1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2012 The FreeBSD Foundation 5 * 6 * This software was developed by Edward Tomasz Napierala under sponsorship 7 * from the FreeBSD Foundation. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 * 30 */ 31 32 #include <sys/cdefs.h> 33 #include <assert.h> 34 #include <stdio.h> 35 #include <stdlib.h> 36 #include <string.h> 37 #include <netinet/in.h> 38 #include <netdb.h> 39 #include <sys/socket.h> 40 41 #include "ctld.h" 42 #include "iscsi_proto.h" 43 44 static struct pdu * 45 logout_receive(struct connection *conn) 46 { 47 struct pdu *request; 48 struct iscsi_bhs_logout_request *bhslr; 49 50 request = pdu_new(conn); 51 pdu_receive(request); 52 if ((request->pdu_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) != 53 ISCSI_BHS_OPCODE_LOGOUT_REQUEST) 54 log_errx(1, "protocol error: received invalid opcode 0x%x", 55 request->pdu_bhs->bhs_opcode); 56 bhslr = (struct iscsi_bhs_logout_request *)request->pdu_bhs; 57 if ((bhslr->bhslr_reason & 0x7f) != BHSLR_REASON_CLOSE_SESSION) 58 log_debugx("received Logout PDU with invalid reason 0x%x; " 59 "continuing anyway", bhslr->bhslr_reason & 0x7f); 60 if (ISCSI_SNLT(ntohl(bhslr->bhslr_cmdsn), conn->conn_cmdsn)) { 61 log_errx(1, "received Logout PDU with decreasing CmdSN: " 62 "was %u, is %u", conn->conn_cmdsn, 63 ntohl(bhslr->bhslr_cmdsn)); 64 } 65 if (ntohl(bhslr->bhslr_expstatsn) != conn->conn_statsn) { 66 log_errx(1, "received Logout PDU with wrong ExpStatSN: " 67 "is %u, should be %u", ntohl(bhslr->bhslr_expstatsn), 68 conn->conn_statsn); 69 } 70 conn->conn_cmdsn = ntohl(bhslr->bhslr_cmdsn); 71 if ((bhslr->bhslr_opcode & ISCSI_BHS_OPCODE_IMMEDIATE) == 0) 72 conn->conn_cmdsn++; 73 74 return (request); 75 } 76 77 static struct pdu * 78 logout_new_response(struct pdu *request) 79 { 80 struct pdu *response; 81 struct connection *conn; 82 struct iscsi_bhs_logout_request *bhslr; 83 struct iscsi_bhs_logout_response *bhslr2; 84 85 bhslr = (struct iscsi_bhs_logout_request *)request->pdu_bhs; 86 conn = request->pdu_connection; 87 88 response = pdu_new_response(request); 89 bhslr2 = (struct iscsi_bhs_logout_response *)response->pdu_bhs; 90 bhslr2->bhslr_opcode = ISCSI_BHS_OPCODE_LOGOUT_RESPONSE; 91 bhslr2->bhslr_flags = 0x80; 92 bhslr2->bhslr_response = BHSLR_RESPONSE_CLOSED_SUCCESSFULLY; 93 bhslr2->bhslr_initiator_task_tag = bhslr->bhslr_initiator_task_tag; 94 bhslr2->bhslr_statsn = htonl(conn->conn_statsn++); 95 bhslr2->bhslr_expcmdsn = htonl(conn->conn_cmdsn); 96 bhslr2->bhslr_maxcmdsn = htonl(conn->conn_cmdsn); 97 98 return (response); 99 } 100 101 static void 102 discovery_add_target(struct keys *response_keys, const struct target *targ) 103 { 104 struct port *port; 105 struct portal *portal; 106 char *buf; 107 char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV]; 108 struct addrinfo *ai; 109 int ret; 110 111 keys_add(response_keys, "TargetName", targ->t_name); 112 TAILQ_FOREACH(port, &targ->t_ports, p_ts) { 113 if (port->p_portal_group == NULL) 114 continue; 115 TAILQ_FOREACH(portal, &port->p_portal_group->pg_portals, p_next) { 116 ai = portal->p_ai; 117 ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, 118 hbuf, sizeof(hbuf), sbuf, sizeof(sbuf), 119 NI_NUMERICHOST | NI_NUMERICSERV); 120 if (ret != 0) { 121 log_warnx("getnameinfo: %s", gai_strerror(ret)); 122 continue; 123 } 124 switch (ai->ai_addr->sa_family) { 125 case AF_INET: 126 if (strcmp(hbuf, "0.0.0.0") == 0) 127 continue; 128 ret = asprintf(&buf, "%s:%s,%d", hbuf, sbuf, 129 port->p_portal_group->pg_tag); 130 break; 131 case AF_INET6: 132 if (strcmp(hbuf, "::") == 0) 133 continue; 134 ret = asprintf(&buf, "[%s]:%s,%d", hbuf, sbuf, 135 port->p_portal_group->pg_tag); 136 break; 137 default: 138 continue; 139 } 140 if (ret <= 0) 141 log_err(1, "asprintf"); 142 keys_add(response_keys, "TargetAddress", buf); 143 free(buf); 144 } 145 } 146 } 147 148 static bool 149 discovery_target_filtered_out(const struct ctld_connection *conn, 150 const struct port *port) 151 { 152 const struct auth_group *ag; 153 const struct portal_group *pg; 154 const struct target *targ; 155 const struct auth *auth; 156 int error; 157 158 targ = port->p_target; 159 ag = port->p_auth_group; 160 if (ag == NULL) 161 ag = targ->t_auth_group; 162 pg = conn->conn_portal->p_portal_group; 163 164 assert(pg->pg_discovery_auth_group != PG_FILTER_UNKNOWN); 165 166 if (pg->pg_discovery_filter >= PG_FILTER_PORTAL && 167 auth_portal_check(ag, &conn->conn_initiator_sa) != 0) { 168 log_debugx("initiator does not match initiator portals " 169 "allowed for target \"%s\"; skipping", targ->t_name); 170 return (true); 171 } 172 173 if (pg->pg_discovery_filter >= PG_FILTER_PORTAL_NAME && 174 auth_name_check(ag, conn->conn_initiator_name) != 0) { 175 log_debugx("initiator does not match initiator names " 176 "allowed for target \"%s\"; skipping", targ->t_name); 177 return (true); 178 } 179 180 if (pg->pg_discovery_filter >= PG_FILTER_PORTAL_NAME_AUTH && 181 ag->ag_type != AG_TYPE_NO_AUTHENTICATION) { 182 if (conn->conn_chap == NULL) { 183 assert(pg->pg_discovery_auth_group->ag_type == 184 AG_TYPE_NO_AUTHENTICATION); 185 186 log_debugx("initiator didn't authenticate, but target " 187 "\"%s\" requires CHAP; skipping", targ->t_name); 188 return (true); 189 } 190 191 assert(conn->conn_user != NULL); 192 auth = auth_find(ag, conn->conn_user); 193 if (auth == NULL) { 194 log_debugx("CHAP user \"%s\" doesn't match target " 195 "\"%s\"; skipping", conn->conn_user, targ->t_name); 196 return (true); 197 } 198 199 error = chap_authenticate(conn->conn_chap, auth->a_secret); 200 if (error != 0) { 201 log_debugx("password for CHAP user \"%s\" doesn't " 202 "match target \"%s\"; skipping", 203 conn->conn_user, targ->t_name); 204 return (true); 205 } 206 } 207 208 return (false); 209 } 210 211 void 212 discovery(struct ctld_connection *conn) 213 { 214 struct pdu *request, *response; 215 struct keys *request_keys, *response_keys; 216 const struct port *port; 217 const struct portal_group *pg; 218 const char *send_targets; 219 220 pg = conn->conn_portal->p_portal_group; 221 222 log_debugx("beginning discovery session; waiting for TextRequest PDU"); 223 request_keys = text_read_request(&conn->conn, &request); 224 225 send_targets = keys_find(request_keys, "SendTargets"); 226 if (send_targets == NULL) 227 log_errx(1, "received TextRequest PDU without SendTargets"); 228 229 response_keys = keys_new(); 230 231 if (strcmp(send_targets, "All") == 0) { 232 TAILQ_FOREACH(port, &pg->pg_ports, p_pgs) { 233 if (discovery_target_filtered_out(conn, port)) { 234 /* Ignore this target. */ 235 continue; 236 } 237 discovery_add_target(response_keys, port->p_target); 238 } 239 } else { 240 port = port_find_in_pg(pg, send_targets); 241 if (port == NULL) { 242 log_debugx("initiator requested information on unknown " 243 "target \"%s\"; returning nothing", send_targets); 244 } else { 245 if (discovery_target_filtered_out(conn, port)) { 246 /* Ignore this target. */ 247 } else { 248 discovery_add_target(response_keys, port->p_target); 249 } 250 } 251 } 252 253 text_send_response(request, response_keys); 254 keys_delete(response_keys); 255 pdu_delete(request); 256 keys_delete(request_keys); 257 258 log_debugx("done sending targets; waiting for Logout PDU"); 259 request = logout_receive(&conn->conn); 260 response = logout_new_response(request); 261 262 pdu_send(response); 263 pdu_delete(response); 264 pdu_delete(request); 265 266 log_debugx("discovery session done"); 267 } 268