1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2012 The FreeBSD Foundation 5 * All rights reserved. 6 * 7 * This software was developed by Edward Tomasz Napierala under sponsorship 8 * from the FreeBSD Foundation. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 * 31 */ 32 33 #include <sys/cdefs.h> 34 __FBSDID("$FreeBSD$"); 35 36 #include <sys/types.h> 37 #include <sys/time.h> 38 #include <sys/socket.h> 39 #include <sys/stat.h> 40 #include <sys/wait.h> 41 #include <netinet/in.h> 42 #include <arpa/inet.h> 43 #include <assert.h> 44 #include <ctype.h> 45 #include <errno.h> 46 #include <netdb.h> 47 #include <signal.h> 48 #include <stdbool.h> 49 #include <stdio.h> 50 #include <stdint.h> 51 #include <stdlib.h> 52 #include <string.h> 53 #include <unistd.h> 54 55 #include "ctld.h" 56 #include "isns.h" 57 58 bool proxy_mode = false; 59 60 static volatile bool sighup_received = false; 61 static volatile bool sigterm_received = false; 62 static volatile bool sigalrm_received = false; 63 64 static int nchildren = 0; 65 static uint16_t last_portal_group_tag = 0xff; 66 67 static void 68 usage(void) 69 { 70 71 fprintf(stderr, "usage: ctld [-d][-u][-f config-file]\n"); 72 exit(1); 73 } 74 75 char * 76 checked_strdup(const char *s) 77 { 78 char *c; 79 80 c = strdup(s); 81 if (c == NULL) 82 log_err(1, "strdup"); 83 return (c); 84 } 85 86 struct conf * 87 conf_new(void) 88 { 89 struct conf *conf; 90 91 conf = calloc(1, sizeof(*conf)); 92 if (conf == NULL) 93 log_err(1, "calloc"); 94 TAILQ_INIT(&conf->conf_luns); 95 TAILQ_INIT(&conf->conf_targets); 96 TAILQ_INIT(&conf->conf_auth_groups); 97 TAILQ_INIT(&conf->conf_ports); 98 TAILQ_INIT(&conf->conf_portal_groups); 99 TAILQ_INIT(&conf->conf_pports); 100 TAILQ_INIT(&conf->conf_isns); 101 102 conf->conf_isns_period = 900; 103 conf->conf_isns_timeout = 5; 104 conf->conf_debug = 0; 105 conf->conf_timeout = 60; 106 conf->conf_maxproc = 30; 107 108 return (conf); 109 } 110 111 void 112 conf_delete(struct conf *conf) 113 { 114 struct lun *lun, *ltmp; 115 struct target *targ, *tmp; 116 struct auth_group *ag, *cagtmp; 117 struct portal_group *pg, *cpgtmp; 118 struct pport *pp, *pptmp; 119 struct isns *is, *istmp; 120 121 assert(conf->conf_pidfh == NULL); 122 123 TAILQ_FOREACH_SAFE(lun, &conf->conf_luns, l_next, ltmp) 124 lun_delete(lun); 125 TAILQ_FOREACH_SAFE(targ, &conf->conf_targets, t_next, tmp) 126 target_delete(targ); 127 TAILQ_FOREACH_SAFE(ag, &conf->conf_auth_groups, ag_next, cagtmp) 128 auth_group_delete(ag); 129 TAILQ_FOREACH_SAFE(pg, &conf->conf_portal_groups, pg_next, cpgtmp) 130 portal_group_delete(pg); 131 TAILQ_FOREACH_SAFE(pp, &conf->conf_pports, pp_next, pptmp) 132 pport_delete(pp); 133 TAILQ_FOREACH_SAFE(is, &conf->conf_isns, i_next, istmp) 134 isns_delete(is); 135 assert(TAILQ_EMPTY(&conf->conf_ports)); 136 free(conf->conf_pidfile_path); 137 free(conf); 138 } 139 140 static struct auth * 141 auth_new(struct auth_group *ag) 142 { 143 struct auth *auth; 144 145 auth = calloc(1, sizeof(*auth)); 146 if (auth == NULL) 147 log_err(1, "calloc"); 148 auth->a_auth_group = ag; 149 TAILQ_INSERT_TAIL(&ag->ag_auths, auth, a_next); 150 return (auth); 151 } 152 153 static void 154 auth_delete(struct auth *auth) 155 { 156 TAILQ_REMOVE(&auth->a_auth_group->ag_auths, auth, a_next); 157 158 free(auth->a_user); 159 free(auth->a_secret); 160 free(auth->a_mutual_user); 161 free(auth->a_mutual_secret); 162 free(auth); 163 } 164 165 const struct auth * 166 auth_find(const struct auth_group *ag, const char *user) 167 { 168 const struct auth *auth; 169 170 TAILQ_FOREACH(auth, &ag->ag_auths, a_next) { 171 if (strcmp(auth->a_user, user) == 0) 172 return (auth); 173 } 174 175 return (NULL); 176 } 177 178 static void 179 auth_check_secret_length(struct auth *auth) 180 { 181 size_t len; 182 183 len = strlen(auth->a_secret); 184 if (len > 16) { 185 if (auth->a_auth_group->ag_name != NULL) 186 log_warnx("secret for user \"%s\", auth-group \"%s\", " 187 "is too long; it should be at most 16 characters " 188 "long", auth->a_user, auth->a_auth_group->ag_name); 189 else 190 log_warnx("secret for user \"%s\", target \"%s\", " 191 "is too long; it should be at most 16 characters " 192 "long", auth->a_user, 193 auth->a_auth_group->ag_target->t_name); 194 } 195 if (len < 12) { 196 if (auth->a_auth_group->ag_name != NULL) 197 log_warnx("secret for user \"%s\", auth-group \"%s\", " 198 "is too short; it should be at least 12 characters " 199 "long", auth->a_user, 200 auth->a_auth_group->ag_name); 201 else 202 log_warnx("secret for user \"%s\", target \"%s\", " 203 "is too short; it should be at least 12 characters " 204 "long", auth->a_user, 205 auth->a_auth_group->ag_target->t_name); 206 } 207 208 if (auth->a_mutual_secret != NULL) { 209 len = strlen(auth->a_mutual_secret); 210 if (len > 16) { 211 if (auth->a_auth_group->ag_name != NULL) 212 log_warnx("mutual secret for user \"%s\", " 213 "auth-group \"%s\", is too long; it should " 214 "be at most 16 characters long", 215 auth->a_user, auth->a_auth_group->ag_name); 216 else 217 log_warnx("mutual secret for user \"%s\", " 218 "target \"%s\", is too long; it should " 219 "be at most 16 characters long", 220 auth->a_user, 221 auth->a_auth_group->ag_target->t_name); 222 } 223 if (len < 12) { 224 if (auth->a_auth_group->ag_name != NULL) 225 log_warnx("mutual secret for user \"%s\", " 226 "auth-group \"%s\", is too short; it " 227 "should be at least 12 characters long", 228 auth->a_user, auth->a_auth_group->ag_name); 229 else 230 log_warnx("mutual secret for user \"%s\", " 231 "target \"%s\", is too short; it should be " 232 "at least 12 characters long", 233 auth->a_user, 234 auth->a_auth_group->ag_target->t_name); 235 } 236 } 237 } 238 239 const struct auth * 240 auth_new_chap(struct auth_group *ag, const char *user, 241 const char *secret) 242 { 243 struct auth *auth; 244 245 if (ag->ag_type == AG_TYPE_UNKNOWN) 246 ag->ag_type = AG_TYPE_CHAP; 247 if (ag->ag_type != AG_TYPE_CHAP) { 248 if (ag->ag_name != NULL) 249 log_warnx("cannot mix \"chap\" authentication with " 250 "other types for auth-group \"%s\"", ag->ag_name); 251 else 252 log_warnx("cannot mix \"chap\" authentication with " 253 "other types for target \"%s\"", 254 ag->ag_target->t_name); 255 return (NULL); 256 } 257 258 auth = auth_new(ag); 259 auth->a_user = checked_strdup(user); 260 auth->a_secret = checked_strdup(secret); 261 262 auth_check_secret_length(auth); 263 264 return (auth); 265 } 266 267 const struct auth * 268 auth_new_chap_mutual(struct auth_group *ag, const char *user, 269 const char *secret, const char *user2, const char *secret2) 270 { 271 struct auth *auth; 272 273 if (ag->ag_type == AG_TYPE_UNKNOWN) 274 ag->ag_type = AG_TYPE_CHAP_MUTUAL; 275 if (ag->ag_type != AG_TYPE_CHAP_MUTUAL) { 276 if (ag->ag_name != NULL) 277 log_warnx("cannot mix \"chap-mutual\" authentication " 278 "with other types for auth-group \"%s\"", 279 ag->ag_name); 280 else 281 log_warnx("cannot mix \"chap-mutual\" authentication " 282 "with other types for target \"%s\"", 283 ag->ag_target->t_name); 284 return (NULL); 285 } 286 287 auth = auth_new(ag); 288 auth->a_user = checked_strdup(user); 289 auth->a_secret = checked_strdup(secret); 290 auth->a_mutual_user = checked_strdup(user2); 291 auth->a_mutual_secret = checked_strdup(secret2); 292 293 auth_check_secret_length(auth); 294 295 return (auth); 296 } 297 298 const struct auth_name * 299 auth_name_new(struct auth_group *ag, const char *name) 300 { 301 struct auth_name *an; 302 303 an = calloc(1, sizeof(*an)); 304 if (an == NULL) 305 log_err(1, "calloc"); 306 an->an_auth_group = ag; 307 an->an_initator_name = checked_strdup(name); 308 TAILQ_INSERT_TAIL(&ag->ag_names, an, an_next); 309 return (an); 310 } 311 312 static void 313 auth_name_delete(struct auth_name *an) 314 { 315 TAILQ_REMOVE(&an->an_auth_group->ag_names, an, an_next); 316 317 free(an->an_initator_name); 318 free(an); 319 } 320 321 bool 322 auth_name_defined(const struct auth_group *ag) 323 { 324 if (TAILQ_EMPTY(&ag->ag_names)) 325 return (false); 326 return (true); 327 } 328 329 const struct auth_name * 330 auth_name_find(const struct auth_group *ag, const char *name) 331 { 332 const struct auth_name *auth_name; 333 334 TAILQ_FOREACH(auth_name, &ag->ag_names, an_next) { 335 if (strcmp(auth_name->an_initator_name, name) == 0) 336 return (auth_name); 337 } 338 339 return (NULL); 340 } 341 342 int 343 auth_name_check(const struct auth_group *ag, const char *initiator_name) 344 { 345 if (!auth_name_defined(ag)) 346 return (0); 347 348 if (auth_name_find(ag, initiator_name) == NULL) 349 return (1); 350 351 return (0); 352 } 353 354 const struct auth_portal * 355 auth_portal_new(struct auth_group *ag, const char *portal) 356 { 357 struct auth_portal *ap; 358 char *net, *mask, *str, *tmp; 359 int len, dm, m; 360 361 ap = calloc(1, sizeof(*ap)); 362 if (ap == NULL) 363 log_err(1, "calloc"); 364 ap->ap_auth_group = ag; 365 ap->ap_initator_portal = checked_strdup(portal); 366 mask = str = checked_strdup(portal); 367 net = strsep(&mask, "/"); 368 if (net[0] == '[') 369 net++; 370 len = strlen(net); 371 if (len == 0) 372 goto error; 373 if (net[len - 1] == ']') 374 net[len - 1] = 0; 375 if (strchr(net, ':') != NULL) { 376 struct sockaddr_in6 *sin6 = 377 (struct sockaddr_in6 *)&ap->ap_sa; 378 379 sin6->sin6_len = sizeof(*sin6); 380 sin6->sin6_family = AF_INET6; 381 if (inet_pton(AF_INET6, net, &sin6->sin6_addr) <= 0) 382 goto error; 383 dm = 128; 384 } else { 385 struct sockaddr_in *sin = 386 (struct sockaddr_in *)&ap->ap_sa; 387 388 sin->sin_len = sizeof(*sin); 389 sin->sin_family = AF_INET; 390 if (inet_pton(AF_INET, net, &sin->sin_addr) <= 0) 391 goto error; 392 dm = 32; 393 } 394 if (mask != NULL) { 395 m = strtol(mask, &tmp, 0); 396 if (m < 0 || m > dm || tmp[0] != 0) 397 goto error; 398 } else 399 m = dm; 400 ap->ap_mask = m; 401 free(str); 402 TAILQ_INSERT_TAIL(&ag->ag_portals, ap, ap_next); 403 return (ap); 404 405 error: 406 free(str); 407 free(ap); 408 log_warnx("incorrect initiator portal \"%s\"", portal); 409 return (NULL); 410 } 411 412 static void 413 auth_portal_delete(struct auth_portal *ap) 414 { 415 TAILQ_REMOVE(&ap->ap_auth_group->ag_portals, ap, ap_next); 416 417 free(ap->ap_initator_portal); 418 free(ap); 419 } 420 421 bool 422 auth_portal_defined(const struct auth_group *ag) 423 { 424 if (TAILQ_EMPTY(&ag->ag_portals)) 425 return (false); 426 return (true); 427 } 428 429 const struct auth_portal * 430 auth_portal_find(const struct auth_group *ag, const struct sockaddr_storage *ss) 431 { 432 const struct auth_portal *ap; 433 const uint8_t *a, *b; 434 int i; 435 uint8_t bmask; 436 437 TAILQ_FOREACH(ap, &ag->ag_portals, ap_next) { 438 if (ap->ap_sa.ss_family != ss->ss_family) 439 continue; 440 if (ss->ss_family == AF_INET) { 441 a = (const uint8_t *) 442 &((const struct sockaddr_in *)ss)->sin_addr; 443 b = (const uint8_t *) 444 &((const struct sockaddr_in *)&ap->ap_sa)->sin_addr; 445 } else { 446 a = (const uint8_t *) 447 &((const struct sockaddr_in6 *)ss)->sin6_addr; 448 b = (const uint8_t *) 449 &((const struct sockaddr_in6 *)&ap->ap_sa)->sin6_addr; 450 } 451 for (i = 0; i < ap->ap_mask / 8; i++) { 452 if (a[i] != b[i]) 453 goto next; 454 } 455 if (ap->ap_mask % 8) { 456 bmask = 0xff << (8 - (ap->ap_mask % 8)); 457 if ((a[i] & bmask) != (b[i] & bmask)) 458 goto next; 459 } 460 return (ap); 461 next: 462 ; 463 } 464 465 return (NULL); 466 } 467 468 int 469 auth_portal_check(const struct auth_group *ag, const struct sockaddr_storage *sa) 470 { 471 472 if (!auth_portal_defined(ag)) 473 return (0); 474 475 if (auth_portal_find(ag, sa) == NULL) 476 return (1); 477 478 return (0); 479 } 480 481 struct auth_group * 482 auth_group_new(struct conf *conf, const char *name) 483 { 484 struct auth_group *ag; 485 486 if (name != NULL) { 487 ag = auth_group_find(conf, name); 488 if (ag != NULL) { 489 log_warnx("duplicated auth-group \"%s\"", name); 490 return (NULL); 491 } 492 } 493 494 ag = calloc(1, sizeof(*ag)); 495 if (ag == NULL) 496 log_err(1, "calloc"); 497 if (name != NULL) 498 ag->ag_name = checked_strdup(name); 499 TAILQ_INIT(&ag->ag_auths); 500 TAILQ_INIT(&ag->ag_names); 501 TAILQ_INIT(&ag->ag_portals); 502 ag->ag_conf = conf; 503 TAILQ_INSERT_TAIL(&conf->conf_auth_groups, ag, ag_next); 504 505 return (ag); 506 } 507 508 void 509 auth_group_delete(struct auth_group *ag) 510 { 511 struct auth *auth, *auth_tmp; 512 struct auth_name *auth_name, *auth_name_tmp; 513 struct auth_portal *auth_portal, *auth_portal_tmp; 514 515 TAILQ_REMOVE(&ag->ag_conf->conf_auth_groups, ag, ag_next); 516 517 TAILQ_FOREACH_SAFE(auth, &ag->ag_auths, a_next, auth_tmp) 518 auth_delete(auth); 519 TAILQ_FOREACH_SAFE(auth_name, &ag->ag_names, an_next, auth_name_tmp) 520 auth_name_delete(auth_name); 521 TAILQ_FOREACH_SAFE(auth_portal, &ag->ag_portals, ap_next, 522 auth_portal_tmp) 523 auth_portal_delete(auth_portal); 524 free(ag->ag_name); 525 free(ag); 526 } 527 528 struct auth_group * 529 auth_group_find(const struct conf *conf, const char *name) 530 { 531 struct auth_group *ag; 532 533 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) { 534 if (ag->ag_name != NULL && strcmp(ag->ag_name, name) == 0) 535 return (ag); 536 } 537 538 return (NULL); 539 } 540 541 int 542 auth_group_set_type(struct auth_group *ag, const char *str) 543 { 544 int type; 545 546 if (strcmp(str, "none") == 0) { 547 type = AG_TYPE_NO_AUTHENTICATION; 548 } else if (strcmp(str, "deny") == 0) { 549 type = AG_TYPE_DENY; 550 } else if (strcmp(str, "chap") == 0) { 551 type = AG_TYPE_CHAP; 552 } else if (strcmp(str, "chap-mutual") == 0) { 553 type = AG_TYPE_CHAP_MUTUAL; 554 } else { 555 if (ag->ag_name != NULL) 556 log_warnx("invalid auth-type \"%s\" for auth-group " 557 "\"%s\"", str, ag->ag_name); 558 else 559 log_warnx("invalid auth-type \"%s\" for target " 560 "\"%s\"", str, ag->ag_target->t_name); 561 return (1); 562 } 563 564 if (ag->ag_type != AG_TYPE_UNKNOWN && ag->ag_type != type) { 565 if (ag->ag_name != NULL) { 566 log_warnx("cannot set auth-type to \"%s\" for " 567 "auth-group \"%s\"; already has a different " 568 "type", str, ag->ag_name); 569 } else { 570 log_warnx("cannot set auth-type to \"%s\" for target " 571 "\"%s\"; already has a different type", 572 str, ag->ag_target->t_name); 573 } 574 return (1); 575 } 576 577 ag->ag_type = type; 578 579 return (0); 580 } 581 582 static struct portal * 583 portal_new(struct portal_group *pg) 584 { 585 struct portal *portal; 586 587 portal = calloc(1, sizeof(*portal)); 588 if (portal == NULL) 589 log_err(1, "calloc"); 590 TAILQ_INIT(&portal->p_targets); 591 portal->p_portal_group = pg; 592 TAILQ_INSERT_TAIL(&pg->pg_portals, portal, p_next); 593 return (portal); 594 } 595 596 static void 597 portal_delete(struct portal *portal) 598 { 599 600 TAILQ_REMOVE(&portal->p_portal_group->pg_portals, portal, p_next); 601 if (portal->p_ai != NULL) 602 freeaddrinfo(portal->p_ai); 603 free(portal->p_listen); 604 free(portal); 605 } 606 607 struct portal_group * 608 portal_group_new(struct conf *conf, const char *name) 609 { 610 struct portal_group *pg; 611 612 pg = portal_group_find(conf, name); 613 if (pg != NULL) { 614 log_warnx("duplicated portal-group \"%s\"", name); 615 return (NULL); 616 } 617 618 pg = calloc(1, sizeof(*pg)); 619 if (pg == NULL) 620 log_err(1, "calloc"); 621 pg->pg_name = checked_strdup(name); 622 TAILQ_INIT(&pg->pg_options); 623 TAILQ_INIT(&pg->pg_portals); 624 TAILQ_INIT(&pg->pg_ports); 625 pg->pg_conf = conf; 626 pg->pg_tag = 0; /* Assigned later in conf_apply(). */ 627 TAILQ_INSERT_TAIL(&conf->conf_portal_groups, pg, pg_next); 628 629 return (pg); 630 } 631 632 void 633 portal_group_delete(struct portal_group *pg) 634 { 635 struct portal *portal, *tmp; 636 struct port *port, *tport; 637 struct option *o, *otmp; 638 639 TAILQ_FOREACH_SAFE(port, &pg->pg_ports, p_pgs, tport) 640 port_delete(port); 641 TAILQ_REMOVE(&pg->pg_conf->conf_portal_groups, pg, pg_next); 642 643 TAILQ_FOREACH_SAFE(portal, &pg->pg_portals, p_next, tmp) 644 portal_delete(portal); 645 TAILQ_FOREACH_SAFE(o, &pg->pg_options, o_next, otmp) 646 option_delete(&pg->pg_options, o); 647 free(pg->pg_name); 648 free(pg->pg_offload); 649 free(pg->pg_redirection); 650 free(pg); 651 } 652 653 struct portal_group * 654 portal_group_find(const struct conf *conf, const char *name) 655 { 656 struct portal_group *pg; 657 658 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 659 if (strcmp(pg->pg_name, name) == 0) 660 return (pg); 661 } 662 663 return (NULL); 664 } 665 666 static int 667 parse_addr_port(char *arg, const char *def_port, struct addrinfo **ai) 668 { 669 struct addrinfo hints; 670 char *str, *addr, *ch; 671 const char *port; 672 int error, colons = 0; 673 674 str = arg = strdup(arg); 675 if (arg[0] == '[') { 676 /* 677 * IPv6 address in square brackets, perhaps with port. 678 */ 679 arg++; 680 addr = strsep(&arg, "]"); 681 if (arg == NULL) { 682 free(str); 683 return (1); 684 } 685 if (arg[0] == '\0') { 686 port = def_port; 687 } else if (arg[0] == ':') { 688 port = arg + 1; 689 } else { 690 free(str); 691 return (1); 692 } 693 } else { 694 /* 695 * Either IPv6 address without brackets - and without 696 * a port - or IPv4 address. Just count the colons. 697 */ 698 for (ch = arg; *ch != '\0'; ch++) { 699 if (*ch == ':') 700 colons++; 701 } 702 if (colons > 1) { 703 addr = arg; 704 port = def_port; 705 } else { 706 addr = strsep(&arg, ":"); 707 if (arg == NULL) 708 port = def_port; 709 else 710 port = arg; 711 } 712 } 713 714 memset(&hints, 0, sizeof(hints)); 715 hints.ai_family = PF_UNSPEC; 716 hints.ai_socktype = SOCK_STREAM; 717 hints.ai_flags = AI_PASSIVE; 718 error = getaddrinfo(addr, port, &hints, ai); 719 free(str); 720 return ((error != 0) ? 1 : 0); 721 } 722 723 int 724 portal_group_add_listen(struct portal_group *pg, const char *value, bool iser) 725 { 726 struct portal *portal; 727 728 portal = portal_new(pg); 729 portal->p_listen = checked_strdup(value); 730 portal->p_iser = iser; 731 732 if (parse_addr_port(portal->p_listen, "3260", &portal->p_ai)) { 733 log_warnx("invalid listen address %s", portal->p_listen); 734 portal_delete(portal); 735 return (1); 736 } 737 738 /* 739 * XXX: getaddrinfo(3) may return multiple addresses; we should turn 740 * those into multiple portals. 741 */ 742 743 return (0); 744 } 745 746 int 747 isns_new(struct conf *conf, const char *addr) 748 { 749 struct isns *isns; 750 751 isns = calloc(1, sizeof(*isns)); 752 if (isns == NULL) 753 log_err(1, "calloc"); 754 isns->i_conf = conf; 755 TAILQ_INSERT_TAIL(&conf->conf_isns, isns, i_next); 756 isns->i_addr = checked_strdup(addr); 757 758 if (parse_addr_port(isns->i_addr, "3205", &isns->i_ai)) { 759 log_warnx("invalid iSNS address %s", isns->i_addr); 760 isns_delete(isns); 761 return (1); 762 } 763 764 /* 765 * XXX: getaddrinfo(3) may return multiple addresses; we should turn 766 * those into multiple servers. 767 */ 768 769 return (0); 770 } 771 772 void 773 isns_delete(struct isns *isns) 774 { 775 776 TAILQ_REMOVE(&isns->i_conf->conf_isns, isns, i_next); 777 free(isns->i_addr); 778 if (isns->i_ai != NULL) 779 freeaddrinfo(isns->i_ai); 780 free(isns); 781 } 782 783 static int 784 isns_do_connect(struct isns *isns) 785 { 786 int s; 787 788 s = socket(isns->i_ai->ai_family, isns->i_ai->ai_socktype, 789 isns->i_ai->ai_protocol); 790 if (s < 0) { 791 log_warn("socket(2) failed for %s", isns->i_addr); 792 return (-1); 793 } 794 if (connect(s, isns->i_ai->ai_addr, isns->i_ai->ai_addrlen)) { 795 log_warn("connect(2) failed for %s", isns->i_addr); 796 close(s); 797 return (-1); 798 } 799 return(s); 800 } 801 802 static int 803 isns_do_register(struct isns *isns, int s, const char *hostname) 804 { 805 struct conf *conf = isns->i_conf; 806 struct target *target; 807 struct portal *portal; 808 struct portal_group *pg; 809 struct port *port; 810 struct isns_req *req; 811 int res = 0; 812 uint32_t error; 813 814 req = isns_req_create(ISNS_FUNC_DEVATTRREG, ISNS_FLAG_CLIENT); 815 isns_req_add_str(req, 32, TAILQ_FIRST(&conf->conf_targets)->t_name); 816 isns_req_add_delim(req); 817 isns_req_add_str(req, 1, hostname); 818 isns_req_add_32(req, 2, 2); /* 2 -- iSCSI */ 819 isns_req_add_32(req, 6, conf->conf_isns_period); 820 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 821 if (pg->pg_unassigned) 822 continue; 823 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) { 824 isns_req_add_addr(req, 16, portal->p_ai); 825 isns_req_add_port(req, 17, portal->p_ai); 826 } 827 } 828 TAILQ_FOREACH(target, &conf->conf_targets, t_next) { 829 isns_req_add_str(req, 32, target->t_name); 830 isns_req_add_32(req, 33, 1); /* 1 -- Target*/ 831 if (target->t_alias != NULL) 832 isns_req_add_str(req, 34, target->t_alias); 833 TAILQ_FOREACH(port, &target->t_ports, p_ts) { 834 if ((pg = port->p_portal_group) == NULL) 835 continue; 836 isns_req_add_32(req, 51, pg->pg_tag); 837 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) { 838 isns_req_add_addr(req, 49, portal->p_ai); 839 isns_req_add_port(req, 50, portal->p_ai); 840 } 841 } 842 } 843 res = isns_req_send(s, req); 844 if (res < 0) { 845 log_warn("send(2) failed for %s", isns->i_addr); 846 goto quit; 847 } 848 res = isns_req_receive(s, req); 849 if (res < 0) { 850 log_warn("receive(2) failed for %s", isns->i_addr); 851 goto quit; 852 } 853 error = isns_req_get_status(req); 854 if (error != 0) { 855 log_warnx("iSNS register error %d for %s", error, isns->i_addr); 856 res = -1; 857 } 858 quit: 859 isns_req_free(req); 860 return (res); 861 } 862 863 static int 864 isns_do_check(struct isns *isns, int s, const char *hostname) 865 { 866 struct conf *conf = isns->i_conf; 867 struct isns_req *req; 868 int res = 0; 869 uint32_t error; 870 871 req = isns_req_create(ISNS_FUNC_DEVATTRQRY, ISNS_FLAG_CLIENT); 872 isns_req_add_str(req, 32, TAILQ_FIRST(&conf->conf_targets)->t_name); 873 isns_req_add_str(req, 1, hostname); 874 isns_req_add_delim(req); 875 isns_req_add(req, 2, 0, NULL); 876 res = isns_req_send(s, req); 877 if (res < 0) { 878 log_warn("send(2) failed for %s", isns->i_addr); 879 goto quit; 880 } 881 res = isns_req_receive(s, req); 882 if (res < 0) { 883 log_warn("receive(2) failed for %s", isns->i_addr); 884 goto quit; 885 } 886 error = isns_req_get_status(req); 887 if (error != 0) { 888 log_warnx("iSNS check error %d for %s", error, isns->i_addr); 889 res = -1; 890 } 891 quit: 892 isns_req_free(req); 893 return (res); 894 } 895 896 static int 897 isns_do_deregister(struct isns *isns, int s, const char *hostname) 898 { 899 struct conf *conf = isns->i_conf; 900 struct isns_req *req; 901 int res = 0; 902 uint32_t error; 903 904 req = isns_req_create(ISNS_FUNC_DEVDEREG, ISNS_FLAG_CLIENT); 905 isns_req_add_str(req, 32, TAILQ_FIRST(&conf->conf_targets)->t_name); 906 isns_req_add_delim(req); 907 isns_req_add_str(req, 1, hostname); 908 res = isns_req_send(s, req); 909 if (res < 0) { 910 log_warn("send(2) failed for %s", isns->i_addr); 911 goto quit; 912 } 913 res = isns_req_receive(s, req); 914 if (res < 0) { 915 log_warn("receive(2) failed for %s", isns->i_addr); 916 goto quit; 917 } 918 error = isns_req_get_status(req); 919 if (error != 0) { 920 log_warnx("iSNS deregister error %d for %s", error, isns->i_addr); 921 res = -1; 922 } 923 quit: 924 isns_req_free(req); 925 return (res); 926 } 927 928 void 929 isns_register(struct isns *isns, struct isns *oldisns) 930 { 931 struct conf *conf = isns->i_conf; 932 int s; 933 char hostname[256]; 934 935 if (TAILQ_EMPTY(&conf->conf_targets) || 936 TAILQ_EMPTY(&conf->conf_portal_groups)) 937 return; 938 set_timeout(conf->conf_isns_timeout, false); 939 s = isns_do_connect(isns); 940 if (s < 0) { 941 set_timeout(0, false); 942 return; 943 } 944 gethostname(hostname, sizeof(hostname)); 945 946 if (oldisns == NULL || TAILQ_EMPTY(&oldisns->i_conf->conf_targets)) 947 oldisns = isns; 948 isns_do_deregister(oldisns, s, hostname); 949 isns_do_register(isns, s, hostname); 950 close(s); 951 set_timeout(0, false); 952 } 953 954 void 955 isns_check(struct isns *isns) 956 { 957 struct conf *conf = isns->i_conf; 958 int s, res; 959 char hostname[256]; 960 961 if (TAILQ_EMPTY(&conf->conf_targets) || 962 TAILQ_EMPTY(&conf->conf_portal_groups)) 963 return; 964 set_timeout(conf->conf_isns_timeout, false); 965 s = isns_do_connect(isns); 966 if (s < 0) { 967 set_timeout(0, false); 968 return; 969 } 970 gethostname(hostname, sizeof(hostname)); 971 972 res = isns_do_check(isns, s, hostname); 973 if (res < 0) { 974 isns_do_deregister(isns, s, hostname); 975 isns_do_register(isns, s, hostname); 976 } 977 close(s); 978 set_timeout(0, false); 979 } 980 981 void 982 isns_deregister(struct isns *isns) 983 { 984 struct conf *conf = isns->i_conf; 985 int s; 986 char hostname[256]; 987 988 if (TAILQ_EMPTY(&conf->conf_targets) || 989 TAILQ_EMPTY(&conf->conf_portal_groups)) 990 return; 991 set_timeout(conf->conf_isns_timeout, false); 992 s = isns_do_connect(isns); 993 if (s < 0) 994 return; 995 gethostname(hostname, sizeof(hostname)); 996 997 isns_do_deregister(isns, s, hostname); 998 close(s); 999 set_timeout(0, false); 1000 } 1001 1002 int 1003 portal_group_set_filter(struct portal_group *pg, const char *str) 1004 { 1005 int filter; 1006 1007 if (strcmp(str, "none") == 0) { 1008 filter = PG_FILTER_NONE; 1009 } else if (strcmp(str, "portal") == 0) { 1010 filter = PG_FILTER_PORTAL; 1011 } else if (strcmp(str, "portal-name") == 0) { 1012 filter = PG_FILTER_PORTAL_NAME; 1013 } else if (strcmp(str, "portal-name-auth") == 0) { 1014 filter = PG_FILTER_PORTAL_NAME_AUTH; 1015 } else { 1016 log_warnx("invalid discovery-filter \"%s\" for portal-group " 1017 "\"%s\"; valid values are \"none\", \"portal\", " 1018 "\"portal-name\", and \"portal-name-auth\"", 1019 str, pg->pg_name); 1020 return (1); 1021 } 1022 1023 if (pg->pg_discovery_filter != PG_FILTER_UNKNOWN && 1024 pg->pg_discovery_filter != filter) { 1025 log_warnx("cannot set discovery-filter to \"%s\" for " 1026 "portal-group \"%s\"; already has a different " 1027 "value", str, pg->pg_name); 1028 return (1); 1029 } 1030 1031 pg->pg_discovery_filter = filter; 1032 1033 return (0); 1034 } 1035 1036 int 1037 portal_group_set_offload(struct portal_group *pg, const char *offload) 1038 { 1039 1040 if (pg->pg_offload != NULL) { 1041 log_warnx("cannot set offload to \"%s\" for " 1042 "portal-group \"%s\"; already defined", 1043 offload, pg->pg_name); 1044 return (1); 1045 } 1046 1047 pg->pg_offload = checked_strdup(offload); 1048 1049 return (0); 1050 } 1051 1052 int 1053 portal_group_set_redirection(struct portal_group *pg, const char *addr) 1054 { 1055 1056 if (pg->pg_redirection != NULL) { 1057 log_warnx("cannot set redirection to \"%s\" for " 1058 "portal-group \"%s\"; already defined", 1059 addr, pg->pg_name); 1060 return (1); 1061 } 1062 1063 pg->pg_redirection = checked_strdup(addr); 1064 1065 return (0); 1066 } 1067 1068 static bool 1069 valid_hex(const char ch) 1070 { 1071 switch (ch) { 1072 case '0': 1073 case '1': 1074 case '2': 1075 case '3': 1076 case '4': 1077 case '5': 1078 case '6': 1079 case '7': 1080 case '8': 1081 case '9': 1082 case 'a': 1083 case 'A': 1084 case 'b': 1085 case 'B': 1086 case 'c': 1087 case 'C': 1088 case 'd': 1089 case 'D': 1090 case 'e': 1091 case 'E': 1092 case 'f': 1093 case 'F': 1094 return (true); 1095 default: 1096 return (false); 1097 } 1098 } 1099 1100 bool 1101 valid_iscsi_name(const char *name) 1102 { 1103 int i; 1104 1105 if (strlen(name) >= MAX_NAME_LEN) { 1106 log_warnx("overlong name for target \"%s\"; max length allowed " 1107 "by iSCSI specification is %d characters", 1108 name, MAX_NAME_LEN); 1109 return (false); 1110 } 1111 1112 /* 1113 * In the cases below, we don't return an error, just in case the admin 1114 * was right, and we're wrong. 1115 */ 1116 if (strncasecmp(name, "iqn.", strlen("iqn.")) == 0) { 1117 for (i = strlen("iqn."); name[i] != '\0'; i++) { 1118 /* 1119 * XXX: We should verify UTF-8 normalisation, as defined 1120 * by 3.2.6.2: iSCSI Name Encoding. 1121 */ 1122 if (isalnum(name[i])) 1123 continue; 1124 if (name[i] == '-' || name[i] == '.' || name[i] == ':') 1125 continue; 1126 log_warnx("invalid character \"%c\" in target name " 1127 "\"%s\"; allowed characters are letters, digits, " 1128 "'-', '.', and ':'", name[i], name); 1129 break; 1130 } 1131 /* 1132 * XXX: Check more stuff: valid date and a valid reversed domain. 1133 */ 1134 } else if (strncasecmp(name, "eui.", strlen("eui.")) == 0) { 1135 if (strlen(name) != strlen("eui.") + 16) 1136 log_warnx("invalid target name \"%s\"; the \"eui.\" " 1137 "should be followed by exactly 16 hexadecimal " 1138 "digits", name); 1139 for (i = strlen("eui."); name[i] != '\0'; i++) { 1140 if (!valid_hex(name[i])) { 1141 log_warnx("invalid character \"%c\" in target " 1142 "name \"%s\"; allowed characters are 1-9 " 1143 "and A-F", name[i], name); 1144 break; 1145 } 1146 } 1147 } else if (strncasecmp(name, "naa.", strlen("naa.")) == 0) { 1148 if (strlen(name) > strlen("naa.") + 32) 1149 log_warnx("invalid target name \"%s\"; the \"naa.\" " 1150 "should be followed by at most 32 hexadecimal " 1151 "digits", name); 1152 for (i = strlen("naa."); name[i] != '\0'; i++) { 1153 if (!valid_hex(name[i])) { 1154 log_warnx("invalid character \"%c\" in target " 1155 "name \"%s\"; allowed characters are 1-9 " 1156 "and A-F", name[i], name); 1157 break; 1158 } 1159 } 1160 } else { 1161 log_warnx("invalid target name \"%s\"; should start with " 1162 "either \"iqn.\", \"eui.\", or \"naa.\"", 1163 name); 1164 } 1165 return (true); 1166 } 1167 1168 struct pport * 1169 pport_new(struct conf *conf, const char *name, uint32_t ctl_port) 1170 { 1171 struct pport *pp; 1172 1173 pp = calloc(1, sizeof(*pp)); 1174 if (pp == NULL) 1175 log_err(1, "calloc"); 1176 pp->pp_conf = conf; 1177 pp->pp_name = checked_strdup(name); 1178 pp->pp_ctl_port = ctl_port; 1179 TAILQ_INIT(&pp->pp_ports); 1180 TAILQ_INSERT_TAIL(&conf->conf_pports, pp, pp_next); 1181 return (pp); 1182 } 1183 1184 struct pport * 1185 pport_find(const struct conf *conf, const char *name) 1186 { 1187 struct pport *pp; 1188 1189 TAILQ_FOREACH(pp, &conf->conf_pports, pp_next) { 1190 if (strcasecmp(pp->pp_name, name) == 0) 1191 return (pp); 1192 } 1193 return (NULL); 1194 } 1195 1196 struct pport * 1197 pport_copy(struct pport *pp, struct conf *conf) 1198 { 1199 struct pport *ppnew; 1200 1201 ppnew = pport_new(conf, pp->pp_name, pp->pp_ctl_port); 1202 return (ppnew); 1203 } 1204 1205 void 1206 pport_delete(struct pport *pp) 1207 { 1208 struct port *port, *tport; 1209 1210 TAILQ_FOREACH_SAFE(port, &pp->pp_ports, p_ts, tport) 1211 port_delete(port); 1212 TAILQ_REMOVE(&pp->pp_conf->conf_pports, pp, pp_next); 1213 free(pp->pp_name); 1214 free(pp); 1215 } 1216 1217 struct port * 1218 port_new(struct conf *conf, struct target *target, struct portal_group *pg) 1219 { 1220 struct port *port; 1221 char *name; 1222 int ret; 1223 1224 ret = asprintf(&name, "%s-%s", pg->pg_name, target->t_name); 1225 if (ret <= 0) 1226 log_err(1, "asprintf"); 1227 if (port_find(conf, name) != NULL) { 1228 log_warnx("duplicate port \"%s\"", name); 1229 free(name); 1230 return (NULL); 1231 } 1232 port = calloc(1, sizeof(*port)); 1233 if (port == NULL) 1234 log_err(1, "calloc"); 1235 port->p_conf = conf; 1236 port->p_name = name; 1237 TAILQ_INSERT_TAIL(&conf->conf_ports, port, p_next); 1238 TAILQ_INSERT_TAIL(&target->t_ports, port, p_ts); 1239 port->p_target = target; 1240 TAILQ_INSERT_TAIL(&pg->pg_ports, port, p_pgs); 1241 port->p_portal_group = pg; 1242 return (port); 1243 } 1244 1245 struct port * 1246 port_new_pp(struct conf *conf, struct target *target, struct pport *pp) 1247 { 1248 struct port *port; 1249 char *name; 1250 int ret; 1251 1252 ret = asprintf(&name, "%s-%s", pp->pp_name, target->t_name); 1253 if (ret <= 0) 1254 log_err(1, "asprintf"); 1255 if (port_find(conf, name) != NULL) { 1256 log_warnx("duplicate port \"%s\"", name); 1257 free(name); 1258 return (NULL); 1259 } 1260 port = calloc(1, sizeof(*port)); 1261 if (port == NULL) 1262 log_err(1, "calloc"); 1263 port->p_conf = conf; 1264 port->p_name = name; 1265 TAILQ_INSERT_TAIL(&conf->conf_ports, port, p_next); 1266 TAILQ_INSERT_TAIL(&target->t_ports, port, p_ts); 1267 port->p_target = target; 1268 TAILQ_INSERT_TAIL(&pp->pp_ports, port, p_pps); 1269 port->p_pport = pp; 1270 return (port); 1271 } 1272 1273 struct port * 1274 port_find(const struct conf *conf, const char *name) 1275 { 1276 struct port *port; 1277 1278 TAILQ_FOREACH(port, &conf->conf_ports, p_next) { 1279 if (strcasecmp(port->p_name, name) == 0) 1280 return (port); 1281 } 1282 1283 return (NULL); 1284 } 1285 1286 struct port * 1287 port_find_in_pg(const struct portal_group *pg, const char *target) 1288 { 1289 struct port *port; 1290 1291 TAILQ_FOREACH(port, &pg->pg_ports, p_pgs) { 1292 if (strcasecmp(port->p_target->t_name, target) == 0) 1293 return (port); 1294 } 1295 1296 return (NULL); 1297 } 1298 1299 void 1300 port_delete(struct port *port) 1301 { 1302 1303 if (port->p_portal_group) 1304 TAILQ_REMOVE(&port->p_portal_group->pg_ports, port, p_pgs); 1305 if (port->p_pport) 1306 TAILQ_REMOVE(&port->p_pport->pp_ports, port, p_pps); 1307 if (port->p_target) 1308 TAILQ_REMOVE(&port->p_target->t_ports, port, p_ts); 1309 TAILQ_REMOVE(&port->p_conf->conf_ports, port, p_next); 1310 free(port->p_name); 1311 free(port); 1312 } 1313 1314 int 1315 port_is_dummy(struct port *port) 1316 { 1317 1318 if (port->p_portal_group) { 1319 if (port->p_portal_group->pg_foreign) 1320 return (1); 1321 if (TAILQ_EMPTY(&port->p_portal_group->pg_portals)) 1322 return (1); 1323 } 1324 return (0); 1325 } 1326 1327 struct target * 1328 target_new(struct conf *conf, const char *name) 1329 { 1330 struct target *targ; 1331 int i, len; 1332 1333 targ = target_find(conf, name); 1334 if (targ != NULL) { 1335 log_warnx("duplicated target \"%s\"", name); 1336 return (NULL); 1337 } 1338 if (valid_iscsi_name(name) == false) { 1339 log_warnx("target name \"%s\" is invalid", name); 1340 return (NULL); 1341 } 1342 targ = calloc(1, sizeof(*targ)); 1343 if (targ == NULL) 1344 log_err(1, "calloc"); 1345 targ->t_name = checked_strdup(name); 1346 1347 /* 1348 * RFC 3722 requires us to normalize the name to lowercase. 1349 */ 1350 len = strlen(name); 1351 for (i = 0; i < len; i++) 1352 targ->t_name[i] = tolower(targ->t_name[i]); 1353 1354 targ->t_conf = conf; 1355 TAILQ_INIT(&targ->t_ports); 1356 TAILQ_INSERT_TAIL(&conf->conf_targets, targ, t_next); 1357 1358 return (targ); 1359 } 1360 1361 void 1362 target_delete(struct target *targ) 1363 { 1364 struct port *port, *tport; 1365 1366 TAILQ_FOREACH_SAFE(port, &targ->t_ports, p_ts, tport) 1367 port_delete(port); 1368 TAILQ_REMOVE(&targ->t_conf->conf_targets, targ, t_next); 1369 1370 free(targ->t_name); 1371 free(targ->t_redirection); 1372 free(targ); 1373 } 1374 1375 struct target * 1376 target_find(struct conf *conf, const char *name) 1377 { 1378 struct target *targ; 1379 1380 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 1381 if (strcasecmp(targ->t_name, name) == 0) 1382 return (targ); 1383 } 1384 1385 return (NULL); 1386 } 1387 1388 int 1389 target_set_redirection(struct target *target, const char *addr) 1390 { 1391 1392 if (target->t_redirection != NULL) { 1393 log_warnx("cannot set redirection to \"%s\" for " 1394 "target \"%s\"; already defined", 1395 addr, target->t_name); 1396 return (1); 1397 } 1398 1399 target->t_redirection = checked_strdup(addr); 1400 1401 return (0); 1402 } 1403 1404 struct lun * 1405 lun_new(struct conf *conf, const char *name) 1406 { 1407 struct lun *lun; 1408 1409 lun = lun_find(conf, name); 1410 if (lun != NULL) { 1411 log_warnx("duplicated lun \"%s\"", name); 1412 return (NULL); 1413 } 1414 1415 lun = calloc(1, sizeof(*lun)); 1416 if (lun == NULL) 1417 log_err(1, "calloc"); 1418 lun->l_conf = conf; 1419 lun->l_name = checked_strdup(name); 1420 TAILQ_INIT(&lun->l_options); 1421 TAILQ_INSERT_TAIL(&conf->conf_luns, lun, l_next); 1422 lun->l_ctl_lun = -1; 1423 1424 return (lun); 1425 } 1426 1427 void 1428 lun_delete(struct lun *lun) 1429 { 1430 struct target *targ; 1431 struct option *o, *tmp; 1432 int i; 1433 1434 TAILQ_FOREACH(targ, &lun->l_conf->conf_targets, t_next) { 1435 for (i = 0; i < MAX_LUNS; i++) { 1436 if (targ->t_luns[i] == lun) 1437 targ->t_luns[i] = NULL; 1438 } 1439 } 1440 TAILQ_REMOVE(&lun->l_conf->conf_luns, lun, l_next); 1441 1442 TAILQ_FOREACH_SAFE(o, &lun->l_options, o_next, tmp) 1443 option_delete(&lun->l_options, o); 1444 free(lun->l_name); 1445 free(lun->l_backend); 1446 free(lun->l_device_id); 1447 free(lun->l_path); 1448 free(lun->l_scsiname); 1449 free(lun->l_serial); 1450 free(lun); 1451 } 1452 1453 struct lun * 1454 lun_find(const struct conf *conf, const char *name) 1455 { 1456 struct lun *lun; 1457 1458 TAILQ_FOREACH(lun, &conf->conf_luns, l_next) { 1459 if (strcmp(lun->l_name, name) == 0) 1460 return (lun); 1461 } 1462 1463 return (NULL); 1464 } 1465 1466 void 1467 lun_set_backend(struct lun *lun, const char *value) 1468 { 1469 free(lun->l_backend); 1470 lun->l_backend = checked_strdup(value); 1471 } 1472 1473 void 1474 lun_set_blocksize(struct lun *lun, size_t value) 1475 { 1476 1477 lun->l_blocksize = value; 1478 } 1479 1480 void 1481 lun_set_device_type(struct lun *lun, uint8_t value) 1482 { 1483 1484 lun->l_device_type = value; 1485 } 1486 1487 void 1488 lun_set_device_id(struct lun *lun, const char *value) 1489 { 1490 free(lun->l_device_id); 1491 lun->l_device_id = checked_strdup(value); 1492 } 1493 1494 void 1495 lun_set_path(struct lun *lun, const char *value) 1496 { 1497 free(lun->l_path); 1498 lun->l_path = checked_strdup(value); 1499 } 1500 1501 void 1502 lun_set_scsiname(struct lun *lun, const char *value) 1503 { 1504 free(lun->l_scsiname); 1505 lun->l_scsiname = checked_strdup(value); 1506 } 1507 1508 void 1509 lun_set_serial(struct lun *lun, const char *value) 1510 { 1511 free(lun->l_serial); 1512 lun->l_serial = checked_strdup(value); 1513 } 1514 1515 void 1516 lun_set_size(struct lun *lun, size_t value) 1517 { 1518 1519 lun->l_size = value; 1520 } 1521 1522 void 1523 lun_set_ctl_lun(struct lun *lun, uint32_t value) 1524 { 1525 1526 lun->l_ctl_lun = value; 1527 } 1528 1529 struct option * 1530 option_new(struct options *options, const char *name, const char *value) 1531 { 1532 struct option *o; 1533 1534 o = option_find(options, name); 1535 if (o != NULL) { 1536 log_warnx("duplicated option \"%s\"", name); 1537 return (NULL); 1538 } 1539 1540 o = calloc(1, sizeof(*o)); 1541 if (o == NULL) 1542 log_err(1, "calloc"); 1543 o->o_name = checked_strdup(name); 1544 o->o_value = checked_strdup(value); 1545 TAILQ_INSERT_TAIL(options, o, o_next); 1546 1547 return (o); 1548 } 1549 1550 void 1551 option_delete(struct options *options, struct option *o) 1552 { 1553 1554 TAILQ_REMOVE(options, o, o_next); 1555 free(o->o_name); 1556 free(o->o_value); 1557 free(o); 1558 } 1559 1560 struct option * 1561 option_find(const struct options *options, const char *name) 1562 { 1563 struct option *o; 1564 1565 TAILQ_FOREACH(o, options, o_next) { 1566 if (strcmp(o->o_name, name) == 0) 1567 return (o); 1568 } 1569 1570 return (NULL); 1571 } 1572 1573 void 1574 option_set(struct option *o, const char *value) 1575 { 1576 1577 free(o->o_value); 1578 o->o_value = checked_strdup(value); 1579 } 1580 1581 static struct connection * 1582 connection_new(struct portal *portal, int fd, const char *host, 1583 const struct sockaddr *client_sa) 1584 { 1585 struct connection *conn; 1586 1587 conn = calloc(1, sizeof(*conn)); 1588 if (conn == NULL) 1589 log_err(1, "calloc"); 1590 conn->conn_portal = portal; 1591 conn->conn_socket = fd; 1592 conn->conn_initiator_addr = checked_strdup(host); 1593 memcpy(&conn->conn_initiator_sa, client_sa, client_sa->sa_len); 1594 1595 /* 1596 * Default values, from RFC 3720, section 12. 1597 */ 1598 conn->conn_max_recv_data_segment_length = 8192; 1599 conn->conn_max_send_data_segment_length = 8192; 1600 conn->conn_max_burst_length = 262144; 1601 conn->conn_first_burst_length = 65536; 1602 conn->conn_immediate_data = true; 1603 1604 return (conn); 1605 } 1606 1607 #if 0 1608 static void 1609 conf_print(struct conf *conf) 1610 { 1611 struct auth_group *ag; 1612 struct auth *auth; 1613 struct auth_name *auth_name; 1614 struct auth_portal *auth_portal; 1615 struct portal_group *pg; 1616 struct portal *portal; 1617 struct target *targ; 1618 struct lun *lun; 1619 struct option *o; 1620 1621 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) { 1622 fprintf(stderr, "auth-group %s {\n", ag->ag_name); 1623 TAILQ_FOREACH(auth, &ag->ag_auths, a_next) 1624 fprintf(stderr, "\t chap-mutual %s %s %s %s\n", 1625 auth->a_user, auth->a_secret, 1626 auth->a_mutual_user, auth->a_mutual_secret); 1627 TAILQ_FOREACH(auth_name, &ag->ag_names, an_next) 1628 fprintf(stderr, "\t initiator-name %s\n", 1629 auth_name->an_initator_name); 1630 TAILQ_FOREACH(auth_portal, &ag->ag_portals, an_next) 1631 fprintf(stderr, "\t initiator-portal %s\n", 1632 auth_portal->an_initator_portal); 1633 fprintf(stderr, "}\n"); 1634 } 1635 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 1636 fprintf(stderr, "portal-group %s {\n", pg->pg_name); 1637 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) 1638 fprintf(stderr, "\t listen %s\n", portal->p_listen); 1639 fprintf(stderr, "}\n"); 1640 } 1641 TAILQ_FOREACH(lun, &conf->conf_luns, l_next) { 1642 fprintf(stderr, "\tlun %s {\n", lun->l_name); 1643 fprintf(stderr, "\t\tpath %s\n", lun->l_path); 1644 TAILQ_FOREACH(o, &lun->l_options, o_next) 1645 fprintf(stderr, "\t\toption %s %s\n", 1646 lo->o_name, lo->o_value); 1647 fprintf(stderr, "\t}\n"); 1648 } 1649 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 1650 fprintf(stderr, "target %s {\n", targ->t_name); 1651 if (targ->t_alias != NULL) 1652 fprintf(stderr, "\t alias %s\n", targ->t_alias); 1653 fprintf(stderr, "}\n"); 1654 } 1655 } 1656 #endif 1657 1658 static int 1659 conf_verify_lun(struct lun *lun) 1660 { 1661 const struct lun *lun2; 1662 1663 if (lun->l_backend == NULL) 1664 lun_set_backend(lun, "block"); 1665 if (strcmp(lun->l_backend, "block") == 0) { 1666 if (lun->l_path == NULL) { 1667 log_warnx("missing path for lun \"%s\"", 1668 lun->l_name); 1669 return (1); 1670 } 1671 } else if (strcmp(lun->l_backend, "ramdisk") == 0) { 1672 if (lun->l_size == 0) { 1673 log_warnx("missing size for ramdisk-backed lun \"%s\"", 1674 lun->l_name); 1675 return (1); 1676 } 1677 if (lun->l_path != NULL) { 1678 log_warnx("path must not be specified " 1679 "for ramdisk-backed lun \"%s\"", 1680 lun->l_name); 1681 return (1); 1682 } 1683 } 1684 if (lun->l_blocksize == 0) { 1685 if (lun->l_device_type == 5) 1686 lun_set_blocksize(lun, DEFAULT_CD_BLOCKSIZE); 1687 else 1688 lun_set_blocksize(lun, DEFAULT_BLOCKSIZE); 1689 } else if (lun->l_blocksize < 0) { 1690 log_warnx("invalid blocksize for lun \"%s\"; " 1691 "must be larger than 0", lun->l_name); 1692 return (1); 1693 } 1694 if (lun->l_size != 0 && lun->l_size % lun->l_blocksize != 0) { 1695 log_warnx("invalid size for lun \"%s\"; " 1696 "must be multiple of blocksize", lun->l_name); 1697 return (1); 1698 } 1699 TAILQ_FOREACH(lun2, &lun->l_conf->conf_luns, l_next) { 1700 if (lun == lun2) 1701 continue; 1702 if (lun->l_path != NULL && lun2->l_path != NULL && 1703 strcmp(lun->l_path, lun2->l_path) == 0) { 1704 log_debugx("WARNING: path \"%s\" duplicated " 1705 "between lun \"%s\", and " 1706 "lun \"%s\"", lun->l_path, 1707 lun->l_name, lun2->l_name); 1708 } 1709 } 1710 1711 return (0); 1712 } 1713 1714 int 1715 conf_verify(struct conf *conf) 1716 { 1717 struct auth_group *ag; 1718 struct portal_group *pg; 1719 struct port *port; 1720 struct target *targ; 1721 struct lun *lun; 1722 bool found; 1723 int error, i; 1724 1725 if (conf->conf_pidfile_path == NULL) 1726 conf->conf_pidfile_path = checked_strdup(DEFAULT_PIDFILE); 1727 1728 TAILQ_FOREACH(lun, &conf->conf_luns, l_next) { 1729 error = conf_verify_lun(lun); 1730 if (error != 0) 1731 return (error); 1732 } 1733 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 1734 if (targ->t_auth_group == NULL) { 1735 targ->t_auth_group = auth_group_find(conf, 1736 "default"); 1737 assert(targ->t_auth_group != NULL); 1738 } 1739 if (TAILQ_EMPTY(&targ->t_ports)) { 1740 pg = portal_group_find(conf, "default"); 1741 assert(pg != NULL); 1742 port_new(conf, targ, pg); 1743 } 1744 found = false; 1745 for (i = 0; i < MAX_LUNS; i++) { 1746 if (targ->t_luns[i] != NULL) 1747 found = true; 1748 } 1749 if (!found && targ->t_redirection == NULL) { 1750 log_warnx("no LUNs defined for target \"%s\"", 1751 targ->t_name); 1752 } 1753 if (found && targ->t_redirection != NULL) { 1754 log_debugx("target \"%s\" contains luns, " 1755 " but configured for redirection", 1756 targ->t_name); 1757 } 1758 } 1759 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 1760 assert(pg->pg_name != NULL); 1761 if (pg->pg_discovery_auth_group == NULL) { 1762 pg->pg_discovery_auth_group = 1763 auth_group_find(conf, "default"); 1764 assert(pg->pg_discovery_auth_group != NULL); 1765 } 1766 1767 if (pg->pg_discovery_filter == PG_FILTER_UNKNOWN) 1768 pg->pg_discovery_filter = PG_FILTER_NONE; 1769 1770 if (pg->pg_redirection != NULL) { 1771 if (!TAILQ_EMPTY(&pg->pg_ports)) { 1772 log_debugx("portal-group \"%s\" assigned " 1773 "to target, but configured " 1774 "for redirection", 1775 pg->pg_name); 1776 } 1777 pg->pg_unassigned = false; 1778 } else if (!TAILQ_EMPTY(&pg->pg_ports)) { 1779 pg->pg_unassigned = false; 1780 } else { 1781 if (strcmp(pg->pg_name, "default") != 0) 1782 log_warnx("portal-group \"%s\" not assigned " 1783 "to any target", pg->pg_name); 1784 pg->pg_unassigned = true; 1785 } 1786 } 1787 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) { 1788 if (ag->ag_name == NULL) 1789 assert(ag->ag_target != NULL); 1790 else 1791 assert(ag->ag_target == NULL); 1792 1793 found = false; 1794 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 1795 if (targ->t_auth_group == ag) { 1796 found = true; 1797 break; 1798 } 1799 } 1800 TAILQ_FOREACH(port, &conf->conf_ports, p_next) { 1801 if (port->p_auth_group == ag) { 1802 found = true; 1803 break; 1804 } 1805 } 1806 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 1807 if (pg->pg_discovery_auth_group == ag) { 1808 found = true; 1809 break; 1810 } 1811 } 1812 if (!found && ag->ag_name != NULL && 1813 strcmp(ag->ag_name, "default") != 0 && 1814 strcmp(ag->ag_name, "no-authentication") != 0 && 1815 strcmp(ag->ag_name, "no-access") != 0) { 1816 log_warnx("auth-group \"%s\" not assigned " 1817 "to any target", ag->ag_name); 1818 } 1819 } 1820 1821 return (0); 1822 } 1823 1824 static int 1825 conf_apply(struct conf *oldconf, struct conf *newconf) 1826 { 1827 struct lun *oldlun, *newlun, *tmplun; 1828 struct portal_group *oldpg, *newpg; 1829 struct portal *oldp, *newp; 1830 struct port *oldport, *newport, *tmpport; 1831 struct isns *oldns, *newns; 1832 pid_t otherpid; 1833 int changed, cumulated_error = 0, error, sockbuf; 1834 int one = 1; 1835 1836 if (oldconf->conf_debug != newconf->conf_debug) { 1837 log_debugx("changing debug level to %d", newconf->conf_debug); 1838 log_init(newconf->conf_debug); 1839 } 1840 1841 if (oldconf->conf_pidfh != NULL) { 1842 assert(oldconf->conf_pidfile_path != NULL); 1843 if (newconf->conf_pidfile_path != NULL && 1844 strcmp(oldconf->conf_pidfile_path, 1845 newconf->conf_pidfile_path) == 0) { 1846 newconf->conf_pidfh = oldconf->conf_pidfh; 1847 oldconf->conf_pidfh = NULL; 1848 } else { 1849 log_debugx("removing pidfile %s", 1850 oldconf->conf_pidfile_path); 1851 pidfile_remove(oldconf->conf_pidfh); 1852 oldconf->conf_pidfh = NULL; 1853 } 1854 } 1855 1856 if (newconf->conf_pidfh == NULL && newconf->conf_pidfile_path != NULL) { 1857 log_debugx("opening pidfile %s", newconf->conf_pidfile_path); 1858 newconf->conf_pidfh = 1859 pidfile_open(newconf->conf_pidfile_path, 0600, &otherpid); 1860 if (newconf->conf_pidfh == NULL) { 1861 if (errno == EEXIST) 1862 log_errx(1, "daemon already running, pid: %jd.", 1863 (intmax_t)otherpid); 1864 log_err(1, "cannot open or create pidfile \"%s\"", 1865 newconf->conf_pidfile_path); 1866 } 1867 } 1868 1869 /* 1870 * Go through the new portal groups, assigning tags or preserving old. 1871 */ 1872 TAILQ_FOREACH(newpg, &newconf->conf_portal_groups, pg_next) { 1873 if (newpg->pg_tag != 0) 1874 continue; 1875 oldpg = portal_group_find(oldconf, newpg->pg_name); 1876 if (oldpg != NULL) 1877 newpg->pg_tag = oldpg->pg_tag; 1878 else 1879 newpg->pg_tag = ++last_portal_group_tag; 1880 } 1881 1882 /* Deregister on removed iSNS servers. */ 1883 TAILQ_FOREACH(oldns, &oldconf->conf_isns, i_next) { 1884 TAILQ_FOREACH(newns, &newconf->conf_isns, i_next) { 1885 if (strcmp(oldns->i_addr, newns->i_addr) == 0) 1886 break; 1887 } 1888 if (newns == NULL) 1889 isns_deregister(oldns); 1890 } 1891 1892 /* 1893 * XXX: If target or lun removal fails, we should somehow "move" 1894 * the old lun or target into newconf, so that subsequent 1895 * conf_apply() would try to remove them again. That would 1896 * be somewhat hairy, though, and lun deletion failures don't 1897 * really happen, so leave it as it is for now. 1898 */ 1899 /* 1900 * First, remove any ports present in the old configuration 1901 * and missing in the new one. 1902 */ 1903 TAILQ_FOREACH_SAFE(oldport, &oldconf->conf_ports, p_next, tmpport) { 1904 if (port_is_dummy(oldport)) 1905 continue; 1906 newport = port_find(newconf, oldport->p_name); 1907 if (newport != NULL && !port_is_dummy(newport)) 1908 continue; 1909 log_debugx("removing port \"%s\"", oldport->p_name); 1910 error = kernel_port_remove(oldport); 1911 if (error != 0) { 1912 log_warnx("failed to remove port %s", 1913 oldport->p_name); 1914 /* 1915 * XXX: Uncomment after fixing the root cause. 1916 * 1917 * cumulated_error++; 1918 */ 1919 } 1920 } 1921 1922 /* 1923 * Second, remove any LUNs present in the old configuration 1924 * and missing in the new one. 1925 */ 1926 TAILQ_FOREACH_SAFE(oldlun, &oldconf->conf_luns, l_next, tmplun) { 1927 newlun = lun_find(newconf, oldlun->l_name); 1928 if (newlun == NULL) { 1929 log_debugx("lun \"%s\", CTL lun %d " 1930 "not found in new configuration; " 1931 "removing", oldlun->l_name, oldlun->l_ctl_lun); 1932 error = kernel_lun_remove(oldlun); 1933 if (error != 0) { 1934 log_warnx("failed to remove lun \"%s\", " 1935 "CTL lun %d", 1936 oldlun->l_name, oldlun->l_ctl_lun); 1937 cumulated_error++; 1938 } 1939 continue; 1940 } 1941 1942 /* 1943 * Also remove the LUNs changed by more than size. 1944 */ 1945 changed = 0; 1946 assert(oldlun->l_backend != NULL); 1947 assert(newlun->l_backend != NULL); 1948 if (strcmp(newlun->l_backend, oldlun->l_backend) != 0) { 1949 log_debugx("backend for lun \"%s\", " 1950 "CTL lun %d changed; removing", 1951 oldlun->l_name, oldlun->l_ctl_lun); 1952 changed = 1; 1953 } 1954 if (oldlun->l_blocksize != newlun->l_blocksize) { 1955 log_debugx("blocksize for lun \"%s\", " 1956 "CTL lun %d changed; removing", 1957 oldlun->l_name, oldlun->l_ctl_lun); 1958 changed = 1; 1959 } 1960 if (newlun->l_device_id != NULL && 1961 (oldlun->l_device_id == NULL || 1962 strcmp(oldlun->l_device_id, newlun->l_device_id) != 1963 0)) { 1964 log_debugx("device-id for lun \"%s\", " 1965 "CTL lun %d changed; removing", 1966 oldlun->l_name, oldlun->l_ctl_lun); 1967 changed = 1; 1968 } 1969 if (newlun->l_path != NULL && 1970 (oldlun->l_path == NULL || 1971 strcmp(oldlun->l_path, newlun->l_path) != 0)) { 1972 log_debugx("path for lun \"%s\", " 1973 "CTL lun %d, changed; removing", 1974 oldlun->l_name, oldlun->l_ctl_lun); 1975 changed = 1; 1976 } 1977 if (newlun->l_serial != NULL && 1978 (oldlun->l_serial == NULL || 1979 strcmp(oldlun->l_serial, newlun->l_serial) != 0)) { 1980 log_debugx("serial for lun \"%s\", " 1981 "CTL lun %d changed; removing", 1982 oldlun->l_name, oldlun->l_ctl_lun); 1983 changed = 1; 1984 } 1985 if (changed) { 1986 error = kernel_lun_remove(oldlun); 1987 if (error != 0) { 1988 log_warnx("failed to remove lun \"%s\", " 1989 "CTL lun %d", 1990 oldlun->l_name, oldlun->l_ctl_lun); 1991 cumulated_error++; 1992 } 1993 lun_delete(oldlun); 1994 continue; 1995 } 1996 1997 lun_set_ctl_lun(newlun, oldlun->l_ctl_lun); 1998 } 1999 2000 TAILQ_FOREACH_SAFE(newlun, &newconf->conf_luns, l_next, tmplun) { 2001 oldlun = lun_find(oldconf, newlun->l_name); 2002 if (oldlun != NULL) { 2003 log_debugx("modifying lun \"%s\", CTL lun %d", 2004 newlun->l_name, newlun->l_ctl_lun); 2005 error = kernel_lun_modify(newlun); 2006 if (error != 0) { 2007 log_warnx("failed to " 2008 "modify lun \"%s\", CTL lun %d", 2009 newlun->l_name, newlun->l_ctl_lun); 2010 cumulated_error++; 2011 } 2012 continue; 2013 } 2014 log_debugx("adding lun \"%s\"", newlun->l_name); 2015 error = kernel_lun_add(newlun); 2016 if (error != 0) { 2017 log_warnx("failed to add lun \"%s\"", newlun->l_name); 2018 lun_delete(newlun); 2019 cumulated_error++; 2020 } 2021 } 2022 2023 /* 2024 * Now add new ports or modify existing ones. 2025 */ 2026 TAILQ_FOREACH(newport, &newconf->conf_ports, p_next) { 2027 if (port_is_dummy(newport)) 2028 continue; 2029 oldport = port_find(oldconf, newport->p_name); 2030 2031 if (oldport == NULL || port_is_dummy(oldport)) { 2032 log_debugx("adding port \"%s\"", newport->p_name); 2033 error = kernel_port_add(newport); 2034 } else { 2035 log_debugx("updating port \"%s\"", newport->p_name); 2036 newport->p_ctl_port = oldport->p_ctl_port; 2037 error = kernel_port_update(newport, oldport); 2038 } 2039 if (error != 0) { 2040 log_warnx("failed to %s port %s", 2041 (oldport == NULL) ? "add" : "update", 2042 newport->p_name); 2043 /* 2044 * XXX: Uncomment after fixing the root cause. 2045 * 2046 * cumulated_error++; 2047 */ 2048 } 2049 } 2050 2051 /* 2052 * Go through the new portals, opening the sockets as necessary. 2053 */ 2054 TAILQ_FOREACH(newpg, &newconf->conf_portal_groups, pg_next) { 2055 if (newpg->pg_foreign) 2056 continue; 2057 if (newpg->pg_unassigned) { 2058 log_debugx("not listening on portal-group \"%s\", " 2059 "not assigned to any target", 2060 newpg->pg_name); 2061 continue; 2062 } 2063 TAILQ_FOREACH(newp, &newpg->pg_portals, p_next) { 2064 /* 2065 * Try to find already open portal and reuse 2066 * the listening socket. We don't care about 2067 * what portal or portal group that was, what 2068 * matters is the listening address. 2069 */ 2070 TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups, 2071 pg_next) { 2072 TAILQ_FOREACH(oldp, &oldpg->pg_portals, 2073 p_next) { 2074 if (strcmp(newp->p_listen, 2075 oldp->p_listen) == 0 && 2076 oldp->p_socket > 0) { 2077 newp->p_socket = 2078 oldp->p_socket; 2079 oldp->p_socket = 0; 2080 break; 2081 } 2082 } 2083 } 2084 if (newp->p_socket > 0) { 2085 /* 2086 * We're done with this portal. 2087 */ 2088 continue; 2089 } 2090 2091 #ifdef ICL_KERNEL_PROXY 2092 if (proxy_mode) { 2093 newpg->pg_conf->conf_portal_id++; 2094 newp->p_id = newpg->pg_conf->conf_portal_id; 2095 log_debugx("listening on %s, portal-group " 2096 "\"%s\", portal id %d, using ICL proxy", 2097 newp->p_listen, newpg->pg_name, newp->p_id); 2098 kernel_listen(newp->p_ai, newp->p_iser, 2099 newp->p_id); 2100 continue; 2101 } 2102 #endif 2103 assert(proxy_mode == false); 2104 assert(newp->p_iser == false); 2105 2106 log_debugx("listening on %s, portal-group \"%s\"", 2107 newp->p_listen, newpg->pg_name); 2108 newp->p_socket = socket(newp->p_ai->ai_family, 2109 newp->p_ai->ai_socktype, 2110 newp->p_ai->ai_protocol); 2111 if (newp->p_socket < 0) { 2112 log_warn("socket(2) failed for %s", 2113 newp->p_listen); 2114 cumulated_error++; 2115 continue; 2116 } 2117 sockbuf = SOCKBUF_SIZE; 2118 if (setsockopt(newp->p_socket, SOL_SOCKET, SO_RCVBUF, 2119 &sockbuf, sizeof(sockbuf)) == -1) 2120 log_warn("setsockopt(SO_RCVBUF) failed " 2121 "for %s", newp->p_listen); 2122 sockbuf = SOCKBUF_SIZE; 2123 if (setsockopt(newp->p_socket, SOL_SOCKET, SO_SNDBUF, 2124 &sockbuf, sizeof(sockbuf)) == -1) 2125 log_warn("setsockopt(SO_SNDBUF) failed " 2126 "for %s", newp->p_listen); 2127 error = setsockopt(newp->p_socket, SOL_SOCKET, 2128 SO_REUSEADDR, &one, sizeof(one)); 2129 if (error != 0) { 2130 log_warn("setsockopt(SO_REUSEADDR) failed " 2131 "for %s", newp->p_listen); 2132 close(newp->p_socket); 2133 newp->p_socket = 0; 2134 cumulated_error++; 2135 continue; 2136 } 2137 error = bind(newp->p_socket, newp->p_ai->ai_addr, 2138 newp->p_ai->ai_addrlen); 2139 if (error != 0) { 2140 log_warn("bind(2) failed for %s", 2141 newp->p_listen); 2142 close(newp->p_socket); 2143 newp->p_socket = 0; 2144 cumulated_error++; 2145 continue; 2146 } 2147 error = listen(newp->p_socket, -1); 2148 if (error != 0) { 2149 log_warn("listen(2) failed for %s", 2150 newp->p_listen); 2151 close(newp->p_socket); 2152 newp->p_socket = 0; 2153 cumulated_error++; 2154 continue; 2155 } 2156 } 2157 } 2158 2159 /* 2160 * Go through the no longer used sockets, closing them. 2161 */ 2162 TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups, pg_next) { 2163 TAILQ_FOREACH(oldp, &oldpg->pg_portals, p_next) { 2164 if (oldp->p_socket <= 0) 2165 continue; 2166 log_debugx("closing socket for %s, portal-group \"%s\"", 2167 oldp->p_listen, oldpg->pg_name); 2168 close(oldp->p_socket); 2169 oldp->p_socket = 0; 2170 } 2171 } 2172 2173 /* (Re-)Register on remaining/new iSNS servers. */ 2174 TAILQ_FOREACH(newns, &newconf->conf_isns, i_next) { 2175 TAILQ_FOREACH(oldns, &oldconf->conf_isns, i_next) { 2176 if (strcmp(oldns->i_addr, newns->i_addr) == 0) 2177 break; 2178 } 2179 isns_register(newns, oldns); 2180 } 2181 2182 /* Schedule iSNS update */ 2183 if (!TAILQ_EMPTY(&newconf->conf_isns)) 2184 set_timeout((newconf->conf_isns_period + 2) / 3, false); 2185 2186 return (cumulated_error); 2187 } 2188 2189 bool 2190 timed_out(void) 2191 { 2192 2193 return (sigalrm_received); 2194 } 2195 2196 static void 2197 sigalrm_handler_fatal(int dummy __unused) 2198 { 2199 /* 2200 * It would be easiest to just log an error and exit. We can't 2201 * do this, though, because log_errx() is not signal safe, since 2202 * it calls syslog(3). Instead, set a flag checked by pdu_send() 2203 * and pdu_receive(), to call log_errx() there. Should they fail 2204 * to notice, we'll exit here one second later. 2205 */ 2206 if (sigalrm_received) { 2207 /* 2208 * Oh well. Just give up and quit. 2209 */ 2210 _exit(2); 2211 } 2212 2213 sigalrm_received = true; 2214 } 2215 2216 static void 2217 sigalrm_handler(int dummy __unused) 2218 { 2219 2220 sigalrm_received = true; 2221 } 2222 2223 void 2224 set_timeout(int timeout, int fatal) 2225 { 2226 struct sigaction sa; 2227 struct itimerval itv; 2228 int error; 2229 2230 if (timeout <= 0) { 2231 log_debugx("session timeout disabled"); 2232 bzero(&itv, sizeof(itv)); 2233 error = setitimer(ITIMER_REAL, &itv, NULL); 2234 if (error != 0) 2235 log_err(1, "setitimer"); 2236 sigalrm_received = false; 2237 return; 2238 } 2239 2240 sigalrm_received = false; 2241 bzero(&sa, sizeof(sa)); 2242 if (fatal) 2243 sa.sa_handler = sigalrm_handler_fatal; 2244 else 2245 sa.sa_handler = sigalrm_handler; 2246 sigfillset(&sa.sa_mask); 2247 error = sigaction(SIGALRM, &sa, NULL); 2248 if (error != 0) 2249 log_err(1, "sigaction"); 2250 2251 /* 2252 * First SIGALRM will arive after conf_timeout seconds. 2253 * If we do nothing, another one will arrive a second later. 2254 */ 2255 log_debugx("setting session timeout to %d seconds", timeout); 2256 bzero(&itv, sizeof(itv)); 2257 itv.it_interval.tv_sec = 1; 2258 itv.it_value.tv_sec = timeout; 2259 error = setitimer(ITIMER_REAL, &itv, NULL); 2260 if (error != 0) 2261 log_err(1, "setitimer"); 2262 } 2263 2264 static int 2265 wait_for_children(bool block) 2266 { 2267 pid_t pid; 2268 int status; 2269 int num = 0; 2270 2271 for (;;) { 2272 /* 2273 * If "block" is true, wait for at least one process. 2274 */ 2275 if (block && num == 0) 2276 pid = wait4(-1, &status, 0, NULL); 2277 else 2278 pid = wait4(-1, &status, WNOHANG, NULL); 2279 if (pid <= 0) 2280 break; 2281 if (WIFSIGNALED(status)) { 2282 log_warnx("child process %d terminated with signal %d", 2283 pid, WTERMSIG(status)); 2284 } else if (WEXITSTATUS(status) != 0) { 2285 log_warnx("child process %d terminated with exit status %d", 2286 pid, WEXITSTATUS(status)); 2287 } else { 2288 log_debugx("child process %d terminated gracefully", pid); 2289 } 2290 num++; 2291 } 2292 2293 return (num); 2294 } 2295 2296 static void 2297 handle_connection(struct portal *portal, int fd, 2298 const struct sockaddr *client_sa, bool dont_fork) 2299 { 2300 struct connection *conn; 2301 int error; 2302 pid_t pid; 2303 char host[NI_MAXHOST + 1]; 2304 struct conf *conf; 2305 2306 conf = portal->p_portal_group->pg_conf; 2307 2308 if (dont_fork) { 2309 log_debugx("incoming connection; not forking due to -d flag"); 2310 } else { 2311 nchildren -= wait_for_children(false); 2312 assert(nchildren >= 0); 2313 2314 while (conf->conf_maxproc > 0 && nchildren >= conf->conf_maxproc) { 2315 log_debugx("maxproc limit of %d child processes hit; " 2316 "waiting for child process to exit", conf->conf_maxproc); 2317 nchildren -= wait_for_children(true); 2318 assert(nchildren >= 0); 2319 } 2320 log_debugx("incoming connection; forking child process #%d", 2321 nchildren); 2322 nchildren++; 2323 pid = fork(); 2324 if (pid < 0) 2325 log_err(1, "fork"); 2326 if (pid > 0) { 2327 close(fd); 2328 return; 2329 } 2330 } 2331 pidfile_close(conf->conf_pidfh); 2332 2333 error = getnameinfo(client_sa, client_sa->sa_len, 2334 host, sizeof(host), NULL, 0, NI_NUMERICHOST); 2335 if (error != 0) 2336 log_errx(1, "getnameinfo: %s", gai_strerror(error)); 2337 2338 log_debugx("accepted connection from %s; portal group \"%s\"", 2339 host, portal->p_portal_group->pg_name); 2340 log_set_peer_addr(host); 2341 setproctitle("%s", host); 2342 2343 conn = connection_new(portal, fd, host, client_sa); 2344 set_timeout(conf->conf_timeout, true); 2345 kernel_capsicate(); 2346 login(conn); 2347 if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) { 2348 kernel_handoff(conn); 2349 log_debugx("connection handed off to the kernel"); 2350 } else { 2351 assert(conn->conn_session_type == CONN_SESSION_TYPE_DISCOVERY); 2352 discovery(conn); 2353 } 2354 log_debugx("nothing more to do; exiting"); 2355 exit(0); 2356 } 2357 2358 static int 2359 fd_add(int fd, fd_set *fdset, int nfds) 2360 { 2361 2362 /* 2363 * Skip sockets which we failed to bind. 2364 */ 2365 if (fd <= 0) 2366 return (nfds); 2367 2368 FD_SET(fd, fdset); 2369 if (fd > nfds) 2370 nfds = fd; 2371 return (nfds); 2372 } 2373 2374 static void 2375 main_loop(struct conf *conf, bool dont_fork) 2376 { 2377 struct portal_group *pg; 2378 struct portal *portal; 2379 struct sockaddr_storage client_sa; 2380 socklen_t client_salen; 2381 #ifdef ICL_KERNEL_PROXY 2382 int connection_id; 2383 int portal_id; 2384 #endif 2385 fd_set fdset; 2386 int error, nfds, client_fd; 2387 2388 pidfile_write(conf->conf_pidfh); 2389 2390 for (;;) { 2391 if (sighup_received || sigterm_received || timed_out()) 2392 return; 2393 2394 #ifdef ICL_KERNEL_PROXY 2395 if (proxy_mode) { 2396 client_salen = sizeof(client_sa); 2397 kernel_accept(&connection_id, &portal_id, 2398 (struct sockaddr *)&client_sa, &client_salen); 2399 assert(client_salen >= client_sa.ss_len); 2400 2401 log_debugx("incoming connection, id %d, portal id %d", 2402 connection_id, portal_id); 2403 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 2404 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) { 2405 if (portal->p_id == portal_id) { 2406 goto found; 2407 } 2408 } 2409 } 2410 2411 log_errx(1, "kernel returned invalid portal_id %d", 2412 portal_id); 2413 2414 found: 2415 handle_connection(portal, connection_id, 2416 (struct sockaddr *)&client_sa, dont_fork); 2417 } else { 2418 #endif 2419 assert(proxy_mode == false); 2420 2421 FD_ZERO(&fdset); 2422 nfds = 0; 2423 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 2424 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) 2425 nfds = fd_add(portal->p_socket, &fdset, nfds); 2426 } 2427 error = select(nfds + 1, &fdset, NULL, NULL, NULL); 2428 if (error <= 0) { 2429 if (errno == EINTR) 2430 return; 2431 log_err(1, "select"); 2432 } 2433 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 2434 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) { 2435 if (!FD_ISSET(portal->p_socket, &fdset)) 2436 continue; 2437 client_salen = sizeof(client_sa); 2438 client_fd = accept(portal->p_socket, 2439 (struct sockaddr *)&client_sa, 2440 &client_salen); 2441 if (client_fd < 0) { 2442 if (errno == ECONNABORTED) 2443 continue; 2444 log_err(1, "accept"); 2445 } 2446 assert(client_salen >= client_sa.ss_len); 2447 2448 handle_connection(portal, client_fd, 2449 (struct sockaddr *)&client_sa, 2450 dont_fork); 2451 break; 2452 } 2453 } 2454 #ifdef ICL_KERNEL_PROXY 2455 } 2456 #endif 2457 } 2458 } 2459 2460 static void 2461 sighup_handler(int dummy __unused) 2462 { 2463 2464 sighup_received = true; 2465 } 2466 2467 static void 2468 sigterm_handler(int dummy __unused) 2469 { 2470 2471 sigterm_received = true; 2472 } 2473 2474 static void 2475 sigchld_handler(int dummy __unused) 2476 { 2477 2478 /* 2479 * The only purpose of this handler is to make SIGCHLD 2480 * interrupt the ISCSIDWAIT ioctl(2), so we can call 2481 * wait_for_children(). 2482 */ 2483 } 2484 2485 static void 2486 register_signals(void) 2487 { 2488 struct sigaction sa; 2489 int error; 2490 2491 bzero(&sa, sizeof(sa)); 2492 sa.sa_handler = sighup_handler; 2493 sigfillset(&sa.sa_mask); 2494 error = sigaction(SIGHUP, &sa, NULL); 2495 if (error != 0) 2496 log_err(1, "sigaction"); 2497 2498 sa.sa_handler = sigterm_handler; 2499 error = sigaction(SIGTERM, &sa, NULL); 2500 if (error != 0) 2501 log_err(1, "sigaction"); 2502 2503 sa.sa_handler = sigterm_handler; 2504 error = sigaction(SIGINT, &sa, NULL); 2505 if (error != 0) 2506 log_err(1, "sigaction"); 2507 2508 sa.sa_handler = sigchld_handler; 2509 error = sigaction(SIGCHLD, &sa, NULL); 2510 if (error != 0) 2511 log_err(1, "sigaction"); 2512 } 2513 2514 static void 2515 check_perms(const char *path) 2516 { 2517 struct stat sb; 2518 int error; 2519 2520 error = stat(path, &sb); 2521 if (error != 0) { 2522 log_warn("stat"); 2523 return; 2524 } 2525 if (sb.st_mode & S_IWOTH) { 2526 log_warnx("%s is world-writable", path); 2527 } else if (sb.st_mode & S_IROTH) { 2528 log_warnx("%s is world-readable", path); 2529 } else if (sb.st_mode & S_IXOTH) { 2530 /* 2531 * Ok, this one doesn't matter, but still do it, 2532 * just for consistency. 2533 */ 2534 log_warnx("%s is world-executable", path); 2535 } 2536 2537 /* 2538 * XXX: Should we also check for owner != 0? 2539 */ 2540 } 2541 2542 static struct conf * 2543 conf_new_from_file(const char *path, struct conf *oldconf, bool ucl) 2544 { 2545 struct conf *conf; 2546 struct auth_group *ag; 2547 struct portal_group *pg; 2548 struct pport *pp; 2549 int error; 2550 2551 log_debugx("obtaining configuration from %s", path); 2552 2553 conf = conf_new(); 2554 2555 TAILQ_FOREACH(pp, &oldconf->conf_pports, pp_next) 2556 pport_copy(pp, conf); 2557 2558 ag = auth_group_new(conf, "default"); 2559 assert(ag != NULL); 2560 2561 ag = auth_group_new(conf, "no-authentication"); 2562 assert(ag != NULL); 2563 ag->ag_type = AG_TYPE_NO_AUTHENTICATION; 2564 2565 ag = auth_group_new(conf, "no-access"); 2566 assert(ag != NULL); 2567 ag->ag_type = AG_TYPE_DENY; 2568 2569 pg = portal_group_new(conf, "default"); 2570 assert(pg != NULL); 2571 2572 if (ucl) 2573 error = uclparse_conf(conf, path); 2574 else 2575 error = parse_conf(conf, path); 2576 2577 if (error != 0) { 2578 conf_delete(conf); 2579 return (NULL); 2580 } 2581 2582 check_perms(path); 2583 2584 if (conf->conf_default_ag_defined == false) { 2585 log_debugx("auth-group \"default\" not defined; " 2586 "going with defaults"); 2587 ag = auth_group_find(conf, "default"); 2588 assert(ag != NULL); 2589 ag->ag_type = AG_TYPE_DENY; 2590 } 2591 2592 if (conf->conf_default_pg_defined == false) { 2593 log_debugx("portal-group \"default\" not defined; " 2594 "going with defaults"); 2595 pg = portal_group_find(conf, "default"); 2596 assert(pg != NULL); 2597 portal_group_add_listen(pg, "0.0.0.0:3260", false); 2598 portal_group_add_listen(pg, "[::]:3260", false); 2599 } 2600 2601 conf->conf_kernel_port_on = true; 2602 2603 error = conf_verify(conf); 2604 if (error != 0) { 2605 conf_delete(conf); 2606 return (NULL); 2607 } 2608 2609 return (conf); 2610 } 2611 2612 int 2613 main(int argc, char **argv) 2614 { 2615 struct conf *oldconf, *newconf, *tmpconf; 2616 struct isns *newns; 2617 const char *config_path = DEFAULT_CONFIG_PATH; 2618 int debug = 0, ch, error; 2619 bool dont_daemonize = false; 2620 bool use_ucl = false; 2621 2622 while ((ch = getopt(argc, argv, "duf:R")) != -1) { 2623 switch (ch) { 2624 case 'd': 2625 dont_daemonize = true; 2626 debug++; 2627 break; 2628 case 'u': 2629 use_ucl = true; 2630 break; 2631 case 'f': 2632 config_path = optarg; 2633 break; 2634 case 'R': 2635 #ifndef ICL_KERNEL_PROXY 2636 log_errx(1, "ctld(8) compiled without ICL_KERNEL_PROXY " 2637 "does not support iSER protocol"); 2638 #endif 2639 proxy_mode = true; 2640 break; 2641 case '?': 2642 default: 2643 usage(); 2644 } 2645 } 2646 argc -= optind; 2647 if (argc != 0) 2648 usage(); 2649 2650 log_init(debug); 2651 kernel_init(); 2652 2653 oldconf = conf_new_from_kernel(); 2654 newconf = conf_new_from_file(config_path, oldconf, use_ucl); 2655 2656 if (newconf == NULL) 2657 log_errx(1, "configuration error; exiting"); 2658 if (debug > 0) { 2659 oldconf->conf_debug = debug; 2660 newconf->conf_debug = debug; 2661 } 2662 2663 error = conf_apply(oldconf, newconf); 2664 if (error != 0) 2665 log_errx(1, "failed to apply configuration; exiting"); 2666 2667 conf_delete(oldconf); 2668 oldconf = NULL; 2669 2670 register_signals(); 2671 2672 if (dont_daemonize == false) { 2673 log_debugx("daemonizing"); 2674 if (daemon(0, 0) == -1) { 2675 log_warn("cannot daemonize"); 2676 pidfile_remove(newconf->conf_pidfh); 2677 exit(1); 2678 } 2679 } 2680 2681 /* Schedule iSNS update */ 2682 if (!TAILQ_EMPTY(&newconf->conf_isns)) 2683 set_timeout((newconf->conf_isns_period + 2) / 3, false); 2684 2685 for (;;) { 2686 main_loop(newconf, dont_daemonize); 2687 if (sighup_received) { 2688 sighup_received = false; 2689 log_debugx("received SIGHUP, reloading configuration"); 2690 tmpconf = conf_new_from_file(config_path, newconf, 2691 use_ucl); 2692 2693 if (tmpconf == NULL) { 2694 log_warnx("configuration error, " 2695 "continuing with old configuration"); 2696 } else { 2697 if (debug > 0) 2698 tmpconf->conf_debug = debug; 2699 oldconf = newconf; 2700 newconf = tmpconf; 2701 error = conf_apply(oldconf, newconf); 2702 if (error != 0) 2703 log_warnx("failed to reload " 2704 "configuration"); 2705 conf_delete(oldconf); 2706 oldconf = NULL; 2707 } 2708 } else if (sigterm_received) { 2709 log_debugx("exiting on signal; " 2710 "reloading empty configuration"); 2711 2712 log_debugx("removing CTL iSCSI ports " 2713 "and terminating all connections"); 2714 2715 oldconf = newconf; 2716 newconf = conf_new(); 2717 if (debug > 0) 2718 newconf->conf_debug = debug; 2719 error = conf_apply(oldconf, newconf); 2720 if (error != 0) 2721 log_warnx("failed to apply configuration"); 2722 conf_delete(oldconf); 2723 oldconf = NULL; 2724 2725 log_warnx("exiting on signal"); 2726 exit(0); 2727 } else { 2728 nchildren -= wait_for_children(false); 2729 assert(nchildren >= 0); 2730 if (timed_out()) { 2731 set_timeout(0, false); 2732 TAILQ_FOREACH(newns, &newconf->conf_isns, i_next) 2733 isns_check(newns); 2734 /* Schedule iSNS update */ 2735 if (!TAILQ_EMPTY(&newconf->conf_isns)) { 2736 set_timeout((newconf->conf_isns_period 2737 + 2) / 3, 2738 false); 2739 } 2740 } 2741 } 2742 } 2743 /* NOTREACHED */ 2744 } 2745