ctld.c revision 274871
178189Sbrian/*- 278189Sbrian * Copyright (c) 2012 The FreeBSD Foundation 378189Sbrian * All rights reserved. 478189Sbrian * 578189Sbrian * This software was developed by Edward Tomasz Napierala under sponsorship 613389Sphk * from the FreeBSD Foundation. 778189Sbrian * 878189Sbrian * Redistribution and use in source and binary forms, with or without 978189Sbrian * modification, are permitted provided that the following conditions 1078189Sbrian * are met: 1178189Sbrian * 1. Redistributions of source code must retain the above copyright 1278189Sbrian * notice, this list of conditions and the following disclaimer. 1378189Sbrian * 2. Redistributions in binary form must reproduce the above copyright 1478189Sbrian * notice, this list of conditions and the following disclaimer in the 1513389Sphk * documentation and/or other materials provided with the distribution. 1678189Sbrian * 1778189Sbrian * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 1878189Sbrian * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1978189Sbrian * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2078189Sbrian * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 2178189Sbrian * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2278189Sbrian * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2378189Sbrian * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2478189Sbrian * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2578189Sbrian * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2678189Sbrian * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2713389Sphk * SUCH DAMAGE. 2850479Speter * 2913389Sphk */ 3013389Sphk 3136285Sbrian#include <sys/cdefs.h> 3236285Sbrian__FBSDID("$FreeBSD: stable/10/usr.sbin/ctld/ctld.c 274871 2014-11-22 17:52:33Z trasz $"); 3336285Sbrian 3436285Sbrian#include <sys/types.h> 3536285Sbrian#include <sys/time.h> 3646686Sbrian#include <sys/socket.h> 3781634Sbrian#include <sys/wait.h> 3881634Sbrian#include <netinet/in.h> 3981634Sbrian#include <arpa/inet.h> 4081634Sbrian#include <assert.h> 4181634Sbrian#include <ctype.h> 4281634Sbrian#include <errno.h> 4381634Sbrian#include <netdb.h> 4481634Sbrian#include <signal.h> 45#include <stdbool.h> 46#include <stdio.h> 47#include <stdint.h> 48#include <stdlib.h> 49#include <string.h> 50#include <unistd.h> 51 52#include "ctld.h" 53 54bool proxy_mode = false; 55 56static volatile bool sighup_received = false; 57static volatile bool sigterm_received = false; 58static volatile bool sigalrm_received = false; 59 60static int nchildren = 0; 61 62static void 63usage(void) 64{ 65 66 fprintf(stderr, "usage: ctld [-d][-f config-file]\n"); 67 exit(1); 68} 69 70char * 71checked_strdup(const char *s) 72{ 73 char *c; 74 75 c = strdup(s); 76 if (c == NULL) 77 log_err(1, "strdup"); 78 return (c); 79} 80 81struct conf * 82conf_new(void) 83{ 84 struct conf *conf; 85 86 conf = calloc(1, sizeof(*conf)); 87 if (conf == NULL) 88 log_err(1, "calloc"); 89 TAILQ_INIT(&conf->conf_targets); 90 TAILQ_INIT(&conf->conf_auth_groups); 91 TAILQ_INIT(&conf->conf_portal_groups); 92 93 conf->conf_debug = 0; 94 conf->conf_timeout = 60; 95 conf->conf_maxproc = 30; 96 97 return (conf); 98} 99 100void 101conf_delete(struct conf *conf) 102{ 103 struct target *targ, *tmp; 104 struct auth_group *ag, *cagtmp; 105 struct portal_group *pg, *cpgtmp; 106 107 assert(conf->conf_pidfh == NULL); 108 109 TAILQ_FOREACH_SAFE(targ, &conf->conf_targets, t_next, tmp) 110 target_delete(targ); 111 TAILQ_FOREACH_SAFE(ag, &conf->conf_auth_groups, ag_next, cagtmp) 112 auth_group_delete(ag); 113 TAILQ_FOREACH_SAFE(pg, &conf->conf_portal_groups, pg_next, cpgtmp) 114 portal_group_delete(pg); 115 free(conf->conf_pidfile_path); 116 free(conf); 117} 118 119static struct auth * 120auth_new(struct auth_group *ag) 121{ 122 struct auth *auth; 123 124 auth = calloc(1, sizeof(*auth)); 125 if (auth == NULL) 126 log_err(1, "calloc"); 127 auth->a_auth_group = ag; 128 TAILQ_INSERT_TAIL(&ag->ag_auths, auth, a_next); 129 return (auth); 130} 131 132static void 133auth_delete(struct auth *auth) 134{ 135 TAILQ_REMOVE(&auth->a_auth_group->ag_auths, auth, a_next); 136 137 free(auth->a_user); 138 free(auth->a_secret); 139 free(auth->a_mutual_user); 140 free(auth->a_mutual_secret); 141 free(auth); 142} 143 144const struct auth * 145auth_find(const struct auth_group *ag, const char *user) 146{ 147 const struct auth *auth; 148 149 TAILQ_FOREACH(auth, &ag->ag_auths, a_next) { 150 if (strcmp(auth->a_user, user) == 0) 151 return (auth); 152 } 153 154 return (NULL); 155} 156 157static void 158auth_check_secret_length(struct auth *auth) 159{ 160 size_t len; 161 162 len = strlen(auth->a_secret); 163 if (len > 16) { 164 if (auth->a_auth_group->ag_name != NULL) 165 log_warnx("secret for user \"%s\", auth-group \"%s\", " 166 "is too long; it should be at most 16 characters " 167 "long", auth->a_user, auth->a_auth_group->ag_name); 168 else 169 log_warnx("secret for user \"%s\", target \"%s\", " 170 "is too long; it should be at most 16 characters " 171 "long", auth->a_user, 172 auth->a_auth_group->ag_target->t_name); 173 } 174 if (len < 12) { 175 if (auth->a_auth_group->ag_name != NULL) 176 log_warnx("secret for user \"%s\", auth-group \"%s\", " 177 "is too short; it should be at least 12 characters " 178 "long", auth->a_user, 179 auth->a_auth_group->ag_name); 180 else 181 log_warnx("secret for user \"%s\", target \"%s\", " 182 "is too short; it should be at least 16 characters " 183 "long", auth->a_user, 184 auth->a_auth_group->ag_target->t_name); 185 } 186 187 if (auth->a_mutual_secret != NULL) { 188 len = strlen(auth->a_secret); 189 if (len > 16) { 190 if (auth->a_auth_group->ag_name != NULL) 191 log_warnx("mutual secret for user \"%s\", " 192 "auth-group \"%s\", is too long; it should " 193 "be at most 16 characters long", 194 auth->a_user, auth->a_auth_group->ag_name); 195 else 196 log_warnx("mutual secret for user \"%s\", " 197 "target \"%s\", is too long; it should " 198 "be at most 16 characters long", 199 auth->a_user, 200 auth->a_auth_group->ag_target->t_name); 201 } 202 if (len < 12) { 203 if (auth->a_auth_group->ag_name != NULL) 204 log_warnx("mutual secret for user \"%s\", " 205 "auth-group \"%s\", is too short; it " 206 "should be at least 12 characters long", 207 auth->a_user, auth->a_auth_group->ag_name); 208 else 209 log_warnx("mutual secret for user \"%s\", " 210 "target \"%s\", is too short; it should be " 211 "at least 16 characters long", 212 auth->a_user, 213 auth->a_auth_group->ag_target->t_name); 214 } 215 } 216} 217 218const struct auth * 219auth_new_chap(struct auth_group *ag, const char *user, 220 const char *secret) 221{ 222 struct auth *auth; 223 224 if (ag->ag_type == AG_TYPE_UNKNOWN) 225 ag->ag_type = AG_TYPE_CHAP; 226 if (ag->ag_type != AG_TYPE_CHAP) { 227 if (ag->ag_name != NULL) 228 log_warnx("cannot mix \"chap\" authentication with " 229 "other types for auth-group \"%s\"", ag->ag_name); 230 else 231 log_warnx("cannot mix \"chap\" authentication with " 232 "other types for target \"%s\"", 233 ag->ag_target->t_name); 234 return (NULL); 235 } 236 237 auth = auth_new(ag); 238 auth->a_user = checked_strdup(user); 239 auth->a_secret = checked_strdup(secret); 240 241 auth_check_secret_length(auth); 242 243 return (auth); 244} 245 246const struct auth * 247auth_new_chap_mutual(struct auth_group *ag, const char *user, 248 const char *secret, const char *user2, const char *secret2) 249{ 250 struct auth *auth; 251 252 if (ag->ag_type == AG_TYPE_UNKNOWN) 253 ag->ag_type = AG_TYPE_CHAP_MUTUAL; 254 if (ag->ag_type != AG_TYPE_CHAP_MUTUAL) { 255 if (ag->ag_name != NULL) 256 log_warnx("cannot mix \"chap-mutual\" authentication " 257 "with other types for auth-group \"%s\"", 258 ag->ag_name); 259 else 260 log_warnx("cannot mix \"chap-mutual\" authentication " 261 "with other types for target \"%s\"", 262 ag->ag_target->t_name); 263 return (NULL); 264 } 265 266 auth = auth_new(ag); 267 auth->a_user = checked_strdup(user); 268 auth->a_secret = checked_strdup(secret); 269 auth->a_mutual_user = checked_strdup(user2); 270 auth->a_mutual_secret = checked_strdup(secret2); 271 272 auth_check_secret_length(auth); 273 274 return (auth); 275} 276 277const struct auth_name * 278auth_name_new(struct auth_group *ag, const char *name) 279{ 280 struct auth_name *an; 281 282 an = calloc(1, sizeof(*an)); 283 if (an == NULL) 284 log_err(1, "calloc"); 285 an->an_auth_group = ag; 286 an->an_initator_name = checked_strdup(name); 287 TAILQ_INSERT_TAIL(&ag->ag_names, an, an_next); 288 return (an); 289} 290 291static void 292auth_name_delete(struct auth_name *an) 293{ 294 TAILQ_REMOVE(&an->an_auth_group->ag_names, an, an_next); 295 296 free(an->an_initator_name); 297 free(an); 298} 299 300bool 301auth_name_defined(const struct auth_group *ag) 302{ 303 if (TAILQ_EMPTY(&ag->ag_names)) 304 return (false); 305 return (true); 306} 307 308const struct auth_name * 309auth_name_find(const struct auth_group *ag, const char *name) 310{ 311 const struct auth_name *auth_name; 312 313 TAILQ_FOREACH(auth_name, &ag->ag_names, an_next) { 314 if (strcmp(auth_name->an_initator_name, name) == 0) 315 return (auth_name); 316 } 317 318 return (NULL); 319} 320 321const struct auth_portal * 322auth_portal_new(struct auth_group *ag, const char *portal) 323{ 324 struct auth_portal *ap; 325 char *net, *mask, *str, *tmp; 326 int len, dm, m; 327 328 ap = calloc(1, sizeof(*ap)); 329 if (ap == NULL) 330 log_err(1, "calloc"); 331 ap->ap_auth_group = ag; 332 ap->ap_initator_portal = checked_strdup(portal); 333 mask = str = checked_strdup(portal); 334 net = strsep(&mask, "/"); 335 if (net[0] == '[') 336 net++; 337 len = strlen(net); 338 if (len == 0) 339 goto error; 340 if (net[len - 1] == ']') 341 net[len - 1] = 0; 342 if (strchr(net, ':') != NULL) { 343 struct sockaddr_in6 *sin6 = 344 (struct sockaddr_in6 *)&ap->ap_sa; 345 346 sin6->sin6_len = sizeof(*sin6); 347 sin6->sin6_family = AF_INET6; 348 if (inet_pton(AF_INET6, net, &sin6->sin6_addr) <= 0) 349 goto error; 350 dm = 128; 351 } else { 352 struct sockaddr_in *sin = 353 (struct sockaddr_in *)&ap->ap_sa; 354 355 sin->sin_len = sizeof(*sin); 356 sin->sin_family = AF_INET; 357 if (inet_pton(AF_INET, net, &sin->sin_addr) <= 0) 358 goto error; 359 dm = 32; 360 } 361 if (mask != NULL) { 362 m = strtol(mask, &tmp, 0); 363 if (m < 0 || m > dm || tmp[0] != 0) 364 goto error; 365 } else 366 m = dm; 367 ap->ap_mask = m; 368 free(str); 369 TAILQ_INSERT_TAIL(&ag->ag_portals, ap, ap_next); 370 return (ap); 371 372error: 373 log_errx(1, "Incorrect initiator portal '%s'", portal); 374 return (NULL); 375} 376 377static void 378auth_portal_delete(struct auth_portal *ap) 379{ 380 TAILQ_REMOVE(&ap->ap_auth_group->ag_portals, ap, ap_next); 381 382 free(ap->ap_initator_portal); 383 free(ap); 384} 385 386bool 387auth_portal_defined(const struct auth_group *ag) 388{ 389 if (TAILQ_EMPTY(&ag->ag_portals)) 390 return (false); 391 return (true); 392} 393 394const struct auth_portal * 395auth_portal_find(const struct auth_group *ag, const struct sockaddr_storage *ss) 396{ 397 const struct auth_portal *ap; 398 const uint8_t *a, *b; 399 int i; 400 uint8_t bmask; 401 402 TAILQ_FOREACH(ap, &ag->ag_portals, ap_next) { 403 if (ap->ap_sa.ss_family != ss->ss_family) 404 continue; 405 if (ss->ss_family == AF_INET) { 406 a = (const uint8_t *) 407 &((const struct sockaddr_in *)ss)->sin_addr; 408 b = (const uint8_t *) 409 &((const struct sockaddr_in *)&ap->ap_sa)->sin_addr; 410 } else { 411 a = (const uint8_t *) 412 &((const struct sockaddr_in6 *)ss)->sin6_addr; 413 b = (const uint8_t *) 414 &((const struct sockaddr_in6 *)&ap->ap_sa)->sin6_addr; 415 } 416 for (i = 0; i < ap->ap_mask / 8; i++) { 417 if (a[i] != b[i]) 418 goto next; 419 } 420 if (ap->ap_mask % 8) { 421 bmask = 0xff << (8 - (ap->ap_mask % 8)); 422 if ((a[i] & bmask) != (b[i] & bmask)) 423 goto next; 424 } 425 return (ap); 426next: 427 ; 428 } 429 430 return (NULL); 431} 432 433struct auth_group * 434auth_group_new(struct conf *conf, const char *name) 435{ 436 struct auth_group *ag; 437 438 if (name != NULL) { 439 ag = auth_group_find(conf, name); 440 if (ag != NULL) { 441 log_warnx("duplicated auth-group \"%s\"", name); 442 return (NULL); 443 } 444 } 445 446 ag = calloc(1, sizeof(*ag)); 447 if (ag == NULL) 448 log_err(1, "calloc"); 449 if (name != NULL) 450 ag->ag_name = checked_strdup(name); 451 TAILQ_INIT(&ag->ag_auths); 452 TAILQ_INIT(&ag->ag_names); 453 TAILQ_INIT(&ag->ag_portals); 454 ag->ag_conf = conf; 455 TAILQ_INSERT_TAIL(&conf->conf_auth_groups, ag, ag_next); 456 457 return (ag); 458} 459 460void 461auth_group_delete(struct auth_group *ag) 462{ 463 struct auth *auth, *auth_tmp; 464 struct auth_name *auth_name, *auth_name_tmp; 465 struct auth_portal *auth_portal, *auth_portal_tmp; 466 467 TAILQ_REMOVE(&ag->ag_conf->conf_auth_groups, ag, ag_next); 468 469 TAILQ_FOREACH_SAFE(auth, &ag->ag_auths, a_next, auth_tmp) 470 auth_delete(auth); 471 TAILQ_FOREACH_SAFE(auth_name, &ag->ag_names, an_next, auth_name_tmp) 472 auth_name_delete(auth_name); 473 TAILQ_FOREACH_SAFE(auth_portal, &ag->ag_portals, ap_next, 474 auth_portal_tmp) 475 auth_portal_delete(auth_portal); 476 free(ag->ag_name); 477 free(ag); 478} 479 480struct auth_group * 481auth_group_find(const struct conf *conf, const char *name) 482{ 483 struct auth_group *ag; 484 485 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) { 486 if (ag->ag_name != NULL && strcmp(ag->ag_name, name) == 0) 487 return (ag); 488 } 489 490 return (NULL); 491} 492 493static int 494auth_group_set_type(struct auth_group *ag, int type) 495{ 496 497 if (ag->ag_type == AG_TYPE_UNKNOWN) { 498 ag->ag_type = type; 499 return (0); 500 } 501 502 if (ag->ag_type == type) 503 return (0); 504 505 return (1); 506} 507 508int 509auth_group_set_type_str(struct auth_group *ag, const char *str) 510{ 511 int error, type; 512 513 if (strcmp(str, "none") == 0) { 514 type = AG_TYPE_NO_AUTHENTICATION; 515 } else if (strcmp(str, "deny") == 0) { 516 type = AG_TYPE_DENY; 517 } else if (strcmp(str, "chap") == 0) { 518 type = AG_TYPE_CHAP; 519 } else if (strcmp(str, "chap-mutual") == 0) { 520 type = AG_TYPE_CHAP_MUTUAL; 521 } else { 522 if (ag->ag_name != NULL) 523 log_warnx("invalid auth-type \"%s\" for auth-group " 524 "\"%s\"", str, ag->ag_name); 525 else 526 log_warnx("invalid auth-type \"%s\" for target " 527 "\"%s\"", str, ag->ag_target->t_name); 528 return (1); 529 } 530 531 error = auth_group_set_type(ag, type); 532 if (error != 0) { 533 if (ag->ag_name != NULL) 534 log_warnx("cannot set auth-type to \"%s\" for " 535 "auth-group \"%s\"; already has a different " 536 "type", str, ag->ag_name); 537 else 538 log_warnx("cannot set auth-type to \"%s\" for target " 539 "\"%s\"; already has a different type", 540 str, ag->ag_target->t_name); 541 return (1); 542 } 543 544 return (error); 545} 546 547static struct portal * 548portal_new(struct portal_group *pg) 549{ 550 struct portal *portal; 551 552 portal = calloc(1, sizeof(*portal)); 553 if (portal == NULL) 554 log_err(1, "calloc"); 555 TAILQ_INIT(&portal->p_targets); 556 portal->p_portal_group = pg; 557 TAILQ_INSERT_TAIL(&pg->pg_portals, portal, p_next); 558 return (portal); 559} 560 561static void 562portal_delete(struct portal *portal) 563{ 564 565 TAILQ_REMOVE(&portal->p_portal_group->pg_portals, portal, p_next); 566 if (portal->p_ai != NULL) 567 freeaddrinfo(portal->p_ai); 568 free(portal->p_listen); 569 free(portal); 570} 571 572struct portal_group * 573portal_group_new(struct conf *conf, const char *name) 574{ 575 struct portal_group *pg; 576 577 pg = portal_group_find(conf, name); 578 if (pg != NULL) { 579 log_warnx("duplicated portal-group \"%s\"", name); 580 return (NULL); 581 } 582 583 pg = calloc(1, sizeof(*pg)); 584 if (pg == NULL) 585 log_err(1, "calloc"); 586 pg->pg_name = checked_strdup(name); 587 TAILQ_INIT(&pg->pg_portals); 588 pg->pg_conf = conf; 589 conf->conf_last_portal_group_tag++; 590 pg->pg_tag = conf->conf_last_portal_group_tag; 591 TAILQ_INSERT_TAIL(&conf->conf_portal_groups, pg, pg_next); 592 593 return (pg); 594} 595 596void 597portal_group_delete(struct portal_group *pg) 598{ 599 struct portal *portal, *tmp; 600 601 TAILQ_REMOVE(&pg->pg_conf->conf_portal_groups, pg, pg_next); 602 603 TAILQ_FOREACH_SAFE(portal, &pg->pg_portals, p_next, tmp) 604 portal_delete(portal); 605 free(pg->pg_name); 606 free(pg); 607} 608 609struct portal_group * 610portal_group_find(const struct conf *conf, const char *name) 611{ 612 struct portal_group *pg; 613 614 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 615 if (strcmp(pg->pg_name, name) == 0) 616 return (pg); 617 } 618 619 return (NULL); 620} 621 622int 623portal_group_add_listen(struct portal_group *pg, const char *value, bool iser) 624{ 625 struct addrinfo hints; 626 struct portal *portal; 627 char *addr, *ch, *arg; 628 const char *port; 629 int error, colons = 0; 630 631 portal = portal_new(pg); 632 portal->p_listen = checked_strdup(value); 633 portal->p_iser = iser; 634 635 arg = portal->p_listen; 636 if (arg[0] == '\0') { 637 log_warnx("empty listen address"); 638 portal_delete(portal); 639 return (1); 640 } 641 if (arg[0] == '[') { 642 /* 643 * IPv6 address in square brackets, perhaps with port. 644 */ 645 arg++; 646 addr = strsep(&arg, "]"); 647 if (arg == NULL) { 648 log_warnx("invalid listen address %s", 649 portal->p_listen); 650 portal_delete(portal); 651 return (1); 652 } 653 if (arg[0] == '\0') { 654 port = "3260"; 655 } else if (arg[0] == ':') { 656 port = arg + 1; 657 } else { 658 log_warnx("invalid listen address %s", 659 portal->p_listen); 660 portal_delete(portal); 661 return (1); 662 } 663 } else { 664 /* 665 * Either IPv6 address without brackets - and without 666 * a port - or IPv4 address. Just count the colons. 667 */ 668 for (ch = arg; *ch != '\0'; ch++) { 669 if (*ch == ':') 670 colons++; 671 } 672 if (colons > 1) { 673 addr = arg; 674 port = "3260"; 675 } else { 676 addr = strsep(&arg, ":"); 677 if (arg == NULL) 678 port = "3260"; 679 else 680 port = arg; 681 } 682 } 683 684 memset(&hints, 0, sizeof(hints)); 685 hints.ai_family = PF_UNSPEC; 686 hints.ai_socktype = SOCK_STREAM; 687 hints.ai_flags = AI_PASSIVE; 688 689 error = getaddrinfo(addr, port, &hints, &portal->p_ai); 690 if (error != 0) { 691 log_warnx("getaddrinfo for %s failed: %s", 692 portal->p_listen, gai_strerror(error)); 693 portal_delete(portal); 694 return (1); 695 } 696 697 /* 698 * XXX: getaddrinfo(3) may return multiple addresses; we should turn 699 * those into multiple portals. 700 */ 701 702 return (0); 703} 704 705static bool 706valid_hex(const char ch) 707{ 708 switch (ch) { 709 case '0': 710 case '1': 711 case '2': 712 case '3': 713 case '4': 714 case '5': 715 case '6': 716 case '7': 717 case '8': 718 case '9': 719 case 'a': 720 case 'A': 721 case 'b': 722 case 'B': 723 case 'c': 724 case 'C': 725 case 'd': 726 case 'D': 727 case 'e': 728 case 'E': 729 case 'f': 730 case 'F': 731 return (true); 732 default: 733 return (false); 734 } 735} 736 737bool 738valid_iscsi_name(const char *name) 739{ 740 int i; 741 742 if (strlen(name) >= MAX_NAME_LEN) { 743 log_warnx("overlong name for target \"%s\"; max length allowed " 744 "by iSCSI specification is %d characters", 745 name, MAX_NAME_LEN); 746 return (false); 747 } 748 749 /* 750 * In the cases below, we don't return an error, just in case the admin 751 * was right, and we're wrong. 752 */ 753 if (strncasecmp(name, "iqn.", strlen("iqn.")) == 0) { 754 for (i = strlen("iqn."); name[i] != '\0'; i++) { 755 /* 756 * XXX: We should verify UTF-8 normalisation, as defined 757 * by 3.2.6.2: iSCSI Name Encoding. 758 */ 759 if (isalnum(name[i])) 760 continue; 761 if (name[i] == '-' || name[i] == '.' || name[i] == ':') 762 continue; 763 log_warnx("invalid character \"%c\" in target name " 764 "\"%s\"; allowed characters are letters, digits, " 765 "'-', '.', and ':'", name[i], name); 766 break; 767 } 768 /* 769 * XXX: Check more stuff: valid date and a valid reversed domain. 770 */ 771 } else if (strncasecmp(name, "eui.", strlen("eui.")) == 0) { 772 if (strlen(name) != strlen("eui.") + 16) 773 log_warnx("invalid target name \"%s\"; the \"eui.\" " 774 "should be followed by exactly 16 hexadecimal " 775 "digits", name); 776 for (i = strlen("eui."); name[i] != '\0'; i++) { 777 if (!valid_hex(name[i])) { 778 log_warnx("invalid character \"%c\" in target " 779 "name \"%s\"; allowed characters are 1-9 " 780 "and A-F", name[i], name); 781 break; 782 } 783 } 784 } else if (strncasecmp(name, "naa.", strlen("naa.")) == 0) { 785 if (strlen(name) > strlen("naa.") + 32) 786 log_warnx("invalid target name \"%s\"; the \"naa.\" " 787 "should be followed by at most 32 hexadecimal " 788 "digits", name); 789 for (i = strlen("naa."); name[i] != '\0'; i++) { 790 if (!valid_hex(name[i])) { 791 log_warnx("invalid character \"%c\" in target " 792 "name \"%s\"; allowed characters are 1-9 " 793 "and A-F", name[i], name); 794 break; 795 } 796 } 797 } else { 798 log_warnx("invalid target name \"%s\"; should start with " 799 "either \".iqn\", \"eui.\", or \"naa.\"", 800 name); 801 } 802 return (true); 803} 804 805struct target * 806target_new(struct conf *conf, const char *name) 807{ 808 struct target *targ; 809 int i, len; 810 811 targ = target_find(conf, name); 812 if (targ != NULL) { 813 log_warnx("duplicated target \"%s\"", name); 814 return (NULL); 815 } 816 if (valid_iscsi_name(name) == false) { 817 log_warnx("target name \"%s\" is invalid", name); 818 return (NULL); 819 } 820 targ = calloc(1, sizeof(*targ)); 821 if (targ == NULL) 822 log_err(1, "calloc"); 823 targ->t_name = checked_strdup(name); 824 825 /* 826 * RFC 3722 requires us to normalize the name to lowercase. 827 */ 828 len = strlen(name); 829 for (i = 0; i < len; i++) 830 targ->t_name[i] = tolower(targ->t_name[i]); 831 832 TAILQ_INIT(&targ->t_luns); 833 targ->t_conf = conf; 834 TAILQ_INSERT_TAIL(&conf->conf_targets, targ, t_next); 835 836 return (targ); 837} 838 839void 840target_delete(struct target *targ) 841{ 842 struct lun *lun, *tmp; 843 844 TAILQ_REMOVE(&targ->t_conf->conf_targets, targ, t_next); 845 846 TAILQ_FOREACH_SAFE(lun, &targ->t_luns, l_next, tmp) 847 lun_delete(lun); 848 free(targ->t_name); 849 free(targ); 850} 851 852struct target * 853target_find(struct conf *conf, const char *name) 854{ 855 struct target *targ; 856 857 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 858 if (strcasecmp(targ->t_name, name) == 0) 859 return (targ); 860 } 861 862 return (NULL); 863} 864 865struct lun * 866lun_new(struct target *targ, int lun_id) 867{ 868 struct lun *lun; 869 870 lun = lun_find(targ, lun_id); 871 if (lun != NULL) { 872 log_warnx("duplicated lun %d for target \"%s\"", 873 lun_id, targ->t_name); 874 return (NULL); 875 } 876 877 lun = calloc(1, sizeof(*lun)); 878 if (lun == NULL) 879 log_err(1, "calloc"); 880 lun->l_lun = lun_id; 881 TAILQ_INIT(&lun->l_options); 882 lun->l_target = targ; 883 TAILQ_INSERT_TAIL(&targ->t_luns, lun, l_next); 884 885 return (lun); 886} 887 888void 889lun_delete(struct lun *lun) 890{ 891 struct lun_option *lo, *tmp; 892 893 TAILQ_REMOVE(&lun->l_target->t_luns, lun, l_next); 894 895 TAILQ_FOREACH_SAFE(lo, &lun->l_options, lo_next, tmp) 896 lun_option_delete(lo); 897 free(lun->l_backend); 898 free(lun->l_device_id); 899 free(lun->l_path); 900 free(lun->l_serial); 901 free(lun); 902} 903 904struct lun * 905lun_find(const struct target *targ, int lun_id) 906{ 907 struct lun *lun; 908 909 TAILQ_FOREACH(lun, &targ->t_luns, l_next) { 910 if (lun->l_lun == lun_id) 911 return (lun); 912 } 913 914 return (NULL); 915} 916 917void 918lun_set_backend(struct lun *lun, const char *value) 919{ 920 free(lun->l_backend); 921 lun->l_backend = checked_strdup(value); 922} 923 924void 925lun_set_blocksize(struct lun *lun, size_t value) 926{ 927 928 lun->l_blocksize = value; 929} 930 931void 932lun_set_device_id(struct lun *lun, const char *value) 933{ 934 free(lun->l_device_id); 935 lun->l_device_id = checked_strdup(value); 936} 937 938void 939lun_set_path(struct lun *lun, const char *value) 940{ 941 free(lun->l_path); 942 lun->l_path = checked_strdup(value); 943} 944 945void 946lun_set_serial(struct lun *lun, const char *value) 947{ 948 free(lun->l_serial); 949 lun->l_serial = checked_strdup(value); 950} 951 952void 953lun_set_size(struct lun *lun, size_t value) 954{ 955 956 lun->l_size = value; 957} 958 959void 960lun_set_ctl_lun(struct lun *lun, uint32_t value) 961{ 962 963 lun->l_ctl_lun = value; 964} 965 966struct lun_option * 967lun_option_new(struct lun *lun, const char *name, const char *value) 968{ 969 struct lun_option *lo; 970 971 lo = lun_option_find(lun, name); 972 if (lo != NULL) { 973 log_warnx("duplicated lun option %s for lun %d, target \"%s\"", 974 name, lun->l_lun, lun->l_target->t_name); 975 return (NULL); 976 } 977 978 lo = calloc(1, sizeof(*lo)); 979 if (lo == NULL) 980 log_err(1, "calloc"); 981 lo->lo_name = checked_strdup(name); 982 lo->lo_value = checked_strdup(value); 983 lo->lo_lun = lun; 984 TAILQ_INSERT_TAIL(&lun->l_options, lo, lo_next); 985 986 return (lo); 987} 988 989void 990lun_option_delete(struct lun_option *lo) 991{ 992 993 TAILQ_REMOVE(&lo->lo_lun->l_options, lo, lo_next); 994 995 free(lo->lo_name); 996 free(lo->lo_value); 997 free(lo); 998} 999 1000struct lun_option * 1001lun_option_find(const struct lun *lun, const char *name) 1002{ 1003 struct lun_option *lo; 1004 1005 TAILQ_FOREACH(lo, &lun->l_options, lo_next) { 1006 if (strcmp(lo->lo_name, name) == 0) 1007 return (lo); 1008 } 1009 1010 return (NULL); 1011} 1012 1013void 1014lun_option_set(struct lun_option *lo, const char *value) 1015{ 1016 1017 free(lo->lo_value); 1018 lo->lo_value = checked_strdup(value); 1019} 1020 1021static struct connection * 1022connection_new(struct portal *portal, int fd, const char *host, 1023 const struct sockaddr *client_sa) 1024{ 1025 struct connection *conn; 1026 1027 conn = calloc(1, sizeof(*conn)); 1028 if (conn == NULL) 1029 log_err(1, "calloc"); 1030 conn->conn_portal = portal; 1031 conn->conn_socket = fd; 1032 conn->conn_initiator_addr = checked_strdup(host); 1033 memcpy(&conn->conn_initiator_sa, client_sa, client_sa->sa_len); 1034 1035 /* 1036 * Default values, from RFC 3720, section 12. 1037 */ 1038 conn->conn_max_data_segment_length = 8192; 1039 conn->conn_max_burst_length = 262144; 1040 conn->conn_immediate_data = true; 1041 1042 return (conn); 1043} 1044 1045#if 0 1046static void 1047conf_print(struct conf *conf) 1048{ 1049 struct auth_group *ag; 1050 struct auth *auth; 1051 struct auth_name *auth_name; 1052 struct auth_portal *auth_portal; 1053 struct portal_group *pg; 1054 struct portal *portal; 1055 struct target *targ; 1056 struct lun *lun; 1057 struct lun_option *lo; 1058 1059 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) { 1060 fprintf(stderr, "auth-group %s {\n", ag->ag_name); 1061 TAILQ_FOREACH(auth, &ag->ag_auths, a_next) 1062 fprintf(stderr, "\t chap-mutual %s %s %s %s\n", 1063 auth->a_user, auth->a_secret, 1064 auth->a_mutual_user, auth->a_mutual_secret); 1065 TAILQ_FOREACH(auth_name, &ag->ag_names, an_next) 1066 fprintf(stderr, "\t initiator-name %s\n", 1067 auth_name->an_initator_name); 1068 TAILQ_FOREACH(auth_portal, &ag->ag_portals, an_next) 1069 fprintf(stderr, "\t initiator-portal %s\n", 1070 auth_portal->an_initator_portal); 1071 fprintf(stderr, "}\n"); 1072 } 1073 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 1074 fprintf(stderr, "portal-group %s {\n", pg->pg_name); 1075 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) 1076 fprintf(stderr, "\t listen %s\n", portal->p_listen); 1077 fprintf(stderr, "}\n"); 1078 } 1079 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 1080 fprintf(stderr, "target %s {\n", targ->t_name); 1081 if (targ->t_alias != NULL) 1082 fprintf(stderr, "\t alias %s\n", targ->t_alias); 1083 TAILQ_FOREACH(lun, &targ->t_luns, l_next) { 1084 fprintf(stderr, "\tlun %d {\n", lun->l_lun); 1085 fprintf(stderr, "\t\tpath %s\n", lun->l_path); 1086 TAILQ_FOREACH(lo, &lun->l_options, lo_next) 1087 fprintf(stderr, "\t\toption %s %s\n", 1088 lo->lo_name, lo->lo_value); 1089 fprintf(stderr, "\t}\n"); 1090 } 1091 fprintf(stderr, "}\n"); 1092 } 1093} 1094#endif 1095 1096static int 1097conf_verify_lun(struct lun *lun) 1098{ 1099 const struct lun *lun2; 1100 const struct target *targ2; 1101 1102 if (lun->l_backend == NULL) 1103 lun_set_backend(lun, "block"); 1104 if (strcmp(lun->l_backend, "block") == 0) { 1105 if (lun->l_path == NULL) { 1106 log_warnx("missing path for lun %d, target \"%s\"", 1107 lun->l_lun, lun->l_target->t_name); 1108 return (1); 1109 } 1110 } else if (strcmp(lun->l_backend, "ramdisk") == 0) { 1111 if (lun->l_size == 0) { 1112 log_warnx("missing size for ramdisk-backed lun %d, " 1113 "target \"%s\"", lun->l_lun, lun->l_target->t_name); 1114 return (1); 1115 } 1116 if (lun->l_path != NULL) { 1117 log_warnx("path must not be specified " 1118 "for ramdisk-backed lun %d, target \"%s\"", 1119 lun->l_lun, lun->l_target->t_name); 1120 return (1); 1121 } 1122 } 1123 if (lun->l_lun < 0 || lun->l_lun > 255) { 1124 log_warnx("invalid lun number for lun %d, target \"%s\"; " 1125 "must be between 0 and 255", lun->l_lun, 1126 lun->l_target->t_name); 1127 return (1); 1128 } 1129 if (lun->l_blocksize == 0) { 1130 lun_set_blocksize(lun, DEFAULT_BLOCKSIZE); 1131 } else if (lun->l_blocksize < 0) { 1132 log_warnx("invalid blocksize for lun %d, target \"%s\"; " 1133 "must be larger than 0", lun->l_lun, lun->l_target->t_name); 1134 return (1); 1135 } 1136 if (lun->l_size != 0 && lun->l_size % lun->l_blocksize != 0) { 1137 log_warnx("invalid size for lun %d, target \"%s\"; " 1138 "must be multiple of blocksize", lun->l_lun, 1139 lun->l_target->t_name); 1140 return (1); 1141 } 1142 TAILQ_FOREACH(targ2, &lun->l_target->t_conf->conf_targets, t_next) { 1143 TAILQ_FOREACH(lun2, &targ2->t_luns, l_next) { 1144 if (lun == lun2) 1145 continue; 1146 if (lun->l_path != NULL && lun2->l_path != NULL && 1147 strcmp(lun->l_path, lun2->l_path) == 0) { 1148 log_debugx("WARNING: path \"%s\" duplicated " 1149 "between lun %d, target \"%s\", and " 1150 "lun %d, target \"%s\"", lun->l_path, 1151 lun->l_lun, lun->l_target->t_name, 1152 lun2->l_lun, lun2->l_target->t_name); 1153 } 1154 } 1155 } 1156 1157 return (0); 1158} 1159 1160int 1161conf_verify(struct conf *conf) 1162{ 1163 struct auth_group *ag; 1164 struct portal_group *pg; 1165 struct target *targ; 1166 struct lun *lun; 1167 bool found; 1168 int error; 1169 1170 if (conf->conf_pidfile_path == NULL) 1171 conf->conf_pidfile_path = checked_strdup(DEFAULT_PIDFILE); 1172 1173 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 1174 if (targ->t_auth_group == NULL) { 1175 targ->t_auth_group = auth_group_find(conf, 1176 "default"); 1177 assert(targ->t_auth_group != NULL); 1178 } 1179 if (targ->t_portal_group == NULL) { 1180 targ->t_portal_group = portal_group_find(conf, 1181 "default"); 1182 assert(targ->t_portal_group != NULL); 1183 } 1184 found = false; 1185 TAILQ_FOREACH(lun, &targ->t_luns, l_next) { 1186 error = conf_verify_lun(lun); 1187 if (error != 0) 1188 return (error); 1189 found = true; 1190 } 1191 if (!found) { 1192 log_warnx("no LUNs defined for target \"%s\"", 1193 targ->t_name); 1194 } 1195 } 1196 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 1197 assert(pg->pg_name != NULL); 1198 if (pg->pg_discovery_auth_group == NULL) { 1199 pg->pg_discovery_auth_group = 1200 auth_group_find(conf, "default"); 1201 assert(pg->pg_discovery_auth_group != NULL); 1202 } 1203 1204 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 1205 if (targ->t_portal_group == pg) 1206 break; 1207 } 1208 if (targ == NULL) { 1209 if (strcmp(pg->pg_name, "default") != 0) 1210 log_warnx("portal-group \"%s\" not assigned " 1211 "to any target", pg->pg_name); 1212 pg->pg_unassigned = true; 1213 } else 1214 pg->pg_unassigned = false; 1215 } 1216 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) { 1217 if (ag->ag_name == NULL) 1218 assert(ag->ag_target != NULL); 1219 else 1220 assert(ag->ag_target == NULL); 1221 1222 found = false; 1223 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 1224 if (targ->t_auth_group == ag) { 1225 found = true; 1226 break; 1227 } 1228 } 1229 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 1230 if (pg->pg_discovery_auth_group == ag) { 1231 found = true; 1232 break; 1233 } 1234 } 1235 if (!found && ag->ag_name != NULL && 1236 strcmp(ag->ag_name, "default") != 0 && 1237 strcmp(ag->ag_name, "no-authentication") != 0 && 1238 strcmp(ag->ag_name, "no-access") != 0) { 1239 log_warnx("auth-group \"%s\" not assigned " 1240 "to any target", ag->ag_name); 1241 } 1242 } 1243 1244 return (0); 1245} 1246 1247static int 1248conf_apply(struct conf *oldconf, struct conf *newconf) 1249{ 1250 struct target *oldtarg, *newtarg, *tmptarg; 1251 struct lun *oldlun, *newlun, *tmplun; 1252 struct portal_group *oldpg, *newpg; 1253 struct portal *oldp, *newp; 1254 pid_t otherpid; 1255 int changed, cumulated_error = 0, error; 1256 int one = 1; 1257 1258 if (oldconf->conf_debug != newconf->conf_debug) { 1259 log_debugx("changing debug level to %d", newconf->conf_debug); 1260 log_init(newconf->conf_debug); 1261 } 1262 1263 if (oldconf->conf_pidfh != NULL) { 1264 assert(oldconf->conf_pidfile_path != NULL); 1265 if (newconf->conf_pidfile_path != NULL && 1266 strcmp(oldconf->conf_pidfile_path, 1267 newconf->conf_pidfile_path) == 0) { 1268 newconf->conf_pidfh = oldconf->conf_pidfh; 1269 oldconf->conf_pidfh = NULL; 1270 } else { 1271 log_debugx("removing pidfile %s", 1272 oldconf->conf_pidfile_path); 1273 pidfile_remove(oldconf->conf_pidfh); 1274 oldconf->conf_pidfh = NULL; 1275 } 1276 } 1277 1278 if (newconf->conf_pidfh == NULL && newconf->conf_pidfile_path != NULL) { 1279 log_debugx("opening pidfile %s", newconf->conf_pidfile_path); 1280 newconf->conf_pidfh = 1281 pidfile_open(newconf->conf_pidfile_path, 0600, &otherpid); 1282 if (newconf->conf_pidfh == NULL) { 1283 if (errno == EEXIST) 1284 log_errx(1, "daemon already running, pid: %jd.", 1285 (intmax_t)otherpid); 1286 log_err(1, "cannot open or create pidfile \"%s\"", 1287 newconf->conf_pidfile_path); 1288 } 1289 } 1290 1291 /* 1292 * XXX: If target or lun removal fails, we should somehow "move" 1293 * the old lun or target into newconf, so that subsequent 1294 * conf_apply() would try to remove them again. That would 1295 * be somewhat hairy, though, and lun deletion failures don't 1296 * really happen, so leave it as it is for now. 1297 */ 1298 TAILQ_FOREACH_SAFE(oldtarg, &oldconf->conf_targets, t_next, tmptarg) { 1299 /* 1300 * First, remove any targets present in the old configuration 1301 * and missing in the new one. 1302 */ 1303 newtarg = target_find(newconf, oldtarg->t_name); 1304 if (newtarg == NULL) { 1305 TAILQ_FOREACH_SAFE(oldlun, &oldtarg->t_luns, l_next, 1306 tmplun) { 1307 log_debugx("target %s not found in new " 1308 "configuration; removing its lun %d, " 1309 "backed by CTL lun %d", 1310 oldtarg->t_name, oldlun->l_lun, 1311 oldlun->l_ctl_lun); 1312 error = kernel_lun_remove(oldlun); 1313 if (error != 0) { 1314 log_warnx("failed to remove lun %d, " 1315 "target %s, CTL lun %d", 1316 oldlun->l_lun, oldtarg->t_name, 1317 oldlun->l_ctl_lun); 1318 cumulated_error++; 1319 } 1320 lun_delete(oldlun); 1321 } 1322 kernel_port_remove(oldtarg); 1323 target_delete(oldtarg); 1324 continue; 1325 } 1326 1327 /* 1328 * Second, remove any LUNs present in the old target 1329 * and missing in the new one. 1330 */ 1331 TAILQ_FOREACH_SAFE(oldlun, &oldtarg->t_luns, l_next, tmplun) { 1332 newlun = lun_find(newtarg, oldlun->l_lun); 1333 if (newlun == NULL) { 1334 log_debugx("lun %d, target %s, CTL lun %d " 1335 "not found in new configuration; " 1336 "removing", oldlun->l_lun, oldtarg->t_name, 1337 oldlun->l_ctl_lun); 1338 error = kernel_lun_remove(oldlun); 1339 if (error != 0) { 1340 log_warnx("failed to remove lun %d, " 1341 "target %s, CTL lun %d", 1342 oldlun->l_lun, oldtarg->t_name, 1343 oldlun->l_ctl_lun); 1344 cumulated_error++; 1345 } 1346 lun_delete(oldlun); 1347 continue; 1348 } 1349 1350 /* 1351 * Also remove the LUNs changed by more than size. 1352 */ 1353 changed = 0; 1354 assert(oldlun->l_backend != NULL); 1355 assert(newlun->l_backend != NULL); 1356 if (strcmp(newlun->l_backend, oldlun->l_backend) != 0) { 1357 log_debugx("backend for lun %d, target %s, " 1358 "CTL lun %d changed; removing", 1359 oldlun->l_lun, oldtarg->t_name, 1360 oldlun->l_ctl_lun); 1361 changed = 1; 1362 } 1363 if (oldlun->l_blocksize != newlun->l_blocksize) { 1364 log_debugx("blocksize for lun %d, target %s, " 1365 "CTL lun %d changed; removing", 1366 oldlun->l_lun, oldtarg->t_name, 1367 oldlun->l_ctl_lun); 1368 changed = 1; 1369 } 1370 if (newlun->l_device_id != NULL && 1371 (oldlun->l_device_id == NULL || 1372 strcmp(oldlun->l_device_id, newlun->l_device_id) != 1373 0)) { 1374 log_debugx("device-id for lun %d, target %s, " 1375 "CTL lun %d changed; removing", 1376 oldlun->l_lun, oldtarg->t_name, 1377 oldlun->l_ctl_lun); 1378 changed = 1; 1379 } 1380 if (newlun->l_path != NULL && 1381 (oldlun->l_path == NULL || 1382 strcmp(oldlun->l_path, newlun->l_path) != 0)) { 1383 log_debugx("path for lun %d, target %s, " 1384 "CTL lun %d, changed; removing", 1385 oldlun->l_lun, oldtarg->t_name, 1386 oldlun->l_ctl_lun); 1387 changed = 1; 1388 } 1389 if (newlun->l_serial != NULL && 1390 (oldlun->l_serial == NULL || 1391 strcmp(oldlun->l_serial, newlun->l_serial) != 0)) { 1392 log_debugx("serial for lun %d, target %s, " 1393 "CTL lun %d changed; removing", 1394 oldlun->l_lun, oldtarg->t_name, 1395 oldlun->l_ctl_lun); 1396 changed = 1; 1397 } 1398 if (changed) { 1399 error = kernel_lun_remove(oldlun); 1400 if (error != 0) { 1401 log_warnx("failed to remove lun %d, " 1402 "target %s, CTL lun %d", 1403 oldlun->l_lun, oldtarg->t_name, 1404 oldlun->l_ctl_lun); 1405 cumulated_error++; 1406 } 1407 lun_delete(oldlun); 1408 continue; 1409 } 1410 1411 lun_set_ctl_lun(newlun, oldlun->l_ctl_lun); 1412 } 1413 } 1414 1415 /* 1416 * Now add new targets or modify existing ones. 1417 */ 1418 TAILQ_FOREACH(newtarg, &newconf->conf_targets, t_next) { 1419 oldtarg = target_find(oldconf, newtarg->t_name); 1420 1421 TAILQ_FOREACH_SAFE(newlun, &newtarg->t_luns, l_next, tmplun) { 1422 if (oldtarg != NULL) { 1423 oldlun = lun_find(oldtarg, newlun->l_lun); 1424 if (oldlun != NULL) { 1425 if (newlun->l_size != oldlun->l_size || 1426 newlun->l_size == 0) { 1427 log_debugx("resizing lun %d, " 1428 "target %s, CTL lun %d", 1429 newlun->l_lun, 1430 newtarg->t_name, 1431 newlun->l_ctl_lun); 1432 error = 1433 kernel_lun_resize(newlun); 1434 if (error != 0) { 1435 log_warnx("failed to " 1436 "resize lun %d, " 1437 "target %s, " 1438 "CTL lun %d", 1439 newlun->l_lun, 1440 newtarg->t_name, 1441 newlun->l_lun); 1442 cumulated_error++; 1443 } 1444 } 1445 continue; 1446 } 1447 } 1448 log_debugx("adding lun %d, target %s", 1449 newlun->l_lun, newtarg->t_name); 1450 error = kernel_lun_add(newlun); 1451 if (error != 0) { 1452 log_warnx("failed to add lun %d, target %s", 1453 newlun->l_lun, newtarg->t_name); 1454 lun_delete(newlun); 1455 cumulated_error++; 1456 } 1457 } 1458 if (oldtarg == NULL) 1459 kernel_port_add(newtarg); 1460 } 1461 1462 /* 1463 * Go through the new portals, opening the sockets as neccessary. 1464 */ 1465 TAILQ_FOREACH(newpg, &newconf->conf_portal_groups, pg_next) { 1466 if (newpg->pg_unassigned) { 1467 log_debugx("not listening on portal-group \"%s\", " 1468 "not assigned to any target", 1469 newpg->pg_name); 1470 continue; 1471 } 1472 TAILQ_FOREACH(newp, &newpg->pg_portals, p_next) { 1473 /* 1474 * Try to find already open portal and reuse 1475 * the listening socket. We don't care about 1476 * what portal or portal group that was, what 1477 * matters is the listening address. 1478 */ 1479 TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups, 1480 pg_next) { 1481 TAILQ_FOREACH(oldp, &oldpg->pg_portals, 1482 p_next) { 1483 if (strcmp(newp->p_listen, 1484 oldp->p_listen) == 0 && 1485 oldp->p_socket > 0) { 1486 newp->p_socket = 1487 oldp->p_socket; 1488 oldp->p_socket = 0; 1489 break; 1490 } 1491 } 1492 } 1493 if (newp->p_socket > 0) { 1494 /* 1495 * We're done with this portal. 1496 */ 1497 continue; 1498 } 1499 1500#ifdef ICL_KERNEL_PROXY 1501 if (proxy_mode) { 1502 newpg->pg_conf->conf_portal_id++; 1503 newp->p_id = newpg->pg_conf->conf_portal_id; 1504 log_debugx("listening on %s, portal-group " 1505 "\"%s\", portal id %d, using ICL proxy", 1506 newp->p_listen, newpg->pg_name, newp->p_id); 1507 kernel_listen(newp->p_ai, newp->p_iser, 1508 newp->p_id); 1509 continue; 1510 } 1511#endif 1512 assert(proxy_mode == false); 1513 assert(newp->p_iser == false); 1514 1515 log_debugx("listening on %s, portal-group \"%s\"", 1516 newp->p_listen, newpg->pg_name); 1517 newp->p_socket = socket(newp->p_ai->ai_family, 1518 newp->p_ai->ai_socktype, 1519 newp->p_ai->ai_protocol); 1520 if (newp->p_socket < 0) { 1521 log_warn("socket(2) failed for %s", 1522 newp->p_listen); 1523 cumulated_error++; 1524 continue; 1525 } 1526 error = setsockopt(newp->p_socket, SOL_SOCKET, 1527 SO_REUSEADDR, &one, sizeof(one)); 1528 if (error != 0) { 1529 log_warn("setsockopt(SO_REUSEADDR) failed " 1530 "for %s", newp->p_listen); 1531 close(newp->p_socket); 1532 newp->p_socket = 0; 1533 cumulated_error++; 1534 continue; 1535 } 1536 error = bind(newp->p_socket, newp->p_ai->ai_addr, 1537 newp->p_ai->ai_addrlen); 1538 if (error != 0) { 1539 log_warn("bind(2) failed for %s", 1540 newp->p_listen); 1541 close(newp->p_socket); 1542 newp->p_socket = 0; 1543 cumulated_error++; 1544 continue; 1545 } 1546 error = listen(newp->p_socket, -1); 1547 if (error != 0) { 1548 log_warn("listen(2) failed for %s", 1549 newp->p_listen); 1550 close(newp->p_socket); 1551 newp->p_socket = 0; 1552 cumulated_error++; 1553 continue; 1554 } 1555 } 1556 } 1557 1558 /* 1559 * Go through the no longer used sockets, closing them. 1560 */ 1561 TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups, pg_next) { 1562 TAILQ_FOREACH(oldp, &oldpg->pg_portals, p_next) { 1563 if (oldp->p_socket <= 0) 1564 continue; 1565 log_debugx("closing socket for %s, portal-group \"%s\"", 1566 oldp->p_listen, oldpg->pg_name); 1567 close(oldp->p_socket); 1568 oldp->p_socket = 0; 1569 } 1570 } 1571 1572 return (cumulated_error); 1573} 1574 1575bool 1576timed_out(void) 1577{ 1578 1579 return (sigalrm_received); 1580} 1581 1582static void 1583sigalrm_handler(int dummy __unused) 1584{ 1585 /* 1586 * It would be easiest to just log an error and exit. We can't 1587 * do this, though, because log_errx() is not signal safe, since 1588 * it calls syslog(3). Instead, set a flag checked by pdu_send() 1589 * and pdu_receive(), to call log_errx() there. Should they fail 1590 * to notice, we'll exit here one second later. 1591 */ 1592 if (sigalrm_received) { 1593 /* 1594 * Oh well. Just give up and quit. 1595 */ 1596 _exit(2); 1597 } 1598 1599 sigalrm_received = true; 1600} 1601 1602static void 1603set_timeout(const struct conf *conf) 1604{ 1605 struct sigaction sa; 1606 struct itimerval itv; 1607 int error; 1608 1609 if (conf->conf_timeout <= 0) { 1610 log_debugx("session timeout disabled"); 1611 return; 1612 } 1613 1614 bzero(&sa, sizeof(sa)); 1615 sa.sa_handler = sigalrm_handler; 1616 sigfillset(&sa.sa_mask); 1617 error = sigaction(SIGALRM, &sa, NULL); 1618 if (error != 0) 1619 log_err(1, "sigaction"); 1620 1621 /* 1622 * First SIGALRM will arive after conf_timeout seconds. 1623 * If we do nothing, another one will arrive a second later. 1624 */ 1625 bzero(&itv, sizeof(itv)); 1626 itv.it_interval.tv_sec = 1; 1627 itv.it_value.tv_sec = conf->conf_timeout; 1628 1629 log_debugx("setting session timeout to %d seconds", 1630 conf->conf_timeout); 1631 error = setitimer(ITIMER_REAL, &itv, NULL); 1632 if (error != 0) 1633 log_err(1, "setitimer"); 1634} 1635 1636static int 1637wait_for_children(bool block) 1638{ 1639 pid_t pid; 1640 int status; 1641 int num = 0; 1642 1643 for (;;) { 1644 /* 1645 * If "block" is true, wait for at least one process. 1646 */ 1647 if (block && num == 0) 1648 pid = wait4(-1, &status, 0, NULL); 1649 else 1650 pid = wait4(-1, &status, WNOHANG, NULL); 1651 if (pid <= 0) 1652 break; 1653 if (WIFSIGNALED(status)) { 1654 log_warnx("child process %d terminated with signal %d", 1655 pid, WTERMSIG(status)); 1656 } else if (WEXITSTATUS(status) != 0) { 1657 log_warnx("child process %d terminated with exit status %d", 1658 pid, WEXITSTATUS(status)); 1659 } else { 1660 log_debugx("child process %d terminated gracefully", pid); 1661 } 1662 num++; 1663 } 1664 1665 return (num); 1666} 1667 1668static void 1669handle_connection(struct portal *portal, int fd, 1670 const struct sockaddr *client_sa, bool dont_fork) 1671{ 1672 struct connection *conn; 1673 int error; 1674 pid_t pid; 1675 char host[NI_MAXHOST + 1]; 1676 struct conf *conf; 1677 1678 conf = portal->p_portal_group->pg_conf; 1679 1680 if (dont_fork) { 1681 log_debugx("incoming connection; not forking due to -d flag"); 1682 } else { 1683 nchildren -= wait_for_children(false); 1684 assert(nchildren >= 0); 1685 1686 while (conf->conf_maxproc > 0 && nchildren >= conf->conf_maxproc) { 1687 log_debugx("maxproc limit of %d child processes hit; " 1688 "waiting for child process to exit", conf->conf_maxproc); 1689 nchildren -= wait_for_children(true); 1690 assert(nchildren >= 0); 1691 } 1692 log_debugx("incoming connection; forking child process #%d", 1693 nchildren); 1694 nchildren++; 1695 pid = fork(); 1696 if (pid < 0) 1697 log_err(1, "fork"); 1698 if (pid > 0) { 1699 close(fd); 1700 return; 1701 } 1702 } 1703 pidfile_close(conf->conf_pidfh); 1704 1705 error = getnameinfo(client_sa, client_sa->sa_len, 1706 host, sizeof(host), NULL, 0, NI_NUMERICHOST); 1707 if (error != 0) 1708 log_errx(1, "getnameinfo: %s", gai_strerror(error)); 1709 1710 log_debugx("accepted connection from %s; portal group \"%s\"", 1711 host, portal->p_portal_group->pg_name); 1712 log_set_peer_addr(host); 1713 setproctitle("%s", host); 1714 1715 conn = connection_new(portal, fd, host, client_sa); 1716 set_timeout(conf); 1717 kernel_capsicate(); 1718 login(conn); 1719 if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) { 1720 kernel_handoff(conn); 1721 log_debugx("connection handed off to the kernel"); 1722 } else { 1723 assert(conn->conn_session_type == CONN_SESSION_TYPE_DISCOVERY); 1724 discovery(conn); 1725 } 1726 log_debugx("nothing more to do; exiting"); 1727 exit(0); 1728} 1729 1730static int 1731fd_add(int fd, fd_set *fdset, int nfds) 1732{ 1733 1734 /* 1735 * Skip sockets which we failed to bind. 1736 */ 1737 if (fd <= 0) 1738 return (nfds); 1739 1740 FD_SET(fd, fdset); 1741 if (fd > nfds) 1742 nfds = fd; 1743 return (nfds); 1744} 1745 1746static void 1747main_loop(struct conf *conf, bool dont_fork) 1748{ 1749 struct portal_group *pg; 1750 struct portal *portal; 1751 struct sockaddr_storage client_sa; 1752 socklen_t client_salen; 1753#ifdef ICL_KERNEL_PROXY 1754 int connection_id; 1755 int portal_id; 1756#endif 1757 fd_set fdset; 1758 int error, nfds, client_fd; 1759 1760 pidfile_write(conf->conf_pidfh); 1761 1762 for (;;) { 1763 if (sighup_received || sigterm_received) 1764 return; 1765 1766#ifdef ICL_KERNEL_PROXY 1767 if (proxy_mode) { 1768 client_salen = sizeof(client_sa); 1769 kernel_accept(&connection_id, &portal_id, 1770 (struct sockaddr *)&client_sa, &client_salen); 1771 assert(client_salen >= client_sa.ss_len); 1772 1773 log_debugx("incoming connection, id %d, portal id %d", 1774 connection_id, portal_id); 1775 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 1776 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) { 1777 if (portal->p_id == portal_id) { 1778 goto found; 1779 } 1780 } 1781 } 1782 1783 log_errx(1, "kernel returned invalid portal_id %d", 1784 portal_id); 1785 1786found: 1787 handle_connection(portal, connection_id, 1788 (struct sockaddr *)&client_sa, dont_fork); 1789 } else { 1790#endif 1791 assert(proxy_mode == false); 1792 1793 FD_ZERO(&fdset); 1794 nfds = 0; 1795 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 1796 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) 1797 nfds = fd_add(portal->p_socket, &fdset, nfds); 1798 } 1799 error = select(nfds + 1, &fdset, NULL, NULL, NULL); 1800 if (error <= 0) { 1801 if (errno == EINTR) 1802 return; 1803 log_err(1, "select"); 1804 } 1805 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 1806 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) { 1807 if (!FD_ISSET(portal->p_socket, &fdset)) 1808 continue; 1809 client_salen = sizeof(client_sa); 1810 client_fd = accept(portal->p_socket, 1811 (struct sockaddr *)&client_sa, 1812 &client_salen); 1813 if (client_fd < 0) 1814 log_err(1, "accept"); 1815 assert(client_salen >= client_sa.ss_len); 1816 1817 handle_connection(portal, client_fd, 1818 (struct sockaddr *)&client_sa, 1819 dont_fork); 1820 break; 1821 } 1822 } 1823#ifdef ICL_KERNEL_PROXY 1824 } 1825#endif 1826 } 1827} 1828 1829static void 1830sighup_handler(int dummy __unused) 1831{ 1832 1833 sighup_received = true; 1834} 1835 1836static void 1837sigterm_handler(int dummy __unused) 1838{ 1839 1840 sigterm_received = true; 1841} 1842 1843static void 1844sigchld_handler(int dummy __unused) 1845{ 1846 1847 /* 1848 * The only purpose of this handler is to make SIGCHLD 1849 * interrupt the ISCSIDWAIT ioctl(2), so we can call 1850 * wait_for_children(). 1851 */ 1852} 1853 1854static void 1855register_signals(void) 1856{ 1857 struct sigaction sa; 1858 int error; 1859 1860 bzero(&sa, sizeof(sa)); 1861 sa.sa_handler = sighup_handler; 1862 sigfillset(&sa.sa_mask); 1863 error = sigaction(SIGHUP, &sa, NULL); 1864 if (error != 0) 1865 log_err(1, "sigaction"); 1866 1867 sa.sa_handler = sigterm_handler; 1868 error = sigaction(SIGTERM, &sa, NULL); 1869 if (error != 0) 1870 log_err(1, "sigaction"); 1871 1872 sa.sa_handler = sigterm_handler; 1873 error = sigaction(SIGINT, &sa, NULL); 1874 if (error != 0) 1875 log_err(1, "sigaction"); 1876 1877 sa.sa_handler = sigchld_handler; 1878 error = sigaction(SIGCHLD, &sa, NULL); 1879 if (error != 0) 1880 log_err(1, "sigaction"); 1881} 1882 1883int 1884main(int argc, char **argv) 1885{ 1886 struct conf *oldconf, *newconf, *tmpconf; 1887 const char *config_path = DEFAULT_CONFIG_PATH; 1888 int debug = 0, ch, error; 1889 bool dont_daemonize = false; 1890 1891 while ((ch = getopt(argc, argv, "df:R")) != -1) { 1892 switch (ch) { 1893 case 'd': 1894 dont_daemonize = true; 1895 debug++; 1896 break; 1897 case 'f': 1898 config_path = optarg; 1899 break; 1900 case 'R': 1901#ifndef ICL_KERNEL_PROXY 1902 log_errx(1, "ctld(8) compiled without ICL_KERNEL_PROXY " 1903 "does not support iSER protocol"); 1904#endif 1905 proxy_mode = true; 1906 break; 1907 case '?': 1908 default: 1909 usage(); 1910 } 1911 } 1912 argc -= optind; 1913 if (argc != 0) 1914 usage(); 1915 1916 log_init(debug); 1917 kernel_init(); 1918 1919 oldconf = conf_new_from_kernel(); 1920 newconf = conf_new_from_file(config_path); 1921 if (newconf == NULL) 1922 log_errx(1, "configuration error; exiting"); 1923 if (debug > 0) { 1924 oldconf->conf_debug = debug; 1925 newconf->conf_debug = debug; 1926 } 1927 1928 error = conf_apply(oldconf, newconf); 1929 if (error != 0) 1930 log_errx(1, "failed to apply configuration; exiting"); 1931 1932 conf_delete(oldconf); 1933 oldconf = NULL; 1934 1935 register_signals(); 1936 1937 if (dont_daemonize == false) { 1938 log_debugx("daemonizing"); 1939 if (daemon(0, 0) == -1) { 1940 log_warn("cannot daemonize"); 1941 pidfile_remove(newconf->conf_pidfh); 1942 exit(1); 1943 } 1944 } 1945 1946 for (;;) { 1947 main_loop(newconf, dont_daemonize); 1948 if (sighup_received) { 1949 sighup_received = false; 1950 log_debugx("received SIGHUP, reloading configuration"); 1951 tmpconf = conf_new_from_file(config_path); 1952 if (tmpconf == NULL) { 1953 log_warnx("configuration error, " 1954 "continuing with old configuration"); 1955 } else { 1956 if (debug > 0) 1957 tmpconf->conf_debug = debug; 1958 oldconf = newconf; 1959 newconf = tmpconf; 1960 error = conf_apply(oldconf, newconf); 1961 if (error != 0) 1962 log_warnx("failed to reload " 1963 "configuration"); 1964 conf_delete(oldconf); 1965 oldconf = NULL; 1966 } 1967 } else if (sigterm_received) { 1968 log_debugx("exiting on signal; " 1969 "reloading empty configuration"); 1970 1971 log_debugx("disabling CTL iSCSI port " 1972 "and terminating all connections"); 1973 1974 oldconf = newconf; 1975 newconf = conf_new(); 1976 if (debug > 0) 1977 newconf->conf_debug = debug; 1978 error = conf_apply(oldconf, newconf); 1979 if (error != 0) 1980 log_warnx("failed to apply configuration"); 1981 1982 log_warnx("exiting on signal"); 1983 exit(0); 1984 } else { 1985 nchildren -= wait_for_children(false); 1986 assert(nchildren >= 0); 1987 } 1988 } 1989 /* NOTREACHED */ 1990} 1991