1 /*- 2 * Copyright (c) 2012 The FreeBSD Foundation 3 * All rights reserved. 4 * 5 * This software was developed by Edward Tomasz Napierala under sponsorship 6 * from the FreeBSD Foundation. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $FreeBSD$ 30 */ 31 32 #include <sys/types.h> 33 #include <sys/time.h> 34 #include <sys/socket.h> 35 #include <sys/wait.h> 36 #include <netinet/in.h> 37 #include <assert.h> 38 #include <ctype.h> 39 #include <errno.h> 40 #include <netdb.h> 41 #include <signal.h> 42 #include <stdbool.h> 43 #include <stdio.h> 44 #include <stdint.h> 45 #include <stdlib.h> 46 #include <string.h> 47 #include <unistd.h> 48 49 #include "ctld.h" 50 51 bool proxy_mode = false; 52 53 static volatile bool sighup_received = false; 54 static volatile bool sigterm_received = false; 55 static volatile bool sigalrm_received = false; 56 57 static int nchildren = 0; 58 59 static void 60 usage(void) 61 { 62 63 fprintf(stderr, "usage: ctld [-d][-f config-file]\n"); 64 exit(1); 65 } 66 67 char * 68 checked_strdup(const char *s) 69 { 70 char *c; 71 72 c = strdup(s); 73 if (c == NULL) 74 log_err(1, "strdup"); 75 return (c); 76 } 77 78 struct conf * 79 conf_new(void) 80 { 81 struct conf *conf; 82 83 conf = calloc(1, sizeof(*conf)); 84 if (conf == NULL) 85 log_err(1, "calloc"); 86 TAILQ_INIT(&conf->conf_targets); 87 TAILQ_INIT(&conf->conf_auth_groups); 88 TAILQ_INIT(&conf->conf_portal_groups); 89 90 conf->conf_debug = 0; 91 conf->conf_timeout = 60; 92 conf->conf_maxproc = 30; 93 94 return (conf); 95 } 96 97 void 98 conf_delete(struct conf *conf) 99 { 100 struct target *targ, *tmp; 101 struct auth_group *ag, *cagtmp; 102 struct portal_group *pg, *cpgtmp; 103 104 assert(conf->conf_pidfh == NULL); 105 106 TAILQ_FOREACH_SAFE(targ, &conf->conf_targets, t_next, tmp) 107 target_delete(targ); 108 TAILQ_FOREACH_SAFE(ag, &conf->conf_auth_groups, ag_next, cagtmp) 109 auth_group_delete(ag); 110 TAILQ_FOREACH_SAFE(pg, &conf->conf_portal_groups, pg_next, cpgtmp) 111 portal_group_delete(pg); 112 free(conf->conf_pidfile_path); 113 free(conf); 114 } 115 116 static struct auth * 117 auth_new(struct auth_group *ag) 118 { 119 struct auth *auth; 120 121 auth = calloc(1, sizeof(*auth)); 122 if (auth == NULL) 123 log_err(1, "calloc"); 124 auth->a_auth_group = ag; 125 TAILQ_INSERT_TAIL(&ag->ag_auths, auth, a_next); 126 return (auth); 127 } 128 129 static void 130 auth_delete(struct auth *auth) 131 { 132 TAILQ_REMOVE(&auth->a_auth_group->ag_auths, auth, a_next); 133 134 free(auth->a_user); 135 free(auth->a_secret); 136 free(auth->a_mutual_user); 137 free(auth->a_mutual_secret); 138 free(auth); 139 } 140 141 const struct auth * 142 auth_find(const struct auth_group *ag, const char *user) 143 { 144 const struct auth *auth; 145 146 TAILQ_FOREACH(auth, &ag->ag_auths, a_next) { 147 if (strcmp(auth->a_user, user) == 0) 148 return (auth); 149 } 150 151 return (NULL); 152 } 153 154 static void 155 auth_check_secret_length(struct auth *auth) 156 { 157 size_t len; 158 159 len = strlen(auth->a_secret); 160 if (len > 16) { 161 if (auth->a_auth_group->ag_name != NULL) 162 log_warnx("secret for user \"%s\", auth-group \"%s\", " 163 "is too long; it should be at most 16 characters " 164 "long", auth->a_user, auth->a_auth_group->ag_name); 165 else 166 log_warnx("secret for user \"%s\", target \"%s\", " 167 "is too long; it should be at most 16 characters " 168 "long", auth->a_user, 169 auth->a_auth_group->ag_target->t_name); 170 } 171 if (len < 12) { 172 if (auth->a_auth_group->ag_name != NULL) 173 log_warnx("secret for user \"%s\", auth-group \"%s\", " 174 "is too short; it should be at least 12 characters " 175 "long", auth->a_user, 176 auth->a_auth_group->ag_name); 177 else 178 log_warnx("secret for user \"%s\", target \"%s\", " 179 "is too short; it should be at least 16 characters " 180 "long", auth->a_user, 181 auth->a_auth_group->ag_target->t_name); 182 } 183 184 if (auth->a_mutual_secret != NULL) { 185 len = strlen(auth->a_secret); 186 if (len > 16) { 187 if (auth->a_auth_group->ag_name != NULL) 188 log_warnx("mutual secret for user \"%s\", " 189 "auth-group \"%s\", is too long; it should " 190 "be at most 16 characters long", 191 auth->a_user, auth->a_auth_group->ag_name); 192 else 193 log_warnx("mutual secret for user \"%s\", " 194 "target \"%s\", is too long; it should " 195 "be at most 16 characters long", 196 auth->a_user, 197 auth->a_auth_group->ag_target->t_name); 198 } 199 if (len < 12) { 200 if (auth->a_auth_group->ag_name != NULL) 201 log_warnx("mutual secret for user \"%s\", " 202 "auth-group \"%s\", is too short; it " 203 "should be at least 12 characters long", 204 auth->a_user, auth->a_auth_group->ag_name); 205 else 206 log_warnx("mutual secret for user \"%s\", " 207 "target \"%s\", is too short; it should be " 208 "at least 16 characters long", 209 auth->a_user, 210 auth->a_auth_group->ag_target->t_name); 211 } 212 } 213 } 214 215 const struct auth * 216 auth_new_chap(struct auth_group *ag, const char *user, 217 const char *secret) 218 { 219 struct auth *auth; 220 221 if (ag->ag_type == AG_TYPE_UNKNOWN) 222 ag->ag_type = AG_TYPE_CHAP; 223 if (ag->ag_type != AG_TYPE_CHAP) { 224 if (ag->ag_name != NULL) 225 log_warnx("cannot mix \"chap\" authentication with " 226 "other types for auth-group \"%s\"", ag->ag_name); 227 else 228 log_warnx("cannot mix \"chap\" authentication with " 229 "other types for target \"%s\"", 230 ag->ag_target->t_name); 231 return (NULL); 232 } 233 234 auth = auth_new(ag); 235 auth->a_user = checked_strdup(user); 236 auth->a_secret = checked_strdup(secret); 237 238 auth_check_secret_length(auth); 239 240 return (auth); 241 } 242 243 const struct auth * 244 auth_new_chap_mutual(struct auth_group *ag, const char *user, 245 const char *secret, const char *user2, const char *secret2) 246 { 247 struct auth *auth; 248 249 if (ag->ag_type == AG_TYPE_UNKNOWN) 250 ag->ag_type = AG_TYPE_CHAP_MUTUAL; 251 if (ag->ag_type != AG_TYPE_CHAP_MUTUAL) { 252 if (ag->ag_name != NULL) 253 log_warnx("cannot mix \"chap-mutual\" authentication " 254 "with other types for auth-group \"%s\"", 255 ag->ag_name); 256 else 257 log_warnx("cannot mix \"chap-mutual\" authentication " 258 "with other types for target \"%s\"", 259 ag->ag_target->t_name); 260 return (NULL); 261 } 262 263 auth = auth_new(ag); 264 auth->a_user = checked_strdup(user); 265 auth->a_secret = checked_strdup(secret); 266 auth->a_mutual_user = checked_strdup(user2); 267 auth->a_mutual_secret = checked_strdup(secret2); 268 269 auth_check_secret_length(auth); 270 271 return (auth); 272 } 273 274 const struct auth_name * 275 auth_name_new(struct auth_group *ag, const char *name) 276 { 277 struct auth_name *an; 278 279 an = calloc(1, sizeof(*an)); 280 if (an == NULL) 281 log_err(1, "calloc"); 282 an->an_auth_group = ag; 283 an->an_initator_name = checked_strdup(name); 284 TAILQ_INSERT_TAIL(&ag->ag_names, an, an_next); 285 return (an); 286 } 287 288 static void 289 auth_name_delete(struct auth_name *an) 290 { 291 TAILQ_REMOVE(&an->an_auth_group->ag_names, an, an_next); 292 293 free(an->an_initator_name); 294 free(an); 295 } 296 297 bool 298 auth_name_defined(const struct auth_group *ag) 299 { 300 if (TAILQ_EMPTY(&ag->ag_names)) 301 return (false); 302 return (true); 303 } 304 305 const struct auth_name * 306 auth_name_find(const struct auth_group *ag, const char *name) 307 { 308 const struct auth_name *auth_name; 309 310 TAILQ_FOREACH(auth_name, &ag->ag_names, an_next) { 311 if (strcmp(auth_name->an_initator_name, name) == 0) 312 return (auth_name); 313 } 314 315 return (NULL); 316 } 317 318 const struct auth_portal * 319 auth_portal_new(struct auth_group *ag, const char *portal) 320 { 321 struct auth_portal *ap; 322 323 ap = calloc(1, sizeof(*ap)); 324 if (ap == NULL) 325 log_err(1, "calloc"); 326 ap->ap_auth_group = ag; 327 ap->ap_initator_portal = checked_strdup(portal); 328 TAILQ_INSERT_TAIL(&ag->ag_portals, ap, ap_next); 329 return (ap); 330 } 331 332 static void 333 auth_portal_delete(struct auth_portal *ap) 334 { 335 TAILQ_REMOVE(&ap->ap_auth_group->ag_portals, ap, ap_next); 336 337 free(ap->ap_initator_portal); 338 free(ap); 339 } 340 341 bool 342 auth_portal_defined(const struct auth_group *ag) 343 { 344 if (TAILQ_EMPTY(&ag->ag_portals)) 345 return (false); 346 return (true); 347 } 348 349 const struct auth_portal * 350 auth_portal_find(const struct auth_group *ag, const char *portal) 351 { 352 const struct auth_portal *auth_portal; 353 354 TAILQ_FOREACH(auth_portal, &ag->ag_portals, ap_next) { 355 if (strcmp(auth_portal->ap_initator_portal, portal) == 0) 356 return (auth_portal); 357 } 358 359 return (NULL); 360 } 361 362 struct auth_group * 363 auth_group_new(struct conf *conf, const char *name) 364 { 365 struct auth_group *ag; 366 367 if (name != NULL) { 368 ag = auth_group_find(conf, name); 369 if (ag != NULL) { 370 log_warnx("duplicated auth-group \"%s\"", name); 371 return (NULL); 372 } 373 } 374 375 ag = calloc(1, sizeof(*ag)); 376 if (ag == NULL) 377 log_err(1, "calloc"); 378 if (name != NULL) 379 ag->ag_name = checked_strdup(name); 380 TAILQ_INIT(&ag->ag_auths); 381 TAILQ_INIT(&ag->ag_names); 382 TAILQ_INIT(&ag->ag_portals); 383 ag->ag_conf = conf; 384 TAILQ_INSERT_TAIL(&conf->conf_auth_groups, ag, ag_next); 385 386 return (ag); 387 } 388 389 void 390 auth_group_delete(struct auth_group *ag) 391 { 392 struct auth *auth, *auth_tmp; 393 struct auth_name *auth_name, *auth_name_tmp; 394 struct auth_portal *auth_portal, *auth_portal_tmp; 395 396 TAILQ_REMOVE(&ag->ag_conf->conf_auth_groups, ag, ag_next); 397 398 TAILQ_FOREACH_SAFE(auth, &ag->ag_auths, a_next, auth_tmp) 399 auth_delete(auth); 400 TAILQ_FOREACH_SAFE(auth_name, &ag->ag_names, an_next, auth_name_tmp) 401 auth_name_delete(auth_name); 402 TAILQ_FOREACH_SAFE(auth_portal, &ag->ag_portals, ap_next, 403 auth_portal_tmp) 404 auth_portal_delete(auth_portal); 405 free(ag->ag_name); 406 free(ag); 407 } 408 409 struct auth_group * 410 auth_group_find(const struct conf *conf, const char *name) 411 { 412 struct auth_group *ag; 413 414 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) { 415 if (ag->ag_name != NULL && strcmp(ag->ag_name, name) == 0) 416 return (ag); 417 } 418 419 return (NULL); 420 } 421 422 static int 423 auth_group_set_type(struct auth_group *ag, int type) 424 { 425 426 if (ag->ag_type == AG_TYPE_UNKNOWN) { 427 ag->ag_type = type; 428 return (0); 429 } 430 431 if (ag->ag_type == type) 432 return (0); 433 434 return (1); 435 } 436 437 int 438 auth_group_set_type_str(struct auth_group *ag, const char *str) 439 { 440 int error, type; 441 442 if (strcmp(str, "none") == 0) { 443 type = AG_TYPE_NO_AUTHENTICATION; 444 } else if (strcmp(str, "deny") == 0) { 445 type = AG_TYPE_DENY; 446 } else if (strcmp(str, "chap") == 0) { 447 type = AG_TYPE_CHAP; 448 } else if (strcmp(str, "chap-mutual") == 0) { 449 type = AG_TYPE_CHAP_MUTUAL; 450 } else { 451 if (ag->ag_name != NULL) 452 log_warnx("invalid auth-type \"%s\" for auth-group " 453 "\"%s\"", str, ag->ag_name); 454 else 455 log_warnx("invalid auth-type \"%s\" for target " 456 "\"%s\"", str, ag->ag_target->t_name); 457 return (1); 458 } 459 460 error = auth_group_set_type(ag, type); 461 if (error != 0) { 462 if (ag->ag_name != NULL) 463 log_warnx("cannot set auth-type to \"%s\" for " 464 "auth-group \"%s\"; already has a different " 465 "type", str, ag->ag_name); 466 else 467 log_warnx("cannot set auth-type to \"%s\" for target " 468 "\"%s\"; already has a different type", 469 str, ag->ag_target->t_name); 470 return (1); 471 } 472 473 return (error); 474 } 475 476 static struct portal * 477 portal_new(struct portal_group *pg) 478 { 479 struct portal *portal; 480 481 portal = calloc(1, sizeof(*portal)); 482 if (portal == NULL) 483 log_err(1, "calloc"); 484 TAILQ_INIT(&portal->p_targets); 485 portal->p_portal_group = pg; 486 TAILQ_INSERT_TAIL(&pg->pg_portals, portal, p_next); 487 return (portal); 488 } 489 490 static void 491 portal_delete(struct portal *portal) 492 { 493 TAILQ_REMOVE(&portal->p_portal_group->pg_portals, portal, p_next); 494 freeaddrinfo(portal->p_ai); 495 free(portal->p_listen); 496 free(portal); 497 } 498 499 struct portal_group * 500 portal_group_new(struct conf *conf, const char *name) 501 { 502 struct portal_group *pg; 503 504 pg = portal_group_find(conf, name); 505 if (pg != NULL) { 506 log_warnx("duplicated portal-group \"%s\"", name); 507 return (NULL); 508 } 509 510 pg = calloc(1, sizeof(*pg)); 511 if (pg == NULL) 512 log_err(1, "calloc"); 513 pg->pg_name = checked_strdup(name); 514 TAILQ_INIT(&pg->pg_portals); 515 pg->pg_conf = conf; 516 conf->conf_last_portal_group_tag++; 517 pg->pg_tag = conf->conf_last_portal_group_tag; 518 TAILQ_INSERT_TAIL(&conf->conf_portal_groups, pg, pg_next); 519 520 return (pg); 521 } 522 523 void 524 portal_group_delete(struct portal_group *pg) 525 { 526 struct portal *portal, *tmp; 527 528 TAILQ_REMOVE(&pg->pg_conf->conf_portal_groups, pg, pg_next); 529 530 TAILQ_FOREACH_SAFE(portal, &pg->pg_portals, p_next, tmp) 531 portal_delete(portal); 532 free(pg->pg_name); 533 free(pg); 534 } 535 536 struct portal_group * 537 portal_group_find(const struct conf *conf, const char *name) 538 { 539 struct portal_group *pg; 540 541 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 542 if (strcmp(pg->pg_name, name) == 0) 543 return (pg); 544 } 545 546 return (NULL); 547 } 548 549 int 550 portal_group_add_listen(struct portal_group *pg, const char *value, bool iser) 551 { 552 struct addrinfo hints; 553 struct portal *portal; 554 char *addr, *ch, *arg; 555 const char *port; 556 int error, colons = 0; 557 558 portal = portal_new(pg); 559 portal->p_listen = checked_strdup(value); 560 portal->p_iser = iser; 561 562 arg = portal->p_listen; 563 if (arg[0] == '\0') { 564 log_warnx("empty listen address"); 565 free(portal->p_listen); 566 free(portal); 567 return (1); 568 } 569 if (arg[0] == '[') { 570 /* 571 * IPv6 address in square brackets, perhaps with port. 572 */ 573 arg++; 574 addr = strsep(&arg, "]"); 575 if (arg == NULL) { 576 log_warnx("invalid listen address %s", 577 portal->p_listen); 578 free(portal->p_listen); 579 free(portal); 580 return (1); 581 } 582 if (arg[0] == '\0') { 583 port = "3260"; 584 } else if (arg[0] == ':') { 585 port = arg + 1; 586 } else { 587 log_warnx("invalid listen address %s", 588 portal->p_listen); 589 free(portal->p_listen); 590 free(portal); 591 return (1); 592 } 593 } else { 594 /* 595 * Either IPv6 address without brackets - and without 596 * a port - or IPv4 address. Just count the colons. 597 */ 598 for (ch = arg; *ch != '\0'; ch++) { 599 if (*ch == ':') 600 colons++; 601 } 602 if (colons > 1) { 603 addr = arg; 604 port = "3260"; 605 } else { 606 addr = strsep(&arg, ":"); 607 if (arg == NULL) 608 port = "3260"; 609 else 610 port = arg; 611 } 612 } 613 614 memset(&hints, 0, sizeof(hints)); 615 hints.ai_family = PF_UNSPEC; 616 hints.ai_socktype = SOCK_STREAM; 617 hints.ai_flags = AI_PASSIVE; 618 619 error = getaddrinfo(addr, port, &hints, &portal->p_ai); 620 if (error != 0) { 621 log_warnx("getaddrinfo for %s failed: %s", 622 portal->p_listen, gai_strerror(error)); 623 free(portal->p_listen); 624 free(portal); 625 return (1); 626 } 627 628 /* 629 * XXX: getaddrinfo(3) may return multiple addresses; we should turn 630 * those into multiple portals. 631 */ 632 633 return (0); 634 } 635 636 static bool 637 valid_hex(const char ch) 638 { 639 switch (ch) { 640 case '0': 641 case '1': 642 case '2': 643 case '3': 644 case '4': 645 case '5': 646 case '6': 647 case '7': 648 case '8': 649 case '9': 650 case 'a': 651 case 'A': 652 case 'b': 653 case 'B': 654 case 'c': 655 case 'C': 656 case 'd': 657 case 'D': 658 case 'e': 659 case 'E': 660 case 'f': 661 case 'F': 662 return (true); 663 default: 664 return (false); 665 } 666 } 667 668 bool 669 valid_iscsi_name(const char *name) 670 { 671 int i; 672 673 if (strlen(name) >= MAX_NAME_LEN) { 674 log_warnx("overlong name for target \"%s\"; max length allowed " 675 "by iSCSI specification is %d characters", 676 name, MAX_NAME_LEN); 677 return (false); 678 } 679 680 /* 681 * In the cases below, we don't return an error, just in case the admin 682 * was right, and we're wrong. 683 */ 684 if (strncasecmp(name, "iqn.", strlen("iqn.")) == 0) { 685 for (i = strlen("iqn."); name[i] != '\0'; i++) { 686 /* 687 * XXX: We should verify UTF-8 normalisation, as defined 688 * by 3.2.6.2: iSCSI Name Encoding. 689 */ 690 if (isalnum(name[i])) 691 continue; 692 if (name[i] == '-' || name[i] == '.' || name[i] == ':') 693 continue; 694 log_warnx("invalid character \"%c\" in target name " 695 "\"%s\"; allowed characters are letters, digits, " 696 "'-', '.', and ':'", name[i], name); 697 break; 698 } 699 /* 700 * XXX: Check more stuff: valid date and a valid reversed domain. 701 */ 702 } else if (strncasecmp(name, "eui.", strlen("eui.")) == 0) { 703 if (strlen(name) != strlen("eui.") + 16) 704 log_warnx("invalid target name \"%s\"; the \"eui.\" " 705 "should be followed by exactly 16 hexadecimal " 706 "digits", name); 707 for (i = strlen("eui."); name[i] != '\0'; i++) { 708 if (!valid_hex(name[i])) { 709 log_warnx("invalid character \"%c\" in target " 710 "name \"%s\"; allowed characters are 1-9 " 711 "and A-F", name[i], name); 712 break; 713 } 714 } 715 } else if (strncasecmp(name, "naa.", strlen("naa.")) == 0) { 716 if (strlen(name) > strlen("naa.") + 32) 717 log_warnx("invalid target name \"%s\"; the \"naa.\" " 718 "should be followed by at most 32 hexadecimal " 719 "digits", name); 720 for (i = strlen("naa."); name[i] != '\0'; i++) { 721 if (!valid_hex(name[i])) { 722 log_warnx("invalid character \"%c\" in target " 723 "name \"%s\"; allowed characters are 1-9 " 724 "and A-F", name[i], name); 725 break; 726 } 727 } 728 } else { 729 log_warnx("invalid target name \"%s\"; should start with " 730 "either \".iqn\", \"eui.\", or \"naa.\"", 731 name); 732 } 733 return (true); 734 } 735 736 struct target * 737 target_new(struct conf *conf, const char *name) 738 { 739 struct target *targ; 740 int i, len; 741 742 targ = target_find(conf, name); 743 if (targ != NULL) { 744 log_warnx("duplicated target \"%s\"", name); 745 return (NULL); 746 } 747 if (valid_iscsi_name(name) == false) { 748 log_warnx("target name \"%s\" is invalid", name); 749 return (NULL); 750 } 751 targ = calloc(1, sizeof(*targ)); 752 if (targ == NULL) 753 log_err(1, "calloc"); 754 targ->t_name = checked_strdup(name); 755 756 /* 757 * RFC 3722 requires us to normalize the name to lowercase. 758 */ 759 len = strlen(name); 760 for (i = 0; i < len; i++) 761 targ->t_name[i] = tolower(targ->t_name[i]); 762 763 TAILQ_INIT(&targ->t_luns); 764 targ->t_conf = conf; 765 TAILQ_INSERT_TAIL(&conf->conf_targets, targ, t_next); 766 767 return (targ); 768 } 769 770 void 771 target_delete(struct target *targ) 772 { 773 struct lun *lun, *tmp; 774 775 TAILQ_REMOVE(&targ->t_conf->conf_targets, targ, t_next); 776 777 TAILQ_FOREACH_SAFE(lun, &targ->t_luns, l_next, tmp) 778 lun_delete(lun); 779 free(targ->t_name); 780 free(targ); 781 } 782 783 struct target * 784 target_find(struct conf *conf, const char *name) 785 { 786 struct target *targ; 787 788 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 789 if (strcasecmp(targ->t_name, name) == 0) 790 return (targ); 791 } 792 793 return (NULL); 794 } 795 796 struct lun * 797 lun_new(struct target *targ, int lun_id) 798 { 799 struct lun *lun; 800 801 lun = lun_find(targ, lun_id); 802 if (lun != NULL) { 803 log_warnx("duplicated lun %d for target \"%s\"", 804 lun_id, targ->t_name); 805 return (NULL); 806 } 807 808 lun = calloc(1, sizeof(*lun)); 809 if (lun == NULL) 810 log_err(1, "calloc"); 811 lun->l_lun = lun_id; 812 TAILQ_INIT(&lun->l_options); 813 lun->l_target = targ; 814 TAILQ_INSERT_TAIL(&targ->t_luns, lun, l_next); 815 816 return (lun); 817 } 818 819 void 820 lun_delete(struct lun *lun) 821 { 822 struct lun_option *lo, *tmp; 823 824 TAILQ_REMOVE(&lun->l_target->t_luns, lun, l_next); 825 826 TAILQ_FOREACH_SAFE(lo, &lun->l_options, lo_next, tmp) 827 lun_option_delete(lo); 828 free(lun->l_backend); 829 free(lun->l_device_id); 830 free(lun->l_path); 831 free(lun->l_serial); 832 free(lun); 833 } 834 835 struct lun * 836 lun_find(const struct target *targ, int lun_id) 837 { 838 struct lun *lun; 839 840 TAILQ_FOREACH(lun, &targ->t_luns, l_next) { 841 if (lun->l_lun == lun_id) 842 return (lun); 843 } 844 845 return (NULL); 846 } 847 848 void 849 lun_set_backend(struct lun *lun, const char *value) 850 { 851 free(lun->l_backend); 852 lun->l_backend = checked_strdup(value); 853 } 854 855 void 856 lun_set_blocksize(struct lun *lun, size_t value) 857 { 858 859 lun->l_blocksize = value; 860 } 861 862 void 863 lun_set_device_id(struct lun *lun, const char *value) 864 { 865 free(lun->l_device_id); 866 lun->l_device_id = checked_strdup(value); 867 } 868 869 void 870 lun_set_path(struct lun *lun, const char *value) 871 { 872 free(lun->l_path); 873 lun->l_path = checked_strdup(value); 874 } 875 876 void 877 lun_set_serial(struct lun *lun, const char *value) 878 { 879 free(lun->l_serial); 880 lun->l_serial = checked_strdup(value); 881 } 882 883 void 884 lun_set_size(struct lun *lun, size_t value) 885 { 886 887 lun->l_size = value; 888 } 889 890 void 891 lun_set_ctl_lun(struct lun *lun, uint32_t value) 892 { 893 894 lun->l_ctl_lun = value; 895 } 896 897 struct lun_option * 898 lun_option_new(struct lun *lun, const char *name, const char *value) 899 { 900 struct lun_option *lo; 901 902 lo = lun_option_find(lun, name); 903 if (lo != NULL) { 904 log_warnx("duplicated lun option %s for lun %d, target \"%s\"", 905 name, lun->l_lun, lun->l_target->t_name); 906 return (NULL); 907 } 908 909 lo = calloc(1, sizeof(*lo)); 910 if (lo == NULL) 911 log_err(1, "calloc"); 912 lo->lo_name = checked_strdup(name); 913 lo->lo_value = checked_strdup(value); 914 lo->lo_lun = lun; 915 TAILQ_INSERT_TAIL(&lun->l_options, lo, lo_next); 916 917 return (lo); 918 } 919 920 void 921 lun_option_delete(struct lun_option *lo) 922 { 923 924 TAILQ_REMOVE(&lo->lo_lun->l_options, lo, lo_next); 925 926 free(lo->lo_name); 927 free(lo->lo_value); 928 free(lo); 929 } 930 931 struct lun_option * 932 lun_option_find(const struct lun *lun, const char *name) 933 { 934 struct lun_option *lo; 935 936 TAILQ_FOREACH(lo, &lun->l_options, lo_next) { 937 if (strcmp(lo->lo_name, name) == 0) 938 return (lo); 939 } 940 941 return (NULL); 942 } 943 944 void 945 lun_option_set(struct lun_option *lo, const char *value) 946 { 947 948 free(lo->lo_value); 949 lo->lo_value = checked_strdup(value); 950 } 951 952 static struct connection * 953 connection_new(struct portal *portal, int fd, const char *host) 954 { 955 struct connection *conn; 956 957 conn = calloc(1, sizeof(*conn)); 958 if (conn == NULL) 959 log_err(1, "calloc"); 960 conn->conn_portal = portal; 961 conn->conn_socket = fd; 962 conn->conn_initiator_addr = checked_strdup(host); 963 964 /* 965 * Default values, from RFC 3720, section 12. 966 */ 967 conn->conn_max_data_segment_length = 8192; 968 conn->conn_max_burst_length = 262144; 969 conn->conn_immediate_data = true; 970 971 return (conn); 972 } 973 974 #if 0 975 static void 976 conf_print(struct conf *conf) 977 { 978 struct auth_group *ag; 979 struct auth *auth; 980 struct auth_name *auth_name; 981 struct auth_portal *auth_portal; 982 struct portal_group *pg; 983 struct portal *portal; 984 struct target *targ; 985 struct lun *lun; 986 struct lun_option *lo; 987 988 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) { 989 fprintf(stderr, "auth-group %s {\n", ag->ag_name); 990 TAILQ_FOREACH(auth, &ag->ag_auths, a_next) 991 fprintf(stderr, "\t chap-mutual %s %s %s %s\n", 992 auth->a_user, auth->a_secret, 993 auth->a_mutual_user, auth->a_mutual_secret); 994 TAILQ_FOREACH(auth_name, &ag->ag_names, an_next) 995 fprintf(stderr, "\t initiator-name %s\n", 996 auth_name->an_initator_name); 997 TAILQ_FOREACH(auth_portal, &ag->ag_portals, an_next) 998 fprintf(stderr, "\t initiator-portal %s\n", 999 auth_portal->an_initator_portal); 1000 fprintf(stderr, "}\n"); 1001 } 1002 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 1003 fprintf(stderr, "portal-group %s {\n", pg->pg_name); 1004 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) 1005 fprintf(stderr, "\t listen %s\n", portal->p_listen); 1006 fprintf(stderr, "}\n"); 1007 } 1008 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 1009 fprintf(stderr, "target %s {\n", targ->t_name); 1010 if (targ->t_alias != NULL) 1011 fprintf(stderr, "\t alias %s\n", targ->t_alias); 1012 TAILQ_FOREACH(lun, &targ->t_luns, l_next) { 1013 fprintf(stderr, "\tlun %d {\n", lun->l_lun); 1014 fprintf(stderr, "\t\tpath %s\n", lun->l_path); 1015 TAILQ_FOREACH(lo, &lun->l_options, lo_next) 1016 fprintf(stderr, "\t\toption %s %s\n", 1017 lo->lo_name, lo->lo_value); 1018 fprintf(stderr, "\t}\n"); 1019 } 1020 fprintf(stderr, "}\n"); 1021 } 1022 } 1023 #endif 1024 1025 static int 1026 conf_verify_lun(struct lun *lun) 1027 { 1028 const struct lun *lun2; 1029 const struct target *targ2; 1030 1031 if (lun->l_backend == NULL) 1032 lun_set_backend(lun, "block"); 1033 if (strcmp(lun->l_backend, "block") == 0) { 1034 if (lun->l_path == NULL) { 1035 log_warnx("missing path for lun %d, target \"%s\"", 1036 lun->l_lun, lun->l_target->t_name); 1037 return (1); 1038 } 1039 } else if (strcmp(lun->l_backend, "ramdisk") == 0) { 1040 if (lun->l_size == 0) { 1041 log_warnx("missing size for ramdisk-backed lun %d, " 1042 "target \"%s\"", lun->l_lun, lun->l_target->t_name); 1043 return (1); 1044 } 1045 if (lun->l_path != NULL) { 1046 log_warnx("path must not be specified " 1047 "for ramdisk-backed lun %d, target \"%s\"", 1048 lun->l_lun, lun->l_target->t_name); 1049 return (1); 1050 } 1051 } 1052 if (lun->l_lun < 0 || lun->l_lun > 255) { 1053 log_warnx("invalid lun number for lun %d, target \"%s\"; " 1054 "must be between 0 and 255", lun->l_lun, 1055 lun->l_target->t_name); 1056 return (1); 1057 } 1058 if (lun->l_blocksize == 0) { 1059 lun_set_blocksize(lun, DEFAULT_BLOCKSIZE); 1060 } else if (lun->l_blocksize < 0) { 1061 log_warnx("invalid blocksize for lun %d, target \"%s\"; " 1062 "must be larger than 0", lun->l_lun, lun->l_target->t_name); 1063 return (1); 1064 } 1065 if (lun->l_size != 0 && lun->l_size % lun->l_blocksize != 0) { 1066 log_warnx("invalid size for lun %d, target \"%s\"; " 1067 "must be multiple of blocksize", lun->l_lun, 1068 lun->l_target->t_name); 1069 return (1); 1070 } 1071 TAILQ_FOREACH(targ2, &lun->l_target->t_conf->conf_targets, t_next) { 1072 TAILQ_FOREACH(lun2, &targ2->t_luns, l_next) { 1073 if (lun == lun2) 1074 continue; 1075 if (lun->l_path != NULL && lun2->l_path != NULL && 1076 strcmp(lun->l_path, lun2->l_path) == 0) { 1077 log_debugx("WARNING: path \"%s\" duplicated " 1078 "between lun %d, target \"%s\", and " 1079 "lun %d, target \"%s\"", lun->l_path, 1080 lun->l_lun, lun->l_target->t_name, 1081 lun2->l_lun, lun2->l_target->t_name); 1082 } 1083 } 1084 } 1085 1086 return (0); 1087 } 1088 1089 int 1090 conf_verify(struct conf *conf) 1091 { 1092 struct auth_group *ag; 1093 struct portal_group *pg; 1094 struct target *targ; 1095 struct lun *lun; 1096 bool found_lun; 1097 int error; 1098 1099 if (conf->conf_pidfile_path == NULL) 1100 conf->conf_pidfile_path = checked_strdup(DEFAULT_PIDFILE); 1101 1102 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 1103 if (targ->t_auth_group == NULL) { 1104 targ->t_auth_group = auth_group_find(conf, 1105 "default"); 1106 assert(targ->t_auth_group != NULL); 1107 } 1108 if (targ->t_portal_group == NULL) { 1109 targ->t_portal_group = portal_group_find(conf, 1110 "default"); 1111 assert(targ->t_portal_group != NULL); 1112 } 1113 found_lun = false; 1114 TAILQ_FOREACH(lun, &targ->t_luns, l_next) { 1115 error = conf_verify_lun(lun); 1116 if (error != 0) 1117 return (error); 1118 found_lun = true; 1119 } 1120 if (!found_lun) { 1121 log_warnx("no LUNs defined for target \"%s\"", 1122 targ->t_name); 1123 return (1); 1124 } 1125 } 1126 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 1127 assert(pg->pg_name != NULL); 1128 if (pg->pg_discovery_auth_group == NULL) { 1129 pg->pg_discovery_auth_group = 1130 auth_group_find(conf, "default"); 1131 assert(pg->pg_discovery_auth_group != NULL); 1132 } 1133 1134 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 1135 if (targ->t_portal_group == pg) 1136 break; 1137 } 1138 if (targ == NULL) { 1139 if (strcmp(pg->pg_name, "default") != 0) 1140 log_warnx("portal-group \"%s\" not assigned " 1141 "to any target", pg->pg_name); 1142 pg->pg_unassigned = true; 1143 } else 1144 pg->pg_unassigned = false; 1145 } 1146 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) { 1147 if (ag->ag_name == NULL) 1148 assert(ag->ag_target != NULL); 1149 else 1150 assert(ag->ag_target == NULL); 1151 1152 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 1153 if (targ->t_auth_group == ag) 1154 break; 1155 } 1156 if (targ == NULL && ag->ag_name != NULL && 1157 strcmp(ag->ag_name, "default") != 0 && 1158 strcmp(ag->ag_name, "no-authentication") != 0 && 1159 strcmp(ag->ag_name, "no-access") != 0) { 1160 log_warnx("auth-group \"%s\" not assigned " 1161 "to any target", ag->ag_name); 1162 } 1163 } 1164 1165 return (0); 1166 } 1167 1168 static int 1169 conf_apply(struct conf *oldconf, struct conf *newconf) 1170 { 1171 struct target *oldtarg, *newtarg, *tmptarg; 1172 struct lun *oldlun, *newlun, *tmplun; 1173 struct portal_group *oldpg, *newpg; 1174 struct portal *oldp, *newp; 1175 pid_t otherpid; 1176 int changed, cumulated_error = 0, error; 1177 int one = 1; 1178 1179 if (oldconf->conf_debug != newconf->conf_debug) { 1180 log_debugx("changing debug level to %d", newconf->conf_debug); 1181 log_init(newconf->conf_debug); 1182 } 1183 1184 if (oldconf->conf_pidfh != NULL) { 1185 assert(oldconf->conf_pidfile_path != NULL); 1186 if (newconf->conf_pidfile_path != NULL && 1187 strcmp(oldconf->conf_pidfile_path, 1188 newconf->conf_pidfile_path) == 0) { 1189 newconf->conf_pidfh = oldconf->conf_pidfh; 1190 oldconf->conf_pidfh = NULL; 1191 } else { 1192 log_debugx("removing pidfile %s", 1193 oldconf->conf_pidfile_path); 1194 pidfile_remove(oldconf->conf_pidfh); 1195 oldconf->conf_pidfh = NULL; 1196 } 1197 } 1198 1199 if (newconf->conf_pidfh == NULL && newconf->conf_pidfile_path != NULL) { 1200 log_debugx("opening pidfile %s", newconf->conf_pidfile_path); 1201 newconf->conf_pidfh = 1202 pidfile_open(newconf->conf_pidfile_path, 0600, &otherpid); 1203 if (newconf->conf_pidfh == NULL) { 1204 if (errno == EEXIST) 1205 log_errx(1, "daemon already running, pid: %jd.", 1206 (intmax_t)otherpid); 1207 log_err(1, "cannot open or create pidfile \"%s\"", 1208 newconf->conf_pidfile_path); 1209 } 1210 } 1211 1212 if (oldconf->conf_kernel_port_on != newconf->conf_kernel_port_on) { 1213 if (newconf->conf_kernel_port_on == true) { 1214 log_debugx("enabling CTL iSCSI port"); 1215 error = kernel_port_on(); 1216 if (error != 0) 1217 log_errx(1, "failed to enable CTL iSCSI port; exiting"); 1218 } else { 1219 error = kernel_port_off(); 1220 if (error != 0) 1221 log_warnx("failed to disable CTL iSCSI port"); 1222 } 1223 } 1224 1225 /* 1226 * XXX: If target or lun removal fails, we should somehow "move" 1227 * the old lun or target into newconf, so that subsequent 1228 * conf_apply() would try to remove them again. That would 1229 * be somewhat hairy, though, and lun deletion failures don't 1230 * really happen, so leave it as it is for now. 1231 */ 1232 TAILQ_FOREACH_SAFE(oldtarg, &oldconf->conf_targets, t_next, tmptarg) { 1233 /* 1234 * First, remove any targets present in the old configuration 1235 * and missing in the new one. 1236 */ 1237 newtarg = target_find(newconf, oldtarg->t_name); 1238 if (newtarg == NULL) { 1239 TAILQ_FOREACH_SAFE(oldlun, &oldtarg->t_luns, l_next, 1240 tmplun) { 1241 log_debugx("target %s not found in new " 1242 "configuration; removing its lun %d, " 1243 "backed by CTL lun %d", 1244 oldtarg->t_name, oldlun->l_lun, 1245 oldlun->l_ctl_lun); 1246 error = kernel_lun_remove(oldlun); 1247 if (error != 0) { 1248 log_warnx("failed to remove lun %d, " 1249 "target %s, CTL lun %d", 1250 oldlun->l_lun, oldtarg->t_name, 1251 oldlun->l_ctl_lun); 1252 cumulated_error++; 1253 } 1254 lun_delete(oldlun); 1255 } 1256 target_delete(oldtarg); 1257 continue; 1258 } 1259 1260 /* 1261 * Second, remove any LUNs present in the old target 1262 * and missing in the new one. 1263 */ 1264 TAILQ_FOREACH_SAFE(oldlun, &oldtarg->t_luns, l_next, tmplun) { 1265 newlun = lun_find(newtarg, oldlun->l_lun); 1266 if (newlun == NULL) { 1267 log_debugx("lun %d, target %s, CTL lun %d " 1268 "not found in new configuration; " 1269 "removing", oldlun->l_lun, oldtarg->t_name, 1270 oldlun->l_ctl_lun); 1271 error = kernel_lun_remove(oldlun); 1272 if (error != 0) { 1273 log_warnx("failed to remove lun %d, " 1274 "target %s, CTL lun %d", 1275 oldlun->l_lun, oldtarg->t_name, 1276 oldlun->l_ctl_lun); 1277 cumulated_error++; 1278 } 1279 lun_delete(oldlun); 1280 continue; 1281 } 1282 1283 /* 1284 * Also remove the LUNs changed by more than size. 1285 */ 1286 changed = 0; 1287 assert(oldlun->l_backend != NULL); 1288 assert(newlun->l_backend != NULL); 1289 if (strcmp(newlun->l_backend, oldlun->l_backend) != 0) { 1290 log_debugx("backend for lun %d, target %s, " 1291 "CTL lun %d changed; removing", 1292 oldlun->l_lun, oldtarg->t_name, 1293 oldlun->l_ctl_lun); 1294 changed = 1; 1295 } 1296 if (oldlun->l_blocksize != newlun->l_blocksize) { 1297 log_debugx("blocksize for lun %d, target %s, " 1298 "CTL lun %d changed; removing", 1299 oldlun->l_lun, oldtarg->t_name, 1300 oldlun->l_ctl_lun); 1301 changed = 1; 1302 } 1303 if (newlun->l_device_id != NULL && 1304 (oldlun->l_device_id == NULL || 1305 strcmp(oldlun->l_device_id, newlun->l_device_id) != 1306 0)) { 1307 log_debugx("device-id for lun %d, target %s, " 1308 "CTL lun %d changed; removing", 1309 oldlun->l_lun, oldtarg->t_name, 1310 oldlun->l_ctl_lun); 1311 changed = 1; 1312 } 1313 if (newlun->l_path != NULL && 1314 (oldlun->l_path == NULL || 1315 strcmp(oldlun->l_path, newlun->l_path) != 0)) { 1316 log_debugx("path for lun %d, target %s, " 1317 "CTL lun %d, changed; removing", 1318 oldlun->l_lun, oldtarg->t_name, 1319 oldlun->l_ctl_lun); 1320 changed = 1; 1321 } 1322 if (newlun->l_serial != NULL && 1323 (oldlun->l_serial == NULL || 1324 strcmp(oldlun->l_serial, newlun->l_serial) != 0)) { 1325 log_debugx("serial for lun %d, target %s, " 1326 "CTL lun %d changed; removing", 1327 oldlun->l_lun, oldtarg->t_name, 1328 oldlun->l_ctl_lun); 1329 changed = 1; 1330 } 1331 if (changed) { 1332 error = kernel_lun_remove(oldlun); 1333 if (error != 0) { 1334 log_warnx("failed to remove lun %d, " 1335 "target %s, CTL lun %d", 1336 oldlun->l_lun, oldtarg->t_name, 1337 oldlun->l_ctl_lun); 1338 cumulated_error++; 1339 } 1340 lun_delete(oldlun); 1341 continue; 1342 } 1343 1344 lun_set_ctl_lun(newlun, oldlun->l_ctl_lun); 1345 } 1346 } 1347 1348 /* 1349 * Now add new targets or modify existing ones. 1350 */ 1351 TAILQ_FOREACH(newtarg, &newconf->conf_targets, t_next) { 1352 oldtarg = target_find(oldconf, newtarg->t_name); 1353 1354 TAILQ_FOREACH_SAFE(newlun, &newtarg->t_luns, l_next, tmplun) { 1355 if (oldtarg != NULL) { 1356 oldlun = lun_find(oldtarg, newlun->l_lun); 1357 if (oldlun != NULL) { 1358 if (newlun->l_size != oldlun->l_size) { 1359 log_debugx("resizing lun %d, " 1360 "target %s, CTL lun %d", 1361 newlun->l_lun, 1362 newtarg->t_name, 1363 newlun->l_ctl_lun); 1364 error = 1365 kernel_lun_resize(newlun); 1366 if (error != 0) { 1367 log_warnx("failed to " 1368 "resize lun %d, " 1369 "target %s, " 1370 "CTL lun %d", 1371 newlun->l_lun, 1372 newtarg->t_name, 1373 newlun->l_lun); 1374 cumulated_error++; 1375 } 1376 } 1377 continue; 1378 } 1379 } 1380 log_debugx("adding lun %d, target %s", 1381 newlun->l_lun, newtarg->t_name); 1382 error = kernel_lun_add(newlun); 1383 if (error != 0) { 1384 log_warnx("failed to add lun %d, target %s", 1385 newlun->l_lun, newtarg->t_name); 1386 lun_delete(newlun); 1387 cumulated_error++; 1388 } 1389 } 1390 } 1391 1392 /* 1393 * Go through the new portals, opening the sockets as neccessary. 1394 */ 1395 TAILQ_FOREACH(newpg, &newconf->conf_portal_groups, pg_next) { 1396 if (newpg->pg_unassigned) { 1397 log_debugx("not listening on portal-group \"%s\", " 1398 "not assigned to any target", 1399 newpg->pg_name); 1400 continue; 1401 } 1402 TAILQ_FOREACH(newp, &newpg->pg_portals, p_next) { 1403 /* 1404 * Try to find already open portal and reuse 1405 * the listening socket. We don't care about 1406 * what portal or portal group that was, what 1407 * matters is the listening address. 1408 */ 1409 TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups, 1410 pg_next) { 1411 TAILQ_FOREACH(oldp, &oldpg->pg_portals, 1412 p_next) { 1413 if (strcmp(newp->p_listen, 1414 oldp->p_listen) == 0 && 1415 oldp->p_socket > 0) { 1416 newp->p_socket = 1417 oldp->p_socket; 1418 oldp->p_socket = 0; 1419 break; 1420 } 1421 } 1422 } 1423 if (newp->p_socket > 0) { 1424 /* 1425 * We're done with this portal. 1426 */ 1427 continue; 1428 } 1429 1430 #ifdef ICL_KERNEL_PROXY 1431 if (proxy_mode) { 1432 newpg->pg_conf->conf_portal_id++; 1433 newp->p_id = newpg->pg_conf->conf_portal_id; 1434 log_debugx("listening on %s, portal-group " 1435 "\"%s\", portal id %d, using ICL proxy", 1436 newp->p_listen, newpg->pg_name, newp->p_id); 1437 kernel_listen(newp->p_ai, newp->p_iser, 1438 newp->p_id); 1439 continue; 1440 } 1441 #endif 1442 assert(proxy_mode == false); 1443 assert(newp->p_iser == false); 1444 1445 log_debugx("listening on %s, portal-group \"%s\"", 1446 newp->p_listen, newpg->pg_name); 1447 newp->p_socket = socket(newp->p_ai->ai_family, 1448 newp->p_ai->ai_socktype, 1449 newp->p_ai->ai_protocol); 1450 if (newp->p_socket < 0) { 1451 log_warn("socket(2) failed for %s", 1452 newp->p_listen); 1453 cumulated_error++; 1454 continue; 1455 } 1456 error = setsockopt(newp->p_socket, SOL_SOCKET, 1457 SO_REUSEADDR, &one, sizeof(one)); 1458 if (error != 0) { 1459 log_warn("setsockopt(SO_REUSEADDR) failed " 1460 "for %s", newp->p_listen); 1461 close(newp->p_socket); 1462 newp->p_socket = 0; 1463 cumulated_error++; 1464 continue; 1465 } 1466 error = bind(newp->p_socket, newp->p_ai->ai_addr, 1467 newp->p_ai->ai_addrlen); 1468 if (error != 0) { 1469 log_warn("bind(2) failed for %s", 1470 newp->p_listen); 1471 close(newp->p_socket); 1472 newp->p_socket = 0; 1473 cumulated_error++; 1474 continue; 1475 } 1476 error = listen(newp->p_socket, -1); 1477 if (error != 0) { 1478 log_warn("listen(2) failed for %s", 1479 newp->p_listen); 1480 close(newp->p_socket); 1481 newp->p_socket = 0; 1482 cumulated_error++; 1483 continue; 1484 } 1485 } 1486 } 1487 1488 /* 1489 * Go through the no longer used sockets, closing them. 1490 */ 1491 TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups, pg_next) { 1492 TAILQ_FOREACH(oldp, &oldpg->pg_portals, p_next) { 1493 if (oldp->p_socket <= 0) 1494 continue; 1495 log_debugx("closing socket for %s, portal-group \"%s\"", 1496 oldp->p_listen, oldpg->pg_name); 1497 close(oldp->p_socket); 1498 oldp->p_socket = 0; 1499 } 1500 } 1501 1502 return (cumulated_error); 1503 } 1504 1505 bool 1506 timed_out(void) 1507 { 1508 1509 return (sigalrm_received); 1510 } 1511 1512 static void 1513 sigalrm_handler(int dummy __unused) 1514 { 1515 /* 1516 * It would be easiest to just log an error and exit. We can't 1517 * do this, though, because log_errx() is not signal safe, since 1518 * it calls syslog(3). Instead, set a flag checked by pdu_send() 1519 * and pdu_receive(), to call log_errx() there. Should they fail 1520 * to notice, we'll exit here one second later. 1521 */ 1522 if (sigalrm_received) { 1523 /* 1524 * Oh well. Just give up and quit. 1525 */ 1526 _exit(2); 1527 } 1528 1529 sigalrm_received = true; 1530 } 1531 1532 static void 1533 set_timeout(const struct conf *conf) 1534 { 1535 struct sigaction sa; 1536 struct itimerval itv; 1537 int error; 1538 1539 if (conf->conf_timeout <= 0) { 1540 log_debugx("session timeout disabled"); 1541 return; 1542 } 1543 1544 bzero(&sa, sizeof(sa)); 1545 sa.sa_handler = sigalrm_handler; 1546 sigfillset(&sa.sa_mask); 1547 error = sigaction(SIGALRM, &sa, NULL); 1548 if (error != 0) 1549 log_err(1, "sigaction"); 1550 1551 /* 1552 * First SIGALRM will arive after conf_timeout seconds. 1553 * If we do nothing, another one will arrive a second later. 1554 */ 1555 bzero(&itv, sizeof(itv)); 1556 itv.it_interval.tv_sec = 1; 1557 itv.it_value.tv_sec = conf->conf_timeout; 1558 1559 log_debugx("setting session timeout to %d seconds", 1560 conf->conf_timeout); 1561 error = setitimer(ITIMER_REAL, &itv, NULL); 1562 if (error != 0) 1563 log_err(1, "setitimer"); 1564 } 1565 1566 static int 1567 wait_for_children(bool block) 1568 { 1569 pid_t pid; 1570 int status; 1571 int num = 0; 1572 1573 for (;;) { 1574 /* 1575 * If "block" is true, wait for at least one process. 1576 */ 1577 if (block && num == 0) 1578 pid = wait4(-1, &status, 0, NULL); 1579 else 1580 pid = wait4(-1, &status, WNOHANG, NULL); 1581 if (pid <= 0) 1582 break; 1583 if (WIFSIGNALED(status)) { 1584 log_warnx("child process %d terminated with signal %d", 1585 pid, WTERMSIG(status)); 1586 } else if (WEXITSTATUS(status) != 0) { 1587 log_warnx("child process %d terminated with exit status %d", 1588 pid, WEXITSTATUS(status)); 1589 } else { 1590 log_debugx("child process %d terminated gracefully", pid); 1591 } 1592 num++; 1593 } 1594 1595 return (num); 1596 } 1597 1598 static void 1599 handle_connection(struct portal *portal, int fd, 1600 const struct sockaddr *client_sa, socklen_t client_salen, bool dont_fork) 1601 { 1602 struct connection *conn; 1603 int error; 1604 pid_t pid; 1605 char host[NI_MAXHOST + 1]; 1606 struct conf *conf; 1607 1608 conf = portal->p_portal_group->pg_conf; 1609 1610 if (dont_fork) { 1611 log_debugx("incoming connection; not forking due to -d flag"); 1612 } else { 1613 nchildren -= wait_for_children(false); 1614 assert(nchildren >= 0); 1615 1616 while (conf->conf_maxproc > 0 && nchildren >= conf->conf_maxproc) { 1617 log_debugx("maxproc limit of %d child processes hit; " 1618 "waiting for child process to exit", conf->conf_maxproc); 1619 nchildren -= wait_for_children(true); 1620 assert(nchildren >= 0); 1621 } 1622 log_debugx("incoming connection; forking child process #%d", 1623 nchildren); 1624 nchildren++; 1625 pid = fork(); 1626 if (pid < 0) 1627 log_err(1, "fork"); 1628 if (pid > 0) { 1629 close(fd); 1630 return; 1631 } 1632 } 1633 pidfile_close(conf->conf_pidfh); 1634 1635 error = getnameinfo(client_sa, client_salen, 1636 host, sizeof(host), NULL, 0, NI_NUMERICHOST); 1637 if (error != 0) 1638 log_errx(1, "getnameinfo: %s", gai_strerror(error)); 1639 1640 log_debugx("accepted connection from %s; portal group \"%s\"", 1641 host, portal->p_portal_group->pg_name); 1642 log_set_peer_addr(host); 1643 setproctitle("%s", host); 1644 1645 conn = connection_new(portal, fd, host); 1646 set_timeout(conf); 1647 kernel_capsicate(); 1648 login(conn); 1649 if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) { 1650 kernel_handoff(conn); 1651 log_debugx("connection handed off to the kernel"); 1652 } else { 1653 assert(conn->conn_session_type == CONN_SESSION_TYPE_DISCOVERY); 1654 discovery(conn); 1655 } 1656 log_debugx("nothing more to do; exiting"); 1657 exit(0); 1658 } 1659 1660 static int 1661 fd_add(int fd, fd_set *fdset, int nfds) 1662 { 1663 1664 /* 1665 * Skip sockets which we failed to bind. 1666 */ 1667 if (fd <= 0) 1668 return (nfds); 1669 1670 FD_SET(fd, fdset); 1671 if (fd > nfds) 1672 nfds = fd; 1673 return (nfds); 1674 } 1675 1676 static void 1677 main_loop(struct conf *conf, bool dont_fork) 1678 { 1679 struct portal_group *pg; 1680 struct portal *portal; 1681 struct sockaddr_storage client_sa; 1682 socklen_t client_salen; 1683 #ifdef ICL_KERNEL_PROXY 1684 int connection_id; 1685 int portal_id; 1686 #endif 1687 fd_set fdset; 1688 int error, nfds, client_fd; 1689 1690 pidfile_write(conf->conf_pidfh); 1691 1692 for (;;) { 1693 if (sighup_received || sigterm_received) 1694 return; 1695 1696 #ifdef ICL_KERNEL_PROXY 1697 if (proxy_mode) { 1698 client_salen = sizeof(client_sa); 1699 kernel_accept(&connection_id, &portal_id, 1700 (struct sockaddr *)&client_sa, &client_salen); 1701 1702 log_debugx("incoming connection, id %d, portal id %d", 1703 connection_id, portal_id); 1704 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 1705 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) { 1706 if (portal->p_id == portal_id) { 1707 goto found; 1708 } 1709 } 1710 } 1711 1712 log_errx(1, "kernel returned invalid portal_id %d", 1713 portal_id); 1714 1715 found: 1716 handle_connection(portal, connection_id, 1717 (struct sockaddr *)&client_sa, client_salen, 1718 dont_fork); 1719 } else { 1720 #endif 1721 assert(proxy_mode == false); 1722 1723 FD_ZERO(&fdset); 1724 nfds = 0; 1725 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 1726 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) 1727 nfds = fd_add(portal->p_socket, &fdset, nfds); 1728 } 1729 error = select(nfds + 1, &fdset, NULL, NULL, NULL); 1730 if (error <= 0) { 1731 if (errno == EINTR) 1732 return; 1733 log_err(1, "select"); 1734 } 1735 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 1736 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) { 1737 if (!FD_ISSET(portal->p_socket, &fdset)) 1738 continue; 1739 client_salen = sizeof(client_sa); 1740 client_fd = accept(portal->p_socket, 1741 (struct sockaddr *)&client_sa, 1742 &client_salen); 1743 if (client_fd < 0) 1744 log_err(1, "accept"); 1745 handle_connection(portal, client_fd, 1746 (struct sockaddr *)&client_sa, 1747 client_salen, dont_fork); 1748 break; 1749 } 1750 } 1751 #ifdef ICL_KERNEL_PROXY 1752 } 1753 #endif 1754 } 1755 } 1756 1757 static void 1758 sighup_handler(int dummy __unused) 1759 { 1760 1761 sighup_received = true; 1762 } 1763 1764 static void 1765 sigterm_handler(int dummy __unused) 1766 { 1767 1768 sigterm_received = true; 1769 } 1770 1771 static void 1772 sigchld_handler(int dummy __unused) 1773 { 1774 1775 /* 1776 * The only purpose of this handler is to make SIGCHLD 1777 * interrupt the ISCSIDWAIT ioctl(2), so we can call 1778 * wait_for_children(). 1779 */ 1780 } 1781 1782 static void 1783 register_signals(void) 1784 { 1785 struct sigaction sa; 1786 int error; 1787 1788 bzero(&sa, sizeof(sa)); 1789 sa.sa_handler = sighup_handler; 1790 sigfillset(&sa.sa_mask); 1791 error = sigaction(SIGHUP, &sa, NULL); 1792 if (error != 0) 1793 log_err(1, "sigaction"); 1794 1795 sa.sa_handler = sigterm_handler; 1796 error = sigaction(SIGTERM, &sa, NULL); 1797 if (error != 0) 1798 log_err(1, "sigaction"); 1799 1800 sa.sa_handler = sigterm_handler; 1801 error = sigaction(SIGINT, &sa, NULL); 1802 if (error != 0) 1803 log_err(1, "sigaction"); 1804 1805 sa.sa_handler = sigchld_handler; 1806 error = sigaction(SIGCHLD, &sa, NULL); 1807 if (error != 0) 1808 log_err(1, "sigaction"); 1809 } 1810 1811 int 1812 main(int argc, char **argv) 1813 { 1814 struct conf *oldconf, *newconf, *tmpconf; 1815 const char *config_path = DEFAULT_CONFIG_PATH; 1816 int debug = 0, ch, error; 1817 bool dont_daemonize = false; 1818 1819 while ((ch = getopt(argc, argv, "df:R")) != -1) { 1820 switch (ch) { 1821 case 'd': 1822 dont_daemonize = true; 1823 debug++; 1824 break; 1825 case 'f': 1826 config_path = optarg; 1827 break; 1828 case 'R': 1829 #ifndef ICL_KERNEL_PROXY 1830 log_errx(1, "ctld(8) compiled without ICL_KERNEL_PROXY " 1831 "does not support iSER protocol"); 1832 #endif 1833 proxy_mode = true; 1834 break; 1835 case '?': 1836 default: 1837 usage(); 1838 } 1839 } 1840 argc -= optind; 1841 if (argc != 0) 1842 usage(); 1843 1844 log_init(debug); 1845 kernel_init(); 1846 1847 oldconf = conf_new_from_kernel(); 1848 newconf = conf_new_from_file(config_path); 1849 if (newconf == NULL) 1850 log_errx(1, "configuration error; exiting"); 1851 if (debug > 0) { 1852 oldconf->conf_debug = debug; 1853 newconf->conf_debug = debug; 1854 } 1855 1856 error = conf_apply(oldconf, newconf); 1857 if (error != 0) 1858 log_errx(1, "failed to apply configuration; exiting"); 1859 1860 conf_delete(oldconf); 1861 oldconf = NULL; 1862 1863 register_signals(); 1864 1865 if (dont_daemonize == false) { 1866 log_debugx("daemonizing"); 1867 if (daemon(0, 0) == -1) { 1868 log_warn("cannot daemonize"); 1869 pidfile_remove(newconf->conf_pidfh); 1870 exit(1); 1871 } 1872 } 1873 1874 for (;;) { 1875 main_loop(newconf, dont_daemonize); 1876 if (sighup_received) { 1877 sighup_received = false; 1878 log_debugx("received SIGHUP, reloading configuration"); 1879 tmpconf = conf_new_from_file(config_path); 1880 if (tmpconf == NULL) { 1881 log_warnx("configuration error, " 1882 "continuing with old configuration"); 1883 } else { 1884 if (debug > 0) 1885 tmpconf->conf_debug = debug; 1886 oldconf = newconf; 1887 newconf = tmpconf; 1888 error = conf_apply(oldconf, newconf); 1889 if (error != 0) 1890 log_warnx("failed to reload " 1891 "configuration"); 1892 conf_delete(oldconf); 1893 oldconf = NULL; 1894 } 1895 } else if (sigterm_received) { 1896 log_debugx("exiting on signal; " 1897 "reloading empty configuration"); 1898 1899 log_debugx("disabling CTL iSCSI port " 1900 "and terminating all connections"); 1901 1902 oldconf = newconf; 1903 newconf = conf_new(); 1904 if (debug > 0) 1905 newconf->conf_debug = debug; 1906 error = conf_apply(oldconf, newconf); 1907 if (error != 0) 1908 log_warnx("failed to apply configuration"); 1909 1910 log_warnx("exiting on signal"); 1911 exit(0); 1912 } else { 1913 nchildren -= wait_for_children(false); 1914 assert(nchildren >= 0); 1915 } 1916 } 1917 /* NOTREACHED */ 1918 } 1919