xref: /freebsd/usr.sbin/ctld/discovery.c (revision c66ec88fed842fbaad62c30d510644ceb7bd2d71)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3  *
4  * Copyright (c) 2012 The FreeBSD Foundation
5  *
6  * This software was developed by Edward Tomasz Napierala under sponsorship
7  * from the FreeBSD Foundation.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28  * SUCH DAMAGE.
29  *
30  */
31 
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
34 
35 #include <assert.h>
36 #include <stdio.h>
37 #include <stdlib.h>
38 #include <string.h>
39 #include <netinet/in.h>
40 #include <netdb.h>
41 #include <sys/socket.h>
42 
43 #include "ctld.h"
44 #include "iscsi_proto.h"
45 
46 static struct pdu *
47 text_receive(struct connection *conn)
48 {
49 	struct pdu *request;
50 	struct iscsi_bhs_text_request *bhstr;
51 
52 	request = pdu_new(conn);
53 	pdu_receive(request);
54 	if ((request->pdu_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) !=
55 	    ISCSI_BHS_OPCODE_TEXT_REQUEST)
56 		log_errx(1, "protocol error: received invalid opcode 0x%x",
57 		    request->pdu_bhs->bhs_opcode);
58 	bhstr = (struct iscsi_bhs_text_request *)request->pdu_bhs;
59 #if 0
60 	if ((bhstr->bhstr_flags & ISCSI_BHSTR_FLAGS_FINAL) == 0)
61 		log_errx(1, "received Text PDU without the \"F\" flag");
62 #endif
63 	/*
64 	 * XXX: Implement the C flag some day.
65 	 */
66 	if ((bhstr->bhstr_flags & BHSTR_FLAGS_CONTINUE) != 0)
67 		log_errx(1, "received Text PDU with unsupported \"C\" flag");
68 	if (ISCSI_SNLT(ntohl(bhstr->bhstr_cmdsn), conn->conn_cmdsn)) {
69 		log_errx(1, "received Text PDU with decreasing CmdSN: "
70 		    "was %u, is %u", conn->conn_cmdsn, ntohl(bhstr->bhstr_cmdsn));
71 	}
72 	if (ntohl(bhstr->bhstr_expstatsn) != conn->conn_statsn) {
73 		log_errx(1, "received Text PDU with wrong ExpStatSN: "
74 		    "is %u, should be %u", ntohl(bhstr->bhstr_expstatsn),
75 		    conn->conn_statsn);
76 	}
77 	conn->conn_cmdsn = ntohl(bhstr->bhstr_cmdsn);
78 	if ((bhstr->bhstr_opcode & ISCSI_BHS_OPCODE_IMMEDIATE) == 0)
79 		conn->conn_cmdsn++;
80 
81 	return (request);
82 }
83 
84 static struct pdu *
85 text_new_response(struct pdu *request)
86 {
87 	struct pdu *response;
88 	struct connection *conn;
89 	struct iscsi_bhs_text_request *bhstr;
90 	struct iscsi_bhs_text_response *bhstr2;
91 
92 	bhstr = (struct iscsi_bhs_text_request *)request->pdu_bhs;
93 	conn = request->pdu_connection;
94 
95 	response = pdu_new_response(request);
96 	bhstr2 = (struct iscsi_bhs_text_response *)response->pdu_bhs;
97 	bhstr2->bhstr_opcode = ISCSI_BHS_OPCODE_TEXT_RESPONSE;
98 	bhstr2->bhstr_flags = BHSTR_FLAGS_FINAL;
99 	bhstr2->bhstr_lun = bhstr->bhstr_lun;
100 	bhstr2->bhstr_initiator_task_tag = bhstr->bhstr_initiator_task_tag;
101 	bhstr2->bhstr_target_transfer_tag = bhstr->bhstr_target_transfer_tag;
102 	bhstr2->bhstr_statsn = htonl(conn->conn_statsn++);
103 	bhstr2->bhstr_expcmdsn = htonl(conn->conn_cmdsn);
104 	bhstr2->bhstr_maxcmdsn = htonl(conn->conn_cmdsn);
105 
106 	return (response);
107 }
108 
109 static struct pdu *
110 logout_receive(struct connection *conn)
111 {
112 	struct pdu *request;
113 	struct iscsi_bhs_logout_request *bhslr;
114 
115 	request = pdu_new(conn);
116 	pdu_receive(request);
117 	if ((request->pdu_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) !=
118 	    ISCSI_BHS_OPCODE_LOGOUT_REQUEST)
119 		log_errx(1, "protocol error: received invalid opcode 0x%x",
120 		    request->pdu_bhs->bhs_opcode);
121 	bhslr = (struct iscsi_bhs_logout_request *)request->pdu_bhs;
122 	if ((bhslr->bhslr_reason & 0x7f) != BHSLR_REASON_CLOSE_SESSION)
123 		log_debugx("received Logout PDU with invalid reason 0x%x; "
124 		    "continuing anyway", bhslr->bhslr_reason & 0x7f);
125 	if (ISCSI_SNLT(ntohl(bhslr->bhslr_cmdsn), conn->conn_cmdsn)) {
126 		log_errx(1, "received Logout PDU with decreasing CmdSN: "
127 		    "was %u, is %u", conn->conn_cmdsn,
128 		    ntohl(bhslr->bhslr_cmdsn));
129 	}
130 	if (ntohl(bhslr->bhslr_expstatsn) != conn->conn_statsn) {
131 		log_errx(1, "received Logout PDU with wrong ExpStatSN: "
132 		    "is %u, should be %u", ntohl(bhslr->bhslr_expstatsn),
133 		    conn->conn_statsn);
134 	}
135 	conn->conn_cmdsn = ntohl(bhslr->bhslr_cmdsn);
136 	if ((bhslr->bhslr_opcode & ISCSI_BHS_OPCODE_IMMEDIATE) == 0)
137 		conn->conn_cmdsn++;
138 
139 	return (request);
140 }
141 
142 static struct pdu *
143 logout_new_response(struct pdu *request)
144 {
145 	struct pdu *response;
146 	struct connection *conn;
147 	struct iscsi_bhs_logout_request *bhslr;
148 	struct iscsi_bhs_logout_response *bhslr2;
149 
150 	bhslr = (struct iscsi_bhs_logout_request *)request->pdu_bhs;
151 	conn = request->pdu_connection;
152 
153 	response = pdu_new_response(request);
154 	bhslr2 = (struct iscsi_bhs_logout_response *)response->pdu_bhs;
155 	bhslr2->bhslr_opcode = ISCSI_BHS_OPCODE_LOGOUT_RESPONSE;
156 	bhslr2->bhslr_flags = 0x80;
157 	bhslr2->bhslr_response = BHSLR_RESPONSE_CLOSED_SUCCESSFULLY;
158 	bhslr2->bhslr_initiator_task_tag = bhslr->bhslr_initiator_task_tag;
159 	bhslr2->bhslr_statsn = htonl(conn->conn_statsn++);
160 	bhslr2->bhslr_expcmdsn = htonl(conn->conn_cmdsn);
161 	bhslr2->bhslr_maxcmdsn = htonl(conn->conn_cmdsn);
162 
163 	return (response);
164 }
165 
166 static void
167 discovery_add_target(struct keys *response_keys, const struct target *targ)
168 {
169 	struct port *port;
170 	struct portal *portal;
171 	char *buf;
172 	char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
173 	struct addrinfo *ai;
174 	int ret;
175 
176 	keys_add(response_keys, "TargetName", targ->t_name);
177 	TAILQ_FOREACH(port, &targ->t_ports, p_ts) {
178 	    if (port->p_portal_group == NULL)
179 		continue;
180 	    TAILQ_FOREACH(portal, &port->p_portal_group->pg_portals, p_next) {
181 		ai = portal->p_ai;
182 		ret = getnameinfo(ai->ai_addr, ai->ai_addrlen,
183 		    hbuf, sizeof(hbuf), sbuf, sizeof(sbuf),
184 		    NI_NUMERICHOST | NI_NUMERICSERV);
185 		if (ret != 0) {
186 			log_warnx("getnameinfo: %s", gai_strerror(ret));
187 			continue;
188 		}
189 		switch (ai->ai_addr->sa_family) {
190 		case AF_INET:
191 			if (strcmp(hbuf, "0.0.0.0") == 0)
192 				continue;
193 			ret = asprintf(&buf, "%s:%s,%d", hbuf, sbuf,
194 			    port->p_portal_group->pg_tag);
195 			break;
196 		case AF_INET6:
197 			if (strcmp(hbuf, "::") == 0)
198 				continue;
199 			ret = asprintf(&buf, "[%s]:%s,%d", hbuf, sbuf,
200 			    port->p_portal_group->pg_tag);
201 			break;
202 		default:
203 			continue;
204 		}
205 		if (ret <= 0)
206 		    log_err(1, "asprintf");
207 		keys_add(response_keys, "TargetAddress", buf);
208 		free(buf);
209 	    }
210 	}
211 }
212 
213 static bool
214 discovery_target_filtered_out(const struct connection *conn,
215     const struct port *port)
216 {
217 	const struct auth_group *ag;
218 	const struct portal_group *pg;
219 	const struct target *targ;
220 	const struct auth *auth;
221 	int error;
222 
223 	targ = port->p_target;
224 	ag = port->p_auth_group;
225 	if (ag == NULL)
226 		ag = targ->t_auth_group;
227 	pg = conn->conn_portal->p_portal_group;
228 
229 	assert(pg->pg_discovery_auth_group != PG_FILTER_UNKNOWN);
230 
231 	if (pg->pg_discovery_filter >= PG_FILTER_PORTAL &&
232 	    auth_portal_check(ag, &conn->conn_initiator_sa) != 0) {
233 		log_debugx("initiator does not match initiator portals "
234 		    "allowed for target \"%s\"; skipping", targ->t_name);
235 		return (true);
236 	}
237 
238 	if (pg->pg_discovery_filter >= PG_FILTER_PORTAL_NAME &&
239 	    auth_name_check(ag, conn->conn_initiator_name) != 0) {
240 		log_debugx("initiator does not match initiator names "
241 		    "allowed for target \"%s\"; skipping", targ->t_name);
242 		return (true);
243 	}
244 
245 	if (pg->pg_discovery_filter >= PG_FILTER_PORTAL_NAME_AUTH &&
246 	    ag->ag_type != AG_TYPE_NO_AUTHENTICATION) {
247 		if (conn->conn_chap == NULL) {
248 			assert(pg->pg_discovery_auth_group->ag_type ==
249 			    AG_TYPE_NO_AUTHENTICATION);
250 
251 			log_debugx("initiator didn't authenticate, but target "
252 			    "\"%s\" requires CHAP; skipping", targ->t_name);
253 			return (true);
254 		}
255 
256 		assert(conn->conn_user != NULL);
257 		auth = auth_find(ag, conn->conn_user);
258 		if (auth == NULL) {
259 			log_debugx("CHAP user \"%s\" doesn't match target "
260 			    "\"%s\"; skipping", conn->conn_user, targ->t_name);
261 			return (true);
262 		}
263 
264 		error = chap_authenticate(conn->conn_chap, auth->a_secret);
265 		if (error != 0) {
266 			log_debugx("password for CHAP user \"%s\" doesn't "
267 			    "match target \"%s\"; skipping",
268 			    conn->conn_user, targ->t_name);
269 			return (true);
270 		}
271 	}
272 
273 	return (false);
274 }
275 
276 void
277 discovery(struct connection *conn)
278 {
279 	struct pdu *request, *response;
280 	struct keys *request_keys, *response_keys;
281 	const struct port *port;
282 	const struct portal_group *pg;
283 	const char *send_targets;
284 
285 	pg = conn->conn_portal->p_portal_group;
286 
287 	log_debugx("beginning discovery session; waiting for Text PDU");
288 	request = text_receive(conn);
289 	request_keys = keys_new();
290 	keys_load(request_keys, request);
291 
292 	send_targets = keys_find(request_keys, "SendTargets");
293 	if (send_targets == NULL)
294 		log_errx(1, "received Text PDU without SendTargets");
295 
296 	response = text_new_response(request);
297 	response_keys = keys_new();
298 
299 	if (strcmp(send_targets, "All") == 0) {
300 		TAILQ_FOREACH(port, &pg->pg_ports, p_pgs) {
301 			if (discovery_target_filtered_out(conn, port)) {
302 				/* Ignore this target. */
303 				continue;
304 			}
305 			discovery_add_target(response_keys, port->p_target);
306 		}
307 	} else {
308 		port = port_find_in_pg(pg, send_targets);
309 		if (port == NULL) {
310 			log_debugx("initiator requested information on unknown "
311 			    "target \"%s\"; returning nothing", send_targets);
312 		} else {
313 			if (discovery_target_filtered_out(conn, port)) {
314 				/* Ignore this target. */
315 			} else {
316 				discovery_add_target(response_keys, port->p_target);
317 			}
318 		}
319 	}
320 	keys_save(response_keys, response);
321 
322 	pdu_send(response);
323 	pdu_delete(response);
324 	keys_delete(response_keys);
325 	pdu_delete(request);
326 	keys_delete(request_keys);
327 
328 	log_debugx("done sending targets; waiting for Logout PDU");
329 	request = logout_receive(conn);
330 	response = logout_new_response(request);
331 
332 	pdu_send(response);
333 	pdu_delete(response);
334 	pdu_delete(request);
335 
336 	log_debugx("discovery session done");
337 }
338