1/*- 2 * Copyright (c) 2012 The FreeBSD Foundation 3 * All rights reserved. 4 * 5 * This software was developed by Edward Tomasz Napierala under sponsorship 6 * from the FreeBSD Foundation. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 */ 30 31#include <sys/cdefs.h> 32__FBSDID("$FreeBSD$"); 33 34#include <sys/types.h> 35#include <sys/time.h> 36#include <sys/socket.h> 37#include <sys/wait.h> 38#include <netinet/in.h> 39#include <arpa/inet.h> 40#include <assert.h> 41#include <ctype.h> 42#include <errno.h> 43#include <netdb.h> 44#include <signal.h> 45#include <stdbool.h> 46#include <stdio.h> 47#include <stdint.h> 48#include <stdlib.h> 49#include <string.h> 50#include <unistd.h> 51 52#include "ctld.h" 53 54bool proxy_mode = false; 55 56static volatile bool sighup_received = false; 57static volatile bool sigterm_received = false; 58static volatile bool sigalrm_received = false; 59 60static int nchildren = 0; 61 62static void 63usage(void) 64{ 65 66 fprintf(stderr, "usage: ctld [-d][-f config-file]\n"); 67 exit(1); 68} 69 70char * 71checked_strdup(const char *s) 72{ 73 char *c; 74 75 c = strdup(s); 76 if (c == NULL) 77 log_err(1, "strdup"); 78 return (c); 79} 80 81struct conf * 82conf_new(void) 83{ 84 struct conf *conf; 85 86 conf = calloc(1, sizeof(*conf)); 87 if (conf == NULL) 88 log_err(1, "calloc"); 89 TAILQ_INIT(&conf->conf_targets); 90 TAILQ_INIT(&conf->conf_auth_groups); 91 TAILQ_INIT(&conf->conf_portal_groups); 92 93 conf->conf_debug = 0; 94 conf->conf_timeout = 60; 95 conf->conf_maxproc = 30; 96 97 return (conf); 98} 99 100void 101conf_delete(struct conf *conf) 102{ 103 struct target *targ, *tmp; 104 struct auth_group *ag, *cagtmp; 105 struct portal_group *pg, *cpgtmp; 106 107 assert(conf->conf_pidfh == NULL); 108 109 TAILQ_FOREACH_SAFE(targ, &conf->conf_targets, t_next, tmp) 110 target_delete(targ); 111 TAILQ_FOREACH_SAFE(ag, &conf->conf_auth_groups, ag_next, cagtmp) 112 auth_group_delete(ag); 113 TAILQ_FOREACH_SAFE(pg, &conf->conf_portal_groups, pg_next, cpgtmp) 114 portal_group_delete(pg); 115 free(conf->conf_pidfile_path); 116 free(conf); 117} 118 119static struct auth * 120auth_new(struct auth_group *ag) 121{ 122 struct auth *auth; 123 124 auth = calloc(1, sizeof(*auth)); 125 if (auth == NULL) 126 log_err(1, "calloc"); 127 auth->a_auth_group = ag; 128 TAILQ_INSERT_TAIL(&ag->ag_auths, auth, a_next); 129 return (auth); 130} 131 132static void 133auth_delete(struct auth *auth) 134{ 135 TAILQ_REMOVE(&auth->a_auth_group->ag_auths, auth, a_next); 136 137 free(auth->a_user); 138 free(auth->a_secret); 139 free(auth->a_mutual_user); 140 free(auth->a_mutual_secret); 141 free(auth); 142} 143 144const struct auth * 145auth_find(const struct auth_group *ag, const char *user) 146{ 147 const struct auth *auth; 148 149 TAILQ_FOREACH(auth, &ag->ag_auths, a_next) { 150 if (strcmp(auth->a_user, user) == 0) 151 return (auth); 152 } 153 154 return (NULL); 155} 156 157static void 158auth_check_secret_length(struct auth *auth) 159{ 160 size_t len; 161 162 len = strlen(auth->a_secret); 163 if (len > 16) { 164 if (auth->a_auth_group->ag_name != NULL) 165 log_warnx("secret for user \"%s\", auth-group \"%s\", " 166 "is too long; it should be at most 16 characters " 167 "long", auth->a_user, auth->a_auth_group->ag_name); 168 else 169 log_warnx("secret for user \"%s\", target \"%s\", " 170 "is too long; it should be at most 16 characters " 171 "long", auth->a_user, 172 auth->a_auth_group->ag_target->t_name); 173 } 174 if (len < 12) { 175 if (auth->a_auth_group->ag_name != NULL) 176 log_warnx("secret for user \"%s\", auth-group \"%s\", " 177 "is too short; it should be at least 12 characters " 178 "long", auth->a_user, 179 auth->a_auth_group->ag_name); 180 else 181 log_warnx("secret for user \"%s\", target \"%s\", " 182 "is too short; it should be at least 16 characters " 183 "long", auth->a_user, 184 auth->a_auth_group->ag_target->t_name); 185 } 186 187 if (auth->a_mutual_secret != NULL) { 188 len = strlen(auth->a_secret); 189 if (len > 16) { 190 if (auth->a_auth_group->ag_name != NULL) 191 log_warnx("mutual secret for user \"%s\", " 192 "auth-group \"%s\", is too long; it should " 193 "be at most 16 characters long", 194 auth->a_user, auth->a_auth_group->ag_name); 195 else 196 log_warnx("mutual secret for user \"%s\", " 197 "target \"%s\", is too long; it should " 198 "be at most 16 characters long", 199 auth->a_user, 200 auth->a_auth_group->ag_target->t_name); 201 } 202 if (len < 12) { 203 if (auth->a_auth_group->ag_name != NULL) 204 log_warnx("mutual secret for user \"%s\", " 205 "auth-group \"%s\", is too short; it " 206 "should be at least 12 characters long", 207 auth->a_user, auth->a_auth_group->ag_name); 208 else 209 log_warnx("mutual secret for user \"%s\", " 210 "target \"%s\", is too short; it should be " 211 "at least 16 characters long", 212 auth->a_user, 213 auth->a_auth_group->ag_target->t_name); 214 } 215 } 216} 217 218const struct auth * 219auth_new_chap(struct auth_group *ag, const char *user, 220 const char *secret) 221{ 222 struct auth *auth; 223 224 if (ag->ag_type == AG_TYPE_UNKNOWN) 225 ag->ag_type = AG_TYPE_CHAP; 226 if (ag->ag_type != AG_TYPE_CHAP) { 227 if (ag->ag_name != NULL) 228 log_warnx("cannot mix \"chap\" authentication with " 229 "other types for auth-group \"%s\"", ag->ag_name); 230 else 231 log_warnx("cannot mix \"chap\" authentication with " 232 "other types for target \"%s\"", 233 ag->ag_target->t_name); 234 return (NULL); 235 } 236 237 auth = auth_new(ag); 238 auth->a_user = checked_strdup(user); 239 auth->a_secret = checked_strdup(secret); 240 241 auth_check_secret_length(auth); 242 243 return (auth); 244} 245 246const struct auth * 247auth_new_chap_mutual(struct auth_group *ag, const char *user, 248 const char *secret, const char *user2, const char *secret2) 249{ 250 struct auth *auth; 251 252 if (ag->ag_type == AG_TYPE_UNKNOWN) 253 ag->ag_type = AG_TYPE_CHAP_MUTUAL; 254 if (ag->ag_type != AG_TYPE_CHAP_MUTUAL) { 255 if (ag->ag_name != NULL) 256 log_warnx("cannot mix \"chap-mutual\" authentication " 257 "with other types for auth-group \"%s\"", 258 ag->ag_name); 259 else 260 log_warnx("cannot mix \"chap-mutual\" authentication " 261 "with other types for target \"%s\"", 262 ag->ag_target->t_name); 263 return (NULL); 264 } 265 266 auth = auth_new(ag); 267 auth->a_user = checked_strdup(user); 268 auth->a_secret = checked_strdup(secret); 269 auth->a_mutual_user = checked_strdup(user2); 270 auth->a_mutual_secret = checked_strdup(secret2); 271 272 auth_check_secret_length(auth); 273 274 return (auth); 275} 276 277const struct auth_name * 278auth_name_new(struct auth_group *ag, const char *name) 279{ 280 struct auth_name *an; 281 282 an = calloc(1, sizeof(*an)); 283 if (an == NULL) 284 log_err(1, "calloc"); 285 an->an_auth_group = ag; 286 an->an_initator_name = checked_strdup(name); 287 TAILQ_INSERT_TAIL(&ag->ag_names, an, an_next); 288 return (an); 289} 290 291static void 292auth_name_delete(struct auth_name *an) 293{ 294 TAILQ_REMOVE(&an->an_auth_group->ag_names, an, an_next); 295 296 free(an->an_initator_name); 297 free(an); 298} 299 300bool 301auth_name_defined(const struct auth_group *ag) 302{ 303 if (TAILQ_EMPTY(&ag->ag_names)) 304 return (false); 305 return (true); 306} 307 308const struct auth_name * 309auth_name_find(const struct auth_group *ag, const char *name) 310{ 311 const struct auth_name *auth_name; 312 313 TAILQ_FOREACH(auth_name, &ag->ag_names, an_next) { 314 if (strcmp(auth_name->an_initator_name, name) == 0) 315 return (auth_name); 316 } 317 318 return (NULL); 319} 320 321const struct auth_portal * 322auth_portal_new(struct auth_group *ag, const char *portal) 323{ 324 struct auth_portal *ap; 325 char *net, *mask, *str, *tmp; 326 int len, dm, m; 327 328 ap = calloc(1, sizeof(*ap)); 329 if (ap == NULL) 330 log_err(1, "calloc"); 331 ap->ap_auth_group = ag; 332 ap->ap_initator_portal = checked_strdup(portal); 333 mask = str = checked_strdup(portal); 334 net = strsep(&mask, "/"); 335 if (net[0] == '[') 336 net++; 337 len = strlen(net); 338 if (len == 0) 339 goto error; 340 if (net[len - 1] == ']') 341 net[len - 1] = 0; 342 if (strchr(net, ':') != NULL) { 343 struct sockaddr_in6 *sin6 = 344 (struct sockaddr_in6 *)&ap->ap_sa; 345 346 sin6->sin6_len = sizeof(*sin6); 347 sin6->sin6_family = AF_INET6; 348 if (inet_pton(AF_INET6, net, &sin6->sin6_addr) <= 0) 349 goto error; 350 dm = 128; 351 } else { 352 struct sockaddr_in *sin = 353 (struct sockaddr_in *)&ap->ap_sa; 354 355 sin->sin_len = sizeof(*sin); 356 sin->sin_family = AF_INET; 357 if (inet_pton(AF_INET, net, &sin->sin_addr) <= 0) 358 goto error; 359 dm = 32; 360 } 361 if (mask != NULL) { 362 m = strtol(mask, &tmp, 0); 363 if (m < 0 || m > dm || tmp[0] != 0) 364 goto error; 365 } else 366 m = dm; 367 ap->ap_mask = m; 368 free(str); 369 TAILQ_INSERT_TAIL(&ag->ag_portals, ap, ap_next); 370 return (ap); 371 372error: 373 log_errx(1, "Incorrect initiator portal '%s'", portal); 374 return (NULL); 375} 376 377static void 378auth_portal_delete(struct auth_portal *ap) 379{ 380 TAILQ_REMOVE(&ap->ap_auth_group->ag_portals, ap, ap_next); 381 382 free(ap->ap_initator_portal); 383 free(ap); 384} 385 386bool 387auth_portal_defined(const struct auth_group *ag) 388{ 389 if (TAILQ_EMPTY(&ag->ag_portals)) 390 return (false); 391 return (true); 392} 393 394const struct auth_portal * 395auth_portal_find(const struct auth_group *ag, const struct sockaddr_storage *ss) 396{ 397 const struct auth_portal *ap; 398 const uint8_t *a, *b; 399 int i; 400 uint8_t bmask; 401 402 TAILQ_FOREACH(ap, &ag->ag_portals, ap_next) { 403 if (ap->ap_sa.ss_family != ss->ss_family) 404 continue; 405 if (ss->ss_family == AF_INET) { 406 a = (const uint8_t *) 407 &((const struct sockaddr_in *)ss)->sin_addr; 408 b = (const uint8_t *) 409 &((const struct sockaddr_in *)&ap->ap_sa)->sin_addr; 410 } else { 411 a = (const uint8_t *) 412 &((const struct sockaddr_in6 *)ss)->sin6_addr; 413 b = (const uint8_t *) 414 &((const struct sockaddr_in6 *)&ap->ap_sa)->sin6_addr; 415 } 416 for (i = 0; i < ap->ap_mask / 8; i++) { 417 if (a[i] != b[i]) 418 goto next; 419 } 420 if (ap->ap_mask % 8) { 421 bmask = 0xff << (8 - (ap->ap_mask % 8)); 422 if ((a[i] & bmask) != (b[i] & bmask)) 423 goto next; 424 } 425 return (ap); 426next: 427 ; 428 } 429 430 return (NULL); 431} 432 433struct auth_group * 434auth_group_new(struct conf *conf, const char *name) 435{ 436 struct auth_group *ag; 437 438 if (name != NULL) { 439 ag = auth_group_find(conf, name); 440 if (ag != NULL) { 441 log_warnx("duplicated auth-group \"%s\"", name); 442 return (NULL); 443 } 444 } 445 446 ag = calloc(1, sizeof(*ag)); 447 if (ag == NULL) 448 log_err(1, "calloc"); 449 if (name != NULL) 450 ag->ag_name = checked_strdup(name); 451 TAILQ_INIT(&ag->ag_auths); 452 TAILQ_INIT(&ag->ag_names); 453 TAILQ_INIT(&ag->ag_portals); 454 ag->ag_conf = conf; 455 TAILQ_INSERT_TAIL(&conf->conf_auth_groups, ag, ag_next); 456 457 return (ag); 458} 459 460void 461auth_group_delete(struct auth_group *ag) 462{ 463 struct auth *auth, *auth_tmp; 464 struct auth_name *auth_name, *auth_name_tmp; 465 struct auth_portal *auth_portal, *auth_portal_tmp; 466 467 TAILQ_REMOVE(&ag->ag_conf->conf_auth_groups, ag, ag_next); 468 469 TAILQ_FOREACH_SAFE(auth, &ag->ag_auths, a_next, auth_tmp) 470 auth_delete(auth); 471 TAILQ_FOREACH_SAFE(auth_name, &ag->ag_names, an_next, auth_name_tmp) 472 auth_name_delete(auth_name); 473 TAILQ_FOREACH_SAFE(auth_portal, &ag->ag_portals, ap_next, 474 auth_portal_tmp) 475 auth_portal_delete(auth_portal); 476 free(ag->ag_name); 477 free(ag); 478} 479 480struct auth_group * 481auth_group_find(const struct conf *conf, const char *name) 482{ 483 struct auth_group *ag; 484 485 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) { 486 if (ag->ag_name != NULL && strcmp(ag->ag_name, name) == 0) 487 return (ag); 488 } 489 490 return (NULL); 491} 492 493static int 494auth_group_set_type(struct auth_group *ag, int type) 495{ 496 497 if (ag->ag_type == AG_TYPE_UNKNOWN) { 498 ag->ag_type = type; 499 return (0); 500 } 501 502 if (ag->ag_type == type) 503 return (0); 504 505 return (1); 506} 507 508int 509auth_group_set_type_str(struct auth_group *ag, const char *str) 510{ 511 int error, type; 512 513 if (strcmp(str, "none") == 0) { 514 type = AG_TYPE_NO_AUTHENTICATION; 515 } else if (strcmp(str, "deny") == 0) { 516 type = AG_TYPE_DENY; 517 } else if (strcmp(str, "chap") == 0) { 518 type = AG_TYPE_CHAP; 519 } else if (strcmp(str, "chap-mutual") == 0) { 520 type = AG_TYPE_CHAP_MUTUAL; 521 } else { 522 if (ag->ag_name != NULL) 523 log_warnx("invalid auth-type \"%s\" for auth-group " 524 "\"%s\"", str, ag->ag_name); 525 else 526 log_warnx("invalid auth-type \"%s\" for target " 527 "\"%s\"", str, ag->ag_target->t_name); 528 return (1); 529 } 530 531 error = auth_group_set_type(ag, type); 532 if (error != 0) { 533 if (ag->ag_name != NULL) 534 log_warnx("cannot set auth-type to \"%s\" for " 535 "auth-group \"%s\"; already has a different " 536 "type", str, ag->ag_name); 537 else 538 log_warnx("cannot set auth-type to \"%s\" for target " 539 "\"%s\"; already has a different type", 540 str, ag->ag_target->t_name); 541 return (1); 542 } 543 544 return (error); 545} 546 547static struct portal * 548portal_new(struct portal_group *pg) 549{ 550 struct portal *portal; 551 552 portal = calloc(1, sizeof(*portal)); 553 if (portal == NULL) 554 log_err(1, "calloc"); 555 TAILQ_INIT(&portal->p_targets); 556 portal->p_portal_group = pg; 557 TAILQ_INSERT_TAIL(&pg->pg_portals, portal, p_next); 558 return (portal); 559} 560 561static void 562portal_delete(struct portal *portal) 563{ 564 565 TAILQ_REMOVE(&portal->p_portal_group->pg_portals, portal, p_next); 566 if (portal->p_ai != NULL) 567 freeaddrinfo(portal->p_ai); 568 free(portal->p_listen); 569 free(portal); 570} 571 572struct portal_group * 573portal_group_new(struct conf *conf, const char *name) 574{ 575 struct portal_group *pg; 576 577 pg = portal_group_find(conf, name); 578 if (pg != NULL) { 579 log_warnx("duplicated portal-group \"%s\"", name); 580 return (NULL); 581 } 582 583 pg = calloc(1, sizeof(*pg)); 584 if (pg == NULL) 585 log_err(1, "calloc"); 586 pg->pg_name = checked_strdup(name); 587 TAILQ_INIT(&pg->pg_portals); 588 pg->pg_conf = conf; 589 conf->conf_last_portal_group_tag++; 590 pg->pg_tag = conf->conf_last_portal_group_tag; 591 TAILQ_INSERT_TAIL(&conf->conf_portal_groups, pg, pg_next); 592 593 return (pg); 594} 595 596void 597portal_group_delete(struct portal_group *pg) 598{ 599 struct portal *portal, *tmp; 600 601 TAILQ_REMOVE(&pg->pg_conf->conf_portal_groups, pg, pg_next); 602 603 TAILQ_FOREACH_SAFE(portal, &pg->pg_portals, p_next, tmp) 604 portal_delete(portal); 605 free(pg->pg_name); 606 free(pg); 607} 608 609struct portal_group * 610portal_group_find(const struct conf *conf, const char *name) 611{ 612 struct portal_group *pg; 613 614 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 615 if (strcmp(pg->pg_name, name) == 0) 616 return (pg); 617 } 618 619 return (NULL); 620} 621 622int 623portal_group_add_listen(struct portal_group *pg, const char *value, bool iser) 624{ 625 struct addrinfo hints; 626 struct portal *portal; 627 char *addr, *ch, *arg; 628 const char *port; 629 int error, colons = 0; 630 631 portal = portal_new(pg); 632 portal->p_listen = checked_strdup(value); 633 portal->p_iser = iser; 634 635 arg = portal->p_listen; 636 if (arg[0] == '\0') { 637 log_warnx("empty listen address"); 638 portal_delete(portal); 639 return (1); 640 } 641 if (arg[0] == '[') { 642 /* 643 * IPv6 address in square brackets, perhaps with port. 644 */ 645 arg++; 646 addr = strsep(&arg, "]"); 647 if (arg == NULL) { 648 log_warnx("invalid listen address %s", 649 portal->p_listen); 650 portal_delete(portal); 651 return (1); 652 } 653 if (arg[0] == '\0') { 654 port = "3260"; 655 } else if (arg[0] == ':') { 656 port = arg + 1; 657 } else { 658 log_warnx("invalid listen address %s", 659 portal->p_listen); 660 portal_delete(portal); 661 return (1); 662 } 663 } else { 664 /* 665 * Either IPv6 address without brackets - and without 666 * a port - or IPv4 address. Just count the colons. 667 */ 668 for (ch = arg; *ch != '\0'; ch++) { 669 if (*ch == ':') 670 colons++; 671 } 672 if (colons > 1) { 673 addr = arg; 674 port = "3260"; 675 } else { 676 addr = strsep(&arg, ":"); 677 if (arg == NULL) 678 port = "3260"; 679 else 680 port = arg; 681 } 682 } 683 684 memset(&hints, 0, sizeof(hints)); 685 hints.ai_family = PF_UNSPEC; 686 hints.ai_socktype = SOCK_STREAM; 687 hints.ai_flags = AI_PASSIVE; 688 689 error = getaddrinfo(addr, port, &hints, &portal->p_ai); 690 if (error != 0) { 691 log_warnx("getaddrinfo for %s failed: %s", 692 portal->p_listen, gai_strerror(error)); 693 portal_delete(portal); 694 return (1); 695 } 696 697 /* 698 * XXX: getaddrinfo(3) may return multiple addresses; we should turn 699 * those into multiple portals. 700 */ 701 702 return (0); 703} 704 705static bool 706valid_hex(const char ch) 707{ 708 switch (ch) { 709 case '0': 710 case '1': 711 case '2': 712 case '3': 713 case '4': 714 case '5': 715 case '6': 716 case '7': 717 case '8': 718 case '9': 719 case 'a': 720 case 'A': 721 case 'b': 722 case 'B': 723 case 'c': 724 case 'C': 725 case 'd': 726 case 'D': 727 case 'e': 728 case 'E': 729 case 'f': 730 case 'F': 731 return (true); 732 default: 733 return (false); 734 } 735} 736 737bool 738valid_iscsi_name(const char *name) 739{ 740 int i; 741 742 if (strlen(name) >= MAX_NAME_LEN) { 743 log_warnx("overlong name for target \"%s\"; max length allowed " 744 "by iSCSI specification is %d characters", 745 name, MAX_NAME_LEN); 746 return (false); 747 } 748 749 /* 750 * In the cases below, we don't return an error, just in case the admin 751 * was right, and we're wrong. 752 */ 753 if (strncasecmp(name, "iqn.", strlen("iqn.")) == 0) { 754 for (i = strlen("iqn."); name[i] != '\0'; i++) { 755 /* 756 * XXX: We should verify UTF-8 normalisation, as defined 757 * by 3.2.6.2: iSCSI Name Encoding. 758 */ 759 if (isalnum(name[i])) 760 continue; 761 if (name[i] == '-' || name[i] == '.' || name[i] == ':') 762 continue; 763 log_warnx("invalid character \"%c\" in target name " 764 "\"%s\"; allowed characters are letters, digits, " 765 "'-', '.', and ':'", name[i], name); 766 break; 767 } 768 /* 769 * XXX: Check more stuff: valid date and a valid reversed domain. 770 */ 771 } else if (strncasecmp(name, "eui.", strlen("eui.")) == 0) { 772 if (strlen(name) != strlen("eui.") + 16) 773 log_warnx("invalid target name \"%s\"; the \"eui.\" " 774 "should be followed by exactly 16 hexadecimal " 775 "digits", name); 776 for (i = strlen("eui."); name[i] != '\0'; i++) { 777 if (!valid_hex(name[i])) { 778 log_warnx("invalid character \"%c\" in target " 779 "name \"%s\"; allowed characters are 1-9 " 780 "and A-F", name[i], name); 781 break; 782 } 783 } 784 } else if (strncasecmp(name, "naa.", strlen("naa.")) == 0) { 785 if (strlen(name) > strlen("naa.") + 32) 786 log_warnx("invalid target name \"%s\"; the \"naa.\" " 787 "should be followed by at most 32 hexadecimal " 788 "digits", name); 789 for (i = strlen("naa."); name[i] != '\0'; i++) { 790 if (!valid_hex(name[i])) { 791 log_warnx("invalid character \"%c\" in target " 792 "name \"%s\"; allowed characters are 1-9 " 793 "and A-F", name[i], name); 794 break; 795 } 796 } 797 } else { 798 log_warnx("invalid target name \"%s\"; should start with " 799 "either \".iqn\", \"eui.\", or \"naa.\"", 800 name); 801 } 802 return (true); 803} 804 805struct target * 806target_new(struct conf *conf, const char *name) 807{ 808 struct target *targ; 809 int i, len; 810 811 targ = target_find(conf, name); 812 if (targ != NULL) { 813 log_warnx("duplicated target \"%s\"", name); 814 return (NULL); 815 } 816 if (valid_iscsi_name(name) == false) { 817 log_warnx("target name \"%s\" is invalid", name); 818 return (NULL); 819 } 820 targ = calloc(1, sizeof(*targ)); 821 if (targ == NULL) 822 log_err(1, "calloc"); 823 targ->t_name = checked_strdup(name); 824 825 /* 826 * RFC 3722 requires us to normalize the name to lowercase. 827 */ 828 len = strlen(name); 829 for (i = 0; i < len; i++) 830 targ->t_name[i] = tolower(targ->t_name[i]); 831 832 TAILQ_INIT(&targ->t_luns); 833 targ->t_conf = conf; 834 TAILQ_INSERT_TAIL(&conf->conf_targets, targ, t_next); 835 836 return (targ); 837} 838 839void 840target_delete(struct target *targ) 841{ 842 struct lun *lun, *tmp; 843 844 TAILQ_REMOVE(&targ->t_conf->conf_targets, targ, t_next); 845 846 TAILQ_FOREACH_SAFE(lun, &targ->t_luns, l_next, tmp) 847 lun_delete(lun); 848 free(targ->t_name); 849 free(targ); 850} 851 852struct target * 853target_find(struct conf *conf, const char *name) 854{ 855 struct target *targ; 856 857 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 858 if (strcasecmp(targ->t_name, name) == 0) 859 return (targ); 860 } 861 862 return (NULL); 863} 864 865struct lun * 866lun_new(struct target *targ, int lun_id) 867{ 868 struct lun *lun; 869 870 lun = lun_find(targ, lun_id); 871 if (lun != NULL) { 872 log_warnx("duplicated lun %d for target \"%s\"", 873 lun_id, targ->t_name); 874 return (NULL); 875 } 876 877 lun = calloc(1, sizeof(*lun)); 878 if (lun == NULL) 879 log_err(1, "calloc"); 880 lun->l_lun = lun_id; 881 TAILQ_INIT(&lun->l_options); 882 lun->l_target = targ; 883 TAILQ_INSERT_TAIL(&targ->t_luns, lun, l_next); 884 885 return (lun); 886} 887 888void 889lun_delete(struct lun *lun) 890{ 891 struct lun_option *lo, *tmp; 892 893 TAILQ_REMOVE(&lun->l_target->t_luns, lun, l_next); 894 895 TAILQ_FOREACH_SAFE(lo, &lun->l_options, lo_next, tmp) 896 lun_option_delete(lo); 897 free(lun->l_backend); 898 free(lun->l_device_id); 899 free(lun->l_path); 900 free(lun->l_serial); 901 free(lun); 902} 903 904struct lun * 905lun_find(const struct target *targ, int lun_id) 906{ 907 struct lun *lun; 908 909 TAILQ_FOREACH(lun, &targ->t_luns, l_next) { 910 if (lun->l_lun == lun_id) 911 return (lun); 912 } 913 914 return (NULL); 915} 916 917void 918lun_set_backend(struct lun *lun, const char *value) 919{ 920 free(lun->l_backend); 921 lun->l_backend = checked_strdup(value); 922} 923 924void 925lun_set_blocksize(struct lun *lun, size_t value) 926{ 927 928 lun->l_blocksize = value; 929} 930 931void 932lun_set_device_id(struct lun *lun, const char *value) 933{ 934 free(lun->l_device_id); 935 lun->l_device_id = checked_strdup(value); 936} 937 938void 939lun_set_path(struct lun *lun, const char *value) 940{ 941 free(lun->l_path); 942 lun->l_path = checked_strdup(value); 943} 944 945void 946lun_set_serial(struct lun *lun, const char *value) 947{ 948 free(lun->l_serial); 949 lun->l_serial = checked_strdup(value); 950} 951 952void 953lun_set_size(struct lun *lun, size_t value) 954{ 955 956 lun->l_size = value; 957} 958 959void 960lun_set_ctl_lun(struct lun *lun, uint32_t value) 961{ 962 963 lun->l_ctl_lun = value; 964} 965 966struct lun_option * 967lun_option_new(struct lun *lun, const char *name, const char *value) 968{ 969 struct lun_option *lo; 970 971 lo = lun_option_find(lun, name); 972 if (lo != NULL) { 973 log_warnx("duplicated lun option %s for lun %d, target \"%s\"", 974 name, lun->l_lun, lun->l_target->t_name); 975 return (NULL); 976 } 977 978 lo = calloc(1, sizeof(*lo)); 979 if (lo == NULL) 980 log_err(1, "calloc"); 981 lo->lo_name = checked_strdup(name); 982 lo->lo_value = checked_strdup(value); 983 lo->lo_lun = lun; 984 TAILQ_INSERT_TAIL(&lun->l_options, lo, lo_next); 985 986 return (lo); 987} 988 989void 990lun_option_delete(struct lun_option *lo) 991{ 992 993 TAILQ_REMOVE(&lo->lo_lun->l_options, lo, lo_next); 994 995 free(lo->lo_name); 996 free(lo->lo_value); 997 free(lo); 998} 999 1000struct lun_option * 1001lun_option_find(const struct lun *lun, const char *name) 1002{ 1003 struct lun_option *lo; 1004 1005 TAILQ_FOREACH(lo, &lun->l_options, lo_next) { 1006 if (strcmp(lo->lo_name, name) == 0) 1007 return (lo); 1008 } 1009 1010 return (NULL); 1011} 1012 1013void 1014lun_option_set(struct lun_option *lo, const char *value) 1015{ 1016 1017 free(lo->lo_value); 1018 lo->lo_value = checked_strdup(value); 1019} 1020 1021static struct connection * 1022connection_new(struct portal *portal, int fd, const char *host, 1023 const struct sockaddr *client_sa) 1024{ 1025 struct connection *conn; 1026 1027 conn = calloc(1, sizeof(*conn)); 1028 if (conn == NULL) 1029 log_err(1, "calloc"); 1030 conn->conn_portal = portal; 1031 conn->conn_socket = fd; 1032 conn->conn_initiator_addr = checked_strdup(host); 1033 memcpy(&conn->conn_initiator_sa, client_sa, client_sa->sa_len); 1034 1035 /* 1036 * Default values, from RFC 3720, section 12. 1037 */ 1038 conn->conn_max_data_segment_length = 8192; 1039 conn->conn_max_burst_length = 262144; 1040 conn->conn_immediate_data = true; 1041 1042 return (conn); 1043} 1044 1045#if 0 1046static void 1047conf_print(struct conf *conf) 1048{ 1049 struct auth_group *ag; 1050 struct auth *auth; 1051 struct auth_name *auth_name; 1052 struct auth_portal *auth_portal; 1053 struct portal_group *pg; 1054 struct portal *portal; 1055 struct target *targ; 1056 struct lun *lun; 1057 struct lun_option *lo; 1058 1059 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) { 1060 fprintf(stderr, "auth-group %s {\n", ag->ag_name); 1061 TAILQ_FOREACH(auth, &ag->ag_auths, a_next) 1062 fprintf(stderr, "\t chap-mutual %s %s %s %s\n", 1063 auth->a_user, auth->a_secret, 1064 auth->a_mutual_user, auth->a_mutual_secret); 1065 TAILQ_FOREACH(auth_name, &ag->ag_names, an_next) 1066 fprintf(stderr, "\t initiator-name %s\n", 1067 auth_name->an_initator_name); 1068 TAILQ_FOREACH(auth_portal, &ag->ag_portals, an_next) 1069 fprintf(stderr, "\t initiator-portal %s\n", 1070 auth_portal->an_initator_portal); 1071 fprintf(stderr, "}\n"); 1072 } 1073 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 1074 fprintf(stderr, "portal-group %s {\n", pg->pg_name); 1075 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) 1076 fprintf(stderr, "\t listen %s\n", portal->p_listen); 1077 fprintf(stderr, "}\n"); 1078 } 1079 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 1080 fprintf(stderr, "target %s {\n", targ->t_name); 1081 if (targ->t_alias != NULL) 1082 fprintf(stderr, "\t alias %s\n", targ->t_alias); 1083 TAILQ_FOREACH(lun, &targ->t_luns, l_next) { 1084 fprintf(stderr, "\tlun %d {\n", lun->l_lun); 1085 fprintf(stderr, "\t\tpath %s\n", lun->l_path); 1086 TAILQ_FOREACH(lo, &lun->l_options, lo_next) 1087 fprintf(stderr, "\t\toption %s %s\n", 1088 lo->lo_name, lo->lo_value); 1089 fprintf(stderr, "\t}\n"); 1090 } 1091 fprintf(stderr, "}\n"); 1092 } 1093} 1094#endif 1095 1096static int 1097conf_verify_lun(struct lun *lun) 1098{ 1099 const struct lun *lun2; 1100 const struct target *targ2; 1101 1102 if (lun->l_backend == NULL) 1103 lun_set_backend(lun, "block"); 1104 if (strcmp(lun->l_backend, "block") == 0) { 1105 if (lun->l_path == NULL) { 1106 log_warnx("missing path for lun %d, target \"%s\"", 1107 lun->l_lun, lun->l_target->t_name); 1108 return (1); 1109 } 1110 } else if (strcmp(lun->l_backend, "ramdisk") == 0) { 1111 if (lun->l_size == 0) { 1112 log_warnx("missing size for ramdisk-backed lun %d, " 1113 "target \"%s\"", lun->l_lun, lun->l_target->t_name); 1114 return (1); 1115 } 1116 if (lun->l_path != NULL) { 1117 log_warnx("path must not be specified " 1118 "for ramdisk-backed lun %d, target \"%s\"", 1119 lun->l_lun, lun->l_target->t_name); 1120 return (1); 1121 } 1122 } 1123 if (lun->l_lun < 0 || lun->l_lun > 255) { 1124 log_warnx("invalid lun number for lun %d, target \"%s\"; " 1125 "must be between 0 and 255", lun->l_lun, 1126 lun->l_target->t_name); 1127 return (1); 1128 } 1129 if (lun->l_blocksize == 0) { 1130 lun_set_blocksize(lun, DEFAULT_BLOCKSIZE); 1131 } else if (lun->l_blocksize < 0) { 1132 log_warnx("invalid blocksize for lun %d, target \"%s\"; " 1133 "must be larger than 0", lun->l_lun, lun->l_target->t_name); 1134 return (1); 1135 } 1136 if (lun->l_size != 0 && lun->l_size % lun->l_blocksize != 0) { 1137 log_warnx("invalid size for lun %d, target \"%s\"; " 1138 "must be multiple of blocksize", lun->l_lun, 1139 lun->l_target->t_name); 1140 return (1); 1141 } 1142 TAILQ_FOREACH(targ2, &lun->l_target->t_conf->conf_targets, t_next) { 1143 TAILQ_FOREACH(lun2, &targ2->t_luns, l_next) { 1144 if (lun == lun2) 1145 continue; 1146 if (lun->l_path != NULL && lun2->l_path != NULL && 1147 strcmp(lun->l_path, lun2->l_path) == 0) { 1148 log_debugx("WARNING: path \"%s\" duplicated " 1149 "between lun %d, target \"%s\", and " 1150 "lun %d, target \"%s\"", lun->l_path, 1151 lun->l_lun, lun->l_target->t_name, 1152 lun2->l_lun, lun2->l_target->t_name); 1153 } 1154 } 1155 } 1156 1157 return (0); 1158} 1159 1160int 1161conf_verify(struct conf *conf) 1162{ 1163 struct auth_group *ag; 1164 struct portal_group *pg; 1165 struct target *targ; 1166 struct lun *lun; 1167 bool found_lun; 1168 int error; 1169 1170 if (conf->conf_pidfile_path == NULL) 1171 conf->conf_pidfile_path = checked_strdup(DEFAULT_PIDFILE); 1172 1173 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 1174 if (targ->t_auth_group == NULL) { 1175 targ->t_auth_group = auth_group_find(conf, 1176 "default"); 1177 assert(targ->t_auth_group != NULL); 1178 } 1179 if (targ->t_portal_group == NULL) { 1180 targ->t_portal_group = portal_group_find(conf, 1181 "default"); 1182 assert(targ->t_portal_group != NULL); 1183 } 1184 found_lun = false; 1185 TAILQ_FOREACH(lun, &targ->t_luns, l_next) { 1186 error = conf_verify_lun(lun); 1187 if (error != 0) 1188 return (error); 1189 found_lun = true; 1190 } 1191 if (!found_lun) { 1192 log_warnx("no LUNs defined for target \"%s\"", 1193 targ->t_name); 1194 } 1195 } 1196 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 1197 assert(pg->pg_name != NULL); 1198 if (pg->pg_discovery_auth_group == NULL) { 1199 pg->pg_discovery_auth_group = 1200 auth_group_find(conf, "default"); 1201 assert(pg->pg_discovery_auth_group != NULL); 1202 } 1203 1204 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 1205 if (targ->t_portal_group == pg) 1206 break; 1207 } 1208 if (targ == NULL) { 1209 if (strcmp(pg->pg_name, "default") != 0) 1210 log_warnx("portal-group \"%s\" not assigned " 1211 "to any target", pg->pg_name); 1212 pg->pg_unassigned = true; 1213 } else 1214 pg->pg_unassigned = false; 1215 } 1216 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) { 1217 if (ag->ag_name == NULL) 1218 assert(ag->ag_target != NULL); 1219 else 1220 assert(ag->ag_target == NULL); 1221 1222 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { 1223 if (targ->t_auth_group == ag) 1224 break; 1225 } 1226 if (targ == NULL && ag->ag_name != NULL && 1227 strcmp(ag->ag_name, "default") != 0 && 1228 strcmp(ag->ag_name, "no-authentication") != 0 && 1229 strcmp(ag->ag_name, "no-access") != 0) { 1230 log_warnx("auth-group \"%s\" not assigned " 1231 "to any target", ag->ag_name); 1232 } 1233 } 1234 1235 return (0); 1236} 1237 1238static int 1239conf_apply(struct conf *oldconf, struct conf *newconf) 1240{ 1241 struct target *oldtarg, *newtarg, *tmptarg; 1242 struct lun *oldlun, *newlun, *tmplun; 1243 struct portal_group *oldpg, *newpg; 1244 struct portal *oldp, *newp; 1245 pid_t otherpid; 1246 int changed, cumulated_error = 0, error; 1247 int one = 1; 1248 1249 if (oldconf->conf_debug != newconf->conf_debug) { 1250 log_debugx("changing debug level to %d", newconf->conf_debug); 1251 log_init(newconf->conf_debug); 1252 } 1253 1254 if (oldconf->conf_pidfh != NULL) { 1255 assert(oldconf->conf_pidfile_path != NULL); 1256 if (newconf->conf_pidfile_path != NULL && 1257 strcmp(oldconf->conf_pidfile_path, 1258 newconf->conf_pidfile_path) == 0) { 1259 newconf->conf_pidfh = oldconf->conf_pidfh; 1260 oldconf->conf_pidfh = NULL; 1261 } else { 1262 log_debugx("removing pidfile %s", 1263 oldconf->conf_pidfile_path); 1264 pidfile_remove(oldconf->conf_pidfh); 1265 oldconf->conf_pidfh = NULL; 1266 } 1267 } 1268 1269 if (newconf->conf_pidfh == NULL && newconf->conf_pidfile_path != NULL) { 1270 log_debugx("opening pidfile %s", newconf->conf_pidfile_path); 1271 newconf->conf_pidfh = 1272 pidfile_open(newconf->conf_pidfile_path, 0600, &otherpid); 1273 if (newconf->conf_pidfh == NULL) { 1274 if (errno == EEXIST) 1275 log_errx(1, "daemon already running, pid: %jd.", 1276 (intmax_t)otherpid); 1277 log_err(1, "cannot open or create pidfile \"%s\"", 1278 newconf->conf_pidfile_path); 1279 } 1280 } 1281 1282 /* 1283 * XXX: If target or lun removal fails, we should somehow "move" 1284 * the old lun or target into newconf, so that subsequent 1285 * conf_apply() would try to remove them again. That would 1286 * be somewhat hairy, though, and lun deletion failures don't 1287 * really happen, so leave it as it is for now. 1288 */ 1289 TAILQ_FOREACH_SAFE(oldtarg, &oldconf->conf_targets, t_next, tmptarg) { 1290 /* 1291 * First, remove any targets present in the old configuration 1292 * and missing in the new one. 1293 */ 1294 newtarg = target_find(newconf, oldtarg->t_name); 1295 if (newtarg == NULL) { 1296 TAILQ_FOREACH_SAFE(oldlun, &oldtarg->t_luns, l_next, 1297 tmplun) { 1298 log_debugx("target %s not found in new " 1299 "configuration; removing its lun %d, " 1300 "backed by CTL lun %d", 1301 oldtarg->t_name, oldlun->l_lun, 1302 oldlun->l_ctl_lun); 1303 error = kernel_lun_remove(oldlun); 1304 if (error != 0) { 1305 log_warnx("failed to remove lun %d, " 1306 "target %s, CTL lun %d", 1307 oldlun->l_lun, oldtarg->t_name, 1308 oldlun->l_ctl_lun); 1309 cumulated_error++; 1310 } 1311 lun_delete(oldlun); 1312 } 1313 kernel_port_remove(oldtarg); 1314 target_delete(oldtarg); 1315 continue; 1316 } 1317 1318 /* 1319 * Second, remove any LUNs present in the old target 1320 * and missing in the new one. 1321 */ 1322 TAILQ_FOREACH_SAFE(oldlun, &oldtarg->t_luns, l_next, tmplun) { 1323 newlun = lun_find(newtarg, oldlun->l_lun); 1324 if (newlun == NULL) { 1325 log_debugx("lun %d, target %s, CTL lun %d " 1326 "not found in new configuration; " 1327 "removing", oldlun->l_lun, oldtarg->t_name, 1328 oldlun->l_ctl_lun); 1329 error = kernel_lun_remove(oldlun); 1330 if (error != 0) { 1331 log_warnx("failed to remove lun %d, " 1332 "target %s, CTL lun %d", 1333 oldlun->l_lun, oldtarg->t_name, 1334 oldlun->l_ctl_lun); 1335 cumulated_error++; 1336 } 1337 lun_delete(oldlun); 1338 continue; 1339 } 1340 1341 /* 1342 * Also remove the LUNs changed by more than size. 1343 */ 1344 changed = 0; 1345 assert(oldlun->l_backend != NULL); 1346 assert(newlun->l_backend != NULL); 1347 if (strcmp(newlun->l_backend, oldlun->l_backend) != 0) { 1348 log_debugx("backend for lun %d, target %s, " 1349 "CTL lun %d changed; removing", 1350 oldlun->l_lun, oldtarg->t_name, 1351 oldlun->l_ctl_lun); 1352 changed = 1; 1353 } 1354 if (oldlun->l_blocksize != newlun->l_blocksize) { 1355 log_debugx("blocksize for lun %d, target %s, " 1356 "CTL lun %d changed; removing", 1357 oldlun->l_lun, oldtarg->t_name, 1358 oldlun->l_ctl_lun); 1359 changed = 1; 1360 } 1361 if (newlun->l_device_id != NULL && 1362 (oldlun->l_device_id == NULL || 1363 strcmp(oldlun->l_device_id, newlun->l_device_id) != 1364 0)) { 1365 log_debugx("device-id for lun %d, target %s, " 1366 "CTL lun %d changed; removing", 1367 oldlun->l_lun, oldtarg->t_name, 1368 oldlun->l_ctl_lun); 1369 changed = 1; 1370 } 1371 if (newlun->l_path != NULL && 1372 (oldlun->l_path == NULL || 1373 strcmp(oldlun->l_path, newlun->l_path) != 0)) { 1374 log_debugx("path for lun %d, target %s, " 1375 "CTL lun %d, changed; removing", 1376 oldlun->l_lun, oldtarg->t_name, 1377 oldlun->l_ctl_lun); 1378 changed = 1; 1379 } 1380 if (newlun->l_serial != NULL && 1381 (oldlun->l_serial == NULL || 1382 strcmp(oldlun->l_serial, newlun->l_serial) != 0)) { 1383 log_debugx("serial for lun %d, target %s, " 1384 "CTL lun %d changed; removing", 1385 oldlun->l_lun, oldtarg->t_name, 1386 oldlun->l_ctl_lun); 1387 changed = 1; 1388 } 1389 if (changed) { 1390 error = kernel_lun_remove(oldlun); 1391 if (error != 0) { 1392 log_warnx("failed to remove lun %d, " 1393 "target %s, CTL lun %d", 1394 oldlun->l_lun, oldtarg->t_name, 1395 oldlun->l_ctl_lun); 1396 cumulated_error++; 1397 } 1398 lun_delete(oldlun); 1399 continue; 1400 } 1401 1402 lun_set_ctl_lun(newlun, oldlun->l_ctl_lun); 1403 } 1404 } 1405 1406 /* 1407 * Now add new targets or modify existing ones. 1408 */ 1409 TAILQ_FOREACH(newtarg, &newconf->conf_targets, t_next) { 1410 oldtarg = target_find(oldconf, newtarg->t_name); 1411 1412 TAILQ_FOREACH_SAFE(newlun, &newtarg->t_luns, l_next, tmplun) { 1413 if (oldtarg != NULL) { 1414 oldlun = lun_find(oldtarg, newlun->l_lun); 1415 if (oldlun != NULL) { 1416 if (newlun->l_size != oldlun->l_size || 1417 newlun->l_size == 0) { 1418 log_debugx("resizing lun %d, " 1419 "target %s, CTL lun %d", 1420 newlun->l_lun, 1421 newtarg->t_name, 1422 newlun->l_ctl_lun); 1423 error = 1424 kernel_lun_resize(newlun); 1425 if (error != 0) { 1426 log_warnx("failed to " 1427 "resize lun %d, " 1428 "target %s, " 1429 "CTL lun %d", 1430 newlun->l_lun, 1431 newtarg->t_name, 1432 newlun->l_lun); 1433 cumulated_error++; 1434 } 1435 } 1436 continue; 1437 } 1438 } 1439 log_debugx("adding lun %d, target %s", 1440 newlun->l_lun, newtarg->t_name); 1441 error = kernel_lun_add(newlun); 1442 if (error != 0) { 1443 log_warnx("failed to add lun %d, target %s", 1444 newlun->l_lun, newtarg->t_name); 1445 lun_delete(newlun); 1446 cumulated_error++; 1447 } 1448 } 1449 if (oldtarg == NULL) 1450 kernel_port_add(newtarg); 1451 } 1452 1453 /* 1454 * Go through the new portals, opening the sockets as neccessary. 1455 */ 1456 TAILQ_FOREACH(newpg, &newconf->conf_portal_groups, pg_next) { 1457 if (newpg->pg_unassigned) { 1458 log_debugx("not listening on portal-group \"%s\", " 1459 "not assigned to any target", 1460 newpg->pg_name); 1461 continue; 1462 } 1463 TAILQ_FOREACH(newp, &newpg->pg_portals, p_next) { 1464 /* 1465 * Try to find already open portal and reuse 1466 * the listening socket. We don't care about 1467 * what portal or portal group that was, what 1468 * matters is the listening address. 1469 */ 1470 TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups, 1471 pg_next) { 1472 TAILQ_FOREACH(oldp, &oldpg->pg_portals, 1473 p_next) { 1474 if (strcmp(newp->p_listen, 1475 oldp->p_listen) == 0 && 1476 oldp->p_socket > 0) { 1477 newp->p_socket = 1478 oldp->p_socket; 1479 oldp->p_socket = 0; 1480 break; 1481 } 1482 } 1483 } 1484 if (newp->p_socket > 0) { 1485 /* 1486 * We're done with this portal. 1487 */ 1488 continue; 1489 } 1490 1491#ifdef ICL_KERNEL_PROXY 1492 if (proxy_mode) { 1493 newpg->pg_conf->conf_portal_id++; 1494 newp->p_id = newpg->pg_conf->conf_portal_id; 1495 log_debugx("listening on %s, portal-group " 1496 "\"%s\", portal id %d, using ICL proxy", 1497 newp->p_listen, newpg->pg_name, newp->p_id); 1498 kernel_listen(newp->p_ai, newp->p_iser, 1499 newp->p_id); 1500 continue; 1501 } 1502#endif 1503 assert(proxy_mode == false); 1504 assert(newp->p_iser == false); 1505 1506 log_debugx("listening on %s, portal-group \"%s\"", 1507 newp->p_listen, newpg->pg_name); 1508 newp->p_socket = socket(newp->p_ai->ai_family, 1509 newp->p_ai->ai_socktype, 1510 newp->p_ai->ai_protocol); 1511 if (newp->p_socket < 0) { 1512 log_warn("socket(2) failed for %s", 1513 newp->p_listen); 1514 cumulated_error++; 1515 continue; 1516 } 1517 error = setsockopt(newp->p_socket, SOL_SOCKET, 1518 SO_REUSEADDR, &one, sizeof(one)); 1519 if (error != 0) { 1520 log_warn("setsockopt(SO_REUSEADDR) failed " 1521 "for %s", newp->p_listen); 1522 close(newp->p_socket); 1523 newp->p_socket = 0; 1524 cumulated_error++; 1525 continue; 1526 } 1527 error = bind(newp->p_socket, newp->p_ai->ai_addr, 1528 newp->p_ai->ai_addrlen); 1529 if (error != 0) { 1530 log_warn("bind(2) failed for %s", 1531 newp->p_listen); 1532 close(newp->p_socket); 1533 newp->p_socket = 0; 1534 cumulated_error++; 1535 continue; 1536 } 1537 error = listen(newp->p_socket, -1); 1538 if (error != 0) { 1539 log_warn("listen(2) failed for %s", 1540 newp->p_listen); 1541 close(newp->p_socket); 1542 newp->p_socket = 0; 1543 cumulated_error++; 1544 continue; 1545 } 1546 } 1547 } 1548 1549 /* 1550 * Go through the no longer used sockets, closing them. 1551 */ 1552 TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups, pg_next) { 1553 TAILQ_FOREACH(oldp, &oldpg->pg_portals, p_next) { 1554 if (oldp->p_socket <= 0) 1555 continue; 1556 log_debugx("closing socket for %s, portal-group \"%s\"", 1557 oldp->p_listen, oldpg->pg_name); 1558 close(oldp->p_socket); 1559 oldp->p_socket = 0; 1560 } 1561 } 1562 1563 return (cumulated_error); 1564} 1565 1566bool 1567timed_out(void) 1568{ 1569 1570 return (sigalrm_received); 1571} 1572 1573static void 1574sigalrm_handler(int dummy __unused) 1575{ 1576 /* 1577 * It would be easiest to just log an error and exit. We can't 1578 * do this, though, because log_errx() is not signal safe, since 1579 * it calls syslog(3). Instead, set a flag checked by pdu_send() 1580 * and pdu_receive(), to call log_errx() there. Should they fail 1581 * to notice, we'll exit here one second later. 1582 */ 1583 if (sigalrm_received) { 1584 /* 1585 * Oh well. Just give up and quit. 1586 */ 1587 _exit(2); 1588 } 1589 1590 sigalrm_received = true; 1591} 1592 1593static void 1594set_timeout(const struct conf *conf) 1595{ 1596 struct sigaction sa; 1597 struct itimerval itv; 1598 int error; 1599 1600 if (conf->conf_timeout <= 0) { 1601 log_debugx("session timeout disabled"); 1602 return; 1603 } 1604 1605 bzero(&sa, sizeof(sa)); 1606 sa.sa_handler = sigalrm_handler; 1607 sigfillset(&sa.sa_mask); 1608 error = sigaction(SIGALRM, &sa, NULL); 1609 if (error != 0) 1610 log_err(1, "sigaction"); 1611 1612 /* 1613 * First SIGALRM will arive after conf_timeout seconds. 1614 * If we do nothing, another one will arrive a second later. 1615 */ 1616 bzero(&itv, sizeof(itv)); 1617 itv.it_interval.tv_sec = 1; 1618 itv.it_value.tv_sec = conf->conf_timeout; 1619 1620 log_debugx("setting session timeout to %d seconds", 1621 conf->conf_timeout); 1622 error = setitimer(ITIMER_REAL, &itv, NULL); 1623 if (error != 0) 1624 log_err(1, "setitimer"); 1625} 1626 1627static int 1628wait_for_children(bool block) 1629{ 1630 pid_t pid; 1631 int status; 1632 int num = 0; 1633 1634 for (;;) { 1635 /* 1636 * If "block" is true, wait for at least one process. 1637 */ 1638 if (block && num == 0) 1639 pid = wait4(-1, &status, 0, NULL); 1640 else 1641 pid = wait4(-1, &status, WNOHANG, NULL); 1642 if (pid <= 0) 1643 break; 1644 if (WIFSIGNALED(status)) { 1645 log_warnx("child process %d terminated with signal %d", 1646 pid, WTERMSIG(status)); 1647 } else if (WEXITSTATUS(status) != 0) { 1648 log_warnx("child process %d terminated with exit status %d", 1649 pid, WEXITSTATUS(status)); 1650 } else { 1651 log_debugx("child process %d terminated gracefully", pid); 1652 } 1653 num++; 1654 } 1655 1656 return (num); 1657} 1658 1659static void 1660handle_connection(struct portal *portal, int fd, 1661 const struct sockaddr *client_sa, bool dont_fork) 1662{ 1663 struct connection *conn; 1664 int error; 1665 pid_t pid; 1666 char host[NI_MAXHOST + 1]; 1667 struct conf *conf; 1668 1669 conf = portal->p_portal_group->pg_conf; 1670 1671 if (dont_fork) { 1672 log_debugx("incoming connection; not forking due to -d flag"); 1673 } else { 1674 nchildren -= wait_for_children(false); 1675 assert(nchildren >= 0); 1676 1677 while (conf->conf_maxproc > 0 && nchildren >= conf->conf_maxproc) { 1678 log_debugx("maxproc limit of %d child processes hit; " 1679 "waiting for child process to exit", conf->conf_maxproc); 1680 nchildren -= wait_for_children(true); 1681 assert(nchildren >= 0); 1682 } 1683 log_debugx("incoming connection; forking child process #%d", 1684 nchildren); 1685 nchildren++; 1686 pid = fork(); 1687 if (pid < 0) 1688 log_err(1, "fork"); 1689 if (pid > 0) { 1690 close(fd); 1691 return; 1692 } 1693 } 1694 pidfile_close(conf->conf_pidfh); 1695 1696 error = getnameinfo(client_sa, client_sa->sa_len, 1697 host, sizeof(host), NULL, 0, NI_NUMERICHOST); 1698 if (error != 0) 1699 log_errx(1, "getnameinfo: %s", gai_strerror(error)); 1700 1701 log_debugx("accepted connection from %s; portal group \"%s\"", 1702 host, portal->p_portal_group->pg_name); 1703 log_set_peer_addr(host); 1704 setproctitle("%s", host); 1705 1706 conn = connection_new(portal, fd, host, client_sa); 1707 set_timeout(conf); 1708 kernel_capsicate(); 1709 login(conn); 1710 if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) { 1711 kernel_handoff(conn); 1712 log_debugx("connection handed off to the kernel"); 1713 } else { 1714 assert(conn->conn_session_type == CONN_SESSION_TYPE_DISCOVERY); 1715 discovery(conn); 1716 } 1717 log_debugx("nothing more to do; exiting"); 1718 exit(0); 1719} 1720 1721static int 1722fd_add(int fd, fd_set *fdset, int nfds) 1723{ 1724 1725 /* 1726 * Skip sockets which we failed to bind. 1727 */ 1728 if (fd <= 0) 1729 return (nfds); 1730 1731 FD_SET(fd, fdset); 1732 if (fd > nfds) 1733 nfds = fd; 1734 return (nfds); 1735} 1736 1737static void 1738main_loop(struct conf *conf, bool dont_fork) 1739{ 1740 struct portal_group *pg; 1741 struct portal *portal; 1742 struct sockaddr_storage client_sa; 1743 socklen_t client_salen; 1744#ifdef ICL_KERNEL_PROXY 1745 int connection_id; 1746 int portal_id; 1747#endif 1748 fd_set fdset; 1749 int error, nfds, client_fd; 1750 1751 pidfile_write(conf->conf_pidfh); 1752 1753 for (;;) { 1754 if (sighup_received || sigterm_received) 1755 return; 1756 1757#ifdef ICL_KERNEL_PROXY 1758 if (proxy_mode) { 1759 client_salen = sizeof(client_sa); 1760 kernel_accept(&connection_id, &portal_id, 1761 (struct sockaddr *)&client_sa, &client_salen); 1762 assert(client_salen >= client_sa.ss_len); 1763 1764 log_debugx("incoming connection, id %d, portal id %d", 1765 connection_id, portal_id); 1766 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 1767 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) { 1768 if (portal->p_id == portal_id) { 1769 goto found; 1770 } 1771 } 1772 } 1773 1774 log_errx(1, "kernel returned invalid portal_id %d", 1775 portal_id); 1776 1777found: 1778 handle_connection(portal, connection_id, 1779 (struct sockaddr *)&client_sa, dont_fork); 1780 } else { 1781#endif 1782 assert(proxy_mode == false); 1783 1784 FD_ZERO(&fdset); 1785 nfds = 0; 1786 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 1787 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) 1788 nfds = fd_add(portal->p_socket, &fdset, nfds); 1789 } 1790 error = select(nfds + 1, &fdset, NULL, NULL, NULL); 1791 if (error <= 0) { 1792 if (errno == EINTR) 1793 return; 1794 log_err(1, "select"); 1795 } 1796 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) { 1797 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) { 1798 if (!FD_ISSET(portal->p_socket, &fdset)) 1799 continue; 1800 client_salen = sizeof(client_sa); 1801 client_fd = accept(portal->p_socket, 1802 (struct sockaddr *)&client_sa, 1803 &client_salen); 1804 if (client_fd < 0) 1805 log_err(1, "accept"); 1806 assert(client_salen >= client_sa.ss_len); 1807 1808 handle_connection(portal, client_fd, 1809 (struct sockaddr *)&client_sa, 1810 dont_fork); 1811 break; 1812 } 1813 } 1814#ifdef ICL_KERNEL_PROXY 1815 } 1816#endif 1817 } 1818} 1819 1820static void 1821sighup_handler(int dummy __unused) 1822{ 1823 1824 sighup_received = true; 1825} 1826 1827static void 1828sigterm_handler(int dummy __unused) 1829{ 1830 1831 sigterm_received = true; 1832} 1833 1834static void 1835sigchld_handler(int dummy __unused) 1836{ 1837 1838 /* 1839 * The only purpose of this handler is to make SIGCHLD 1840 * interrupt the ISCSIDWAIT ioctl(2), so we can call 1841 * wait_for_children(). 1842 */ 1843} 1844 1845static void 1846register_signals(void) 1847{ 1848 struct sigaction sa; 1849 int error; 1850 1851 bzero(&sa, sizeof(sa)); 1852 sa.sa_handler = sighup_handler; 1853 sigfillset(&sa.sa_mask); 1854 error = sigaction(SIGHUP, &sa, NULL); 1855 if (error != 0) 1856 log_err(1, "sigaction"); 1857 1858 sa.sa_handler = sigterm_handler; 1859 error = sigaction(SIGTERM, &sa, NULL); 1860 if (error != 0) 1861 log_err(1, "sigaction"); 1862 1863 sa.sa_handler = sigterm_handler; 1864 error = sigaction(SIGINT, &sa, NULL); 1865 if (error != 0) 1866 log_err(1, "sigaction"); 1867 1868 sa.sa_handler = sigchld_handler; 1869 error = sigaction(SIGCHLD, &sa, NULL); 1870 if (error != 0) 1871 log_err(1, "sigaction"); 1872} 1873 1874int 1875main(int argc, char **argv) 1876{ 1877 struct conf *oldconf, *newconf, *tmpconf; 1878 const char *config_path = DEFAULT_CONFIG_PATH; 1879 int debug = 0, ch, error; 1880 bool dont_daemonize = false; 1881 1882 while ((ch = getopt(argc, argv, "df:R")) != -1) { 1883 switch (ch) { 1884 case 'd': 1885 dont_daemonize = true; 1886 debug++; 1887 break; 1888 case 'f': 1889 config_path = optarg; 1890 break; 1891 case 'R': 1892#ifndef ICL_KERNEL_PROXY 1893 log_errx(1, "ctld(8) compiled without ICL_KERNEL_PROXY " 1894 "does not support iSER protocol"); 1895#endif 1896 proxy_mode = true; 1897 break; 1898 case '?': 1899 default: 1900 usage(); 1901 } 1902 } 1903 argc -= optind; 1904 if (argc != 0) 1905 usage(); 1906 1907 log_init(debug); 1908 kernel_init(); 1909 1910 oldconf = conf_new_from_kernel(); 1911 newconf = conf_new_from_file(config_path); 1912 if (newconf == NULL) 1913 log_errx(1, "configuration error; exiting"); 1914 if (debug > 0) { 1915 oldconf->conf_debug = debug; 1916 newconf->conf_debug = debug; 1917 } 1918 1919 error = conf_apply(oldconf, newconf); 1920 if (error != 0) 1921 log_errx(1, "failed to apply configuration; exiting"); 1922 1923 conf_delete(oldconf); 1924 oldconf = NULL; 1925 1926 register_signals(); 1927 1928 if (dont_daemonize == false) { 1929 log_debugx("daemonizing"); 1930 if (daemon(0, 0) == -1) { 1931 log_warn("cannot daemonize"); 1932 pidfile_remove(newconf->conf_pidfh); 1933 exit(1); 1934 } 1935 } 1936 1937 for (;;) { 1938 main_loop(newconf, dont_daemonize); 1939 if (sighup_received) { 1940 sighup_received = false; 1941 log_debugx("received SIGHUP, reloading configuration"); 1942 tmpconf = conf_new_from_file(config_path); 1943 if (tmpconf == NULL) { 1944 log_warnx("configuration error, " 1945 "continuing with old configuration"); 1946 } else { 1947 if (debug > 0) 1948 tmpconf->conf_debug = debug; 1949 oldconf = newconf; 1950 newconf = tmpconf; 1951 error = conf_apply(oldconf, newconf); 1952 if (error != 0) 1953 log_warnx("failed to reload " 1954 "configuration"); 1955 conf_delete(oldconf); 1956 oldconf = NULL; 1957 } 1958 } else if (sigterm_received) { 1959 log_debugx("exiting on signal; " 1960 "reloading empty configuration"); 1961 1962 log_debugx("disabling CTL iSCSI port " 1963 "and terminating all connections"); 1964 1965 oldconf = newconf; 1966 newconf = conf_new(); 1967 if (debug > 0) 1968 newconf->conf_debug = debug; 1969 error = conf_apply(oldconf, newconf); 1970 if (error != 0) 1971 log_warnx("failed to apply configuration"); 1972 1973 log_warnx("exiting on signal"); 1974 exit(0); 1975 } else { 1976 nchildren -= wait_for_children(false); 1977 assert(nchildren >= 0); 1978 } 1979 } 1980 /* NOTREACHED */ 1981} 1982