discovery.c revision 273813
1283514Sarybchik/*- 2300607Sarybchik * Copyright (c) 2012 The FreeBSD Foundation 3283514Sarybchik * All rights reserved. 4283514Sarybchik * 5283514Sarybchik * This software was developed by Edward Tomasz Napierala under sponsorship 6283514Sarybchik * from the FreeBSD Foundation. 7283514Sarybchik * 8283514Sarybchik * Redistribution and use in source and binary forms, with or without 9283514Sarybchik * modification, are permitted provided that the following conditions 10283514Sarybchik * are met: 11283514Sarybchik * 1. Redistributions of source code must retain the above copyright 12283514Sarybchik * notice, this list of conditions and the following disclaimer. 13283514Sarybchik * 2. Redistributions in binary form must reproduce the above copyright 14283514Sarybchik * notice, this list of conditions and the following disclaimer in the 15283514Sarybchik * documentation and/or other materials provided with the distribution. 16283514Sarybchik * 17283514Sarybchik * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18283514Sarybchik * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19283514Sarybchik * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20283514Sarybchik * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21283514Sarybchik * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22283514Sarybchik * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23283514Sarybchik * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24283514Sarybchik * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25283514Sarybchik * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26283514Sarybchik * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27283514Sarybchik * SUCH DAMAGE. 28283514Sarybchik * 29283514Sarybchik */ 30283514Sarybchik 31283514Sarybchik#include <sys/cdefs.h> 32283514Sarybchik__FBSDID("$FreeBSD: head/usr.sbin/ctld/discovery.c 273813 2014-10-29 09:26:55Z trasz $"); 33283514Sarybchik 34283514Sarybchik#include <assert.h> 35283514Sarybchik#include <stdint.h> 36283514Sarybchik#include <stdio.h> 37283514Sarybchik#include <stdlib.h> 38283514Sarybchik#include <string.h> 39283514Sarybchik#include <netinet/in.h> 40283514Sarybchik#include <netdb.h> 41283514Sarybchik#include <sys/socket.h> 42283514Sarybchik 43283514Sarybchik#include "ctld.h" 44283514Sarybchik#include "iscsi_proto.h" 45283514Sarybchik 46283514Sarybchikstatic struct pdu * 47283514Sarybchiktext_receive(struct connection *conn) 48283514Sarybchik{ 49283514Sarybchik struct pdu *request; 50283514Sarybchik struct iscsi_bhs_text_request *bhstr; 51283514Sarybchik 52283514Sarybchik request = pdu_new(conn); 53283514Sarybchik pdu_receive(request); 54283514Sarybchik if ((request->pdu_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) != 55283514Sarybchik ISCSI_BHS_OPCODE_TEXT_REQUEST) 56283514Sarybchik log_errx(1, "protocol error: received invalid opcode 0x%x", 57283514Sarybchik request->pdu_bhs->bhs_opcode); 58283514Sarybchik bhstr = (struct iscsi_bhs_text_request *)request->pdu_bhs; 59283514Sarybchik#if 0 60283514Sarybchik if ((bhstr->bhstr_flags & ISCSI_BHSTR_FLAGS_FINAL) == 0) 61283514Sarybchik log_errx(1, "received Text PDU without the \"F\" flag"); 62283514Sarybchik#endif 63283514Sarybchik /* 64283514Sarybchik * XXX: Implement the C flag some day. 65283514Sarybchik */ 66283514Sarybchik if ((bhstr->bhstr_flags & BHSTR_FLAGS_CONTINUE) != 0) 67283514Sarybchik log_errx(1, "received Text PDU with unsupported \"C\" flag"); 68283514Sarybchik if (ntohl(bhstr->bhstr_cmdsn) < conn->conn_cmdsn) { 69283514Sarybchik log_errx(1, "received Text PDU with decreasing CmdSN: " 70283514Sarybchik "was %d, is %d", conn->conn_cmdsn, ntohl(bhstr->bhstr_cmdsn)); 71283514Sarybchik } 72283514Sarybchik if (ntohl(bhstr->bhstr_expstatsn) != conn->conn_statsn) { 73283514Sarybchik log_errx(1, "received Text PDU with wrong StatSN: " 74283514Sarybchik "is %d, should be %d", ntohl(bhstr->bhstr_expstatsn), 75283514Sarybchik conn->conn_statsn); 76283514Sarybchik } 77283514Sarybchik conn->conn_cmdsn = ntohl(bhstr->bhstr_cmdsn); 78283514Sarybchik 79283514Sarybchik return (request); 80283514Sarybchik} 81283514Sarybchik 82283514Sarybchikstatic struct pdu * 83283514Sarybchiktext_new_response(struct pdu *request) 84283514Sarybchik{ 85283514Sarybchik struct pdu *response; 86283514Sarybchik struct connection *conn; 87283514Sarybchik struct iscsi_bhs_text_request *bhstr; 88283514Sarybchik struct iscsi_bhs_text_response *bhstr2; 89283514Sarybchik 90283514Sarybchik bhstr = (struct iscsi_bhs_text_request *)request->pdu_bhs; 91283514Sarybchik conn = request->pdu_connection; 92283514Sarybchik 93283514Sarybchik response = pdu_new_response(request); 94283514Sarybchik bhstr2 = (struct iscsi_bhs_text_response *)response->pdu_bhs; 95283514Sarybchik bhstr2->bhstr_opcode = ISCSI_BHS_OPCODE_TEXT_RESPONSE; 96283514Sarybchik bhstr2->bhstr_flags = BHSTR_FLAGS_FINAL; 97283514Sarybchik bhstr2->bhstr_lun = bhstr->bhstr_lun; 98283514Sarybchik bhstr2->bhstr_initiator_task_tag = bhstr->bhstr_initiator_task_tag; 99283514Sarybchik bhstr2->bhstr_target_transfer_tag = bhstr->bhstr_target_transfer_tag; 100283514Sarybchik bhstr2->bhstr_statsn = htonl(conn->conn_statsn++); 101283514Sarybchik bhstr2->bhstr_expcmdsn = htonl(conn->conn_cmdsn); 102283514Sarybchik bhstr2->bhstr_maxcmdsn = htonl(conn->conn_cmdsn); 103283514Sarybchik 104283514Sarybchik return (response); 105283514Sarybchik} 106283514Sarybchik 107283514Sarybchikstatic struct pdu * 108283514Sarybchiklogout_receive(struct connection *conn) 109283514Sarybchik{ 110283514Sarybchik struct pdu *request; 111283514Sarybchik struct iscsi_bhs_logout_request *bhslr; 112283514Sarybchik 113283514Sarybchik request = pdu_new(conn); 114283514Sarybchik pdu_receive(request); 115283514Sarybchik if ((request->pdu_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) != 116283514Sarybchik ISCSI_BHS_OPCODE_LOGOUT_REQUEST) 117283514Sarybchik log_errx(1, "protocol error: received invalid opcode 0x%x", 118283514Sarybchik request->pdu_bhs->bhs_opcode); 119283514Sarybchik bhslr = (struct iscsi_bhs_logout_request *)request->pdu_bhs; 120283514Sarybchik if ((bhslr->bhslr_reason & 0x7f) != BHSLR_REASON_CLOSE_SESSION) 121283514Sarybchik log_debugx("received Logout PDU with invalid reason 0x%x; " 122283514Sarybchik "continuing anyway", bhslr->bhslr_reason & 0x7f); 123283514Sarybchik if (ntohl(bhslr->bhslr_cmdsn) < conn->conn_cmdsn) { 124283514Sarybchik log_errx(1, "received Logout PDU with decreasing CmdSN: " 125283514Sarybchik "was %d, is %d", conn->conn_cmdsn, 126283514Sarybchik ntohl(bhslr->bhslr_cmdsn)); 127283514Sarybchik } 128283514Sarybchik if (ntohl(bhslr->bhslr_expstatsn) != conn->conn_statsn) { 129283514Sarybchik log_errx(1, "received Logout PDU with wrong StatSN: " 130283514Sarybchik "is %d, should be %d", ntohl(bhslr->bhslr_expstatsn), 131283514Sarybchik conn->conn_statsn); 132283514Sarybchik } 133283514Sarybchik conn->conn_cmdsn = ntohl(bhslr->bhslr_cmdsn); 134283514Sarybchik 135283514Sarybchik return (request); 136283514Sarybchik} 137283514Sarybchik 138283514Sarybchikstatic struct pdu * 139283514Sarybchiklogout_new_response(struct pdu *request) 140283514Sarybchik{ 141283514Sarybchik struct pdu *response; 142283514Sarybchik struct connection *conn; 143283514Sarybchik struct iscsi_bhs_logout_request *bhslr; 144283514Sarybchik struct iscsi_bhs_logout_response *bhslr2; 145283514Sarybchik 146283514Sarybchik bhslr = (struct iscsi_bhs_logout_request *)request->pdu_bhs; 147283514Sarybchik conn = request->pdu_connection; 148283514Sarybchik 149283514Sarybchik response = pdu_new_response(request); 150283514Sarybchik bhslr2 = (struct iscsi_bhs_logout_response *)response->pdu_bhs; 151283514Sarybchik bhslr2->bhslr_opcode = ISCSI_BHS_OPCODE_LOGOUT_RESPONSE; 152283514Sarybchik bhslr2->bhslr_flags = 0x80; 153283514Sarybchik bhslr2->bhslr_response = BHSLR_RESPONSE_CLOSED_SUCCESSFULLY; 154283514Sarybchik bhslr2->bhslr_initiator_task_tag = bhslr->bhslr_initiator_task_tag; 155283514Sarybchik bhslr2->bhslr_statsn = htonl(conn->conn_statsn++); 156283514Sarybchik bhslr2->bhslr_expcmdsn = htonl(conn->conn_cmdsn); 157283514Sarybchik bhslr2->bhslr_maxcmdsn = htonl(conn->conn_cmdsn); 158283514Sarybchik 159283514Sarybchik return (response); 160283514Sarybchik} 161283514Sarybchik 162283514Sarybchikstatic void 163283514Sarybchikdiscovery_add_target(struct keys *response_keys, const struct target *targ) 164283514Sarybchik{ 165283514Sarybchik struct portal *portal; 166283514Sarybchik char *buf; 167283514Sarybchik char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV]; 168283514Sarybchik struct addrinfo *ai; 169283514Sarybchik int ret; 170283514Sarybchik 171283514Sarybchik keys_add(response_keys, "TargetName", targ->t_name); 172283514Sarybchik TAILQ_FOREACH(portal, &targ->t_portal_group->pg_portals, p_next) { 173283514Sarybchik ai = portal->p_ai; 174283514Sarybchik ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, 175283514Sarybchik hbuf, sizeof(hbuf), sbuf, sizeof(sbuf), 176283514Sarybchik NI_NUMERICHOST | NI_NUMERICSERV); 177283514Sarybchik if (ret != 0) { 178283514Sarybchik log_warnx("getnameinfo: %s", gai_strerror(ret)); 179283514Sarybchik continue; 180283514Sarybchik } 181283514Sarybchik switch (ai->ai_addr->sa_family) { 182283514Sarybchik case AF_INET: 183283514Sarybchik if (strcmp(hbuf, "0.0.0.0") == 0) 184283514Sarybchik continue; 185283514Sarybchik ret = asprintf(&buf, "%s:%s,%d", hbuf, sbuf, 186283514Sarybchik targ->t_portal_group->pg_tag); 187283514Sarybchik break; 188283514Sarybchik case AF_INET6: 189283514Sarybchik if (strcmp(hbuf, "::") == 0) 190283514Sarybchik continue; 191283514Sarybchik ret = asprintf(&buf, "[%s]:%s,%d", hbuf, sbuf, 192283514Sarybchik targ->t_portal_group->pg_tag); 193283514Sarybchik break; 194283514Sarybchik default: 195283514Sarybchik continue; 196283514Sarybchik } 197283514Sarybchik if (ret <= 0) 198283514Sarybchik log_err(1, "asprintf"); 199 keys_add(response_keys, "TargetAddress", buf); 200 free(buf); 201 } 202} 203 204static bool 205discovery_target_filtered_out(const struct connection *conn, 206 const struct target *targ) 207{ 208 const struct auth_group *ag; 209 const struct portal_group *pg; 210 const struct auth *auth; 211 int error; 212 213 ag = targ->t_auth_group; 214 pg = conn->conn_portal->p_portal_group; 215 216 assert(pg->pg_discovery_auth_group != PG_FILTER_UNKNOWN); 217 218 if (pg->pg_discovery_filter >= PG_FILTER_PORTAL && 219 auth_portal_check(ag, &conn->conn_initiator_sa) != 0) { 220 log_debugx("initiator does not match initiator portals " 221 "allowed for target \"%s\"; skipping", targ->t_name); 222 return (true); 223 } 224 225 if (pg->pg_discovery_filter >= PG_FILTER_PORTAL_NAME && 226 auth_name_check(ag, conn->conn_initiator_name) != 0) { 227 log_debugx("initiator does not match initiator names " 228 "allowed for target \"%s\"; skipping", targ->t_name); 229 return (true); 230 } 231 232 if (pg->pg_discovery_filter >= PG_FILTER_PORTAL_NAME_AUTH && 233 ag->ag_type != AG_TYPE_NO_AUTHENTICATION) { 234 if (conn->conn_chap == NULL) { 235 assert(pg->pg_discovery_auth_group->ag_type == 236 AG_TYPE_NO_AUTHENTICATION); 237 238 log_debugx("initiator didn't authenticate, but target " 239 "\"%s\" requires CHAP; skipping", targ->t_name); 240 return (true); 241 } 242 243 assert(conn->conn_user != NULL); 244 auth = auth_find(ag, conn->conn_user); 245 if (auth == NULL) { 246 log_debugx("CHAP user \"%s\" doesn't match target " 247 "\"%s\"; skipping", conn->conn_user, targ->t_name); 248 return (true); 249 } 250 251 error = chap_authenticate(conn->conn_chap, auth->a_secret); 252 if (error != 0) { 253 log_debugx("password for CHAP user \"%s\" doesn't " 254 "match target \"%s\"; skipping", 255 conn->conn_user, targ->t_name); 256 return (true); 257 } 258 } 259 260 return (false); 261} 262 263void 264discovery(struct connection *conn) 265{ 266 struct pdu *request, *response; 267 struct keys *request_keys, *response_keys; 268 const struct portal_group *pg; 269 const struct target *targ; 270 const char *send_targets; 271 272 pg = conn->conn_portal->p_portal_group; 273 274 log_debugx("beginning discovery session; waiting for Text PDU"); 275 request = text_receive(conn); 276 request_keys = keys_new(); 277 keys_load(request_keys, request); 278 279 send_targets = keys_find(request_keys, "SendTargets"); 280 if (send_targets == NULL) 281 log_errx(1, "received Text PDU without SendTargets"); 282 283 response = text_new_response(request); 284 response_keys = keys_new(); 285 286 if (strcmp(send_targets, "All") == 0) { 287 TAILQ_FOREACH(targ, &pg->pg_conf->conf_targets, t_next) { 288 if (targ->t_portal_group != pg) { 289 log_debugx("not returning target \"%s\"; " 290 "belongs to a different portal group", 291 targ->t_name); 292 continue; 293 } 294 if (discovery_target_filtered_out(conn, targ)) { 295 /* Ignore this target. */ 296 continue; 297 } 298 discovery_add_target(response_keys, targ); 299 } 300 } else { 301 targ = target_find(pg->pg_conf, send_targets); 302 if (targ == NULL) { 303 log_debugx("initiator requested information on unknown " 304 "target \"%s\"; returning nothing", send_targets); 305 } else { 306 if (discovery_target_filtered_out(conn, targ)) { 307 /* Ignore this target. */ 308 } else { 309 discovery_add_target(response_keys, targ); 310 } 311 } 312 } 313 keys_save(response_keys, response); 314 315 pdu_send(response); 316 pdu_delete(response); 317 keys_delete(response_keys); 318 pdu_delete(request); 319 keys_delete(request_keys); 320 321 log_debugx("done sending targets; waiting for Logout PDU"); 322 request = logout_receive(conn); 323 response = logout_new_response(request); 324 325 pdu_send(response); 326 pdu_delete(response); 327 pdu_delete(request); 328 329 log_debugx("discovery session done"); 330} 331