xref: /freebsd/usr.sbin/ctld/discovery.c (revision 38d120bc13ac1de5b739b67b87016b9122149374)
1 /*-
2  * Copyright (c) 2012 The FreeBSD Foundation
3  * All rights reserved.
4  *
5  * This software was developed by Edward Tomasz Napierala under sponsorship
6  * from the FreeBSD Foundation.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  *
29  */
30 
31 #include <sys/cdefs.h>
32 __FBSDID("$FreeBSD$");
33 
34 #include <assert.h>
35 #include <stdint.h>
36 #include <stdio.h>
37 #include <stdlib.h>
38 #include <string.h>
39 #include <netinet/in.h>
40 #include <netdb.h>
41 #include <sys/socket.h>
42 
43 #include "ctld.h"
44 #include "iscsi_proto.h"
45 
46 static struct pdu *
47 text_receive(struct connection *conn)
48 {
49 	struct pdu *request;
50 	struct iscsi_bhs_text_request *bhstr;
51 
52 	request = pdu_new(conn);
53 	pdu_receive(request);
54 	if ((request->pdu_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) !=
55 	    ISCSI_BHS_OPCODE_TEXT_REQUEST)
56 		log_errx(1, "protocol error: received invalid opcode 0x%x",
57 		    request->pdu_bhs->bhs_opcode);
58 	bhstr = (struct iscsi_bhs_text_request *)request->pdu_bhs;
59 #if 0
60 	if ((bhstr->bhstr_flags & ISCSI_BHSTR_FLAGS_FINAL) == 0)
61 		log_errx(1, "received Text PDU without the \"F\" flag");
62 #endif
63 	/*
64 	 * XXX: Implement the C flag some day.
65 	 */
66 	if ((bhstr->bhstr_flags & BHSTR_FLAGS_CONTINUE) != 0)
67 		log_errx(1, "received Text PDU with unsupported \"C\" flag");
68 	if (ntohl(bhstr->bhstr_cmdsn) < conn->conn_cmdsn) {
69 		log_errx(1, "received Text PDU with decreasing CmdSN: "
70 		    "was %d, is %d", conn->conn_cmdsn, ntohl(bhstr->bhstr_cmdsn));
71 	}
72 	if (ntohl(bhstr->bhstr_expstatsn) != conn->conn_statsn) {
73 		log_errx(1, "received Text PDU with wrong StatSN: "
74 		    "is %d, should be %d", ntohl(bhstr->bhstr_expstatsn),
75 		    conn->conn_statsn);
76 	}
77 	conn->conn_cmdsn = ntohl(bhstr->bhstr_cmdsn);
78 
79 	return (request);
80 }
81 
82 static struct pdu *
83 text_new_response(struct pdu *request)
84 {
85 	struct pdu *response;
86 	struct connection *conn;
87 	struct iscsi_bhs_text_request *bhstr;
88 	struct iscsi_bhs_text_response *bhstr2;
89 
90 	bhstr = (struct iscsi_bhs_text_request *)request->pdu_bhs;
91 	conn = request->pdu_connection;
92 
93 	response = pdu_new_response(request);
94 	bhstr2 = (struct iscsi_bhs_text_response *)response->pdu_bhs;
95 	bhstr2->bhstr_opcode = ISCSI_BHS_OPCODE_TEXT_RESPONSE;
96 	bhstr2->bhstr_flags = BHSTR_FLAGS_FINAL;
97 	bhstr2->bhstr_lun = bhstr->bhstr_lun;
98 	bhstr2->bhstr_initiator_task_tag = bhstr->bhstr_initiator_task_tag;
99 	bhstr2->bhstr_target_transfer_tag = bhstr->bhstr_target_transfer_tag;
100 	bhstr2->bhstr_statsn = htonl(conn->conn_statsn++);
101 	bhstr2->bhstr_expcmdsn = htonl(conn->conn_cmdsn);
102 	bhstr2->bhstr_maxcmdsn = htonl(conn->conn_cmdsn);
103 
104 	return (response);
105 }
106 
107 static struct pdu *
108 logout_receive(struct connection *conn)
109 {
110 	struct pdu *request;
111 	struct iscsi_bhs_logout_request *bhslr;
112 
113 	request = pdu_new(conn);
114 	pdu_receive(request);
115 	if ((request->pdu_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) !=
116 	    ISCSI_BHS_OPCODE_LOGOUT_REQUEST)
117 		log_errx(1, "protocol error: received invalid opcode 0x%x",
118 		    request->pdu_bhs->bhs_opcode);
119 	bhslr = (struct iscsi_bhs_logout_request *)request->pdu_bhs;
120 	if ((bhslr->bhslr_reason & 0x7f) != BHSLR_REASON_CLOSE_SESSION)
121 		log_debugx("received Logout PDU with invalid reason 0x%x; "
122 		    "continuing anyway", bhslr->bhslr_reason & 0x7f);
123 	if (ntohl(bhslr->bhslr_cmdsn) < conn->conn_cmdsn) {
124 		log_errx(1, "received Logout PDU with decreasing CmdSN: "
125 		    "was %d, is %d", conn->conn_cmdsn,
126 		    ntohl(bhslr->bhslr_cmdsn));
127 	}
128 	if (ntohl(bhslr->bhslr_expstatsn) != conn->conn_statsn) {
129 		log_errx(1, "received Logout PDU with wrong StatSN: "
130 		    "is %d, should be %d", ntohl(bhslr->bhslr_expstatsn),
131 		    conn->conn_statsn);
132 	}
133 	conn->conn_cmdsn = ntohl(bhslr->bhslr_cmdsn);
134 
135 	return (request);
136 }
137 
138 static struct pdu *
139 logout_new_response(struct pdu *request)
140 {
141 	struct pdu *response;
142 	struct connection *conn;
143 	struct iscsi_bhs_logout_request *bhslr;
144 	struct iscsi_bhs_logout_response *bhslr2;
145 
146 	bhslr = (struct iscsi_bhs_logout_request *)request->pdu_bhs;
147 	conn = request->pdu_connection;
148 
149 	response = pdu_new_response(request);
150 	bhslr2 = (struct iscsi_bhs_logout_response *)response->pdu_bhs;
151 	bhslr2->bhslr_opcode = ISCSI_BHS_OPCODE_LOGOUT_RESPONSE;
152 	bhslr2->bhslr_flags = 0x80;
153 	bhslr2->bhslr_response = BHSLR_RESPONSE_CLOSED_SUCCESSFULLY;
154 	bhslr2->bhslr_initiator_task_tag = bhslr->bhslr_initiator_task_tag;
155 	bhslr2->bhslr_statsn = htonl(conn->conn_statsn++);
156 	bhslr2->bhslr_expcmdsn = htonl(conn->conn_cmdsn);
157 	bhslr2->bhslr_maxcmdsn = htonl(conn->conn_cmdsn);
158 
159 	return (response);
160 }
161 
162 static void
163 discovery_add_target(struct keys *response_keys, const struct target *targ)
164 {
165 	struct portal *portal;
166 	char *buf;
167 	char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
168 	struct addrinfo *ai;
169 	int ret;
170 
171 	keys_add(response_keys, "TargetName", targ->t_name);
172 	TAILQ_FOREACH(portal, &targ->t_portal_group->pg_portals, p_next) {
173 		ai = portal->p_ai;
174 		ret = getnameinfo(ai->ai_addr, ai->ai_addrlen,
175 		    hbuf, sizeof(hbuf), sbuf, sizeof(sbuf),
176 		    NI_NUMERICHOST | NI_NUMERICSERV);
177 		if (ret != 0) {
178 			log_warnx("getnameinfo: %s", gai_strerror(ret));
179 			continue;
180 		}
181 		switch (ai->ai_addr->sa_family) {
182 		case AF_INET:
183 			if (strcmp(hbuf, "0.0.0.0") == 0)
184 				continue;
185 			ret = asprintf(&buf, "%s:%s,%d", hbuf, sbuf,
186 			    targ->t_portal_group->pg_tag);
187 			break;
188 		case AF_INET6:
189 			if (strcmp(hbuf, "::") == 0)
190 				continue;
191 			ret = asprintf(&buf, "[%s]:%s,%d", hbuf, sbuf,
192 			    targ->t_portal_group->pg_tag);
193 			break;
194 		default:
195 			continue;
196 		}
197 		if (ret <= 0)
198 		    log_err(1, "asprintf");
199 		keys_add(response_keys, "TargetAddress", buf);
200 		free(buf);
201 	}
202 }
203 
204 static bool
205 discovery_target_filtered_out(const struct connection *conn,
206     const struct target *targ)
207 {
208 	const struct auth_group *ag;
209 	const struct portal_group *pg;
210 	const struct auth *auth;
211 	int error;
212 
213 	ag = targ->t_auth_group;
214 	pg = conn->conn_portal->p_portal_group;
215 
216 	assert(pg->pg_discovery_auth_group != PG_FILTER_UNKNOWN);
217 
218 	if (pg->pg_discovery_filter >= PG_FILTER_PORTAL &&
219 	    auth_portal_check(ag, &conn->conn_initiator_sa) != 0) {
220 		log_debugx("initiator does not match initiator portals "
221 		    "allowed for target \"%s\"; skipping", targ->t_name);
222 		return (true);
223 	}
224 
225 	if (pg->pg_discovery_filter >= PG_FILTER_PORTAL_NAME &&
226 	    auth_name_check(ag, conn->conn_initiator_name) != 0) {
227 		log_debugx("initiator does not match initiator names "
228 		    "allowed for target \"%s\"; skipping", targ->t_name);
229 		return (true);
230 	}
231 
232 	if (pg->pg_discovery_filter >= PG_FILTER_PORTAL_NAME_AUTH &&
233 	    ag->ag_type != AG_TYPE_NO_AUTHENTICATION) {
234 		if (conn->conn_chap == NULL) {
235 			assert(pg->pg_discovery_auth_group->ag_type ==
236 			    AG_TYPE_NO_AUTHENTICATION);
237 
238 			log_debugx("initiator didn't authenticate, but target "
239 			    "\"%s\" requires CHAP; skipping", targ->t_name);
240 			return (true);
241 		}
242 
243 		assert(conn->conn_user != NULL);
244 		auth = auth_find(ag, conn->conn_user);
245 		if (auth == NULL) {
246 			log_debugx("CHAP user \"%s\" doesn't match target "
247 			    "\"%s\"; skipping", conn->conn_user, targ->t_name);
248 			return (true);
249 		}
250 
251 		error = chap_authenticate(conn->conn_chap, auth->a_secret);
252 		if (error != 0) {
253 			log_debugx("password for CHAP user \"%s\" doesn't "
254 			    "match target \"%s\"; skipping",
255 			    conn->conn_user, targ->t_name);
256 			return (true);
257 		}
258 	}
259 
260 	return (false);
261 }
262 
263 void
264 discovery(struct connection *conn)
265 {
266 	struct pdu *request, *response;
267 	struct keys *request_keys, *response_keys;
268 	const struct portal_group *pg;
269 	const struct target *targ;
270 	const char *send_targets;
271 
272 	pg = conn->conn_portal->p_portal_group;
273 
274 	log_debugx("beginning discovery session; waiting for Text PDU");
275 	request = text_receive(conn);
276 	request_keys = keys_new();
277 	keys_load(request_keys, request);
278 
279 	send_targets = keys_find(request_keys, "SendTargets");
280 	if (send_targets == NULL)
281 		log_errx(1, "received Text PDU without SendTargets");
282 
283 	response = text_new_response(request);
284 	response_keys = keys_new();
285 
286 	if (strcmp(send_targets, "All") == 0) {
287 		TAILQ_FOREACH(targ, &pg->pg_conf->conf_targets, t_next) {
288 			if (targ->t_portal_group != pg) {
289 				log_debugx("not returning target \"%s\"; "
290 				    "belongs to a different portal group",
291 				    targ->t_name);
292 				continue;
293 			}
294 			if (discovery_target_filtered_out(conn, targ)) {
295 				/* Ignore this target. */
296 				continue;
297 			}
298 			discovery_add_target(response_keys, targ);
299 		}
300 	} else {
301 		targ = target_find(pg->pg_conf, send_targets);
302 		if (targ == NULL) {
303 			log_debugx("initiator requested information on unknown "
304 			    "target \"%s\"; returning nothing", send_targets);
305 		} else {
306 			if (discovery_target_filtered_out(conn, targ)) {
307 				/* Ignore this target. */
308 			} else {
309 				discovery_add_target(response_keys, targ);
310 			}
311 		}
312 	}
313 	keys_save(response_keys, response);
314 
315 	pdu_send(response);
316 	pdu_delete(response);
317 	keys_delete(response_keys);
318 	pdu_delete(request);
319 	keys_delete(request_keys);
320 
321 	log_debugx("done sending targets; waiting for Logout PDU");
322 	request = logout_receive(conn);
323 	response = logout_new_response(request);
324 
325 	pdu_send(response);
326 	pdu_delete(response);
327 	pdu_delete(request);
328 
329 	log_debugx("discovery session done");
330 }
331