1/*-
2 * Copyright (c) 2012 The FreeBSD Foundation
3 * All rights reserved.
4 *
5 * This software was developed by Edward Tomasz Napierala under sponsorship
6 * from the FreeBSD Foundation.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 */
30
31#include <sys/cdefs.h>
|
32__FBSDID("$FreeBSD: stable/10/usr.sbin/ctld/discovery.c 276613 2015-01-03 13:08:08Z mav $");
|
| 32__FBSDID("$FreeBSD: stable/10/usr.sbin/ctld/discovery.c 279006 2015-02-19 14:52:01Z mav $"); |
33
34#include <assert.h>
35#include <stdint.h>
36#include <stdio.h>
37#include <stdlib.h>
38#include <string.h>
39#include <netinet/in.h>
40#include <netdb.h>
41#include <sys/socket.h>
42
43#include "ctld.h"
44#include "iscsi_proto.h"
45
46static struct pdu *
47text_receive(struct connection *conn)
48{
49 struct pdu *request;
50 struct iscsi_bhs_text_request *bhstr;
51
52 request = pdu_new(conn);
53 pdu_receive(request);
54 if ((request->pdu_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) !=
55 ISCSI_BHS_OPCODE_TEXT_REQUEST)
56 log_errx(1, "protocol error: received invalid opcode 0x%x",
57 request->pdu_bhs->bhs_opcode);
58 bhstr = (struct iscsi_bhs_text_request *)request->pdu_bhs;
59#if 0
60 if ((bhstr->bhstr_flags & ISCSI_BHSTR_FLAGS_FINAL) == 0)
61 log_errx(1, "received Text PDU without the \"F\" flag");
62#endif
63 /*
64 * XXX: Implement the C flag some day.
65 */
66 if ((bhstr->bhstr_flags & BHSTR_FLAGS_CONTINUE) != 0)
67 log_errx(1, "received Text PDU with unsupported \"C\" flag");
68 if (ISCSI_SNLT(ntohl(bhstr->bhstr_cmdsn), conn->conn_cmdsn)) {
69 log_errx(1, "received Text PDU with decreasing CmdSN: "
70 "was %u, is %u", conn->conn_cmdsn, ntohl(bhstr->bhstr_cmdsn));
71 }
72 if (ntohl(bhstr->bhstr_expstatsn) != conn->conn_statsn) {
73 log_errx(1, "received Text PDU with wrong StatSN: "
74 "is %u, should be %u", ntohl(bhstr->bhstr_expstatsn),
75 conn->conn_statsn);
76 }
77 conn->conn_cmdsn = ntohl(bhstr->bhstr_cmdsn);
78
79 return (request);
80}
81
82static struct pdu *
83text_new_response(struct pdu *request)
84{
85 struct pdu *response;
86 struct connection *conn;
87 struct iscsi_bhs_text_request *bhstr;
88 struct iscsi_bhs_text_response *bhstr2;
89
90 bhstr = (struct iscsi_bhs_text_request *)request->pdu_bhs;
91 conn = request->pdu_connection;
92
93 response = pdu_new_response(request);
94 bhstr2 = (struct iscsi_bhs_text_response *)response->pdu_bhs;
95 bhstr2->bhstr_opcode = ISCSI_BHS_OPCODE_TEXT_RESPONSE;
96 bhstr2->bhstr_flags = BHSTR_FLAGS_FINAL;
97 bhstr2->bhstr_lun = bhstr->bhstr_lun;
98 bhstr2->bhstr_initiator_task_tag = bhstr->bhstr_initiator_task_tag;
99 bhstr2->bhstr_target_transfer_tag = bhstr->bhstr_target_transfer_tag;
100 bhstr2->bhstr_statsn = htonl(conn->conn_statsn++);
101 bhstr2->bhstr_expcmdsn = htonl(conn->conn_cmdsn);
102 bhstr2->bhstr_maxcmdsn = htonl(conn->conn_cmdsn);
103
104 return (response);
105}
106
107static struct pdu *
108logout_receive(struct connection *conn)
109{
110 struct pdu *request;
111 struct iscsi_bhs_logout_request *bhslr;
112
113 request = pdu_new(conn);
114 pdu_receive(request);
115 if ((request->pdu_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) !=
116 ISCSI_BHS_OPCODE_LOGOUT_REQUEST)
117 log_errx(1, "protocol error: received invalid opcode 0x%x",
118 request->pdu_bhs->bhs_opcode);
119 bhslr = (struct iscsi_bhs_logout_request *)request->pdu_bhs;
120 if ((bhslr->bhslr_reason & 0x7f) != BHSLR_REASON_CLOSE_SESSION)
121 log_debugx("received Logout PDU with invalid reason 0x%x; "
122 "continuing anyway", bhslr->bhslr_reason & 0x7f);
123 if (ISCSI_SNLT(ntohl(bhslr->bhslr_cmdsn), conn->conn_cmdsn)) {
124 log_errx(1, "received Logout PDU with decreasing CmdSN: "
125 "was %u, is %u", conn->conn_cmdsn,
126 ntohl(bhslr->bhslr_cmdsn));
127 }
128 if (ntohl(bhslr->bhslr_expstatsn) != conn->conn_statsn) {
129 log_errx(1, "received Logout PDU with wrong StatSN: "
130 "is %u, should be %u", ntohl(bhslr->bhslr_expstatsn),
131 conn->conn_statsn);
132 }
133 conn->conn_cmdsn = ntohl(bhslr->bhslr_cmdsn);
134
135 return (request);
136}
137
138static struct pdu *
139logout_new_response(struct pdu *request)
140{
141 struct pdu *response;
142 struct connection *conn;
143 struct iscsi_bhs_logout_request *bhslr;
144 struct iscsi_bhs_logout_response *bhslr2;
145
146 bhslr = (struct iscsi_bhs_logout_request *)request->pdu_bhs;
147 conn = request->pdu_connection;
148
149 response = pdu_new_response(request);
150 bhslr2 = (struct iscsi_bhs_logout_response *)response->pdu_bhs;
151 bhslr2->bhslr_opcode = ISCSI_BHS_OPCODE_LOGOUT_RESPONSE;
152 bhslr2->bhslr_flags = 0x80;
153 bhslr2->bhslr_response = BHSLR_RESPONSE_CLOSED_SUCCESSFULLY;
154 bhslr2->bhslr_initiator_task_tag = bhslr->bhslr_initiator_task_tag;
155 bhslr2->bhslr_statsn = htonl(conn->conn_statsn++);
156 bhslr2->bhslr_expcmdsn = htonl(conn->conn_cmdsn);
157 bhslr2->bhslr_maxcmdsn = htonl(conn->conn_cmdsn);
158
159 return (response);
160}
161
162static void
163discovery_add_target(struct keys *response_keys, const struct target *targ)
164{
|
| 165 struct port *port; |
166 struct portal *portal;
167 char *buf;
168 char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
169 struct addrinfo *ai;
170 int ret;
171
172 keys_add(response_keys, "TargetName", targ->t_name);
|
172 TAILQ_FOREACH(portal, &targ->t_portal_group->pg_portals, p_next) {
|
173 TAILQ_FOREACH(port, &targ->t_ports, p_ts) {
174 if (port->p_portal_group == NULL)
175 continue;
176 TAILQ_FOREACH(portal, &port->p_portal_group->pg_portals, p_next) { |
177 ai = portal->p_ai;
178 ret = getnameinfo(ai->ai_addr, ai->ai_addrlen,
179 hbuf, sizeof(hbuf), sbuf, sizeof(sbuf),
180 NI_NUMERICHOST | NI_NUMERICSERV);
181 if (ret != 0) {
182 log_warnx("getnameinfo: %s", gai_strerror(ret));
183 continue;
184 }
185 switch (ai->ai_addr->sa_family) {
186 case AF_INET:
187 if (strcmp(hbuf, "0.0.0.0") == 0)
188 continue;
189 ret = asprintf(&buf, "%s:%s,%d", hbuf, sbuf,
|
186 targ->t_portal_group->pg_tag);
|
| 190 port->p_portal_group->pg_tag); |
191 break;
192 case AF_INET6:
193 if (strcmp(hbuf, "::") == 0)
194 continue;
195 ret = asprintf(&buf, "[%s]:%s,%d", hbuf, sbuf,
|
192 targ->t_portal_group->pg_tag);
|
| 196 port->p_portal_group->pg_tag); |
197 break;
198 default:
199 continue;
200 }
201 if (ret <= 0)
202 log_err(1, "asprintf");
203 keys_add(response_keys, "TargetAddress", buf);
204 free(buf);
|
| 205 } |
206 }
207}
208
209static bool
210discovery_target_filtered_out(const struct connection *conn,
|
206 const struct target *targ)
|
| 211 const struct port *port) |
212{
213 const struct auth_group *ag;
214 const struct portal_group *pg;
|
| 215 const struct target *targ; |
216 const struct auth *auth;
217 int error;
218
|
213 ag = targ->t_auth_group;
|
219 targ = port->p_target;
220 ag = port->p_auth_group;
221 if (ag == NULL)
222 ag = targ->t_auth_group; |
223 pg = conn->conn_portal->p_portal_group;
224
225 assert(pg->pg_discovery_auth_group != PG_FILTER_UNKNOWN);
226
227 if (pg->pg_discovery_filter >= PG_FILTER_PORTAL &&
228 auth_portal_check(ag, &conn->conn_initiator_sa) != 0) {
229 log_debugx("initiator does not match initiator portals "
230 "allowed for target \"%s\"; skipping", targ->t_name);
231 return (true);
232 }
233
234 if (pg->pg_discovery_filter >= PG_FILTER_PORTAL_NAME &&
235 auth_name_check(ag, conn->conn_initiator_name) != 0) {
236 log_debugx("initiator does not match initiator names "
237 "allowed for target \"%s\"; skipping", targ->t_name);
238 return (true);
239 }
240
241 if (pg->pg_discovery_filter >= PG_FILTER_PORTAL_NAME_AUTH &&
242 ag->ag_type != AG_TYPE_NO_AUTHENTICATION) {
243 if (conn->conn_chap == NULL) {
244 assert(pg->pg_discovery_auth_group->ag_type ==
245 AG_TYPE_NO_AUTHENTICATION);
246
247 log_debugx("initiator didn't authenticate, but target "
248 "\"%s\" requires CHAP; skipping", targ->t_name);
249 return (true);
250 }
251
252 assert(conn->conn_user != NULL);
253 auth = auth_find(ag, conn->conn_user);
254 if (auth == NULL) {
255 log_debugx("CHAP user \"%s\" doesn't match target "
256 "\"%s\"; skipping", conn->conn_user, targ->t_name);
257 return (true);
258 }
259
260 error = chap_authenticate(conn->conn_chap, auth->a_secret);
261 if (error != 0) {
262 log_debugx("password for CHAP user \"%s\" doesn't "
263 "match target \"%s\"; skipping",
264 conn->conn_user, targ->t_name);
265 return (true);
266 }
267 }
268
269 return (false);
270}
271
272void
273discovery(struct connection *conn)
274{
275 struct pdu *request, *response;
276 struct keys *request_keys, *response_keys;
|
| 277 const struct port *port; |
278 const struct portal_group *pg;
|
269 const struct target *targ;
|
279 const char *send_targets;
280
281 pg = conn->conn_portal->p_portal_group;
282
283 log_debugx("beginning discovery session; waiting for Text PDU");
284 request = text_receive(conn);
285 request_keys = keys_new();
286 keys_load(request_keys, request);
287
288 send_targets = keys_find(request_keys, "SendTargets");
289 if (send_targets == NULL)
290 log_errx(1, "received Text PDU without SendTargets");
291
292 response = text_new_response(request);
293 response_keys = keys_new();
294
295 if (strcmp(send_targets, "All") == 0) {
|
287 TAILQ_FOREACH(targ, &pg->pg_conf->conf_targets, t_next) {
288 if (targ->t_portal_group != pg) {
289 log_debugx("not returning target \"%s\"; "
290 "belongs to a different portal group",
291 targ->t_name);
292 continue;
293 }
294 if (discovery_target_filtered_out(conn, targ)) {
|
296 TAILQ_FOREACH(port, &pg->pg_ports, p_pgs) {
297 if (discovery_target_filtered_out(conn, port)) { |
298 /* Ignore this target. */
299 continue;
300 }
|
298 discovery_add_target(response_keys, targ);
|
| 301 discovery_add_target(response_keys, port->p_target); |
302 }
303 } else {
|
301 targ = target_find(pg->pg_conf, send_targets);
302 if (targ == NULL) {
|
304 port = port_find_in_pg(pg, send_targets);
305 if (port == NULL) { |
306 log_debugx("initiator requested information on unknown "
307 "target \"%s\"; returning nothing", send_targets);
308 } else {
|
306 if (discovery_target_filtered_out(conn, targ)) {
|
| 309 if (discovery_target_filtered_out(conn, port)) { |
310 /* Ignore this target. */
311 } else {
|
309 discovery_add_target(response_keys, targ);
|
| 312 discovery_add_target(response_keys, port->p_target); |
313 }
314 }
315 }
316 keys_save(response_keys, response);
317
318 pdu_send(response);
319 pdu_delete(response);
320 keys_delete(response_keys);
321 pdu_delete(request);
322 keys_delete(request_keys);
323
324 log_debugx("done sending targets; waiting for Logout PDU");
325 request = logout_receive(conn);
326 response = logout_new_response(request);
327
328 pdu_send(response);
329 pdu_delete(response);
330 pdu_delete(request);
331
332 log_debugx("discovery session done");
333}
|