1/*-
2 * Copyright (c) 2012 The FreeBSD Foundation
3 * All rights reserved.
4 *
5 * This software was developed by Edward Tomasz Napierala under sponsorship
6 * from the FreeBSD Foundation.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 */
30
31#include <sys/cdefs.h>
32__FBSDID("$FreeBSD: stable/10/usr.sbin/ctld/ctld.c 274871 2014-11-22 17:52:33Z trasz $");
33
34#include <sys/types.h>
35#include <sys/time.h>
36#include <sys/socket.h>
37#include <sys/wait.h>
38#include <netinet/in.h>
39#include <arpa/inet.h>
40#include <assert.h>
41#include <ctype.h>
42#include <errno.h>
43#include <netdb.h>
44#include <signal.h>
45#include <stdbool.h>
46#include <stdio.h>
47#include <stdint.h>
48#include <stdlib.h>
49#include <string.h>
50#include <unistd.h>
51
52#include "ctld.h"
53
54bool proxy_mode = false;
55
56static volatile bool sighup_received = false;
57static volatile bool sigterm_received = false;
58static volatile bool sigalrm_received = false;
59
60static int nchildren = 0;
61
62static void
63usage(void)
64{
65
66 fprintf(stderr, "usage: ctld [-d][-f config-file]\n");
67 exit(1);
68}
69
70char *
71checked_strdup(const char *s)
72{
73 char *c;
74
75 c = strdup(s);
76 if (c == NULL)
77 log_err(1, "strdup");
78 return (c);
79}
80
81struct conf *
82conf_new(void)
83{
84 struct conf *conf;
85
86 conf = calloc(1, sizeof(*conf));
87 if (conf == NULL)
88 log_err(1, "calloc");
89 TAILQ_INIT(&conf->conf_targets);
90 TAILQ_INIT(&conf->conf_auth_groups);
91 TAILQ_INIT(&conf->conf_portal_groups);
92
93 conf->conf_debug = 0;
94 conf->conf_timeout = 60;
95 conf->conf_maxproc = 30;
96
97 return (conf);
98}
99
100void
101conf_delete(struct conf *conf)
102{
103 struct target *targ, *tmp;
104 struct auth_group *ag, *cagtmp;
105 struct portal_group *pg, *cpgtmp;
106
107 assert(conf->conf_pidfh == NULL);
108
109 TAILQ_FOREACH_SAFE(targ, &conf->conf_targets, t_next, tmp)
110 target_delete(targ);
111 TAILQ_FOREACH_SAFE(ag, &conf->conf_auth_groups, ag_next, cagtmp)
112 auth_group_delete(ag);
113 TAILQ_FOREACH_SAFE(pg, &conf->conf_portal_groups, pg_next, cpgtmp)
114 portal_group_delete(pg);
115 free(conf->conf_pidfile_path);
116 free(conf);
117}
118
119static struct auth *
120auth_new(struct auth_group *ag)
121{
122 struct auth *auth;
123
124 auth = calloc(1, sizeof(*auth));
125 if (auth == NULL)
126 log_err(1, "calloc");
127 auth->a_auth_group = ag;
128 TAILQ_INSERT_TAIL(&ag->ag_auths, auth, a_next);
129 return (auth);
130}
131
132static void
133auth_delete(struct auth *auth)
134{
135 TAILQ_REMOVE(&auth->a_auth_group->ag_auths, auth, a_next);
136
137 free(auth->a_user);
138 free(auth->a_secret);
139 free(auth->a_mutual_user);
140 free(auth->a_mutual_secret);
141 free(auth);
142}
143
144const struct auth *
145auth_find(const struct auth_group *ag, const char *user)
146{
147 const struct auth *auth;
148
149 TAILQ_FOREACH(auth, &ag->ag_auths, a_next) {
150 if (strcmp(auth->a_user, user) == 0)
151 return (auth);
152 }
153
154 return (NULL);
155}
156
157static void
158auth_check_secret_length(struct auth *auth)
159{
160 size_t len;
161
162 len = strlen(auth->a_secret);
163 if (len > 16) {
164 if (auth->a_auth_group->ag_name != NULL)
165 log_warnx("secret for user \"%s\", auth-group \"%s\", "
166 "is too long; it should be at most 16 characters "
167 "long", auth->a_user, auth->a_auth_group->ag_name);
168 else
169 log_warnx("secret for user \"%s\", target \"%s\", "
170 "is too long; it should be at most 16 characters "
171 "long", auth->a_user,
172 auth->a_auth_group->ag_target->t_name);
173 }
174 if (len < 12) {
175 if (auth->a_auth_group->ag_name != NULL)
176 log_warnx("secret for user \"%s\", auth-group \"%s\", "
177 "is too short; it should be at least 12 characters "
178 "long", auth->a_user,
179 auth->a_auth_group->ag_name);
180 else
181 log_warnx("secret for user \"%s\", target \"%s\", "
182 "is too short; it should be at least 16 characters "
183 "long", auth->a_user,
184 auth->a_auth_group->ag_target->t_name);
185 }
186
187 if (auth->a_mutual_secret != NULL) {
188 len = strlen(auth->a_secret);
189 if (len > 16) {
190 if (auth->a_auth_group->ag_name != NULL)
191 log_warnx("mutual secret for user \"%s\", "
192 "auth-group \"%s\", is too long; it should "
193 "be at most 16 characters long",
194 auth->a_user, auth->a_auth_group->ag_name);
195 else
196 log_warnx("mutual secret for user \"%s\", "
197 "target \"%s\", is too long; it should "
198 "be at most 16 characters long",
199 auth->a_user,
200 auth->a_auth_group->ag_target->t_name);
201 }
202 if (len < 12) {
203 if (auth->a_auth_group->ag_name != NULL)
204 log_warnx("mutual secret for user \"%s\", "
205 "auth-group \"%s\", is too short; it "
206 "should be at least 12 characters long",
207 auth->a_user, auth->a_auth_group->ag_name);
208 else
209 log_warnx("mutual secret for user \"%s\", "
210 "target \"%s\", is too short; it should be "
211 "at least 16 characters long",
212 auth->a_user,
213 auth->a_auth_group->ag_target->t_name);
214 }
215 }
216}
217
218const struct auth *
219auth_new_chap(struct auth_group *ag, const char *user,
220 const char *secret)
221{
222 struct auth *auth;
223
224 if (ag->ag_type == AG_TYPE_UNKNOWN)
225 ag->ag_type = AG_TYPE_CHAP;
226 if (ag->ag_type != AG_TYPE_CHAP) {
227 if (ag->ag_name != NULL)
228 log_warnx("cannot mix \"chap\" authentication with "
229 "other types for auth-group \"%s\"", ag->ag_name);
230 else
231 log_warnx("cannot mix \"chap\" authentication with "
232 "other types for target \"%s\"",
233 ag->ag_target->t_name);
234 return (NULL);
235 }
236
237 auth = auth_new(ag);
238 auth->a_user = checked_strdup(user);
239 auth->a_secret = checked_strdup(secret);
240
241 auth_check_secret_length(auth);
242
243 return (auth);
244}
245
246const struct auth *
247auth_new_chap_mutual(struct auth_group *ag, const char *user,
248 const char *secret, const char *user2, const char *secret2)
249{
250 struct auth *auth;
251
252 if (ag->ag_type == AG_TYPE_UNKNOWN)
253 ag->ag_type = AG_TYPE_CHAP_MUTUAL;
254 if (ag->ag_type != AG_TYPE_CHAP_MUTUAL) {
255 if (ag->ag_name != NULL)
256 log_warnx("cannot mix \"chap-mutual\" authentication "
257 "with other types for auth-group \"%s\"",
258 ag->ag_name);
259 else
260 log_warnx("cannot mix \"chap-mutual\" authentication "
261 "with other types for target \"%s\"",
262 ag->ag_target->t_name);
263 return (NULL);
264 }
265
266 auth = auth_new(ag);
267 auth->a_user = checked_strdup(user);
268 auth->a_secret = checked_strdup(secret);
269 auth->a_mutual_user = checked_strdup(user2);
270 auth->a_mutual_secret = checked_strdup(secret2);
271
272 auth_check_secret_length(auth);
273
274 return (auth);
275}
276
277const struct auth_name *
278auth_name_new(struct auth_group *ag, const char *name)
279{
280 struct auth_name *an;
281
282 an = calloc(1, sizeof(*an));
283 if (an == NULL)
284 log_err(1, "calloc");
285 an->an_auth_group = ag;
286 an->an_initator_name = checked_strdup(name);
287 TAILQ_INSERT_TAIL(&ag->ag_names, an, an_next);
288 return (an);
289}
290
291static void
292auth_name_delete(struct auth_name *an)
293{
294 TAILQ_REMOVE(&an->an_auth_group->ag_names, an, an_next);
295
296 free(an->an_initator_name);
297 free(an);
298}
299
300bool
301auth_name_defined(const struct auth_group *ag)
302{
303 if (TAILQ_EMPTY(&ag->ag_names))
304 return (false);
305 return (true);
306}
307
308const struct auth_name *
309auth_name_find(const struct auth_group *ag, const char *name)
310{
311 const struct auth_name *auth_name;
312
313 TAILQ_FOREACH(auth_name, &ag->ag_names, an_next) {
314 if (strcmp(auth_name->an_initator_name, name) == 0)
315 return (auth_name);
316 }
317
318 return (NULL);
319}
320
321const struct auth_portal *
322auth_portal_new(struct auth_group *ag, const char *portal)
323{
324 struct auth_portal *ap;
325 char *net, *mask, *str, *tmp;
326 int len, dm, m;
327
328 ap = calloc(1, sizeof(*ap));
329 if (ap == NULL)
330 log_err(1, "calloc");
331 ap->ap_auth_group = ag;
332 ap->ap_initator_portal = checked_strdup(portal);
333 mask = str = checked_strdup(portal);
334 net = strsep(&mask, "/");
335 if (net[0] == '[')
336 net++;
337 len = strlen(net);
338 if (len == 0)
339 goto error;
340 if (net[len - 1] == ']')
341 net[len - 1] = 0;
342 if (strchr(net, ':') != NULL) {
343 struct sockaddr_in6 *sin6 =
344 (struct sockaddr_in6 *)&ap->ap_sa;
345
346 sin6->sin6_len = sizeof(*sin6);
347 sin6->sin6_family = AF_INET6;
348 if (inet_pton(AF_INET6, net, &sin6->sin6_addr) <= 0)
349 goto error;
350 dm = 128;
351 } else {
352 struct sockaddr_in *sin =
353 (struct sockaddr_in *)&ap->ap_sa;
354
355 sin->sin_len = sizeof(*sin);
356 sin->sin_family = AF_INET;
357 if (inet_pton(AF_INET, net, &sin->sin_addr) <= 0)
358 goto error;
359 dm = 32;
360 }
361 if (mask != NULL) {
362 m = strtol(mask, &tmp, 0);
363 if (m < 0 || m > dm || tmp[0] != 0)
364 goto error;
365 } else
366 m = dm;
367 ap->ap_mask = m;
368 free(str);
369 TAILQ_INSERT_TAIL(&ag->ag_portals, ap, ap_next);
370 return (ap);
371
372error:
373 log_errx(1, "Incorrect initiator portal '%s'", portal);
374 return (NULL);
375}
376
377static void
378auth_portal_delete(struct auth_portal *ap)
379{
380 TAILQ_REMOVE(&ap->ap_auth_group->ag_portals, ap, ap_next);
381
382 free(ap->ap_initator_portal);
383 free(ap);
384}
385
386bool
387auth_portal_defined(const struct auth_group *ag)
388{
389 if (TAILQ_EMPTY(&ag->ag_portals))
390 return (false);
391 return (true);
392}
393
394const struct auth_portal *
395auth_portal_find(const struct auth_group *ag, const struct sockaddr_storage *ss)
396{
397 const struct auth_portal *ap;
398 const uint8_t *a, *b;
399 int i;
400 uint8_t bmask;
401
402 TAILQ_FOREACH(ap, &ag->ag_portals, ap_next) {
403 if (ap->ap_sa.ss_family != ss->ss_family)
404 continue;
405 if (ss->ss_family == AF_INET) {
406 a = (const uint8_t *)
407 &((const struct sockaddr_in *)ss)->sin_addr;
408 b = (const uint8_t *)
409 &((const struct sockaddr_in *)&ap->ap_sa)->sin_addr;
410 } else {
411 a = (const uint8_t *)
412 &((const struct sockaddr_in6 *)ss)->sin6_addr;
413 b = (const uint8_t *)
414 &((const struct sockaddr_in6 *)&ap->ap_sa)->sin6_addr;
415 }
416 for (i = 0; i < ap->ap_mask / 8; i++) {
417 if (a[i] != b[i])
418 goto next;
419 }
420 if (ap->ap_mask % 8) {
421 bmask = 0xff << (8 - (ap->ap_mask % 8));
422 if ((a[i] & bmask) != (b[i] & bmask))
423 goto next;
424 }
425 return (ap);
426next:
427 ;
428 }
429
430 return (NULL);
431}
432
433struct auth_group *
434auth_group_new(struct conf *conf, const char *name)
435{
436 struct auth_group *ag;
437
438 if (name != NULL) {
439 ag = auth_group_find(conf, name);
440 if (ag != NULL) {
441 log_warnx("duplicated auth-group \"%s\"", name);
442 return (NULL);
443 }
444 }
445
446 ag = calloc(1, sizeof(*ag));
447 if (ag == NULL)
448 log_err(1, "calloc");
449 if (name != NULL)
450 ag->ag_name = checked_strdup(name);
451 TAILQ_INIT(&ag->ag_auths);
452 TAILQ_INIT(&ag->ag_names);
453 TAILQ_INIT(&ag->ag_portals);
454 ag->ag_conf = conf;
455 TAILQ_INSERT_TAIL(&conf->conf_auth_groups, ag, ag_next);
456
457 return (ag);
458}
459
460void
461auth_group_delete(struct auth_group *ag)
462{
463 struct auth *auth, *auth_tmp;
464 struct auth_name *auth_name, *auth_name_tmp;
465 struct auth_portal *auth_portal, *auth_portal_tmp;
466
467 TAILQ_REMOVE(&ag->ag_conf->conf_auth_groups, ag, ag_next);
468
469 TAILQ_FOREACH_SAFE(auth, &ag->ag_auths, a_next, auth_tmp)
470 auth_delete(auth);
471 TAILQ_FOREACH_SAFE(auth_name, &ag->ag_names, an_next, auth_name_tmp)
472 auth_name_delete(auth_name);
473 TAILQ_FOREACH_SAFE(auth_portal, &ag->ag_portals, ap_next,
474 auth_portal_tmp)
475 auth_portal_delete(auth_portal);
476 free(ag->ag_name);
477 free(ag);
478}
479
480struct auth_group *
481auth_group_find(const struct conf *conf, const char *name)
482{
483 struct auth_group *ag;
484
485 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
486 if (ag->ag_name != NULL && strcmp(ag->ag_name, name) == 0)
487 return (ag);
488 }
489
490 return (NULL);
491}
492
493static int
494auth_group_set_type(struct auth_group *ag, int type)
495{
496
497 if (ag->ag_type == AG_TYPE_UNKNOWN) {
498 ag->ag_type = type;
499 return (0);
500 }
501
502 if (ag->ag_type == type)
503 return (0);
504
505 return (1);
506}
507
508int
509auth_group_set_type_str(struct auth_group *ag, const char *str)
510{
511 int error, type;
512
513 if (strcmp(str, "none") == 0) {
514 type = AG_TYPE_NO_AUTHENTICATION;
515 } else if (strcmp(str, "deny") == 0) {
516 type = AG_TYPE_DENY;
517 } else if (strcmp(str, "chap") == 0) {
518 type = AG_TYPE_CHAP;
519 } else if (strcmp(str, "chap-mutual") == 0) {
520 type = AG_TYPE_CHAP_MUTUAL;
521 } else {
522 if (ag->ag_name != NULL)
523 log_warnx("invalid auth-type \"%s\" for auth-group "
524 "\"%s\"", str, ag->ag_name);
525 else
526 log_warnx("invalid auth-type \"%s\" for target "
527 "\"%s\"", str, ag->ag_target->t_name);
528 return (1);
529 }
530
531 error = auth_group_set_type(ag, type);
532 if (error != 0) {
533 if (ag->ag_name != NULL)
534 log_warnx("cannot set auth-type to \"%s\" for "
535 "auth-group \"%s\"; already has a different "
536 "type", str, ag->ag_name);
537 else
538 log_warnx("cannot set auth-type to \"%s\" for target "
539 "\"%s\"; already has a different type",
540 str, ag->ag_target->t_name);
541 return (1);
542 }
543
544 return (error);
545}
546
547static struct portal *
548portal_new(struct portal_group *pg)
549{
550 struct portal *portal;
551
552 portal = calloc(1, sizeof(*portal));
553 if (portal == NULL)
554 log_err(1, "calloc");
555 TAILQ_INIT(&portal->p_targets);
556 portal->p_portal_group = pg;
557 TAILQ_INSERT_TAIL(&pg->pg_portals, portal, p_next);
558 return (portal);
559}
560
561static void
562portal_delete(struct portal *portal)
563{
564
565 TAILQ_REMOVE(&portal->p_portal_group->pg_portals, portal, p_next);
566 if (portal->p_ai != NULL)
567 freeaddrinfo(portal->p_ai);
568 free(portal->p_listen);
569 free(portal);
570}
571
572struct portal_group *
573portal_group_new(struct conf *conf, const char *name)
574{
575 struct portal_group *pg;
576
577 pg = portal_group_find(conf, name);
578 if (pg != NULL) {
579 log_warnx("duplicated portal-group \"%s\"", name);
580 return (NULL);
581 }
582
583 pg = calloc(1, sizeof(*pg));
584 if (pg == NULL)
585 log_err(1, "calloc");
586 pg->pg_name = checked_strdup(name);
587 TAILQ_INIT(&pg->pg_portals);
588 pg->pg_conf = conf;
589 conf->conf_last_portal_group_tag++;
590 pg->pg_tag = conf->conf_last_portal_group_tag;
591 TAILQ_INSERT_TAIL(&conf->conf_portal_groups, pg, pg_next);
592
593 return (pg);
594}
595
596void
597portal_group_delete(struct portal_group *pg)
598{
599 struct portal *portal, *tmp;
600
601 TAILQ_REMOVE(&pg->pg_conf->conf_portal_groups, pg, pg_next);
602
603 TAILQ_FOREACH_SAFE(portal, &pg->pg_portals, p_next, tmp)
604 portal_delete(portal);
605 free(pg->pg_name);
606 free(pg);
607}
608
609struct portal_group *
610portal_group_find(const struct conf *conf, const char *name)
611{
612 struct portal_group *pg;
613
614 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
615 if (strcmp(pg->pg_name, name) == 0)
616 return (pg);
617 }
618
619 return (NULL);
620}
621
622int
623portal_group_add_listen(struct portal_group *pg, const char *value, bool iser)
624{
625 struct addrinfo hints;
626 struct portal *portal;
627 char *addr, *ch, *arg;
628 const char *port;
629 int error, colons = 0;
630
631 portal = portal_new(pg);
632 portal->p_listen = checked_strdup(value);
633 portal->p_iser = iser;
634
635 arg = portal->p_listen;
636 if (arg[0] == '\0') {
637 log_warnx("empty listen address");
638 portal_delete(portal);
639 return (1);
640 }
641 if (arg[0] == '[') {
642 /*
643 * IPv6 address in square brackets, perhaps with port.
644 */
645 arg++;
646 addr = strsep(&arg, "]");
647 if (arg == NULL) {
648 log_warnx("invalid listen address %s",
649 portal->p_listen);
650 portal_delete(portal);
651 return (1);
652 }
653 if (arg[0] == '\0') {
654 port = "3260";
655 } else if (arg[0] == ':') {
656 port = arg + 1;
657 } else {
658 log_warnx("invalid listen address %s",
659 portal->p_listen);
660 portal_delete(portal);
661 return (1);
662 }
663 } else {
664 /*
665 * Either IPv6 address without brackets - and without
666 * a port - or IPv4 address. Just count the colons.
667 */
668 for (ch = arg; *ch != '\0'; ch++) {
669 if (*ch == ':')
670 colons++;
671 }
672 if (colons > 1) {
673 addr = arg;
674 port = "3260";
675 } else {
676 addr = strsep(&arg, ":");
677 if (arg == NULL)
678 port = "3260";
679 else
680 port = arg;
681 }
682 }
683
684 memset(&hints, 0, sizeof(hints));
685 hints.ai_family = PF_UNSPEC;
686 hints.ai_socktype = SOCK_STREAM;
687 hints.ai_flags = AI_PASSIVE;
688
689 error = getaddrinfo(addr, port, &hints, &portal->p_ai);
690 if (error != 0) {
691 log_warnx("getaddrinfo for %s failed: %s",
692 portal->p_listen, gai_strerror(error));
693 portal_delete(portal);
694 return (1);
695 }
696
697 /*
698 * XXX: getaddrinfo(3) may return multiple addresses; we should turn
699 * those into multiple portals.
700 */
701
702 return (0);
703}
704
705static bool
706valid_hex(const char ch)
707{
708 switch (ch) {
709 case '0':
710 case '1':
711 case '2':
712 case '3':
713 case '4':
714 case '5':
715 case '6':
716 case '7':
717 case '8':
718 case '9':
719 case 'a':
720 case 'A':
721 case 'b':
722 case 'B':
723 case 'c':
724 case 'C':
725 case 'd':
726 case 'D':
727 case 'e':
728 case 'E':
729 case 'f':
730 case 'F':
731 return (true);
732 default:
733 return (false);
734 }
735}
736
737bool
738valid_iscsi_name(const char *name)
739{
740 int i;
741
742 if (strlen(name) >= MAX_NAME_LEN) {
743 log_warnx("overlong name for target \"%s\"; max length allowed "
744 "by iSCSI specification is %d characters",
745 name, MAX_NAME_LEN);
746 return (false);
747 }
748
749 /*
750 * In the cases below, we don't return an error, just in case the admin
751 * was right, and we're wrong.
752 */
753 if (strncasecmp(name, "iqn.", strlen("iqn.")) == 0) {
754 for (i = strlen("iqn."); name[i] != '\0'; i++) {
755 /*
756 * XXX: We should verify UTF-8 normalisation, as defined
757 * by 3.2.6.2: iSCSI Name Encoding.
758 */
759 if (isalnum(name[i]))
760 continue;
761 if (name[i] == '-' || name[i] == '.' || name[i] == ':')
762 continue;
763 log_warnx("invalid character \"%c\" in target name "
764 "\"%s\"; allowed characters are letters, digits, "
765 "'-', '.', and ':'", name[i], name);
766 break;
767 }
768 /*
769 * XXX: Check more stuff: valid date and a valid reversed domain.
770 */
771 } else if (strncasecmp(name, "eui.", strlen("eui.")) == 0) {
772 if (strlen(name) != strlen("eui.") + 16)
773 log_warnx("invalid target name \"%s\"; the \"eui.\" "
774 "should be followed by exactly 16 hexadecimal "
775 "digits", name);
776 for (i = strlen("eui."); name[i] != '\0'; i++) {
777 if (!valid_hex(name[i])) {
778 log_warnx("invalid character \"%c\" in target "
779 "name \"%s\"; allowed characters are 1-9 "
780 "and A-F", name[i], name);
781 break;
782 }
783 }
784 } else if (strncasecmp(name, "naa.", strlen("naa.")) == 0) {
785 if (strlen(name) > strlen("naa.") + 32)
786 log_warnx("invalid target name \"%s\"; the \"naa.\" "
787 "should be followed by at most 32 hexadecimal "
788 "digits", name);
789 for (i = strlen("naa."); name[i] != '\0'; i++) {
790 if (!valid_hex(name[i])) {
791 log_warnx("invalid character \"%c\" in target "
792 "name \"%s\"; allowed characters are 1-9 "
793 "and A-F", name[i], name);
794 break;
795 }
796 }
797 } else {
798 log_warnx("invalid target name \"%s\"; should start with "
799 "either \".iqn\", \"eui.\", or \"naa.\"",
800 name);
801 }
802 return (true);
803}
804
805struct target *
806target_new(struct conf *conf, const char *name)
807{
808 struct target *targ;
809 int i, len;
810
811 targ = target_find(conf, name);
812 if (targ != NULL) {
813 log_warnx("duplicated target \"%s\"", name);
814 return (NULL);
815 }
816 if (valid_iscsi_name(name) == false) {
817 log_warnx("target name \"%s\" is invalid", name);
818 return (NULL);
819 }
820 targ = calloc(1, sizeof(*targ));
821 if (targ == NULL)
822 log_err(1, "calloc");
823 targ->t_name = checked_strdup(name);
824
825 /*
826 * RFC 3722 requires us to normalize the name to lowercase.
827 */
828 len = strlen(name);
829 for (i = 0; i < len; i++)
830 targ->t_name[i] = tolower(targ->t_name[i]);
831
832 TAILQ_INIT(&targ->t_luns);
833 targ->t_conf = conf;
834 TAILQ_INSERT_TAIL(&conf->conf_targets, targ, t_next);
835
836 return (targ);
837}
838
839void
840target_delete(struct target *targ)
841{
842 struct lun *lun, *tmp;
843
844 TAILQ_REMOVE(&targ->t_conf->conf_targets, targ, t_next);
845
846 TAILQ_FOREACH_SAFE(lun, &targ->t_luns, l_next, tmp)
847 lun_delete(lun);
848 free(targ->t_name);
849 free(targ);
850}
851
852struct target *
853target_find(struct conf *conf, const char *name)
854{
855 struct target *targ;
856
857 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
858 if (strcasecmp(targ->t_name, name) == 0)
859 return (targ);
860 }
861
862 return (NULL);
863}
864
865struct lun *
866lun_new(struct target *targ, int lun_id)
867{
868 struct lun *lun;
869
870 lun = lun_find(targ, lun_id);
871 if (lun != NULL) {
872 log_warnx("duplicated lun %d for target \"%s\"",
873 lun_id, targ->t_name);
874 return (NULL);
875 }
876
877 lun = calloc(1, sizeof(*lun));
878 if (lun == NULL)
879 log_err(1, "calloc");
880 lun->l_lun = lun_id;
881 TAILQ_INIT(&lun->l_options);
882 lun->l_target = targ;
883 TAILQ_INSERT_TAIL(&targ->t_luns, lun, l_next);
884
885 return (lun);
886}
887
888void
889lun_delete(struct lun *lun)
890{
891 struct lun_option *lo, *tmp;
892
893 TAILQ_REMOVE(&lun->l_target->t_luns, lun, l_next);
894
895 TAILQ_FOREACH_SAFE(lo, &lun->l_options, lo_next, tmp)
896 lun_option_delete(lo);
897 free(lun->l_backend);
898 free(lun->l_device_id);
899 free(lun->l_path);
900 free(lun->l_serial);
901 free(lun);
902}
903
904struct lun *
905lun_find(const struct target *targ, int lun_id)
906{
907 struct lun *lun;
908
909 TAILQ_FOREACH(lun, &targ->t_luns, l_next) {
910 if (lun->l_lun == lun_id)
911 return (lun);
912 }
913
914 return (NULL);
915}
916
917void
918lun_set_backend(struct lun *lun, const char *value)
919{
920 free(lun->l_backend);
921 lun->l_backend = checked_strdup(value);
922}
923
924void
925lun_set_blocksize(struct lun *lun, size_t value)
926{
927
928 lun->l_blocksize = value;
929}
930
931void
932lun_set_device_id(struct lun *lun, const char *value)
933{
934 free(lun->l_device_id);
935 lun->l_device_id = checked_strdup(value);
936}
937
938void
939lun_set_path(struct lun *lun, const char *value)
940{
941 free(lun->l_path);
942 lun->l_path = checked_strdup(value);
943}
944
945void
946lun_set_serial(struct lun *lun, const char *value)
947{
948 free(lun->l_serial);
949 lun->l_serial = checked_strdup(value);
950}
951
952void
953lun_set_size(struct lun *lun, size_t value)
954{
955
956 lun->l_size = value;
957}
958
959void
960lun_set_ctl_lun(struct lun *lun, uint32_t value)
961{
962
963 lun->l_ctl_lun = value;
964}
965
966struct lun_option *
967lun_option_new(struct lun *lun, const char *name, const char *value)
968{
969 struct lun_option *lo;
970
971 lo = lun_option_find(lun, name);
972 if (lo != NULL) {
973 log_warnx("duplicated lun option %s for lun %d, target \"%s\"",
974 name, lun->l_lun, lun->l_target->t_name);
975 return (NULL);
976 }
977
978 lo = calloc(1, sizeof(*lo));
979 if (lo == NULL)
980 log_err(1, "calloc");
981 lo->lo_name = checked_strdup(name);
982 lo->lo_value = checked_strdup(value);
983 lo->lo_lun = lun;
984 TAILQ_INSERT_TAIL(&lun->l_options, lo, lo_next);
985
986 return (lo);
987}
988
989void
990lun_option_delete(struct lun_option *lo)
991{
992
993 TAILQ_REMOVE(&lo->lo_lun->l_options, lo, lo_next);
994
995 free(lo->lo_name);
996 free(lo->lo_value);
997 free(lo);
998}
999
1000struct lun_option *
1001lun_option_find(const struct lun *lun, const char *name)
1002{
1003 struct lun_option *lo;
1004
1005 TAILQ_FOREACH(lo, &lun->l_options, lo_next) {
1006 if (strcmp(lo->lo_name, name) == 0)
1007 return (lo);
1008 }
1009
1010 return (NULL);
1011}
1012
1013void
1014lun_option_set(struct lun_option *lo, const char *value)
1015{
1016
1017 free(lo->lo_value);
1018 lo->lo_value = checked_strdup(value);
1019}
1020
1021static struct connection *
1022connection_new(struct portal *portal, int fd, const char *host,
1023 const struct sockaddr *client_sa)
1024{
1025 struct connection *conn;
1026
1027 conn = calloc(1, sizeof(*conn));
1028 if (conn == NULL)
1029 log_err(1, "calloc");
1030 conn->conn_portal = portal;
1031 conn->conn_socket = fd;
1032 conn->conn_initiator_addr = checked_strdup(host);
1033 memcpy(&conn->conn_initiator_sa, client_sa, client_sa->sa_len);
1034
1035 /*
1036 * Default values, from RFC 3720, section 12.
1037 */
1038 conn->conn_max_data_segment_length = 8192;
1039 conn->conn_max_burst_length = 262144;
1040 conn->conn_immediate_data = true;
1041
1042 return (conn);
1043}
1044
1045#if 0
1046static void
1047conf_print(struct conf *conf)
1048{
1049 struct auth_group *ag;
1050 struct auth *auth;
1051 struct auth_name *auth_name;
1052 struct auth_portal *auth_portal;
1053 struct portal_group *pg;
1054 struct portal *portal;
1055 struct target *targ;
1056 struct lun *lun;
1057 struct lun_option *lo;
1058
1059 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
1060 fprintf(stderr, "auth-group %s {\n", ag->ag_name);
1061 TAILQ_FOREACH(auth, &ag->ag_auths, a_next)
1062 fprintf(stderr, "\t chap-mutual %s %s %s %s\n",
1063 auth->a_user, auth->a_secret,
1064 auth->a_mutual_user, auth->a_mutual_secret);
1065 TAILQ_FOREACH(auth_name, &ag->ag_names, an_next)
1066 fprintf(stderr, "\t initiator-name %s\n",
1067 auth_name->an_initator_name);
1068 TAILQ_FOREACH(auth_portal, &ag->ag_portals, an_next)
1069 fprintf(stderr, "\t initiator-portal %s\n",
1070 auth_portal->an_initator_portal);
1071 fprintf(stderr, "}\n");
1072 }
1073 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1074 fprintf(stderr, "portal-group %s {\n", pg->pg_name);
1075 TAILQ_FOREACH(portal, &pg->pg_portals, p_next)
1076 fprintf(stderr, "\t listen %s\n", portal->p_listen);
1077 fprintf(stderr, "}\n");
1078 }
1079 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1080 fprintf(stderr, "target %s {\n", targ->t_name);
1081 if (targ->t_alias != NULL)
1082 fprintf(stderr, "\t alias %s\n", targ->t_alias);
1083 TAILQ_FOREACH(lun, &targ->t_luns, l_next) {
1084 fprintf(stderr, "\tlun %d {\n", lun->l_lun);
1085 fprintf(stderr, "\t\tpath %s\n", lun->l_path);
1086 TAILQ_FOREACH(lo, &lun->l_options, lo_next)
1087 fprintf(stderr, "\t\toption %s %s\n",
1088 lo->lo_name, lo->lo_value);
1089 fprintf(stderr, "\t}\n");
1090 }
1091 fprintf(stderr, "}\n");
1092 }
1093}
1094#endif
1095
1096static int
1097conf_verify_lun(struct lun *lun)
1098{
1099 const struct lun *lun2;
1100 const struct target *targ2;
1101
1102 if (lun->l_backend == NULL)
1103 lun_set_backend(lun, "block");
1104 if (strcmp(lun->l_backend, "block") == 0) {
1105 if (lun->l_path == NULL) {
1106 log_warnx("missing path for lun %d, target \"%s\"",
1107 lun->l_lun, lun->l_target->t_name);
1108 return (1);
1109 }
1110 } else if (strcmp(lun->l_backend, "ramdisk") == 0) {
1111 if (lun->l_size == 0) {
1112 log_warnx("missing size for ramdisk-backed lun %d, "
1113 "target \"%s\"", lun->l_lun, lun->l_target->t_name);
1114 return (1);
1115 }
1116 if (lun->l_path != NULL) {
1117 log_warnx("path must not be specified "
1118 "for ramdisk-backed lun %d, target \"%s\"",
1119 lun->l_lun, lun->l_target->t_name);
1120 return (1);
1121 }
1122 }
1123 if (lun->l_lun < 0 || lun->l_lun > 255) {
1124 log_warnx("invalid lun number for lun %d, target \"%s\"; "
1125 "must be between 0 and 255", lun->l_lun,
1126 lun->l_target->t_name);
1127 return (1);
1128 }
1129 if (lun->l_blocksize == 0) {
1130 lun_set_blocksize(lun, DEFAULT_BLOCKSIZE);
1131 } else if (lun->l_blocksize < 0) {
1132 log_warnx("invalid blocksize for lun %d, target \"%s\"; "
1133 "must be larger than 0", lun->l_lun, lun->l_target->t_name);
1134 return (1);
1135 }
1136 if (lun->l_size != 0 && lun->l_size % lun->l_blocksize != 0) {
1137 log_warnx("invalid size for lun %d, target \"%s\"; "
1138 "must be multiple of blocksize", lun->l_lun,
1139 lun->l_target->t_name);
1140 return (1);
1141 }
1142 TAILQ_FOREACH(targ2, &lun->l_target->t_conf->conf_targets, t_next) {
1143 TAILQ_FOREACH(lun2, &targ2->t_luns, l_next) {
1144 if (lun == lun2)
1145 continue;
1146 if (lun->l_path != NULL && lun2->l_path != NULL &&
1147 strcmp(lun->l_path, lun2->l_path) == 0) {
1148 log_debugx("WARNING: path \"%s\" duplicated "
1149 "between lun %d, target \"%s\", and "
1150 "lun %d, target \"%s\"", lun->l_path,
1151 lun->l_lun, lun->l_target->t_name,
1152 lun2->l_lun, lun2->l_target->t_name);
1153 }
1154 }
1155 }
1156
1157 return (0);
1158}
1159
1160int
1161conf_verify(struct conf *conf)
1162{
1163 struct auth_group *ag;
1164 struct portal_group *pg;
1165 struct target *targ;
1166 struct lun *lun;
1167 bool found;
1168 int error;
1169
1170 if (conf->conf_pidfile_path == NULL)
1171 conf->conf_pidfile_path = checked_strdup(DEFAULT_PIDFILE);
1172
1173 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1174 if (targ->t_auth_group == NULL) {
1175 targ->t_auth_group = auth_group_find(conf,
1176 "default");
1177 assert(targ->t_auth_group != NULL);
1178 }
1179 if (targ->t_portal_group == NULL) {
1180 targ->t_portal_group = portal_group_find(conf,
1181 "default");
1182 assert(targ->t_portal_group != NULL);
1183 }
1184 found = false;
1185 TAILQ_FOREACH(lun, &targ->t_luns, l_next) {
1186 error = conf_verify_lun(lun);
1187 if (error != 0)
1188 return (error);
1189 found = true;
1190 }
1191 if (!found) {
1192 log_warnx("no LUNs defined for target \"%s\"",
1193 targ->t_name);
1194 }
1195 }
1196 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1197 assert(pg->pg_name != NULL);
1198 if (pg->pg_discovery_auth_group == NULL) {
1199 pg->pg_discovery_auth_group =
1200 auth_group_find(conf, "default");
1201 assert(pg->pg_discovery_auth_group != NULL);
1202 }
1203
1204 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1205 if (targ->t_portal_group == pg)
1206 break;
1207 }
1208 if (targ == NULL) {
1209 if (strcmp(pg->pg_name, "default") != 0)
1210 log_warnx("portal-group \"%s\" not assigned "
1211 "to any target", pg->pg_name);
1212 pg->pg_unassigned = true;
1213 } else
1214 pg->pg_unassigned = false;
1215 }
1216 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
1217 if (ag->ag_name == NULL)
1218 assert(ag->ag_target != NULL);
1219 else
1220 assert(ag->ag_target == NULL);
1221
1222 found = false;
1223 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1224 if (targ->t_auth_group == ag) {
1225 found = true;
1226 break;
1227 }
1228 }
1229 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1230 if (pg->pg_discovery_auth_group == ag) {
1231 found = true;
1232 break;
1233 }
1234 }
1235 if (!found && ag->ag_name != NULL &&
1236 strcmp(ag->ag_name, "default") != 0 &&
1237 strcmp(ag->ag_name, "no-authentication") != 0 &&
1238 strcmp(ag->ag_name, "no-access") != 0) {
1239 log_warnx("auth-group \"%s\" not assigned "
1240 "to any target", ag->ag_name);
1241 }
1242 }
1243
1244 return (0);
1245}
1246
1247static int
1248conf_apply(struct conf *oldconf, struct conf *newconf)
1249{
1250 struct target *oldtarg, *newtarg, *tmptarg;
1251 struct lun *oldlun, *newlun, *tmplun;
1252 struct portal_group *oldpg, *newpg;
1253 struct portal *oldp, *newp;
1254 pid_t otherpid;
1255 int changed, cumulated_error = 0, error;
1256 int one = 1;
1257
1258 if (oldconf->conf_debug != newconf->conf_debug) {
1259 log_debugx("changing debug level to %d", newconf->conf_debug);
1260 log_init(newconf->conf_debug);
1261 }
1262
1263 if (oldconf->conf_pidfh != NULL) {
1264 assert(oldconf->conf_pidfile_path != NULL);
1265 if (newconf->conf_pidfile_path != NULL &&
1266 strcmp(oldconf->conf_pidfile_path,
1267 newconf->conf_pidfile_path) == 0) {
1268 newconf->conf_pidfh = oldconf->conf_pidfh;
1269 oldconf->conf_pidfh = NULL;
1270 } else {
1271 log_debugx("removing pidfile %s",
1272 oldconf->conf_pidfile_path);
1273 pidfile_remove(oldconf->conf_pidfh);
1274 oldconf->conf_pidfh = NULL;
1275 }
1276 }
1277
1278 if (newconf->conf_pidfh == NULL && newconf->conf_pidfile_path != NULL) {
1279 log_debugx("opening pidfile %s", newconf->conf_pidfile_path);
1280 newconf->conf_pidfh =
1281 pidfile_open(newconf->conf_pidfile_path, 0600, &otherpid);
1282 if (newconf->conf_pidfh == NULL) {
1283 if (errno == EEXIST)
1284 log_errx(1, "daemon already running, pid: %jd.",
1285 (intmax_t)otherpid);
1286 log_err(1, "cannot open or create pidfile \"%s\"",
1287 newconf->conf_pidfile_path);
1288 }
1289 }
1290
1291 /*
1292 * XXX: If target or lun removal fails, we should somehow "move"
1293 * the old lun or target into newconf, so that subsequent
1294 * conf_apply() would try to remove them again. That would
1295 * be somewhat hairy, though, and lun deletion failures don't
1296 * really happen, so leave it as it is for now.
1297 */
1298 TAILQ_FOREACH_SAFE(oldtarg, &oldconf->conf_targets, t_next, tmptarg) {
1299 /*
1300 * First, remove any targets present in the old configuration
1301 * and missing in the new one.
1302 */
1303 newtarg = target_find(newconf, oldtarg->t_name);
1304 if (newtarg == NULL) {
1305 TAILQ_FOREACH_SAFE(oldlun, &oldtarg->t_luns, l_next,
1306 tmplun) {
1307 log_debugx("target %s not found in new "
1308 "configuration; removing its lun %d, "
1309 "backed by CTL lun %d",
1310 oldtarg->t_name, oldlun->l_lun,
1311 oldlun->l_ctl_lun);
1312 error = kernel_lun_remove(oldlun);
1313 if (error != 0) {
1314 log_warnx("failed to remove lun %d, "
1315 "target %s, CTL lun %d",
1316 oldlun->l_lun, oldtarg->t_name,
1317 oldlun->l_ctl_lun);
1318 cumulated_error++;
1319 }
1320 lun_delete(oldlun);
1321 }
1322 kernel_port_remove(oldtarg);
1323 target_delete(oldtarg);
1324 continue;
1325 }
1326
1327 /*
1328 * Second, remove any LUNs present in the old target
1329 * and missing in the new one.
1330 */
1331 TAILQ_FOREACH_SAFE(oldlun, &oldtarg->t_luns, l_next, tmplun) {
1332 newlun = lun_find(newtarg, oldlun->l_lun);
1333 if (newlun == NULL) {
1334 log_debugx("lun %d, target %s, CTL lun %d "
1335 "not found in new configuration; "
1336 "removing", oldlun->l_lun, oldtarg->t_name,
1337 oldlun->l_ctl_lun);
1338 error = kernel_lun_remove(oldlun);
1339 if (error != 0) {
1340 log_warnx("failed to remove lun %d, "
1341 "target %s, CTL lun %d",
1342 oldlun->l_lun, oldtarg->t_name,
1343 oldlun->l_ctl_lun);
1344 cumulated_error++;
1345 }
1346 lun_delete(oldlun);
1347 continue;
1348 }
1349
1350 /*
1351 * Also remove the LUNs changed by more than size.
1352 */
1353 changed = 0;
1354 assert(oldlun->l_backend != NULL);
1355 assert(newlun->l_backend != NULL);
1356 if (strcmp(newlun->l_backend, oldlun->l_backend) != 0) {
1357 log_debugx("backend for lun %d, target %s, "
1358 "CTL lun %d changed; removing",
1359 oldlun->l_lun, oldtarg->t_name,
1360 oldlun->l_ctl_lun);
1361 changed = 1;
1362 }
1363 if (oldlun->l_blocksize != newlun->l_blocksize) {
1364 log_debugx("blocksize for lun %d, target %s, "
1365 "CTL lun %d changed; removing",
1366 oldlun->l_lun, oldtarg->t_name,
1367 oldlun->l_ctl_lun);
1368 changed = 1;
1369 }
1370 if (newlun->l_device_id != NULL &&
1371 (oldlun->l_device_id == NULL ||
1372 strcmp(oldlun->l_device_id, newlun->l_device_id) !=
1373 0)) {
1374 log_debugx("device-id for lun %d, target %s, "
1375 "CTL lun %d changed; removing",
1376 oldlun->l_lun, oldtarg->t_name,
1377 oldlun->l_ctl_lun);
1378 changed = 1;
1379 }
1380 if (newlun->l_path != NULL &&
1381 (oldlun->l_path == NULL ||
1382 strcmp(oldlun->l_path, newlun->l_path) != 0)) {
1383 log_debugx("path for lun %d, target %s, "
1384 "CTL lun %d, changed; removing",
1385 oldlun->l_lun, oldtarg->t_name,
1386 oldlun->l_ctl_lun);
1387 changed = 1;
1388 }
1389 if (newlun->l_serial != NULL &&
1390 (oldlun->l_serial == NULL ||
1391 strcmp(oldlun->l_serial, newlun->l_serial) != 0)) {
1392 log_debugx("serial for lun %d, target %s, "
1393 "CTL lun %d changed; removing",
1394 oldlun->l_lun, oldtarg->t_name,
1395 oldlun->l_ctl_lun);
1396 changed = 1;
1397 }
1398 if (changed) {
1399 error = kernel_lun_remove(oldlun);
1400 if (error != 0) {
1401 log_warnx("failed to remove lun %d, "
1402 "target %s, CTL lun %d",
1403 oldlun->l_lun, oldtarg->t_name,
1404 oldlun->l_ctl_lun);
1405 cumulated_error++;
1406 }
1407 lun_delete(oldlun);
1408 continue;
1409 }
1410
1411 lun_set_ctl_lun(newlun, oldlun->l_ctl_lun);
1412 }
1413 }
1414
1415 /*
1416 * Now add new targets or modify existing ones.
1417 */
1418 TAILQ_FOREACH(newtarg, &newconf->conf_targets, t_next) {
1419 oldtarg = target_find(oldconf, newtarg->t_name);
1420
1421 TAILQ_FOREACH_SAFE(newlun, &newtarg->t_luns, l_next, tmplun) {
1422 if (oldtarg != NULL) {
1423 oldlun = lun_find(oldtarg, newlun->l_lun);
1424 if (oldlun != NULL) {
1425 if (newlun->l_size != oldlun->l_size ||
1426 newlun->l_size == 0) {
1427 log_debugx("resizing lun %d, "
1428 "target %s, CTL lun %d",
1429 newlun->l_lun,
1430 newtarg->t_name,
1431 newlun->l_ctl_lun);
1432 error =
1433 kernel_lun_resize(newlun);
1434 if (error != 0) {
1435 log_warnx("failed to "
1436 "resize lun %d, "
1437 "target %s, "
1438 "CTL lun %d",
1439 newlun->l_lun,
1440 newtarg->t_name,
1441 newlun->l_lun);
1442 cumulated_error++;
1443 }
1444 }
1445 continue;
1446 }
1447 }
1448 log_debugx("adding lun %d, target %s",
1449 newlun->l_lun, newtarg->t_name);
1450 error = kernel_lun_add(newlun);
1451 if (error != 0) {
1452 log_warnx("failed to add lun %d, target %s",
1453 newlun->l_lun, newtarg->t_name);
1454 lun_delete(newlun);
1455 cumulated_error++;
1456 }
1457 }
1458 if (oldtarg == NULL)
1459 kernel_port_add(newtarg);
1460 }
1461
1462 /*
1463 * Go through the new portals, opening the sockets as neccessary.
1464 */
1465 TAILQ_FOREACH(newpg, &newconf->conf_portal_groups, pg_next) {
1466 if (newpg->pg_unassigned) {
1467 log_debugx("not listening on portal-group \"%s\", "
1468 "not assigned to any target",
1469 newpg->pg_name);
1470 continue;
1471 }
1472 TAILQ_FOREACH(newp, &newpg->pg_portals, p_next) {
1473 /*
1474 * Try to find already open portal and reuse
1475 * the listening socket. We don't care about
1476 * what portal or portal group that was, what
1477 * matters is the listening address.
1478 */
1479 TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups,
1480 pg_next) {
1481 TAILQ_FOREACH(oldp, &oldpg->pg_portals,
1482 p_next) {
1483 if (strcmp(newp->p_listen,
1484 oldp->p_listen) == 0 &&
1485 oldp->p_socket > 0) {
1486 newp->p_socket =
1487 oldp->p_socket;
1488 oldp->p_socket = 0;
1489 break;
1490 }
1491 }
1492 }
1493 if (newp->p_socket > 0) {
1494 /*
1495 * We're done with this portal.
1496 */
1497 continue;
1498 }
1499
1500#ifdef ICL_KERNEL_PROXY
1501 if (proxy_mode) {
1502 newpg->pg_conf->conf_portal_id++;
1503 newp->p_id = newpg->pg_conf->conf_portal_id;
1504 log_debugx("listening on %s, portal-group "
1505 "\"%s\", portal id %d, using ICL proxy",
1506 newp->p_listen, newpg->pg_name, newp->p_id);
1507 kernel_listen(newp->p_ai, newp->p_iser,
1508 newp->p_id);
1509 continue;
1510 }
1511#endif
1512 assert(proxy_mode == false);
1513 assert(newp->p_iser == false);
1514
1515 log_debugx("listening on %s, portal-group \"%s\"",
1516 newp->p_listen, newpg->pg_name);
1517 newp->p_socket = socket(newp->p_ai->ai_family,
1518 newp->p_ai->ai_socktype,
1519 newp->p_ai->ai_protocol);
1520 if (newp->p_socket < 0) {
1521 log_warn("socket(2) failed for %s",
1522 newp->p_listen);
1523 cumulated_error++;
1524 continue;
1525 }
1526 error = setsockopt(newp->p_socket, SOL_SOCKET,
1527 SO_REUSEADDR, &one, sizeof(one));
1528 if (error != 0) {
1529 log_warn("setsockopt(SO_REUSEADDR) failed "
1530 "for %s", newp->p_listen);
1531 close(newp->p_socket);
1532 newp->p_socket = 0;
1533 cumulated_error++;
1534 continue;
1535 }
1536 error = bind(newp->p_socket, newp->p_ai->ai_addr,
1537 newp->p_ai->ai_addrlen);
1538 if (error != 0) {
1539 log_warn("bind(2) failed for %s",
1540 newp->p_listen);
1541 close(newp->p_socket);
1542 newp->p_socket = 0;
1543 cumulated_error++;
1544 continue;
1545 }
1546 error = listen(newp->p_socket, -1);
1547 if (error != 0) {
1548 log_warn("listen(2) failed for %s",
1549 newp->p_listen);
1550 close(newp->p_socket);
1551 newp->p_socket = 0;
1552 cumulated_error++;
1553 continue;
1554 }
1555 }
1556 }
1557
1558 /*
1559 * Go through the no longer used sockets, closing them.
1560 */
1561 TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups, pg_next) {
1562 TAILQ_FOREACH(oldp, &oldpg->pg_portals, p_next) {
1563 if (oldp->p_socket <= 0)
1564 continue;
1565 log_debugx("closing socket for %s, portal-group \"%s\"",
1566 oldp->p_listen, oldpg->pg_name);
1567 close(oldp->p_socket);
1568 oldp->p_socket = 0;
1569 }
1570 }
1571
1572 return (cumulated_error);
1573}
1574
1575bool
1576timed_out(void)
1577{
1578
1579 return (sigalrm_received);
1580}
1581
1582static void
1583sigalrm_handler(int dummy __unused)
1584{
1585 /*
1586 * It would be easiest to just log an error and exit. We can't
1587 * do this, though, because log_errx() is not signal safe, since
1588 * it calls syslog(3). Instead, set a flag checked by pdu_send()
1589 * and pdu_receive(), to call log_errx() there. Should they fail
1590 * to notice, we'll exit here one second later.
1591 */
1592 if (sigalrm_received) {
1593 /*
1594 * Oh well. Just give up and quit.
1595 */
1596 _exit(2);
1597 }
1598
1599 sigalrm_received = true;
1600}
1601
1602static void
1603set_timeout(const struct conf *conf)
1604{
1605 struct sigaction sa;
1606 struct itimerval itv;
1607 int error;
1608
1609 if (conf->conf_timeout <= 0) {
1610 log_debugx("session timeout disabled");
1611 return;
1612 }
1613
1614 bzero(&sa, sizeof(sa));
1615 sa.sa_handler = sigalrm_handler;
1616 sigfillset(&sa.sa_mask);
1617 error = sigaction(SIGALRM, &sa, NULL);
1618 if (error != 0)
1619 log_err(1, "sigaction");
1620
1621 /*
1622 * First SIGALRM will arive after conf_timeout seconds.
1623 * If we do nothing, another one will arrive a second later.
1624 */
1625 bzero(&itv, sizeof(itv));
1626 itv.it_interval.tv_sec = 1;
1627 itv.it_value.tv_sec = conf->conf_timeout;
1628
1629 log_debugx("setting session timeout to %d seconds",
1630 conf->conf_timeout);
1631 error = setitimer(ITIMER_REAL, &itv, NULL);
1632 if (error != 0)
1633 log_err(1, "setitimer");
1634}
1635
1636static int
1637wait_for_children(bool block)
1638{
1639 pid_t pid;
1640 int status;
1641 int num = 0;
1642
1643 for (;;) {
1644 /*
1645 * If "block" is true, wait for at least one process.
1646 */
1647 if (block && num == 0)
1648 pid = wait4(-1, &status, 0, NULL);
1649 else
1650 pid = wait4(-1, &status, WNOHANG, NULL);
1651 if (pid <= 0)
1652 break;
1653 if (WIFSIGNALED(status)) {
1654 log_warnx("child process %d terminated with signal %d",
1655 pid, WTERMSIG(status));
1656 } else if (WEXITSTATUS(status) != 0) {
1657 log_warnx("child process %d terminated with exit status %d",
1658 pid, WEXITSTATUS(status));
1659 } else {
1660 log_debugx("child process %d terminated gracefully", pid);
1661 }
1662 num++;
1663 }
1664
1665 return (num);
1666}
1667
1668static void
1669handle_connection(struct portal *portal, int fd,
1670 const struct sockaddr *client_sa, bool dont_fork)
1671{
1672 struct connection *conn;
1673 int error;
1674 pid_t pid;
1675 char host[NI_MAXHOST + 1];
1676 struct conf *conf;
1677
1678 conf = portal->p_portal_group->pg_conf;
1679
1680 if (dont_fork) {
1681 log_debugx("incoming connection; not forking due to -d flag");
1682 } else {
1683 nchildren -= wait_for_children(false);
1684 assert(nchildren >= 0);
1685
1686 while (conf->conf_maxproc > 0 && nchildren >= conf->conf_maxproc) {
1687 log_debugx("maxproc limit of %d child processes hit; "
1688 "waiting for child process to exit", conf->conf_maxproc);
1689 nchildren -= wait_for_children(true);
1690 assert(nchildren >= 0);
1691 }
1692 log_debugx("incoming connection; forking child process #%d",
1693 nchildren);
1694 nchildren++;
1695 pid = fork();
1696 if (pid < 0)
1697 log_err(1, "fork");
1698 if (pid > 0) {
1699 close(fd);
1700 return;
1701 }
1702 }
1703 pidfile_close(conf->conf_pidfh);
1704
1705 error = getnameinfo(client_sa, client_sa->sa_len,
1706 host, sizeof(host), NULL, 0, NI_NUMERICHOST);
1707 if (error != 0)
1708 log_errx(1, "getnameinfo: %s", gai_strerror(error));
1709
1710 log_debugx("accepted connection from %s; portal group \"%s\"",
1711 host, portal->p_portal_group->pg_name);
1712 log_set_peer_addr(host);
1713 setproctitle("%s", host);
1714
1715 conn = connection_new(portal, fd, host, client_sa);
1716 set_timeout(conf);
1717 kernel_capsicate();
1718 login(conn);
1719 if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) {
1720 kernel_handoff(conn);
1721 log_debugx("connection handed off to the kernel");
1722 } else {
1723 assert(conn->conn_session_type == CONN_SESSION_TYPE_DISCOVERY);
1724 discovery(conn);
1725 }
1726 log_debugx("nothing more to do; exiting");
1727 exit(0);
1728}
1729
1730static int
1731fd_add(int fd, fd_set *fdset, int nfds)
1732{
1733
1734 /*
1735 * Skip sockets which we failed to bind.
1736 */
1737 if (fd <= 0)
1738 return (nfds);
1739
1740 FD_SET(fd, fdset);
1741 if (fd > nfds)
1742 nfds = fd;
1743 return (nfds);
1744}
1745
1746static void
1747main_loop(struct conf *conf, bool dont_fork)
1748{
1749 struct portal_group *pg;
1750 struct portal *portal;
1751 struct sockaddr_storage client_sa;
1752 socklen_t client_salen;
1753#ifdef ICL_KERNEL_PROXY
1754 int connection_id;
1755 int portal_id;
1756#endif
1757 fd_set fdset;
1758 int error, nfds, client_fd;
1759
1760 pidfile_write(conf->conf_pidfh);
1761
1762 for (;;) {
1763 if (sighup_received || sigterm_received)
1764 return;
1765
1766#ifdef ICL_KERNEL_PROXY
1767 if (proxy_mode) {
1768 client_salen = sizeof(client_sa);
1769 kernel_accept(&connection_id, &portal_id,
1770 (struct sockaddr *)&client_sa, &client_salen);
1771 assert(client_salen >= client_sa.ss_len);
1772
1773 log_debugx("incoming connection, id %d, portal id %d",
1774 connection_id, portal_id);
1775 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1776 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
1777 if (portal->p_id == portal_id) {
1778 goto found;
1779 }
1780 }
1781 }
1782
1783 log_errx(1, "kernel returned invalid portal_id %d",
1784 portal_id);
1785
1786found:
1787 handle_connection(portal, connection_id,
1788 (struct sockaddr *)&client_sa, dont_fork);
1789 } else {
1790#endif
1791 assert(proxy_mode == false);
1792
1793 FD_ZERO(&fdset);
1794 nfds = 0;
1795 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1796 TAILQ_FOREACH(portal, &pg->pg_portals, p_next)
1797 nfds = fd_add(portal->p_socket, &fdset, nfds);
1798 }
1799 error = select(nfds + 1, &fdset, NULL, NULL, NULL);
1800 if (error <= 0) {
1801 if (errno == EINTR)
1802 return;
1803 log_err(1, "select");
1804 }
1805 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1806 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
1807 if (!FD_ISSET(portal->p_socket, &fdset))
1808 continue;
1809 client_salen = sizeof(client_sa);
1810 client_fd = accept(portal->p_socket,
1811 (struct sockaddr *)&client_sa,
1812 &client_salen);
1813 if (client_fd < 0)
1814 log_err(1, "accept");
1815 assert(client_salen >= client_sa.ss_len);
1816
1817 handle_connection(portal, client_fd,
1818 (struct sockaddr *)&client_sa,
1819 dont_fork);
1820 break;
1821 }
1822 }
1823#ifdef ICL_KERNEL_PROXY
1824 }
1825#endif
1826 }
1827}
1828
1829static void
1830sighup_handler(int dummy __unused)
1831{
1832
1833 sighup_received = true;
1834}
1835
1836static void
1837sigterm_handler(int dummy __unused)
1838{
1839
1840 sigterm_received = true;
1841}
1842
1843static void
1844sigchld_handler(int dummy __unused)
1845{
1846
1847 /*
1848 * The only purpose of this handler is to make SIGCHLD
1849 * interrupt the ISCSIDWAIT ioctl(2), so we can call
1850 * wait_for_children().
1851 */
1852}
1853
1854static void
1855register_signals(void)
1856{
1857 struct sigaction sa;
1858 int error;
1859
1860 bzero(&sa, sizeof(sa));
1861 sa.sa_handler = sighup_handler;
1862 sigfillset(&sa.sa_mask);
1863 error = sigaction(SIGHUP, &sa, NULL);
1864 if (error != 0)
1865 log_err(1, "sigaction");
1866
1867 sa.sa_handler = sigterm_handler;
1868 error = sigaction(SIGTERM, &sa, NULL);
1869 if (error != 0)
1870 log_err(1, "sigaction");
1871
1872 sa.sa_handler = sigterm_handler;
1873 error = sigaction(SIGINT, &sa, NULL);
1874 if (error != 0)
1875 log_err(1, "sigaction");
1876
1877 sa.sa_handler = sigchld_handler;
1878 error = sigaction(SIGCHLD, &sa, NULL);
1879 if (error != 0)
1880 log_err(1, "sigaction");
1881}
1882
1883int
1884main(int argc, char **argv)
1885{
1886 struct conf *oldconf, *newconf, *tmpconf;
1887 const char *config_path = DEFAULT_CONFIG_PATH;
1888 int debug = 0, ch, error;
1889 bool dont_daemonize = false;
1890
1891 while ((ch = getopt(argc, argv, "df:R")) != -1) {
1892 switch (ch) {
1893 case 'd':
1894 dont_daemonize = true;
1895 debug++;
1896 break;
1897 case 'f':
1898 config_path = optarg;
1899 break;
1900 case 'R':
1901#ifndef ICL_KERNEL_PROXY
1902 log_errx(1, "ctld(8) compiled without ICL_KERNEL_PROXY "
1903 "does not support iSER protocol");
1904#endif
1905 proxy_mode = true;
1906 break;
1907 case '?':
1908 default:
1909 usage();
1910 }
1911 }
1912 argc -= optind;
1913 if (argc != 0)
1914 usage();
1915
1916 log_init(debug);
1917 kernel_init();
1918
1919 oldconf = conf_new_from_kernel();
1920 newconf = conf_new_from_file(config_path);
1921 if (newconf == NULL)
1922 log_errx(1, "configuration error; exiting");
1923 if (debug > 0) {
1924 oldconf->conf_debug = debug;
1925 newconf->conf_debug = debug;
1926 }
1927
1928 error = conf_apply(oldconf, newconf);
1929 if (error != 0)
1930 log_errx(1, "failed to apply configuration; exiting");
1931
1932 conf_delete(oldconf);
1933 oldconf = NULL;
1934
1935 register_signals();
1936
1937 if (dont_daemonize == false) {
1938 log_debugx("daemonizing");
1939 if (daemon(0, 0) == -1) {
1940 log_warn("cannot daemonize");
1941 pidfile_remove(newconf->conf_pidfh);
1942 exit(1);
1943 }
1944 }
1945
1946 for (;;) {
1947 main_loop(newconf, dont_daemonize);
1948 if (sighup_received) {
1949 sighup_received = false;
1950 log_debugx("received SIGHUP, reloading configuration");
1951 tmpconf = conf_new_from_file(config_path);
1952 if (tmpconf == NULL) {
1953 log_warnx("configuration error, "
1954 "continuing with old configuration");
1955 } else {
1956 if (debug > 0)
1957 tmpconf->conf_debug = debug;
1958 oldconf = newconf;
1959 newconf = tmpconf;
1960 error = conf_apply(oldconf, newconf);
1961 if (error != 0)
1962 log_warnx("failed to reload "
1963 "configuration");
1964 conf_delete(oldconf);
1965 oldconf = NULL;
1966 }
1967 } else if (sigterm_received) {
1968 log_debugx("exiting on signal; "
1969 "reloading empty configuration");
1970
1971 log_debugx("disabling CTL iSCSI port "
1972 "and terminating all connections");
1973
1974 oldconf = newconf;
1975 newconf = conf_new();
1976 if (debug > 0)
1977 newconf->conf_debug = debug;
1978 error = conf_apply(oldconf, newconf);
1979 if (error != 0)
1980 log_warnx("failed to apply configuration");
1981
1982 log_warnx("exiting on signal");
1983 exit(0);
1984 } else {
1985 nchildren -= wait_for_children(false);
1986 assert(nchildren >= 0);
1987 }
1988 }
1989 /* NOTREACHED */
1990}
2 * Copyright (c) 2012 The FreeBSD Foundation
3 * All rights reserved.
4 *
5 * This software was developed by Edward Tomasz Napierala under sponsorship
6 * from the FreeBSD Foundation.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 */
30
31#include <sys/cdefs.h>
32__FBSDID("$FreeBSD: stable/10/usr.sbin/ctld/ctld.c 274871 2014-11-22 17:52:33Z trasz $");
33
34#include <sys/types.h>
35#include <sys/time.h>
36#include <sys/socket.h>
37#include <sys/wait.h>
38#include <netinet/in.h>
39#include <arpa/inet.h>
40#include <assert.h>
41#include <ctype.h>
42#include <errno.h>
43#include <netdb.h>
44#include <signal.h>
45#include <stdbool.h>
46#include <stdio.h>
47#include <stdint.h>
48#include <stdlib.h>
49#include <string.h>
50#include <unistd.h>
51
52#include "ctld.h"
53
54bool proxy_mode = false;
55
56static volatile bool sighup_received = false;
57static volatile bool sigterm_received = false;
58static volatile bool sigalrm_received = false;
59
60static int nchildren = 0;
61
62static void
63usage(void)
64{
65
66 fprintf(stderr, "usage: ctld [-d][-f config-file]\n");
67 exit(1);
68}
69
70char *
71checked_strdup(const char *s)
72{
73 char *c;
74
75 c = strdup(s);
76 if (c == NULL)
77 log_err(1, "strdup");
78 return (c);
79}
80
81struct conf *
82conf_new(void)
83{
84 struct conf *conf;
85
86 conf = calloc(1, sizeof(*conf));
87 if (conf == NULL)
88 log_err(1, "calloc");
89 TAILQ_INIT(&conf->conf_targets);
90 TAILQ_INIT(&conf->conf_auth_groups);
91 TAILQ_INIT(&conf->conf_portal_groups);
92
93 conf->conf_debug = 0;
94 conf->conf_timeout = 60;
95 conf->conf_maxproc = 30;
96
97 return (conf);
98}
99
100void
101conf_delete(struct conf *conf)
102{
103 struct target *targ, *tmp;
104 struct auth_group *ag, *cagtmp;
105 struct portal_group *pg, *cpgtmp;
106
107 assert(conf->conf_pidfh == NULL);
108
109 TAILQ_FOREACH_SAFE(targ, &conf->conf_targets, t_next, tmp)
110 target_delete(targ);
111 TAILQ_FOREACH_SAFE(ag, &conf->conf_auth_groups, ag_next, cagtmp)
112 auth_group_delete(ag);
113 TAILQ_FOREACH_SAFE(pg, &conf->conf_portal_groups, pg_next, cpgtmp)
114 portal_group_delete(pg);
115 free(conf->conf_pidfile_path);
116 free(conf);
117}
118
119static struct auth *
120auth_new(struct auth_group *ag)
121{
122 struct auth *auth;
123
124 auth = calloc(1, sizeof(*auth));
125 if (auth == NULL)
126 log_err(1, "calloc");
127 auth->a_auth_group = ag;
128 TAILQ_INSERT_TAIL(&ag->ag_auths, auth, a_next);
129 return (auth);
130}
131
132static void
133auth_delete(struct auth *auth)
134{
135 TAILQ_REMOVE(&auth->a_auth_group->ag_auths, auth, a_next);
136
137 free(auth->a_user);
138 free(auth->a_secret);
139 free(auth->a_mutual_user);
140 free(auth->a_mutual_secret);
141 free(auth);
142}
143
144const struct auth *
145auth_find(const struct auth_group *ag, const char *user)
146{
147 const struct auth *auth;
148
149 TAILQ_FOREACH(auth, &ag->ag_auths, a_next) {
150 if (strcmp(auth->a_user, user) == 0)
151 return (auth);
152 }
153
154 return (NULL);
155}
156
157static void
158auth_check_secret_length(struct auth *auth)
159{
160 size_t len;
161
162 len = strlen(auth->a_secret);
163 if (len > 16) {
164 if (auth->a_auth_group->ag_name != NULL)
165 log_warnx("secret for user \"%s\", auth-group \"%s\", "
166 "is too long; it should be at most 16 characters "
167 "long", auth->a_user, auth->a_auth_group->ag_name);
168 else
169 log_warnx("secret for user \"%s\", target \"%s\", "
170 "is too long; it should be at most 16 characters "
171 "long", auth->a_user,
172 auth->a_auth_group->ag_target->t_name);
173 }
174 if (len < 12) {
175 if (auth->a_auth_group->ag_name != NULL)
176 log_warnx("secret for user \"%s\", auth-group \"%s\", "
177 "is too short; it should be at least 12 characters "
178 "long", auth->a_user,
179 auth->a_auth_group->ag_name);
180 else
181 log_warnx("secret for user \"%s\", target \"%s\", "
182 "is too short; it should be at least 16 characters "
183 "long", auth->a_user,
184 auth->a_auth_group->ag_target->t_name);
185 }
186
187 if (auth->a_mutual_secret != NULL) {
188 len = strlen(auth->a_secret);
189 if (len > 16) {
190 if (auth->a_auth_group->ag_name != NULL)
191 log_warnx("mutual secret for user \"%s\", "
192 "auth-group \"%s\", is too long; it should "
193 "be at most 16 characters long",
194 auth->a_user, auth->a_auth_group->ag_name);
195 else
196 log_warnx("mutual secret for user \"%s\", "
197 "target \"%s\", is too long; it should "
198 "be at most 16 characters long",
199 auth->a_user,
200 auth->a_auth_group->ag_target->t_name);
201 }
202 if (len < 12) {
203 if (auth->a_auth_group->ag_name != NULL)
204 log_warnx("mutual secret for user \"%s\", "
205 "auth-group \"%s\", is too short; it "
206 "should be at least 12 characters long",
207 auth->a_user, auth->a_auth_group->ag_name);
208 else
209 log_warnx("mutual secret for user \"%s\", "
210 "target \"%s\", is too short; it should be "
211 "at least 16 characters long",
212 auth->a_user,
213 auth->a_auth_group->ag_target->t_name);
214 }
215 }
216}
217
218const struct auth *
219auth_new_chap(struct auth_group *ag, const char *user,
220 const char *secret)
221{
222 struct auth *auth;
223
224 if (ag->ag_type == AG_TYPE_UNKNOWN)
225 ag->ag_type = AG_TYPE_CHAP;
226 if (ag->ag_type != AG_TYPE_CHAP) {
227 if (ag->ag_name != NULL)
228 log_warnx("cannot mix \"chap\" authentication with "
229 "other types for auth-group \"%s\"", ag->ag_name);
230 else
231 log_warnx("cannot mix \"chap\" authentication with "
232 "other types for target \"%s\"",
233 ag->ag_target->t_name);
234 return (NULL);
235 }
236
237 auth = auth_new(ag);
238 auth->a_user = checked_strdup(user);
239 auth->a_secret = checked_strdup(secret);
240
241 auth_check_secret_length(auth);
242
243 return (auth);
244}
245
246const struct auth *
247auth_new_chap_mutual(struct auth_group *ag, const char *user,
248 const char *secret, const char *user2, const char *secret2)
249{
250 struct auth *auth;
251
252 if (ag->ag_type == AG_TYPE_UNKNOWN)
253 ag->ag_type = AG_TYPE_CHAP_MUTUAL;
254 if (ag->ag_type != AG_TYPE_CHAP_MUTUAL) {
255 if (ag->ag_name != NULL)
256 log_warnx("cannot mix \"chap-mutual\" authentication "
257 "with other types for auth-group \"%s\"",
258 ag->ag_name);
259 else
260 log_warnx("cannot mix \"chap-mutual\" authentication "
261 "with other types for target \"%s\"",
262 ag->ag_target->t_name);
263 return (NULL);
264 }
265
266 auth = auth_new(ag);
267 auth->a_user = checked_strdup(user);
268 auth->a_secret = checked_strdup(secret);
269 auth->a_mutual_user = checked_strdup(user2);
270 auth->a_mutual_secret = checked_strdup(secret2);
271
272 auth_check_secret_length(auth);
273
274 return (auth);
275}
276
277const struct auth_name *
278auth_name_new(struct auth_group *ag, const char *name)
279{
280 struct auth_name *an;
281
282 an = calloc(1, sizeof(*an));
283 if (an == NULL)
284 log_err(1, "calloc");
285 an->an_auth_group = ag;
286 an->an_initator_name = checked_strdup(name);
287 TAILQ_INSERT_TAIL(&ag->ag_names, an, an_next);
288 return (an);
289}
290
291static void
292auth_name_delete(struct auth_name *an)
293{
294 TAILQ_REMOVE(&an->an_auth_group->ag_names, an, an_next);
295
296 free(an->an_initator_name);
297 free(an);
298}
299
300bool
301auth_name_defined(const struct auth_group *ag)
302{
303 if (TAILQ_EMPTY(&ag->ag_names))
304 return (false);
305 return (true);
306}
307
308const struct auth_name *
309auth_name_find(const struct auth_group *ag, const char *name)
310{
311 const struct auth_name *auth_name;
312
313 TAILQ_FOREACH(auth_name, &ag->ag_names, an_next) {
314 if (strcmp(auth_name->an_initator_name, name) == 0)
315 return (auth_name);
316 }
317
318 return (NULL);
319}
320
321const struct auth_portal *
322auth_portal_new(struct auth_group *ag, const char *portal)
323{
324 struct auth_portal *ap;
325 char *net, *mask, *str, *tmp;
326 int len, dm, m;
327
328 ap = calloc(1, sizeof(*ap));
329 if (ap == NULL)
330 log_err(1, "calloc");
331 ap->ap_auth_group = ag;
332 ap->ap_initator_portal = checked_strdup(portal);
333 mask = str = checked_strdup(portal);
334 net = strsep(&mask, "/");
335 if (net[0] == '[')
336 net++;
337 len = strlen(net);
338 if (len == 0)
339 goto error;
340 if (net[len - 1] == ']')
341 net[len - 1] = 0;
342 if (strchr(net, ':') != NULL) {
343 struct sockaddr_in6 *sin6 =
344 (struct sockaddr_in6 *)&ap->ap_sa;
345
346 sin6->sin6_len = sizeof(*sin6);
347 sin6->sin6_family = AF_INET6;
348 if (inet_pton(AF_INET6, net, &sin6->sin6_addr) <= 0)
349 goto error;
350 dm = 128;
351 } else {
352 struct sockaddr_in *sin =
353 (struct sockaddr_in *)&ap->ap_sa;
354
355 sin->sin_len = sizeof(*sin);
356 sin->sin_family = AF_INET;
357 if (inet_pton(AF_INET, net, &sin->sin_addr) <= 0)
358 goto error;
359 dm = 32;
360 }
361 if (mask != NULL) {
362 m = strtol(mask, &tmp, 0);
363 if (m < 0 || m > dm || tmp[0] != 0)
364 goto error;
365 } else
366 m = dm;
367 ap->ap_mask = m;
368 free(str);
369 TAILQ_INSERT_TAIL(&ag->ag_portals, ap, ap_next);
370 return (ap);
371
372error:
373 log_errx(1, "Incorrect initiator portal '%s'", portal);
374 return (NULL);
375}
376
377static void
378auth_portal_delete(struct auth_portal *ap)
379{
380 TAILQ_REMOVE(&ap->ap_auth_group->ag_portals, ap, ap_next);
381
382 free(ap->ap_initator_portal);
383 free(ap);
384}
385
386bool
387auth_portal_defined(const struct auth_group *ag)
388{
389 if (TAILQ_EMPTY(&ag->ag_portals))
390 return (false);
391 return (true);
392}
393
394const struct auth_portal *
395auth_portal_find(const struct auth_group *ag, const struct sockaddr_storage *ss)
396{
397 const struct auth_portal *ap;
398 const uint8_t *a, *b;
399 int i;
400 uint8_t bmask;
401
402 TAILQ_FOREACH(ap, &ag->ag_portals, ap_next) {
403 if (ap->ap_sa.ss_family != ss->ss_family)
404 continue;
405 if (ss->ss_family == AF_INET) {
406 a = (const uint8_t *)
407 &((const struct sockaddr_in *)ss)->sin_addr;
408 b = (const uint8_t *)
409 &((const struct sockaddr_in *)&ap->ap_sa)->sin_addr;
410 } else {
411 a = (const uint8_t *)
412 &((const struct sockaddr_in6 *)ss)->sin6_addr;
413 b = (const uint8_t *)
414 &((const struct sockaddr_in6 *)&ap->ap_sa)->sin6_addr;
415 }
416 for (i = 0; i < ap->ap_mask / 8; i++) {
417 if (a[i] != b[i])
418 goto next;
419 }
420 if (ap->ap_mask % 8) {
421 bmask = 0xff << (8 - (ap->ap_mask % 8));
422 if ((a[i] & bmask) != (b[i] & bmask))
423 goto next;
424 }
425 return (ap);
426next:
427 ;
428 }
429
430 return (NULL);
431}
432
433struct auth_group *
434auth_group_new(struct conf *conf, const char *name)
435{
436 struct auth_group *ag;
437
438 if (name != NULL) {
439 ag = auth_group_find(conf, name);
440 if (ag != NULL) {
441 log_warnx("duplicated auth-group \"%s\"", name);
442 return (NULL);
443 }
444 }
445
446 ag = calloc(1, sizeof(*ag));
447 if (ag == NULL)
448 log_err(1, "calloc");
449 if (name != NULL)
450 ag->ag_name = checked_strdup(name);
451 TAILQ_INIT(&ag->ag_auths);
452 TAILQ_INIT(&ag->ag_names);
453 TAILQ_INIT(&ag->ag_portals);
454 ag->ag_conf = conf;
455 TAILQ_INSERT_TAIL(&conf->conf_auth_groups, ag, ag_next);
456
457 return (ag);
458}
459
460void
461auth_group_delete(struct auth_group *ag)
462{
463 struct auth *auth, *auth_tmp;
464 struct auth_name *auth_name, *auth_name_tmp;
465 struct auth_portal *auth_portal, *auth_portal_tmp;
466
467 TAILQ_REMOVE(&ag->ag_conf->conf_auth_groups, ag, ag_next);
468
469 TAILQ_FOREACH_SAFE(auth, &ag->ag_auths, a_next, auth_tmp)
470 auth_delete(auth);
471 TAILQ_FOREACH_SAFE(auth_name, &ag->ag_names, an_next, auth_name_tmp)
472 auth_name_delete(auth_name);
473 TAILQ_FOREACH_SAFE(auth_portal, &ag->ag_portals, ap_next,
474 auth_portal_tmp)
475 auth_portal_delete(auth_portal);
476 free(ag->ag_name);
477 free(ag);
478}
479
480struct auth_group *
481auth_group_find(const struct conf *conf, const char *name)
482{
483 struct auth_group *ag;
484
485 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
486 if (ag->ag_name != NULL && strcmp(ag->ag_name, name) == 0)
487 return (ag);
488 }
489
490 return (NULL);
491}
492
493static int
494auth_group_set_type(struct auth_group *ag, int type)
495{
496
497 if (ag->ag_type == AG_TYPE_UNKNOWN) {
498 ag->ag_type = type;
499 return (0);
500 }
501
502 if (ag->ag_type == type)
503 return (0);
504
505 return (1);
506}
507
508int
509auth_group_set_type_str(struct auth_group *ag, const char *str)
510{
511 int error, type;
512
513 if (strcmp(str, "none") == 0) {
514 type = AG_TYPE_NO_AUTHENTICATION;
515 } else if (strcmp(str, "deny") == 0) {
516 type = AG_TYPE_DENY;
517 } else if (strcmp(str, "chap") == 0) {
518 type = AG_TYPE_CHAP;
519 } else if (strcmp(str, "chap-mutual") == 0) {
520 type = AG_TYPE_CHAP_MUTUAL;
521 } else {
522 if (ag->ag_name != NULL)
523 log_warnx("invalid auth-type \"%s\" for auth-group "
524 "\"%s\"", str, ag->ag_name);
525 else
526 log_warnx("invalid auth-type \"%s\" for target "
527 "\"%s\"", str, ag->ag_target->t_name);
528 return (1);
529 }
530
531 error = auth_group_set_type(ag, type);
532 if (error != 0) {
533 if (ag->ag_name != NULL)
534 log_warnx("cannot set auth-type to \"%s\" for "
535 "auth-group \"%s\"; already has a different "
536 "type", str, ag->ag_name);
537 else
538 log_warnx("cannot set auth-type to \"%s\" for target "
539 "\"%s\"; already has a different type",
540 str, ag->ag_target->t_name);
541 return (1);
542 }
543
544 return (error);
545}
546
547static struct portal *
548portal_new(struct portal_group *pg)
549{
550 struct portal *portal;
551
552 portal = calloc(1, sizeof(*portal));
553 if (portal == NULL)
554 log_err(1, "calloc");
555 TAILQ_INIT(&portal->p_targets);
556 portal->p_portal_group = pg;
557 TAILQ_INSERT_TAIL(&pg->pg_portals, portal, p_next);
558 return (portal);
559}
560
561static void
562portal_delete(struct portal *portal)
563{
564
565 TAILQ_REMOVE(&portal->p_portal_group->pg_portals, portal, p_next);
566 if (portal->p_ai != NULL)
567 freeaddrinfo(portal->p_ai);
568 free(portal->p_listen);
569 free(portal);
570}
571
572struct portal_group *
573portal_group_new(struct conf *conf, const char *name)
574{
575 struct portal_group *pg;
576
577 pg = portal_group_find(conf, name);
578 if (pg != NULL) {
579 log_warnx("duplicated portal-group \"%s\"", name);
580 return (NULL);
581 }
582
583 pg = calloc(1, sizeof(*pg));
584 if (pg == NULL)
585 log_err(1, "calloc");
586 pg->pg_name = checked_strdup(name);
587 TAILQ_INIT(&pg->pg_portals);
588 pg->pg_conf = conf;
589 conf->conf_last_portal_group_tag++;
590 pg->pg_tag = conf->conf_last_portal_group_tag;
591 TAILQ_INSERT_TAIL(&conf->conf_portal_groups, pg, pg_next);
592
593 return (pg);
594}
595
596void
597portal_group_delete(struct portal_group *pg)
598{
599 struct portal *portal, *tmp;
600
601 TAILQ_REMOVE(&pg->pg_conf->conf_portal_groups, pg, pg_next);
602
603 TAILQ_FOREACH_SAFE(portal, &pg->pg_portals, p_next, tmp)
604 portal_delete(portal);
605 free(pg->pg_name);
606 free(pg);
607}
608
609struct portal_group *
610portal_group_find(const struct conf *conf, const char *name)
611{
612 struct portal_group *pg;
613
614 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
615 if (strcmp(pg->pg_name, name) == 0)
616 return (pg);
617 }
618
619 return (NULL);
620}
621
622int
623portal_group_add_listen(struct portal_group *pg, const char *value, bool iser)
624{
625 struct addrinfo hints;
626 struct portal *portal;
627 char *addr, *ch, *arg;
628 const char *port;
629 int error, colons = 0;
630
631 portal = portal_new(pg);
632 portal->p_listen = checked_strdup(value);
633 portal->p_iser = iser;
634
635 arg = portal->p_listen;
636 if (arg[0] == '\0') {
637 log_warnx("empty listen address");
638 portal_delete(portal);
639 return (1);
640 }
641 if (arg[0] == '[') {
642 /*
643 * IPv6 address in square brackets, perhaps with port.
644 */
645 arg++;
646 addr = strsep(&arg, "]");
647 if (arg == NULL) {
648 log_warnx("invalid listen address %s",
649 portal->p_listen);
650 portal_delete(portal);
651 return (1);
652 }
653 if (arg[0] == '\0') {
654 port = "3260";
655 } else if (arg[0] == ':') {
656 port = arg + 1;
657 } else {
658 log_warnx("invalid listen address %s",
659 portal->p_listen);
660 portal_delete(portal);
661 return (1);
662 }
663 } else {
664 /*
665 * Either IPv6 address without brackets - and without
666 * a port - or IPv4 address. Just count the colons.
667 */
668 for (ch = arg; *ch != '\0'; ch++) {
669 if (*ch == ':')
670 colons++;
671 }
672 if (colons > 1) {
673 addr = arg;
674 port = "3260";
675 } else {
676 addr = strsep(&arg, ":");
677 if (arg == NULL)
678 port = "3260";
679 else
680 port = arg;
681 }
682 }
683
684 memset(&hints, 0, sizeof(hints));
685 hints.ai_family = PF_UNSPEC;
686 hints.ai_socktype = SOCK_STREAM;
687 hints.ai_flags = AI_PASSIVE;
688
689 error = getaddrinfo(addr, port, &hints, &portal->p_ai);
690 if (error != 0) {
691 log_warnx("getaddrinfo for %s failed: %s",
692 portal->p_listen, gai_strerror(error));
693 portal_delete(portal);
694 return (1);
695 }
696
697 /*
698 * XXX: getaddrinfo(3) may return multiple addresses; we should turn
699 * those into multiple portals.
700 */
701
702 return (0);
703}
704
705static bool
706valid_hex(const char ch)
707{
708 switch (ch) {
709 case '0':
710 case '1':
711 case '2':
712 case '3':
713 case '4':
714 case '5':
715 case '6':
716 case '7':
717 case '8':
718 case '9':
719 case 'a':
720 case 'A':
721 case 'b':
722 case 'B':
723 case 'c':
724 case 'C':
725 case 'd':
726 case 'D':
727 case 'e':
728 case 'E':
729 case 'f':
730 case 'F':
731 return (true);
732 default:
733 return (false);
734 }
735}
736
737bool
738valid_iscsi_name(const char *name)
739{
740 int i;
741
742 if (strlen(name) >= MAX_NAME_LEN) {
743 log_warnx("overlong name for target \"%s\"; max length allowed "
744 "by iSCSI specification is %d characters",
745 name, MAX_NAME_LEN);
746 return (false);
747 }
748
749 /*
750 * In the cases below, we don't return an error, just in case the admin
751 * was right, and we're wrong.
752 */
753 if (strncasecmp(name, "iqn.", strlen("iqn.")) == 0) {
754 for (i = strlen("iqn."); name[i] != '\0'; i++) {
755 /*
756 * XXX: We should verify UTF-8 normalisation, as defined
757 * by 3.2.6.2: iSCSI Name Encoding.
758 */
759 if (isalnum(name[i]))
760 continue;
761 if (name[i] == '-' || name[i] == '.' || name[i] == ':')
762 continue;
763 log_warnx("invalid character \"%c\" in target name "
764 "\"%s\"; allowed characters are letters, digits, "
765 "'-', '.', and ':'", name[i], name);
766 break;
767 }
768 /*
769 * XXX: Check more stuff: valid date and a valid reversed domain.
770 */
771 } else if (strncasecmp(name, "eui.", strlen("eui.")) == 0) {
772 if (strlen(name) != strlen("eui.") + 16)
773 log_warnx("invalid target name \"%s\"; the \"eui.\" "
774 "should be followed by exactly 16 hexadecimal "
775 "digits", name);
776 for (i = strlen("eui."); name[i] != '\0'; i++) {
777 if (!valid_hex(name[i])) {
778 log_warnx("invalid character \"%c\" in target "
779 "name \"%s\"; allowed characters are 1-9 "
780 "and A-F", name[i], name);
781 break;
782 }
783 }
784 } else if (strncasecmp(name, "naa.", strlen("naa.")) == 0) {
785 if (strlen(name) > strlen("naa.") + 32)
786 log_warnx("invalid target name \"%s\"; the \"naa.\" "
787 "should be followed by at most 32 hexadecimal "
788 "digits", name);
789 for (i = strlen("naa."); name[i] != '\0'; i++) {
790 if (!valid_hex(name[i])) {
791 log_warnx("invalid character \"%c\" in target "
792 "name \"%s\"; allowed characters are 1-9 "
793 "and A-F", name[i], name);
794 break;
795 }
796 }
797 } else {
798 log_warnx("invalid target name \"%s\"; should start with "
799 "either \".iqn\", \"eui.\", or \"naa.\"",
800 name);
801 }
802 return (true);
803}
804
805struct target *
806target_new(struct conf *conf, const char *name)
807{
808 struct target *targ;
809 int i, len;
810
811 targ = target_find(conf, name);
812 if (targ != NULL) {
813 log_warnx("duplicated target \"%s\"", name);
814 return (NULL);
815 }
816 if (valid_iscsi_name(name) == false) {
817 log_warnx("target name \"%s\" is invalid", name);
818 return (NULL);
819 }
820 targ = calloc(1, sizeof(*targ));
821 if (targ == NULL)
822 log_err(1, "calloc");
823 targ->t_name = checked_strdup(name);
824
825 /*
826 * RFC 3722 requires us to normalize the name to lowercase.
827 */
828 len = strlen(name);
829 for (i = 0; i < len; i++)
830 targ->t_name[i] = tolower(targ->t_name[i]);
831
832 TAILQ_INIT(&targ->t_luns);
833 targ->t_conf = conf;
834 TAILQ_INSERT_TAIL(&conf->conf_targets, targ, t_next);
835
836 return (targ);
837}
838
839void
840target_delete(struct target *targ)
841{
842 struct lun *lun, *tmp;
843
844 TAILQ_REMOVE(&targ->t_conf->conf_targets, targ, t_next);
845
846 TAILQ_FOREACH_SAFE(lun, &targ->t_luns, l_next, tmp)
847 lun_delete(lun);
848 free(targ->t_name);
849 free(targ);
850}
851
852struct target *
853target_find(struct conf *conf, const char *name)
854{
855 struct target *targ;
856
857 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
858 if (strcasecmp(targ->t_name, name) == 0)
859 return (targ);
860 }
861
862 return (NULL);
863}
864
865struct lun *
866lun_new(struct target *targ, int lun_id)
867{
868 struct lun *lun;
869
870 lun = lun_find(targ, lun_id);
871 if (lun != NULL) {
872 log_warnx("duplicated lun %d for target \"%s\"",
873 lun_id, targ->t_name);
874 return (NULL);
875 }
876
877 lun = calloc(1, sizeof(*lun));
878 if (lun == NULL)
879 log_err(1, "calloc");
880 lun->l_lun = lun_id;
881 TAILQ_INIT(&lun->l_options);
882 lun->l_target = targ;
883 TAILQ_INSERT_TAIL(&targ->t_luns, lun, l_next);
884
885 return (lun);
886}
887
888void
889lun_delete(struct lun *lun)
890{
891 struct lun_option *lo, *tmp;
892
893 TAILQ_REMOVE(&lun->l_target->t_luns, lun, l_next);
894
895 TAILQ_FOREACH_SAFE(lo, &lun->l_options, lo_next, tmp)
896 lun_option_delete(lo);
897 free(lun->l_backend);
898 free(lun->l_device_id);
899 free(lun->l_path);
900 free(lun->l_serial);
901 free(lun);
902}
903
904struct lun *
905lun_find(const struct target *targ, int lun_id)
906{
907 struct lun *lun;
908
909 TAILQ_FOREACH(lun, &targ->t_luns, l_next) {
910 if (lun->l_lun == lun_id)
911 return (lun);
912 }
913
914 return (NULL);
915}
916
917void
918lun_set_backend(struct lun *lun, const char *value)
919{
920 free(lun->l_backend);
921 lun->l_backend = checked_strdup(value);
922}
923
924void
925lun_set_blocksize(struct lun *lun, size_t value)
926{
927
928 lun->l_blocksize = value;
929}
930
931void
932lun_set_device_id(struct lun *lun, const char *value)
933{
934 free(lun->l_device_id);
935 lun->l_device_id = checked_strdup(value);
936}
937
938void
939lun_set_path(struct lun *lun, const char *value)
940{
941 free(lun->l_path);
942 lun->l_path = checked_strdup(value);
943}
944
945void
946lun_set_serial(struct lun *lun, const char *value)
947{
948 free(lun->l_serial);
949 lun->l_serial = checked_strdup(value);
950}
951
952void
953lun_set_size(struct lun *lun, size_t value)
954{
955
956 lun->l_size = value;
957}
958
959void
960lun_set_ctl_lun(struct lun *lun, uint32_t value)
961{
962
963 lun->l_ctl_lun = value;
964}
965
966struct lun_option *
967lun_option_new(struct lun *lun, const char *name, const char *value)
968{
969 struct lun_option *lo;
970
971 lo = lun_option_find(lun, name);
972 if (lo != NULL) {
973 log_warnx("duplicated lun option %s for lun %d, target \"%s\"",
974 name, lun->l_lun, lun->l_target->t_name);
975 return (NULL);
976 }
977
978 lo = calloc(1, sizeof(*lo));
979 if (lo == NULL)
980 log_err(1, "calloc");
981 lo->lo_name = checked_strdup(name);
982 lo->lo_value = checked_strdup(value);
983 lo->lo_lun = lun;
984 TAILQ_INSERT_TAIL(&lun->l_options, lo, lo_next);
985
986 return (lo);
987}
988
989void
990lun_option_delete(struct lun_option *lo)
991{
992
993 TAILQ_REMOVE(&lo->lo_lun->l_options, lo, lo_next);
994
995 free(lo->lo_name);
996 free(lo->lo_value);
997 free(lo);
998}
999
1000struct lun_option *
1001lun_option_find(const struct lun *lun, const char *name)
1002{
1003 struct lun_option *lo;
1004
1005 TAILQ_FOREACH(lo, &lun->l_options, lo_next) {
1006 if (strcmp(lo->lo_name, name) == 0)
1007 return (lo);
1008 }
1009
1010 return (NULL);
1011}
1012
1013void
1014lun_option_set(struct lun_option *lo, const char *value)
1015{
1016
1017 free(lo->lo_value);
1018 lo->lo_value = checked_strdup(value);
1019}
1020
1021static struct connection *
1022connection_new(struct portal *portal, int fd, const char *host,
1023 const struct sockaddr *client_sa)
1024{
1025 struct connection *conn;
1026
1027 conn = calloc(1, sizeof(*conn));
1028 if (conn == NULL)
1029 log_err(1, "calloc");
1030 conn->conn_portal = portal;
1031 conn->conn_socket = fd;
1032 conn->conn_initiator_addr = checked_strdup(host);
1033 memcpy(&conn->conn_initiator_sa, client_sa, client_sa->sa_len);
1034
1035 /*
1036 * Default values, from RFC 3720, section 12.
1037 */
1038 conn->conn_max_data_segment_length = 8192;
1039 conn->conn_max_burst_length = 262144;
1040 conn->conn_immediate_data = true;
1041
1042 return (conn);
1043}
1044
1045#if 0
1046static void
1047conf_print(struct conf *conf)
1048{
1049 struct auth_group *ag;
1050 struct auth *auth;
1051 struct auth_name *auth_name;
1052 struct auth_portal *auth_portal;
1053 struct portal_group *pg;
1054 struct portal *portal;
1055 struct target *targ;
1056 struct lun *lun;
1057 struct lun_option *lo;
1058
1059 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
1060 fprintf(stderr, "auth-group %s {\n", ag->ag_name);
1061 TAILQ_FOREACH(auth, &ag->ag_auths, a_next)
1062 fprintf(stderr, "\t chap-mutual %s %s %s %s\n",
1063 auth->a_user, auth->a_secret,
1064 auth->a_mutual_user, auth->a_mutual_secret);
1065 TAILQ_FOREACH(auth_name, &ag->ag_names, an_next)
1066 fprintf(stderr, "\t initiator-name %s\n",
1067 auth_name->an_initator_name);
1068 TAILQ_FOREACH(auth_portal, &ag->ag_portals, an_next)
1069 fprintf(stderr, "\t initiator-portal %s\n",
1070 auth_portal->an_initator_portal);
1071 fprintf(stderr, "}\n");
1072 }
1073 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1074 fprintf(stderr, "portal-group %s {\n", pg->pg_name);
1075 TAILQ_FOREACH(portal, &pg->pg_portals, p_next)
1076 fprintf(stderr, "\t listen %s\n", portal->p_listen);
1077 fprintf(stderr, "}\n");
1078 }
1079 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1080 fprintf(stderr, "target %s {\n", targ->t_name);
1081 if (targ->t_alias != NULL)
1082 fprintf(stderr, "\t alias %s\n", targ->t_alias);
1083 TAILQ_FOREACH(lun, &targ->t_luns, l_next) {
1084 fprintf(stderr, "\tlun %d {\n", lun->l_lun);
1085 fprintf(stderr, "\t\tpath %s\n", lun->l_path);
1086 TAILQ_FOREACH(lo, &lun->l_options, lo_next)
1087 fprintf(stderr, "\t\toption %s %s\n",
1088 lo->lo_name, lo->lo_value);
1089 fprintf(stderr, "\t}\n");
1090 }
1091 fprintf(stderr, "}\n");
1092 }
1093}
1094#endif
1095
1096static int
1097conf_verify_lun(struct lun *lun)
1098{
1099 const struct lun *lun2;
1100 const struct target *targ2;
1101
1102 if (lun->l_backend == NULL)
1103 lun_set_backend(lun, "block");
1104 if (strcmp(lun->l_backend, "block") == 0) {
1105 if (lun->l_path == NULL) {
1106 log_warnx("missing path for lun %d, target \"%s\"",
1107 lun->l_lun, lun->l_target->t_name);
1108 return (1);
1109 }
1110 } else if (strcmp(lun->l_backend, "ramdisk") == 0) {
1111 if (lun->l_size == 0) {
1112 log_warnx("missing size for ramdisk-backed lun %d, "
1113 "target \"%s\"", lun->l_lun, lun->l_target->t_name);
1114 return (1);
1115 }
1116 if (lun->l_path != NULL) {
1117 log_warnx("path must not be specified "
1118 "for ramdisk-backed lun %d, target \"%s\"",
1119 lun->l_lun, lun->l_target->t_name);
1120 return (1);
1121 }
1122 }
1123 if (lun->l_lun < 0 || lun->l_lun > 255) {
1124 log_warnx("invalid lun number for lun %d, target \"%s\"; "
1125 "must be between 0 and 255", lun->l_lun,
1126 lun->l_target->t_name);
1127 return (1);
1128 }
1129 if (lun->l_blocksize == 0) {
1130 lun_set_blocksize(lun, DEFAULT_BLOCKSIZE);
1131 } else if (lun->l_blocksize < 0) {
1132 log_warnx("invalid blocksize for lun %d, target \"%s\"; "
1133 "must be larger than 0", lun->l_lun, lun->l_target->t_name);
1134 return (1);
1135 }
1136 if (lun->l_size != 0 && lun->l_size % lun->l_blocksize != 0) {
1137 log_warnx("invalid size for lun %d, target \"%s\"; "
1138 "must be multiple of blocksize", lun->l_lun,
1139 lun->l_target->t_name);
1140 return (1);
1141 }
1142 TAILQ_FOREACH(targ2, &lun->l_target->t_conf->conf_targets, t_next) {
1143 TAILQ_FOREACH(lun2, &targ2->t_luns, l_next) {
1144 if (lun == lun2)
1145 continue;
1146 if (lun->l_path != NULL && lun2->l_path != NULL &&
1147 strcmp(lun->l_path, lun2->l_path) == 0) {
1148 log_debugx("WARNING: path \"%s\" duplicated "
1149 "between lun %d, target \"%s\", and "
1150 "lun %d, target \"%s\"", lun->l_path,
1151 lun->l_lun, lun->l_target->t_name,
1152 lun2->l_lun, lun2->l_target->t_name);
1153 }
1154 }
1155 }
1156
1157 return (0);
1158}
1159
1160int
1161conf_verify(struct conf *conf)
1162{
1163 struct auth_group *ag;
1164 struct portal_group *pg;
1165 struct target *targ;
1166 struct lun *lun;
1167 bool found;
1168 int error;
1169
1170 if (conf->conf_pidfile_path == NULL)
1171 conf->conf_pidfile_path = checked_strdup(DEFAULT_PIDFILE);
1172
1173 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1174 if (targ->t_auth_group == NULL) {
1175 targ->t_auth_group = auth_group_find(conf,
1176 "default");
1177 assert(targ->t_auth_group != NULL);
1178 }
1179 if (targ->t_portal_group == NULL) {
1180 targ->t_portal_group = portal_group_find(conf,
1181 "default");
1182 assert(targ->t_portal_group != NULL);
1183 }
1184 found = false;
1185 TAILQ_FOREACH(lun, &targ->t_luns, l_next) {
1186 error = conf_verify_lun(lun);
1187 if (error != 0)
1188 return (error);
1189 found = true;
1190 }
1191 if (!found) {
1192 log_warnx("no LUNs defined for target \"%s\"",
1193 targ->t_name);
1194 }
1195 }
1196 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1197 assert(pg->pg_name != NULL);
1198 if (pg->pg_discovery_auth_group == NULL) {
1199 pg->pg_discovery_auth_group =
1200 auth_group_find(conf, "default");
1201 assert(pg->pg_discovery_auth_group != NULL);
1202 }
1203
1204 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1205 if (targ->t_portal_group == pg)
1206 break;
1207 }
1208 if (targ == NULL) {
1209 if (strcmp(pg->pg_name, "default") != 0)
1210 log_warnx("portal-group \"%s\" not assigned "
1211 "to any target", pg->pg_name);
1212 pg->pg_unassigned = true;
1213 } else
1214 pg->pg_unassigned = false;
1215 }
1216 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
1217 if (ag->ag_name == NULL)
1218 assert(ag->ag_target != NULL);
1219 else
1220 assert(ag->ag_target == NULL);
1221
1222 found = false;
1223 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1224 if (targ->t_auth_group == ag) {
1225 found = true;
1226 break;
1227 }
1228 }
1229 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1230 if (pg->pg_discovery_auth_group == ag) {
1231 found = true;
1232 break;
1233 }
1234 }
1235 if (!found && ag->ag_name != NULL &&
1236 strcmp(ag->ag_name, "default") != 0 &&
1237 strcmp(ag->ag_name, "no-authentication") != 0 &&
1238 strcmp(ag->ag_name, "no-access") != 0) {
1239 log_warnx("auth-group \"%s\" not assigned "
1240 "to any target", ag->ag_name);
1241 }
1242 }
1243
1244 return (0);
1245}
1246
1247static int
1248conf_apply(struct conf *oldconf, struct conf *newconf)
1249{
1250 struct target *oldtarg, *newtarg, *tmptarg;
1251 struct lun *oldlun, *newlun, *tmplun;
1252 struct portal_group *oldpg, *newpg;
1253 struct portal *oldp, *newp;
1254 pid_t otherpid;
1255 int changed, cumulated_error = 0, error;
1256 int one = 1;
1257
1258 if (oldconf->conf_debug != newconf->conf_debug) {
1259 log_debugx("changing debug level to %d", newconf->conf_debug);
1260 log_init(newconf->conf_debug);
1261 }
1262
1263 if (oldconf->conf_pidfh != NULL) {
1264 assert(oldconf->conf_pidfile_path != NULL);
1265 if (newconf->conf_pidfile_path != NULL &&
1266 strcmp(oldconf->conf_pidfile_path,
1267 newconf->conf_pidfile_path) == 0) {
1268 newconf->conf_pidfh = oldconf->conf_pidfh;
1269 oldconf->conf_pidfh = NULL;
1270 } else {
1271 log_debugx("removing pidfile %s",
1272 oldconf->conf_pidfile_path);
1273 pidfile_remove(oldconf->conf_pidfh);
1274 oldconf->conf_pidfh = NULL;
1275 }
1276 }
1277
1278 if (newconf->conf_pidfh == NULL && newconf->conf_pidfile_path != NULL) {
1279 log_debugx("opening pidfile %s", newconf->conf_pidfile_path);
1280 newconf->conf_pidfh =
1281 pidfile_open(newconf->conf_pidfile_path, 0600, &otherpid);
1282 if (newconf->conf_pidfh == NULL) {
1283 if (errno == EEXIST)
1284 log_errx(1, "daemon already running, pid: %jd.",
1285 (intmax_t)otherpid);
1286 log_err(1, "cannot open or create pidfile \"%s\"",
1287 newconf->conf_pidfile_path);
1288 }
1289 }
1290
1291 /*
1292 * XXX: If target or lun removal fails, we should somehow "move"
1293 * the old lun or target into newconf, so that subsequent
1294 * conf_apply() would try to remove them again. That would
1295 * be somewhat hairy, though, and lun deletion failures don't
1296 * really happen, so leave it as it is for now.
1297 */
1298 TAILQ_FOREACH_SAFE(oldtarg, &oldconf->conf_targets, t_next, tmptarg) {
1299 /*
1300 * First, remove any targets present in the old configuration
1301 * and missing in the new one.
1302 */
1303 newtarg = target_find(newconf, oldtarg->t_name);
1304 if (newtarg == NULL) {
1305 TAILQ_FOREACH_SAFE(oldlun, &oldtarg->t_luns, l_next,
1306 tmplun) {
1307 log_debugx("target %s not found in new "
1308 "configuration; removing its lun %d, "
1309 "backed by CTL lun %d",
1310 oldtarg->t_name, oldlun->l_lun,
1311 oldlun->l_ctl_lun);
1312 error = kernel_lun_remove(oldlun);
1313 if (error != 0) {
1314 log_warnx("failed to remove lun %d, "
1315 "target %s, CTL lun %d",
1316 oldlun->l_lun, oldtarg->t_name,
1317 oldlun->l_ctl_lun);
1318 cumulated_error++;
1319 }
1320 lun_delete(oldlun);
1321 }
1322 kernel_port_remove(oldtarg);
1323 target_delete(oldtarg);
1324 continue;
1325 }
1326
1327 /*
1328 * Second, remove any LUNs present in the old target
1329 * and missing in the new one.
1330 */
1331 TAILQ_FOREACH_SAFE(oldlun, &oldtarg->t_luns, l_next, tmplun) {
1332 newlun = lun_find(newtarg, oldlun->l_lun);
1333 if (newlun == NULL) {
1334 log_debugx("lun %d, target %s, CTL lun %d "
1335 "not found in new configuration; "
1336 "removing", oldlun->l_lun, oldtarg->t_name,
1337 oldlun->l_ctl_lun);
1338 error = kernel_lun_remove(oldlun);
1339 if (error != 0) {
1340 log_warnx("failed to remove lun %d, "
1341 "target %s, CTL lun %d",
1342 oldlun->l_lun, oldtarg->t_name,
1343 oldlun->l_ctl_lun);
1344 cumulated_error++;
1345 }
1346 lun_delete(oldlun);
1347 continue;
1348 }
1349
1350 /*
1351 * Also remove the LUNs changed by more than size.
1352 */
1353 changed = 0;
1354 assert(oldlun->l_backend != NULL);
1355 assert(newlun->l_backend != NULL);
1356 if (strcmp(newlun->l_backend, oldlun->l_backend) != 0) {
1357 log_debugx("backend for lun %d, target %s, "
1358 "CTL lun %d changed; removing",
1359 oldlun->l_lun, oldtarg->t_name,
1360 oldlun->l_ctl_lun);
1361 changed = 1;
1362 }
1363 if (oldlun->l_blocksize != newlun->l_blocksize) {
1364 log_debugx("blocksize for lun %d, target %s, "
1365 "CTL lun %d changed; removing",
1366 oldlun->l_lun, oldtarg->t_name,
1367 oldlun->l_ctl_lun);
1368 changed = 1;
1369 }
1370 if (newlun->l_device_id != NULL &&
1371 (oldlun->l_device_id == NULL ||
1372 strcmp(oldlun->l_device_id, newlun->l_device_id) !=
1373 0)) {
1374 log_debugx("device-id for lun %d, target %s, "
1375 "CTL lun %d changed; removing",
1376 oldlun->l_lun, oldtarg->t_name,
1377 oldlun->l_ctl_lun);
1378 changed = 1;
1379 }
1380 if (newlun->l_path != NULL &&
1381 (oldlun->l_path == NULL ||
1382 strcmp(oldlun->l_path, newlun->l_path) != 0)) {
1383 log_debugx("path for lun %d, target %s, "
1384 "CTL lun %d, changed; removing",
1385 oldlun->l_lun, oldtarg->t_name,
1386 oldlun->l_ctl_lun);
1387 changed = 1;
1388 }
1389 if (newlun->l_serial != NULL &&
1390 (oldlun->l_serial == NULL ||
1391 strcmp(oldlun->l_serial, newlun->l_serial) != 0)) {
1392 log_debugx("serial for lun %d, target %s, "
1393 "CTL lun %d changed; removing",
1394 oldlun->l_lun, oldtarg->t_name,
1395 oldlun->l_ctl_lun);
1396 changed = 1;
1397 }
1398 if (changed) {
1399 error = kernel_lun_remove(oldlun);
1400 if (error != 0) {
1401 log_warnx("failed to remove lun %d, "
1402 "target %s, CTL lun %d",
1403 oldlun->l_lun, oldtarg->t_name,
1404 oldlun->l_ctl_lun);
1405 cumulated_error++;
1406 }
1407 lun_delete(oldlun);
1408 continue;
1409 }
1410
1411 lun_set_ctl_lun(newlun, oldlun->l_ctl_lun);
1412 }
1413 }
1414
1415 /*
1416 * Now add new targets or modify existing ones.
1417 */
1418 TAILQ_FOREACH(newtarg, &newconf->conf_targets, t_next) {
1419 oldtarg = target_find(oldconf, newtarg->t_name);
1420
1421 TAILQ_FOREACH_SAFE(newlun, &newtarg->t_luns, l_next, tmplun) {
1422 if (oldtarg != NULL) {
1423 oldlun = lun_find(oldtarg, newlun->l_lun);
1424 if (oldlun != NULL) {
1425 if (newlun->l_size != oldlun->l_size ||
1426 newlun->l_size == 0) {
1427 log_debugx("resizing lun %d, "
1428 "target %s, CTL lun %d",
1429 newlun->l_lun,
1430 newtarg->t_name,
1431 newlun->l_ctl_lun);
1432 error =
1433 kernel_lun_resize(newlun);
1434 if (error != 0) {
1435 log_warnx("failed to "
1436 "resize lun %d, "
1437 "target %s, "
1438 "CTL lun %d",
1439 newlun->l_lun,
1440 newtarg->t_name,
1441 newlun->l_lun);
1442 cumulated_error++;
1443 }
1444 }
1445 continue;
1446 }
1447 }
1448 log_debugx("adding lun %d, target %s",
1449 newlun->l_lun, newtarg->t_name);
1450 error = kernel_lun_add(newlun);
1451 if (error != 0) {
1452 log_warnx("failed to add lun %d, target %s",
1453 newlun->l_lun, newtarg->t_name);
1454 lun_delete(newlun);
1455 cumulated_error++;
1456 }
1457 }
1458 if (oldtarg == NULL)
1459 kernel_port_add(newtarg);
1460 }
1461
1462 /*
1463 * Go through the new portals, opening the sockets as neccessary.
1464 */
1465 TAILQ_FOREACH(newpg, &newconf->conf_portal_groups, pg_next) {
1466 if (newpg->pg_unassigned) {
1467 log_debugx("not listening on portal-group \"%s\", "
1468 "not assigned to any target",
1469 newpg->pg_name);
1470 continue;
1471 }
1472 TAILQ_FOREACH(newp, &newpg->pg_portals, p_next) {
1473 /*
1474 * Try to find already open portal and reuse
1475 * the listening socket. We don't care about
1476 * what portal or portal group that was, what
1477 * matters is the listening address.
1478 */
1479 TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups,
1480 pg_next) {
1481 TAILQ_FOREACH(oldp, &oldpg->pg_portals,
1482 p_next) {
1483 if (strcmp(newp->p_listen,
1484 oldp->p_listen) == 0 &&
1485 oldp->p_socket > 0) {
1486 newp->p_socket =
1487 oldp->p_socket;
1488 oldp->p_socket = 0;
1489 break;
1490 }
1491 }
1492 }
1493 if (newp->p_socket > 0) {
1494 /*
1495 * We're done with this portal.
1496 */
1497 continue;
1498 }
1499
1500#ifdef ICL_KERNEL_PROXY
1501 if (proxy_mode) {
1502 newpg->pg_conf->conf_portal_id++;
1503 newp->p_id = newpg->pg_conf->conf_portal_id;
1504 log_debugx("listening on %s, portal-group "
1505 "\"%s\", portal id %d, using ICL proxy",
1506 newp->p_listen, newpg->pg_name, newp->p_id);
1507 kernel_listen(newp->p_ai, newp->p_iser,
1508 newp->p_id);
1509 continue;
1510 }
1511#endif
1512 assert(proxy_mode == false);
1513 assert(newp->p_iser == false);
1514
1515 log_debugx("listening on %s, portal-group \"%s\"",
1516 newp->p_listen, newpg->pg_name);
1517 newp->p_socket = socket(newp->p_ai->ai_family,
1518 newp->p_ai->ai_socktype,
1519 newp->p_ai->ai_protocol);
1520 if (newp->p_socket < 0) {
1521 log_warn("socket(2) failed for %s",
1522 newp->p_listen);
1523 cumulated_error++;
1524 continue;
1525 }
1526 error = setsockopt(newp->p_socket, SOL_SOCKET,
1527 SO_REUSEADDR, &one, sizeof(one));
1528 if (error != 0) {
1529 log_warn("setsockopt(SO_REUSEADDR) failed "
1530 "for %s", newp->p_listen);
1531 close(newp->p_socket);
1532 newp->p_socket = 0;
1533 cumulated_error++;
1534 continue;
1535 }
1536 error = bind(newp->p_socket, newp->p_ai->ai_addr,
1537 newp->p_ai->ai_addrlen);
1538 if (error != 0) {
1539 log_warn("bind(2) failed for %s",
1540 newp->p_listen);
1541 close(newp->p_socket);
1542 newp->p_socket = 0;
1543 cumulated_error++;
1544 continue;
1545 }
1546 error = listen(newp->p_socket, -1);
1547 if (error != 0) {
1548 log_warn("listen(2) failed for %s",
1549 newp->p_listen);
1550 close(newp->p_socket);
1551 newp->p_socket = 0;
1552 cumulated_error++;
1553 continue;
1554 }
1555 }
1556 }
1557
1558 /*
1559 * Go through the no longer used sockets, closing them.
1560 */
1561 TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups, pg_next) {
1562 TAILQ_FOREACH(oldp, &oldpg->pg_portals, p_next) {
1563 if (oldp->p_socket <= 0)
1564 continue;
1565 log_debugx("closing socket for %s, portal-group \"%s\"",
1566 oldp->p_listen, oldpg->pg_name);
1567 close(oldp->p_socket);
1568 oldp->p_socket = 0;
1569 }
1570 }
1571
1572 return (cumulated_error);
1573}
1574
1575bool
1576timed_out(void)
1577{
1578
1579 return (sigalrm_received);
1580}
1581
1582static void
1583sigalrm_handler(int dummy __unused)
1584{
1585 /*
1586 * It would be easiest to just log an error and exit. We can't
1587 * do this, though, because log_errx() is not signal safe, since
1588 * it calls syslog(3). Instead, set a flag checked by pdu_send()
1589 * and pdu_receive(), to call log_errx() there. Should they fail
1590 * to notice, we'll exit here one second later.
1591 */
1592 if (sigalrm_received) {
1593 /*
1594 * Oh well. Just give up and quit.
1595 */
1596 _exit(2);
1597 }
1598
1599 sigalrm_received = true;
1600}
1601
1602static void
1603set_timeout(const struct conf *conf)
1604{
1605 struct sigaction sa;
1606 struct itimerval itv;
1607 int error;
1608
1609 if (conf->conf_timeout <= 0) {
1610 log_debugx("session timeout disabled");
1611 return;
1612 }
1613
1614 bzero(&sa, sizeof(sa));
1615 sa.sa_handler = sigalrm_handler;
1616 sigfillset(&sa.sa_mask);
1617 error = sigaction(SIGALRM, &sa, NULL);
1618 if (error != 0)
1619 log_err(1, "sigaction");
1620
1621 /*
1622 * First SIGALRM will arive after conf_timeout seconds.
1623 * If we do nothing, another one will arrive a second later.
1624 */
1625 bzero(&itv, sizeof(itv));
1626 itv.it_interval.tv_sec = 1;
1627 itv.it_value.tv_sec = conf->conf_timeout;
1628
1629 log_debugx("setting session timeout to %d seconds",
1630 conf->conf_timeout);
1631 error = setitimer(ITIMER_REAL, &itv, NULL);
1632 if (error != 0)
1633 log_err(1, "setitimer");
1634}
1635
1636static int
1637wait_for_children(bool block)
1638{
1639 pid_t pid;
1640 int status;
1641 int num = 0;
1642
1643 for (;;) {
1644 /*
1645 * If "block" is true, wait for at least one process.
1646 */
1647 if (block && num == 0)
1648 pid = wait4(-1, &status, 0, NULL);
1649 else
1650 pid = wait4(-1, &status, WNOHANG, NULL);
1651 if (pid <= 0)
1652 break;
1653 if (WIFSIGNALED(status)) {
1654 log_warnx("child process %d terminated with signal %d",
1655 pid, WTERMSIG(status));
1656 } else if (WEXITSTATUS(status) != 0) {
1657 log_warnx("child process %d terminated with exit status %d",
1658 pid, WEXITSTATUS(status));
1659 } else {
1660 log_debugx("child process %d terminated gracefully", pid);
1661 }
1662 num++;
1663 }
1664
1665 return (num);
1666}
1667
1668static void
1669handle_connection(struct portal *portal, int fd,
1670 const struct sockaddr *client_sa, bool dont_fork)
1671{
1672 struct connection *conn;
1673 int error;
1674 pid_t pid;
1675 char host[NI_MAXHOST + 1];
1676 struct conf *conf;
1677
1678 conf = portal->p_portal_group->pg_conf;
1679
1680 if (dont_fork) {
1681 log_debugx("incoming connection; not forking due to -d flag");
1682 } else {
1683 nchildren -= wait_for_children(false);
1684 assert(nchildren >= 0);
1685
1686 while (conf->conf_maxproc > 0 && nchildren >= conf->conf_maxproc) {
1687 log_debugx("maxproc limit of %d child processes hit; "
1688 "waiting for child process to exit", conf->conf_maxproc);
1689 nchildren -= wait_for_children(true);
1690 assert(nchildren >= 0);
1691 }
1692 log_debugx("incoming connection; forking child process #%d",
1693 nchildren);
1694 nchildren++;
1695 pid = fork();
1696 if (pid < 0)
1697 log_err(1, "fork");
1698 if (pid > 0) {
1699 close(fd);
1700 return;
1701 }
1702 }
1703 pidfile_close(conf->conf_pidfh);
1704
1705 error = getnameinfo(client_sa, client_sa->sa_len,
1706 host, sizeof(host), NULL, 0, NI_NUMERICHOST);
1707 if (error != 0)
1708 log_errx(1, "getnameinfo: %s", gai_strerror(error));
1709
1710 log_debugx("accepted connection from %s; portal group \"%s\"",
1711 host, portal->p_portal_group->pg_name);
1712 log_set_peer_addr(host);
1713 setproctitle("%s", host);
1714
1715 conn = connection_new(portal, fd, host, client_sa);
1716 set_timeout(conf);
1717 kernel_capsicate();
1718 login(conn);
1719 if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) {
1720 kernel_handoff(conn);
1721 log_debugx("connection handed off to the kernel");
1722 } else {
1723 assert(conn->conn_session_type == CONN_SESSION_TYPE_DISCOVERY);
1724 discovery(conn);
1725 }
1726 log_debugx("nothing more to do; exiting");
1727 exit(0);
1728}
1729
1730static int
1731fd_add(int fd, fd_set *fdset, int nfds)
1732{
1733
1734 /*
1735 * Skip sockets which we failed to bind.
1736 */
1737 if (fd <= 0)
1738 return (nfds);
1739
1740 FD_SET(fd, fdset);
1741 if (fd > nfds)
1742 nfds = fd;
1743 return (nfds);
1744}
1745
1746static void
1747main_loop(struct conf *conf, bool dont_fork)
1748{
1749 struct portal_group *pg;
1750 struct portal *portal;
1751 struct sockaddr_storage client_sa;
1752 socklen_t client_salen;
1753#ifdef ICL_KERNEL_PROXY
1754 int connection_id;
1755 int portal_id;
1756#endif
1757 fd_set fdset;
1758 int error, nfds, client_fd;
1759
1760 pidfile_write(conf->conf_pidfh);
1761
1762 for (;;) {
1763 if (sighup_received || sigterm_received)
1764 return;
1765
1766#ifdef ICL_KERNEL_PROXY
1767 if (proxy_mode) {
1768 client_salen = sizeof(client_sa);
1769 kernel_accept(&connection_id, &portal_id,
1770 (struct sockaddr *)&client_sa, &client_salen);
1771 assert(client_salen >= client_sa.ss_len);
1772
1773 log_debugx("incoming connection, id %d, portal id %d",
1774 connection_id, portal_id);
1775 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1776 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
1777 if (portal->p_id == portal_id) {
1778 goto found;
1779 }
1780 }
1781 }
1782
1783 log_errx(1, "kernel returned invalid portal_id %d",
1784 portal_id);
1785
1786found:
1787 handle_connection(portal, connection_id,
1788 (struct sockaddr *)&client_sa, dont_fork);
1789 } else {
1790#endif
1791 assert(proxy_mode == false);
1792
1793 FD_ZERO(&fdset);
1794 nfds = 0;
1795 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1796 TAILQ_FOREACH(portal, &pg->pg_portals, p_next)
1797 nfds = fd_add(portal->p_socket, &fdset, nfds);
1798 }
1799 error = select(nfds + 1, &fdset, NULL, NULL, NULL);
1800 if (error <= 0) {
1801 if (errno == EINTR)
1802 return;
1803 log_err(1, "select");
1804 }
1805 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1806 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
1807 if (!FD_ISSET(portal->p_socket, &fdset))
1808 continue;
1809 client_salen = sizeof(client_sa);
1810 client_fd = accept(portal->p_socket,
1811 (struct sockaddr *)&client_sa,
1812 &client_salen);
1813 if (client_fd < 0)
1814 log_err(1, "accept");
1815 assert(client_salen >= client_sa.ss_len);
1816
1817 handle_connection(portal, client_fd,
1818 (struct sockaddr *)&client_sa,
1819 dont_fork);
1820 break;
1821 }
1822 }
1823#ifdef ICL_KERNEL_PROXY
1824 }
1825#endif
1826 }
1827}
1828
1829static void
1830sighup_handler(int dummy __unused)
1831{
1832
1833 sighup_received = true;
1834}
1835
1836static void
1837sigterm_handler(int dummy __unused)
1838{
1839
1840 sigterm_received = true;
1841}
1842
1843static void
1844sigchld_handler(int dummy __unused)
1845{
1846
1847 /*
1848 * The only purpose of this handler is to make SIGCHLD
1849 * interrupt the ISCSIDWAIT ioctl(2), so we can call
1850 * wait_for_children().
1851 */
1852}
1853
1854static void
1855register_signals(void)
1856{
1857 struct sigaction sa;
1858 int error;
1859
1860 bzero(&sa, sizeof(sa));
1861 sa.sa_handler = sighup_handler;
1862 sigfillset(&sa.sa_mask);
1863 error = sigaction(SIGHUP, &sa, NULL);
1864 if (error != 0)
1865 log_err(1, "sigaction");
1866
1867 sa.sa_handler = sigterm_handler;
1868 error = sigaction(SIGTERM, &sa, NULL);
1869 if (error != 0)
1870 log_err(1, "sigaction");
1871
1872 sa.sa_handler = sigterm_handler;
1873 error = sigaction(SIGINT, &sa, NULL);
1874 if (error != 0)
1875 log_err(1, "sigaction");
1876
1877 sa.sa_handler = sigchld_handler;
1878 error = sigaction(SIGCHLD, &sa, NULL);
1879 if (error != 0)
1880 log_err(1, "sigaction");
1881}
1882
1883int
1884main(int argc, char **argv)
1885{
1886 struct conf *oldconf, *newconf, *tmpconf;
1887 const char *config_path = DEFAULT_CONFIG_PATH;
1888 int debug = 0, ch, error;
1889 bool dont_daemonize = false;
1890
1891 while ((ch = getopt(argc, argv, "df:R")) != -1) {
1892 switch (ch) {
1893 case 'd':
1894 dont_daemonize = true;
1895 debug++;
1896 break;
1897 case 'f':
1898 config_path = optarg;
1899 break;
1900 case 'R':
1901#ifndef ICL_KERNEL_PROXY
1902 log_errx(1, "ctld(8) compiled without ICL_KERNEL_PROXY "
1903 "does not support iSER protocol");
1904#endif
1905 proxy_mode = true;
1906 break;
1907 case '?':
1908 default:
1909 usage();
1910 }
1911 }
1912 argc -= optind;
1913 if (argc != 0)
1914 usage();
1915
1916 log_init(debug);
1917 kernel_init();
1918
1919 oldconf = conf_new_from_kernel();
1920 newconf = conf_new_from_file(config_path);
1921 if (newconf == NULL)
1922 log_errx(1, "configuration error; exiting");
1923 if (debug > 0) {
1924 oldconf->conf_debug = debug;
1925 newconf->conf_debug = debug;
1926 }
1927
1928 error = conf_apply(oldconf, newconf);
1929 if (error != 0)
1930 log_errx(1, "failed to apply configuration; exiting");
1931
1932 conf_delete(oldconf);
1933 oldconf = NULL;
1934
1935 register_signals();
1936
1937 if (dont_daemonize == false) {
1938 log_debugx("daemonizing");
1939 if (daemon(0, 0) == -1) {
1940 log_warn("cannot daemonize");
1941 pidfile_remove(newconf->conf_pidfh);
1942 exit(1);
1943 }
1944 }
1945
1946 for (;;) {
1947 main_loop(newconf, dont_daemonize);
1948 if (sighup_received) {
1949 sighup_received = false;
1950 log_debugx("received SIGHUP, reloading configuration");
1951 tmpconf = conf_new_from_file(config_path);
1952 if (tmpconf == NULL) {
1953 log_warnx("configuration error, "
1954 "continuing with old configuration");
1955 } else {
1956 if (debug > 0)
1957 tmpconf->conf_debug = debug;
1958 oldconf = newconf;
1959 newconf = tmpconf;
1960 error = conf_apply(oldconf, newconf);
1961 if (error != 0)
1962 log_warnx("failed to reload "
1963 "configuration");
1964 conf_delete(oldconf);
1965 oldconf = NULL;
1966 }
1967 } else if (sigterm_received) {
1968 log_debugx("exiting on signal; "
1969 "reloading empty configuration");
1970
1971 log_debugx("disabling CTL iSCSI port "
1972 "and terminating all connections");
1973
1974 oldconf = newconf;
1975 newconf = conf_new();
1976 if (debug > 0)
1977 newconf->conf_debug = debug;
1978 error = conf_apply(oldconf, newconf);
1979 if (error != 0)
1980 log_warnx("failed to apply configuration");
1981
1982 log_warnx("exiting on signal");
1983 exit(0);
1984 } else {
1985 nchildren -= wait_for_children(false);
1986 assert(nchildren >= 0);
1987 }
1988 }
1989 /* NOTREACHED */
1990}