); 663 } 664 665 return (NULL); 666 } 667 668 static int 669 parse_addr_port(char *arg, const char *def_port, struct addrinfo **ai) 670 { 671 struct addrinfo hints; 672 char *str, *addr, *ch; 673 const char *port; 674 int error, colons = 0; 675 676 str = arg = strdup(arg); 677 if (arg[0] == '[') { 678 /* 679 * IPv6 address in square brackets, perhaps with port. 680 */ 681 arg++; 682 addr = strsep(&arg, "]"); 683 if (arg == NULL) { 684 free(str); 685 return (1); 686 } 687 if (arg[0] == '\0') { 688 port = def_port; 689 } else if (arg[0] == ':') { 690 port = arg + 1; 691 } else { 692 free(str); 693 return (1); 694 } 695 } else { 696 /* 697 * Either IPv6 address without brackets - and without 698 * a port - or IPv4 address. Just count the colons. 699 */ 700 for (ch = arg; *ch != '\0'; ch++) { 701 if (*ch == ':') 702 colons++; 703 } 704 if (colons > 1) { 705 addr = arg; 706 port = def_port; 707 } else { 708 addr = strsep(&arg, ":"); 709 if (arg == NULL) 710 port = def_port; 711 else 712 port = arg; 713 } 714 } 715 716 memset(&hints, 0, sizeof(hints)); 717 hints.ai_family = PF_UNSPEC; 718 hints.ai_socktype = SOCK_STREAM; 719 hints.ai_flags = AI_PASSIVE; 720 error = getaddrinfo(addr, port, &hints, ai); 721 free(str); 722 return ((error != 0) ? 1 : 0); 723 } 724 725 int 726 portal_group_add_listen(struct portal_group *pg, const char *value, bool iser) 727 { 728 struct portal *portal; 729 730 portal = portal_new(pg); 731 portal->p_listen = checked_strdup(value); 732 portal->p_iser = iser; 733 734 if (parse_addr_port(portal->p_listen, "3260", &portal->p_ai)) { 735 log_warnx("invalid listen address %s", portal->p_listen); 736 portal_delete(portal); 737 return (1); 738 } 739 740 /* 741 * XXX: getaddrinfo(3) may return multiple addresses; we should turn 742 * those into multiple portals. 743 */ 744 745 return (0); 746 } 747 748 int 749 isns_new(struct conf *conf, const char *addr) 750 { 751 struct isns *isns; 752 753 isns = calloc(1, sizeof(*isns)); 754 if (isns == NULL) 755 log_err(1, "calloc"); 756 isns->i_conf = conf; 757 TAILQ_INSERT_TAIL(&conf->conf_isns, isns, i_next); 758 isns->i_addr = checked_strdup(addr); 759 760 if (parse_addr_port(isns->i_addr, "3205", &isns->i_ai)) { 761 log_warnx("invalid iSNS address %s", isns->i_addr); 762 isns_delete(isns); 763 return (1); 764 } 765 766 /* 767 * XXX: getaddrinfo(3) may return multiple addresses; we should turn 768 * those into multiple servers. 769 */ 770 771 return (0); 772 } 773 774 void 775 isns_delete(struct isns *isns) 776 { 777 778 TAILQ_REMOVE(&isns->i_conf->conf_isns, isns, i_next); 779 free(isns->i_addr); 780 if (isns->i_ai != NULL) 781 freeaddrinfo(isns->i_ai); 782 free(isns); 783 } 784 785 static int 786 isns_do_connect(struct isns *isns) 787 { 788 int s; 789 790 s = socket(isns->i_ai->ai_family, isns->i_ai->ai_socktype, 791 isns->i_ai->ai_protocol); 792 if (s < 0) { 793 log_warn("socket(2) failed for %s", isns->i_addr); 794 return (-1); 795 } 796 if (connect(s, isns->i_ai->ai_addr, isns->i_ai->ai_addrlen)) { 797 log_warn("connect(2) failed for %s", isns->i_addr); 798 close(s); 799 return (-1); 800 } 801 return(s); 802 } 803 804 static int 805 isns_do_register(struct isns *isns, int s, const char *hostname) 806 { 807 struct conf *conf = isns->i_conf; 808 struct target *target; 809 struct portal *portal; 810 struct portal_group *pg; 811 struct port *port; 812 struct isns_req *req; 813 int res = 0; 814 uint32_t error; 815 816 req = isns_req_create(ISNS_FUNC_DEVATTRREG, ISNS_FLAG_CLIENT); 817 isns_req_add_str(req, 32, TAILQ_FIRST(&conf->conf_targets)->t_name); 818 isns_req_add_delim(req); 819 isns_req_add_str(req, 1, hostname); 820 isns_req_add_32(req, 2, 2); /* 2 -- iSCSI */ 821 isns_req_add_32(req, 6, conf->conf_isns_period); 822 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 823 if (pg->pg_unassigned) 824 continue; 825 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) { 826 isns_req_add_addr(req, 16, portal->p_ai); 827 isns_req_add_port(req, 17, portal->p_ai); 828 } 829 } 830 TAILQ_FOREACH(target, &conf->conf_targets, t_next) { 831 isns_req_add_str(req, 32, target->t_name); 832 isns_req_add_32(req, 33, 1); /* 1 -- Target*/ 833 if (target->t_alias != NULL) 834 isns_req_add_str(req, 34, target->t_alias); 835 TAILQ_FOREACH(port, &target->t_ports, p_ts) { 836 if ((pg = port->p_portal_group) == NULL) 837 continue; 838 isns_req_add_32(req, 51, pg->pg_tag); 839 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) { 840 isns_req_add_addr(req, 49, portal->p_ai); 841 isns_req_add_port(req, 50, portal->p_ai); 842 } 843 } 844 } 845 res = isns_req_send(s, req); 846 if (res < 0) { 847 log_warn("send(2) failed for %s", isns->i_addr); 848 goto quit; 849 } 850 res = isns_req_receive(s, req); 851 if (res < 0) { 852 log_warn("receive(2) failed for %s", isns->i_addr); 853 goto quit; 854 } 855 error = isns_req_get_status(req); 856 if (error != 0) { 857 log_warnx("iSNS register error %d for %s", error, isns->i_addr); 858 res = -1; 859 } 860 quit: 861 isns_req_free(req); 862 return (res); 863 } 864 865 static int 866 isns_do_check(struct isns *isns, int s, const char *hostname) 867 { 868 struct conf *conf = isns->i_conf; 869 struct isns_req *req; 870 int res = 0; 871 uint32_t error; 872 873 req = isns_req_create(ISNS_FUNC_DEVATTRQRY, ISNS_FLAG_CLIENT); 874 isns_req_add_str(req, 32, TAILQ_FIRST(&conf->conf_targets)->t_name); 875 isns_req_add_str(req, 1, hostname); 876 isns_req_add_delim(req); 877 isns_req_add(req, 2, 0, NULL); 878 res = isns_req_send(s, req); 879 if (res < 0) { 880 log_warn("send(2) failed for %s", isns->i_addr); 881 goto quit; 882 } 883 res = isns_req_receive(s, req); 884 if (res < 0) { 885 log_warn("receive(2) failed for %s", isns->i_addr); 886 goto quit; 887 } 888 error = isns_req_get_status(req); 889 if (error != 0) { 890 log_warnx("iSNS check error %d for %s", error, isns->i_addr); 891 res = -1; 892 } 893 quit: 894 isns_req_free(req); 895 return (res); 896 } 897 898 static int 899 isns_do_deregister(struct isns *isns, int s, const char *hostname) 900 { 901 struct conf *conf = isns->i_conf; 902 struct isns_req *req; 903 int res = 0; 904 uint32_t error; 905 906 req = isns_req_create(ISNS_FUNC_DEVDEREG, ISNS_FLAG_CLIENT); 907 isns_req_add_str(req, 32, TAILQ_FIRST(&conf->conf_targets)->t_name); 908 isns_req_add_delim(req); 909 isns_req_add_str(req, 1, hostname); 910 res = isns_req_send(s, req); 911 if (res < 0) { 912 log_warn("send(2) failed for %s", isns->i_addr); 913 goto quit; 914 } 915 res = isns_req_receive(s, req); 916 if (res < 0) { 917 log_warn("receive(2) failed for %s", isns->i_addr); 918 goto quit; 919 } 920 error = isns_req_get_status(req); 921 if (error != 0) { 922 log_warnx("iSNS deregister error %d for %s", error, isns->i_addr); 923 res = -1; 924 } 925 quit: 926 isns_req_free(req); 927 return (res); 928 } 929 930 void 931 isns_register(struct isns *isns, struct isns *oldisns) 932 { 933 struct conf *conf = isns->i_conf; 934 int error, s; 935 char hostname[256]; 936 937 if (TAILQ_EMPTY(&conf->conf_targets) || 938 TAILQ_EMPTY(&conf->conf_portal_groups)) 939 return; 940 set_timeout(conf->conf_isns_timeout, false); 941 s = isns_do_connect(isns); 942 if (s < 0) { 943 set_timeout(0, false); 944 return; 945 } 946 error = gethostname(hostname, sizeof(hostname)); 947 if (error != 0) 948 log_err(1, "gethostname"); 949 950 if (oldisns == NULL || TAILQ_EMPTY(&oldisns->i_conf->conf_targets)) 951 oldisns = isns; 952 isns_do_deregister(oldisns, s, hostname); 953 isns_do_register(isns, s, hostname); 954 close(s); 955 set_timeout(0, false); 956 } 957 958 void 959 isns_check(struct isns *isns) 960 { 961 struct conf *conf = isns->i_conf; 962 int error, s, res; 963 char hostname[256]; 964 965 if (TAILQ_EMPTY(&conf->conf_targets) || 966 TAILQ_EMPTY(&conf->conf_portal_groups)) 967 return; 968 set_timeout(conf->conf_isns_timeout, false); 969 s = isns_do_connect(isns); 970 if (s < 0) { 971 set_timeout(0, false); 972 return; 973 } 974 error = gethostname(hostname, sizeof(hostname)); 975 if (error != 0) 976 log_err(1, "gethostname"); 977 978 res = isns_do_check(isns, s, hostname); 979 if (res < 0) { 980 isns_do_deregister(isns, s, hostname); 981 isns_do_register(isns, s, hostname); 982 } 983 close(s); 984 set_timeout(0, false); 985 } 986 987 void 988 isns_deregister(struct isns *isns) 989 { 990 struct conf *conf = isns->i_conf; 991 int error, s; 992 char hostname[256]; 993 994 if (TAILQ_EMPTY(&conf->conf_targets) || 995 TAILQ_EMPTY(&conf->conf_portal_groups)) 996 return; 997 set_timeout(conf->conf_isns_timeout, false); 998 s = isns_do_connect(isns); 999 if (s < 0) 1000 return; 1001 error = gethostname(hostname, sizeof(hostname)); 1002 if (error != 0) 1003 log_err(1, "gethostname"); 1004 1005 isns_do_deregister(isns, s, hostname); 1006 close(s); 1007 set_timeout(0, false); 1008 } 1009 1010 int 1011 portal_group_set_filter(struct portal_group *pg, const char *str) 1012 { 1013 int filter; 1014 1015 if (strcmp(str, "none") == 0) { 1016 filter = PG_FILTER_NONE; 1017 } else if (strcmp(str, "portal") == 0) { 1018 filter = PG_FILTER_PORTAL; 1019 } else if (strcmp(str, "portal-name") == 0) { 1020 filter = PG_FILTER_PORTAL_NAME; 1021 } else if (strcmp(str, "portal-name-auth") == 0) { 1022 filter = PG_FILTER_PORTAL_NAME_AUTH; 1023 } else { 1024 log_warnx("invalid discovery-filter \"%s\" for portal-group " 1025 "\"%s\"; valid values are \"none\", \"portal\", " 1026 "\"portal-name\", and \"portal-name-auth\"", 1027 str, pg->pg_name); 1028 return (1); 1029 } 1030 1031 if (pg->pg_discovery_filter != PG_FILTER_UNKNOWN && 1032 pg->pg_discovery_filter != filter) { 1033 log_warnx("cannot set discovery-filter to \"%s\" for " 1034 "portal-group \"%s\"; already has a different " 1035 "value", str, pg->pg_name); 1036 return (1); 1037 } 1038 1039 pg->pg_discovery_filter = filter; 1040 1041 return (0); 1042 } 1043 1044 int 1045 portal_group_set_offload(struct portal_group *pg, const char *offload) 1046 { 1047 1048 if (pg->pg_offload != NULL) { 1049 log_warnx("cannot set offload to \"%s\" for " 1050 "portal-group \"%s\"; already defined", 1051 offload, pg->pg_name); 1052 return (1); 1053 } 1054 1055 pg->pg_offload = checked_strdup(offload); 1056 1057 return (0); 1058 } 1059 1060 int 1061 portal_group_set_redirection(struct portal_group *pg, const char *addr) 1062 { 1063 1064 if (pg->pg_redirection != NULL) { 1065 log_warnx("cannot set redirection to \"%s\" for " 1066 "portal-group \"%s\"; already defined", 1067 addr, pg->pg_name); 1068 return (1); 1069 } 1070 1071 pg->pg_redirection = checked_strdup(addr); 1072 1073 return (0); 1074 } 1075 1076 struct pport * 1077 pport_new(struct kports *kports, const char *name, uint32_t ctl_port) 1078 { 1079 struct pport *pp; 1080 1081 pp = calloc(1, sizeof(*pp)); 1082 if (pp == NULL) 1083 log_err(1, "calloc"); 1084 pp->pp_kports = kports; 1085 pp->pp_name = checked_strdup(name); 1086 pp->pp_ctl_port = ctl_port; 1087 TAILQ_INIT(&pp->pp_ports); 1088 TAILQ_INSERT_TAIL(&kports->pports, pp, pp_next); 1089 return (pp); 1090 } 1091 1092 struct pport * 1093 pport_find(const struct kports *kports, const char *name) 1094 { 1095 struct pport *pp; 1096 1097 TAILQ_FOREACH(pp, &kports->pports, pp_next) { 1098 if (strcasecmp(pp->pp_name, name) == 0) 1099 return (pp); 1100 } 1101 return (NULL); 1102 } 1103 1104 struct pport * 1105 pport_copy(struct pport *pp, struct kports *kports) 1106 { 1107 struct pport *ppnew; 1108 1109 ppnew = pport_new(kports, pp->pp_name, pp->pp_ctl_port); 1110 return (ppnew); 1111 } 1112 1113 void 1114 pport_delete(struct pport *pp) 1115 { 1116 struct port *port, *tport; 1117 1118 TAILQ_FOREACH_SAFE(port, &pp->pp_ports, p_ts, tport) 1119 port_delete(port); 1120 TAILQ_REMOVE(&pp->pp_kports->pports, pp, pp_next); 1121 free(pp->pp_name); 1122 free(pp); 1123 } 1124 1125 struct port * 1126 port_new(struct conf *conf, struct target *target, struct portal_group *pg) 1127 { 1128 struct port *port; 1129 char *name; 1130 int ret; 1131 1132 ret = asprintf(&name, "%s-%s", pg->pg_name, target->t_name); 1133 if (ret <= 0) 1134 log_err(1, "asprintf"); 1135 if (port_find(conf, name) != NULL) { 1136 log_warnx("duplicate port \"%s\"", name); 1137 free(name); 1138 return (NULL); 1139 } 1140 port = calloc(1, sizeof(*port)); 1141 if (port == NULL) 1142 log_err(1, "calloc"); 1143 port->p_conf = conf; 1144 port->p_name = name; 1145 port->p_ioctl_port = 0; 1146 TAILQ_INSERT_TAIL(&conf->conf_ports, port, p_next); 1147 TAILQ_INSERT_TAIL(&target->t_ports, port, p_ts); 1148 port->p_target = target; 1149 TAILQ_INSERT_TAIL(&pg->pg_ports, port, p_pgs); 1150 port->p_portal_group = pg; 1151 return (port); 1152 } 1153 1154 struct port * 1155 port_new_ioctl(struct conf *conf, struct kports *kports, struct target *target, 1156 int pp, int vp) 1157 { 1158 struct pport *pport; 1159 struct port *port; 1160 char *pname; 1161 char *name; 1162 int ret; 1163 1164 ret = asprintf(&pname, "ioctl/%d/%d", pp, vp); 1165 if (ret <= 0) { 1166 log_err(1, "asprintf"); 1167 return (NULL); 1168 } 1169 1170 pport = pport_find(kports, pname); 1171 if (pport != NULL) { 1172 free(pname); 1173 return (port_new_pp(conf, target, pport)); 1174 } 1175 1176 ret = asprintf(&name, "%s-%s", pname, target->t_name); 1177 free(pname); 1178 1179 if (ret <= 0) 1180 log_err(1, "asprintf"); 1181 if (port_find(conf, name) != NULL) { 1182 log_warnx("duplicate port \"%s\"", name); 1183 free(name); 1184 return (NULL); 1185 } 1186 port = calloc(1, sizeof(*port)); 1187 if (port == NULL) 1188 log_err(1, "calloc"); 1189 port->p_conf = conf; 1190 port->p_name = name; 1191 port->p_ioctl_port = 1; 1192 port->p_ioctl_pp = pp; 1193 port->p_ioctl_vp = vp; 1194 TAILQ_INSERT_TAIL(&conf->conf_ports, port, p_next); 1195 TAILQ_INSERT_TAIL(&target->t_ports, port, p_ts); 1196 port->p_target = target; 1197 return (port); 1198 } 1199 1200 struct port * 1201 port_new_pp(struct conf *conf, struct target *target, struct pport *pp) 1202 { 1203 struct port *port; 1204 char *name; 1205 int ret; 1206 1207 ret = asprintf(&name, "%s-%s", pp->pp_name, target->t_name); 1208 if (ret <= 0) 1209 log_err(1, "asprintf"); 1210 if (port_find(conf, name) != NULL) { 1211 log_warnx("duplicate port \"%s\"", name); 1212 free(name); 1213 return (NULL); 1214 } 1215 port = calloc(1, sizeof(*port)); 1216 if (port == NULL) 1217 log_err(1, "calloc"); 1218 port->p_conf = conf; 1219 port->p_name = name; 1220 TAILQ_INSERT_TAIL(&conf->conf_ports, port, p_next); 1221 TAILQ_INSERT_TAIL(&target->t_ports, port, p_ts); 1222 port->p_target = target; 1223 TAILQ_INSERT_TAIL(&pp->pp_ports, port, p_pps); 1224 port->p_pport = pp; 1225 return (port); 1226 } 1227 1228 struct port * 1229 port_find(const struct conf *conf, const char *name) 1230 { 1231 struct port *port; 1232 1233 TAILQ_FOREACH(port, &conf->conf_ports, p_next) { 1234 if (strcasecmp(port->p_name, name) == 0) 1235 return (port); 1236 } 1237 1238 return (NULL); 1239 } 1240 1241 struct port * 1242 port_find_in_pg(const struct portal_group *pg, const char *target) 1243 { 1244 struct port *port; 1245 1246 TAILQ_FOREACH(port, &pg->pg_ports, p_pgs) { 1247 if (strcasecmp(port->p_target->t_name, target) == 0) 1248 return (port); 1249 } 1250 1251 return (NULL); 1252 } 1253 1254 void 1255 port_delete(struct port *port) 1256 { 1257 1258 if (port->p_portal_group) 1259 TAILQ_REMOVE(&port->p_portal_group->pg_ports, port, p_pgs); 1260 if (port->p_pport) 1261 TAILQ_REMOVE(&port->p_pport->pp_ports, port, p_pps); 1262 if (port->p_target) 1263 TAILQ_REMOVE(&port->p_target->t_ports, port, p_ts); 1264 TAILQ_REMOVE(&port->p_conf->conf_ports, port, p_next); 1265 free(port->p_name); 1266 free(port); 1267 } 1268 1269 int 1270 port_is_dummy(struct port *port) 1271 { 1272 1273 if (port->p_portal_group) { 1274 if (port->p_portal_group->pg_foreign) 1275 return (1); 1276 if (TAILQ_EMPTY(&port->p_portal_group->pg_portals)) 1277 return (1); 1278 } 1279 return (0); 1280 } 1281 1282 struct target * 1283 target_new(struct conf *conf, const char *name) 1284 { 1285 struct target *targ; 1286 int i, len; 1287 1288 targ = target_find(conf, name); 1289 if (targ != NULL) { 1290 log_warnx("duplicated target \"%s\"", name); 1291 return (NULL); 1292 } 1293 if (valid_iscsi_name(name, log_warnx) == false) { 1294 return (NULL); 1295 } 1296 targ = calloc(1, sizeof(*targ)); 1297 if (targ == NULL) 1298 log_err(1, "calloc"); 1299 targ->t_name = checked_strdup(name); 1300 1301 /* 1302 * RFC 3722 requires us to normalize the name to lowercase. 1303 */ 1304 len = strlen(name); 1305 for (i = 0; i < len; i++) 1306 targ->t_name[i] = tolower(targ->t_name[i]); 1307 1308 targ->t_conf = conf; 1309 TAILQ_INIT(&targ->t_ports); 1310 TAILQ_INSERT_TAIL(&conf->conf_targets, targ, t_next); 1311 1312 return (targ); 1313 } 1314 1315 void 1316 target_delete(struct target *targ) 1317 { 1318 struct port *port, *tport; 1319 1320 TAILQ_FOREACH_SAFE(port, &targ->t_ports, p_ts, tport) 1321 port_delete(port); 1322 TAILQ_REMOVE(&targ->t_conf->conf_targets, targ, t_next); 1323 1324 free(targ->t_pport); 1325 free(targ->t_name); 1326 free(targ->t_redirection); 1327 free(targ); 1328 } 1329 1330 struct target * 1331 target_find(struct conf *conf, const char *name) 1332 { 1333 struct target *targ; 1334 1335 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 1336 if (strcasecmp(targ->t_name, name) == 0) 1337 return (targ); 1338 } 1339 1340 return (NULL); 1341 } 1342 1343 int 1344 target_set_redirection(struct target *target, const char *addr) 1345 { 1346 1347 if (target->t_redirection != NULL) { 1348 log_warnx("cannot set redirection to \"%s\" for " 1349 "target \"%s\"; already defined", 1350 addr, target->t_name); 1351 return (1); 1352 } 1353 1354 target->t_redirection = checked_strdup(addr); 1355 1356 return (0); 1357 } 1358 1359 struct lun * 1360 lun_new(struct conf *conf, const char *name) 1361 { 1362 struct lun *lun; 1363 1364 lun = lun_find(conf, name); 1365 if (lun != NULL) { 1366 log_warnx("duplicated lun \"%s\"", name); 1367 return (NULL); 1368 } 1369 1370 lun = calloc(1, sizeof(*lun)); 1371 if (lun == NULL) 1372 log_err(1, "calloc"); 1373 lun->l_conf = conf; 1374 lun->l_name = checked_strdup(name); 1375 lun->l_options = nvlist_create(0); 1376 TAILQ_INSERT_TAIL(&conf->conf_luns, lun, l_next); 1377 lun->l_ctl_lun = -1; 1378 1379 return (lun); 1380 } 1381 1382 void 1383 lun_delete(struct lun *lun) 1384 { 1385 struct target *targ; 1386 int i; 1387 1388 TAILQ_FOREACH(targ, &lun->l_conf->conf_targets, t_next) { 1389 for (i = 0; i < MAX_LUNS; i++) { 1390 if (targ->t_luns[i] == lun) 1391 targ->t_luns[i] = NULL; 1392 } 1393 } 1394 TAILQ_REMOVE(&lun->l_conf->conf_luns, lun, l_next); 1395 1396 nvlist_destroy(lun->l_options); 1397 free(lun->l_name); 1398 free(lun->l_backend); 1399 free(lun->l_device_id); 1400 free(lun->l_path); 1401 free(lun->l_scsiname); 1402 free(lun->l_serial); 1403 free(lun); 1404 } 1405 1406 struct lun * 1407 lun_find(const struct conf *conf, const char *name) 1408 { 1409 struct lun *lun; 1410 1411 TAILQ_FOREACH(lun, &conf->conf_luns, l_next) { 1412 if (strcmp(lun->l_name, name) == 0) 1413 return (lun); 1414 } 1415 1416 return (NULL); 1417 } 1418 1419 void 1420 lun_set_backend(struct lun *lun, const char *value) 1421 { 1422 free(lun->l_backend); 1423 lun->l_backend = checked_strdup(value); 1424 } 1425 1426 void 1427 lun_set_blocksize(struct lun *lun, size_t value) 1428 { 1429 1430 lun->l_blocksize = value; 1431 } 1432 1433 void 1434 lun_set_device_type(struct lun *lun, uint8_t value) 1435 { 1436 1437 lun->l_device_type = value; 1438 } 1439 1440 void 1441 lun_set_device_id(struct lun *lun, const char *value) 1442 { 1443 free(lun->l_device_id); 1444 lun->l_device_id = checked_strdup(value); 1445 } 1446 1447 void 1448 lun_set_path(struct lun *lun, const char *value) 1449 { 1450 free(lun->l_path); 1451 lun->l_path = checked_strdup(value); 1452 } 1453 1454 void 1455 lun_set_scsiname(struct lun *lun, const char *value) 1456 { 1457 free(lun->l_scsiname); 1458 lun->l_scsiname = checked_strdup(value); 1459 } 1460 1461 void 1462 lun_set_serial(struct lun *lun, const char *value) 1463 { 1464 free(lun->l_serial); 1465 lun->l_serial = checked_strdup(value); 1466 } 1467 1468 void 1469 lun_set_size(struct lun *lun, int64_t value) 1470 { 1471 1472 lun->l_size = value; 1473 } 1474 1475 void 1476 lun_set_ctl_lun(struct lun *lun, uint32_t value) 1477 { 1478 1479 lun->l_ctl_lun = value; 1480 } 1481 1482 bool 1483 option_new(nvlist_t *nvl, const char *name, const char *value) 1484 { 1485 int error; 1486 1487 if (nvlist_exists_string(nvl, name)) { 1488 log_warnx("duplicated option \"%s\"", name); 1489 return (false); 1490 } 1491 1492 nvlist_add_string(nvl, name, value); 1493 error = nvlist_error(nvl); 1494 if (error != 0) { 1495 log_warnc(error, "failed to add option \"%s\"", name); 1496 return (false); 1497 } 1498 return (true); 1499 } 1500 1501 #ifdef ICL_KERNEL_PROXY 1502 1503 static void 1504 pdu_receive_proxy(struct pdu *pdu) 1505 { 1506 struct connection *conn; 1507 size_t len; 1508 1509 assert(proxy_mode); 1510 conn = pdu->pdu_connection; 1511 1512 kernel_receive(pdu); 1513 1514 len = pdu_ahs_length(pdu); 1515 if (len > 0) 1516 log_errx(1, "protocol error: non-empty AHS"); 1517 1518 len = pdu_data_segment_length(pdu); 1519 assert(len <= (size_t)conn->conn_max_recv_data_segment_length); 1520 pdu->pdu_data_len = len; 1521 } 1522 1523 static void 1524 pdu_send_proxy(struct pdu *pdu) 1525 { 1526 1527 assert(proxy_mode); 1528 1529 pdu_set_data_segment_length(pdu, pdu->pdu_data_len); 1530 kernel_send(pdu); 1531 } 1532 1533 #endif /* ICL_KERNEL_PROXY */ 1534 1535 static void 1536 pdu_fail(const struct connection *conn __unused, const char *reason __unused) 1537 { 1538 } 1539 1540 static struct ctld_connection * 1541 connection_new(struct portal *portal, int fd, const char *host, 1542 const struct sockaddr *client_sa) 1543 { 1544 struct ctld_connection *conn; 1545 1546 conn = calloc(1, sizeof(*conn)); 1547 if (conn == NULL) 1548 log_err(1, "calloc"); 1549 connection_init(&conn->conn, &conn_ops, proxy_mode); 1550 conn->conn.conn_socket = fd; 1551 conn->conn_portal = portal; 1552 conn->conn_initiator_addr = checked_strdup(host); 1553 memcpy(&conn->conn_initiator_sa, client_sa, client_sa->sa_len); 1554 1555 return (conn); 1556 } 1557 1558 #if 0 1559 static void 1560 options_print(const char *prefix, nvlist_t *nvl) 1561 { 1562 const char *name; 1563 void *cookie; 1564 1565 cookie = NULL; 1566 while ((name = nvlist_next(nvl, NULL, &cookie)) != NULL) { 1567 fprintf(stderr, "%soption %s %s\n", prefix, name, 1568 nvlist_get_string(nvl, name)); 1569 } 1570 } 1571 1572 static void 1573 conf_print(struct conf *conf) 1574 { 1575 struct auth_group *ag; 1576 struct auth *auth; 1577 struct auth_name *auth_name; 1578 struct auth_portal *auth_portal; 1579 struct portal_group *pg; 1580 struct portal *portal; 1581 struct target *targ; 1582 struct lun *lun; 1583 1584 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) { 1585 fprintf(stderr, "auth-group %s {\n", ag->ag_name); 1586 TAILQ_FOREACH(auth, &ag->ag_auths, a_next) 1587 fprintf(stderr, "\t chap-mutual %s %s %s %s\n", 1588 auth->a_user, auth->a_secret, 1589 auth->a_mutual_user, auth->a_mutual_secret); 1590 TAILQ_FOREACH(auth_name, &ag->ag_names, an_next) 1591 fprintf(stderr, "\t initiator-name %s\n", 1592 auth_name->an_initiator_name); 1593 TAILQ_FOREACH(auth_portal, &ag->ag_portals, ap_next) 1594 fprintf(stderr, "\t initiator-portal %s\n", 1595 auth_portal->ap_initiator_portal); 1596 fprintf(stderr, "}\n"); 1597 } 1598 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 1599 fprintf(stderr, "portal-group %s {\n", pg->pg_name); 1600 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) 1601 fprintf(stderr, "\t listen %s\n", portal->p_listen); 1602 options_print("\t", pg->pg_options); 1603 fprintf(stderr, "}\n"); 1604 } 1605 TAILQ_FOREACH(lun, &conf->conf_luns, l_next) { 1606 fprintf(stderr, "\tlun %s {\n", lun->l_name); 1607 fprintf(stderr, "\t\tpath %s\n", lun->l_path); 1608 options_print("\t\t", lun->l_options); 1609 fprintf(stderr, "\t}\n"); 1610 } 1611 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 1612 fprintf(stderr, "target %s {\n", targ->t_name); 1613 if (targ->t_alias != NULL) 1614 fprintf(stderr, "\t alias %s\n", targ->t_alias); 1615 fprintf(stderr, "}\n"); 1616 } 1617 } 1618 #endif 1619 1620 static int 1621 conf_verify_lun(struct lun *lun) 1622 { 1623 const struct lun *lun2; 1624 1625 if (lun->l_backend == NULL) 1626 lun_set_backend(lun, "block"); 1627 if (strcmp(lun->l_backend, "block") == 0) { 1628 if (lun->l_path == NULL) { 1629 log_warnx("missing path for lun \"%s\"", 1630 lun->l_name); 1631 return (1); 1632 } 1633 } else if (strcmp(lun->l_backend, "ramdisk") == 0) { 1634 if (lun->l_size == 0) { 1635 log_warnx("missing size for ramdisk-backed lun \"%s\"", 1636 lun->l_name); 1637 return (1); 1638 } 1639 if (lun->l_path != NULL) { 1640 log_warnx("path must not be specified " 1641 "for ramdisk-backed lun \"%s\"", 1642 lun->l_name); 1643 return (1); 1644 } 1645 } 1646 if (lun->l_blocksize == 0) { 1647 if (lun->l_device_type == 5) 1648 lun_set_blocksize(lun, DEFAULT_CD_BLOCKSIZE); 1649 else 1650 lun_set_blocksize(lun, DEFAULT_BLOCKSIZE); 1651 } else if (lun->l_blocksize < 0) { 1652 log_warnx("invalid blocksize for lun \"%s\"; " 1653 "must be larger than 0", lun->l_name); 1654 return (1); 1655 } 1656 if (lun->l_size != 0 && lun->l_size % lun->l_blocksize != 0) { 1657 log_warnx("invalid size for lun \"%s\"; " 1658 "must be multiple of blocksize", lun->l_name); 1659 return (1); 1660 } 1661 TAILQ_FOREACH(lun2, &lun->l_conf->conf_luns, l_next) { 1662 if (lun == lun2) 1663 continue; 1664 if (lun->l_path != NULL && lun2->l_path != NULL && 1665 strcmp(lun->l_path, lun2->l_path) == 0) { 1666 log_debugx("WARNING: path \"%s\" duplicated " 1667 "between lun \"%s\", and " 1668 "lun \"%s\"", lun->l_path, 1669 lun->l_name, lun2->l_name); 1670 } 1671 } 1672 1673 return (0); 1674 } 1675 1676 int 1677 conf_verify(struct conf *conf) 1678 { 1679 struct auth_group *ag; 1680 struct portal_group *pg; 1681 struct port *port; 1682 struct target *targ; 1683 struct lun *lun; 1684 bool found; 1685 int error, i; 1686 1687 if (conf->conf_pidfile_path == NULL) 1688 conf->conf_pidfile_path = checked_strdup(DEFAULT_PIDFILE); 1689 1690 TAILQ_FOREACH(lun, &conf->conf_luns, l_next) { 1691 error = conf_verify_lun(lun); 1692 if (error != 0) 1693 return (error); 1694 } 1695 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 1696 if (targ->t_auth_group == NULL) { 1697 targ->t_auth_group = auth_group_find(conf, 1698 "default"); 1699 assert(targ->t_auth_group != NULL); 1700 } 1701 if (TAILQ_EMPTY(&targ->t_ports)) { 1702 pg = portal_group_find(conf, "default"); 1703 assert(pg != NULL); 1704 port_new(conf, targ, pg); 1705 } 1706 found = false; 1707 for (i = 0; i < MAX_LUNS; i++) { 1708 if (targ->t_luns[i] != NULL) 1709 found = true; 1710 } 1711 if (!found && targ->t_redirection == NULL) { 1712 log_warnx("no LUNs defined for target \"%s\"", 1713 targ->t_name); 1714 } 1715 if (found && targ->t_redirection != NULL) { 1716 log_debugx("target \"%s\" contains luns, " 1717 " but configured for redirection", 1718 targ->t_name); 1719 } 1720 } 1721 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 1722 assert(pg->pg_name != NULL); 1723 if (pg->pg_discovery_auth_group == NULL) { 1724 pg->pg_discovery_auth_group = 1725 auth_group_find(conf, "default"); 1726 assert(pg->pg_discovery_auth_group != NULL); 1727 } 1728 1729 if (pg->pg_discovery_filter == PG_FILTER_UNKNOWN) 1730 pg->pg_discovery_filter = PG_FILTER_NONE; 1731 1732 if (pg->pg_redirection != NULL) { 1733 if (!TAILQ_EMPTY(&pg->pg_ports)) { 1734 log_debugx("portal-group \"%s\" assigned " 1735 "to target, but configured " 1736 "for redirection", 1737 pg->pg_name); 1738 } 1739 pg->pg_unassigned = false; 1740 } else if (!TAILQ_EMPTY(&pg->pg_ports)) { 1741 pg->pg_unassigned = false; 1742 } else { 1743 if (strcmp(pg->pg_name, "default") != 0) 1744 log_warnx("portal-group \"%s\" not assigned " 1745 "to any target", pg->pg_name); 1746 pg->pg_unassigned = true; 1747 } 1748 } 1749 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) { 1750 if (ag->ag_name == NULL) 1751 assert(ag->ag_target != NULL); 1752 else 1753 assert(ag->ag_target == NULL); 1754 1755 found = false; 1756 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 1757 if (targ->t_auth_group == ag) { 1758 found = true; 1759 break; 1760 } 1761 } 1762 TAILQ_FOREACH(port, &conf->conf_ports, p_next) { 1763 if (port->p_auth_group == ag) { 1764 found = true; 1765 break; 1766 } 1767 } 1768 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 1769 if (pg->pg_discovery_auth_group == ag) { 1770 found = true; 1771 break; 1772 } 1773 } 1774 if (!found && ag->ag_name != NULL && 1775 strcmp(ag->ag_name, "default") != 0 && 1776 strcmp(ag->ag_name, "no-authentication") != 0 && 1777 strcmp(ag->ag_name, "no-access") != 0) { 1778 log_warnx("auth-group \"%s\" not assigned " 1779 "to any target", ag->ag_name); 1780 } 1781 } 1782 1783 return (0); 1784 } 1785 1786 static bool 1787 portal_reuse_socket(struct portal *oldp, struct portal *newp) 1788 { 1789 struct kevent kev; 1790 1791 if (strcmp(newp->p_listen, oldp->p_listen) != 0) 1792 return (false); 1793 1794 if (oldp->p_socket <= 0) 1795 return (false); 1796 1797 EV_SET(&kev, oldp->p_socket, EVFILT_READ, EV_ADD, 0, 0, newp); 1798 if (kevent(kqfd, &kev, 1, NULL, 0, NULL) == -1) 1799 return (false); 1800 1801 newp->p_socket = oldp->p_socket; 1802 oldp->p_socket = 0; 1803 return (true); 1804 } 1805 1806 static bool 1807 portal_init_socket(struct portal *p) 1808 { 1809 struct portal_group *pg = p->p_portal_group; 1810 struct kevent kev; 1811 int error, sockbuf; 1812 int one = 1; 1813 1814 log_debugx("listening on %s, portal-group \"%s\"", 1815 p->p_listen, pg->pg_name); 1816 p->p_socket = socket(p->p_ai->ai_family, p->p_ai->ai_socktype, 1817 p->p_ai->ai_protocol); 1818 if (p->p_socket < 0) { 1819 log_warn("socket(2) failed for %s", 1820 p->p_listen); 1821 return (false); 1822 } 1823 1824 sockbuf = SOCKBUF_SIZE; 1825 if (setsockopt(p->p_socket, SOL_SOCKET, SO_RCVBUF, &sockbuf, 1826 sizeof(sockbuf)) == -1) 1827 log_warn("setsockopt(SO_RCVBUF) failed for %s", 1828 p->p_listen); 1829 sockbuf = SOCKBUF_SIZE; 1830 if (setsockopt(p->p_socket, SOL_SOCKET, SO_SNDBUF, &sockbuf, 1831 sizeof(sockbuf)) == -1) 1832 log_warn("setsockopt(SO_SNDBUF) failed for %s", p->p_listen); 1833 if (setsockopt(p->p_socket, SOL_SOCKET, SO_NO_DDP, &one, 1834 sizeof(one)) == -1) 1835 log_warn("setsockopt(SO_NO_DDP) failed for %s", p->p_listen); 1836 error = setsockopt(p->p_socket, SOL_SOCKET, SO_REUSEADDR, &one, 1837 sizeof(one)); 1838 if (error != 0) { 1839 log_warn("setsockopt(SO_REUSEADDR) failed for %s", p->p_listen); 1840 close(p->p_socket); 1841 p->p_socket = 0; 1842 return (false); 1843 } 1844 1845 if (pg->pg_dscp != -1) { 1846 /* Only allow the 6-bit DSCP field to be modified */ 1847 int tos = pg->pg_dscp << 2; 1848 switch (p->p_ai->ai_family) { 1849 case AF_INET: 1850 if (setsockopt(p->p_socket, IPPROTO_IP, IP_TOS, 1851 &tos, sizeof(tos)) == -1) 1852 log_warn("setsockopt(IP_TOS) failed for %s", 1853 p->p_listen); 1854 break; 1855 case AF_INET6: 1856 if (setsockopt(p->p_socket, IPPROTO_IPV6, IPV6_TCLASS, 1857 &tos, sizeof(tos)) == -1) 1858 log_warn("setsockopt(IPV6_TCLASS) failed for %s", 1859 p->p_listen); 1860 break; 1861 } 1862 } 1863 if (pg->pg_pcp != -1) { 1864 int pcp = pg->pg_pcp; 1865 switch (p->p_ai->ai_family) { 1866 case AF_INET: 1867 if (setsockopt(p->p_socket, IPPROTO_IP, IP_VLAN_PCP, 1868 &pcp, sizeof(pcp)) == -1) 1869 log_warn("setsockopt(IP_VLAN_PCP) failed for %s", 1870 p->p_listen); 1871 break; 1872 case AF_INET6: 1873 if (setsockopt(p->p_socket, IPPROTO_IPV6, IPV6_VLAN_PCP, 1874 &pcp, sizeof(pcp)) == -1) 1875 log_warn("setsockopt(IPV6_VLAN_PCP) failed for %s", 1876 p->p_listen); 1877 break; 1878 } 1879 } 1880 1881 error = bind(p->p_socket, p->p_ai->ai_addr, 1882 p->p_ai->ai_addrlen); 1883 if (error != 0) { 1884 log_warn("bind(2) failed for %s", p->p_listen); 1885 close(p->p_socket); 1886 p->p_socket = 0; 1887 return (false); 1888 } 1889 error = listen(p->p_socket, -1); 1890 if (error != 0) { 1891 log_warn("listen(2) failed for %s", p->p_listen); 1892 close(p->p_socket); 1893 p->p_socket = 0; 1894 return (false); 1895 } 1896 EV_SET(&kev, p->p_socket, EVFILT_READ, EV_ADD, 0, 0, p); 1897 error = kevent(kqfd, &kev, 1, NULL, 0, NULL); 1898 if (error == -1) { 1899 log_warn("kevent(2) failed to register for %s", p->p_listen); 1900 close(p->p_socket); 1901 p->p_socket = 0; 1902 return (false); 1903 } 1904 return (true); 1905 } 1906 1907 static int 1908 conf_apply(struct conf *oldconf, struct conf *newconf) 1909 { 1910 struct lun *oldlun, *newlun, *tmplun; 1911 struct portal_group *oldpg, *newpg; 1912 struct portal *oldp, *newp; 1913 struct port *oldport, *newport, *tmpport; 1914 struct isns *oldns, *newns; 1915 int changed, cumulated_error = 0, error; 1916 1917 if (oldconf->conf_debug != newconf->conf_debug) { 1918 log_debugx("changing debug level to %d", newconf->conf_debug); 1919 log_init(newconf->conf_debug); 1920 } 1921 1922 if (oldconf->conf_pidfile_path != NULL && 1923 newconf->conf_pidfile_path != NULL) 1924 { 1925 if (strcmp(oldconf->conf_pidfile_path, 1926 newconf->conf_pidfile_path) != 0) 1927 { 1928 /* pidfile has changed. rename it */ 1929 log_debugx("moving pidfile to %s", 1930 newconf->conf_pidfile_path); 1931 if (rename(oldconf->conf_pidfile_path, 1932 newconf->conf_pidfile_path)) 1933 { 1934 log_err(1, "renaming pidfile %s -> %s", 1935 oldconf->conf_pidfile_path, 1936 newconf->conf_pidfile_path); 1937 } 1938 } 1939 newconf->conf_pidfh = oldconf->conf_pidfh; 1940 oldconf->conf_pidfh = NULL; 1941 } 1942 1943 /* 1944 * Go through the new portal groups, assigning tags or preserving old. 1945 */ 1946 TAILQ_FOREACH(newpg, &newconf->conf_portal_groups, pg_next) { 1947 if (newpg->pg_tag != 0) 1948 continue; 1949 oldpg = portal_group_find(oldconf, newpg->pg_name); 1950 if (oldpg != NULL) 1951 newpg->pg_tag = oldpg->pg_tag; 1952 else 1953 newpg->pg_tag = ++last_portal_group_tag; 1954 } 1955 1956 /* Deregister on removed iSNS servers. */ 1957 TAILQ_FOREACH(oldns, &oldconf->conf_isns, i_next) { 1958 TAILQ_FOREACH(newns, &newconf->conf_isns, i_next) { 1959 if (strcmp(oldns->i_addr, newns->i_addr) == 0) 1960 break; 1961 } 1962 if (newns == NULL) 1963 isns_deregister(oldns); 1964 } 1965 1966 /* 1967 * XXX: If target or lun removal fails, we should somehow "move" 1968 * the old lun or target into newconf, so that subsequent 1969 * conf_apply() would try to remove them again. That would 1970 * be somewhat hairy, though, and lun deletion failures don't 1971 * really happen, so leave it as it is for now. 1972 */ 1973 /* 1974 * First, remove any ports present in the old configuration 1975 * and missing in the new one. 1976 */ 1977 TAILQ_FOREACH_SAFE(oldport, &oldconf->conf_ports, p_next, tmpport) { 1978 if (port_is_dummy(oldport)) 1979 continue; 1980 newport = port_find(newconf, oldport->p_name); 1981 if (newport != NULL && !port_is_dummy(newport)) 1982 continue; 1983 log_debugx("removing port \"%s\"", oldport->p_name); 1984 error = kernel_port_remove(oldport); 1985 if (error != 0) { 1986 log_warnx("failed to remove port %s", 1987 oldport->p_name); 1988 /* 1989 * XXX: Uncomment after fixing the root cause. 1990 * 1991 * cumulated_error++; 1992 */ 1993 } 1994 } 1995 1996 /* 1997 * Second, remove any LUNs present in the old configuration 1998 * and missing in the new one. 1999 */ 2000 TAILQ_FOREACH_SAFE(oldlun, &oldconf->conf_luns, l_next, tmplun) { 2001 newlun = lun_find(newconf, oldlun->l_name); 2002 if (newlun == NULL) { 2003 log_debugx("lun \"%s\", CTL lun %d " 2004 "not found in new configuration; " 2005 "removing", oldlun->l_name, oldlun->l_ctl_lun); 2006 error = kernel_lun_remove(oldlun); 2007 if (error != 0) { 2008 log_warnx("failed to remove lun \"%s\", " 2009 "CTL lun %d", 2010 oldlun->l_name, oldlun->l_ctl_lun); 2011 cumulated_error++; 2012 } 2013 continue; 2014 } 2015 2016 /* 2017 * Also remove the LUNs changed by more than size. 2018 */ 2019 changed = 0; 2020 assert(oldlun->l_backend != NULL); 2021 assert(newlun->l_backend != NULL); 2022 if (strcmp(newlun->l_backend, oldlun->l_backend) != 0) { 2023 log_debugx("backend for lun \"%s\", " 2024 "CTL lun %d changed; removing", 2025 oldlun->l_name, oldlun->l_ctl_lun); 2026 changed = 1; 2027 } 2028 if (oldlun->l_blocksize != newlun->l_blocksize) { 2029 log_debugx("blocksize for lun \"%s\", " 2030 "CTL lun %d changed; removing", 2031 oldlun->l_name, oldlun->l_ctl_lun); 2032 changed = 1; 2033 } 2034 if (newlun->l_device_id != NULL && 2035 (oldlun->l_device_id == NULL || 2036 strcmp(oldlun->l_device_id, newlun->l_device_id) != 2037 0)) { 2038 log_debugx("device-id for lun \"%s\", " 2039 "CTL lun %d changed; removing", 2040 oldlun->l_name, oldlun->l_ctl_lun); 2041 changed = 1; 2042 } 2043 if (newlun->l_path != NULL && 2044 (oldlun->l_path == NULL || 2045 strcmp(oldlun->l_path, newlun->l_path) != 0)) { 2046 log_debugx("path for lun \"%s\", " 2047 "CTL lun %d, changed; removing", 2048 oldlun->l_name, oldlun->l_ctl_lun); 2049 changed = 1; 2050 } 2051 if (newlun->l_serial != NULL && 2052 (oldlun->l_serial == NULL || 2053 strcmp(oldlun->l_serial, newlun->l_serial) != 0)) { 2054 log_debugx("serial for lun \"%s\", " 2055 "CTL lun %d changed; removing", 2056 oldlun->l_name, oldlun->l_ctl_lun); 2057 changed = 1; 2058 } 2059 if (changed) { 2060 error = kernel_lun_remove(oldlun); 2061 if (error != 0) { 2062 log_warnx("failed to remove lun \"%s\", " 2063 "CTL lun %d", 2064 oldlun->l_name, oldlun->l_ctl_lun); 2065 cumulated_error++; 2066 } 2067 lun_delete(oldlun); 2068 continue; 2069 } 2070 2071 lun_set_ctl_lun(newlun, oldlun->l_ctl_lun); 2072 } 2073 2074 TAILQ_FOREACH_SAFE(newlun, &newconf->conf_luns, l_next, tmplun) { 2075 oldlun = lun_find(oldconf, newlun->l_name); 2076 if (oldlun != NULL) { 2077 log_debugx("modifying lun \"%s\", CTL lun %d", 2078 newlun->l_name, newlun->l_ctl_lun); 2079 error = kernel_lun_modify(newlun); 2080 if (error != 0) { 2081 log_warnx("failed to " 2082 "modify lun \"%s\", CTL lun %d", 2083 newlun->l_name, newlun->l_ctl_lun); 2084 cumulated_error++; 2085 } 2086 continue; 2087 } 2088 log_debugx("adding lun \"%s\"", newlun->l_name); 2089 error = kernel_lun_add(newlun); 2090 if (error != 0) { 2091 log_warnx("failed to add lun \"%s\"", newlun->l_name); 2092 lun_delete(newlun); 2093 cumulated_error++; 2094 } 2095 } 2096 2097 /* 2098 * Now add new ports or modify existing ones. 2099 */ 2100 TAILQ_FOREACH_SAFE(newport, &newconf->conf_ports, p_next, tmpport) { 2101 if (port_is_dummy(newport)) 2102 continue; 2103 oldport = port_find(oldconf, newport->p_name); 2104 2105 if (oldport == NULL || port_is_dummy(oldport)) { 2106 log_debugx("adding port \"%s\"", newport->p_name); 2107 error = kernel_port_add(newport); 2108 } else { 2109 log_debugx("updating port \"%s\"", newport->p_name); 2110 newport->p_ctl_port = oldport->p_ctl_port; 2111 error = kernel_port_update(newport, oldport); 2112 } 2113 if (error != 0) { 2114 log_warnx("failed to %s port %s", 2115 (oldport == NULL) ? "add" : "update", 2116 newport->p_name); 2117 if (oldport == NULL || port_is_dummy(oldport)) 2118 port_delete(newport); 2119 /* 2120 * XXX: Uncomment after fixing the root cause. 2121 * 2122 * cumulated_error++; 2123 */ 2124 } 2125 } 2126 2127 /* 2128 * Go through the new portals, opening the sockets as necessary. 2129 */ 2130 TAILQ_FOREACH(newpg, &newconf->conf_portal_groups, pg_next) { 2131 if (newpg->pg_foreign) 2132 continue; 2133 if (newpg->pg_unassigned) { 2134 log_debugx("not listening on portal-group \"%s\", " 2135 "not assigned to any target", 2136 newpg->pg_name); 2137 continue; 2138 } 2139 TAILQ_FOREACH(newp, &newpg->pg_portals, p_next) { 2140 /* 2141 * Try to find already open portal and reuse 2142 * the listening socket. We don't care about 2143 * what portal or portal group that was, what 2144 * matters is the listening address. 2145 */ 2146 TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups, 2147 pg_next) { 2148 TAILQ_FOREACH(oldp, &oldpg->pg_portals, 2149 p_next) { 2150 if (portal_reuse_socket(oldp, newp)) 2151 goto reused; 2152 } 2153 } 2154 reused: 2155 if (newp->p_socket > 0) { 2156 /* 2157 * We're done with this portal. 2158 */ 2159 continue; 2160 } 2161 2162 #ifdef ICL_KERNEL_PROXY 2163 if (proxy_mode) { 2164 newpg->pg_conf->conf_portal_id++; 2165 newp->p_id = newpg->pg_conf->conf_portal_id; 2166 log_debugx("listening on %s, portal-group " 2167 "\"%s\", portal id %d, using ICL proxy", 2168 newp->p_listen, newpg->pg_name, newp->p_id); 2169 kernel_listen(newp->p_ai, newp->p_iser, 2170 newp->p_id); 2171 continue; 2172 } 2173 #endif 2174 assert(proxy_mode == false); 2175 assert(newp->p_iser == false); 2176 2177 if (!portal_init_socket(newp)) { 2178 cumulated_error++; 2179 continue; 2180 } 2181 } 2182 } 2183 2184 /* 2185 * Go through the no longer used sockets, closing them. 2186 */ 2187 TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups, pg_next) { 2188 TAILQ_FOREACH(oldp, &oldpg->pg_portals, p_next) { 2189 if (oldp->p_socket <= 0) 2190 continue; 2191 log_debugx("closing socket for %s, portal-group \"%s\"", 2192 oldp->p_listen, oldpg->pg_name); 2193 close(oldp->p_socket); 2194 oldp->p_socket = 0; 2195 } 2196 } 2197 2198 /* (Re-)Register on remaining/new iSNS servers. */ 2199 TAILQ_FOREACH(newns, &newconf->conf_isns, i_next) { 2200 TAILQ_FOREACH(oldns, &oldconf->conf_isns, i_next) { 2201 if (strcmp(oldns->i_addr, newns->i_addr) == 0) 2202 break; 2203 } 2204 isns_register(newns, oldns); 2205 } 2206 2207 /* Schedule iSNS update */ 2208 if (!TAILQ_EMPTY(&newconf->conf_isns)) 2209 set_timeout((newconf->conf_isns_period + 2) / 3, false); 2210 2211 return (cumulated_error); 2212 } 2213 2214 static bool 2215 timed_out(void) 2216 { 2217 2218 return (sigalrm_received); 2219 } 2220 2221 static void 2222 sigalrm_handler_fatal(int dummy __unused) 2223 { 2224 /* 2225 * It would be easiest to just log an error and exit. We can't 2226 * do this, though, because log_errx() is not signal safe, since 2227 * it calls syslog(3). Instead, set a flag checked by pdu_send() 2228 * and pdu_receive(), to call log_errx() there. Should they fail 2229 * to notice, we'll exit here one second later. 2230 */ 2231 if (sigalrm_received) { 2232 /* 2233 * Oh well. Just give up and quit. 2234 */ 2235 _exit(2); 2236 } 2237 2238 sigalrm_received = true; 2239 } 2240 2241 static void 2242 sigalrm_handler(int dummy __unused) 2243 { 2244 2245 sigalrm_received = true; 2246 } 2247 2248 void 2249 set_timeout(int timeout, int fatal) 2250 { 2251 struct sigaction sa; 2252 struct itimerval itv; 2253 int error; 2254 2255 if (timeout <= 0) { 2256 log_debugx("session timeout disabled"); 2257 bzero(&itv, sizeof(itv)); 2258 error = setitimer(ITIMER_REAL, &itv, NULL); 2259 if (error != 0) 2260 log_err(1, "setitimer"); 2261 sigalrm_received = false; 2262 return; 2263 } 2264 2265 sigalrm_received = false; 2266 bzero(&sa, sizeof(sa)); 2267 if (fatal) 2268 sa.sa_handler = sigalrm_handler_fatal; 2269 else 2270 sa.sa_handler = sigalrm_handler; 2271 sigfillset(&sa.sa_mask); 2272 error = sigaction(SIGALRM, &sa, NULL); 2273 if (error != 0) 2274 log_err(1, "sigaction"); 2275 2276 /* 2277 * First SIGALRM will arive after conf_timeout seconds. 2278 * If we do nothing, another one will arrive a second later. 2279 */ 2280 log_debugx("setting session timeout to %d seconds", timeout); 2281 bzero(&itv, sizeof(itv)); 2282 itv.it_interval.tv_sec = 1; 2283 itv.it_value.tv_sec = timeout; 2284 error = setitimer(ITIMER_REAL, &itv, NULL); 2285 if (error != 0) 2286 log_err(1, "setitimer"); 2287 } 2288 2289 static int 2290 wait_for_children(bool block) 2291 { 2292 pid_t pid; 2293 int status; 2294 int num = 0; 2295 2296 for (;;) { 2297 /* 2298 * If "block" is true, wait for at least one process. 2299 */ 2300 if (block && num == 0) 2301 pid = wait4(-1, &status, 0, NULL); 2302 else 2303 pid = wait4(-1, &status, WNOHANG, NULL); 2304 if (pid <= 0) 2305 break; 2306 if (WIFSIGNALED(status)) { 2307 log_warnx("child process %d terminated with signal %d", 2308 pid, WTERMSIG(status)); 2309 } else if (WEXITSTATUS(status) != 0) { 2310 log_warnx("child process %d terminated with exit status %d", 2311 pid, WEXITSTATUS(status)); 2312 } else { 2313 log_debugx("child process %d terminated gracefully", pid); 2314 } 2315 num++; 2316 } 2317 2318 return (num); 2319 } 2320 2321 static void 2322 handle_connection(struct portal *portal, int fd, 2323 const struct sockaddr *client_sa, bool dont_fork) 2324 { 2325 struct ctld_connection *conn; 2326 int error; 2327 pid_t pid; 2328 char host[NI_MAXHOST + 1]; 2329 struct conf *conf; 2330 2331 conf = portal->p_portal_group->pg_conf; 2332 2333 if (dont_fork) { 2334 log_debugx("incoming connection; not forking due to -d flag"); 2335 } else { 2336 nchildren -= wait_for_children(false); 2337 assert(nchildren >= 0); 2338 2339 while (conf->conf_maxproc > 0 && nchildren >= conf->conf_maxproc) { 2340 log_debugx("maxproc limit of %d child processes hit; " 2341 "waiting for child process to exit", conf->conf_maxproc); 2342 nchildren -= wait_for_children(true); 2343 assert(nchildren >= 0); 2344 } 2345 log_debugx("incoming connection; forking child process #%d", 2346 nchildren); 2347 nchildren++; 2348 pid = fork(); 2349 if (pid < 0) 2350 log_err(1, "fork"); 2351 if (pid > 0) { 2352 close(fd); 2353 return; 2354 } 2355 pidfile_close(conf->conf_pidfh); 2356 } 2357 2358 error = getnameinfo(client_sa, client_sa->sa_len, 2359 host, sizeof(host), NULL, 0, NI_NUMERICHOST); 2360 if (error != 0) 2361 log_errx(1, "getnameinfo: %s", gai_strerror(error)); 2362 2363 log_debugx("accepted connection from %s; portal group \"%s\"", 2364 host, portal->p_portal_group->pg_name); 2365 log_set_peer_addr(host); 2366 setproctitle("%s", host); 2367 2368 conn = connection_new(portal, fd, host, client_sa); 2369 set_timeout(conf->conf_timeout, true); 2370 kernel_capsicate(); 2371 login(conn); 2372 if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) { 2373 kernel_handoff(conn); 2374 log_debugx("connection handed off to the kernel"); 2375 } else { 2376 assert(conn->conn_session_type == CONN_SESSION_TYPE_DISCOVERY); 2377 discovery(conn); 2378 } 2379 log_debugx("nothing more to do; exiting"); 2380 exit(0); 2381 } 2382 2383 static void 2384 main_loop(struct conf *conf, bool dont_fork) 2385 { 2386 struct kevent kev; 2387 struct portal *portal; 2388 struct sockaddr_storage client_sa; 2389 socklen_t client_salen; 2390 #ifdef ICL_KERNEL_PROXY 2391 int connection_id; 2392 int portal_id; 2393 #endif 2394 int error, client_fd; 2395 2396 pidfile_write(conf->conf_pidfh); 2397 2398 for (;;) { 2399 if (sighup_received || sigterm_received || timed_out()) 2400 return; 2401 2402 #ifdef ICL_KERNEL_PROXY 2403 if (proxy_mode) { 2404 client_salen = sizeof(client_sa); 2405 kernel_accept(&connection_id, &portal_id, 2406 (struct sockaddr *)&client_sa, &client_salen); 2407 assert(client_salen >= client_sa.ss_len); 2408 2409 log_debugx("incoming connection, id %d, portal id %d", 2410 connection_id, portal_id); 2411 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 2412 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) { 2413 if (portal->p_id == portal_id) { 2414 goto found; 2415 } 2416 } 2417 } 2418 2419 log_errx(1, "kernel returned invalid portal_id %d", 2420 portal_id); 2421 2422 found: 2423 handle_connection(portal, connection_id, 2424 (struct sockaddr *)&client_sa, dont_fork); 2425 } else { 2426 #endif 2427 assert(proxy_mode == false); 2428 2429 error = kevent(kqfd, NULL, 0, &kev, 1, NULL); 2430 if (error == -1) { 2431 if (errno == EINTR) 2432 continue; 2433 log_err(1, "kevent"); 2434 } 2435 2436 switch (kev.filter) { 2437 case EVFILT_READ: 2438 portal = kev.udata; 2439 assert(portal->p_socket == (int)kev.ident); 2440 2441 client_salen = sizeof(client_sa); 2442 client_fd = accept(portal->p_socket, 2443 (struct sockaddr *)&client_sa, 2444 &client_salen); 2445 if (client_fd < 0) { 2446 if (errno == ECONNABORTED) 2447 continue; 2448 log_err(1, "accept"); 2449 } 2450 assert(client_salen >= client_sa.ss_len); 2451 2452 handle_connection(portal, client_fd, 2453 (struct sockaddr *)&client_sa, dont_fork); 2454 break; 2455 default: 2456 __assert_unreachable(); 2457 } 2458 #ifdef ICL_KERNEL_PROXY 2459 } 2460 #endif 2461 } 2462 } 2463 2464 static void 2465 sighup_handler(int dummy __unused) 2466 { 2467 2468 sighup_received = true; 2469 } 2470 2471 static void 2472 sigterm_handler(int dummy __unused) 2473 { 2474 2475 sigterm_received = true; 2476 } 2477 2478 static void 2479 sigchld_handler(int dummy __unused) 2480 { 2481 2482 /* 2483 * The only purpose of this handler is to make SIGCHLD 2484 * interrupt the ISCSIDWAIT ioctl(2), so we can call 2485 * wait_for_children(). 2486 */ 2487 } 2488 2489 static void 2490 register_signals(void) 2491 { 2492 struct sigaction sa; 2493 int error; 2494 2495 bzero(&sa, sizeof(sa)); 2496 sa.sa_handler = sighup_handler; 2497 sigfillset(&sa.sa_mask); 2498 error = sigaction(SIGHUP, &sa, NULL); 2499 if (error != 0) 2500 log_err(1, "sigaction"); 2501 2502 sa.sa_handler = sigterm_handler; 2503 error = sigaction(SIGTERM, &sa, NULL); 2504 if (error != 0) 2505 log_err(1, "sigaction"); 2506 2507 sa.sa_handler = sigterm_handler; 2508 error = sigaction(SIGINT, &sa, NULL); 2509 if (error != 0) 2510 log_err(1, "sigaction"); 2511 2512 sa.sa_handler = sigchld_handler; 2513 error = sigaction(SIGCHLD, &sa, NULL); 2514 if (error != 0) 2515 log_err(1, "sigaction"); 2516 } 2517 2518 static void 2519 check_perms(const char *path) 2520 { 2521 struct stat sb; 2522 int error; 2523 2524 error = stat(path, &sb); 2525 if (error != 0) { 2526 log_warn("stat"); 2527 return; 2528 } 2529 if (sb.st_mode & S_IWOTH) { 2530 log_warnx("%s is world-writable", path); 2531 } else if (sb.st_mode & S_IROTH) { 2532 log_warnx("%s is world-readable", path); 2533 } else if (sb.st_mode & S_IXOTH) { 2534 /* 2535 * Ok, this one doesn't matter, but still do it, 2536 * just for consistency. 2537 */ 2538 log_warnx("%s is world-executable", path); 2539 } 2540 2541 /* 2542 * XXX: Should we also check for owner != 0? 2543 */ 2544 } 2545 2546 static struct conf * 2547 conf_new_from_file(const char *path, bool ucl) 2548 { 2549 struct conf *conf; 2550 struct auth_group *ag; 2551 struct portal_group *pg; 2552 int error; 2553 2554 log_debugx("obtaining configuration from %s", path); 2555 2556 conf = conf_new(); 2557 2558 ag = auth_group_new(conf, "default"); 2559 assert(ag != NULL); 2560 2561 ag = auth_group_new(conf, "no-authentication"); 2562 assert(ag != NULL); 2563 ag->ag_type = AG_TYPE_NO_AUTHENTICATION; 2564 2565 ag = auth_group_new(conf, "no-access"); 2566 assert(ag != NULL); 2567 ag->ag_type = AG_TYPE_DENY; 2568 2569 pg = portal_group_new(conf, "default"); 2570 assert(pg != NULL); 2571 2572 if (ucl) 2573 error = uclparse_conf(conf, path); 2574 else 2575 error = parse_conf(conf, path); 2576 2577 if (error != 0) { 2578 conf_delete(conf); 2579 return (NULL); 2580 } 2581 2582 check_perms(path); 2583 2584 if (conf->conf_default_ag_defined == false) { 2585 log_debugx("auth-group \"default\" not defined; " 2586 "going with defaults"); 2587 ag = auth_group_find(conf, "default"); 2588 assert(ag != NULL); 2589 ag->ag_type = AG_TYPE_DENY; 2590 } 2591 2592 if (conf->conf_default_pg_defined == false) { 2593 log_debugx("portal-group \"default\" not defined; " 2594 "going with defaults"); 2595 pg = portal_group_find(conf, "default"); 2596 assert(pg != NULL); 2597 portal_group_add_listen(pg, "0.0.0.0:3260", false); 2598 portal_group_add_listen(pg, "[::]:3260", false); 2599 } 2600 2601 conf->conf_kernel_port_on = true; 2602 2603 error = conf_verify(conf); 2604 if (error != 0) { 2605 conf_delete(conf); 2606 return (NULL); 2607 } 2608 2609 return (conf); 2610 } 2611 2612 /* 2613 * If the config file specifies physical ports for any target, associate them 2614 * with the config file. If necessary, create them. 2615 */ 2616 static int 2617 new_pports_from_conf(struct conf *conf, struct kports *kports) 2618 { 2619 struct target *targ; 2620 struct pport *pp; 2621 struct port *tp; 2622 int ret, i_pp, i_vp; 2623 2624 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 2625 if (!targ->t_pport) 2626 continue; 2627 2628 ret = sscanf(targ->t_pport, "ioctl/%d/%d", &i_pp, &i_vp); 2629 if (ret > 0) { 2630 tp = port_new_ioctl(conf, kports, targ, i_pp, i_vp); 2631 if (tp == NULL) { 2632 log_warnx("can't create new ioctl port " 2633 "for target \"%s\"", targ->t_name); 2634 return (1); 2635 } 2636 2637 continue; 2638 } 2639 2640 pp = pport_find(kports, targ->t_pport); 2641 if (pp == NULL) { 2642 log_warnx("unknown port \"%s\" for target \"%s\"", 2643 targ->t_pport, targ->t_name); 2644 return (1); 2645 } 2646 if (!TAILQ_EMPTY(&pp->pp_ports)) { 2647 log_warnx("can't link port \"%s\" to target \"%s\", " 2648 "port already linked to some target", 2649 targ->t_pport, targ->t_name); 2650 return (1); 2651 } 2652 tp = port_new_pp(conf, targ, pp); 2653 if (tp == NULL) { 2654 log_warnx("can't link port \"%s\" to target \"%s\"", 2655 targ->t_pport, targ->t_name); 2656 return (1); 2657 } 2658 } 2659 return (0); 2660 } 2661 2662 int 2663 main(int argc, char **argv) 2664 { 2665 struct kports kports; 2666 struct conf *oldconf, *newconf, *tmpconf; 2667 struct isns *newns; 2668 const char *config_path = DEFAULT_CONFIG_PATH; 2669 int debug = 0, ch, error; 2670 pid_t otherpid; 2671 bool dont_daemonize = false; 2672 bool test_config = false; 2673 bool use_ucl = false; 2674 2675 while ((ch = getopt(argc, argv, "dtuf:R")) != -1) { 2676 switch (ch) { 2677 case 'd': 2678 dont_daemonize = true; 2679 debug++; 2680 break; 2681 case 't': 2682 test_config = true; 2683 break; 2684 case 'u': 2685 use_ucl = true; 2686 break; 2687 case 'f': 2688 config_path = optarg; 2689 break; 2690 case 'R': 2691 #ifndef ICL_KERNEL_PROXY 2692 log_errx(1, "ctld(8) compiled without ICL_KERNEL_PROXY " 2693 "does not support iSER protocol"); 2694 #endif 2695 proxy_mode = true; 2696 break; 2697 case '?': 2698 default: 2699 usage(); 2700 } 2701 } 2702 argc -= optind; 2703 if (argc != 0) 2704 usage(); 2705 2706 log_init(debug); 2707 kernel_init(); 2708 2709 TAILQ_INIT(&kports.pports); 2710 newconf = conf_new_from_file(config_path, use_ucl); 2711 2712 if (newconf == NULL) 2713 log_errx(1, "configuration error; exiting"); 2714 2715 if (test_config) 2716 return (0); 2717 2718 assert(newconf->conf_pidfile_path != NULL); 2719 log_debugx("opening pidfile %s", newconf->conf_pidfile_path); 2720 newconf->conf_pidfh = pidfile_open(newconf->conf_pidfile_path, 0600, 2721 &otherpid); 2722 if (newconf->conf_pidfh == NULL) { 2723 if (errno == EEXIST) 2724 log_errx(1, "daemon already running, pid: %jd.", 2725 (intmax_t)otherpid); 2726 log_err(1, "cannot open or create pidfile \"%s\"", 2727 newconf->conf_pidfile_path); 2728 } 2729 2730 register_signals(); 2731 2732 oldconf = conf_new_from_kernel(&kports); 2733 2734 if (debug > 0) { 2735 oldconf->conf_debug = debug; 2736 newconf->conf_debug = debug; 2737 } 2738 2739 if (new_pports_from_conf(newconf, &kports)) 2740 log_errx(1, "Error associating physical ports; exiting"); 2741 2742 if (dont_daemonize == false) { 2743 log_debugx("daemonizing"); 2744 if (daemon(0, 0) == -1) { 2745 log_warn("cannot daemonize"); 2746 pidfile_remove(newconf->conf_pidfh); 2747 exit(1); 2748 } 2749 } 2750 2751 kqfd = kqueue(); 2752 if (kqfd == -1) { 2753 log_warn("Cannot create kqueue"); 2754 pidfile_remove(newconf->conf_pidfh); 2755 exit(1); 2756 } 2757 2758 error = conf_apply(oldconf, newconf); 2759 if (error != 0) 2760 log_errx(1, "failed to apply configuration; exiting"); 2761 2762 conf_delete(oldconf); 2763 oldconf = NULL; 2764 2765 /* Schedule iSNS update */ 2766 if (!TAILQ_EMPTY(&newconf->conf_isns)) 2767 set_timeout((newconf->conf_isns_period + 2) / 3, false); 2768 2769 for (;;) { 2770 main_loop(newconf, dont_daemonize); 2771 if (sighup_received) { 2772 sighup_received = false; 2773 log_debugx("received SIGHUP, reloading configuration"); 2774 tmpconf = conf_new_from_file(config_path, use_ucl); 2775 2776 if (tmpconf == NULL) { 2777 log_warnx("configuration error, " 2778 "continuing with old configuration"); 2779 } else if (new_pports_from_conf(tmpconf, &kports)) { 2780 log_warnx("Error associating physical ports, " 2781 "continuing with old configuration"); 2782 conf_delete(tmpconf); 2783 } else { 2784 if (debug > 0) 2785 tmpconf->conf_debug = debug; 2786 oldconf = newconf; 2787 newconf = tmpconf; 2788 2789 error = conf_apply(oldconf, newconf); 2790 if (error != 0) 2791 log_warnx("failed to reload " 2792 "configuration"); 2793 conf_delete(oldconf); 2794 oldconf = NULL; 2795 } 2796 } else if (sigterm_received) { 2797 log_debugx("exiting on signal; " 2798 "reloading empty configuration"); 2799 2800 log_debugx("removing CTL iSCSI ports " 2801 "and terminating all connections"); 2802 2803 oldconf = newconf; 2804 newconf = conf_new(); 2805 if (debug > 0) 2806 newconf->conf_debug = debug; 2807 error = conf_apply(oldconf, newconf); 2808 if (error != 0) 2809 log_warnx("failed to apply configuration"); 2810 if (oldconf->conf_pidfh) { 2811 pidfile_remove(oldconf->conf_pidfh); 2812 oldconf->conf_pidfh = NULL; 2813 } 2814 conf_delete(newconf); 2815 conf_delete(oldconf); 2816 oldconf = NULL; 2817 2818 log_warnx("exiting on signal"); 2819 exit(0); 2820 } else { 2821 nchildren -= wait_for_children(false); 2822 assert(nchildren >= 0); 2823 if (timed_out()) { 2824 set_timeout(0, false); 2825 TAILQ_FOREACH(newns, &newconf->conf_isns, i_next) 2826 isns_check(newns); 2827 /* Schedule iSNS update */ 2828 if (!TAILQ_EMPTY(&newconf->conf_isns)) { 2829 set_timeout((newconf->conf_isns_period 2830 + 2) / 3, 2831 false); 2832 } 2833 } 2834 } 2835 } 2836 /* NOTREACHED */ 2837 } 2838