2 * Copyright (c) 2012 The FreeBSD Foundation
5 * This software was developed by Edward Tomasz Napierala under sponsorship
6 * from the FreeBSD Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 #include <sys/types.h>
34 #include <sys/socket.h>
36 #include <netinet/in.h>
51 static volatile bool sighup_received = false;
52 static volatile bool sigterm_received = false;
53 static volatile bool sigalrm_received = false;
55 static int nchildren = 0;
61 fprintf(stderr, "usage: ctld [-d][-f config-file]\n");
66 checked_strdup(const char *s)
81 conf = calloc(1, sizeof(*conf));
84 TAILQ_INIT(&conf->conf_targets);
85 TAILQ_INIT(&conf->conf_auth_groups);
86 TAILQ_INIT(&conf->conf_portal_groups);
89 conf->conf_timeout = 60;
90 conf->conf_maxproc = 30;
96 conf_delete(struct conf *conf)
98 struct target *targ, *tmp;
99 struct auth_group *ag, *cagtmp;
100 struct portal_group *pg, *cpgtmp;
102 assert(conf->conf_pidfh == NULL);
104 TAILQ_FOREACH_SAFE(targ, &conf->conf_targets, t_next, tmp)
106 TAILQ_FOREACH_SAFE(ag, &conf->conf_auth_groups, ag_next, cagtmp)
107 auth_group_delete(ag);
108 TAILQ_FOREACH_SAFE(pg, &conf->conf_portal_groups, pg_next, cpgtmp)
109 portal_group_delete(pg);
110 free(conf->conf_pidfile_path);
115 auth_new(struct auth_group *ag)
119 auth = calloc(1, sizeof(*auth));
121 log_err(1, "calloc");
122 auth->a_auth_group = ag;
123 TAILQ_INSERT_TAIL(&ag->ag_auths, auth, a_next);
128 auth_delete(struct auth *auth)
130 TAILQ_REMOVE(&auth->a_auth_group->ag_auths, auth, a_next);
133 free(auth->a_secret);
134 free(auth->a_mutual_user);
135 free(auth->a_mutual_secret);
140 auth_find(struct auth_group *ag, const char *user)
142 const struct auth *auth;
144 TAILQ_FOREACH(auth, &ag->ag_auths, a_next) {
145 if (strcmp(auth->a_user, user) == 0)
152 const struct auth_name *
153 auth_name_new(struct auth_group *ag, const char *name)
155 struct auth_name *an;
157 an = calloc(1, sizeof(*an));
159 log_err(1, "calloc");
160 an->an_auth_group = ag;
161 an->an_initator_name = checked_strdup(name);
162 TAILQ_INSERT_TAIL(&ag->ag_names, an, an_next);
167 auth_name_delete(struct auth_name *an)
169 TAILQ_REMOVE(&an->an_auth_group->ag_names, an, an_next);
171 free(an->an_initator_name);
176 auth_name_defined(const struct auth_group *ag)
178 if (TAILQ_EMPTY(&ag->ag_names))
183 const struct auth_name *
184 auth_name_find(const struct auth_group *ag, const char *name)
186 const struct auth_name *auth_name;
188 TAILQ_FOREACH(auth_name, &ag->ag_names, an_next) {
189 if (strcmp(auth_name->an_initator_name, name) == 0)
196 const struct auth_portal *
197 auth_portal_new(struct auth_group *ag, const char *portal)
199 struct auth_portal *ap;
201 ap = calloc(1, sizeof(*ap));
203 log_err(1, "calloc");
204 ap->ap_auth_group = ag;
205 ap->ap_initator_portal = checked_strdup(portal);
206 TAILQ_INSERT_TAIL(&ag->ag_portals, ap, ap_next);
211 auth_portal_delete(struct auth_portal *ap)
213 TAILQ_REMOVE(&ap->ap_auth_group->ag_portals, ap, ap_next);
215 free(ap->ap_initator_portal);
220 auth_portal_defined(const struct auth_group *ag)
222 if (TAILQ_EMPTY(&ag->ag_portals))
227 const struct auth_portal *
228 auth_portal_find(const struct auth_group *ag, const char *portal)
230 const struct auth_portal *auth_portal;
232 TAILQ_FOREACH(auth_portal, &ag->ag_portals, ap_next) {
233 if (strcmp(auth_portal->ap_initator_portal, portal) == 0)
234 return (auth_portal);
241 auth_group_new(struct conf *conf, const char *name)
243 struct auth_group *ag;
246 ag = auth_group_find(conf, name);
248 log_warnx("duplicated auth-group \"%s\"", name);
253 ag = calloc(1, sizeof(*ag));
255 log_err(1, "calloc");
257 ag->ag_name = checked_strdup(name);
258 TAILQ_INIT(&ag->ag_auths);
259 TAILQ_INIT(&ag->ag_names);
260 TAILQ_INIT(&ag->ag_portals);
262 TAILQ_INSERT_TAIL(&conf->conf_auth_groups, ag, ag_next);
268 auth_group_delete(struct auth_group *ag)
270 struct auth *auth, *auth_tmp;
271 struct auth_name *auth_name, *auth_name_tmp;
272 struct auth_portal *auth_portal, *auth_portal_tmp;
274 TAILQ_REMOVE(&ag->ag_conf->conf_auth_groups, ag, ag_next);
276 TAILQ_FOREACH_SAFE(auth, &ag->ag_auths, a_next, auth_tmp)
278 TAILQ_FOREACH_SAFE(auth_name, &ag->ag_names, an_next, auth_name_tmp)
279 auth_name_delete(auth_name);
280 TAILQ_FOREACH_SAFE(auth_portal, &ag->ag_portals, ap_next,
282 auth_portal_delete(auth_portal);
288 auth_group_find(struct conf *conf, const char *name)
290 struct auth_group *ag;
292 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
293 if (ag->ag_name != NULL && strcmp(ag->ag_name, name) == 0)
301 auth_check_secret_length(struct auth *auth)
305 len = strlen(auth->a_secret);
307 if (auth->a_auth_group->ag_name != NULL)
308 log_warnx("secret for user \"%s\", auth-group \"%s\", "
309 "is too long; it should be at most 16 characters "
310 "long", auth->a_user, auth->a_auth_group->ag_name);
312 log_warnx("secret for user \"%s\", target \"%s\", "
313 "is too long; it should be at most 16 characters "
314 "long", auth->a_user,
315 auth->a_auth_group->ag_target->t_iqn);
318 if (auth->a_auth_group->ag_name != NULL)
319 log_warnx("secret for user \"%s\", auth-group \"%s\", "
320 "is too short; it should be at least 12 characters "
321 "long", auth->a_user,
322 auth->a_auth_group->ag_name);
324 log_warnx("secret for user \"%s\", target \"%s\", "
325 "is too short; it should be at least 16 characters "
326 "long", auth->a_user,
327 auth->a_auth_group->ag_target->t_iqn);
330 if (auth->a_mutual_secret != NULL) {
331 len = strlen(auth->a_secret);
333 if (auth->a_auth_group->ag_name != NULL)
334 log_warnx("mutual secret for user \"%s\", "
335 "auth-group \"%s\", is too long; it should "
336 "be at most 16 characters long",
337 auth->a_user, auth->a_auth_group->ag_name);
339 log_warnx("mutual secret for user \"%s\", "
340 "target \"%s\", is too long; it should "
341 "be at most 16 characters long",
343 auth->a_auth_group->ag_target->t_iqn);
346 if (auth->a_auth_group->ag_name != NULL)
347 log_warnx("mutual secret for user \"%s\", "
348 "auth-group \"%s\", is too short; it "
349 "should be at least 12 characters long",
350 auth->a_user, auth->a_auth_group->ag_name);
352 log_warnx("mutual secret for user \"%s\", "
353 "target \"%s\", is too short; it should be "
354 "at least 16 characters long",
356 auth->a_auth_group->ag_target->t_iqn);
362 auth_new_chap(struct auth_group *ag, const char *user,
367 if (ag->ag_type == AG_TYPE_UNKNOWN)
368 ag->ag_type = AG_TYPE_CHAP;
369 if (ag->ag_type != AG_TYPE_CHAP) {
370 if (ag->ag_name != NULL)
371 log_warnx("cannot mix \"chap\" authentication with "
372 "other types for auth-group \"%s\"", ag->ag_name);
374 log_warnx("cannot mix \"chap\" authentication with "
375 "other types for target \"%s\"",
376 ag->ag_target->t_iqn);
381 auth->a_user = checked_strdup(user);
382 auth->a_secret = checked_strdup(secret);
384 auth_check_secret_length(auth);
390 auth_new_chap_mutual(struct auth_group *ag, const char *user,
391 const char *secret, const char *user2, const char *secret2)
395 if (ag->ag_type == AG_TYPE_UNKNOWN)
396 ag->ag_type = AG_TYPE_CHAP_MUTUAL;
397 if (ag->ag_type != AG_TYPE_CHAP_MUTUAL) {
398 if (ag->ag_name != NULL)
399 log_warnx("cannot mix \"chap-mutual\" authentication "
400 "with other types for auth-group \"%s\"",
403 log_warnx("cannot mix \"chap-mutual\" authentication "
404 "with other types for target \"%s\"",
405 ag->ag_target->t_iqn);
410 auth->a_user = checked_strdup(user);
411 auth->a_secret = checked_strdup(secret);
412 auth->a_mutual_user = checked_strdup(user2);
413 auth->a_mutual_secret = checked_strdup(secret2);
415 auth_check_secret_length(auth);
420 static struct portal *
421 portal_new(struct portal_group *pg)
423 struct portal *portal;
425 portal = calloc(1, sizeof(*portal));
427 log_err(1, "calloc");
428 TAILQ_INIT(&portal->p_targets);
429 portal->p_portal_group = pg;
430 TAILQ_INSERT_TAIL(&pg->pg_portals, portal, p_next);
435 portal_delete(struct portal *portal)
437 TAILQ_REMOVE(&portal->p_portal_group->pg_portals, portal, p_next);
438 freeaddrinfo(portal->p_ai);
439 free(portal->p_listen);
443 struct portal_group *
444 portal_group_new(struct conf *conf, const char *name)
446 struct portal_group *pg;
448 pg = portal_group_find(conf, name);
450 log_warnx("duplicated portal-group \"%s\"", name);
454 pg = calloc(1, sizeof(*pg));
456 log_err(1, "calloc");
457 pg->pg_name = checked_strdup(name);
458 TAILQ_INIT(&pg->pg_portals);
460 conf->conf_last_portal_group_tag++;
461 pg->pg_tag = conf->conf_last_portal_group_tag;
462 TAILQ_INSERT_TAIL(&conf->conf_portal_groups, pg, pg_next);
468 portal_group_delete(struct portal_group *pg)
470 struct portal *portal, *tmp;
472 TAILQ_REMOVE(&pg->pg_conf->conf_portal_groups, pg, pg_next);
474 TAILQ_FOREACH_SAFE(portal, &pg->pg_portals, p_next, tmp)
475 portal_delete(portal);
480 struct portal_group *
481 portal_group_find(struct conf *conf, const char *name)
483 struct portal_group *pg;
485 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
486 if (strcmp(pg->pg_name, name) == 0)
494 portal_group_add_listen(struct portal_group *pg, const char *value, bool iser)
496 struct addrinfo hints;
497 struct portal *portal;
498 char *addr, *ch, *arg;
500 int error, colons = 0;
502 #ifndef ICL_KERNEL_PROXY
504 log_warnx("ctld(8) compiled without ICL_KERNEL_PROXY "
505 "does not support iSER protocol");
510 portal = portal_new(pg);
511 portal->p_listen = checked_strdup(value);
512 portal->p_iser = iser;
514 arg = portal->p_listen;
515 if (arg[0] == '\0') {
516 log_warnx("empty listen address");
517 free(portal->p_listen);
523 * IPv6 address in square brackets, perhaps with port.
526 addr = strsep(&arg, "]");
528 log_warnx("invalid listen address %s",
530 free(portal->p_listen);
534 if (arg[0] == '\0') {
536 } else if (arg[0] == ':') {
539 log_warnx("invalid listen address %s",
541 free(portal->p_listen);
547 * Either IPv6 address without brackets - and without
548 * a port - or IPv4 address. Just count the colons.
550 for (ch = arg; *ch != '\0'; ch++) {
558 addr = strsep(&arg, ":");
566 memset(&hints, 0, sizeof(hints));
567 hints.ai_family = PF_UNSPEC;
568 hints.ai_socktype = SOCK_STREAM;
569 hints.ai_flags = AI_PASSIVE;
571 error = getaddrinfo(addr, port, &hints, &portal->p_ai);
573 log_warnx("getaddrinfo for %s failed: %s",
574 portal->p_listen, gai_strerror(error));
575 free(portal->p_listen);
581 * XXX: getaddrinfo(3) may return multiple addresses; we should turn
582 * those into multiple portals.
589 valid_hex(const char ch)
621 valid_iscsi_name(const char *name)
625 if (strlen(name) >= MAX_NAME_LEN) {
626 log_warnx("overlong name for target \"%s\"; max length allowed "
627 "by iSCSI specification is %d characters",
633 * In the cases below, we don't return an error, just in case the admin
634 * was right, and we're wrong.
636 if (strncasecmp(name, "iqn.", strlen("iqn.")) == 0) {
637 for (i = strlen("iqn."); name[i] != '\0'; i++) {
639 * XXX: We should verify UTF-8 normalisation, as defined
640 * by 3.2.6.2: iSCSI Name Encoding.
642 if (isalnum(name[i]))
644 if (name[i] == '-' || name[i] == '.' || name[i] == ':')
646 log_warnx("invalid character \"%c\" in target name "
647 "\"%s\"; allowed characters are letters, digits, "
648 "'-', '.', and ':'", name[i], name);
652 * XXX: Check more stuff: valid date and a valid reversed domain.
654 } else if (strncasecmp(name, "eui.", strlen("eui.")) == 0) {
655 if (strlen(name) != strlen("eui.") + 16)
656 log_warnx("invalid target name \"%s\"; the \"eui.\" "
657 "should be followed by exactly 16 hexadecimal "
659 for (i = strlen("eui."); name[i] != '\0'; i++) {
660 if (!valid_hex(name[i])) {
661 log_warnx("invalid character \"%c\" in target "
662 "name \"%s\"; allowed characters are 1-9 "
663 "and A-F", name[i], name);
667 } else if (strncasecmp(name, "naa.", strlen("naa.")) == 0) {
668 if (strlen(name) > strlen("naa.") + 32)
669 log_warnx("invalid target name \"%s\"; the \"naa.\" "
670 "should be followed by at most 32 hexadecimal "
672 for (i = strlen("naa."); name[i] != '\0'; i++) {
673 if (!valid_hex(name[i])) {
674 log_warnx("invalid character \"%c\" in target "
675 "name \"%s\"; allowed characters are 1-9 "
676 "and A-F", name[i], name);
681 log_warnx("invalid target name \"%s\"; should start with "
682 "either \".iqn\", \"eui.\", or \"naa.\"",
689 target_new(struct conf *conf, const char *iqn)
694 targ = target_find(conf, iqn);
696 log_warnx("duplicated target \"%s\"", iqn);
699 if (valid_iscsi_name(iqn) == false) {
700 log_warnx("target name \"%s\" is invalid", iqn);
703 targ = calloc(1, sizeof(*targ));
705 log_err(1, "calloc");
706 targ->t_iqn = checked_strdup(iqn);
709 * RFC 3722 requires us to normalize the name to lowercase.
712 for (i = 0; i < len; i++)
713 targ->t_iqn[i] = tolower(targ->t_iqn[i]);
715 TAILQ_INIT(&targ->t_luns);
717 TAILQ_INSERT_TAIL(&conf->conf_targets, targ, t_next);
723 target_delete(struct target *targ)
725 struct lun *lun, *tmp;
727 TAILQ_REMOVE(&targ->t_conf->conf_targets, targ, t_next);
729 TAILQ_FOREACH_SAFE(lun, &targ->t_luns, l_next, tmp)
736 target_find(struct conf *conf, const char *iqn)
740 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
741 if (strcasecmp(targ->t_iqn, iqn) == 0)
749 lun_new(struct target *targ, int lun_id)
753 lun = lun_find(targ, lun_id);
755 log_warnx("duplicated lun %d for target \"%s\"",
756 lun_id, targ->t_iqn);
760 lun = calloc(1, sizeof(*lun));
762 log_err(1, "calloc");
764 TAILQ_INIT(&lun->l_options);
765 lun->l_target = targ;
766 TAILQ_INSERT_TAIL(&targ->t_luns, lun, l_next);
772 lun_delete(struct lun *lun)
774 struct lun_option *lo, *tmp;
776 TAILQ_REMOVE(&lun->l_target->t_luns, lun, l_next);
778 TAILQ_FOREACH_SAFE(lo, &lun->l_options, lo_next, tmp)
779 lun_option_delete(lo);
780 free(lun->l_backend);
781 free(lun->l_device_id);
788 lun_find(struct target *targ, int lun_id)
792 TAILQ_FOREACH(lun, &targ->t_luns, l_next) {
793 if (lun->l_lun == lun_id)
801 lun_set_backend(struct lun *lun, const char *value)
803 free(lun->l_backend);
804 lun->l_backend = checked_strdup(value);
808 lun_set_blocksize(struct lun *lun, size_t value)
811 lun->l_blocksize = value;
815 lun_set_device_id(struct lun *lun, const char *value)
817 free(lun->l_device_id);
818 lun->l_device_id = checked_strdup(value);
822 lun_set_path(struct lun *lun, const char *value)
825 lun->l_path = checked_strdup(value);
829 lun_set_serial(struct lun *lun, const char *value)
832 lun->l_serial = checked_strdup(value);
836 lun_set_size(struct lun *lun, size_t value)
843 lun_set_ctl_lun(struct lun *lun, uint32_t value)
846 lun->l_ctl_lun = value;
850 lun_option_new(struct lun *lun, const char *name, const char *value)
852 struct lun_option *lo;
854 lo = lun_option_find(lun, name);
856 log_warnx("duplicated lun option %s for lun %d, target \"%s\"",
857 name, lun->l_lun, lun->l_target->t_iqn);
861 lo = calloc(1, sizeof(*lo));
863 log_err(1, "calloc");
864 lo->lo_name = checked_strdup(name);
865 lo->lo_value = checked_strdup(value);
867 TAILQ_INSERT_TAIL(&lun->l_options, lo, lo_next);
873 lun_option_delete(struct lun_option *lo)
876 TAILQ_REMOVE(&lo->lo_lun->l_options, lo, lo_next);
884 lun_option_find(struct lun *lun, const char *name)
886 struct lun_option *lo;
888 TAILQ_FOREACH(lo, &lun->l_options, lo_next) {
889 if (strcmp(lo->lo_name, name) == 0)
897 lun_option_set(struct lun_option *lo, const char *value)
901 lo->lo_value = checked_strdup(value);
904 static struct connection *
905 connection_new(struct portal *portal, int fd, const char *host)
907 struct connection *conn;
909 conn = calloc(1, sizeof(*conn));
911 log_err(1, "calloc");
912 conn->conn_portal = portal;
913 conn->conn_socket = fd;
914 conn->conn_initiator_addr = checked_strdup(host);
917 * Default values, from RFC 3720, section 12.
919 conn->conn_max_data_segment_length = 8192;
920 conn->conn_max_burst_length = 262144;
921 conn->conn_immediate_data = true;
928 conf_print(struct conf *conf)
930 struct auth_group *ag;
932 struct auth_name *auth_name;
933 struct auth_portal *auth_portal;
934 struct portal_group *pg;
935 struct portal *portal;
938 struct lun_option *lo;
940 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
941 fprintf(stderr, "auth-group %s {\n", ag->ag_name);
942 TAILQ_FOREACH(auth, &ag->ag_auths, a_next)
943 fprintf(stderr, "\t chap-mutual %s %s %s %s\n",
944 auth->a_user, auth->a_secret,
945 auth->a_mutual_user, auth->a_mutual_secret);
946 TAILQ_FOREACH(auth_name, &ag->ag_names, an_next)
947 fprintf(stderr, "\t initiator-name %s\n",
948 auth_name->an_initator_name);
949 TAILQ_FOREACH(auth_portal, &ag->ag_portals, an_next)
950 fprintf(stderr, "\t initiator-portal %s\n",
951 auth_portal->an_initator_portal);
952 fprintf(stderr, "}\n");
954 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
955 fprintf(stderr, "portal-group %s {\n", pg->pg_name);
956 TAILQ_FOREACH(portal, &pg->pg_portals, p_next)
957 fprintf(stderr, "\t listen %s\n", portal->p_listen);
958 fprintf(stderr, "}\n");
960 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
961 fprintf(stderr, "target %s {\n", targ->t_iqn);
962 if (targ->t_alias != NULL)
963 fprintf(stderr, "\t alias %s\n", targ->t_alias);
964 TAILQ_FOREACH(lun, &targ->t_luns, l_next) {
965 fprintf(stderr, "\tlun %d {\n", lun->l_lun);
966 fprintf(stderr, "\t\tpath %s\n", lun->l_path);
967 TAILQ_FOREACH(lo, &lun->l_options, lo_next)
968 fprintf(stderr, "\t\toption %s %s\n",
969 lo->lo_name, lo->lo_value);
970 fprintf(stderr, "\t}\n");
972 fprintf(stderr, "}\n");
978 conf_verify_lun(struct lun *lun)
980 const struct lun *lun2;
981 const struct target *targ2;
983 if (lun->l_backend == NULL)
984 lun_set_backend(lun, "block");
985 if (strcmp(lun->l_backend, "block") == 0) {
986 if (lun->l_path == NULL) {
987 log_warnx("missing path for lun %d, target \"%s\"",
988 lun->l_lun, lun->l_target->t_iqn);
991 } else if (strcmp(lun->l_backend, "ramdisk") == 0) {
992 if (lun->l_size == 0) {
993 log_warnx("missing size for ramdisk-backed lun %d, "
994 "target \"%s\"", lun->l_lun, lun->l_target->t_iqn);
997 if (lun->l_path != NULL) {
998 log_warnx("path must not be specified "
999 "for ramdisk-backed lun %d, target \"%s\"",
1000 lun->l_lun, lun->l_target->t_iqn);
1004 if (lun->l_lun < 0 || lun->l_lun > 255) {
1005 log_warnx("invalid lun number for lun %d, target \"%s\"; "
1006 "must be between 0 and 255", lun->l_lun,
1007 lun->l_target->t_iqn);
1010 if (lun->l_blocksize == 0) {
1011 lun_set_blocksize(lun, DEFAULT_BLOCKSIZE);
1012 } else if (lun->l_blocksize < 0) {
1013 log_warnx("invalid blocksize for lun %d, target \"%s\"; "
1014 "must be larger than 0", lun->l_lun, lun->l_target->t_iqn);
1017 if (lun->l_size != 0 && lun->l_size % lun->l_blocksize != 0) {
1018 log_warnx("invalid size for lun %d, target \"%s\"; "
1019 "must be multiple of blocksize", lun->l_lun,
1020 lun->l_target->t_iqn);
1023 TAILQ_FOREACH(targ2, &lun->l_target->t_conf->conf_targets, t_next) {
1024 TAILQ_FOREACH(lun2, &targ2->t_luns, l_next) {
1027 if (lun->l_path != NULL && lun2->l_path != NULL &&
1028 strcmp(lun->l_path, lun2->l_path) == 0) {
1029 log_debugx("WARNING: path \"%s\" duplicated "
1030 "between lun %d, target \"%s\", and "
1031 "lun %d, target \"%s\"", lun->l_path,
1032 lun->l_lun, lun->l_target->t_iqn,
1033 lun2->l_lun, lun2->l_target->t_iqn);
1042 conf_verify(struct conf *conf)
1044 struct auth_group *ag;
1045 struct portal_group *pg;
1046 struct target *targ;
1051 if (conf->conf_pidfile_path == NULL)
1052 conf->conf_pidfile_path = checked_strdup(DEFAULT_PIDFILE);
1054 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1055 if (targ->t_auth_group == NULL) {
1056 log_warnx("missing authentication for target \"%s\"; "
1057 "must specify either \"auth-group\", \"chap\", "
1058 "or \"chap-mutual\"", targ->t_iqn);
1061 if (targ->t_portal_group == NULL) {
1062 targ->t_portal_group = portal_group_find(conf,
1064 assert(targ->t_portal_group != NULL);
1067 TAILQ_FOREACH(lun, &targ->t_luns, l_next) {
1068 error = conf_verify_lun(lun);
1071 if (lun->l_lun == 0)
1075 log_warnx("mandatory LUN 0 not configured "
1076 "for target \"%s\"", targ->t_iqn);
1080 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1081 assert(pg->pg_name != NULL);
1082 if (pg->pg_discovery_auth_group == NULL) {
1083 pg->pg_discovery_auth_group =
1084 auth_group_find(conf, "no-access");
1085 assert(pg->pg_discovery_auth_group != NULL);
1088 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1089 if (targ->t_portal_group == pg)
1093 if (strcmp(pg->pg_name, "default") != 0)
1094 log_warnx("portal-group \"%s\" not assigned "
1095 "to any target", pg->pg_name);
1096 pg->pg_unassigned = true;
1098 pg->pg_unassigned = false;
1100 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
1101 if (ag->ag_name == NULL)
1102 assert(ag->ag_target != NULL);
1104 assert(ag->ag_target == NULL);
1106 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1107 if (targ->t_auth_group == ag)
1110 if (targ == NULL && ag->ag_name != NULL &&
1111 strcmp(ag->ag_name, "no-authentication") != 0 &&
1112 strcmp(ag->ag_name, "no-access") != 0) {
1113 log_warnx("auth-group \"%s\" not assigned "
1114 "to any target", ag->ag_name);
1122 conf_apply(struct conf *oldconf, struct conf *newconf)
1124 struct target *oldtarg, *newtarg, *tmptarg;
1125 struct lun *oldlun, *newlun, *tmplun;
1126 struct portal_group *oldpg, *newpg;
1127 struct portal *oldp, *newp;
1129 int changed, cumulated_error = 0, error;
1130 #ifndef ICL_KERNEL_PROXY
1134 if (oldconf->conf_debug != newconf->conf_debug) {
1135 log_debugx("changing debug level to %d", newconf->conf_debug);
1136 log_init(newconf->conf_debug);
1139 if (oldconf->conf_pidfh != NULL) {
1140 assert(oldconf->conf_pidfile_path != NULL);
1141 if (newconf->conf_pidfile_path != NULL &&
1142 strcmp(oldconf->conf_pidfile_path,
1143 newconf->conf_pidfile_path) == 0) {
1144 newconf->conf_pidfh = oldconf->conf_pidfh;
1145 oldconf->conf_pidfh = NULL;
1147 log_debugx("removing pidfile %s",
1148 oldconf->conf_pidfile_path);
1149 pidfile_remove(oldconf->conf_pidfh);
1150 oldconf->conf_pidfh = NULL;
1154 if (newconf->conf_pidfh == NULL && newconf->conf_pidfile_path != NULL) {
1155 log_debugx("opening pidfile %s", newconf->conf_pidfile_path);
1156 newconf->conf_pidfh =
1157 pidfile_open(newconf->conf_pidfile_path, 0600, &otherpid);
1158 if (newconf->conf_pidfh == NULL) {
1159 if (errno == EEXIST)
1160 log_errx(1, "daemon already running, pid: %jd.",
1161 (intmax_t)otherpid);
1162 log_err(1, "cannot open or create pidfile \"%s\"",
1163 newconf->conf_pidfile_path);
1167 TAILQ_FOREACH_SAFE(oldtarg, &oldconf->conf_targets, t_next, tmptarg) {
1169 * First, remove any targets present in the old configuration
1170 * and missing in the new one.
1172 newtarg = target_find(newconf, oldtarg->t_iqn);
1173 if (newtarg == NULL) {
1174 TAILQ_FOREACH_SAFE(oldlun, &oldtarg->t_luns, l_next,
1176 log_debugx("target %s not found in new "
1177 "configuration; removing its lun %d, "
1178 "backed by CTL lun %d",
1179 oldtarg->t_iqn, oldlun->l_lun,
1181 error = kernel_lun_remove(oldlun);
1183 log_warnx("failed to remove lun %d, "
1184 "target %s, CTL lun %d",
1185 oldlun->l_lun, oldtarg->t_iqn,
1191 target_delete(oldtarg);
1196 * Second, remove any LUNs present in the old target
1197 * and missing in the new one.
1199 TAILQ_FOREACH_SAFE(oldlun, &oldtarg->t_luns, l_next, tmplun) {
1200 newlun = lun_find(newtarg, oldlun->l_lun);
1201 if (newlun == NULL) {
1202 log_debugx("lun %d, target %s, CTL lun %d "
1203 "not found in new configuration; "
1204 "removing", oldlun->l_lun, oldtarg->t_iqn,
1206 error = kernel_lun_remove(oldlun);
1208 log_warnx("failed to remove lun %d, "
1209 "target %s, CTL lun %d",
1210 oldlun->l_lun, oldtarg->t_iqn,
1219 * Also remove the LUNs changed by more than size.
1222 assert(oldlun->l_backend != NULL);
1223 assert(newlun->l_backend != NULL);
1224 if (strcmp(newlun->l_backend, oldlun->l_backend) != 0) {
1225 log_debugx("backend for lun %d, target %s, "
1226 "CTL lun %d changed; removing",
1227 oldlun->l_lun, oldtarg->t_iqn,
1231 if (oldlun->l_blocksize != newlun->l_blocksize) {
1232 log_debugx("blocksize for lun %d, target %s, "
1233 "CTL lun %d changed; removing",
1234 oldlun->l_lun, oldtarg->t_iqn,
1238 if (newlun->l_device_id != NULL &&
1239 (oldlun->l_device_id == NULL ||
1240 strcmp(oldlun->l_device_id, newlun->l_device_id) !=
1242 log_debugx("device-id for lun %d, target %s, "
1243 "CTL lun %d changed; removing",
1244 oldlun->l_lun, oldtarg->t_iqn,
1248 if (newlun->l_path != NULL &&
1249 (oldlun->l_path == NULL ||
1250 strcmp(oldlun->l_path, newlun->l_path) != 0)) {
1251 log_debugx("path for lun %d, target %s, "
1252 "CTL lun %d, changed; removing",
1253 oldlun->l_lun, oldtarg->t_iqn,
1257 if (newlun->l_serial != NULL &&
1258 (oldlun->l_serial == NULL ||
1259 strcmp(oldlun->l_serial, newlun->l_serial) != 0)) {
1260 log_debugx("serial for lun %d, target %s, "
1261 "CTL lun %d changed; removing",
1262 oldlun->l_lun, oldtarg->t_iqn,
1267 error = kernel_lun_remove(oldlun);
1269 log_warnx("failed to remove lun %d, "
1270 "target %s, CTL lun %d",
1271 oldlun->l_lun, oldtarg->t_iqn,
1279 lun_set_ctl_lun(newlun, oldlun->l_ctl_lun);
1284 * Now add new targets or modify existing ones.
1286 TAILQ_FOREACH(newtarg, &newconf->conf_targets, t_next) {
1287 oldtarg = target_find(oldconf, newtarg->t_iqn);
1289 TAILQ_FOREACH(newlun, &newtarg->t_luns, l_next) {
1290 if (oldtarg != NULL) {
1291 oldlun = lun_find(oldtarg, newlun->l_lun);
1292 if (oldlun != NULL) {
1293 if (newlun->l_size != oldlun->l_size) {
1294 log_debugx("resizing lun %d, "
1295 "target %s, CTL lun %d",
1300 kernel_lun_resize(newlun);
1302 log_warnx("failed to "
1315 log_debugx("adding lun %d, target %s",
1316 newlun->l_lun, newtarg->t_iqn);
1317 error = kernel_lun_add(newlun);
1319 log_warnx("failed to add lun %d, target %s",
1320 newlun->l_lun, newtarg->t_iqn);
1327 * Go through the new portals, opening the sockets as neccessary.
1329 TAILQ_FOREACH(newpg, &newconf->conf_portal_groups, pg_next) {
1330 if (newpg->pg_unassigned) {
1331 log_debugx("not listening on portal-group \"%s\", "
1332 "not assigned to any target",
1336 TAILQ_FOREACH(newp, &newpg->pg_portals, p_next) {
1338 * Try to find already open portal and reuse
1339 * the listening socket. We don't care about
1340 * what portal or portal group that was, what
1341 * matters is the listening address.
1343 TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups,
1345 TAILQ_FOREACH(oldp, &oldpg->pg_portals,
1347 if (strcmp(newp->p_listen,
1348 oldp->p_listen) == 0 &&
1349 oldp->p_socket > 0) {
1357 if (newp->p_socket > 0) {
1359 * We're done with this portal.
1364 #ifdef ICL_KERNEL_PROXY
1365 log_debugx("listening on %s, portal-group \"%s\" using ICL proxy",
1366 newp->p_listen, newpg->pg_name);
1367 kernel_listen(newp->p_ai, newp->p_iser);
1369 assert(newp->p_iser == false);
1371 log_debugx("listening on %s, portal-group \"%s\"",
1372 newp->p_listen, newpg->pg_name);
1373 newp->p_socket = socket(newp->p_ai->ai_family,
1374 newp->p_ai->ai_socktype,
1375 newp->p_ai->ai_protocol);
1376 if (newp->p_socket < 0) {
1377 log_warn("socket(2) failed for %s",
1382 error = setsockopt(newp->p_socket, SOL_SOCKET,
1383 SO_REUSEADDR, &one, sizeof(one));
1385 log_warn("setsockopt(SO_REUSEADDR) failed "
1386 "for %s", newp->p_listen);
1387 close(newp->p_socket);
1392 error = bind(newp->p_socket, newp->p_ai->ai_addr,
1393 newp->p_ai->ai_addrlen);
1395 log_warn("bind(2) failed for %s",
1397 close(newp->p_socket);
1402 error = listen(newp->p_socket, -1);
1404 log_warn("listen(2) failed for %s",
1406 close(newp->p_socket);
1411 #endif /* !ICL_KERNEL_PROXY */
1416 * Go through the no longer used sockets, closing them.
1418 TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups, pg_next) {
1419 TAILQ_FOREACH(oldp, &oldpg->pg_portals, p_next) {
1420 if (oldp->p_socket <= 0)
1422 log_debugx("closing socket for %s, portal-group \"%s\"",
1423 oldp->p_listen, oldpg->pg_name);
1424 close(oldp->p_socket);
1429 return (cumulated_error);
1436 return (sigalrm_received);
1440 sigalrm_handler(int dummy __unused)
1443 * It would be easiest to just log an error and exit. We can't
1444 * do this, though, because log_errx() is not signal safe, since
1445 * it calls syslog(3). Instead, set a flag checked by pdu_send()
1446 * and pdu_receive(), to call log_errx() there. Should they fail
1447 * to notice, we'll exit here one second later.
1449 if (sigalrm_received) {
1451 * Oh well. Just give up and quit.
1456 sigalrm_received = true;
1460 set_timeout(const struct conf *conf)
1462 struct sigaction sa;
1463 struct itimerval itv;
1466 if (conf->conf_timeout <= 0) {
1467 log_debugx("session timeout disabled");
1471 bzero(&sa, sizeof(sa));
1472 sa.sa_handler = sigalrm_handler;
1473 sigfillset(&sa.sa_mask);
1474 error = sigaction(SIGALRM, &sa, NULL);
1476 log_err(1, "sigaction");
1479 * First SIGALRM will arive after conf_timeout seconds.
1480 * If we do nothing, another one will arrive a second later.
1482 bzero(&itv, sizeof(itv));
1483 itv.it_interval.tv_sec = 1;
1484 itv.it_value.tv_sec = conf->conf_timeout;
1486 log_debugx("setting session timeout to %d seconds",
1487 conf->conf_timeout);
1488 error = setitimer(ITIMER_REAL, &itv, NULL);
1490 log_err(1, "setitimer");
1494 wait_for_children(bool block)
1502 * If "block" is true, wait for at least one process.
1504 if (block && num == 0)
1505 pid = wait4(-1, &status, 0, NULL);
1507 pid = wait4(-1, &status, WNOHANG, NULL);
1510 if (WIFSIGNALED(status)) {
1511 log_warnx("child process %d terminated with signal %d",
1512 pid, WTERMSIG(status));
1513 } else if (WEXITSTATUS(status) != 0) {
1514 log_warnx("child process %d terminated with exit status %d",
1515 pid, WEXITSTATUS(status));
1517 log_debugx("child process %d terminated gracefully", pid);
1526 handle_connection(struct portal *portal, int fd, bool dont_fork)
1528 struct connection *conn;
1529 #ifndef ICL_KERNEL_PROXY
1530 struct sockaddr_storage ss;
1531 socklen_t sslen = sizeof(ss);
1535 char host[NI_MAXHOST + 1];
1538 conf = portal->p_portal_group->pg_conf;
1541 log_debugx("incoming connection; not forking due to -d flag");
1543 nchildren -= wait_for_children(false);
1544 assert(nchildren >= 0);
1546 while (conf->conf_maxproc > 0 && nchildren >= conf->conf_maxproc) {
1547 log_debugx("maxproc limit of %d child processes hit; "
1548 "waiting for child process to exit", conf->conf_maxproc);
1549 nchildren -= wait_for_children(true);
1550 assert(nchildren >= 0);
1552 log_debugx("incoming connection; forking child process #%d",
1563 pidfile_close(conf->conf_pidfh);
1565 #ifdef ICL_KERNEL_PROXY
1569 log_set_peer_addr("XXX");
1571 error = getpeername(fd, (struct sockaddr *)&ss, &sslen);
1573 log_err(1, "getpeername");
1574 error = getnameinfo((struct sockaddr *)&ss, sslen,
1575 host, sizeof(host), NULL, 0, NI_NUMERICHOST);
1577 log_errx(1, "getaddrinfo: %s", gai_strerror(error));
1579 log_debugx("accepted connection from %s; portal group \"%s\"",
1580 host, portal->p_portal_group->pg_name);
1581 log_set_peer_addr(host);
1582 setproctitle("%s", host);
1585 conn = connection_new(portal, fd, host);
1589 if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) {
1590 kernel_handoff(conn);
1591 log_debugx("connection handed off to the kernel");
1593 assert(conn->conn_session_type == CONN_SESSION_TYPE_DISCOVERY);
1596 log_debugx("nothing more to do; exiting");
1600 #ifndef ICL_KERNEL_PROXY
1602 fd_add(int fd, fd_set *fdset, int nfds)
1606 * Skip sockets which we failed to bind.
1619 main_loop(struct conf *conf, bool dont_fork)
1621 struct portal_group *pg;
1622 struct portal *portal;
1623 #ifdef ICL_KERNEL_PROXY
1627 int error, nfds, client_fd;
1630 pidfile_write(conf->conf_pidfh);
1633 if (sighup_received || sigterm_received)
1636 #ifdef ICL_KERNEL_PROXY
1637 connection_id = kernel_accept();
1638 if (connection_id == 0)
1642 * XXX: This is obviously temporary.
1644 pg = TAILQ_FIRST(&conf->conf_portal_groups);
1645 portal = TAILQ_FIRST(&pg->pg_portals);
1647 handle_connection(portal, connection_id, dont_fork);
1651 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1652 TAILQ_FOREACH(portal, &pg->pg_portals, p_next)
1653 nfds = fd_add(portal->p_socket, &fdset, nfds);
1655 error = select(nfds + 1, &fdset, NULL, NULL, NULL);
1659 log_err(1, "select");
1661 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1662 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
1663 if (!FD_ISSET(portal->p_socket, &fdset))
1665 client_fd = accept(portal->p_socket, NULL, 0);
1667 log_err(1, "accept");
1668 handle_connection(portal, client_fd, dont_fork);
1672 #endif /* !ICL_KERNEL_PROXY */
1677 sighup_handler(int dummy __unused)
1680 sighup_received = true;
1684 sigterm_handler(int dummy __unused)
1687 sigterm_received = true;
1691 register_signals(void)
1693 struct sigaction sa;
1696 bzero(&sa, sizeof(sa));
1697 sa.sa_handler = sighup_handler;
1698 sigfillset(&sa.sa_mask);
1699 error = sigaction(SIGHUP, &sa, NULL);
1701 log_err(1, "sigaction");
1703 sa.sa_handler = sigterm_handler;
1704 error = sigaction(SIGTERM, &sa, NULL);
1706 log_err(1, "sigaction");
1708 sa.sa_handler = sigterm_handler;
1709 error = sigaction(SIGINT, &sa, NULL);
1711 log_err(1, "sigaction");
1715 main(int argc, char **argv)
1717 struct conf *oldconf, *newconf, *tmpconf;
1718 const char *config_path = DEFAULT_CONFIG_PATH;
1719 int debug = 0, ch, error;
1720 bool dont_daemonize = false;
1722 while ((ch = getopt(argc, argv, "df:")) != -1) {
1725 dont_daemonize = true;
1729 config_path = optarg;
1743 oldconf = conf_new_from_kernel();
1744 newconf = conf_new_from_file(config_path);
1745 if (newconf == NULL)
1746 log_errx(1, "configuration error, exiting");
1748 oldconf->conf_debug = debug;
1749 newconf->conf_debug = debug;
1752 #ifdef ICL_KERNEL_PROXY
1753 log_debugx("enabling CTL iSCSI port");
1754 error = kernel_port_on();
1756 log_errx(1, "failed to enable CTL iSCSI port, exiting");
1759 error = conf_apply(oldconf, newconf);
1761 log_errx(1, "failed to apply configuration, exiting");
1762 conf_delete(oldconf);
1767 #ifndef ICL_KERNEL_PROXY
1768 log_debugx("enabling CTL iSCSI port");
1769 error = kernel_port_on();
1771 log_errx(1, "failed to enable CTL iSCSI port, exiting");
1774 if (dont_daemonize == false) {
1775 log_debugx("daemonizing");
1776 if (daemon(0, 0) == -1) {
1777 log_warn("cannot daemonize");
1778 pidfile_remove(newconf->conf_pidfh);
1784 main_loop(newconf, dont_daemonize);
1785 if (sighup_received) {
1786 sighup_received = false;
1787 log_debugx("received SIGHUP, reloading configuration");
1788 tmpconf = conf_new_from_file(config_path);
1789 if (tmpconf == NULL) {
1790 log_warnx("configuration error, "
1791 "continuing with old configuration");
1794 tmpconf->conf_debug = debug;
1797 error = conf_apply(oldconf, newconf);
1799 log_warnx("failed to reload "
1801 conf_delete(oldconf);
1804 } else if (sigterm_received) {
1805 log_debugx("exiting on signal; "
1806 "reloading empty configuration");
1808 log_debugx("disabling CTL iSCSI port "
1809 "and terminating all connections");
1810 error = kernel_port_off();
1812 log_warnx("failed to disable CTL iSCSI port");
1815 newconf = conf_new();
1817 newconf->conf_debug = debug;
1818 error = conf_apply(oldconf, newconf);
1820 log_warnx("failed to apply configuration");
1822 log_warnx("exiting on signal");
1825 nchildren -= wait_for_children(false);
1826 assert(nchildren >= 0);