1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2012 The FreeBSD Foundation 5 * All rights reserved. 6 * 7 * This software was developed by Edward Tomasz Napierala under sponsorship 8 * from the FreeBSD Foundation. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 * 31 */ 32 33 #include <sys/cdefs.h> 34 __FBSDID("$FreeBSD$"); 35 36 #include <sys/types.h> 37 #include <sys/time.h> 38 #include <sys/socket.h> 39 #include <sys/stat.h> 40 #include <sys/wait.h> 41 #include <netinet/in.h> 42 #include <arpa/inet.h> 43 #include <assert.h> 44 #include <ctype.h> 45 #include <errno.h> 46 #include <netdb.h> 47 #include <signal.h> 48 #include <stdbool.h> 49 #include <stdio.h> 50 #include <stdint.h> 51 #include <stdlib.h> 52 #include <string.h> 53 #include <unistd.h> 54 55 #include "ctld.h" 56 #include "isns.h" 57 58 bool proxy_mode = false; 59 60 static volatile bool sighup_received = false; 61 static volatile bool sigterm_received = false; 62 static volatile bool sigalrm_received = false; 63 64 static int nchildren = 0; 65 static uint16_t last_portal_group_tag = 0xff; 66 67 static void 68 usage(void) 69 { 70 71 fprintf(stderr, "usage: ctld [-d][-u][-f config-file]\n"); 72 fprintf(stderr, " ctld -t [-u][-f config-file]\n"); 73 exit(1); 74 } 75 76 char * 77 checked_strdup(const char *s) 78 { 79 char *c; 80 81 c = strdup(s); 82 if (c == NULL) 83 log_err(1, "strdup"); 84 return (c); 85 } 86 87 struct conf * 88 conf_new(void) 89 { 90 struct conf *conf; 91 92 conf = calloc(1, sizeof(*conf)); 93 if (conf == NULL) 94 log_err(1, "calloc"); 95 TAILQ_INIT(&conf->conf_luns); 96 TAILQ_INIT(&conf->conf_targets); 97 TAILQ_INIT(&conf->conf_auth_groups); 98 TAILQ_INIT(&conf->conf_ports); 99 TAILQ_INIT(&conf->conf_portal_groups); 100 TAILQ_INIT(&conf->conf_pports); 101 TAILQ_INIT(&conf->conf_isns); 102 103 conf->conf_isns_period = 900; 104 conf->conf_isns_timeout = 5; 105 conf->conf_debug = 0; 106 conf->conf_timeout = 60; 107 conf->conf_maxproc = 30; 108 109 return (conf); 110 } 111 112 void 113 conf_delete(struct conf *conf) 114 { 115 struct lun *lun, *ltmp; 116 struct target *targ, *tmp; 117 struct auth_group *ag, *cagtmp; 118 struct portal_group *pg, *cpgtmp; 119 struct pport *pp, *pptmp; 120 struct isns *is, *istmp; 121 122 assert(conf->conf_pidfh == NULL); 123 124 TAILQ_FOREACH_SAFE(lun, &conf->conf_luns, l_next, ltmp) 125 lun_delete(lun); 126 TAILQ_FOREACH_SAFE(targ, &conf->conf_targets, t_next, tmp) 127 target_delete(targ); 128 TAILQ_FOREACH_SAFE(ag, &conf->conf_auth_groups, ag_next, cagtmp) 129 auth_group_delete(ag); 130 TAILQ_FOREACH_SAFE(pg, &conf->conf_portal_groups, pg_next, cpgtmp) 131 portal_group_delete(pg); 132 TAILQ_FOREACH_SAFE(pp, &conf->conf_pports, pp_next, pptmp) 133 pport_delete(pp); 134 TAILQ_FOREACH_SAFE(is, &conf->conf_isns, i_next, istmp) 135 isns_delete(is); 136 assert(TAILQ_EMPTY(&conf->conf_ports)); 137 free(conf->conf_pidfile_path); 138 free(conf); 139 } 140 141 static struct auth * 142 auth_new(struct auth_group *ag) 143 { 144 struct auth *auth; 145 146 auth = calloc(1, sizeof(*auth)); 147 if (auth == NULL) 148 log_err(1, "calloc"); 149 auth->a_auth_group = ag; 150 TAILQ_INSERT_TAIL(&ag->ag_auths, auth, a_next); 151 return (auth); 152 } 153 154 static void 155 auth_delete(struct auth *auth) 156 { 157 TAILQ_REMOVE(&auth->a_auth_group->ag_auths, auth, a_next); 158 159 free(auth->a_user); 160 free(auth->a_secret); 161 free(auth->a_mutual_user); 162 free(auth->a_mutual_secret); 163 free(auth); 164 } 165 166 const struct auth * 167 auth_find(const struct auth_group *ag, const char *user) 168 { 169 const struct auth *auth; 170 171 TAILQ_FOREACH(auth, &ag->ag_auths, a_next) { 172 if (strcmp(auth->a_user, user) == 0) 173 return (auth); 174 } 175 176 return (NULL); 177 } 178 179 static void 180 auth_check_secret_length(struct auth *auth) 181 { 182 size_t len; 183 184 len = strlen(auth->a_secret); 185 if (len > 16) { 186 if (auth->a_auth_group->ag_name != NULL) 187 log_warnx("secret for user \"%s\", auth-group \"%s\", " 188 "is too long; it should be at most 16 characters " 189 "long", auth->a_user, auth->a_auth_group->ag_name); 190 else 191 log_warnx("secret for user \"%s\", target \"%s\", " 192 "is too long; it should be at most 16 characters " 193 "long", auth->a_user, 194 auth->a_auth_group->ag_target->t_name); 195 } 196 if (len < 12) { 197 if (auth->a_auth_group->ag_name != NULL) 198 log_warnx("secret for user \"%s\", auth-group \"%s\", " 199 "is too short; it should be at least 12 characters " 200 "long", auth->a_user, 201 auth->a_auth_group->ag_name); 202 else 203 log_warnx("secret for user \"%s\", target \"%s\", " 204 "is too short; it should be at least 12 characters " 205 "long", auth->a_user, 206 auth->a_auth_group->ag_target->t_name); 207 } 208 209 if (auth->a_mutual_secret != NULL) { 210 len = strlen(auth->a_mutual_secret); 211 if (len > 16) { 212 if (auth->a_auth_group->ag_name != NULL) 213 log_warnx("mutual secret for user \"%s\", " 214 "auth-group \"%s\", is too long; it should " 215 "be at most 16 characters long", 216 auth->a_user, auth->a_auth_group->ag_name); 217 else 218 log_warnx("mutual secret for user \"%s\", " 219 "target \"%s\", is too long; it should " 220 "be at most 16 characters long", 221 auth->a_user, 222 auth->a_auth_group->ag_target->t_name); 223 } 224 if (len < 12) { 225 if (auth->a_auth_group->ag_name != NULL) 226 log_warnx("mutual secret for user \"%s\", " 227 "auth-group \"%s\", is too short; it " 228 "should be at least 12 characters long", 229 auth->a_user, auth->a_auth_group->ag_name); 230 else 231 log_warnx("mutual secret for user \"%s\", " 232 "target \"%s\", is too short; it should be " 233 "at least 12 characters long", 234 auth->a_user, 235 auth->a_auth_group->ag_target->t_name); 236 } 237 } 238 } 239 240 const struct auth * 241 auth_new_chap(struct auth_group *ag, const char *user, 242 const char *secret) 243 { 244 struct auth *auth; 245 246 if (ag->ag_type == AG_TYPE_UNKNOWN) 247 ag->ag_type = AG_TYPE_CHAP; 248 if (ag->ag_type != AG_TYPE_CHAP) { 249 if (ag->ag_name != NULL) 250 log_warnx("cannot mix \"chap\" authentication with " 251 "other types for auth-group \"%s\"", ag->ag_name); 252 else 253 log_warnx("cannot mix \"chap\" authentication with " 254 "other types for target \"%s\"", 255 ag->ag_target->t_name); 256 return (NULL); 257 } 258 259 auth = auth_new(ag); 260 auth->a_user = checked_strdup(user); 261 auth->a_secret = checked_strdup(secret); 262 263 auth_check_secret_length(auth); 264 265 return (auth); 266 } 267 268 const struct auth * 269 auth_new_chap_mutual(struct auth_group *ag, const char *user, 270 const char *secret, const char *user2, const char *secret2) 271 { 272 struct auth *auth; 273 274 if (ag->ag_type == AG_TYPE_UNKNOWN) 275 ag->ag_type = AG_TYPE_CHAP_MUTUAL; 276 if (ag->ag_type != AG_TYPE_CHAP_MUTUAL) { 277 if (ag->ag_name != NULL) 278 log_warnx("cannot mix \"chap-mutual\" authentication " 279 "with other types for auth-group \"%s\"", 280 ag->ag_name); 281 else 282 log_warnx("cannot mix \"chap-mutual\" authentication " 283 "with other types for target \"%s\"", 284 ag->ag_target->t_name); 285 return (NULL); 286 } 287 288 auth = auth_new(ag); 289 auth->a_user = checked_strdup(user); 290 auth->a_secret = checked_strdup(secret); 291 auth->a_mutual_user = checked_strdup(user2); 292 auth->a_mutual_secret = checked_strdup(secret2); 293 294 auth_check_secret_length(auth); 295 296 return (auth); 297 } 298 299 const struct auth_name * 300 auth_name_new(struct auth_group *ag, const char *name) 301 { 302 struct auth_name *an; 303 304 an = calloc(1, sizeof(*an)); 305 if (an == NULL) 306 log_err(1, "calloc"); 307 an->an_auth_group = ag; 308 an->an_initator_name = checked_strdup(name); 309 TAILQ_INSERT_TAIL(&ag->ag_names, an, an_next); 310 return (an); 311 } 312 313 static void 314 auth_name_delete(struct auth_name *an) 315 { 316 TAILQ_REMOVE(&an->an_auth_group->ag_names, an, an_next); 317 318 free(an->an_initator_name); 319 free(an); 320 } 321 322 bool 323 auth_name_defined(const struct auth_group *ag) 324 { 325 if (TAILQ_EMPTY(&ag->ag_names)) 326 return (false); 327 return (true); 328 } 329 330 const struct auth_name * 331 auth_name_find(const struct auth_group *ag, const char *name) 332 { 333 const struct auth_name *auth_name; 334 335 TAILQ_FOREACH(auth_name, &ag->ag_names, an_next) { 336 if (strcmp(auth_name->an_initator_name, name) == 0) 337 return (auth_name); 338 } 339 340 return (NULL); 341 } 342 343 int 344 auth_name_check(const struct auth_group *ag, const char *initiator_name) 345 { 346 if (!auth_name_defined(ag)) 347 return (0); 348 349 if (auth_name_find(ag, initiator_name) == NULL) 350 return (1); 351 352 return (0); 353 } 354 355 const struct auth_portal * 356 auth_portal_new(struct auth_group *ag, const char *portal) 357 { 358 struct auth_portal *ap; 359 char *net, *mask, *str, *tmp; 360 int len, dm, m; 361 362 ap = calloc(1, sizeof(*ap)); 363 if (ap == NULL) 364 log_err(1, "calloc"); 365 ap->ap_auth_group = ag; 366 ap->ap_initator_portal = checked_strdup(portal); 367 mask = str = checked_strdup(portal); 368 net = strsep(&mask, "/"); 369 if (net[0] == '[') 370 net++; 371 len = strlen(net); 372 if (len == 0) 373 goto error; 374 if (net[len - 1] == ']') 375 net[len - 1] = 0; 376 if (strchr(net, ':') != NULL) { 377 struct sockaddr_in6 *sin6 = 378 (struct sockaddr_in6 *)&ap->ap_sa; 379 380 sin6->sin6_len = sizeof(*sin6); 381 sin6->sin6_family = AF_INET6; 382 if (inet_pton(AF_INET6, net, &sin6->sin6_addr) <= 0) 383 goto error; 384 dm = 128; 385 } else { 386 struct sockaddr_in *sin = 387 (struct sockaddr_in *)&ap->ap_sa; 388 389 sin->sin_len = sizeof(*sin); 390 sin->sin_family = AF_INET; 391 if (inet_pton(AF_INET, net, &sin->sin_addr) <= 0) 392 goto error; 393 dm = 32; 394 } 395 if (mask != NULL) { 396 m = strtol(mask, &tmp, 0); 397 if (m < 0 || m > dm || tmp[0] != 0) 398 goto error; 399 } else 400 m = dm; 401 ap->ap_mask = m; 402 free(str); 403 TAILQ_INSERT_TAIL(&ag->ag_portals, ap, ap_next); 404 return (ap); 405 406 error: 407 free(str); 408 free(ap); 409 log_warnx("incorrect initiator portal \"%s\"", portal); 410 return (NULL); 411 } 412 413 static void 414 auth_portal_delete(struct auth_portal *ap) 415 { 416 TAILQ_REMOVE(&ap->ap_auth_group->ag_portals, ap, ap_next); 417 418 free(ap->ap_initator_portal); 419 free(ap); 420 } 421 422 bool 423 auth_portal_defined(const struct auth_group *ag) 424 { 425 if (TAILQ_EMPTY(&ag->ag_portals)) 426 return (false); 427 return (true); 428 } 429 430 const struct auth_portal * 431 auth_portal_find(const struct auth_group *ag, const struct sockaddr_storage *ss) 432 { 433 const struct auth_portal *ap; 434 const uint8_t *a, *b; 435 int i; 436 uint8_t bmask; 437 438 TAILQ_FOREACH(ap, &ag->ag_portals, ap_next) { 439 if (ap->ap_sa.ss_family != ss->ss_family) 440 continue; 441 if (ss->ss_family == AF_INET) { 442 a = (const uint8_t *) 443 &((const struct sockaddr_in *)ss)->sin_addr; 444 b = (const uint8_t *) 445 &((const struct sockaddr_in *)&ap->ap_sa)->sin_addr; 446 } else { 447 a = (const uint8_t *) 448 &((const struct sockaddr_in6 *)ss)->sin6_addr; 449 b = (const uint8_t *) 450 &((const struct sockaddr_in6 *)&ap->ap_sa)->sin6_addr; 451 } 452 for (i = 0; i < ap->ap_mask / 8; i++) { 453 if (a[i] != b[i]) 454 goto next; 455 } 456 if (ap->ap_mask % 8) { 457 bmask = 0xff << (8 - (ap->ap_mask % 8)); 458 if ((a[i] & bmask) != (b[i] & bmask)) 459 goto next; 460 } 461 return (ap); 462 next: 463 ; 464 } 465 466 return (NULL); 467 } 468 469 int 470 auth_portal_check(const struct auth_group *ag, const struct sockaddr_storage *sa) 471 { 472 473 if (!auth_portal_defined(ag)) 474 return (0); 475 476 if (auth_portal_find(ag, sa) == NULL) 477 return (1); 478 479 return (0); 480 } 481 482 struct auth_group * 483 auth_group_new(struct conf *conf, const char *name) 484 { 485 struct auth_group *ag; 486 487 if (name != NULL) { 488 ag = auth_group_find(conf, name); 489 if (ag != NULL) { 490 log_warnx("duplicated auth-group \"%s\"", name); 491 return (NULL); 492 } 493 } 494 495 ag = calloc(1, sizeof(*ag)); 496 if (ag == NULL) 497 log_err(1, "calloc"); 498 if (name != NULL) 499 ag->ag_name = checked_strdup(name); 500 TAILQ_INIT(&ag->ag_auths); 501 TAILQ_INIT(&ag->ag_names); 502 TAILQ_INIT(&ag->ag_portals); 503 ag->ag_conf = conf; 504 TAILQ_INSERT_TAIL(&conf->conf_auth_groups, ag, ag_next); 505 506 return (ag); 507 } 508 509 void 510 auth_group_delete(struct auth_group *ag) 511 { 512 struct auth *auth, *auth_tmp; 513 struct auth_name *auth_name, *auth_name_tmp; 514 struct auth_portal *auth_portal, *auth_portal_tmp; 515 516 TAILQ_REMOVE(&ag->ag_conf->conf_auth_groups, ag, ag_next); 517 518 TAILQ_FOREACH_SAFE(auth, &ag->ag_auths, a_next, auth_tmp) 519 auth_delete(auth); 520 TAILQ_FOREACH_SAFE(auth_name, &ag->ag_names, an_next, auth_name_tmp) 521 auth_name_delete(auth_name); 522 TAILQ_FOREACH_SAFE(auth_portal, &ag->ag_portals, ap_next, 523 auth_portal_tmp) 524 auth_portal_delete(auth_portal); 525 free(ag->ag_name); 526 free(ag); 527 } 528 529 struct auth_group * 530 auth_group_find(const struct conf *conf, const char *name) 531 { 532 struct auth_group *ag; 533 534 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) { 535 if (ag->ag_name != NULL && strcmp(ag->ag_name, name) == 0) 536 return (ag); 537 } 538 539 return (NULL); 540 } 541 542 int 543 auth_group_set_type(struct auth_group *ag, const char *str) 544 { 545 int type; 546 547 if (strcmp(str, "none") == 0) { 548 type = AG_TYPE_NO_AUTHENTICATION; 549 } else if (strcmp(str, "deny") == 0) { 550 type = AG_TYPE_DENY; 551 } else if (strcmp(str, "chap") == 0) { 552 type = AG_TYPE_CHAP; 553 } else if (strcmp(str, "chap-mutual") == 0) { 554 type = AG_TYPE_CHAP_MUTUAL; 555 } else { 556 if (ag->ag_name != NULL) 557 log_warnx("invalid auth-type \"%s\" for auth-group " 558 "\"%s\"", str, ag->ag_name); 559 else 560 log_warnx("invalid auth-type \"%s\" for target " 561 "\"%s\"", str, ag->ag_target->t_name); 562 return (1); 563 } 564 565 if (ag->ag_type != AG_TYPE_UNKNOWN && ag->ag_type != type) { 566 if (ag->ag_name != NULL) { 567 log_warnx("cannot set auth-type to \"%s\" for " 568 "auth-group \"%s\"; already has a different " 569 "type", str, ag->ag_name); 570 } else { 571 log_warnx("cannot set auth-type to \"%s\" for target " 572 "\"%s\"; already has a different type", 573 str, ag->ag_target->t_name); 574 } 575 return (1); 576 } 577 578 ag->ag_type = type; 579 580 return (0); 581 } 582 583 static struct portal * 584 portal_new(struct portal_group *pg) 585 { 586 struct portal *portal; 587 588 portal = calloc(1, sizeof(*portal)); 589 if (portal == NULL) 590 log_err(1, "calloc"); 591 TAILQ_INIT(&portal->p_targets); 592 portal->p_portal_group = pg; 593 TAILQ_INSERT_TAIL(&pg->pg_portals, portal, p_next); 594 return (portal); 595 } 596 597 static void 598 portal_delete(struct portal *portal) 599 { 600 601 TAILQ_REMOVE(&portal->p_portal_group->pg_portals, portal, p_next); 602 if (portal->p_ai != NULL) 603 freeaddrinfo(portal->p_ai); 604 free(portal->p_listen); 605 free(portal); 606 } 607 608 struct portal_group * 609 portal_group_new(struct conf *conf, const char *name) 610 { 611 struct portal_group *pg; 612 613 pg = portal_group_find(conf, name); 614 if (pg != NULL) { 615 log_warnx("duplicated portal-group \"%s\"", name); 616 return (NULL); 617 } 618 619 pg = calloc(1, sizeof(*pg)); 620 if (pg == NULL) 621 log_err(1, "calloc"); 622 pg->pg_name = checked_strdup(name); 623 TAILQ_INIT(&pg->pg_options); 624 TAILQ_INIT(&pg->pg_portals); 625 TAILQ_INIT(&pg->pg_ports); 626 pg->pg_conf = conf; 627 pg->pg_tag = 0; /* Assigned later in conf_apply(). */ 628 pg->pg_dscp = -1; 629 TAILQ_INSERT_TAIL(&conf->conf_portal_groups, pg, pg_next); 630 631 return (pg); 632 } 633 634 void 635 portal_group_delete(struct portal_group *pg) 636 { 637 struct portal *portal, *tmp; 638 struct port *port, *tport; 639 struct option *o, *otmp; 640 641 TAILQ_FOREACH_SAFE(port, &pg->pg_ports, p_pgs, tport) 642 port_delete(port); 643 TAILQ_REMOVE(&pg->pg_conf->conf_portal_groups, pg, pg_next); 644 645 TAILQ_FOREACH_SAFE(portal, &pg->pg_portals, p_next, tmp) 646 portal_delete(portal); 647 TAILQ_FOREACH_SAFE(o, &pg->pg_options, o_next, otmp) 648 option_delete(&pg->pg_options, o); 649 free(pg->pg_name); 650 free(pg->pg_offload); 651 free(pg->pg_redirection); 652 free(pg); 653 } 654 655 struct portal_group * 656 portal_group_find(const struct conf *conf, const char *name) 657 { 658 struct portal_group *pg; 659 660 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 661 if (strcmp(pg->pg_name, name) == 0) 662 return (pg); 663 } 664 665 return (NULL); 666 } 667 668 static int 669 parse_addr_port(char *arg, const char *def_port, struct addrinfo **ai) 670 { 671 struct addrinfo hints; 672 char *str, *addr, *ch; 673 const char *port; 674 int error, colons = 0; 675 676 str = arg = strdup(arg); 677 if (arg[0] == '[') { 678 /* 679 * IPv6 address in square brackets, perhaps with port. 680 */ 681 arg++; 682 addr = strsep(&arg, "]"); 683 if (arg == NULL) { 684 free(str); 685 return (1); 686 } 687 if (arg[0] == '\0') { 688 port = def_port; 689 } else if (arg[0] == ':') { 690 port = arg + 1; 691 } else { 692 free(str); 693 return (1); 694 } 695 } else { 696 /* 697 * Either IPv6 address without brackets - and without 698 * a port - or IPv4 address. Just count the colons. 699 */ 700 for (ch = arg; *ch != '\0'; ch++) { 701 if (*ch == ':') 702 colons++; 703 } 704 if (colons > 1) { 705 addr = arg; 706 port = def_port; 707 } else { 708 addr = strsep(&arg, ":"); 709 if (arg == NULL) 710 port = def_port; 711 else 712 port = arg; 713 } 714 } 715 716 memset(&hints, 0, sizeof(hints)); 717 hints.ai_family = PF_UNSPEC; 718 hints.ai_socktype = SOCK_STREAM; 719 hints.ai_flags = AI_PASSIVE; 720 error = getaddrinfo(addr, port, &hints, ai); 721 free(str); 722 return ((error != 0) ? 1 : 0); 723 } 724 725 int 726 portal_group_add_listen(struct portal_group *pg, const char *value, bool iser) 727 { 728 struct portal *portal; 729 730 portal = portal_new(pg); 731 portal->p_listen = checked_strdup(value); 732 portal->p_iser = iser; 733 734 if (parse_addr_port(portal->p_listen, "3260", &portal->p_ai)) { 735 log_warnx("invalid listen address %s", portal->p_listen); 736 portal_delete(portal); 737 return (1); 738 } 739 740 /* 741 * XXX: getaddrinfo(3) may return multiple addresses; we should turn 742 * those into multiple portals. 743 */ 744 745 return (0); 746 } 747 748 int 749 isns_new(struct conf *conf, const char *addr) 750 { 751 struct isns *isns; 752 753 isns = calloc(1, sizeof(*isns)); 754 if (isns == NULL) 755 log_err(1, "calloc"); 756 isns->i_conf = conf; 757 TAILQ_INSERT_TAIL(&conf->conf_isns, isns, i_next); 758 isns->i_addr = checked_strdup(addr); 759 760 if (parse_addr_port(isns->i_addr, "3205", &isns->i_ai)) { 761 log_warnx("invalid iSNS address %s", isns->i_addr); 762 isns_delete(isns); 763 return (1); 764 } 765 766 /* 767 * XXX: getaddrinfo(3) may return multiple addresses; we should turn 768 * those into multiple servers. 769 */ 770 771 return (0); 772 } 773 774 void 775 isns_delete(struct isns *isns) 776 { 777 778 TAILQ_REMOVE(&isns->i_conf->conf_isns, isns, i_next); 779 free(isns->i_addr); 780 if (isns->i_ai != NULL) 781 freeaddrinfo(isns->i_ai); 782 free(isns); 783 } 784 785 static int 786 isns_do_connect(struct isns *isns) 787 { 788 int s; 789 790 s = socket(isns->i_ai->ai_family, isns->i_ai->ai_socktype, 791 isns->i_ai->ai_protocol); 792 if (s < 0) { 793 log_warn("socket(2) failed for %s", isns->i_addr); 794 return (-1); 795 } 796 if (connect(s, isns->i_ai->ai_addr, isns->i_ai->ai_addrlen)) { 797 log_warn("connect(2) failed for %s", isns->i_addr); 798 close(s); 799 return (-1); 800 } 801 return(s); 802 } 803 804 static int 805 isns_do_register(struct isns *isns, int s, const char *hostname) 806 { 807 struct conf *conf = isns->i_conf; 808 struct target *target; 809 struct portal *portal; 810 struct portal_group *pg; 811 struct port *port; 812 struct isns_req *req; 813 int res = 0; 814 uint32_t error; 815 816 req = isns_req_create(ISNS_FUNC_DEVATTRREG, ISNS_FLAG_CLIENT); 817 isns_req_add_str(req, 32, TAILQ_FIRST(&conf->conf_targets)->t_name); 818 isns_req_add_delim(req); 819 isns_req_add_str(req, 1, hostname); 820 isns_req_add_32(req, 2, 2); /* 2 -- iSCSI */ 821 isns_req_add_32(req, 6, conf->conf_isns_period); 822 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 823 if (pg->pg_unassigned) 824 continue; 825 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) { 826 isns_req_add_addr(req, 16, portal->p_ai); 827 isns_req_add_port(req, 17, portal->p_ai); 828 } 829 } 830 TAILQ_FOREACH(target, &conf->conf_targets, t_next) { 831 isns_req_add_str(req, 32, target->t_name); 832 isns_req_add_32(req, 33, 1); /* 1 -- Target*/ 833 if (target->t_alias != NULL) 834 isns_req_add_str(req, 34, target->t_alias); 835 TAILQ_FOREACH(port, &target->t_ports, p_ts) { 836 if ((pg = port->p_portal_group) == NULL) 837 continue; 838 isns_req_add_32(req, 51, pg->pg_tag); 839 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) { 840 isns_req_add_addr(req, 49, portal->p_ai); 841 isns_req_add_port(req, 50, portal->p_ai); 842 } 843 } 844 } 845 res = isns_req_send(s, req); 846 if (res < 0) { 847 log_warn("send(2) failed for %s", isns->i_addr); 848 goto quit; 849 } 850 res = isns_req_receive(s, req); 851 if (res < 0) { 852 log_warn("receive(2) failed for %s", isns->i_addr); 853 goto quit; 854 } 855 error = isns_req_get_status(req); 856 if (error != 0) { 857 log_warnx("iSNS register error %d for %s", error, isns->i_addr); 858 res = -1; 859 } 860 quit: 861 isns_req_free(req); 862 return (res); 863 } 864 865 static int 866 isns_do_check(struct isns *isns, int s, const char *hostname) 867 { 868 struct conf *conf = isns->i_conf; 869 struct isns_req *req; 870 int res = 0; 871 uint32_t error; 872 873 req = isns_req_create(ISNS_FUNC_DEVATTRQRY, ISNS_FLAG_CLIENT); 874 isns_req_add_str(req, 32, TAILQ_FIRST(&conf->conf_targets)->t_name); 875 isns_req_add_str(req, 1, hostname); 876 isns_req_add_delim(req); 877 isns_req_add(req, 2, 0, NULL); 878 res = isns_req_send(s, req); 879 if (res < 0) { 880 log_warn("send(2) failed for %s", isns->i_addr); 881 goto quit; 882 } 883 res = isns_req_receive(s, req); 884 if (res < 0) { 885 log_warn("receive(2) failed for %s", isns->i_addr); 886 goto quit; 887 } 888 error = isns_req_get_status(req); 889 if (error != 0) { 890 log_warnx("iSNS check error %d for %s", error, isns->i_addr); 891 res = -1; 892 } 893 quit: 894 isns_req_free(req); 895 return (res); 896 } 897 898 static int 899 isns_do_deregister(struct isns *isns, int s, const char *hostname) 900 { 901 struct conf *conf = isns->i_conf; 902 struct isns_req *req; 903 int res = 0; 904 uint32_t error; 905 906 req = isns_req_create(ISNS_FUNC_DEVDEREG, ISNS_FLAG_CLIENT); 907 isns_req_add_str(req, 32, TAILQ_FIRST(&conf->conf_targets)->t_name); 908 isns_req_add_delim(req); 909 isns_req_add_str(req, 1, hostname); 910 res = isns_req_send(s, req); 911 if (res < 0) { 912 log_warn("send(2) failed for %s", isns->i_addr); 913 goto quit; 914 } 915 res = isns_req_receive(s, req); 916 if (res < 0) { 917 log_warn("receive(2) failed for %s", isns->i_addr); 918 goto quit; 919 } 920 error = isns_req_get_status(req); 921 if (error != 0) { 922 log_warnx("iSNS deregister error %d for %s", error, isns->i_addr); 923 res = -1; 924 } 925 quit: 926 isns_req_free(req); 927 return (res); 928 } 929 930 void 931 isns_register(struct isns *isns, struct isns *oldisns) 932 { 933 struct conf *conf = isns->i_conf; 934 int s; 935 char hostname[256]; 936 937 if (TAILQ_EMPTY(&conf->conf_targets) || 938 TAILQ_EMPTY(&conf->conf_portal_groups)) 939 return; 940 set_timeout(conf->conf_isns_timeout, false); 941 s = isns_do_connect(isns); 942 if (s < 0) { 943 set_timeout(0, false); 944 return; 945 } 946 gethostname(hostname, sizeof(hostname)); 947 948 if (oldisns == NULL || TAILQ_EMPTY(&oldisns->i_conf->conf_targets)) 949 oldisns = isns; 950 isns_do_deregister(oldisns, s, hostname); 951 isns_do_register(isns, s, hostname); 952 close(s); 953 set_timeout(0, false); 954 } 955 956 void 957 isns_check(struct isns *isns) 958 { 959 struct conf *conf = isns->i_conf; 960 int s, res; 961 char hostname[256]; 962 963 if (TAILQ_EMPTY(&conf->conf_targets) || 964 TAILQ_EMPTY(&conf->conf_portal_groups)) 965 return; 966 set_timeout(conf->conf_isns_timeout, false); 967 s = isns_do_connect(isns); 968 if (s < 0) { 969 set_timeout(0, false); 970 return; 971 } 972 gethostname(hostname, sizeof(hostname)); 973 974 res = isns_do_check(isns, s, hostname); 975 if (res < 0) { 976 isns_do_deregister(isns, s, hostname); 977 isns_do_register(isns, s, hostname); 978 } 979 close(s); 980 set_timeout(0, false); 981 } 982 983 void 984 isns_deregister(struct isns *isns) 985 { 986 struct conf *conf = isns->i_conf; 987 int s; 988 char hostname[256]; 989 990 if (TAILQ_EMPTY(&conf->conf_targets) || 991 TAILQ_EMPTY(&conf->conf_portal_groups)) 992 return; 993 set_timeout(conf->conf_isns_timeout, false); 994 s = isns_do_connect(isns); 995 if (s < 0) 996 return; 997 gethostname(hostname, sizeof(hostname)); 998 999 isns_do_deregister(isns, s, hostname); 1000 close(s); 1001 set_timeout(0, false); 1002 } 1003 1004 int 1005 portal_group_set_filter(struct portal_group *pg, const char *str) 1006 { 1007 int filter; 1008 1009 if (strcmp(str, "none") == 0) { 1010 filter = PG_FILTER_NONE; 1011 } else if (strcmp(str, "portal") == 0) { 1012 filter = PG_FILTER_PORTAL; 1013 } else if (strcmp(str, "portal-name") == 0) { 1014 filter = PG_FILTER_PORTAL_NAME; 1015 } else if (strcmp(str, "portal-name-auth") == 0) { 1016 filter = PG_FILTER_PORTAL_NAME_AUTH; 1017 } else { 1018 log_warnx("invalid discovery-filter \"%s\" for portal-group " 1019 "\"%s\"; valid values are \"none\", \"portal\", " 1020 "\"portal-name\", and \"portal-name-auth\"", 1021 str, pg->pg_name); 1022 return (1); 1023 } 1024 1025 if (pg->pg_discovery_filter != PG_FILTER_UNKNOWN && 1026 pg->pg_discovery_filter != filter) { 1027 log_warnx("cannot set discovery-filter to \"%s\" for " 1028 "portal-group \"%s\"; already has a different " 1029 "value", str, pg->pg_name); 1030 return (1); 1031 } 1032 1033 pg->pg_discovery_filter = filter; 1034 1035 return (0); 1036 } 1037 1038 int 1039 portal_group_set_offload(struct portal_group *pg, const char *offload) 1040 { 1041 1042 if (pg->pg_offload != NULL) { 1043 log_warnx("cannot set offload to \"%s\" for " 1044 "portal-group \"%s\"; already defined", 1045 offload, pg->pg_name); 1046 return (1); 1047 } 1048 1049 pg->pg_offload = checked_strdup(offload); 1050 1051 return (0); 1052 } 1053 1054 int 1055 portal_group_set_redirection(struct portal_group *pg, const char *addr) 1056 { 1057 1058 if (pg->pg_redirection != NULL) { 1059 log_warnx("cannot set redirection to \"%s\" for " 1060 "portal-group \"%s\"; already defined", 1061 addr, pg->pg_name); 1062 return (1); 1063 } 1064 1065 pg->pg_redirection = checked_strdup(addr); 1066 1067 return (0); 1068 } 1069 1070 static bool 1071 valid_hex(const char ch) 1072 { 1073 switch (ch) { 1074 case '0': 1075 case '1': 1076 case '2': 1077 case '3': 1078 case '4': 1079 case '5': 1080 case '6': 1081 case '7': 1082 case '8': 1083 case '9': 1084 case 'a': 1085 case 'A': 1086 case 'b': 1087 case 'B': 1088 case 'c': 1089 case 'C': 1090 case 'd': 1091 case 'D': 1092 case 'e': 1093 case 'E': 1094 case 'f': 1095 case 'F': 1096 return (true); 1097 default: 1098 return (false); 1099 } 1100 } 1101 1102 bool 1103 valid_iscsi_name(const char *name) 1104 { 1105 int i; 1106 1107 if (strlen(name) >= MAX_NAME_LEN) { 1108 log_warnx("overlong name for target \"%s\"; max length allowed " 1109 "by iSCSI specification is %d characters", 1110 name, MAX_NAME_LEN); 1111 return (false); 1112 } 1113 1114 /* 1115 * In the cases below, we don't return an error, just in case the admin 1116 * was right, and we're wrong. 1117 */ 1118 if (strncasecmp(name, "iqn.", strlen("iqn.")) == 0) { 1119 for (i = strlen("iqn."); name[i] != '\0'; i++) { 1120 /* 1121 * XXX: We should verify UTF-8 normalisation, as defined 1122 * by 3.2.6.2: iSCSI Name Encoding. 1123 */ 1124 if (isalnum(name[i])) 1125 continue; 1126 if (name[i] == '-' || name[i] == '.' || name[i] == ':') 1127 continue; 1128 log_warnx("invalid character \"%c\" in target name " 1129 "\"%s\"; allowed characters are letters, digits, " 1130 "'-', '.', and ':'", name[i], name); 1131 break; 1132 } 1133 /* 1134 * XXX: Check more stuff: valid date and a valid reversed domain. 1135 */ 1136 } else if (strncasecmp(name, "eui.", strlen("eui.")) == 0) { 1137 if (strlen(name) != strlen("eui.") + 16) 1138 log_warnx("invalid target name \"%s\"; the \"eui.\" " 1139 "should be followed by exactly 16 hexadecimal " 1140 "digits", name); 1141 for (i = strlen("eui."); name[i] != '\0'; i++) { 1142 if (!valid_hex(name[i])) { 1143 log_warnx("invalid character \"%c\" in target " 1144 "name \"%s\"; allowed characters are 1-9 " 1145 "and A-F", name[i], name); 1146 break; 1147 } 1148 } 1149 } else if (strncasecmp(name, "naa.", strlen("naa.")) == 0) { 1150 if (strlen(name) > strlen("naa.") + 32) 1151 log_warnx("invalid target name \"%s\"; the \"naa.\" " 1152 "should be followed by at most 32 hexadecimal " 1153 "digits", name); 1154 for (i = strlen("naa."); name[i] != '\0'; i++) { 1155 if (!valid_hex(name[i])) { 1156 log_warnx("invalid character \"%c\" in target " 1157 "name \"%s\"; allowed characters are 1-9 " 1158 "and A-F", name[i], name); 1159 break; 1160 } 1161 } 1162 } else { 1163 log_warnx("invalid target name \"%s\"; should start with " 1164 "either \"iqn.\", \"eui.\", or \"naa.\"", 1165 name); 1166 } 1167 return (true); 1168 } 1169 1170 struct pport * 1171 pport_new(struct conf *conf, const char *name, uint32_t ctl_port) 1172 { 1173 struct pport *pp; 1174 1175 pp = calloc(1, sizeof(*pp)); 1176 if (pp == NULL) 1177 log_err(1, "calloc"); 1178 pp->pp_conf = conf; 1179 pp->pp_name = checked_strdup(name); 1180 pp->pp_ctl_port = ctl_port; 1181 TAILQ_INIT(&pp->pp_ports); 1182 TAILQ_INSERT_TAIL(&conf->conf_pports, pp, pp_next); 1183 return (pp); 1184 } 1185 1186 struct pport * 1187 pport_find(const struct conf *conf, const char *name) 1188 { 1189 struct pport *pp; 1190 1191 TAILQ_FOREACH(pp, &conf->conf_pports, pp_next) { 1192 if (strcasecmp(pp->pp_name, name) == 0) 1193 return (pp); 1194 } 1195 return (NULL); 1196 } 1197 1198 struct pport * 1199 pport_copy(struct pport *pp, struct conf *conf) 1200 { 1201 struct pport *ppnew; 1202 1203 ppnew = pport_new(conf, pp->pp_name, pp->pp_ctl_port); 1204 return (ppnew); 1205 } 1206 1207 void 1208 pport_delete(struct pport *pp) 1209 { 1210 struct port *port, *tport; 1211 1212 TAILQ_FOREACH_SAFE(port, &pp->pp_ports, p_ts, tport) 1213 port_delete(port); 1214 TAILQ_REMOVE(&pp->pp_conf->conf_pports, pp, pp_next); 1215 free(pp->pp_name); 1216 free(pp); 1217 } 1218 1219 struct port * 1220 port_new(struct conf *conf, struct target *target, struct portal_group *pg) 1221 { 1222 struct port *port; 1223 char *name; 1224 int ret; 1225 1226 ret = asprintf(&name, "%s-%s", pg->pg_name, target->t_name); 1227 if (ret <= 0) 1228 log_err(1, "asprintf"); 1229 if (port_find(conf, name) != NULL) { 1230 log_warnx("duplicate port \"%s\"", name); 1231 free(name); 1232 return (NULL); 1233 } 1234 port = calloc(1, sizeof(*port)); 1235 if (port == NULL) 1236 log_err(1, "calloc"); 1237 port->p_conf = conf; 1238 port->p_name = name; 1239 port->p_ioctl_port = 0; 1240 TAILQ_INSERT_TAIL(&conf->conf_ports, port, p_next); 1241 TAILQ_INSERT_TAIL(&target->t_ports, port, p_ts); 1242 port->p_target = target; 1243 TAILQ_INSERT_TAIL(&pg->pg_ports, port, p_pgs); 1244 port->p_portal_group = pg; 1245 return (port); 1246 } 1247 1248 struct port * 1249 port_new_ioctl(struct conf *conf, struct target *target, int pp, int vp) 1250 { 1251 struct pport *pport; 1252 struct port *port; 1253 char *pname; 1254 char *name; 1255 int ret; 1256 1257 ret = asprintf(&pname, "ioctl/%d/%d", pp, vp); 1258 if (ret <= 0) { 1259 log_err(1, "asprintf"); 1260 return (NULL); 1261 } 1262 1263 pport = pport_find(conf, pname); 1264 if (pport != NULL) { 1265 free(pname); 1266 return (port_new_pp(conf, target, pport)); 1267 } 1268 1269 ret = asprintf(&name, "%s-%s", pname, target->t_name); 1270 free(pname); 1271 1272 if (ret <= 0) 1273 log_err(1, "asprintf"); 1274 if (port_find(conf, name) != NULL) { 1275 log_warnx("duplicate port \"%s\"", name); 1276 free(name); 1277 return (NULL); 1278 } 1279 port = calloc(1, sizeof(*port)); 1280 if (port == NULL) 1281 log_err(1, "calloc"); 1282 port->p_conf = conf; 1283 port->p_name = name; 1284 port->p_ioctl_port = 1; 1285 port->p_ioctl_pp = pp; 1286 port->p_ioctl_vp = vp; 1287 TAILQ_INSERT_TAIL(&conf->conf_ports, port, p_next); 1288 TAILQ_INSERT_TAIL(&target->t_ports, port, p_ts); 1289 port->p_target = target; 1290 return (port); 1291 } 1292 1293 struct port * 1294 port_new_pp(struct conf *conf, struct target *target, struct pport *pp) 1295 { 1296 struct port *port; 1297 char *name; 1298 int ret; 1299 1300 ret = asprintf(&name, "%s-%s", pp->pp_name, target->t_name); 1301 if (ret <= 0) 1302 log_err(1, "asprintf"); 1303 if (port_find(conf, name) != NULL) { 1304 log_warnx("duplicate port \"%s\"", name); 1305 free(name); 1306 return (NULL); 1307 } 1308 port = calloc(1, sizeof(*port)); 1309 if (port == NULL) 1310 log_err(1, "calloc"); 1311 port->p_conf = conf; 1312 port->p_name = name; 1313 TAILQ_INSERT_TAIL(&conf->conf_ports, port, p_next); 1314 TAILQ_INSERT_TAIL(&target->t_ports, port, p_ts); 1315 port->p_target = target; 1316 TAILQ_INSERT_TAIL(&pp->pp_ports, port, p_pps); 1317 port->p_pport = pp; 1318 return (port); 1319 } 1320 1321 struct port * 1322 port_find(const struct conf *conf, const char *name) 1323 { 1324 struct port *port; 1325 1326 TAILQ_FOREACH(port, &conf->conf_ports, p_next) { 1327 if (strcasecmp(port->p_name, name) == 0) 1328 return (port); 1329 } 1330 1331 return (NULL); 1332 } 1333 1334 struct port * 1335 port_find_in_pg(const struct portal_group *pg, const char *target) 1336 { 1337 struct port *port; 1338 1339 TAILQ_FOREACH(port, &pg->pg_ports, p_pgs) { 1340 if (strcasecmp(port->p_target->t_name, target) == 0) 1341 return (port); 1342 } 1343 1344 return (NULL); 1345 } 1346 1347 void 1348 port_delete(struct port *port) 1349 { 1350 1351 if (port->p_portal_group) 1352 TAILQ_REMOVE(&port->p_portal_group->pg_ports, port, p_pgs); 1353 if (port->p_pport) 1354 TAILQ_REMOVE(&port->p_pport->pp_ports, port, p_pps); 1355 if (port->p_target) 1356 TAILQ_REMOVE(&port->p_target->t_ports, port, p_ts); 1357 TAILQ_REMOVE(&port->p_conf->conf_ports, port, p_next); 1358 free(port->p_name); 1359 free(port); 1360 } 1361 1362 int 1363 port_is_dummy(struct port *port) 1364 { 1365 1366 if (port->p_portal_group) { 1367 if (port->p_portal_group->pg_foreign) 1368 return (1); 1369 if (TAILQ_EMPTY(&port->p_portal_group->pg_portals)) 1370 return (1); 1371 } 1372 return (0); 1373 } 1374 1375 struct target * 1376 target_new(struct conf *conf, const char *name) 1377 { 1378 struct target *targ; 1379 int i, len; 1380 1381 targ = target_find(conf, name); 1382 if (targ != NULL) { 1383 log_warnx("duplicated target \"%s\"", name); 1384 return (NULL); 1385 } 1386 if (valid_iscsi_name(name) == false) { 1387 log_warnx("target name \"%s\" is invalid", name); 1388 return (NULL); 1389 } 1390 targ = calloc(1, sizeof(*targ)); 1391 if (targ == NULL) 1392 log_err(1, "calloc"); 1393 targ->t_name = checked_strdup(name); 1394 1395 /* 1396 * RFC 3722 requires us to normalize the name to lowercase. 1397 */ 1398 len = strlen(name); 1399 for (i = 0; i < len; i++) 1400 targ->t_name[i] = tolower(targ->t_name[i]); 1401 1402 targ->t_conf = conf; 1403 TAILQ_INIT(&targ->t_ports); 1404 TAILQ_INSERT_TAIL(&conf->conf_targets, targ, t_next); 1405 1406 return (targ); 1407 } 1408 1409 void 1410 target_delete(struct target *targ) 1411 { 1412 struct port *port, *tport; 1413 1414 TAILQ_FOREACH_SAFE(port, &targ->t_ports, p_ts, tport) 1415 port_delete(port); 1416 TAILQ_REMOVE(&targ->t_conf->conf_targets, targ, t_next); 1417 1418 free(targ->t_name); 1419 free(targ->t_redirection); 1420 free(targ); 1421 } 1422 1423 struct target * 1424 target_find(struct conf *conf, const char *name) 1425 { 1426 struct target *targ; 1427 1428 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 1429 if (strcasecmp(targ->t_name, name) == 0) 1430 return (targ); 1431 } 1432 1433 return (NULL); 1434 } 1435 1436 int 1437 target_set_redirection(struct target *target, const char *addr) 1438 { 1439 1440 if (target->t_redirection != NULL) { 1441 log_warnx("cannot set redirection to \"%s\" for " 1442 "target \"%s\"; already defined", 1443 addr, target->t_name); 1444 return (1); 1445 } 1446 1447 target->t_redirection = checked_strdup(addr); 1448 1449 return (0); 1450 } 1451 1452 struct lun * 1453 lun_new(struct conf *conf, const char *name) 1454 { 1455 struct lun *lun; 1456 1457 lun = lun_find(conf, name); 1458 if (lun != NULL) { 1459 log_warnx("duplicated lun \"%s\"", name); 1460 return (NULL); 1461 } 1462 1463 lun = calloc(1, sizeof(*lun)); 1464 if (lun == NULL) 1465 log_err(1, "calloc"); 1466 lun->l_conf = conf; 1467 lun->l_name = checked_strdup(name); 1468 TAILQ_INIT(&lun->l_options); 1469 TAILQ_INSERT_TAIL(&conf->conf_luns, lun, l_next); 1470 lun->l_ctl_lun = -1; 1471 1472 return (lun); 1473 } 1474 1475 void 1476 lun_delete(struct lun *lun) 1477 { 1478 struct target *targ; 1479 struct option *o, *tmp; 1480 int i; 1481 1482 TAILQ_FOREACH(targ, &lun->l_conf->conf_targets, t_next) { 1483 for (i = 0; i < MAX_LUNS; i++) { 1484 if (targ->t_luns[i] == lun) 1485 targ->t_luns[i] = NULL; 1486 } 1487 } 1488 TAILQ_REMOVE(&lun->l_conf->conf_luns, lun, l_next); 1489 1490 TAILQ_FOREACH_SAFE(o, &lun->l_options, o_next, tmp) 1491 option_delete(&lun->l_options, o); 1492 free(lun->l_name); 1493 free(lun->l_backend); 1494 free(lun->l_device_id); 1495 free(lun->l_path); 1496 free(lun->l_scsiname); 1497 free(lun->l_serial); 1498 free(lun); 1499 } 1500 1501 struct lun * 1502 lun_find(const struct conf *conf, const char *name) 1503 { 1504 struct lun *lun; 1505 1506 TAILQ_FOREACH(lun, &conf->conf_luns, l_next) { 1507 if (strcmp(lun->l_name, name) == 0) 1508 return (lun); 1509 } 1510 1511 return (NULL); 1512 } 1513 1514 void 1515 lun_set_backend(struct lun *lun, const char *value) 1516 { 1517 free(lun->l_backend); 1518 lun->l_backend = checked_strdup(value); 1519 } 1520 1521 void 1522 lun_set_blocksize(struct lun *lun, size_t value) 1523 { 1524 1525 lun->l_blocksize = value; 1526 } 1527 1528 void 1529 lun_set_device_type(struct lun *lun, uint8_t value) 1530 { 1531 1532 lun->l_device_type = value; 1533 } 1534 1535 void 1536 lun_set_device_id(struct lun *lun, const char *value) 1537 { 1538 free(lun->l_device_id); 1539 lun->l_device_id = checked_strdup(value); 1540 } 1541 1542 void 1543 lun_set_path(struct lun *lun, const char *value) 1544 { 1545 free(lun->l_path); 1546 lun->l_path = checked_strdup(value); 1547 } 1548 1549 void 1550 lun_set_scsiname(struct lun *lun, const char *value) 1551 { 1552 free(lun->l_scsiname); 1553 lun->l_scsiname = checked_strdup(value); 1554 } 1555 1556 void 1557 lun_set_serial(struct lun *lun, const char *value) 1558 { 1559 free(lun->l_serial); 1560 lun->l_serial = checked_strdup(value); 1561 } 1562 1563 void 1564 lun_set_size(struct lun *lun, size_t value) 1565 { 1566 1567 lun->l_size = value; 1568 } 1569 1570 void 1571 lun_set_ctl_lun(struct lun *lun, uint32_t value) 1572 { 1573 1574 lun->l_ctl_lun = value; 1575 } 1576 1577 struct option * 1578 option_new(struct options *options, const char *name, const char *value) 1579 { 1580 struct option *o; 1581 1582 o = option_find(options, name); 1583 if (o != NULL) { 1584 log_warnx("duplicated option \"%s\"", name); 1585 return (NULL); 1586 } 1587 1588 o = calloc(1, sizeof(*o)); 1589 if (o == NULL) 1590 log_err(1, "calloc"); 1591 o->o_name = checked_strdup(name); 1592 o->o_value = checked_strdup(value); 1593 TAILQ_INSERT_TAIL(options, o, o_next); 1594 1595 return (o); 1596 } 1597 1598 void 1599 option_delete(struct options *options, struct option *o) 1600 { 1601 1602 TAILQ_REMOVE(options, o, o_next); 1603 free(o->o_name); 1604 free(o->o_value); 1605 free(o); 1606 } 1607 1608 struct option * 1609 option_find(const struct options *options, const char *name) 1610 { 1611 struct option *o; 1612 1613 TAILQ_FOREACH(o, options, o_next) { 1614 if (strcmp(o->o_name, name) == 0) 1615 return (o); 1616 } 1617 1618 return (NULL); 1619 } 1620 1621 void 1622 option_set(struct option *o, const char *value) 1623 { 1624 1625 free(o->o_value); 1626 o->o_value = checked_strdup(value); 1627 } 1628 1629 static struct connection * 1630 connection_new(struct portal *portal, int fd, const char *host, 1631 const struct sockaddr *client_sa) 1632 { 1633 struct connection *conn; 1634 1635 conn = calloc(1, sizeof(*conn)); 1636 if (conn == NULL) 1637 log_err(1, "calloc"); 1638 conn->conn_portal = portal; 1639 conn->conn_socket = fd; 1640 conn->conn_initiator_addr = checked_strdup(host); 1641 memcpy(&conn->conn_initiator_sa, client_sa, client_sa->sa_len); 1642 1643 /* 1644 * Default values, from RFC 3720, section 12. 1645 */ 1646 conn->conn_max_recv_data_segment_length = 8192; 1647 conn->conn_max_send_data_segment_length = 8192; 1648 conn->conn_max_burst_length = 262144; 1649 conn->conn_first_burst_length = 65536; 1650 conn->conn_immediate_data = true; 1651 1652 return (conn); 1653 } 1654 1655 #if 0 1656 static void 1657 conf_print(struct conf *conf) 1658 { 1659 struct auth_group *ag; 1660 struct auth *auth; 1661 struct auth_name *auth_name; 1662 struct auth_portal *auth_portal; 1663 struct portal_group *pg; 1664 struct portal *portal; 1665 struct target *targ; 1666 struct lun *lun; 1667 struct option *o; 1668 1669 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) { 1670 fprintf(stderr, "auth-group %s {\n", ag->ag_name); 1671 TAILQ_FOREACH(auth, &ag->ag_auths, a_next) 1672 fprintf(stderr, "\t chap-mutual %s %s %s %s\n", 1673 auth->a_user, auth->a_secret, 1674 auth->a_mutual_user, auth->a_mutual_secret); 1675 TAILQ_FOREACH(auth_name, &ag->ag_names, an_next) 1676 fprintf(stderr, "\t initiator-name %s\n", 1677 auth_name->an_initator_name); 1678 TAILQ_FOREACH(auth_portal, &ag->ag_portals, ap_next) 1679 fprintf(stderr, "\t initiator-portal %s\n", 1680 auth_portal->ap_initator_portal); 1681 fprintf(stderr, "}\n"); 1682 } 1683 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 1684 fprintf(stderr, "portal-group %s {\n", pg->pg_name); 1685 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) 1686 fprintf(stderr, "\t listen %s\n", portal->p_listen); 1687 fprintf(stderr, "}\n"); 1688 } 1689 TAILQ_FOREACH(lun, &conf->conf_luns, l_next) { 1690 fprintf(stderr, "\tlun %s {\n", lun->l_name); 1691 fprintf(stderr, "\t\tpath %s\n", lun->l_path); 1692 TAILQ_FOREACH(o, &lun->l_options, o_next) 1693 fprintf(stderr, "\t\toption %s %s\n", 1694 o->o_name, o->o_value); 1695 fprintf(stderr, "\t}\n"); 1696 } 1697 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 1698 fprintf(stderr, "target %s {\n", targ->t_name); 1699 if (targ->t_alias != NULL) 1700 fprintf(stderr, "\t alias %s\n", targ->t_alias); 1701 fprintf(stderr, "}\n"); 1702 } 1703 } 1704 #endif 1705 1706 static int 1707 conf_verify_lun(struct lun *lun) 1708 { 1709 const struct lun *lun2; 1710 1711 if (lun->l_backend == NULL) 1712 lun_set_backend(lun, "block"); 1713 if (strcmp(lun->l_backend, "block") == 0) { 1714 if (lun->l_path == NULL) { 1715 log_warnx("missing path for lun \"%s\"", 1716 lun->l_name); 1717 return (1); 1718 } 1719 } else if (strcmp(lun->l_backend, "ramdisk") == 0) { 1720 if (lun->l_size == 0) { 1721 log_warnx("missing size for ramdisk-backed lun \"%s\"", 1722 lun->l_name); 1723 return (1); 1724 } 1725 if (lun->l_path != NULL) { 1726 log_warnx("path must not be specified " 1727 "for ramdisk-backed lun \"%s\"", 1728 lun->l_name); 1729 return (1); 1730 } 1731 } 1732 if (lun->l_blocksize == 0) { 1733 if (lun->l_device_type == 5) 1734 lun_set_blocksize(lun, DEFAULT_CD_BLOCKSIZE); 1735 else 1736 lun_set_blocksize(lun, DEFAULT_BLOCKSIZE); 1737 } else if (lun->l_blocksize < 0) { 1738 log_warnx("invalid blocksize for lun \"%s\"; " 1739 "must be larger than 0", lun->l_name); 1740 return (1); 1741 } 1742 if (lun->l_size != 0 && lun->l_size % lun->l_blocksize != 0) { 1743 log_warnx("invalid size for lun \"%s\"; " 1744 "must be multiple of blocksize", lun->l_name); 1745 return (1); 1746 } 1747 TAILQ_FOREACH(lun2, &lun->l_conf->conf_luns, l_next) { 1748 if (lun == lun2) 1749 continue; 1750 if (lun->l_path != NULL && lun2->l_path != NULL && 1751 strcmp(lun->l_path, lun2->l_path) == 0) { 1752 log_debugx("WARNING: path \"%s\" duplicated " 1753 "between lun \"%s\", and " 1754 "lun \"%s\"", lun->l_path, 1755 lun->l_name, lun2->l_name); 1756 } 1757 } 1758 1759 return (0); 1760 } 1761 1762 int 1763 conf_verify(struct conf *conf) 1764 { 1765 struct auth_group *ag; 1766 struct portal_group *pg; 1767 struct port *port; 1768 struct target *targ; 1769 struct lun *lun; 1770 bool found; 1771 int error, i; 1772 1773 if (conf->conf_pidfile_path == NULL) 1774 conf->conf_pidfile_path = checked_strdup(DEFAULT_PIDFILE); 1775 1776 TAILQ_FOREACH(lun, &conf->conf_luns, l_next) { 1777 error = conf_verify_lun(lun); 1778 if (error != 0) 1779 return (error); 1780 } 1781 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 1782 if (targ->t_auth_group == NULL) { 1783 targ->t_auth_group = auth_group_find(conf, 1784 "default"); 1785 assert(targ->t_auth_group != NULL); 1786 } 1787 if (TAILQ_EMPTY(&targ->t_ports)) { 1788 pg = portal_group_find(conf, "default"); 1789 assert(pg != NULL); 1790 port_new(conf, targ, pg); 1791 } 1792 found = false; 1793 for (i = 0; i < MAX_LUNS; i++) { 1794 if (targ->t_luns[i] != NULL) 1795 found = true; 1796 } 1797 if (!found && targ->t_redirection == NULL) { 1798 log_warnx("no LUNs defined for target \"%s\"", 1799 targ->t_name); 1800 } 1801 if (found && targ->t_redirection != NULL) { 1802 log_debugx("target \"%s\" contains luns, " 1803 " but configured for redirection", 1804 targ->t_name); 1805 } 1806 } 1807 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 1808 assert(pg->pg_name != NULL); 1809 if (pg->pg_discovery_auth_group == NULL) { 1810 pg->pg_discovery_auth_group = 1811 auth_group_find(conf, "default"); 1812 assert(pg->pg_discovery_auth_group != NULL); 1813 } 1814 1815 if (pg->pg_discovery_filter == PG_FILTER_UNKNOWN) 1816 pg->pg_discovery_filter = PG_FILTER_NONE; 1817 1818 if (pg->pg_redirection != NULL) { 1819 if (!TAILQ_EMPTY(&pg->pg_ports)) { 1820 log_debugx("portal-group \"%s\" assigned " 1821 "to target, but configured " 1822 "for redirection", 1823 pg->pg_name); 1824 } 1825 pg->pg_unassigned = false; 1826 } else if (!TAILQ_EMPTY(&pg->pg_ports)) { 1827 pg->pg_unassigned = false; 1828 } else { 1829 if (strcmp(pg->pg_name, "default") != 0) 1830 log_warnx("portal-group \"%s\" not assigned " 1831 "to any target", pg->pg_name); 1832 pg->pg_unassigned = true; 1833 } 1834 } 1835 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) { 1836 if (ag->ag_name == NULL) 1837 assert(ag->ag_target != NULL); 1838 else 1839 assert(ag->ag_target == NULL); 1840 1841 found = false; 1842 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 1843 if (targ->t_auth_group == ag) { 1844 found = true; 1845 break; 1846 } 1847 } 1848 TAILQ_FOREACH(port, &conf->conf_ports, p_next) { 1849 if (port->p_auth_group == ag) { 1850 found = true; 1851 break; 1852 } 1853 } 1854 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 1855 if (pg->pg_discovery_auth_group == ag) { 1856 found = true; 1857 break; 1858 } 1859 } 1860 if (!found && ag->ag_name != NULL && 1861 strcmp(ag->ag_name, "default") != 0 && 1862 strcmp(ag->ag_name, "no-authentication") != 0 && 1863 strcmp(ag->ag_name, "no-access") != 0) { 1864 log_warnx("auth-group \"%s\" not assigned " 1865 "to any target", ag->ag_name); 1866 } 1867 } 1868 1869 return (0); 1870 } 1871 1872 static int 1873 conf_apply(struct conf *oldconf, struct conf *newconf) 1874 { 1875 struct lun *oldlun, *newlun, *tmplun; 1876 struct portal_group *oldpg, *newpg; 1877 struct portal *oldp, *newp; 1878 struct port *oldport, *newport, *tmpport; 1879 struct isns *oldns, *newns; 1880 pid_t otherpid; 1881 int changed, cumulated_error = 0, error, sockbuf; 1882 int one = 1; 1883 1884 if (oldconf->conf_debug != newconf->conf_debug) { 1885 log_debugx("changing debug level to %d", newconf->conf_debug); 1886 log_init(newconf->conf_debug); 1887 } 1888 1889 if (oldconf->conf_pidfh != NULL) { 1890 assert(oldconf->conf_pidfile_path != NULL); 1891 if (newconf->conf_pidfile_path != NULL && 1892 strcmp(oldconf->conf_pidfile_path, 1893 newconf->conf_pidfile_path) == 0) { 1894 newconf->conf_pidfh = oldconf->conf_pidfh; 1895 oldconf->conf_pidfh = NULL; 1896 } else { 1897 log_debugx("removing pidfile %s", 1898 oldconf->conf_pidfile_path); 1899 pidfile_remove(oldconf->conf_pidfh); 1900 oldconf->conf_pidfh = NULL; 1901 } 1902 } 1903 1904 if (newconf->conf_pidfh == NULL && newconf->conf_pidfile_path != NULL) { 1905 log_debugx("opening pidfile %s", newconf->conf_pidfile_path); 1906 newconf->conf_pidfh = 1907 pidfile_open(newconf->conf_pidfile_path, 0600, &otherpid); 1908 if (newconf->conf_pidfh == NULL) { 1909 if (errno == EEXIST) 1910 log_errx(1, "daemon already running, pid: %jd.", 1911 (intmax_t)otherpid); 1912 log_err(1, "cannot open or create pidfile \"%s\"", 1913 newconf->conf_pidfile_path); 1914 } 1915 } 1916 1917 /* 1918 * Go through the new portal groups, assigning tags or preserving old. 1919 */ 1920 TAILQ_FOREACH(newpg, &newconf->conf_portal_groups, pg_next) { 1921 if (newpg->pg_tag != 0) 1922 continue; 1923 oldpg = portal_group_find(oldconf, newpg->pg_name); 1924 if (oldpg != NULL) 1925 newpg->pg_tag = oldpg->pg_tag; 1926 else 1927 newpg->pg_tag = ++last_portal_group_tag; 1928 } 1929 1930 /* Deregister on removed iSNS servers. */ 1931 TAILQ_FOREACH(oldns, &oldconf->conf_isns, i_next) { 1932 TAILQ_FOREACH(newns, &newconf->conf_isns, i_next) { 1933 if (strcmp(oldns->i_addr, newns->i_addr) == 0) 1934 break; 1935 } 1936 if (newns == NULL) 1937 isns_deregister(oldns); 1938 } 1939 1940 /* 1941 * XXX: If target or lun removal fails, we should somehow "move" 1942 * the old lun or target into newconf, so that subsequent 1943 * conf_apply() would try to remove them again. That would 1944 * be somewhat hairy, though, and lun deletion failures don't 1945 * really happen, so leave it as it is for now. 1946 */ 1947 /* 1948 * First, remove any ports present in the old configuration 1949 * and missing in the new one. 1950 */ 1951 TAILQ_FOREACH_SAFE(oldport, &oldconf->conf_ports, p_next, tmpport) { 1952 if (port_is_dummy(oldport)) 1953 continue; 1954 newport = port_find(newconf, oldport->p_name); 1955 if (newport != NULL && !port_is_dummy(newport)) 1956 continue; 1957 log_debugx("removing port \"%s\"", oldport->p_name); 1958 error = kernel_port_remove(oldport); 1959 if (error != 0) { 1960 log_warnx("failed to remove port %s", 1961 oldport->p_name); 1962 /* 1963 * XXX: Uncomment after fixing the root cause. 1964 * 1965 * cumulated_error++; 1966 */ 1967 } 1968 } 1969 1970 /* 1971 * Second, remove any LUNs present in the old configuration 1972 * and missing in the new one. 1973 */ 1974 TAILQ_FOREACH_SAFE(oldlun, &oldconf->conf_luns, l_next, tmplun) { 1975 newlun = lun_find(newconf, oldlun->l_name); 1976 if (newlun == NULL) { 1977 log_debugx("lun \"%s\", CTL lun %d " 1978 "not found in new configuration; " 1979 "removing", oldlun->l_name, oldlun->l_ctl_lun); 1980 error = kernel_lun_remove(oldlun); 1981 if (error != 0) { 1982 log_warnx("failed to remove lun \"%s\", " 1983 "CTL lun %d", 1984 oldlun->l_name, oldlun->l_ctl_lun); 1985 cumulated_error++; 1986 } 1987 continue; 1988 } 1989 1990 /* 1991 * Also remove the LUNs changed by more than size. 1992 */ 1993 changed = 0; 1994 assert(oldlun->l_backend != NULL); 1995 assert(newlun->l_backend != NULL); 1996 if (strcmp(newlun->l_backend, oldlun->l_backend) != 0) { 1997 log_debugx("backend for lun \"%s\", " 1998 "CTL lun %d changed; removing", 1999 oldlun->l_name, oldlun->l_ctl_lun); 2000 changed = 1; 2001 } 2002 if (oldlun->l_blocksize != newlun->l_blocksize) { 2003 log_debugx("blocksize for lun \"%s\", " 2004 "CTL lun %d changed; removing", 2005 oldlun->l_name, oldlun->l_ctl_lun); 2006 changed = 1; 2007 } 2008 if (newlun->l_device_id != NULL && 2009 (oldlun->l_device_id == NULL || 2010 strcmp(oldlun->l_device_id, newlun->l_device_id) != 2011 0)) { 2012 log_debugx("device-id for lun \"%s\", " 2013 "CTL lun %d changed; removing", 2014 oldlun->l_name, oldlun->l_ctl_lun); 2015 changed = 1; 2016 } 2017 if (newlun->l_path != NULL && 2018 (oldlun->l_path == NULL || 2019 strcmp(oldlun->l_path, newlun->l_path) != 0)) { 2020 log_debugx("path for lun \"%s\", " 2021 "CTL lun %d, changed; removing", 2022 oldlun->l_name, oldlun->l_ctl_lun); 2023 changed = 1; 2024 } 2025 if (newlun->l_serial != NULL && 2026 (oldlun->l_serial == NULL || 2027 strcmp(oldlun->l_serial, newlun->l_serial) != 0)) { 2028 log_debugx("serial for lun \"%s\", " 2029 "CTL lun %d changed; removing", 2030 oldlun->l_name, oldlun->l_ctl_lun); 2031 changed = 1; 2032 } 2033 if (changed) { 2034 error = kernel_lun_remove(oldlun); 2035 if (error != 0) { 2036 log_warnx("failed to remove lun \"%s\", " 2037 "CTL lun %d", 2038 oldlun->l_name, oldlun->l_ctl_lun); 2039 cumulated_error++; 2040 } 2041 lun_delete(oldlun); 2042 continue; 2043 } 2044 2045 lun_set_ctl_lun(newlun, oldlun->l_ctl_lun); 2046 } 2047 2048 TAILQ_FOREACH_SAFE(newlun, &newconf->conf_luns, l_next, tmplun) { 2049 oldlun = lun_find(oldconf, newlun->l_name); 2050 if (oldlun != NULL) { 2051 log_debugx("modifying lun \"%s\", CTL lun %d", 2052 newlun->l_name, newlun->l_ctl_lun); 2053 error = kernel_lun_modify(newlun); 2054 if (error != 0) { 2055 log_warnx("failed to " 2056 "modify lun \"%s\", CTL lun %d", 2057 newlun->l_name, newlun->l_ctl_lun); 2058 cumulated_error++; 2059 } 2060 continue; 2061 } 2062 log_debugx("adding lun \"%s\"", newlun->l_name); 2063 error = kernel_lun_add(newlun); 2064 if (error != 0) { 2065 log_warnx("failed to add lun \"%s\"", newlun->l_name); 2066 lun_delete(newlun); 2067 cumulated_error++; 2068 } 2069 } 2070 2071 /* 2072 * Now add new ports or modify existing ones. 2073 */ 2074 TAILQ_FOREACH(newport, &newconf->conf_ports, p_next) { 2075 if (port_is_dummy(newport)) 2076 continue; 2077 oldport = port_find(oldconf, newport->p_name); 2078 2079 if (oldport == NULL || port_is_dummy(oldport)) { 2080 log_debugx("adding port \"%s\"", newport->p_name); 2081 error = kernel_port_add(newport); 2082 } else { 2083 log_debugx("updating port \"%s\"", newport->p_name); 2084 newport->p_ctl_port = oldport->p_ctl_port; 2085 error = kernel_port_update(newport, oldport); 2086 } 2087 if (error != 0) { 2088 log_warnx("failed to %s port %s", 2089 (oldport == NULL) ? "add" : "update", 2090 newport->p_name); 2091 /* 2092 * XXX: Uncomment after fixing the root cause. 2093 * 2094 * cumulated_error++; 2095 */ 2096 } 2097 } 2098 2099 /* 2100 * Go through the new portals, opening the sockets as necessary. 2101 */ 2102 TAILQ_FOREACH(newpg, &newconf->conf_portal_groups, pg_next) { 2103 if (newpg->pg_foreign) 2104 continue; 2105 if (newpg->pg_unassigned) { 2106 log_debugx("not listening on portal-group \"%s\", " 2107 "not assigned to any target", 2108 newpg->pg_name); 2109 continue; 2110 } 2111 TAILQ_FOREACH(newp, &newpg->pg_portals, p_next) { 2112 /* 2113 * Try to find already open portal and reuse 2114 * the listening socket. We don't care about 2115 * what portal or portal group that was, what 2116 * matters is the listening address. 2117 */ 2118 TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups, 2119 pg_next) { 2120 TAILQ_FOREACH(oldp, &oldpg->pg_portals, 2121 p_next) { 2122 if (strcmp(newp->p_listen, 2123 oldp->p_listen) == 0 && 2124 oldp->p_socket > 0) { 2125 newp->p_socket = 2126 oldp->p_socket; 2127 oldp->p_socket = 0; 2128 break; 2129 } 2130 } 2131 } 2132 if (newp->p_socket > 0) { 2133 /* 2134 * We're done with this portal. 2135 */ 2136 continue; 2137 } 2138 2139 #ifdef ICL_KERNEL_PROXY 2140 if (proxy_mode) { 2141 newpg->pg_conf->conf_portal_id++; 2142 newp->p_id = newpg->pg_conf->conf_portal_id; 2143 log_debugx("listening on %s, portal-group " 2144 "\"%s\", portal id %d, using ICL proxy", 2145 newp->p_listen, newpg->pg_name, newp->p_id); 2146 kernel_listen(newp->p_ai, newp->p_iser, 2147 newp->p_id); 2148 continue; 2149 } 2150 #endif 2151 assert(proxy_mode == false); 2152 assert(newp->p_iser == false); 2153 2154 log_debugx("listening on %s, portal-group \"%s\"", 2155 newp->p_listen, newpg->pg_name); 2156 newp->p_socket = socket(newp->p_ai->ai_family, 2157 newp->p_ai->ai_socktype, 2158 newp->p_ai->ai_protocol); 2159 if (newp->p_socket < 0) { 2160 log_warn("socket(2) failed for %s", 2161 newp->p_listen); 2162 cumulated_error++; 2163 continue; 2164 } 2165 sockbuf = SOCKBUF_SIZE; 2166 if (setsockopt(newp->p_socket, SOL_SOCKET, SO_RCVBUF, 2167 &sockbuf, sizeof(sockbuf)) == -1) 2168 log_warn("setsockopt(SO_RCVBUF) failed " 2169 "for %s", newp->p_listen); 2170 sockbuf = SOCKBUF_SIZE; 2171 if (setsockopt(newp->p_socket, SOL_SOCKET, SO_SNDBUF, 2172 &sockbuf, sizeof(sockbuf)) == -1) 2173 log_warn("setsockopt(SO_SNDBUF) failed " 2174 "for %s", newp->p_listen); 2175 error = setsockopt(newp->p_socket, SOL_SOCKET, 2176 SO_REUSEADDR, &one, sizeof(one)); 2177 if (error != 0) { 2178 log_warn("setsockopt(SO_REUSEADDR) failed " 2179 "for %s", newp->p_listen); 2180 close(newp->p_socket); 2181 newp->p_socket = 0; 2182 cumulated_error++; 2183 continue; 2184 } 2185 if (newpg->pg_dscp != -1) { 2186 struct sockaddr sa; 2187 int len = sizeof(sa); 2188 getsockname(newp->p_socket, &sa, &len); 2189 /* 2190 * Only allow the 6-bit DSCP 2191 * field to be modified 2192 */ 2193 int tos = newpg->pg_dscp << 2; 2194 if (sa.sa_family == AF_INET) { 2195 if (setsockopt(newp->p_socket, 2196 IPPROTO_IP, IP_TOS, 2197 &tos, sizeof(tos)) == -1) 2198 log_warn("setsockopt(IP_TOS) " 2199 "failed for %s", 2200 newp->p_listen); 2201 } else 2202 if (sa.sa_family == AF_INET6) { 2203 if (setsockopt(newp->p_socket, 2204 IPPROTO_IPV6, IPV6_TCLASS, 2205 &tos, sizeof(tos)) == -1) 2206 log_warn("setsockopt(IPV6_TCLASS) " 2207 "failed for %s", 2208 newp->p_listen); 2209 } 2210 } 2211 error = bind(newp->p_socket, newp->p_ai->ai_addr, 2212 newp->p_ai->ai_addrlen); 2213 if (error != 0) { 2214 log_warn("bind(2) failed for %s", 2215 newp->p_listen); 2216 close(newp->p_socket); 2217 newp->p_socket = 0; 2218 cumulated_error++; 2219 continue; 2220 } 2221 error = listen(newp->p_socket, -1); 2222 if (error != 0) { 2223 log_warn("listen(2) failed for %s", 2224 newp->p_listen); 2225 close(newp->p_socket); 2226 newp->p_socket = 0; 2227 cumulated_error++; 2228 continue; 2229 } 2230 } 2231 } 2232 2233 /* 2234 * Go through the no longer used sockets, closing them. 2235 */ 2236 TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups, pg_next) { 2237 TAILQ_FOREACH(oldp, &oldpg->pg_portals, p_next) { 2238 if (oldp->p_socket <= 0) 2239 continue; 2240 log_debugx("closing socket for %s, portal-group \"%s\"", 2241 oldp->p_listen, oldpg->pg_name); 2242 close(oldp->p_socket); 2243 oldp->p_socket = 0; 2244 } 2245 } 2246 2247 /* (Re-)Register on remaining/new iSNS servers. */ 2248 TAILQ_FOREACH(newns, &newconf->conf_isns, i_next) { 2249 TAILQ_FOREACH(oldns, &oldconf->conf_isns, i_next) { 2250 if (strcmp(oldns->i_addr, newns->i_addr) == 0) 2251 break; 2252 } 2253 isns_register(newns, oldns); 2254 } 2255 2256 /* Schedule iSNS update */ 2257 if (!TAILQ_EMPTY(&newconf->conf_isns)) 2258 set_timeout((newconf->conf_isns_period + 2) / 3, false); 2259 2260 return (cumulated_error); 2261 } 2262 2263 bool 2264 timed_out(void) 2265 { 2266 2267 return (sigalrm_received); 2268 } 2269 2270 static void 2271 sigalrm_handler_fatal(int dummy __unused) 2272 { 2273 /* 2274 * It would be easiest to just log an error and exit. We can't 2275 * do this, though, because log_errx() is not signal safe, since 2276 * it calls syslog(3). Instead, set a flag checked by pdu_send() 2277 * and pdu_receive(), to call log_errx() there. Should they fail 2278 * to notice, we'll exit here one second later. 2279 */ 2280 if (sigalrm_received) { 2281 /* 2282 * Oh well. Just give up and quit. 2283 */ 2284 _exit(2); 2285 } 2286 2287 sigalrm_received = true; 2288 } 2289 2290 static void 2291 sigalrm_handler(int dummy __unused) 2292 { 2293 2294 sigalrm_received = true; 2295 } 2296 2297 void 2298 set_timeout(int timeout, int fatal) 2299 { 2300 struct sigaction sa; 2301 struct itimerval itv; 2302 int error; 2303 2304 if (timeout <= 0) { 2305 log_debugx("session timeout disabled"); 2306 bzero(&itv, sizeof(itv)); 2307 error = setitimer(ITIMER_REAL, &itv, NULL); 2308 if (error != 0) 2309 log_err(1, "setitimer"); 2310 sigalrm_received = false; 2311 return; 2312 } 2313 2314 sigalrm_received = false; 2315 bzero(&sa, sizeof(sa)); 2316 if (fatal) 2317 sa.sa_handler = sigalrm_handler_fatal; 2318 else 2319 sa.sa_handler = sigalrm_handler; 2320 sigfillset(&sa.sa_mask); 2321 error = sigaction(SIGALRM, &sa, NULL); 2322 if (error != 0) 2323 log_err(1, "sigaction"); 2324 2325 /* 2326 * First SIGALRM will arive after conf_timeout seconds. 2327 * If we do nothing, another one will arrive a second later. 2328 */ 2329 log_debugx("setting session timeout to %d seconds", timeout); 2330 bzero(&itv, sizeof(itv)); 2331 itv.it_interval.tv_sec = 1; 2332 itv.it_value.tv_sec = timeout; 2333 error = setitimer(ITIMER_REAL, &itv, NULL); 2334 if (error != 0) 2335 log_err(1, "setitimer"); 2336 } 2337 2338 static int 2339 wait_for_children(bool block) 2340 { 2341 pid_t pid; 2342 int status; 2343 int num = 0; 2344 2345 for (;;) { 2346 /* 2347 * If "block" is true, wait for at least one process. 2348 */ 2349 if (block && num == 0) 2350 pid = wait4(-1, &status, 0, NULL); 2351 else 2352 pid = wait4(-1, &status, WNOHANG, NULL); 2353 if (pid <= 0) 2354 break; 2355 if (WIFSIGNALED(status)) { 2356 log_warnx("child process %d terminated with signal %d", 2357 pid, WTERMSIG(status)); 2358 } else if (WEXITSTATUS(status) != 0) { 2359 log_warnx("child process %d terminated with exit status %d", 2360 pid, WEXITSTATUS(status)); 2361 } else { 2362 log_debugx("child process %d terminated gracefully", pid); 2363 } 2364 num++; 2365 } 2366 2367 return (num); 2368 } 2369 2370 static void 2371 handle_connection(struct portal *portal, int fd, 2372 const struct sockaddr *client_sa, bool dont_fork) 2373 { 2374 struct connection *conn; 2375 int error; 2376 pid_t pid; 2377 char host[NI_MAXHOST + 1]; 2378 struct conf *conf; 2379 2380 conf = portal->p_portal_group->pg_conf; 2381 2382 if (dont_fork) { 2383 log_debugx("incoming connection; not forking due to -d flag"); 2384 } else { 2385 nchildren -= wait_for_children(false); 2386 assert(nchildren >= 0); 2387 2388 while (conf->conf_maxproc > 0 && nchildren >= conf->conf_maxproc) { 2389 log_debugx("maxproc limit of %d child processes hit; " 2390 "waiting for child process to exit", conf->conf_maxproc); 2391 nchildren -= wait_for_children(true); 2392 assert(nchildren >= 0); 2393 } 2394 log_debugx("incoming connection; forking child process #%d", 2395 nchildren); 2396 nchildren++; 2397 pid = fork(); 2398 if (pid < 0) 2399 log_err(1, "fork"); 2400 if (pid > 0) { 2401 close(fd); 2402 return; 2403 } 2404 } 2405 pidfile_close(conf->conf_pidfh); 2406 2407 error = getnameinfo(client_sa, client_sa->sa_len, 2408 host, sizeof(host), NULL, 0, NI_NUMERICHOST); 2409 if (error != 0) 2410 log_errx(1, "getnameinfo: %s", gai_strerror(error)); 2411 2412 log_debugx("accepted connection from %s; portal group \"%s\"", 2413 host, portal->p_portal_group->pg_name); 2414 log_set_peer_addr(host); 2415 setproctitle("%s", host); 2416 2417 conn = connection_new(portal, fd, host, client_sa); 2418 set_timeout(conf->conf_timeout, true); 2419 kernel_capsicate(); 2420 login(conn); 2421 if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) { 2422 kernel_handoff(conn); 2423 log_debugx("connection handed off to the kernel"); 2424 } else { 2425 assert(conn->conn_session_type == CONN_SESSION_TYPE_DISCOVERY); 2426 discovery(conn); 2427 } 2428 log_debugx("nothing more to do; exiting"); 2429 exit(0); 2430 } 2431 2432 static int 2433 fd_add(int fd, fd_set *fdset, int nfds) 2434 { 2435 2436 /* 2437 * Skip sockets which we failed to bind. 2438 */ 2439 if (fd <= 0) 2440 return (nfds); 2441 2442 FD_SET(fd, fdset); 2443 if (fd > nfds) 2444 nfds = fd; 2445 return (nfds); 2446 } 2447 2448 static void 2449 main_loop(struct conf *conf, bool dont_fork) 2450 { 2451 struct portal_group *pg; 2452 struct portal *portal; 2453 struct sockaddr_storage client_sa; 2454 socklen_t client_salen; 2455 #ifdef ICL_KERNEL_PROXY 2456 int connection_id; 2457 int portal_id; 2458 #endif 2459 fd_set fdset; 2460 int error, nfds, client_fd; 2461 2462 pidfile_write(conf->conf_pidfh); 2463 2464 for (;;) { 2465 if (sighup_received || sigterm_received || timed_out()) 2466 return; 2467 2468 #ifdef ICL_KERNEL_PROXY 2469 if (proxy_mode) { 2470 client_salen = sizeof(client_sa); 2471 kernel_accept(&connection_id, &portal_id, 2472 (struct sockaddr *)&client_sa, &client_salen); 2473 assert(client_salen >= client_sa.ss_len); 2474 2475 log_debugx("incoming connection, id %d, portal id %d", 2476 connection_id, portal_id); 2477 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 2478 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) { 2479 if (portal->p_id == portal_id) { 2480 goto found; 2481 } 2482 } 2483 } 2484 2485 log_errx(1, "kernel returned invalid portal_id %d", 2486 portal_id); 2487 2488 found: 2489 handle_connection(portal, connection_id, 2490 (struct sockaddr *)&client_sa, dont_fork); 2491 } else { 2492 #endif 2493 assert(proxy_mode == false); 2494 2495 FD_ZERO(&fdset); 2496 nfds = 0; 2497 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 2498 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) 2499 nfds = fd_add(portal->p_socket, &fdset, nfds); 2500 } 2501 error = select(nfds + 1, &fdset, NULL, NULL, NULL); 2502 if (error <= 0) { 2503 if (errno == EINTR) 2504 return; 2505 log_err(1, "select"); 2506 } 2507 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 2508 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) { 2509 if (!FD_ISSET(portal->p_socket, &fdset)) 2510 continue; 2511 client_salen = sizeof(client_sa); 2512 client_fd = accept(portal->p_socket, 2513 (struct sockaddr *)&client_sa, 2514 &client_salen); 2515 if (client_fd < 0) { 2516 if (errno == ECONNABORTED) 2517 continue; 2518 log_err(1, "accept"); 2519 } 2520 assert(client_salen >= client_sa.ss_len); 2521 2522 handle_connection(portal, client_fd, 2523 (struct sockaddr *)&client_sa, 2524 dont_fork); 2525 break; 2526 } 2527 } 2528 #ifdef ICL_KERNEL_PROXY 2529 } 2530 #endif 2531 } 2532 } 2533 2534 static void 2535 sighup_handler(int dummy __unused) 2536 { 2537 2538 sighup_received = true; 2539 } 2540 2541 static void 2542 sigterm_handler(int dummy __unused) 2543 { 2544 2545 sigterm_received = true; 2546 } 2547 2548 static void 2549 sigchld_handler(int dummy __unused) 2550 { 2551 2552 /* 2553 * The only purpose of this handler is to make SIGCHLD 2554 * interrupt the ISCSIDWAIT ioctl(2), so we can call 2555 * wait_for_children(). 2556 */ 2557 } 2558 2559 static void 2560 register_signals(void) 2561 { 2562 struct sigaction sa; 2563 int error; 2564 2565 bzero(&sa, sizeof(sa)); 2566 sa.sa_handler = sighup_handler; 2567 sigfillset(&sa.sa_mask); 2568 error = sigaction(SIGHUP, &sa, NULL); 2569 if (error != 0) 2570 log_err(1, "sigaction"); 2571 2572 sa.sa_handler = sigterm_handler; 2573 error = sigaction(SIGTERM, &sa, NULL); 2574 if (error != 0) 2575 log_err(1, "sigaction"); 2576 2577 sa.sa_handler = sigterm_handler; 2578 error = sigaction(SIGINT, &sa, NULL); 2579 if (error != 0) 2580 log_err(1, "sigaction"); 2581 2582 sa.sa_handler = sigchld_handler; 2583 error = sigaction(SIGCHLD, &sa, NULL); 2584 if (error != 0) 2585 log_err(1, "sigaction"); 2586 } 2587 2588 static void 2589 check_perms(const char *path) 2590 { 2591 struct stat sb; 2592 int error; 2593 2594 error = stat(path, &sb); 2595 if (error != 0) { 2596 log_warn("stat"); 2597 return; 2598 } 2599 if (sb.st_mode & S_IWOTH) { 2600 log_warnx("%s is world-writable", path); 2601 } else if (sb.st_mode & S_IROTH) { 2602 log_warnx("%s is world-readable", path); 2603 } else if (sb.st_mode & S_IXOTH) { 2604 /* 2605 * Ok, this one doesn't matter, but still do it, 2606 * just for consistency. 2607 */ 2608 log_warnx("%s is world-executable", path); 2609 } 2610 2611 /* 2612 * XXX: Should we also check for owner != 0? 2613 */ 2614 } 2615 2616 static struct conf * 2617 conf_new_from_file(const char *path, struct conf *oldconf, bool ucl) 2618 { 2619 struct conf *conf; 2620 struct auth_group *ag; 2621 struct portal_group *pg; 2622 struct pport *pp; 2623 int error; 2624 2625 log_debugx("obtaining configuration from %s", path); 2626 2627 conf = conf_new(); 2628 2629 TAILQ_FOREACH(pp, &oldconf->conf_pports, pp_next) 2630 pport_copy(pp, conf); 2631 2632 ag = auth_group_new(conf, "default"); 2633 assert(ag != NULL); 2634 2635 ag = auth_group_new(conf, "no-authentication"); 2636 assert(ag != NULL); 2637 ag->ag_type = AG_TYPE_NO_AUTHENTICATION; 2638 2639 ag = auth_group_new(conf, "no-access"); 2640 assert(ag != NULL); 2641 ag->ag_type = AG_TYPE_DENY; 2642 2643 pg = portal_group_new(conf, "default"); 2644 assert(pg != NULL); 2645 2646 if (ucl) 2647 error = uclparse_conf(conf, path); 2648 else 2649 error = parse_conf(conf, path); 2650 2651 if (error != 0) { 2652 conf_delete(conf); 2653 return (NULL); 2654 } 2655 2656 check_perms(path); 2657 2658 if (conf->conf_default_ag_defined == false) { 2659 log_debugx("auth-group \"default\" not defined; " 2660 "going with defaults"); 2661 ag = auth_group_find(conf, "default"); 2662 assert(ag != NULL); 2663 ag->ag_type = AG_TYPE_DENY; 2664 } 2665 2666 if (conf->conf_default_pg_defined == false) { 2667 log_debugx("portal-group \"default\" not defined; " 2668 "going with defaults"); 2669 pg = portal_group_find(conf, "default"); 2670 assert(pg != NULL); 2671 portal_group_add_listen(pg, "0.0.0.0:3260", false); 2672 portal_group_add_listen(pg, "[::]:3260", false); 2673 } 2674 2675 conf->conf_kernel_port_on = true; 2676 2677 error = conf_verify(conf); 2678 if (error != 0) { 2679 conf_delete(conf); 2680 return (NULL); 2681 } 2682 2683 return (conf); 2684 } 2685 2686 int 2687 main(int argc, char **argv) 2688 { 2689 struct conf *oldconf, *newconf, *tmpconf; 2690 struct isns *newns; 2691 const char *config_path = DEFAULT_CONFIG_PATH; 2692 int debug = 0, ch, error; 2693 bool dont_daemonize = false; 2694 bool test_config = false; 2695 bool use_ucl = false; 2696 2697 while ((ch = getopt(argc, argv, "dtuf:R")) != -1) { 2698 switch (ch) { 2699 case 'd': 2700 dont_daemonize = true; 2701 debug++; 2702 break; 2703 case 't': 2704 test_config = true; 2705 break; 2706 case 'u': 2707 use_ucl = true; 2708 break; 2709 case 'f': 2710 config_path = optarg; 2711 break; 2712 case 'R': 2713 #ifndef ICL_KERNEL_PROXY 2714 log_errx(1, "ctld(8) compiled without ICL_KERNEL_PROXY " 2715 "does not support iSER protocol"); 2716 #endif 2717 proxy_mode = true; 2718 break; 2719 case '?': 2720 default: 2721 usage(); 2722 } 2723 } 2724 argc -= optind; 2725 if (argc != 0) 2726 usage(); 2727 2728 log_init(debug); 2729 kernel_init(); 2730 2731 oldconf = conf_new_from_kernel(); 2732 newconf = conf_new_from_file(config_path, oldconf, use_ucl); 2733 2734 if (newconf == NULL) 2735 log_errx(1, "configuration error; exiting"); 2736 2737 if (test_config) 2738 return (0); 2739 2740 if (debug > 0) { 2741 oldconf->conf_debug = debug; 2742 newconf->conf_debug = debug; 2743 } 2744 2745 error = conf_apply(oldconf, newconf); 2746 if (error != 0) 2747 log_errx(1, "failed to apply configuration; exiting"); 2748 2749 conf_delete(oldconf); 2750 oldconf = NULL; 2751 2752 register_signals(); 2753 2754 if (dont_daemonize == false) { 2755 log_debugx("daemonizing"); 2756 if (daemon(0, 0) == -1) { 2757 log_warn("cannot daemonize"); 2758 pidfile_remove(newconf->conf_pidfh); 2759 exit(1); 2760 } 2761 } 2762 2763 /* Schedule iSNS update */ 2764 if (!TAILQ_EMPTY(&newconf->conf_isns)) 2765 set_timeout((newconf->conf_isns_period + 2) / 3, false); 2766 2767 for (;;) { 2768 main_loop(newconf, dont_daemonize); 2769 if (sighup_received) { 2770 sighup_received = false; 2771 log_debugx("received SIGHUP, reloading configuration"); 2772 tmpconf = conf_new_from_file(config_path, newconf, 2773 use_ucl); 2774 2775 if (tmpconf == NULL) { 2776 log_warnx("configuration error, " 2777 "continuing with old configuration"); 2778 } else { 2779 if (debug > 0) 2780 tmpconf->conf_debug = debug; 2781 oldconf = newconf; 2782 newconf = tmpconf; 2783 error = conf_apply(oldconf, newconf); 2784 if (error != 0) 2785 log_warnx("failed to reload " 2786 "configuration"); 2787 conf_delete(oldconf); 2788 oldconf = NULL; 2789 } 2790 } else if (sigterm_received) { 2791 log_debugx("exiting on signal; " 2792 "reloading empty configuration"); 2793 2794 log_debugx("removing CTL iSCSI ports " 2795 "and terminating all connections"); 2796 2797 oldconf = newconf; 2798 newconf = conf_new(); 2799 if (debug > 0) 2800 newconf->conf_debug = debug; 2801 error = conf_apply(oldconf, newconf); 2802 if (error != 0) 2803 log_warnx("failed to apply configuration"); 2804 conf_delete(oldconf); 2805 oldconf = NULL; 2806 2807 log_warnx("exiting on signal"); 2808 exit(0); 2809 } else { 2810 nchildren -= wait_for_children(false); 2811 assert(nchildren >= 0); 2812 if (timed_out()) { 2813 set_timeout(0, false); 2814 TAILQ_FOREACH(newns, &newconf->conf_isns, i_next) 2815 isns_check(newns); 2816 /* Schedule iSNS update */ 2817 if (!TAILQ_EMPTY(&newconf->conf_isns)) { 2818 set_timeout((newconf->conf_isns_period 2819 + 2) / 3, 2820 false); 2821 } 2822 } 2823 } 2824 } 2825 /* NOTREACHED */ 2826 } 2827