xref: /freebsd/usr.sbin/ctld/ctld.c (revision 7ef62cebc2f965b0f640263e179276928885e33d)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause
3  *
4  * Copyright (c) 2012 The FreeBSD Foundation
5  *
6  * This software was developed by Edward Tomasz Napierala under sponsorship
7  * from the FreeBSD Foundation.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28  * SUCH DAMAGE.
29  *
30  */
31 
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
34 
35 #include <sys/types.h>
36 #include <sys/time.h>
37 #include <sys/socket.h>
38 #include <sys/stat.h>
39 #include <sys/wait.h>
40 #include <netinet/in.h>
41 #include <arpa/inet.h>
42 #include <assert.h>
43 #include <ctype.h>
44 #include <errno.h>
45 #include <netdb.h>
46 #include <signal.h>
47 #include <stdbool.h>
48 #include <stdio.h>
49 #include <stdint.h>
50 #include <stdlib.h>
51 #include <string.h>
52 #include <unistd.h>
53 
54 #include "ctld.h"
55 #include "isns.h"
56 
57 static bool	timed_out(void);
58 #ifdef ICL_KERNEL_PROXY
59 static void	pdu_receive_proxy(struct pdu *pdu);
60 static void	pdu_send_proxy(struct pdu *pdu);
61 #endif /* ICL_KERNEL_PROXY */
62 static void	pdu_fail(const struct connection *conn, const char *reason);
63 
64 bool proxy_mode = false;
65 
66 static volatile bool sighup_received = false;
67 static volatile bool sigterm_received = false;
68 static volatile bool sigalrm_received = false;
69 
70 static int nchildren = 0;
71 static uint16_t last_portal_group_tag = 0xff;
72 
73 static struct connection_ops conn_ops = {
74 	.timed_out = timed_out,
75 #ifdef ICL_KERNEL_PROXY
76 	.pdu_receive_proxy = pdu_receive_proxy,
77 	.pdu_send_proxy = pdu_send_proxy,
78 #endif
79 	.fail = pdu_fail,
80 };
81 
82 static void
83 usage(void)
84 {
85 
86 	fprintf(stderr, "usage: ctld [-d][-u][-f config-file]\n");
87 	fprintf(stderr, "       ctld -t [-u][-f config-file]\n");
88 	exit(1);
89 }
90 
91 struct conf *
92 conf_new(void)
93 {
94 	struct conf *conf;
95 
96 	conf = calloc(1, sizeof(*conf));
97 	if (conf == NULL)
98 		log_err(1, "calloc");
99 	TAILQ_INIT(&conf->conf_luns);
100 	TAILQ_INIT(&conf->conf_targets);
101 	TAILQ_INIT(&conf->conf_auth_groups);
102 	TAILQ_INIT(&conf->conf_ports);
103 	TAILQ_INIT(&conf->conf_portal_groups);
104 	TAILQ_INIT(&conf->conf_pports);
105 	TAILQ_INIT(&conf->conf_isns);
106 
107 	conf->conf_isns_period = 900;
108 	conf->conf_isns_timeout = 5;
109 	conf->conf_debug = 0;
110 	conf->conf_timeout = 60;
111 	conf->conf_maxproc = 30;
112 
113 	return (conf);
114 }
115 
116 void
117 conf_delete(struct conf *conf)
118 {
119 	struct lun *lun, *ltmp;
120 	struct target *targ, *tmp;
121 	struct auth_group *ag, *cagtmp;
122 	struct portal_group *pg, *cpgtmp;
123 	struct pport *pp, *pptmp;
124 	struct isns *is, *istmp;
125 
126 	assert(conf->conf_pidfh == NULL);
127 
128 	TAILQ_FOREACH_SAFE(lun, &conf->conf_luns, l_next, ltmp)
129 		lun_delete(lun);
130 	TAILQ_FOREACH_SAFE(targ, &conf->conf_targets, t_next, tmp)
131 		target_delete(targ);
132 	TAILQ_FOREACH_SAFE(ag, &conf->conf_auth_groups, ag_next, cagtmp)
133 		auth_group_delete(ag);
134 	TAILQ_FOREACH_SAFE(pg, &conf->conf_portal_groups, pg_next, cpgtmp)
135 		portal_group_delete(pg);
136 	TAILQ_FOREACH_SAFE(pp, &conf->conf_pports, pp_next, pptmp)
137 		pport_delete(pp);
138 	TAILQ_FOREACH_SAFE(is, &conf->conf_isns, i_next, istmp)
139 		isns_delete(is);
140 	assert(TAILQ_EMPTY(&conf->conf_ports));
141 	free(conf->conf_pidfile_path);
142 	free(conf);
143 }
144 
145 static struct auth *
146 auth_new(struct auth_group *ag)
147 {
148 	struct auth *auth;
149 
150 	auth = calloc(1, sizeof(*auth));
151 	if (auth == NULL)
152 		log_err(1, "calloc");
153 	auth->a_auth_group = ag;
154 	TAILQ_INSERT_TAIL(&ag->ag_auths, auth, a_next);
155 	return (auth);
156 }
157 
158 static void
159 auth_delete(struct auth *auth)
160 {
161 	TAILQ_REMOVE(&auth->a_auth_group->ag_auths, auth, a_next);
162 
163 	free(auth->a_user);
164 	free(auth->a_secret);
165 	free(auth->a_mutual_user);
166 	free(auth->a_mutual_secret);
167 	free(auth);
168 }
169 
170 const struct auth *
171 auth_find(const struct auth_group *ag, const char *user)
172 {
173 	const struct auth *auth;
174 
175 	TAILQ_FOREACH(auth, &ag->ag_auths, a_next) {
176 		if (strcmp(auth->a_user, user) == 0)
177 			return (auth);
178 	}
179 
180 	return (NULL);
181 }
182 
183 static void
184 auth_check_secret_length(struct auth *auth)
185 {
186 	size_t len;
187 
188 	len = strlen(auth->a_secret);
189 	if (len > 16) {
190 		if (auth->a_auth_group->ag_name != NULL)
191 			log_warnx("secret for user \"%s\", auth-group \"%s\", "
192 			    "is too long; it should be at most 16 characters "
193 			    "long", auth->a_user, auth->a_auth_group->ag_name);
194 		else
195 			log_warnx("secret for user \"%s\", target \"%s\", "
196 			    "is too long; it should be at most 16 characters "
197 			    "long", auth->a_user,
198 			    auth->a_auth_group->ag_target->t_name);
199 	}
200 	if (len < 12) {
201 		if (auth->a_auth_group->ag_name != NULL)
202 			log_warnx("secret for user \"%s\", auth-group \"%s\", "
203 			    "is too short; it should be at least 12 characters "
204 			    "long", auth->a_user,
205 			    auth->a_auth_group->ag_name);
206 		else
207 			log_warnx("secret for user \"%s\", target \"%s\", "
208 			    "is too short; it should be at least 12 characters "
209 			    "long", auth->a_user,
210 			    auth->a_auth_group->ag_target->t_name);
211 	}
212 
213 	if (auth->a_mutual_secret != NULL) {
214 		len = strlen(auth->a_mutual_secret);
215 		if (len > 16) {
216 			if (auth->a_auth_group->ag_name != NULL)
217 				log_warnx("mutual secret for user \"%s\", "
218 				    "auth-group \"%s\", is too long; it should "
219 				    "be at most 16 characters long",
220 				    auth->a_user, auth->a_auth_group->ag_name);
221 			else
222 				log_warnx("mutual secret for user \"%s\", "
223 				    "target \"%s\", is too long; it should "
224 				    "be at most 16 characters long",
225 				    auth->a_user,
226 				    auth->a_auth_group->ag_target->t_name);
227 		}
228 		if (len < 12) {
229 			if (auth->a_auth_group->ag_name != NULL)
230 				log_warnx("mutual secret for user \"%s\", "
231 				    "auth-group \"%s\", is too short; it "
232 				    "should be at least 12 characters long",
233 				    auth->a_user, auth->a_auth_group->ag_name);
234 			else
235 				log_warnx("mutual secret for user \"%s\", "
236 				    "target \"%s\", is too short; it should be "
237 				    "at least 12 characters long",
238 				    auth->a_user,
239 				    auth->a_auth_group->ag_target->t_name);
240 		}
241 	}
242 }
243 
244 const struct auth *
245 auth_new_chap(struct auth_group *ag, const char *user,
246     const char *secret)
247 {
248 	struct auth *auth;
249 
250 	if (ag->ag_type == AG_TYPE_UNKNOWN)
251 		ag->ag_type = AG_TYPE_CHAP;
252 	if (ag->ag_type != AG_TYPE_CHAP) {
253 		if (ag->ag_name != NULL)
254 			log_warnx("cannot mix \"chap\" authentication with "
255 			    "other types for auth-group \"%s\"", ag->ag_name);
256 		else
257 			log_warnx("cannot mix \"chap\" authentication with "
258 			    "other types for target \"%s\"",
259 			    ag->ag_target->t_name);
260 		return (NULL);
261 	}
262 
263 	auth = auth_new(ag);
264 	auth->a_user = checked_strdup(user);
265 	auth->a_secret = checked_strdup(secret);
266 
267 	auth_check_secret_length(auth);
268 
269 	return (auth);
270 }
271 
272 const struct auth *
273 auth_new_chap_mutual(struct auth_group *ag, const char *user,
274     const char *secret, const char *user2, const char *secret2)
275 {
276 	struct auth *auth;
277 
278 	if (ag->ag_type == AG_TYPE_UNKNOWN)
279 		ag->ag_type = AG_TYPE_CHAP_MUTUAL;
280 	if (ag->ag_type != AG_TYPE_CHAP_MUTUAL) {
281 		if (ag->ag_name != NULL)
282 			log_warnx("cannot mix \"chap-mutual\" authentication "
283 			    "with other types for auth-group \"%s\"",
284 			    ag->ag_name);
285 		else
286 			log_warnx("cannot mix \"chap-mutual\" authentication "
287 			    "with other types for target \"%s\"",
288 			    ag->ag_target->t_name);
289 		return (NULL);
290 	}
291 
292 	auth = auth_new(ag);
293 	auth->a_user = checked_strdup(user);
294 	auth->a_secret = checked_strdup(secret);
295 	auth->a_mutual_user = checked_strdup(user2);
296 	auth->a_mutual_secret = checked_strdup(secret2);
297 
298 	auth_check_secret_length(auth);
299 
300 	return (auth);
301 }
302 
303 const struct auth_name *
304 auth_name_new(struct auth_group *ag, const char *name)
305 {
306 	struct auth_name *an;
307 
308 	an = calloc(1, sizeof(*an));
309 	if (an == NULL)
310 		log_err(1, "calloc");
311 	an->an_auth_group = ag;
312 	an->an_initiator_name = checked_strdup(name);
313 	TAILQ_INSERT_TAIL(&ag->ag_names, an, an_next);
314 	return (an);
315 }
316 
317 static void
318 auth_name_delete(struct auth_name *an)
319 {
320 	TAILQ_REMOVE(&an->an_auth_group->ag_names, an, an_next);
321 
322 	free(an->an_initiator_name);
323 	free(an);
324 }
325 
326 bool
327 auth_name_defined(const struct auth_group *ag)
328 {
329 	if (TAILQ_EMPTY(&ag->ag_names))
330 		return (false);
331 	return (true);
332 }
333 
334 const struct auth_name *
335 auth_name_find(const struct auth_group *ag, const char *name)
336 {
337 	const struct auth_name *auth_name;
338 
339 	TAILQ_FOREACH(auth_name, &ag->ag_names, an_next) {
340 		if (strcmp(auth_name->an_initiator_name, name) == 0)
341 			return (auth_name);
342 	}
343 
344 	return (NULL);
345 }
346 
347 int
348 auth_name_check(const struct auth_group *ag, const char *initiator_name)
349 {
350 	if (!auth_name_defined(ag))
351 		return (0);
352 
353 	if (auth_name_find(ag, initiator_name) == NULL)
354 		return (1);
355 
356 	return (0);
357 }
358 
359 const struct auth_portal *
360 auth_portal_new(struct auth_group *ag, const char *portal)
361 {
362 	struct auth_portal *ap;
363 	char *net, *mask, *str, *tmp;
364 	int len, dm, m;
365 
366 	ap = calloc(1, sizeof(*ap));
367 	if (ap == NULL)
368 		log_err(1, "calloc");
369 	ap->ap_auth_group = ag;
370 	ap->ap_initiator_portal = checked_strdup(portal);
371 	mask = str = checked_strdup(portal);
372 	net = strsep(&mask, "/");
373 	if (net[0] == '[')
374 		net++;
375 	len = strlen(net);
376 	if (len == 0)
377 		goto error;
378 	if (net[len - 1] == ']')
379 		net[len - 1] = 0;
380 	if (strchr(net, ':') != NULL) {
381 		struct sockaddr_in6 *sin6 =
382 		    (struct sockaddr_in6 *)&ap->ap_sa;
383 
384 		sin6->sin6_len = sizeof(*sin6);
385 		sin6->sin6_family = AF_INET6;
386 		if (inet_pton(AF_INET6, net, &sin6->sin6_addr) <= 0)
387 			goto error;
388 		dm = 128;
389 	} else {
390 		struct sockaddr_in *sin =
391 		    (struct sockaddr_in *)&ap->ap_sa;
392 
393 		sin->sin_len = sizeof(*sin);
394 		sin->sin_family = AF_INET;
395 		if (inet_pton(AF_INET, net, &sin->sin_addr) <= 0)
396 			goto error;
397 		dm = 32;
398 	}
399 	if (mask != NULL) {
400 		m = strtol(mask, &tmp, 0);
401 		if (m < 0 || m > dm || tmp[0] != 0)
402 			goto error;
403 	} else
404 		m = dm;
405 	ap->ap_mask = m;
406 	free(str);
407 	TAILQ_INSERT_TAIL(&ag->ag_portals, ap, ap_next);
408 	return (ap);
409 
410 error:
411 	free(str);
412 	free(ap);
413 	log_warnx("incorrect initiator portal \"%s\"", portal);
414 	return (NULL);
415 }
416 
417 static void
418 auth_portal_delete(struct auth_portal *ap)
419 {
420 	TAILQ_REMOVE(&ap->ap_auth_group->ag_portals, ap, ap_next);
421 
422 	free(ap->ap_initiator_portal);
423 	free(ap);
424 }
425 
426 bool
427 auth_portal_defined(const struct auth_group *ag)
428 {
429 	if (TAILQ_EMPTY(&ag->ag_portals))
430 		return (false);
431 	return (true);
432 }
433 
434 const struct auth_portal *
435 auth_portal_find(const struct auth_group *ag, const struct sockaddr_storage *ss)
436 {
437 	const struct auth_portal *ap;
438 	const uint8_t *a, *b;
439 	int i;
440 	uint8_t bmask;
441 
442 	TAILQ_FOREACH(ap, &ag->ag_portals, ap_next) {
443 		if (ap->ap_sa.ss_family != ss->ss_family)
444 			continue;
445 		if (ss->ss_family == AF_INET) {
446 			a = (const uint8_t *)
447 			    &((const struct sockaddr_in *)ss)->sin_addr;
448 			b = (const uint8_t *)
449 			    &((const struct sockaddr_in *)&ap->ap_sa)->sin_addr;
450 		} else {
451 			a = (const uint8_t *)
452 			    &((const struct sockaddr_in6 *)ss)->sin6_addr;
453 			b = (const uint8_t *)
454 			    &((const struct sockaddr_in6 *)&ap->ap_sa)->sin6_addr;
455 		}
456 		for (i = 0; i < ap->ap_mask / 8; i++) {
457 			if (a[i] != b[i])
458 				goto next;
459 		}
460 		if (ap->ap_mask % 8) {
461 			bmask = 0xff << (8 - (ap->ap_mask % 8));
462 			if ((a[i] & bmask) != (b[i] & bmask))
463 				goto next;
464 		}
465 		return (ap);
466 next:
467 		;
468 	}
469 
470 	return (NULL);
471 }
472 
473 int
474 auth_portal_check(const struct auth_group *ag, const struct sockaddr_storage *sa)
475 {
476 
477 	if (!auth_portal_defined(ag))
478 		return (0);
479 
480 	if (auth_portal_find(ag, sa) == NULL)
481 		return (1);
482 
483 	return (0);
484 }
485 
486 struct auth_group *
487 auth_group_new(struct conf *conf, const char *name)
488 {
489 	struct auth_group *ag;
490 
491 	if (name != NULL) {
492 		ag = auth_group_find(conf, name);
493 		if (ag != NULL) {
494 			log_warnx("duplicated auth-group \"%s\"", name);
495 			return (NULL);
496 		}
497 	}
498 
499 	ag = calloc(1, sizeof(*ag));
500 	if (ag == NULL)
501 		log_err(1, "calloc");
502 	if (name != NULL)
503 		ag->ag_name = checked_strdup(name);
504 	TAILQ_INIT(&ag->ag_auths);
505 	TAILQ_INIT(&ag->ag_names);
506 	TAILQ_INIT(&ag->ag_portals);
507 	ag->ag_conf = conf;
508 	TAILQ_INSERT_TAIL(&conf->conf_auth_groups, ag, ag_next);
509 
510 	return (ag);
511 }
512 
513 void
514 auth_group_delete(struct auth_group *ag)
515 {
516 	struct auth *auth, *auth_tmp;
517 	struct auth_name *auth_name, *auth_name_tmp;
518 	struct auth_portal *auth_portal, *auth_portal_tmp;
519 
520 	TAILQ_REMOVE(&ag->ag_conf->conf_auth_groups, ag, ag_next);
521 
522 	TAILQ_FOREACH_SAFE(auth, &ag->ag_auths, a_next, auth_tmp)
523 		auth_delete(auth);
524 	TAILQ_FOREACH_SAFE(auth_name, &ag->ag_names, an_next, auth_name_tmp)
525 		auth_name_delete(auth_name);
526 	TAILQ_FOREACH_SAFE(auth_portal, &ag->ag_portals, ap_next,
527 	    auth_portal_tmp)
528 		auth_portal_delete(auth_portal);
529 	free(ag->ag_name);
530 	free(ag);
531 }
532 
533 struct auth_group *
534 auth_group_find(const struct conf *conf, const char *name)
535 {
536 	struct auth_group *ag;
537 
538 	TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
539 		if (ag->ag_name != NULL && strcmp(ag->ag_name, name) == 0)
540 			return (ag);
541 	}
542 
543 	return (NULL);
544 }
545 
546 int
547 auth_group_set_type(struct auth_group *ag, const char *str)
548 {
549 	int type;
550 
551 	if (strcmp(str, "none") == 0) {
552 		type = AG_TYPE_NO_AUTHENTICATION;
553 	} else if (strcmp(str, "deny") == 0) {
554 		type = AG_TYPE_DENY;
555 	} else if (strcmp(str, "chap") == 0) {
556 		type = AG_TYPE_CHAP;
557 	} else if (strcmp(str, "chap-mutual") == 0) {
558 		type = AG_TYPE_CHAP_MUTUAL;
559 	} else {
560 		if (ag->ag_name != NULL)
561 			log_warnx("invalid auth-type \"%s\" for auth-group "
562 			    "\"%s\"", str, ag->ag_name);
563 		else
564 			log_warnx("invalid auth-type \"%s\" for target "
565 			    "\"%s\"", str, ag->ag_target->t_name);
566 		return (1);
567 	}
568 
569 	if (ag->ag_type != AG_TYPE_UNKNOWN && ag->ag_type != type) {
570 		if (ag->ag_name != NULL) {
571 			log_warnx("cannot set auth-type to \"%s\" for "
572 			    "auth-group \"%s\"; already has a different "
573 			    "type", str, ag->ag_name);
574 		} else {
575 			log_warnx("cannot set auth-type to \"%s\" for target "
576 			    "\"%s\"; already has a different type",
577 			    str, ag->ag_target->t_name);
578 		}
579 		return (1);
580 	}
581 
582 	ag->ag_type = type;
583 
584 	return (0);
585 }
586 
587 static struct portal *
588 portal_new(struct portal_group *pg)
589 {
590 	struct portal *portal;
591 
592 	portal = calloc(1, sizeof(*portal));
593 	if (portal == NULL)
594 		log_err(1, "calloc");
595 	TAILQ_INIT(&portal->p_targets);
596 	portal->p_portal_group = pg;
597 	TAILQ_INSERT_TAIL(&pg->pg_portals, portal, p_next);
598 	return (portal);
599 }
600 
601 static void
602 portal_delete(struct portal *portal)
603 {
604 
605 	TAILQ_REMOVE(&portal->p_portal_group->pg_portals, portal, p_next);
606 	if (portal->p_ai != NULL)
607 		freeaddrinfo(portal->p_ai);
608 	free(portal->p_listen);
609 	free(portal);
610 }
611 
612 struct portal_group *
613 portal_group_new(struct conf *conf, const char *name)
614 {
615 	struct portal_group *pg;
616 
617 	pg = portal_group_find(conf, name);
618 	if (pg != NULL) {
619 		log_warnx("duplicated portal-group \"%s\"", name);
620 		return (NULL);
621 	}
622 
623 	pg = calloc(1, sizeof(*pg));
624 	if (pg == NULL)
625 		log_err(1, "calloc");
626 	pg->pg_name = checked_strdup(name);
627 	TAILQ_INIT(&pg->pg_options);
628 	TAILQ_INIT(&pg->pg_portals);
629 	TAILQ_INIT(&pg->pg_ports);
630 	pg->pg_conf = conf;
631 	pg->pg_tag = 0;		/* Assigned later in conf_apply(). */
632 	pg->pg_dscp = -1;
633 	pg->pg_pcp = -1;
634 	TAILQ_INSERT_TAIL(&conf->conf_portal_groups, pg, pg_next);
635 
636 	return (pg);
637 }
638 
639 void
640 portal_group_delete(struct portal_group *pg)
641 {
642 	struct portal *portal, *tmp;
643 	struct port *port, *tport;
644 	struct option *o, *otmp;
645 
646 	TAILQ_FOREACH_SAFE(port, &pg->pg_ports, p_pgs, tport)
647 		port_delete(port);
648 	TAILQ_REMOVE(&pg->pg_conf->conf_portal_groups, pg, pg_next);
649 
650 	TAILQ_FOREACH_SAFE(portal, &pg->pg_portals, p_next, tmp)
651 		portal_delete(portal);
652 	TAILQ_FOREACH_SAFE(o, &pg->pg_options, o_next, otmp)
653 		option_delete(&pg->pg_options, o);
654 	free(pg->pg_name);
655 	free(pg->pg_offload);
656 	free(pg->pg_redirection);
657 	free(pg);
658 }
659 
660 struct portal_group *
661 portal_group_find(const struct conf *conf, const char *name)
662 {
663 	struct portal_group *pg;
664 
665 	TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
666 		if (strcmp(pg->pg_name, name) == 0)
667 			return (pg);
668 	}
669 
670 	return (NULL);
671 }
672 
673 static int
674 parse_addr_port(char *arg, const char *def_port, struct addrinfo **ai)
675 {
676 	struct addrinfo hints;
677 	char *str, *addr, *ch;
678 	const char *port;
679 	int error, colons = 0;
680 
681 	str = arg = strdup(arg);
682 	if (arg[0] == '[') {
683 		/*
684 		 * IPv6 address in square brackets, perhaps with port.
685 		 */
686 		arg++;
687 		addr = strsep(&arg, "]");
688 		if (arg == NULL) {
689 			free(str);
690 			return (1);
691 		}
692 		if (arg[0] == '\0') {
693 			port = def_port;
694 		} else if (arg[0] == ':') {
695 			port = arg + 1;
696 		} else {
697 			free(str);
698 			return (1);
699 		}
700 	} else {
701 		/*
702 		 * Either IPv6 address without brackets - and without
703 		 * a port - or IPv4 address.  Just count the colons.
704 		 */
705 		for (ch = arg; *ch != '\0'; ch++) {
706 			if (*ch == ':')
707 				colons++;
708 		}
709 		if (colons > 1) {
710 			addr = arg;
711 			port = def_port;
712 		} else {
713 			addr = strsep(&arg, ":");
714 			if (arg == NULL)
715 				port = def_port;
716 			else
717 				port = arg;
718 		}
719 	}
720 
721 	memset(&hints, 0, sizeof(hints));
722 	hints.ai_family = PF_UNSPEC;
723 	hints.ai_socktype = SOCK_STREAM;
724 	hints.ai_flags = AI_PASSIVE;
725 	error = getaddrinfo(addr, port, &hints, ai);
726 	free(str);
727 	return ((error != 0) ? 1 : 0);
728 }
729 
730 int
731 portal_group_add_listen(struct portal_group *pg, const char *value, bool iser)
732 {
733 	struct portal *portal;
734 
735 	portal = portal_new(pg);
736 	portal->p_listen = checked_strdup(value);
737 	portal->p_iser = iser;
738 
739 	if (parse_addr_port(portal->p_listen, "3260", &portal->p_ai)) {
740 		log_warnx("invalid listen address %s", portal->p_listen);
741 		portal_delete(portal);
742 		return (1);
743 	}
744 
745 	/*
746 	 * XXX: getaddrinfo(3) may return multiple addresses; we should turn
747 	 *	those into multiple portals.
748 	 */
749 
750 	return (0);
751 }
752 
753 int
754 isns_new(struct conf *conf, const char *addr)
755 {
756 	struct isns *isns;
757 
758 	isns = calloc(1, sizeof(*isns));
759 	if (isns == NULL)
760 		log_err(1, "calloc");
761 	isns->i_conf = conf;
762 	TAILQ_INSERT_TAIL(&conf->conf_isns, isns, i_next);
763 	isns->i_addr = checked_strdup(addr);
764 
765 	if (parse_addr_port(isns->i_addr, "3205", &isns->i_ai)) {
766 		log_warnx("invalid iSNS address %s", isns->i_addr);
767 		isns_delete(isns);
768 		return (1);
769 	}
770 
771 	/*
772 	 * XXX: getaddrinfo(3) may return multiple addresses; we should turn
773 	 *	those into multiple servers.
774 	 */
775 
776 	return (0);
777 }
778 
779 void
780 isns_delete(struct isns *isns)
781 {
782 
783 	TAILQ_REMOVE(&isns->i_conf->conf_isns, isns, i_next);
784 	free(isns->i_addr);
785 	if (isns->i_ai != NULL)
786 		freeaddrinfo(isns->i_ai);
787 	free(isns);
788 }
789 
790 static int
791 isns_do_connect(struct isns *isns)
792 {
793 	int s;
794 
795 	s = socket(isns->i_ai->ai_family, isns->i_ai->ai_socktype,
796 	    isns->i_ai->ai_protocol);
797 	if (s < 0) {
798 		log_warn("socket(2) failed for %s", isns->i_addr);
799 		return (-1);
800 	}
801 	if (connect(s, isns->i_ai->ai_addr, isns->i_ai->ai_addrlen)) {
802 		log_warn("connect(2) failed for %s", isns->i_addr);
803 		close(s);
804 		return (-1);
805 	}
806 	return(s);
807 }
808 
809 static int
810 isns_do_register(struct isns *isns, int s, const char *hostname)
811 {
812 	struct conf *conf = isns->i_conf;
813 	struct target *target;
814 	struct portal *portal;
815 	struct portal_group *pg;
816 	struct port *port;
817 	struct isns_req *req;
818 	int res = 0;
819 	uint32_t error;
820 
821 	req = isns_req_create(ISNS_FUNC_DEVATTRREG, ISNS_FLAG_CLIENT);
822 	isns_req_add_str(req, 32, TAILQ_FIRST(&conf->conf_targets)->t_name);
823 	isns_req_add_delim(req);
824 	isns_req_add_str(req, 1, hostname);
825 	isns_req_add_32(req, 2, 2); /* 2 -- iSCSI */
826 	isns_req_add_32(req, 6, conf->conf_isns_period);
827 	TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
828 		if (pg->pg_unassigned)
829 			continue;
830 		TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
831 			isns_req_add_addr(req, 16, portal->p_ai);
832 			isns_req_add_port(req, 17, portal->p_ai);
833 		}
834 	}
835 	TAILQ_FOREACH(target, &conf->conf_targets, t_next) {
836 		isns_req_add_str(req, 32, target->t_name);
837 		isns_req_add_32(req, 33, 1); /* 1 -- Target*/
838 		if (target->t_alias != NULL)
839 			isns_req_add_str(req, 34, target->t_alias);
840 		TAILQ_FOREACH(port, &target->t_ports, p_ts) {
841 			if ((pg = port->p_portal_group) == NULL)
842 				continue;
843 			isns_req_add_32(req, 51, pg->pg_tag);
844 			TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
845 				isns_req_add_addr(req, 49, portal->p_ai);
846 				isns_req_add_port(req, 50, portal->p_ai);
847 			}
848 		}
849 	}
850 	res = isns_req_send(s, req);
851 	if (res < 0) {
852 		log_warn("send(2) failed for %s", isns->i_addr);
853 		goto quit;
854 	}
855 	res = isns_req_receive(s, req);
856 	if (res < 0) {
857 		log_warn("receive(2) failed for %s", isns->i_addr);
858 		goto quit;
859 	}
860 	error = isns_req_get_status(req);
861 	if (error != 0) {
862 		log_warnx("iSNS register error %d for %s", error, isns->i_addr);
863 		res = -1;
864 	}
865 quit:
866 	isns_req_free(req);
867 	return (res);
868 }
869 
870 static int
871 isns_do_check(struct isns *isns, int s, const char *hostname)
872 {
873 	struct conf *conf = isns->i_conf;
874 	struct isns_req *req;
875 	int res = 0;
876 	uint32_t error;
877 
878 	req = isns_req_create(ISNS_FUNC_DEVATTRQRY, ISNS_FLAG_CLIENT);
879 	isns_req_add_str(req, 32, TAILQ_FIRST(&conf->conf_targets)->t_name);
880 	isns_req_add_str(req, 1, hostname);
881 	isns_req_add_delim(req);
882 	isns_req_add(req, 2, 0, NULL);
883 	res = isns_req_send(s, req);
884 	if (res < 0) {
885 		log_warn("send(2) failed for %s", isns->i_addr);
886 		goto quit;
887 	}
888 	res = isns_req_receive(s, req);
889 	if (res < 0) {
890 		log_warn("receive(2) failed for %s", isns->i_addr);
891 		goto quit;
892 	}
893 	error = isns_req_get_status(req);
894 	if (error != 0) {
895 		log_warnx("iSNS check error %d for %s", error, isns->i_addr);
896 		res = -1;
897 	}
898 quit:
899 	isns_req_free(req);
900 	return (res);
901 }
902 
903 static int
904 isns_do_deregister(struct isns *isns, int s, const char *hostname)
905 {
906 	struct conf *conf = isns->i_conf;
907 	struct isns_req *req;
908 	int res = 0;
909 	uint32_t error;
910 
911 	req = isns_req_create(ISNS_FUNC_DEVDEREG, ISNS_FLAG_CLIENT);
912 	isns_req_add_str(req, 32, TAILQ_FIRST(&conf->conf_targets)->t_name);
913 	isns_req_add_delim(req);
914 	isns_req_add_str(req, 1, hostname);
915 	res = isns_req_send(s, req);
916 	if (res < 0) {
917 		log_warn("send(2) failed for %s", isns->i_addr);
918 		goto quit;
919 	}
920 	res = isns_req_receive(s, req);
921 	if (res < 0) {
922 		log_warn("receive(2) failed for %s", isns->i_addr);
923 		goto quit;
924 	}
925 	error = isns_req_get_status(req);
926 	if (error != 0) {
927 		log_warnx("iSNS deregister error %d for %s", error, isns->i_addr);
928 		res = -1;
929 	}
930 quit:
931 	isns_req_free(req);
932 	return (res);
933 }
934 
935 void
936 isns_register(struct isns *isns, struct isns *oldisns)
937 {
938 	struct conf *conf = isns->i_conf;
939 	int error, s;
940 	char hostname[256];
941 
942 	if (TAILQ_EMPTY(&conf->conf_targets) ||
943 	    TAILQ_EMPTY(&conf->conf_portal_groups))
944 		return;
945 	set_timeout(conf->conf_isns_timeout, false);
946 	s = isns_do_connect(isns);
947 	if (s < 0) {
948 		set_timeout(0, false);
949 		return;
950 	}
951 	error = gethostname(hostname, sizeof(hostname));
952 	if (error != 0)
953 		log_err(1, "gethostname");
954 
955 	if (oldisns == NULL || TAILQ_EMPTY(&oldisns->i_conf->conf_targets))
956 		oldisns = isns;
957 	isns_do_deregister(oldisns, s, hostname);
958 	isns_do_register(isns, s, hostname);
959 	close(s);
960 	set_timeout(0, false);
961 }
962 
963 void
964 isns_check(struct isns *isns)
965 {
966 	struct conf *conf = isns->i_conf;
967 	int error, s, res;
968 	char hostname[256];
969 
970 	if (TAILQ_EMPTY(&conf->conf_targets) ||
971 	    TAILQ_EMPTY(&conf->conf_portal_groups))
972 		return;
973 	set_timeout(conf->conf_isns_timeout, false);
974 	s = isns_do_connect(isns);
975 	if (s < 0) {
976 		set_timeout(0, false);
977 		return;
978 	}
979 	error = gethostname(hostname, sizeof(hostname));
980 	if (error != 0)
981 		log_err(1, "gethostname");
982 
983 	res = isns_do_check(isns, s, hostname);
984 	if (res < 0) {
985 		isns_do_deregister(isns, s, hostname);
986 		isns_do_register(isns, s, hostname);
987 	}
988 	close(s);
989 	set_timeout(0, false);
990 }
991 
992 void
993 isns_deregister(struct isns *isns)
994 {
995 	struct conf *conf = isns->i_conf;
996 	int error, s;
997 	char hostname[256];
998 
999 	if (TAILQ_EMPTY(&conf->conf_targets) ||
1000 	    TAILQ_EMPTY(&conf->conf_portal_groups))
1001 		return;
1002 	set_timeout(conf->conf_isns_timeout, false);
1003 	s = isns_do_connect(isns);
1004 	if (s < 0)
1005 		return;
1006 	error = gethostname(hostname, sizeof(hostname));
1007 	if (error != 0)
1008 		log_err(1, "gethostname");
1009 
1010 	isns_do_deregister(isns, s, hostname);
1011 	close(s);
1012 	set_timeout(0, false);
1013 }
1014 
1015 int
1016 portal_group_set_filter(struct portal_group *pg, const char *str)
1017 {
1018 	int filter;
1019 
1020 	if (strcmp(str, "none") == 0) {
1021 		filter = PG_FILTER_NONE;
1022 	} else if (strcmp(str, "portal") == 0) {
1023 		filter = PG_FILTER_PORTAL;
1024 	} else if (strcmp(str, "portal-name") == 0) {
1025 		filter = PG_FILTER_PORTAL_NAME;
1026 	} else if (strcmp(str, "portal-name-auth") == 0) {
1027 		filter = PG_FILTER_PORTAL_NAME_AUTH;
1028 	} else {
1029 		log_warnx("invalid discovery-filter \"%s\" for portal-group "
1030 		    "\"%s\"; valid values are \"none\", \"portal\", "
1031 		    "\"portal-name\", and \"portal-name-auth\"",
1032 		    str, pg->pg_name);
1033 		return (1);
1034 	}
1035 
1036 	if (pg->pg_discovery_filter != PG_FILTER_UNKNOWN &&
1037 	    pg->pg_discovery_filter != filter) {
1038 		log_warnx("cannot set discovery-filter to \"%s\" for "
1039 		    "portal-group \"%s\"; already has a different "
1040 		    "value", str, pg->pg_name);
1041 		return (1);
1042 	}
1043 
1044 	pg->pg_discovery_filter = filter;
1045 
1046 	return (0);
1047 }
1048 
1049 int
1050 portal_group_set_offload(struct portal_group *pg, const char *offload)
1051 {
1052 
1053 	if (pg->pg_offload != NULL) {
1054 		log_warnx("cannot set offload to \"%s\" for "
1055 		    "portal-group \"%s\"; already defined",
1056 		    offload, pg->pg_name);
1057 		return (1);
1058 	}
1059 
1060 	pg->pg_offload = checked_strdup(offload);
1061 
1062 	return (0);
1063 }
1064 
1065 int
1066 portal_group_set_redirection(struct portal_group *pg, const char *addr)
1067 {
1068 
1069 	if (pg->pg_redirection != NULL) {
1070 		log_warnx("cannot set redirection to \"%s\" for "
1071 		    "portal-group \"%s\"; already defined",
1072 		    addr, pg->pg_name);
1073 		return (1);
1074 	}
1075 
1076 	pg->pg_redirection = checked_strdup(addr);
1077 
1078 	return (0);
1079 }
1080 
1081 static bool
1082 valid_hex(const char ch)
1083 {
1084 	switch (ch) {
1085 	case '0':
1086 	case '1':
1087 	case '2':
1088 	case '3':
1089 	case '4':
1090 	case '5':
1091 	case '6':
1092 	case '7':
1093 	case '8':
1094 	case '9':
1095 	case 'a':
1096 	case 'A':
1097 	case 'b':
1098 	case 'B':
1099 	case 'c':
1100 	case 'C':
1101 	case 'd':
1102 	case 'D':
1103 	case 'e':
1104 	case 'E':
1105 	case 'f':
1106 	case 'F':
1107 		return (true);
1108 	default:
1109 		return (false);
1110 	}
1111 }
1112 
1113 bool
1114 valid_iscsi_name(const char *name)
1115 {
1116 	int i;
1117 
1118 	if (strlen(name) >= MAX_NAME_LEN) {
1119 		log_warnx("overlong name for target \"%s\"; max length allowed "
1120 		    "by iSCSI specification is %d characters",
1121 		    name, MAX_NAME_LEN);
1122 		return (false);
1123 	}
1124 
1125 	/*
1126 	 * In the cases below, we don't return an error, just in case the admin
1127 	 * was right, and we're wrong.
1128 	 */
1129 	if (strncasecmp(name, "iqn.", strlen("iqn.")) == 0) {
1130 		for (i = strlen("iqn."); name[i] != '\0'; i++) {
1131 			/*
1132 			 * XXX: We should verify UTF-8 normalisation, as defined
1133 			 *      by 3.2.6.2: iSCSI Name Encoding.
1134 			 */
1135 			if (isalnum(name[i]))
1136 				continue;
1137 			if (name[i] == '-' || name[i] == '.' || name[i] == ':')
1138 				continue;
1139 			log_warnx("invalid character \"%c\" in target name "
1140 			    "\"%s\"; allowed characters are letters, digits, "
1141 			    "'-', '.', and ':'", name[i], name);
1142 			break;
1143 		}
1144 		/*
1145 		 * XXX: Check more stuff: valid date and a valid reversed domain.
1146 		 */
1147 	} else if (strncasecmp(name, "eui.", strlen("eui.")) == 0) {
1148 		if (strlen(name) != strlen("eui.") + 16)
1149 			log_warnx("invalid target name \"%s\"; the \"eui.\" "
1150 			    "should be followed by exactly 16 hexadecimal "
1151 			    "digits", name);
1152 		for (i = strlen("eui."); name[i] != '\0'; i++) {
1153 			if (!valid_hex(name[i])) {
1154 				log_warnx("invalid character \"%c\" in target "
1155 				    "name \"%s\"; allowed characters are 1-9 "
1156 				    "and A-F", name[i], name);
1157 				break;
1158 			}
1159 		}
1160 	} else if (strncasecmp(name, "naa.", strlen("naa.")) == 0) {
1161 		if (strlen(name) > strlen("naa.") + 32)
1162 			log_warnx("invalid target name \"%s\"; the \"naa.\" "
1163 			    "should be followed by at most 32 hexadecimal "
1164 			    "digits", name);
1165 		for (i = strlen("naa."); name[i] != '\0'; i++) {
1166 			if (!valid_hex(name[i])) {
1167 				log_warnx("invalid character \"%c\" in target "
1168 				    "name \"%s\"; allowed characters are 1-9 "
1169 				    "and A-F", name[i], name);
1170 				break;
1171 			}
1172 		}
1173 	} else {
1174 		log_warnx("invalid target name \"%s\"; should start with "
1175 		    "either \"iqn.\", \"eui.\", or \"naa.\"",
1176 		    name);
1177 	}
1178 	return (true);
1179 }
1180 
1181 struct pport *
1182 pport_new(struct conf *conf, const char *name, uint32_t ctl_port)
1183 {
1184 	struct pport *pp;
1185 
1186 	pp = calloc(1, sizeof(*pp));
1187 	if (pp == NULL)
1188 		log_err(1, "calloc");
1189 	pp->pp_conf = conf;
1190 	pp->pp_name = checked_strdup(name);
1191 	pp->pp_ctl_port = ctl_port;
1192 	TAILQ_INIT(&pp->pp_ports);
1193 	TAILQ_INSERT_TAIL(&conf->conf_pports, pp, pp_next);
1194 	return (pp);
1195 }
1196 
1197 struct pport *
1198 pport_find(const struct conf *conf, const char *name)
1199 {
1200 	struct pport *pp;
1201 
1202 	TAILQ_FOREACH(pp, &conf->conf_pports, pp_next) {
1203 		if (strcasecmp(pp->pp_name, name) == 0)
1204 			return (pp);
1205 	}
1206 	return (NULL);
1207 }
1208 
1209 struct pport *
1210 pport_copy(struct pport *pp, struct conf *conf)
1211 {
1212 	struct pport *ppnew;
1213 
1214 	ppnew = pport_new(conf, pp->pp_name, pp->pp_ctl_port);
1215 	return (ppnew);
1216 }
1217 
1218 void
1219 pport_delete(struct pport *pp)
1220 {
1221 	struct port *port, *tport;
1222 
1223 	TAILQ_FOREACH_SAFE(port, &pp->pp_ports, p_ts, tport)
1224 		port_delete(port);
1225 	TAILQ_REMOVE(&pp->pp_conf->conf_pports, pp, pp_next);
1226 	free(pp->pp_name);
1227 	free(pp);
1228 }
1229 
1230 struct port *
1231 port_new(struct conf *conf, struct target *target, struct portal_group *pg)
1232 {
1233 	struct port *port;
1234 	char *name;
1235 	int ret;
1236 
1237 	ret = asprintf(&name, "%s-%s", pg->pg_name, target->t_name);
1238 	if (ret <= 0)
1239 		log_err(1, "asprintf");
1240 	if (port_find(conf, name) != NULL) {
1241 		log_warnx("duplicate port \"%s\"", name);
1242 		free(name);
1243 		return (NULL);
1244 	}
1245 	port = calloc(1, sizeof(*port));
1246 	if (port == NULL)
1247 		log_err(1, "calloc");
1248 	port->p_conf = conf;
1249 	port->p_name = name;
1250 	port->p_ioctl_port = 0;
1251 	TAILQ_INSERT_TAIL(&conf->conf_ports, port, p_next);
1252 	TAILQ_INSERT_TAIL(&target->t_ports, port, p_ts);
1253 	port->p_target = target;
1254 	TAILQ_INSERT_TAIL(&pg->pg_ports, port, p_pgs);
1255 	port->p_portal_group = pg;
1256 	return (port);
1257 }
1258 
1259 struct port *
1260 port_new_ioctl(struct conf *conf, struct target *target, int pp, int vp)
1261 {
1262 	struct pport *pport;
1263 	struct port *port;
1264 	char *pname;
1265 	char *name;
1266 	int ret;
1267 
1268 	ret = asprintf(&pname, "ioctl/%d/%d", pp, vp);
1269 	if (ret <= 0) {
1270 		log_err(1, "asprintf");
1271 		return (NULL);
1272 	}
1273 
1274 	pport = pport_find(conf, pname);
1275 	if (pport != NULL) {
1276 		free(pname);
1277 		return (port_new_pp(conf, target, pport));
1278 	}
1279 
1280 	ret = asprintf(&name, "%s-%s", pname, target->t_name);
1281 	free(pname);
1282 
1283 	if (ret <= 0)
1284 		log_err(1, "asprintf");
1285 	if (port_find(conf, name) != NULL) {
1286 		log_warnx("duplicate port \"%s\"", name);
1287 		free(name);
1288 		return (NULL);
1289 	}
1290 	port = calloc(1, sizeof(*port));
1291 	if (port == NULL)
1292 		log_err(1, "calloc");
1293 	port->p_conf = conf;
1294 	port->p_name = name;
1295 	port->p_ioctl_port = 1;
1296 	port->p_ioctl_pp = pp;
1297 	port->p_ioctl_vp = vp;
1298 	TAILQ_INSERT_TAIL(&conf->conf_ports, port, p_next);
1299 	TAILQ_INSERT_TAIL(&target->t_ports, port, p_ts);
1300 	port->p_target = target;
1301 	return (port);
1302 }
1303 
1304 struct port *
1305 port_new_pp(struct conf *conf, struct target *target, struct pport *pp)
1306 {
1307 	struct port *port;
1308 	char *name;
1309 	int ret;
1310 
1311 	ret = asprintf(&name, "%s-%s", pp->pp_name, target->t_name);
1312 	if (ret <= 0)
1313 		log_err(1, "asprintf");
1314 	if (port_find(conf, name) != NULL) {
1315 		log_warnx("duplicate port \"%s\"", name);
1316 		free(name);
1317 		return (NULL);
1318 	}
1319 	port = calloc(1, sizeof(*port));
1320 	if (port == NULL)
1321 		log_err(1, "calloc");
1322 	port->p_conf = conf;
1323 	port->p_name = name;
1324 	TAILQ_INSERT_TAIL(&conf->conf_ports, port, p_next);
1325 	TAILQ_INSERT_TAIL(&target->t_ports, port, p_ts);
1326 	port->p_target = target;
1327 	TAILQ_INSERT_TAIL(&pp->pp_ports, port, p_pps);
1328 	port->p_pport = pp;
1329 	return (port);
1330 }
1331 
1332 struct port *
1333 port_find(const struct conf *conf, const char *name)
1334 {
1335 	struct port *port;
1336 
1337 	TAILQ_FOREACH(port, &conf->conf_ports, p_next) {
1338 		if (strcasecmp(port->p_name, name) == 0)
1339 			return (port);
1340 	}
1341 
1342 	return (NULL);
1343 }
1344 
1345 struct port *
1346 port_find_in_pg(const struct portal_group *pg, const char *target)
1347 {
1348 	struct port *port;
1349 
1350 	TAILQ_FOREACH(port, &pg->pg_ports, p_pgs) {
1351 		if (strcasecmp(port->p_target->t_name, target) == 0)
1352 			return (port);
1353 	}
1354 
1355 	return (NULL);
1356 }
1357 
1358 void
1359 port_delete(struct port *port)
1360 {
1361 
1362 	if (port->p_portal_group)
1363 		TAILQ_REMOVE(&port->p_portal_group->pg_ports, port, p_pgs);
1364 	if (port->p_pport)
1365 		TAILQ_REMOVE(&port->p_pport->pp_ports, port, p_pps);
1366 	if (port->p_target)
1367 		TAILQ_REMOVE(&port->p_target->t_ports, port, p_ts);
1368 	TAILQ_REMOVE(&port->p_conf->conf_ports, port, p_next);
1369 	free(port->p_name);
1370 	free(port);
1371 }
1372 
1373 int
1374 port_is_dummy(struct port *port)
1375 {
1376 
1377 	if (port->p_portal_group) {
1378 		if (port->p_portal_group->pg_foreign)
1379 			return (1);
1380 		if (TAILQ_EMPTY(&port->p_portal_group->pg_portals))
1381 			return (1);
1382 	}
1383 	return (0);
1384 }
1385 
1386 struct target *
1387 target_new(struct conf *conf, const char *name)
1388 {
1389 	struct target *targ;
1390 	int i, len;
1391 
1392 	targ = target_find(conf, name);
1393 	if (targ != NULL) {
1394 		log_warnx("duplicated target \"%s\"", name);
1395 		return (NULL);
1396 	}
1397 	if (valid_iscsi_name(name) == false) {
1398 		log_warnx("target name \"%s\" is invalid", name);
1399 		return (NULL);
1400 	}
1401 	targ = calloc(1, sizeof(*targ));
1402 	if (targ == NULL)
1403 		log_err(1, "calloc");
1404 	targ->t_name = checked_strdup(name);
1405 
1406 	/*
1407 	 * RFC 3722 requires us to normalize the name to lowercase.
1408 	 */
1409 	len = strlen(name);
1410 	for (i = 0; i < len; i++)
1411 		targ->t_name[i] = tolower(targ->t_name[i]);
1412 
1413 	targ->t_conf = conf;
1414 	TAILQ_INIT(&targ->t_ports);
1415 	TAILQ_INSERT_TAIL(&conf->conf_targets, targ, t_next);
1416 
1417 	return (targ);
1418 }
1419 
1420 void
1421 target_delete(struct target *targ)
1422 {
1423 	struct port *port, *tport;
1424 
1425 	TAILQ_FOREACH_SAFE(port, &targ->t_ports, p_ts, tport)
1426 		port_delete(port);
1427 	TAILQ_REMOVE(&targ->t_conf->conf_targets, targ, t_next);
1428 
1429 	free(targ->t_name);
1430 	free(targ->t_redirection);
1431 	free(targ);
1432 }
1433 
1434 struct target *
1435 target_find(struct conf *conf, const char *name)
1436 {
1437 	struct target *targ;
1438 
1439 	TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1440 		if (strcasecmp(targ->t_name, name) == 0)
1441 			return (targ);
1442 	}
1443 
1444 	return (NULL);
1445 }
1446 
1447 int
1448 target_set_redirection(struct target *target, const char *addr)
1449 {
1450 
1451 	if (target->t_redirection != NULL) {
1452 		log_warnx("cannot set redirection to \"%s\" for "
1453 		    "target \"%s\"; already defined",
1454 		    addr, target->t_name);
1455 		return (1);
1456 	}
1457 
1458 	target->t_redirection = checked_strdup(addr);
1459 
1460 	return (0);
1461 }
1462 
1463 struct lun *
1464 lun_new(struct conf *conf, const char *name)
1465 {
1466 	struct lun *lun;
1467 
1468 	lun = lun_find(conf, name);
1469 	if (lun != NULL) {
1470 		log_warnx("duplicated lun \"%s\"", name);
1471 		return (NULL);
1472 	}
1473 
1474 	lun = calloc(1, sizeof(*lun));
1475 	if (lun == NULL)
1476 		log_err(1, "calloc");
1477 	lun->l_conf = conf;
1478 	lun->l_name = checked_strdup(name);
1479 	TAILQ_INIT(&lun->l_options);
1480 	TAILQ_INSERT_TAIL(&conf->conf_luns, lun, l_next);
1481 	lun->l_ctl_lun = -1;
1482 
1483 	return (lun);
1484 }
1485 
1486 void
1487 lun_delete(struct lun *lun)
1488 {
1489 	struct target *targ;
1490 	struct option *o, *tmp;
1491 	int i;
1492 
1493 	TAILQ_FOREACH(targ, &lun->l_conf->conf_targets, t_next) {
1494 		for (i = 0; i < MAX_LUNS; i++) {
1495 			if (targ->t_luns[i] == lun)
1496 				targ->t_luns[i] = NULL;
1497 		}
1498 	}
1499 	TAILQ_REMOVE(&lun->l_conf->conf_luns, lun, l_next);
1500 
1501 	TAILQ_FOREACH_SAFE(o, &lun->l_options, o_next, tmp)
1502 		option_delete(&lun->l_options, o);
1503 	free(lun->l_name);
1504 	free(lun->l_backend);
1505 	free(lun->l_device_id);
1506 	free(lun->l_path);
1507 	free(lun->l_scsiname);
1508 	free(lun->l_serial);
1509 	free(lun);
1510 }
1511 
1512 struct lun *
1513 lun_find(const struct conf *conf, const char *name)
1514 {
1515 	struct lun *lun;
1516 
1517 	TAILQ_FOREACH(lun, &conf->conf_luns, l_next) {
1518 		if (strcmp(lun->l_name, name) == 0)
1519 			return (lun);
1520 	}
1521 
1522 	return (NULL);
1523 }
1524 
1525 void
1526 lun_set_backend(struct lun *lun, const char *value)
1527 {
1528 	free(lun->l_backend);
1529 	lun->l_backend = checked_strdup(value);
1530 }
1531 
1532 void
1533 lun_set_blocksize(struct lun *lun, size_t value)
1534 {
1535 
1536 	lun->l_blocksize = value;
1537 }
1538 
1539 void
1540 lun_set_device_type(struct lun *lun, uint8_t value)
1541 {
1542 
1543 	lun->l_device_type = value;
1544 }
1545 
1546 void
1547 lun_set_device_id(struct lun *lun, const char *value)
1548 {
1549 	free(lun->l_device_id);
1550 	lun->l_device_id = checked_strdup(value);
1551 }
1552 
1553 void
1554 lun_set_path(struct lun *lun, const char *value)
1555 {
1556 	free(lun->l_path);
1557 	lun->l_path = checked_strdup(value);
1558 }
1559 
1560 void
1561 lun_set_scsiname(struct lun *lun, const char *value)
1562 {
1563 	free(lun->l_scsiname);
1564 	lun->l_scsiname = checked_strdup(value);
1565 }
1566 
1567 void
1568 lun_set_serial(struct lun *lun, const char *value)
1569 {
1570 	free(lun->l_serial);
1571 	lun->l_serial = checked_strdup(value);
1572 }
1573 
1574 void
1575 lun_set_size(struct lun *lun, size_t value)
1576 {
1577 
1578 	lun->l_size = value;
1579 }
1580 
1581 void
1582 lun_set_ctl_lun(struct lun *lun, uint32_t value)
1583 {
1584 
1585 	lun->l_ctl_lun = value;
1586 }
1587 
1588 struct option *
1589 option_new(struct options *options, const char *name, const char *value)
1590 {
1591 	struct option *o;
1592 
1593 	o = option_find(options, name);
1594 	if (o != NULL) {
1595 		log_warnx("duplicated option \"%s\"", name);
1596 		return (NULL);
1597 	}
1598 
1599 	o = calloc(1, sizeof(*o));
1600 	if (o == NULL)
1601 		log_err(1, "calloc");
1602 	o->o_name = checked_strdup(name);
1603 	o->o_value = checked_strdup(value);
1604 	TAILQ_INSERT_TAIL(options, o, o_next);
1605 
1606 	return (o);
1607 }
1608 
1609 void
1610 option_delete(struct options *options, struct option *o)
1611 {
1612 
1613 	TAILQ_REMOVE(options, o, o_next);
1614 	free(o->o_name);
1615 	free(o->o_value);
1616 	free(o);
1617 }
1618 
1619 struct option *
1620 option_find(const struct options *options, const char *name)
1621 {
1622 	struct option *o;
1623 
1624 	TAILQ_FOREACH(o, options, o_next) {
1625 		if (strcmp(o->o_name, name) == 0)
1626 			return (o);
1627 	}
1628 
1629 	return (NULL);
1630 }
1631 
1632 void
1633 option_set(struct option *o, const char *value)
1634 {
1635 
1636 	free(o->o_value);
1637 	o->o_value = checked_strdup(value);
1638 }
1639 
1640 #ifdef ICL_KERNEL_PROXY
1641 
1642 static void
1643 pdu_receive_proxy(struct pdu *pdu)
1644 {
1645 	struct connection *conn;
1646 	size_t len;
1647 
1648 	assert(proxy_mode);
1649 	conn = pdu->pdu_connection;
1650 
1651 	kernel_receive(pdu);
1652 
1653 	len = pdu_ahs_length(pdu);
1654 	if (len > 0)
1655 		log_errx(1, "protocol error: non-empty AHS");
1656 
1657 	len = pdu_data_segment_length(pdu);
1658 	assert(len <= (size_t)conn->conn_max_recv_data_segment_length);
1659 	pdu->pdu_data_len = len;
1660 }
1661 
1662 static void
1663 pdu_send_proxy(struct pdu *pdu)
1664 {
1665 
1666 	assert(proxy_mode);
1667 
1668 	pdu_set_data_segment_length(pdu, pdu->pdu_data_len);
1669 	kernel_send(pdu);
1670 }
1671 
1672 #endif /* ICL_KERNEL_PROXY */
1673 
1674 static void
1675 pdu_fail(const struct connection *conn __unused, const char *reason __unused)
1676 {
1677 }
1678 
1679 static struct ctld_connection *
1680 connection_new(struct portal *portal, int fd, const char *host,
1681     const struct sockaddr *client_sa)
1682 {
1683 	struct ctld_connection *conn;
1684 
1685 	conn = calloc(1, sizeof(*conn));
1686 	if (conn == NULL)
1687 		log_err(1, "calloc");
1688 	connection_init(&conn->conn, &conn_ops, proxy_mode);
1689 	conn->conn.conn_socket = fd;
1690 	conn->conn_portal = portal;
1691 	conn->conn_initiator_addr = checked_strdup(host);
1692 	memcpy(&conn->conn_initiator_sa, client_sa, client_sa->sa_len);
1693 
1694 	return (conn);
1695 }
1696 
1697 #if 0
1698 static void
1699 conf_print(struct conf *conf)
1700 {
1701 	struct auth_group *ag;
1702 	struct auth *auth;
1703 	struct auth_name *auth_name;
1704 	struct auth_portal *auth_portal;
1705 	struct portal_group *pg;
1706 	struct portal *portal;
1707 	struct target *targ;
1708 	struct lun *lun;
1709 	struct option *o;
1710 
1711 	TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
1712 		fprintf(stderr, "auth-group %s {\n", ag->ag_name);
1713 		TAILQ_FOREACH(auth, &ag->ag_auths, a_next)
1714 			fprintf(stderr, "\t chap-mutual %s %s %s %s\n",
1715 			    auth->a_user, auth->a_secret,
1716 			    auth->a_mutual_user, auth->a_mutual_secret);
1717 		TAILQ_FOREACH(auth_name, &ag->ag_names, an_next)
1718 			fprintf(stderr, "\t initiator-name %s\n",
1719 			    auth_name->an_initiator_name);
1720 		TAILQ_FOREACH(auth_portal, &ag->ag_portals, ap_next)
1721 			fprintf(stderr, "\t initiator-portal %s\n",
1722 			    auth_portal->ap_initiator_portal);
1723 		fprintf(stderr, "}\n");
1724 	}
1725 	TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1726 		fprintf(stderr, "portal-group %s {\n", pg->pg_name);
1727 		TAILQ_FOREACH(portal, &pg->pg_portals, p_next)
1728 			fprintf(stderr, "\t listen %s\n", portal->p_listen);
1729 		fprintf(stderr, "}\n");
1730 	}
1731 	TAILQ_FOREACH(lun, &conf->conf_luns, l_next) {
1732 		fprintf(stderr, "\tlun %s {\n", lun->l_name);
1733 		fprintf(stderr, "\t\tpath %s\n", lun->l_path);
1734 		TAILQ_FOREACH(o, &lun->l_options, o_next)
1735 			fprintf(stderr, "\t\toption %s %s\n",
1736 			    o->o_name, o->o_value);
1737 		fprintf(stderr, "\t}\n");
1738 	}
1739 	TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1740 		fprintf(stderr, "target %s {\n", targ->t_name);
1741 		if (targ->t_alias != NULL)
1742 			fprintf(stderr, "\t alias %s\n", targ->t_alias);
1743 		fprintf(stderr, "}\n");
1744 	}
1745 }
1746 #endif
1747 
1748 static int
1749 conf_verify_lun(struct lun *lun)
1750 {
1751 	const struct lun *lun2;
1752 
1753 	if (lun->l_backend == NULL)
1754 		lun_set_backend(lun, "block");
1755 	if (strcmp(lun->l_backend, "block") == 0) {
1756 		if (lun->l_path == NULL) {
1757 			log_warnx("missing path for lun \"%s\"",
1758 			    lun->l_name);
1759 			return (1);
1760 		}
1761 	} else if (strcmp(lun->l_backend, "ramdisk") == 0) {
1762 		if (lun->l_size == 0) {
1763 			log_warnx("missing size for ramdisk-backed lun \"%s\"",
1764 			    lun->l_name);
1765 			return (1);
1766 		}
1767 		if (lun->l_path != NULL) {
1768 			log_warnx("path must not be specified "
1769 			    "for ramdisk-backed lun \"%s\"",
1770 			    lun->l_name);
1771 			return (1);
1772 		}
1773 	}
1774 	if (lun->l_blocksize == 0) {
1775 		if (lun->l_device_type == 5)
1776 			lun_set_blocksize(lun, DEFAULT_CD_BLOCKSIZE);
1777 		else
1778 			lun_set_blocksize(lun, DEFAULT_BLOCKSIZE);
1779 	} else if (lun->l_blocksize < 0) {
1780 		log_warnx("invalid blocksize for lun \"%s\"; "
1781 		    "must be larger than 0", lun->l_name);
1782 		return (1);
1783 	}
1784 	if (lun->l_size != 0 && lun->l_size % lun->l_blocksize != 0) {
1785 		log_warnx("invalid size for lun \"%s\"; "
1786 		    "must be multiple of blocksize", lun->l_name);
1787 		return (1);
1788 	}
1789 	TAILQ_FOREACH(lun2, &lun->l_conf->conf_luns, l_next) {
1790 		if (lun == lun2)
1791 			continue;
1792 		if (lun->l_path != NULL && lun2->l_path != NULL &&
1793 		    strcmp(lun->l_path, lun2->l_path) == 0) {
1794 			log_debugx("WARNING: path \"%s\" duplicated "
1795 			    "between lun \"%s\", and "
1796 			    "lun \"%s\"", lun->l_path,
1797 			    lun->l_name, lun2->l_name);
1798 		}
1799 	}
1800 
1801 	return (0);
1802 }
1803 
1804 int
1805 conf_verify(struct conf *conf)
1806 {
1807 	struct auth_group *ag;
1808 	struct portal_group *pg;
1809 	struct port *port;
1810 	struct target *targ;
1811 	struct lun *lun;
1812 	bool found;
1813 	int error, i;
1814 
1815 	if (conf->conf_pidfile_path == NULL)
1816 		conf->conf_pidfile_path = checked_strdup(DEFAULT_PIDFILE);
1817 
1818 	TAILQ_FOREACH(lun, &conf->conf_luns, l_next) {
1819 		error = conf_verify_lun(lun);
1820 		if (error != 0)
1821 			return (error);
1822 	}
1823 	TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1824 		if (targ->t_auth_group == NULL) {
1825 			targ->t_auth_group = auth_group_find(conf,
1826 			    "default");
1827 			assert(targ->t_auth_group != NULL);
1828 		}
1829 		if (TAILQ_EMPTY(&targ->t_ports)) {
1830 			pg = portal_group_find(conf, "default");
1831 			assert(pg != NULL);
1832 			port_new(conf, targ, pg);
1833 		}
1834 		found = false;
1835 		for (i = 0; i < MAX_LUNS; i++) {
1836 			if (targ->t_luns[i] != NULL)
1837 				found = true;
1838 		}
1839 		if (!found && targ->t_redirection == NULL) {
1840 			log_warnx("no LUNs defined for target \"%s\"",
1841 			    targ->t_name);
1842 		}
1843 		if (found && targ->t_redirection != NULL) {
1844 			log_debugx("target \"%s\" contains luns, "
1845 			    " but configured for redirection",
1846 			    targ->t_name);
1847 		}
1848 	}
1849 	TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1850 		assert(pg->pg_name != NULL);
1851 		if (pg->pg_discovery_auth_group == NULL) {
1852 			pg->pg_discovery_auth_group =
1853 			    auth_group_find(conf, "default");
1854 			assert(pg->pg_discovery_auth_group != NULL);
1855 		}
1856 
1857 		if (pg->pg_discovery_filter == PG_FILTER_UNKNOWN)
1858 			pg->pg_discovery_filter = PG_FILTER_NONE;
1859 
1860 		if (pg->pg_redirection != NULL) {
1861 			if (!TAILQ_EMPTY(&pg->pg_ports)) {
1862 				log_debugx("portal-group \"%s\" assigned "
1863 				    "to target, but configured "
1864 				    "for redirection",
1865 				    pg->pg_name);
1866 			}
1867 			pg->pg_unassigned = false;
1868 		} else if (!TAILQ_EMPTY(&pg->pg_ports)) {
1869 			pg->pg_unassigned = false;
1870 		} else {
1871 			if (strcmp(pg->pg_name, "default") != 0)
1872 				log_warnx("portal-group \"%s\" not assigned "
1873 				    "to any target", pg->pg_name);
1874 			pg->pg_unassigned = true;
1875 		}
1876 	}
1877 	TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
1878 		if (ag->ag_name == NULL)
1879 			assert(ag->ag_target != NULL);
1880 		else
1881 			assert(ag->ag_target == NULL);
1882 
1883 		found = false;
1884 		TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1885 			if (targ->t_auth_group == ag) {
1886 				found = true;
1887 				break;
1888 			}
1889 		}
1890 		TAILQ_FOREACH(port, &conf->conf_ports, p_next) {
1891 			if (port->p_auth_group == ag) {
1892 				found = true;
1893 				break;
1894 			}
1895 		}
1896 		TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1897 			if (pg->pg_discovery_auth_group == ag) {
1898 				found = true;
1899 				break;
1900 			}
1901 		}
1902 		if (!found && ag->ag_name != NULL &&
1903 		    strcmp(ag->ag_name, "default") != 0 &&
1904 		    strcmp(ag->ag_name, "no-authentication") != 0 &&
1905 		    strcmp(ag->ag_name, "no-access") != 0) {
1906 			log_warnx("auth-group \"%s\" not assigned "
1907 			    "to any target", ag->ag_name);
1908 		}
1909 	}
1910 
1911 	return (0);
1912 }
1913 
1914 static int
1915 conf_apply(struct conf *oldconf, struct conf *newconf)
1916 {
1917 	struct lun *oldlun, *newlun, *tmplun;
1918 	struct portal_group *oldpg, *newpg;
1919 	struct portal *oldp, *newp;
1920 	struct port *oldport, *newport, *tmpport;
1921 	struct isns *oldns, *newns;
1922 	pid_t otherpid;
1923 	int changed, cumulated_error = 0, error, sockbuf;
1924 	int one = 1;
1925 
1926 	if (oldconf->conf_debug != newconf->conf_debug) {
1927 		log_debugx("changing debug level to %d", newconf->conf_debug);
1928 		log_init(newconf->conf_debug);
1929 	}
1930 
1931 	if (oldconf->conf_pidfh != NULL) {
1932 		assert(oldconf->conf_pidfile_path != NULL);
1933 		if (newconf->conf_pidfile_path != NULL &&
1934 		    strcmp(oldconf->conf_pidfile_path,
1935 		    newconf->conf_pidfile_path) == 0) {
1936 			newconf->conf_pidfh = oldconf->conf_pidfh;
1937 			oldconf->conf_pidfh = NULL;
1938 		} else {
1939 			log_debugx("removing pidfile %s",
1940 			    oldconf->conf_pidfile_path);
1941 			pidfile_remove(oldconf->conf_pidfh);
1942 			oldconf->conf_pidfh = NULL;
1943 		}
1944 	}
1945 
1946 	if (newconf->conf_pidfh == NULL && newconf->conf_pidfile_path != NULL) {
1947 		log_debugx("opening pidfile %s", newconf->conf_pidfile_path);
1948 		newconf->conf_pidfh =
1949 		    pidfile_open(newconf->conf_pidfile_path, 0600, &otherpid);
1950 		if (newconf->conf_pidfh == NULL) {
1951 			if (errno == EEXIST)
1952 				log_errx(1, "daemon already running, pid: %jd.",
1953 				    (intmax_t)otherpid);
1954 			log_err(1, "cannot open or create pidfile \"%s\"",
1955 			    newconf->conf_pidfile_path);
1956 		}
1957 	}
1958 
1959 	/*
1960 	 * Go through the new portal groups, assigning tags or preserving old.
1961 	 */
1962 	TAILQ_FOREACH(newpg, &newconf->conf_portal_groups, pg_next) {
1963 		if (newpg->pg_tag != 0)
1964 			continue;
1965 		oldpg = portal_group_find(oldconf, newpg->pg_name);
1966 		if (oldpg != NULL)
1967 			newpg->pg_tag = oldpg->pg_tag;
1968 		else
1969 			newpg->pg_tag = ++last_portal_group_tag;
1970 	}
1971 
1972 	/* Deregister on removed iSNS servers. */
1973 	TAILQ_FOREACH(oldns, &oldconf->conf_isns, i_next) {
1974 		TAILQ_FOREACH(newns, &newconf->conf_isns, i_next) {
1975 			if (strcmp(oldns->i_addr, newns->i_addr) == 0)
1976 				break;
1977 		}
1978 		if (newns == NULL)
1979 			isns_deregister(oldns);
1980 	}
1981 
1982 	/*
1983 	 * XXX: If target or lun removal fails, we should somehow "move"
1984 	 *      the old lun or target into newconf, so that subsequent
1985 	 *      conf_apply() would try to remove them again.  That would
1986 	 *      be somewhat hairy, though, and lun deletion failures don't
1987 	 *      really happen, so leave it as it is for now.
1988 	 */
1989 	/*
1990 	 * First, remove any ports present in the old configuration
1991 	 * and missing in the new one.
1992 	 */
1993 	TAILQ_FOREACH_SAFE(oldport, &oldconf->conf_ports, p_next, tmpport) {
1994 		if (port_is_dummy(oldport))
1995 			continue;
1996 		newport = port_find(newconf, oldport->p_name);
1997 		if (newport != NULL && !port_is_dummy(newport))
1998 			continue;
1999 		log_debugx("removing port \"%s\"", oldport->p_name);
2000 		error = kernel_port_remove(oldport);
2001 		if (error != 0) {
2002 			log_warnx("failed to remove port %s",
2003 			    oldport->p_name);
2004 			/*
2005 			 * XXX: Uncomment after fixing the root cause.
2006 			 *
2007 			 * cumulated_error++;
2008 			 */
2009 		}
2010 	}
2011 
2012 	/*
2013 	 * Second, remove any LUNs present in the old configuration
2014 	 * and missing in the new one.
2015 	 */
2016 	TAILQ_FOREACH_SAFE(oldlun, &oldconf->conf_luns, l_next, tmplun) {
2017 		newlun = lun_find(newconf, oldlun->l_name);
2018 		if (newlun == NULL) {
2019 			log_debugx("lun \"%s\", CTL lun %d "
2020 			    "not found in new configuration; "
2021 			    "removing", oldlun->l_name, oldlun->l_ctl_lun);
2022 			error = kernel_lun_remove(oldlun);
2023 			if (error != 0) {
2024 				log_warnx("failed to remove lun \"%s\", "
2025 				    "CTL lun %d",
2026 				    oldlun->l_name, oldlun->l_ctl_lun);
2027 				cumulated_error++;
2028 			}
2029 			continue;
2030 		}
2031 
2032 		/*
2033 		 * Also remove the LUNs changed by more than size.
2034 		 */
2035 		changed = 0;
2036 		assert(oldlun->l_backend != NULL);
2037 		assert(newlun->l_backend != NULL);
2038 		if (strcmp(newlun->l_backend, oldlun->l_backend) != 0) {
2039 			log_debugx("backend for lun \"%s\", "
2040 			    "CTL lun %d changed; removing",
2041 			    oldlun->l_name, oldlun->l_ctl_lun);
2042 			changed = 1;
2043 		}
2044 		if (oldlun->l_blocksize != newlun->l_blocksize) {
2045 			log_debugx("blocksize for lun \"%s\", "
2046 			    "CTL lun %d changed; removing",
2047 			    oldlun->l_name, oldlun->l_ctl_lun);
2048 			changed = 1;
2049 		}
2050 		if (newlun->l_device_id != NULL &&
2051 		    (oldlun->l_device_id == NULL ||
2052 		     strcmp(oldlun->l_device_id, newlun->l_device_id) !=
2053 		     0)) {
2054 			log_debugx("device-id for lun \"%s\", "
2055 			    "CTL lun %d changed; removing",
2056 			    oldlun->l_name, oldlun->l_ctl_lun);
2057 			changed = 1;
2058 		}
2059 		if (newlun->l_path != NULL &&
2060 		    (oldlun->l_path == NULL ||
2061 		     strcmp(oldlun->l_path, newlun->l_path) != 0)) {
2062 			log_debugx("path for lun \"%s\", "
2063 			    "CTL lun %d, changed; removing",
2064 			    oldlun->l_name, oldlun->l_ctl_lun);
2065 			changed = 1;
2066 		}
2067 		if (newlun->l_serial != NULL &&
2068 		    (oldlun->l_serial == NULL ||
2069 		     strcmp(oldlun->l_serial, newlun->l_serial) != 0)) {
2070 			log_debugx("serial for lun \"%s\", "
2071 			    "CTL lun %d changed; removing",
2072 			    oldlun->l_name, oldlun->l_ctl_lun);
2073 			changed = 1;
2074 		}
2075 		if (changed) {
2076 			error = kernel_lun_remove(oldlun);
2077 			if (error != 0) {
2078 				log_warnx("failed to remove lun \"%s\", "
2079 				    "CTL lun %d",
2080 				    oldlun->l_name, oldlun->l_ctl_lun);
2081 				cumulated_error++;
2082 			}
2083 			lun_delete(oldlun);
2084 			continue;
2085 		}
2086 
2087 		lun_set_ctl_lun(newlun, oldlun->l_ctl_lun);
2088 	}
2089 
2090 	TAILQ_FOREACH_SAFE(newlun, &newconf->conf_luns, l_next, tmplun) {
2091 		oldlun = lun_find(oldconf, newlun->l_name);
2092 		if (oldlun != NULL) {
2093 			log_debugx("modifying lun \"%s\", CTL lun %d",
2094 			    newlun->l_name, newlun->l_ctl_lun);
2095 			error = kernel_lun_modify(newlun);
2096 			if (error != 0) {
2097 				log_warnx("failed to "
2098 				    "modify lun \"%s\", CTL lun %d",
2099 				    newlun->l_name, newlun->l_ctl_lun);
2100 				cumulated_error++;
2101 			}
2102 			continue;
2103 		}
2104 		log_debugx("adding lun \"%s\"", newlun->l_name);
2105 		error = kernel_lun_add(newlun);
2106 		if (error != 0) {
2107 			log_warnx("failed to add lun \"%s\"", newlun->l_name);
2108 			lun_delete(newlun);
2109 			cumulated_error++;
2110 		}
2111 	}
2112 
2113 	/*
2114 	 * Now add new ports or modify existing ones.
2115 	 */
2116 	TAILQ_FOREACH_SAFE(newport, &newconf->conf_ports, p_next, tmpport) {
2117 		if (port_is_dummy(newport))
2118 			continue;
2119 		oldport = port_find(oldconf, newport->p_name);
2120 
2121 		if (oldport == NULL || port_is_dummy(oldport)) {
2122 			log_debugx("adding port \"%s\"", newport->p_name);
2123 			error = kernel_port_add(newport);
2124 		} else {
2125 			log_debugx("updating port \"%s\"", newport->p_name);
2126 			newport->p_ctl_port = oldport->p_ctl_port;
2127 			error = kernel_port_update(newport, oldport);
2128 		}
2129 		if (error != 0) {
2130 			log_warnx("failed to %s port %s",
2131 			    (oldport == NULL) ? "add" : "update",
2132 			    newport->p_name);
2133 			if (oldport == NULL || port_is_dummy(oldport))
2134 				port_delete(newport);
2135 			/*
2136 			 * XXX: Uncomment after fixing the root cause.
2137 			 *
2138 			 * cumulated_error++;
2139 			 */
2140 		}
2141 	}
2142 
2143 	/*
2144 	 * Go through the new portals, opening the sockets as necessary.
2145 	 */
2146 	TAILQ_FOREACH(newpg, &newconf->conf_portal_groups, pg_next) {
2147 		if (newpg->pg_foreign)
2148 			continue;
2149 		if (newpg->pg_unassigned) {
2150 			log_debugx("not listening on portal-group \"%s\", "
2151 			    "not assigned to any target",
2152 			    newpg->pg_name);
2153 			continue;
2154 		}
2155 		TAILQ_FOREACH(newp, &newpg->pg_portals, p_next) {
2156 			/*
2157 			 * Try to find already open portal and reuse
2158 			 * the listening socket.  We don't care about
2159 			 * what portal or portal group that was, what
2160 			 * matters is the listening address.
2161 			 */
2162 			TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups,
2163 			    pg_next) {
2164 				TAILQ_FOREACH(oldp, &oldpg->pg_portals,
2165 				    p_next) {
2166 					if (strcmp(newp->p_listen,
2167 					    oldp->p_listen) == 0 &&
2168 					    oldp->p_socket > 0) {
2169 						newp->p_socket =
2170 						    oldp->p_socket;
2171 						oldp->p_socket = 0;
2172 						break;
2173 					}
2174 				}
2175 			}
2176 			if (newp->p_socket > 0) {
2177 				/*
2178 				 * We're done with this portal.
2179 				 */
2180 				continue;
2181 			}
2182 
2183 #ifdef ICL_KERNEL_PROXY
2184 			if (proxy_mode) {
2185 				newpg->pg_conf->conf_portal_id++;
2186 				newp->p_id = newpg->pg_conf->conf_portal_id;
2187 				log_debugx("listening on %s, portal-group "
2188 				    "\"%s\", portal id %d, using ICL proxy",
2189 				    newp->p_listen, newpg->pg_name, newp->p_id);
2190 				kernel_listen(newp->p_ai, newp->p_iser,
2191 				    newp->p_id);
2192 				continue;
2193 			}
2194 #endif
2195 			assert(proxy_mode == false);
2196 			assert(newp->p_iser == false);
2197 
2198 			log_debugx("listening on %s, portal-group \"%s\"",
2199 			    newp->p_listen, newpg->pg_name);
2200 			newp->p_socket = socket(newp->p_ai->ai_family,
2201 			    newp->p_ai->ai_socktype,
2202 			    newp->p_ai->ai_protocol);
2203 			if (newp->p_socket < 0) {
2204 				log_warn("socket(2) failed for %s",
2205 				    newp->p_listen);
2206 				cumulated_error++;
2207 				continue;
2208 			}
2209 			sockbuf = SOCKBUF_SIZE;
2210 			if (setsockopt(newp->p_socket, SOL_SOCKET, SO_RCVBUF,
2211 			    &sockbuf, sizeof(sockbuf)) == -1)
2212 				log_warn("setsockopt(SO_RCVBUF) failed "
2213 				    "for %s", newp->p_listen);
2214 			sockbuf = SOCKBUF_SIZE;
2215 			if (setsockopt(newp->p_socket, SOL_SOCKET, SO_SNDBUF,
2216 			    &sockbuf, sizeof(sockbuf)) == -1)
2217 				log_warn("setsockopt(SO_SNDBUF) failed "
2218 				    "for %s", newp->p_listen);
2219 			if (setsockopt(newp->p_socket, SOL_SOCKET, SO_NO_DDP,
2220 			    &one, sizeof(one)) == -1)
2221 				log_warn("setsockopt(SO_NO_DDP) failed "
2222 				    "for %s", newp->p_listen);
2223 			error = setsockopt(newp->p_socket, SOL_SOCKET,
2224 			    SO_REUSEADDR, &one, sizeof(one));
2225 			if (error != 0) {
2226 				log_warn("setsockopt(SO_REUSEADDR) failed "
2227 				    "for %s", newp->p_listen);
2228 				close(newp->p_socket);
2229 				newp->p_socket = 0;
2230 				cumulated_error++;
2231 				continue;
2232 			}
2233 			if (newpg->pg_dscp != -1) {
2234 				struct sockaddr sa;
2235 				int len = sizeof(sa);
2236 				getsockname(newp->p_socket, &sa, &len);
2237 				/*
2238 				 * Only allow the 6-bit DSCP
2239 				 * field to be modified
2240 				 */
2241 				int tos = newpg->pg_dscp << 2;
2242 				if (sa.sa_family == AF_INET) {
2243 					if (setsockopt(newp->p_socket,
2244 					    IPPROTO_IP, IP_TOS,
2245 					    &tos, sizeof(tos)) == -1)
2246 						log_warn("setsockopt(IP_TOS) "
2247 						    "failed for %s",
2248 						    newp->p_listen);
2249 				} else
2250 				if (sa.sa_family == AF_INET6) {
2251 					if (setsockopt(newp->p_socket,
2252 					    IPPROTO_IPV6, IPV6_TCLASS,
2253 					    &tos, sizeof(tos)) == -1)
2254 						log_warn("setsockopt(IPV6_TCLASS) "
2255 						    "failed for %s",
2256 						    newp->p_listen);
2257 				}
2258 			}
2259 			if (newpg->pg_pcp != -1) {
2260 				struct sockaddr sa;
2261 				int len = sizeof(sa);
2262 				getsockname(newp->p_socket, &sa, &len);
2263 				/*
2264 				 * Only allow the 6-bit DSCP
2265 				 * field to be modified
2266 				 */
2267 				int pcp = newpg->pg_pcp;
2268 				if (sa.sa_family == AF_INET) {
2269 					if (setsockopt(newp->p_socket,
2270 					    IPPROTO_IP, IP_VLAN_PCP,
2271 					    &pcp, sizeof(pcp)) == -1)
2272 						log_warn("setsockopt(IP_VLAN_PCP) "
2273 						    "failed for %s",
2274 						    newp->p_listen);
2275 				} else
2276 				if (sa.sa_family == AF_INET6) {
2277 					if (setsockopt(newp->p_socket,
2278 					    IPPROTO_IPV6, IPV6_VLAN_PCP,
2279 					    &pcp, sizeof(pcp)) == -1)
2280 						log_warn("setsockopt(IPV6_VLAN_PCP) "
2281 						    "failed for %s",
2282 						    newp->p_listen);
2283 				}
2284 			}
2285 			error = bind(newp->p_socket, newp->p_ai->ai_addr,
2286 			    newp->p_ai->ai_addrlen);
2287 			if (error != 0) {
2288 				log_warn("bind(2) failed for %s",
2289 				    newp->p_listen);
2290 				close(newp->p_socket);
2291 				newp->p_socket = 0;
2292 				cumulated_error++;
2293 				continue;
2294 			}
2295 			error = listen(newp->p_socket, -1);
2296 			if (error != 0) {
2297 				log_warn("listen(2) failed for %s",
2298 				    newp->p_listen);
2299 				close(newp->p_socket);
2300 				newp->p_socket = 0;
2301 				cumulated_error++;
2302 				continue;
2303 			}
2304 		}
2305 	}
2306 
2307 	/*
2308 	 * Go through the no longer used sockets, closing them.
2309 	 */
2310 	TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups, pg_next) {
2311 		TAILQ_FOREACH(oldp, &oldpg->pg_portals, p_next) {
2312 			if (oldp->p_socket <= 0)
2313 				continue;
2314 			log_debugx("closing socket for %s, portal-group \"%s\"",
2315 			    oldp->p_listen, oldpg->pg_name);
2316 			close(oldp->p_socket);
2317 			oldp->p_socket = 0;
2318 		}
2319 	}
2320 
2321 	/* (Re-)Register on remaining/new iSNS servers. */
2322 	TAILQ_FOREACH(newns, &newconf->conf_isns, i_next) {
2323 		TAILQ_FOREACH(oldns, &oldconf->conf_isns, i_next) {
2324 			if (strcmp(oldns->i_addr, newns->i_addr) == 0)
2325 				break;
2326 		}
2327 		isns_register(newns, oldns);
2328 	}
2329 
2330 	/* Schedule iSNS update */
2331 	if (!TAILQ_EMPTY(&newconf->conf_isns))
2332 		set_timeout((newconf->conf_isns_period + 2) / 3, false);
2333 
2334 	return (cumulated_error);
2335 }
2336 
2337 static bool
2338 timed_out(void)
2339 {
2340 
2341 	return (sigalrm_received);
2342 }
2343 
2344 static void
2345 sigalrm_handler_fatal(int dummy __unused)
2346 {
2347 	/*
2348 	 * It would be easiest to just log an error and exit.  We can't
2349 	 * do this, though, because log_errx() is not signal safe, since
2350 	 * it calls syslog(3).  Instead, set a flag checked by pdu_send()
2351 	 * and pdu_receive(), to call log_errx() there.  Should they fail
2352 	 * to notice, we'll exit here one second later.
2353 	 */
2354 	if (sigalrm_received) {
2355 		/*
2356 		 * Oh well.  Just give up and quit.
2357 		 */
2358 		_exit(2);
2359 	}
2360 
2361 	sigalrm_received = true;
2362 }
2363 
2364 static void
2365 sigalrm_handler(int dummy __unused)
2366 {
2367 
2368 	sigalrm_received = true;
2369 }
2370 
2371 void
2372 set_timeout(int timeout, int fatal)
2373 {
2374 	struct sigaction sa;
2375 	struct itimerval itv;
2376 	int error;
2377 
2378 	if (timeout <= 0) {
2379 		log_debugx("session timeout disabled");
2380 		bzero(&itv, sizeof(itv));
2381 		error = setitimer(ITIMER_REAL, &itv, NULL);
2382 		if (error != 0)
2383 			log_err(1, "setitimer");
2384 		sigalrm_received = false;
2385 		return;
2386 	}
2387 
2388 	sigalrm_received = false;
2389 	bzero(&sa, sizeof(sa));
2390 	if (fatal)
2391 		sa.sa_handler = sigalrm_handler_fatal;
2392 	else
2393 		sa.sa_handler = sigalrm_handler;
2394 	sigfillset(&sa.sa_mask);
2395 	error = sigaction(SIGALRM, &sa, NULL);
2396 	if (error != 0)
2397 		log_err(1, "sigaction");
2398 
2399 	/*
2400 	 * First SIGALRM will arive after conf_timeout seconds.
2401 	 * If we do nothing, another one will arrive a second later.
2402 	 */
2403 	log_debugx("setting session timeout to %d seconds", timeout);
2404 	bzero(&itv, sizeof(itv));
2405 	itv.it_interval.tv_sec = 1;
2406 	itv.it_value.tv_sec = timeout;
2407 	error = setitimer(ITIMER_REAL, &itv, NULL);
2408 	if (error != 0)
2409 		log_err(1, "setitimer");
2410 }
2411 
2412 static int
2413 wait_for_children(bool block)
2414 {
2415 	pid_t pid;
2416 	int status;
2417 	int num = 0;
2418 
2419 	for (;;) {
2420 		/*
2421 		 * If "block" is true, wait for at least one process.
2422 		 */
2423 		if (block && num == 0)
2424 			pid = wait4(-1, &status, 0, NULL);
2425 		else
2426 			pid = wait4(-1, &status, WNOHANG, NULL);
2427 		if (pid <= 0)
2428 			break;
2429 		if (WIFSIGNALED(status)) {
2430 			log_warnx("child process %d terminated with signal %d",
2431 			    pid, WTERMSIG(status));
2432 		} else if (WEXITSTATUS(status) != 0) {
2433 			log_warnx("child process %d terminated with exit status %d",
2434 			    pid, WEXITSTATUS(status));
2435 		} else {
2436 			log_debugx("child process %d terminated gracefully", pid);
2437 		}
2438 		num++;
2439 	}
2440 
2441 	return (num);
2442 }
2443 
2444 static void
2445 handle_connection(struct portal *portal, int fd,
2446     const struct sockaddr *client_sa, bool dont_fork)
2447 {
2448 	struct ctld_connection *conn;
2449 	int error;
2450 	pid_t pid;
2451 	char host[NI_MAXHOST + 1];
2452 	struct conf *conf;
2453 
2454 	conf = portal->p_portal_group->pg_conf;
2455 
2456 	if (dont_fork) {
2457 		log_debugx("incoming connection; not forking due to -d flag");
2458 	} else {
2459 		nchildren -= wait_for_children(false);
2460 		assert(nchildren >= 0);
2461 
2462 		while (conf->conf_maxproc > 0 && nchildren >= conf->conf_maxproc) {
2463 			log_debugx("maxproc limit of %d child processes hit; "
2464 			    "waiting for child process to exit", conf->conf_maxproc);
2465 			nchildren -= wait_for_children(true);
2466 			assert(nchildren >= 0);
2467 		}
2468 		log_debugx("incoming connection; forking child process #%d",
2469 		    nchildren);
2470 		nchildren++;
2471 		pid = fork();
2472 		if (pid < 0)
2473 			log_err(1, "fork");
2474 		if (pid > 0) {
2475 			close(fd);
2476 			return;
2477 		}
2478 	}
2479 	pidfile_close(conf->conf_pidfh);
2480 
2481 	error = getnameinfo(client_sa, client_sa->sa_len,
2482 	    host, sizeof(host), NULL, 0, NI_NUMERICHOST);
2483 	if (error != 0)
2484 		log_errx(1, "getnameinfo: %s", gai_strerror(error));
2485 
2486 	log_debugx("accepted connection from %s; portal group \"%s\"",
2487 	    host, portal->p_portal_group->pg_name);
2488 	log_set_peer_addr(host);
2489 	setproctitle("%s", host);
2490 
2491 	conn = connection_new(portal, fd, host, client_sa);
2492 	set_timeout(conf->conf_timeout, true);
2493 	kernel_capsicate();
2494 	login(conn);
2495 	if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) {
2496 		kernel_handoff(conn);
2497 		log_debugx("connection handed off to the kernel");
2498 	} else {
2499 		assert(conn->conn_session_type == CONN_SESSION_TYPE_DISCOVERY);
2500 		discovery(conn);
2501 	}
2502 	log_debugx("nothing more to do; exiting");
2503 	exit(0);
2504 }
2505 
2506 static int
2507 fd_add(int fd, fd_set *fdset, int nfds)
2508 {
2509 
2510 	/*
2511 	 * Skip sockets which we failed to bind.
2512 	 */
2513 	if (fd <= 0)
2514 		return (nfds);
2515 
2516 	FD_SET(fd, fdset);
2517 	if (fd > nfds)
2518 		nfds = fd;
2519 	return (nfds);
2520 }
2521 
2522 static void
2523 main_loop(struct conf *conf, bool dont_fork)
2524 {
2525 	struct portal_group *pg;
2526 	struct portal *portal;
2527 	struct sockaddr_storage client_sa;
2528 	socklen_t client_salen;
2529 #ifdef ICL_KERNEL_PROXY
2530 	int connection_id;
2531 	int portal_id;
2532 #endif
2533 	fd_set fdset;
2534 	int error, nfds, client_fd;
2535 
2536 	pidfile_write(conf->conf_pidfh);
2537 
2538 	for (;;) {
2539 		if (sighup_received || sigterm_received || timed_out())
2540 			return;
2541 
2542 #ifdef ICL_KERNEL_PROXY
2543 		if (proxy_mode) {
2544 			client_salen = sizeof(client_sa);
2545 			kernel_accept(&connection_id, &portal_id,
2546 			    (struct sockaddr *)&client_sa, &client_salen);
2547 			assert(client_salen >= client_sa.ss_len);
2548 
2549 			log_debugx("incoming connection, id %d, portal id %d",
2550 			    connection_id, portal_id);
2551 			TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
2552 				TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
2553 					if (portal->p_id == portal_id) {
2554 						goto found;
2555 					}
2556 				}
2557 			}
2558 
2559 			log_errx(1, "kernel returned invalid portal_id %d",
2560 			    portal_id);
2561 
2562 found:
2563 			handle_connection(portal, connection_id,
2564 			    (struct sockaddr *)&client_sa, dont_fork);
2565 		} else {
2566 #endif
2567 			assert(proxy_mode == false);
2568 
2569 			FD_ZERO(&fdset);
2570 			nfds = 0;
2571 			TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
2572 				TAILQ_FOREACH(portal, &pg->pg_portals, p_next)
2573 					nfds = fd_add(portal->p_socket, &fdset, nfds);
2574 			}
2575 			error = select(nfds + 1, &fdset, NULL, NULL, NULL);
2576 			if (error <= 0) {
2577 				if (errno == EINTR)
2578 					return;
2579 				log_err(1, "select");
2580 			}
2581 			TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
2582 				TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
2583 					if (!FD_ISSET(portal->p_socket, &fdset))
2584 						continue;
2585 					client_salen = sizeof(client_sa);
2586 					client_fd = accept(portal->p_socket,
2587 					    (struct sockaddr *)&client_sa,
2588 					    &client_salen);
2589 					if (client_fd < 0) {
2590 						if (errno == ECONNABORTED)
2591 							continue;
2592 						log_err(1, "accept");
2593 					}
2594 					assert(client_salen >= client_sa.ss_len);
2595 
2596 					handle_connection(portal, client_fd,
2597 					    (struct sockaddr *)&client_sa,
2598 					    dont_fork);
2599 					break;
2600 				}
2601 			}
2602 #ifdef ICL_KERNEL_PROXY
2603 		}
2604 #endif
2605 	}
2606 }
2607 
2608 static void
2609 sighup_handler(int dummy __unused)
2610 {
2611 
2612 	sighup_received = true;
2613 }
2614 
2615 static void
2616 sigterm_handler(int dummy __unused)
2617 {
2618 
2619 	sigterm_received = true;
2620 }
2621 
2622 static void
2623 sigchld_handler(int dummy __unused)
2624 {
2625 
2626 	/*
2627 	 * The only purpose of this handler is to make SIGCHLD
2628 	 * interrupt the ISCSIDWAIT ioctl(2), so we can call
2629 	 * wait_for_children().
2630 	 */
2631 }
2632 
2633 static void
2634 register_signals(void)
2635 {
2636 	struct sigaction sa;
2637 	int error;
2638 
2639 	bzero(&sa, sizeof(sa));
2640 	sa.sa_handler = sighup_handler;
2641 	sigfillset(&sa.sa_mask);
2642 	error = sigaction(SIGHUP, &sa, NULL);
2643 	if (error != 0)
2644 		log_err(1, "sigaction");
2645 
2646 	sa.sa_handler = sigterm_handler;
2647 	error = sigaction(SIGTERM, &sa, NULL);
2648 	if (error != 0)
2649 		log_err(1, "sigaction");
2650 
2651 	sa.sa_handler = sigterm_handler;
2652 	error = sigaction(SIGINT, &sa, NULL);
2653 	if (error != 0)
2654 		log_err(1, "sigaction");
2655 
2656 	sa.sa_handler = sigchld_handler;
2657 	error = sigaction(SIGCHLD, &sa, NULL);
2658 	if (error != 0)
2659 		log_err(1, "sigaction");
2660 }
2661 
2662 static void
2663 check_perms(const char *path)
2664 {
2665 	struct stat sb;
2666 	int error;
2667 
2668 	error = stat(path, &sb);
2669 	if (error != 0) {
2670 		log_warn("stat");
2671 		return;
2672 	}
2673 	if (sb.st_mode & S_IWOTH) {
2674 		log_warnx("%s is world-writable", path);
2675 	} else if (sb.st_mode & S_IROTH) {
2676 		log_warnx("%s is world-readable", path);
2677 	} else if (sb.st_mode & S_IXOTH) {
2678 		/*
2679 		 * Ok, this one doesn't matter, but still do it,
2680 		 * just for consistency.
2681 		 */
2682 		log_warnx("%s is world-executable", path);
2683 	}
2684 
2685 	/*
2686 	 * XXX: Should we also check for owner != 0?
2687 	 */
2688 }
2689 
2690 static struct conf *
2691 conf_new_from_file(const char *path, struct conf *oldconf, bool ucl)
2692 {
2693 	struct conf *conf;
2694 	struct auth_group *ag;
2695 	struct portal_group *pg;
2696 	struct pport *pp;
2697 	int error;
2698 
2699 	log_debugx("obtaining configuration from %s", path);
2700 
2701 	conf = conf_new();
2702 
2703 	TAILQ_FOREACH(pp, &oldconf->conf_pports, pp_next)
2704 		pport_copy(pp, conf);
2705 
2706 	ag = auth_group_new(conf, "default");
2707 	assert(ag != NULL);
2708 
2709 	ag = auth_group_new(conf, "no-authentication");
2710 	assert(ag != NULL);
2711 	ag->ag_type = AG_TYPE_NO_AUTHENTICATION;
2712 
2713 	ag = auth_group_new(conf, "no-access");
2714 	assert(ag != NULL);
2715 	ag->ag_type = AG_TYPE_DENY;
2716 
2717 	pg = portal_group_new(conf, "default");
2718 	assert(pg != NULL);
2719 
2720 	if (ucl)
2721 		error = uclparse_conf(conf, path);
2722 	else
2723 		error = parse_conf(conf, path);
2724 
2725 	if (error != 0) {
2726 		conf_delete(conf);
2727 		return (NULL);
2728 	}
2729 
2730 	check_perms(path);
2731 
2732 	if (conf->conf_default_ag_defined == false) {
2733 		log_debugx("auth-group \"default\" not defined; "
2734 		    "going with defaults");
2735 		ag = auth_group_find(conf, "default");
2736 		assert(ag != NULL);
2737 		ag->ag_type = AG_TYPE_DENY;
2738 	}
2739 
2740 	if (conf->conf_default_pg_defined == false) {
2741 		log_debugx("portal-group \"default\" not defined; "
2742 		    "going with defaults");
2743 		pg = portal_group_find(conf, "default");
2744 		assert(pg != NULL);
2745 		portal_group_add_listen(pg, "0.0.0.0:3260", false);
2746 		portal_group_add_listen(pg, "[::]:3260", false);
2747 	}
2748 
2749 	conf->conf_kernel_port_on = true;
2750 
2751 	error = conf_verify(conf);
2752 	if (error != 0) {
2753 		conf_delete(conf);
2754 		return (NULL);
2755 	}
2756 
2757 	return (conf);
2758 }
2759 
2760 int
2761 main(int argc, char **argv)
2762 {
2763 	struct conf *oldconf, *newconf, *tmpconf;
2764 	struct isns *newns;
2765 	const char *config_path = DEFAULT_CONFIG_PATH;
2766 	int debug = 0, ch, error;
2767 	bool dont_daemonize = false;
2768 	bool test_config = false;
2769 	bool use_ucl = false;
2770 
2771 	while ((ch = getopt(argc, argv, "dtuf:R")) != -1) {
2772 		switch (ch) {
2773 		case 'd':
2774 			dont_daemonize = true;
2775 			debug++;
2776 			break;
2777 		case 't':
2778 			test_config = true;
2779 			break;
2780 		case 'u':
2781 			use_ucl = true;
2782 			break;
2783 		case 'f':
2784 			config_path = optarg;
2785 			break;
2786 		case 'R':
2787 #ifndef ICL_KERNEL_PROXY
2788 			log_errx(1, "ctld(8) compiled without ICL_KERNEL_PROXY "
2789 			    "does not support iSER protocol");
2790 #endif
2791 			proxy_mode = true;
2792 			break;
2793 		case '?':
2794 		default:
2795 			usage();
2796 		}
2797 	}
2798 	argc -= optind;
2799 	if (argc != 0)
2800 		usage();
2801 
2802 	log_init(debug);
2803 	kernel_init();
2804 
2805 	oldconf = conf_new_from_kernel();
2806 	newconf = conf_new_from_file(config_path, oldconf, use_ucl);
2807 
2808 	if (newconf == NULL)
2809 		log_errx(1, "configuration error; exiting");
2810 
2811 	if (test_config)
2812 		return (0);
2813 
2814 	if (debug > 0) {
2815 		oldconf->conf_debug = debug;
2816 		newconf->conf_debug = debug;
2817 	}
2818 
2819 	error = conf_apply(oldconf, newconf);
2820 	if (error != 0)
2821 		log_errx(1, "failed to apply configuration; exiting");
2822 
2823 	conf_delete(oldconf);
2824 	oldconf = NULL;
2825 
2826 	register_signals();
2827 
2828 	if (dont_daemonize == false) {
2829 		log_debugx("daemonizing");
2830 		if (daemon(0, 0) == -1) {
2831 			log_warn("cannot daemonize");
2832 			pidfile_remove(newconf->conf_pidfh);
2833 			exit(1);
2834 		}
2835 	}
2836 
2837 	/* Schedule iSNS update */
2838 	if (!TAILQ_EMPTY(&newconf->conf_isns))
2839 		set_timeout((newconf->conf_isns_period + 2) / 3, false);
2840 
2841 	for (;;) {
2842 		main_loop(newconf, dont_daemonize);
2843 		if (sighup_received) {
2844 			sighup_received = false;
2845 			log_debugx("received SIGHUP, reloading configuration");
2846 			tmpconf = conf_new_from_file(config_path, newconf,
2847 			    use_ucl);
2848 
2849 			if (tmpconf == NULL) {
2850 				log_warnx("configuration error, "
2851 				    "continuing with old configuration");
2852 			} else {
2853 				if (debug > 0)
2854 					tmpconf->conf_debug = debug;
2855 				oldconf = newconf;
2856 				newconf = tmpconf;
2857 				error = conf_apply(oldconf, newconf);
2858 				if (error != 0)
2859 					log_warnx("failed to reload "
2860 					    "configuration");
2861 				conf_delete(oldconf);
2862 				oldconf = NULL;
2863 			}
2864 		} else if (sigterm_received) {
2865 			log_debugx("exiting on signal; "
2866 			    "reloading empty configuration");
2867 
2868 			log_debugx("removing CTL iSCSI ports "
2869 			    "and terminating all connections");
2870 
2871 			oldconf = newconf;
2872 			newconf = conf_new();
2873 			if (debug > 0)
2874 				newconf->conf_debug = debug;
2875 			error = conf_apply(oldconf, newconf);
2876 			if (error != 0)
2877 				log_warnx("failed to apply configuration");
2878 			conf_delete(oldconf);
2879 			oldconf = NULL;
2880 
2881 			log_warnx("exiting on signal");
2882 			exit(0);
2883 		} else {
2884 			nchildren -= wait_for_children(false);
2885 			assert(nchildren >= 0);
2886 			if (timed_out()) {
2887 				set_timeout(0, false);
2888 				TAILQ_FOREACH(newns, &newconf->conf_isns, i_next)
2889 					isns_check(newns);
2890 				/* Schedule iSNS update */
2891 				if (!TAILQ_EMPTY(&newconf->conf_isns)) {
2892 					set_timeout((newconf->conf_isns_period
2893 					    + 2) / 3,
2894 					    false);
2895 				}
2896 			}
2897 		}
2898 	}
2899 	/* NOTREACHED */
2900 }
2901