1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2012 The FreeBSD Foundation 5 * 6 * This software was developed by Edward Tomasz Napierala under sponsorship 7 * from the FreeBSD Foundation. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 * 30 */ 31 32 #include <sys/cdefs.h> 33 __FBSDID("$FreeBSD$"); 34 35 #include <assert.h> 36 #include <stdio.h> 37 #include <stdlib.h> 38 #include <string.h> 39 #include <netinet/in.h> 40 #include <netdb.h> 41 #include <sys/socket.h> 42 43 #include "ctld.h" 44 #include "iscsi_proto.h" 45 46 static struct pdu * 47 text_receive(struct connection *conn) 48 { 49 struct pdu *request; 50 struct iscsi_bhs_text_request *bhstr; 51 52 request = pdu_new(conn); 53 pdu_receive(request); 54 if ((request->pdu_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) != 55 ISCSI_BHS_OPCODE_TEXT_REQUEST) 56 log_errx(1, "protocol error: received invalid opcode 0x%x", 57 request->pdu_bhs->bhs_opcode); 58 bhstr = (struct iscsi_bhs_text_request *)request->pdu_bhs; 59 #if 0 60 if ((bhstr->bhstr_flags & ISCSI_BHSTR_FLAGS_FINAL) == 0) 61 log_errx(1, "received Text PDU without the \"F\" flag"); 62 #endif 63 /* 64 * XXX: Implement the C flag some day. 65 */ 66 if ((bhstr->bhstr_flags & BHSTR_FLAGS_CONTINUE) != 0) 67 log_errx(1, "received Text PDU with unsupported \"C\" flag"); 68 if (ISCSI_SNLT(ntohl(bhstr->bhstr_cmdsn), conn->conn_cmdsn)) { 69 log_errx(1, "received Text PDU with decreasing CmdSN: " 70 "was %u, is %u", conn->conn_cmdsn, ntohl(bhstr->bhstr_cmdsn)); 71 } 72 if (ntohl(bhstr->bhstr_expstatsn) != conn->conn_statsn) { 73 log_errx(1, "received Text PDU with wrong ExpStatSN: " 74 "is %u, should be %u", ntohl(bhstr->bhstr_expstatsn), 75 conn->conn_statsn); 76 } 77 conn->conn_cmdsn = ntohl(bhstr->bhstr_cmdsn); 78 if ((bhstr->bhstr_opcode & ISCSI_BHS_OPCODE_IMMEDIATE) == 0) 79 conn->conn_cmdsn++; 80 81 return (request); 82 } 83 84 static struct pdu * 85 text_new_response(struct pdu *request) 86 { 87 struct pdu *response; 88 struct connection *conn; 89 struct iscsi_bhs_text_request *bhstr; 90 struct iscsi_bhs_text_response *bhstr2; 91 92 bhstr = (struct iscsi_bhs_text_request *)request->pdu_bhs; 93 conn = request->pdu_connection; 94 95 response = pdu_new_response(request); 96 bhstr2 = (struct iscsi_bhs_text_response *)response->pdu_bhs; 97 bhstr2->bhstr_opcode = ISCSI_BHS_OPCODE_TEXT_RESPONSE; 98 bhstr2->bhstr_flags = BHSTR_FLAGS_FINAL; 99 bhstr2->bhstr_lun = bhstr->bhstr_lun; 100 bhstr2->bhstr_initiator_task_tag = bhstr->bhstr_initiator_task_tag; 101 bhstr2->bhstr_target_transfer_tag = bhstr->bhstr_target_transfer_tag; 102 bhstr2->bhstr_statsn = htonl(conn->conn_statsn++); 103 bhstr2->bhstr_expcmdsn = htonl(conn->conn_cmdsn); 104 bhstr2->bhstr_maxcmdsn = htonl(conn->conn_cmdsn); 105 106 return (response); 107 } 108 109 static struct pdu * 110 logout_receive(struct connection *conn) 111 { 112 struct pdu *request; 113 struct iscsi_bhs_logout_request *bhslr; 114 115 request = pdu_new(conn); 116 pdu_receive(request); 117 if ((request->pdu_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) != 118 ISCSI_BHS_OPCODE_LOGOUT_REQUEST) 119 log_errx(1, "protocol error: received invalid opcode 0x%x", 120 request->pdu_bhs->bhs_opcode); 121 bhslr = (struct iscsi_bhs_logout_request *)request->pdu_bhs; 122 if ((bhslr->bhslr_reason & 0x7f) != BHSLR_REASON_CLOSE_SESSION) 123 log_debugx("received Logout PDU with invalid reason 0x%x; " 124 "continuing anyway", bhslr->bhslr_reason & 0x7f); 125 if (ISCSI_SNLT(ntohl(bhslr->bhslr_cmdsn), conn->conn_cmdsn)) { 126 log_errx(1, "received Logout PDU with decreasing CmdSN: " 127 "was %u, is %u", conn->conn_cmdsn, 128 ntohl(bhslr->bhslr_cmdsn)); 129 } 130 if (ntohl(bhslr->bhslr_expstatsn) != conn->conn_statsn) { 131 log_errx(1, "received Logout PDU with wrong ExpStatSN: " 132 "is %u, should be %u", ntohl(bhslr->bhslr_expstatsn), 133 conn->conn_statsn); 134 } 135 conn->conn_cmdsn = ntohl(bhslr->bhslr_cmdsn); 136 if ((bhslr->bhslr_opcode & ISCSI_BHS_OPCODE_IMMEDIATE) == 0) 137 conn->conn_cmdsn++; 138 139 return (request); 140 } 141 142 static struct pdu * 143 logout_new_response(struct pdu *request) 144 { 145 struct pdu *response; 146 struct connection *conn; 147 struct iscsi_bhs_logout_request *bhslr; 148 struct iscsi_bhs_logout_response *bhslr2; 149 150 bhslr = (struct iscsi_bhs_logout_request *)request->pdu_bhs; 151 conn = request->pdu_connection; 152 153 response = pdu_new_response(request); 154 bhslr2 = (struct iscsi_bhs_logout_response *)response->pdu_bhs; 155 bhslr2->bhslr_opcode = ISCSI_BHS_OPCODE_LOGOUT_RESPONSE; 156 bhslr2->bhslr_flags = 0x80; 157 bhslr2->bhslr_response = BHSLR_RESPONSE_CLOSED_SUCCESSFULLY; 158 bhslr2->bhslr_initiator_task_tag = bhslr->bhslr_initiator_task_tag; 159 bhslr2->bhslr_statsn = htonl(conn->conn_statsn++); 160 bhslr2->bhslr_expcmdsn = htonl(conn->conn_cmdsn); 161 bhslr2->bhslr_maxcmdsn = htonl(conn->conn_cmdsn); 162 163 return (response); 164 } 165 166 static void 167 discovery_add_target(struct keys *response_keys, const struct target *targ) 168 { 169 struct port *port; 170 struct portal *portal; 171 char *buf; 172 char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV]; 173 struct addrinfo *ai; 174 int ret; 175 176 keys_add(response_keys, "TargetName", targ->t_name); 177 TAILQ_FOREACH(port, &targ->t_ports, p_ts) { 178 if (port->p_portal_group == NULL) 179 continue; 180 TAILQ_FOREACH(portal, &port->p_portal_group->pg_portals, p_next) { 181 ai = portal->p_ai; 182 ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, 183 hbuf, sizeof(hbuf), sbuf, sizeof(sbuf), 184 NI_NUMERICHOST | NI_NUMERICSERV); 185 if (ret != 0) { 186 log_warnx("getnameinfo: %s", gai_strerror(ret)); 187 continue; 188 } 189 switch (ai->ai_addr->sa_family) { 190 case AF_INET: 191 if (strcmp(hbuf, "0.0.0.0") == 0) 192 continue; 193 ret = asprintf(&buf, "%s:%s,%d", hbuf, sbuf, 194 port->p_portal_group->pg_tag); 195 break; 196 case AF_INET6: 197 if (strcmp(hbuf, "::") == 0) 198 continue; 199 ret = asprintf(&buf, "[%s]:%s,%d", hbuf, sbuf, 200 port->p_portal_group->pg_tag); 201 break; 202 default: 203 continue; 204 } 205 if (ret <= 0) 206 log_err(1, "asprintf"); 207 keys_add(response_keys, "TargetAddress", buf); 208 free(buf); 209 } 210 } 211 } 212 213 static bool 214 discovery_target_filtered_out(const struct connection *conn, 215 const struct port *port) 216 { 217 const struct auth_group *ag; 218 const struct portal_group *pg; 219 const struct target *targ; 220 const struct auth *auth; 221 int error; 222 223 targ = port->p_target; 224 ag = port->p_auth_group; 225 if (ag == NULL) 226 ag = targ->t_auth_group; 227 pg = conn->conn_portal->p_portal_group; 228 229 assert(pg->pg_discovery_auth_group != PG_FILTER_UNKNOWN); 230 231 if (pg->pg_discovery_filter >= PG_FILTER_PORTAL && 232 auth_portal_check(ag, &conn->conn_initiator_sa) != 0) { 233 log_debugx("initiator does not match initiator portals " 234 "allowed for target \"%s\"; skipping", targ->t_name); 235 return (true); 236 } 237 238 if (pg->pg_discovery_filter >= PG_FILTER_PORTAL_NAME && 239 auth_name_check(ag, conn->conn_initiator_name) != 0) { 240 log_debugx("initiator does not match initiator names " 241 "allowed for target \"%s\"; skipping", targ->t_name); 242 return (true); 243 } 244 245 if (pg->pg_discovery_filter >= PG_FILTER_PORTAL_NAME_AUTH && 246 ag->ag_type != AG_TYPE_NO_AUTHENTICATION) { 247 if (conn->conn_chap == NULL) { 248 assert(pg->pg_discovery_auth_group->ag_type == 249 AG_TYPE_NO_AUTHENTICATION); 250 251 log_debugx("initiator didn't authenticate, but target " 252 "\"%s\" requires CHAP; skipping", targ->t_name); 253 return (true); 254 } 255 256 assert(conn->conn_user != NULL); 257 auth = auth_find(ag, conn->conn_user); 258 if (auth == NULL) { 259 log_debugx("CHAP user \"%s\" doesn't match target " 260 "\"%s\"; skipping", conn->conn_user, targ->t_name); 261 return (true); 262 } 263 264 error = chap_authenticate(conn->conn_chap, auth->a_secret); 265 if (error != 0) { 266 log_debugx("password for CHAP user \"%s\" doesn't " 267 "match target \"%s\"; skipping", 268 conn->conn_user, targ->t_name); 269 return (true); 270 } 271 } 272 273 return (false); 274 } 275 276 void 277 discovery(struct connection *conn) 278 { 279 struct pdu *request, *response; 280 struct keys *request_keys, *response_keys; 281 const struct port *port; 282 const struct portal_group *pg; 283 const char *send_targets; 284 285 pg = conn->conn_portal->p_portal_group; 286 287 log_debugx("beginning discovery session; waiting for Text PDU"); 288 request = text_receive(conn); 289 request_keys = keys_new(); 290 keys_load(request_keys, request); 291 292 send_targets = keys_find(request_keys, "SendTargets"); 293 if (send_targets == NULL) 294 log_errx(1, "received Text PDU without SendTargets"); 295 296 response = text_new_response(request); 297 response_keys = keys_new(); 298 299 if (strcmp(send_targets, "All") == 0) { 300 TAILQ_FOREACH(port, &pg->pg_ports, p_pgs) { 301 if (discovery_target_filtered_out(conn, port)) { 302 /* Ignore this target. */ 303 continue; 304 } 305 discovery_add_target(response_keys, port->p_target); 306 } 307 } else { 308 port = port_find_in_pg(pg, send_targets); 309 if (port == NULL) { 310 log_debugx("initiator requested information on unknown " 311 "target \"%s\"; returning nothing", send_targets); 312 } else { 313 if (discovery_target_filtered_out(conn, port)) { 314 /* Ignore this target. */ 315 } else { 316 discovery_add_target(response_keys, port->p_target); 317 } 318 } 319 } 320 keys_save(response_keys, response); 321 322 pdu_send(response); 323 pdu_delete(response); 324 keys_delete(response_keys); 325 pdu_delete(request); 326 keys_delete(request_keys); 327 328 log_debugx("done sending targets; waiting for Logout PDU"); 329 request = logout_receive(conn); 330 response = logout_new_response(request); 331 332 pdu_send(response); 333 pdu_delete(response); 334 pdu_delete(request); 335 336 log_debugx("discovery session done"); 337 } 338