xref: /freebsd/usr.sbin/ctld/discovery.c (revision 4e462178745853ecc014c13f82f89cfe39b83e9c)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3  *
4  * Copyright (c) 2012 The FreeBSD Foundation
5  * All rights reserved.
6  *
7  * This software was developed by Edward Tomasz Napierala under sponsorship
8  * from the FreeBSD Foundation.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  *
31  */
32 
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
35 
36 #include <assert.h>
37 #include <stdio.h>
38 #include <stdlib.h>
39 #include <string.h>
40 #include <netinet/in.h>
41 #include <netdb.h>
42 #include <sys/socket.h>
43 
44 #include "ctld.h"
45 #include "iscsi_proto.h"
46 
47 static struct pdu *
48 text_receive(struct connection *conn)
49 {
50 	struct pdu *request;
51 	struct iscsi_bhs_text_request *bhstr;
52 
53 	request = pdu_new(conn);
54 	pdu_receive(request);
55 	if ((request->pdu_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) !=
56 	    ISCSI_BHS_OPCODE_TEXT_REQUEST)
57 		log_errx(1, "protocol error: received invalid opcode 0x%x",
58 		    request->pdu_bhs->bhs_opcode);
59 	bhstr = (struct iscsi_bhs_text_request *)request->pdu_bhs;
60 #if 0
61 	if ((bhstr->bhstr_flags & ISCSI_BHSTR_FLAGS_FINAL) == 0)
62 		log_errx(1, "received Text PDU without the \"F\" flag");
63 #endif
64 	/*
65 	 * XXX: Implement the C flag some day.
66 	 */
67 	if ((bhstr->bhstr_flags & BHSTR_FLAGS_CONTINUE) != 0)
68 		log_errx(1, "received Text PDU with unsupported \"C\" flag");
69 	if (ISCSI_SNLT(ntohl(bhstr->bhstr_cmdsn), conn->conn_cmdsn)) {
70 		log_errx(1, "received Text PDU with decreasing CmdSN: "
71 		    "was %u, is %u", conn->conn_cmdsn, ntohl(bhstr->bhstr_cmdsn));
72 	}
73 	if (ntohl(bhstr->bhstr_expstatsn) != conn->conn_statsn) {
74 		log_errx(1, "received Text PDU with wrong ExpStatSN: "
75 		    "is %u, should be %u", ntohl(bhstr->bhstr_expstatsn),
76 		    conn->conn_statsn);
77 	}
78 	conn->conn_cmdsn = ntohl(bhstr->bhstr_cmdsn);
79 	if ((bhstr->bhstr_opcode & ISCSI_BHS_OPCODE_IMMEDIATE) == 0)
80 		conn->conn_cmdsn++;
81 
82 	return (request);
83 }
84 
85 static struct pdu *
86 text_new_response(struct pdu *request)
87 {
88 	struct pdu *response;
89 	struct connection *conn;
90 	struct iscsi_bhs_text_request *bhstr;
91 	struct iscsi_bhs_text_response *bhstr2;
92 
93 	bhstr = (struct iscsi_bhs_text_request *)request->pdu_bhs;
94 	conn = request->pdu_connection;
95 
96 	response = pdu_new_response(request);
97 	bhstr2 = (struct iscsi_bhs_text_response *)response->pdu_bhs;
98 	bhstr2->bhstr_opcode = ISCSI_BHS_OPCODE_TEXT_RESPONSE;
99 	bhstr2->bhstr_flags = BHSTR_FLAGS_FINAL;
100 	bhstr2->bhstr_lun = bhstr->bhstr_lun;
101 	bhstr2->bhstr_initiator_task_tag = bhstr->bhstr_initiator_task_tag;
102 	bhstr2->bhstr_target_transfer_tag = bhstr->bhstr_target_transfer_tag;
103 	bhstr2->bhstr_statsn = htonl(conn->conn_statsn++);
104 	bhstr2->bhstr_expcmdsn = htonl(conn->conn_cmdsn);
105 	bhstr2->bhstr_maxcmdsn = htonl(conn->conn_cmdsn);
106 
107 	return (response);
108 }
109 
110 static struct pdu *
111 logout_receive(struct connection *conn)
112 {
113 	struct pdu *request;
114 	struct iscsi_bhs_logout_request *bhslr;
115 
116 	request = pdu_new(conn);
117 	pdu_receive(request);
118 	if ((request->pdu_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) !=
119 	    ISCSI_BHS_OPCODE_LOGOUT_REQUEST)
120 		log_errx(1, "protocol error: received invalid opcode 0x%x",
121 		    request->pdu_bhs->bhs_opcode);
122 	bhslr = (struct iscsi_bhs_logout_request *)request->pdu_bhs;
123 	if ((bhslr->bhslr_reason & 0x7f) != BHSLR_REASON_CLOSE_SESSION)
124 		log_debugx("received Logout PDU with invalid reason 0x%x; "
125 		    "continuing anyway", bhslr->bhslr_reason & 0x7f);
126 	if (ISCSI_SNLT(ntohl(bhslr->bhslr_cmdsn), conn->conn_cmdsn)) {
127 		log_errx(1, "received Logout PDU with decreasing CmdSN: "
128 		    "was %u, is %u", conn->conn_cmdsn,
129 		    ntohl(bhslr->bhslr_cmdsn));
130 	}
131 	if (ntohl(bhslr->bhslr_expstatsn) != conn->conn_statsn) {
132 		log_errx(1, "received Logout PDU with wrong ExpStatSN: "
133 		    "is %u, should be %u", ntohl(bhslr->bhslr_expstatsn),
134 		    conn->conn_statsn);
135 	}
136 	conn->conn_cmdsn = ntohl(bhslr->bhslr_cmdsn);
137 	if ((bhslr->bhslr_opcode & ISCSI_BHS_OPCODE_IMMEDIATE) == 0)
138 		conn->conn_cmdsn++;
139 
140 	return (request);
141 }
142 
143 static struct pdu *
144 logout_new_response(struct pdu *request)
145 {
146 	struct pdu *response;
147 	struct connection *conn;
148 	struct iscsi_bhs_logout_request *bhslr;
149 	struct iscsi_bhs_logout_response *bhslr2;
150 
151 	bhslr = (struct iscsi_bhs_logout_request *)request->pdu_bhs;
152 	conn = request->pdu_connection;
153 
154 	response = pdu_new_response(request);
155 	bhslr2 = (struct iscsi_bhs_logout_response *)response->pdu_bhs;
156 	bhslr2->bhslr_opcode = ISCSI_BHS_OPCODE_LOGOUT_RESPONSE;
157 	bhslr2->bhslr_flags = 0x80;
158 	bhslr2->bhslr_response = BHSLR_RESPONSE_CLOSED_SUCCESSFULLY;
159 	bhslr2->bhslr_initiator_task_tag = bhslr->bhslr_initiator_task_tag;
160 	bhslr2->bhslr_statsn = htonl(conn->conn_statsn++);
161 	bhslr2->bhslr_expcmdsn = htonl(conn->conn_cmdsn);
162 	bhslr2->bhslr_maxcmdsn = htonl(conn->conn_cmdsn);
163 
164 	return (response);
165 }
166 
167 static void
168 discovery_add_target(struct keys *response_keys, const struct target *targ)
169 {
170 	struct port *port;
171 	struct portal *portal;
172 	char *buf;
173 	char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
174 	struct addrinfo *ai;
175 	int ret;
176 
177 	keys_add(response_keys, "TargetName", targ->t_name);
178 	TAILQ_FOREACH(port, &targ->t_ports, p_ts) {
179 	    if (port->p_portal_group == NULL)
180 		continue;
181 	    TAILQ_FOREACH(portal, &port->p_portal_group->pg_portals, p_next) {
182 		ai = portal->p_ai;
183 		ret = getnameinfo(ai->ai_addr, ai->ai_addrlen,
184 		    hbuf, sizeof(hbuf), sbuf, sizeof(sbuf),
185 		    NI_NUMERICHOST | NI_NUMERICSERV);
186 		if (ret != 0) {
187 			log_warnx("getnameinfo: %s", gai_strerror(ret));
188 			continue;
189 		}
190 		switch (ai->ai_addr->sa_family) {
191 		case AF_INET:
192 			if (strcmp(hbuf, "0.0.0.0") == 0)
193 				continue;
194 			ret = asprintf(&buf, "%s:%s,%d", hbuf, sbuf,
195 			    port->p_portal_group->pg_tag);
196 			break;
197 		case AF_INET6:
198 			if (strcmp(hbuf, "::") == 0)
199 				continue;
200 			ret = asprintf(&buf, "[%s]:%s,%d", hbuf, sbuf,
201 			    port->p_portal_group->pg_tag);
202 			break;
203 		default:
204 			continue;
205 		}
206 		if (ret <= 0)
207 		    log_err(1, "asprintf");
208 		keys_add(response_keys, "TargetAddress", buf);
209 		free(buf);
210 	    }
211 	}
212 }
213 
214 static bool
215 discovery_target_filtered_out(const struct connection *conn,
216     const struct port *port)
217 {
218 	const struct auth_group *ag;
219 	const struct portal_group *pg;
220 	const struct target *targ;
221 	const struct auth *auth;
222 	int error;
223 
224 	targ = port->p_target;
225 	ag = port->p_auth_group;
226 	if (ag == NULL)
227 		ag = targ->t_auth_group;
228 	pg = conn->conn_portal->p_portal_group;
229 
230 	assert(pg->pg_discovery_auth_group != PG_FILTER_UNKNOWN);
231 
232 	if (pg->pg_discovery_filter >= PG_FILTER_PORTAL &&
233 	    auth_portal_check(ag, &conn->conn_initiator_sa) != 0) {
234 		log_debugx("initiator does not match initiator portals "
235 		    "allowed for target \"%s\"; skipping", targ->t_name);
236 		return (true);
237 	}
238 
239 	if (pg->pg_discovery_filter >= PG_FILTER_PORTAL_NAME &&
240 	    auth_name_check(ag, conn->conn_initiator_name) != 0) {
241 		log_debugx("initiator does not match initiator names "
242 		    "allowed for target \"%s\"; skipping", targ->t_name);
243 		return (true);
244 	}
245 
246 	if (pg->pg_discovery_filter >= PG_FILTER_PORTAL_NAME_AUTH &&
247 	    ag->ag_type != AG_TYPE_NO_AUTHENTICATION) {
248 		if (conn->conn_chap == NULL) {
249 			assert(pg->pg_discovery_auth_group->ag_type ==
250 			    AG_TYPE_NO_AUTHENTICATION);
251 
252 			log_debugx("initiator didn't authenticate, but target "
253 			    "\"%s\" requires CHAP; skipping", targ->t_name);
254 			return (true);
255 		}
256 
257 		assert(conn->conn_user != NULL);
258 		auth = auth_find(ag, conn->conn_user);
259 		if (auth == NULL) {
260 			log_debugx("CHAP user \"%s\" doesn't match target "
261 			    "\"%s\"; skipping", conn->conn_user, targ->t_name);
262 			return (true);
263 		}
264 
265 		error = chap_authenticate(conn->conn_chap, auth->a_secret);
266 		if (error != 0) {
267 			log_debugx("password for CHAP user \"%s\" doesn't "
268 			    "match target \"%s\"; skipping",
269 			    conn->conn_user, targ->t_name);
270 			return (true);
271 		}
272 	}
273 
274 	return (false);
275 }
276 
277 void
278 discovery(struct connection *conn)
279 {
280 	struct pdu *request, *response;
281 	struct keys *request_keys, *response_keys;
282 	const struct port *port;
283 	const struct portal_group *pg;
284 	const char *send_targets;
285 
286 	pg = conn->conn_portal->p_portal_group;
287 
288 	log_debugx("beginning discovery session; waiting for Text PDU");
289 	request = text_receive(conn);
290 	request_keys = keys_new();
291 	keys_load(request_keys, request);
292 
293 	send_targets = keys_find(request_keys, "SendTargets");
294 	if (send_targets == NULL)
295 		log_errx(1, "received Text PDU without SendTargets");
296 
297 	response = text_new_response(request);
298 	response_keys = keys_new();
299 
300 	if (strcmp(send_targets, "All") == 0) {
301 		TAILQ_FOREACH(port, &pg->pg_ports, p_pgs) {
302 			if (discovery_target_filtered_out(conn, port)) {
303 				/* Ignore this target. */
304 				continue;
305 			}
306 			discovery_add_target(response_keys, port->p_target);
307 		}
308 	} else {
309 		port = port_find_in_pg(pg, send_targets);
310 		if (port == NULL) {
311 			log_debugx("initiator requested information on unknown "
312 			    "target \"%s\"; returning nothing", send_targets);
313 		} else {
314 			if (discovery_target_filtered_out(conn, port)) {
315 				/* Ignore this target. */
316 			} else {
317 				discovery_add_target(response_keys, port->p_target);
318 			}
319 		}
320 	}
321 	keys_save(response_keys, response);
322 
323 	pdu_send(response);
324 	pdu_delete(response);
325 	keys_delete(response_keys);
326 	pdu_delete(request);
327 	keys_delete(request_keys);
328 
329 	log_debugx("done sending targets; waiting for Logout PDU");
330 	request = logout_receive(conn);
331 	response = logout_new_response(request);
332 
333 	pdu_send(response);
334 	pdu_delete(response);
335 	pdu_delete(request);
336 
337 	log_debugx("discovery session done");
338 }
339