1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2012 The FreeBSD Foundation 5 * All rights reserved. 6 * 7 * This software was developed by Edward Tomasz Napierala under sponsorship 8 * from the FreeBSD Foundation. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 * 31 */ 32 33 #include <sys/cdefs.h> 34 __FBSDID("$FreeBSD$"); 35 36 #include <assert.h> 37 #include <stdio.h> 38 #include <stdlib.h> 39 #include <string.h> 40 #include <netinet/in.h> 41 #include <netdb.h> 42 #include <sys/socket.h> 43 44 #include "ctld.h" 45 #include "iscsi_proto.h" 46 47 static struct pdu * 48 text_receive(struct connection *conn) 49 { 50 struct pdu *request; 51 struct iscsi_bhs_text_request *bhstr; 52 53 request = pdu_new(conn); 54 pdu_receive(request); 55 if ((request->pdu_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) != 56 ISCSI_BHS_OPCODE_TEXT_REQUEST) 57 log_errx(1, "protocol error: received invalid opcode 0x%x", 58 request->pdu_bhs->bhs_opcode); 59 bhstr = (struct iscsi_bhs_text_request *)request->pdu_bhs; 60 #if 0 61 if ((bhstr->bhstr_flags & ISCSI_BHSTR_FLAGS_FINAL) == 0) 62 log_errx(1, "received Text PDU without the \"F\" flag"); 63 #endif 64 /* 65 * XXX: Implement the C flag some day. 66 */ 67 if ((bhstr->bhstr_flags & BHSTR_FLAGS_CONTINUE) != 0) 68 log_errx(1, "received Text PDU with unsupported \"C\" flag"); 69 if (ISCSI_SNLT(ntohl(bhstr->bhstr_cmdsn), conn->conn_cmdsn)) { 70 log_errx(1, "received Text PDU with decreasing CmdSN: " 71 "was %u, is %u", conn->conn_cmdsn, ntohl(bhstr->bhstr_cmdsn)); 72 } 73 if (ntohl(bhstr->bhstr_expstatsn) != conn->conn_statsn) { 74 log_errx(1, "received Text PDU with wrong ExpStatSN: " 75 "is %u, should be %u", ntohl(bhstr->bhstr_expstatsn), 76 conn->conn_statsn); 77 } 78 conn->conn_cmdsn = ntohl(bhstr->bhstr_cmdsn); 79 if ((bhstr->bhstr_opcode & ISCSI_BHS_OPCODE_IMMEDIATE) == 0) 80 conn->conn_cmdsn++; 81 82 return (request); 83 } 84 85 static struct pdu * 86 text_new_response(struct pdu *request) 87 { 88 struct pdu *response; 89 struct connection *conn; 90 struct iscsi_bhs_text_request *bhstr; 91 struct iscsi_bhs_text_response *bhstr2; 92 93 bhstr = (struct iscsi_bhs_text_request *)request->pdu_bhs; 94 conn = request->pdu_connection; 95 96 response = pdu_new_response(request); 97 bhstr2 = (struct iscsi_bhs_text_response *)response->pdu_bhs; 98 bhstr2->bhstr_opcode = ISCSI_BHS_OPCODE_TEXT_RESPONSE; 99 bhstr2->bhstr_flags = BHSTR_FLAGS_FINAL; 100 bhstr2->bhstr_lun = bhstr->bhstr_lun; 101 bhstr2->bhstr_initiator_task_tag = bhstr->bhstr_initiator_task_tag; 102 bhstr2->bhstr_target_transfer_tag = bhstr->bhstr_target_transfer_tag; 103 bhstr2->bhstr_statsn = htonl(conn->conn_statsn++); 104 bhstr2->bhstr_expcmdsn = htonl(conn->conn_cmdsn); 105 bhstr2->bhstr_maxcmdsn = htonl(conn->conn_cmdsn); 106 107 return (response); 108 } 109 110 static struct pdu * 111 logout_receive(struct connection *conn) 112 { 113 struct pdu *request; 114 struct iscsi_bhs_logout_request *bhslr; 115 116 request = pdu_new(conn); 117 pdu_receive(request); 118 if ((request->pdu_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) != 119 ISCSI_BHS_OPCODE_LOGOUT_REQUEST) 120 log_errx(1, "protocol error: received invalid opcode 0x%x", 121 request->pdu_bhs->bhs_opcode); 122 bhslr = (struct iscsi_bhs_logout_request *)request->pdu_bhs; 123 if ((bhslr->bhslr_reason & 0x7f) != BHSLR_REASON_CLOSE_SESSION) 124 log_debugx("received Logout PDU with invalid reason 0x%x; " 125 "continuing anyway", bhslr->bhslr_reason & 0x7f); 126 if (ISCSI_SNLT(ntohl(bhslr->bhslr_cmdsn), conn->conn_cmdsn)) { 127 log_errx(1, "received Logout PDU with decreasing CmdSN: " 128 "was %u, is %u", conn->conn_cmdsn, 129 ntohl(bhslr->bhslr_cmdsn)); 130 } 131 if (ntohl(bhslr->bhslr_expstatsn) != conn->conn_statsn) { 132 log_errx(1, "received Logout PDU with wrong ExpStatSN: " 133 "is %u, should be %u", ntohl(bhslr->bhslr_expstatsn), 134 conn->conn_statsn); 135 } 136 conn->conn_cmdsn = ntohl(bhslr->bhslr_cmdsn); 137 if ((bhslr->bhslr_opcode & ISCSI_BHS_OPCODE_IMMEDIATE) == 0) 138 conn->conn_cmdsn++; 139 140 return (request); 141 } 142 143 static struct pdu * 144 logout_new_response(struct pdu *request) 145 { 146 struct pdu *response; 147 struct connection *conn; 148 struct iscsi_bhs_logout_request *bhslr; 149 struct iscsi_bhs_logout_response *bhslr2; 150 151 bhslr = (struct iscsi_bhs_logout_request *)request->pdu_bhs; 152 conn = request->pdu_connection; 153 154 response = pdu_new_response(request); 155 bhslr2 = (struct iscsi_bhs_logout_response *)response->pdu_bhs; 156 bhslr2->bhslr_opcode = ISCSI_BHS_OPCODE_LOGOUT_RESPONSE; 157 bhslr2->bhslr_flags = 0x80; 158 bhslr2->bhslr_response = BHSLR_RESPONSE_CLOSED_SUCCESSFULLY; 159 bhslr2->bhslr_initiator_task_tag = bhslr->bhslr_initiator_task_tag; 160 bhslr2->bhslr_statsn = htonl(conn->conn_statsn++); 161 bhslr2->bhslr_expcmdsn = htonl(conn->conn_cmdsn); 162 bhslr2->bhslr_maxcmdsn = htonl(conn->conn_cmdsn); 163 164 return (response); 165 } 166 167 static void 168 discovery_add_target(struct keys *response_keys, const struct target *targ) 169 { 170 struct port *port; 171 struct portal *portal; 172 char *buf; 173 char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV]; 174 struct addrinfo *ai; 175 int ret; 176 177 keys_add(response_keys, "TargetName", targ->t_name); 178 TAILQ_FOREACH(port, &targ->t_ports, p_ts) { 179 if (port->p_portal_group == NULL) 180 continue; 181 TAILQ_FOREACH(portal, &port->p_portal_group->pg_portals, p_next) { 182 ai = portal->p_ai; 183 ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, 184 hbuf, sizeof(hbuf), sbuf, sizeof(sbuf), 185 NI_NUMERICHOST | NI_NUMERICSERV); 186 if (ret != 0) { 187 log_warnx("getnameinfo: %s", gai_strerror(ret)); 188 continue; 189 } 190 switch (ai->ai_addr->sa_family) { 191 case AF_INET: 192 if (strcmp(hbuf, "0.0.0.0") == 0) 193 continue; 194 ret = asprintf(&buf, "%s:%s,%d", hbuf, sbuf, 195 port->p_portal_group->pg_tag); 196 break; 197 case AF_INET6: 198 if (strcmp(hbuf, "::") == 0) 199 continue; 200 ret = asprintf(&buf, "[%s]:%s,%d", hbuf, sbuf, 201 port->p_portal_group->pg_tag); 202 break; 203 default: 204 continue; 205 } 206 if (ret <= 0) 207 log_err(1, "asprintf"); 208 keys_add(response_keys, "TargetAddress", buf); 209 free(buf); 210 } 211 } 212 } 213 214 static bool 215 discovery_target_filtered_out(const struct connection *conn, 216 const struct port *port) 217 { 218 const struct auth_group *ag; 219 const struct portal_group *pg; 220 const struct target *targ; 221 const struct auth *auth; 222 int error; 223 224 targ = port->p_target; 225 ag = port->p_auth_group; 226 if (ag == NULL) 227 ag = targ->t_auth_group; 228 pg = conn->conn_portal->p_portal_group; 229 230 assert(pg->pg_discovery_auth_group != PG_FILTER_UNKNOWN); 231 232 if (pg->pg_discovery_filter >= PG_FILTER_PORTAL && 233 auth_portal_check(ag, &conn->conn_initiator_sa) != 0) { 234 log_debugx("initiator does not match initiator portals " 235 "allowed for target \"%s\"; skipping", targ->t_name); 236 return (true); 237 } 238 239 if (pg->pg_discovery_filter >= PG_FILTER_PORTAL_NAME && 240 auth_name_check(ag, conn->conn_initiator_name) != 0) { 241 log_debugx("initiator does not match initiator names " 242 "allowed for target \"%s\"; skipping", targ->t_name); 243 return (true); 244 } 245 246 if (pg->pg_discovery_filter >= PG_FILTER_PORTAL_NAME_AUTH && 247 ag->ag_type != AG_TYPE_NO_AUTHENTICATION) { 248 if (conn->conn_chap == NULL) { 249 assert(pg->pg_discovery_auth_group->ag_type == 250 AG_TYPE_NO_AUTHENTICATION); 251 252 log_debugx("initiator didn't authenticate, but target " 253 "\"%s\" requires CHAP; skipping", targ->t_name); 254 return (true); 255 } 256 257 assert(conn->conn_user != NULL); 258 auth = auth_find(ag, conn->conn_user); 259 if (auth == NULL) { 260 log_debugx("CHAP user \"%s\" doesn't match target " 261 "\"%s\"; skipping", conn->conn_user, targ->t_name); 262 return (true); 263 } 264 265 error = chap_authenticate(conn->conn_chap, auth->a_secret); 266 if (error != 0) { 267 log_debugx("password for CHAP user \"%s\" doesn't " 268 "match target \"%s\"; skipping", 269 conn->conn_user, targ->t_name); 270 return (true); 271 } 272 } 273 274 return (false); 275 } 276 277 void 278 discovery(struct connection *conn) 279 { 280 struct pdu *request, *response; 281 struct keys *request_keys, *response_keys; 282 const struct port *port; 283 const struct portal_group *pg; 284 const char *send_targets; 285 286 pg = conn->conn_portal->p_portal_group; 287 288 log_debugx("beginning discovery session; waiting for Text PDU"); 289 request = text_receive(conn); 290 request_keys = keys_new(); 291 keys_load(request_keys, request); 292 293 send_targets = keys_find(request_keys, "SendTargets"); 294 if (send_targets == NULL) 295 log_errx(1, "received Text PDU without SendTargets"); 296 297 response = text_new_response(request); 298 response_keys = keys_new(); 299 300 if (strcmp(send_targets, "All") == 0) { 301 TAILQ_FOREACH(port, &pg->pg_ports, p_pgs) { 302 if (discovery_target_filtered_out(conn, port)) { 303 /* Ignore this target. */ 304 continue; 305 } 306 discovery_add_target(response_keys, port->p_target); 307 } 308 } else { 309 port = port_find_in_pg(pg, send_targets); 310 if (port == NULL) { 311 log_debugx("initiator requested information on unknown " 312 "target \"%s\"; returning nothing", send_targets); 313 } else { 314 if (discovery_target_filtered_out(conn, port)) { 315 /* Ignore this target. */ 316 } else { 317 discovery_add_target(response_keys, port->p_target); 318 } 319 } 320 } 321 keys_save(response_keys, response); 322 323 pdu_send(response); 324 pdu_delete(response); 325 keys_delete(response_keys); 326 pdu_delete(request); 327 keys_delete(request_keys); 328 329 log_debugx("done sending targets; waiting for Logout PDU"); 330 request = logout_receive(conn); 331 response = logout_new_response(request); 332 333 pdu_send(response); 334 pdu_delete(response); 335 pdu_delete(request); 336 337 log_debugx("discovery session done"); 338 } 339