2 * Copyright (c) 2012 The FreeBSD Foundation
5 * This software was developed by Edward Tomasz Napierala under sponsorship
6 * from the FreeBSD Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 #include <sys/types.h>
34 #include <sys/socket.h>
36 #include <netinet/in.h>
51 bool proxy_mode = false;
53 static volatile bool sighup_received = false;
54 static volatile bool sigterm_received = false;
55 static volatile bool sigalrm_received = false;
57 static int nchildren = 0;
63 fprintf(stderr, "usage: ctld [-d][-f config-file]\n");
68 checked_strdup(const char *s)
83 conf = calloc(1, sizeof(*conf));
86 TAILQ_INIT(&conf->conf_targets);
87 TAILQ_INIT(&conf->conf_auth_groups);
88 TAILQ_INIT(&conf->conf_portal_groups);
91 conf->conf_timeout = 60;
92 conf->conf_maxproc = 30;
98 conf_delete(struct conf *conf)
100 struct target *targ, *tmp;
101 struct auth_group *ag, *cagtmp;
102 struct portal_group *pg, *cpgtmp;
104 assert(conf->conf_pidfh == NULL);
106 TAILQ_FOREACH_SAFE(targ, &conf->conf_targets, t_next, tmp)
108 TAILQ_FOREACH_SAFE(ag, &conf->conf_auth_groups, ag_next, cagtmp)
109 auth_group_delete(ag);
110 TAILQ_FOREACH_SAFE(pg, &conf->conf_portal_groups, pg_next, cpgtmp)
111 portal_group_delete(pg);
112 free(conf->conf_pidfile_path);
117 auth_new(struct auth_group *ag)
121 auth = calloc(1, sizeof(*auth));
123 log_err(1, "calloc");
124 auth->a_auth_group = ag;
125 TAILQ_INSERT_TAIL(&ag->ag_auths, auth, a_next);
130 auth_delete(struct auth *auth)
132 TAILQ_REMOVE(&auth->a_auth_group->ag_auths, auth, a_next);
135 free(auth->a_secret);
136 free(auth->a_mutual_user);
137 free(auth->a_mutual_secret);
142 auth_find(const struct auth_group *ag, const char *user)
144 const struct auth *auth;
146 TAILQ_FOREACH(auth, &ag->ag_auths, a_next) {
147 if (strcmp(auth->a_user, user) == 0)
155 auth_check_secret_length(struct auth *auth)
159 len = strlen(auth->a_secret);
161 if (auth->a_auth_group->ag_name != NULL)
162 log_warnx("secret for user \"%s\", auth-group \"%s\", "
163 "is too long; it should be at most 16 characters "
164 "long", auth->a_user, auth->a_auth_group->ag_name);
166 log_warnx("secret for user \"%s\", target \"%s\", "
167 "is too long; it should be at most 16 characters "
168 "long", auth->a_user,
169 auth->a_auth_group->ag_target->t_name);
172 if (auth->a_auth_group->ag_name != NULL)
173 log_warnx("secret for user \"%s\", auth-group \"%s\", "
174 "is too short; it should be at least 12 characters "
175 "long", auth->a_user,
176 auth->a_auth_group->ag_name);
178 log_warnx("secret for user \"%s\", target \"%s\", "
179 "is too short; it should be at least 16 characters "
180 "long", auth->a_user,
181 auth->a_auth_group->ag_target->t_name);
184 if (auth->a_mutual_secret != NULL) {
185 len = strlen(auth->a_secret);
187 if (auth->a_auth_group->ag_name != NULL)
188 log_warnx("mutual secret for user \"%s\", "
189 "auth-group \"%s\", is too long; it should "
190 "be at most 16 characters long",
191 auth->a_user, auth->a_auth_group->ag_name);
193 log_warnx("mutual secret for user \"%s\", "
194 "target \"%s\", is too long; it should "
195 "be at most 16 characters long",
197 auth->a_auth_group->ag_target->t_name);
200 if (auth->a_auth_group->ag_name != NULL)
201 log_warnx("mutual secret for user \"%s\", "
202 "auth-group \"%s\", is too short; it "
203 "should be at least 12 characters long",
204 auth->a_user, auth->a_auth_group->ag_name);
206 log_warnx("mutual secret for user \"%s\", "
207 "target \"%s\", is too short; it should be "
208 "at least 16 characters long",
210 auth->a_auth_group->ag_target->t_name);
216 auth_new_chap(struct auth_group *ag, const char *user,
221 if (ag->ag_type == AG_TYPE_UNKNOWN)
222 ag->ag_type = AG_TYPE_CHAP;
223 if (ag->ag_type != AG_TYPE_CHAP) {
224 if (ag->ag_name != NULL)
225 log_warnx("cannot mix \"chap\" authentication with "
226 "other types for auth-group \"%s\"", ag->ag_name);
228 log_warnx("cannot mix \"chap\" authentication with "
229 "other types for target \"%s\"",
230 ag->ag_target->t_name);
235 auth->a_user = checked_strdup(user);
236 auth->a_secret = checked_strdup(secret);
238 auth_check_secret_length(auth);
244 auth_new_chap_mutual(struct auth_group *ag, const char *user,
245 const char *secret, const char *user2, const char *secret2)
249 if (ag->ag_type == AG_TYPE_UNKNOWN)
250 ag->ag_type = AG_TYPE_CHAP_MUTUAL;
251 if (ag->ag_type != AG_TYPE_CHAP_MUTUAL) {
252 if (ag->ag_name != NULL)
253 log_warnx("cannot mix \"chap-mutual\" authentication "
254 "with other types for auth-group \"%s\"",
257 log_warnx("cannot mix \"chap-mutual\" authentication "
258 "with other types for target \"%s\"",
259 ag->ag_target->t_name);
264 auth->a_user = checked_strdup(user);
265 auth->a_secret = checked_strdup(secret);
266 auth->a_mutual_user = checked_strdup(user2);
267 auth->a_mutual_secret = checked_strdup(secret2);
269 auth_check_secret_length(auth);
274 const struct auth_name *
275 auth_name_new(struct auth_group *ag, const char *name)
277 struct auth_name *an;
279 an = calloc(1, sizeof(*an));
281 log_err(1, "calloc");
282 an->an_auth_group = ag;
283 an->an_initator_name = checked_strdup(name);
284 TAILQ_INSERT_TAIL(&ag->ag_names, an, an_next);
289 auth_name_delete(struct auth_name *an)
291 TAILQ_REMOVE(&an->an_auth_group->ag_names, an, an_next);
293 free(an->an_initator_name);
298 auth_name_defined(const struct auth_group *ag)
300 if (TAILQ_EMPTY(&ag->ag_names))
305 const struct auth_name *
306 auth_name_find(const struct auth_group *ag, const char *name)
308 const struct auth_name *auth_name;
310 TAILQ_FOREACH(auth_name, &ag->ag_names, an_next) {
311 if (strcmp(auth_name->an_initator_name, name) == 0)
318 const struct auth_portal *
319 auth_portal_new(struct auth_group *ag, const char *portal)
321 struct auth_portal *ap;
323 ap = calloc(1, sizeof(*ap));
325 log_err(1, "calloc");
326 ap->ap_auth_group = ag;
327 ap->ap_initator_portal = checked_strdup(portal);
328 TAILQ_INSERT_TAIL(&ag->ag_portals, ap, ap_next);
333 auth_portal_delete(struct auth_portal *ap)
335 TAILQ_REMOVE(&ap->ap_auth_group->ag_portals, ap, ap_next);
337 free(ap->ap_initator_portal);
342 auth_portal_defined(const struct auth_group *ag)
344 if (TAILQ_EMPTY(&ag->ag_portals))
349 const struct auth_portal *
350 auth_portal_find(const struct auth_group *ag, const char *portal)
352 const struct auth_portal *auth_portal;
354 TAILQ_FOREACH(auth_portal, &ag->ag_portals, ap_next) {
355 if (strcmp(auth_portal->ap_initator_portal, portal) == 0)
356 return (auth_portal);
363 auth_group_new(struct conf *conf, const char *name)
365 struct auth_group *ag;
368 ag = auth_group_find(conf, name);
370 log_warnx("duplicated auth-group \"%s\"", name);
375 ag = calloc(1, sizeof(*ag));
377 log_err(1, "calloc");
379 ag->ag_name = checked_strdup(name);
380 TAILQ_INIT(&ag->ag_auths);
381 TAILQ_INIT(&ag->ag_names);
382 TAILQ_INIT(&ag->ag_portals);
384 TAILQ_INSERT_TAIL(&conf->conf_auth_groups, ag, ag_next);
390 auth_group_delete(struct auth_group *ag)
392 struct auth *auth, *auth_tmp;
393 struct auth_name *auth_name, *auth_name_tmp;
394 struct auth_portal *auth_portal, *auth_portal_tmp;
396 TAILQ_REMOVE(&ag->ag_conf->conf_auth_groups, ag, ag_next);
398 TAILQ_FOREACH_SAFE(auth, &ag->ag_auths, a_next, auth_tmp)
400 TAILQ_FOREACH_SAFE(auth_name, &ag->ag_names, an_next, auth_name_tmp)
401 auth_name_delete(auth_name);
402 TAILQ_FOREACH_SAFE(auth_portal, &ag->ag_portals, ap_next,
404 auth_portal_delete(auth_portal);
410 auth_group_find(const struct conf *conf, const char *name)
412 struct auth_group *ag;
414 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
415 if (ag->ag_name != NULL && strcmp(ag->ag_name, name) == 0)
423 auth_group_set_type(struct auth_group *ag, int type)
426 if (ag->ag_type == AG_TYPE_UNKNOWN) {
431 if (ag->ag_type == type)
438 auth_group_set_type_str(struct auth_group *ag, const char *str)
442 if (strcmp(str, "none") == 0) {
443 type = AG_TYPE_NO_AUTHENTICATION;
444 } else if (strcmp(str, "deny") == 0) {
446 } else if (strcmp(str, "chap") == 0) {
448 } else if (strcmp(str, "chap-mutual") == 0) {
449 type = AG_TYPE_CHAP_MUTUAL;
451 if (ag->ag_name != NULL)
452 log_warnx("invalid auth-type \"%s\" for auth-group "
453 "\"%s\"", str, ag->ag_name);
455 log_warnx("invalid auth-type \"%s\" for target "
456 "\"%s\"", str, ag->ag_target->t_name);
460 error = auth_group_set_type(ag, type);
462 if (ag->ag_name != NULL)
463 log_warnx("cannot set auth-type to \"%s\" for "
464 "auth-group \"%s\"; already has a different "
465 "type", str, ag->ag_name);
467 log_warnx("cannot set auth-type to \"%s\" for target "
468 "\"%s\"; already has a different type",
469 str, ag->ag_target->t_name);
476 static struct portal *
477 portal_new(struct portal_group *pg)
479 struct portal *portal;
481 portal = calloc(1, sizeof(*portal));
483 log_err(1, "calloc");
484 TAILQ_INIT(&portal->p_targets);
485 portal->p_portal_group = pg;
486 TAILQ_INSERT_TAIL(&pg->pg_portals, portal, p_next);
491 portal_delete(struct portal *portal)
493 TAILQ_REMOVE(&portal->p_portal_group->pg_portals, portal, p_next);
494 freeaddrinfo(portal->p_ai);
495 free(portal->p_listen);
499 struct portal_group *
500 portal_group_new(struct conf *conf, const char *name)
502 struct portal_group *pg;
504 pg = portal_group_find(conf, name);
506 log_warnx("duplicated portal-group \"%s\"", name);
510 pg = calloc(1, sizeof(*pg));
512 log_err(1, "calloc");
513 pg->pg_name = checked_strdup(name);
514 TAILQ_INIT(&pg->pg_portals);
516 conf->conf_last_portal_group_tag++;
517 pg->pg_tag = conf->conf_last_portal_group_tag;
518 TAILQ_INSERT_TAIL(&conf->conf_portal_groups, pg, pg_next);
524 portal_group_delete(struct portal_group *pg)
526 struct portal *portal, *tmp;
528 TAILQ_REMOVE(&pg->pg_conf->conf_portal_groups, pg, pg_next);
530 TAILQ_FOREACH_SAFE(portal, &pg->pg_portals, p_next, tmp)
531 portal_delete(portal);
536 struct portal_group *
537 portal_group_find(const struct conf *conf, const char *name)
539 struct portal_group *pg;
541 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
542 if (strcmp(pg->pg_name, name) == 0)
550 portal_group_add_listen(struct portal_group *pg, const char *value, bool iser)
552 struct addrinfo hints;
553 struct portal *portal;
554 char *addr, *ch, *arg;
556 int error, colons = 0;
558 portal = portal_new(pg);
559 portal->p_listen = checked_strdup(value);
560 portal->p_iser = iser;
562 arg = portal->p_listen;
563 if (arg[0] == '\0') {
564 log_warnx("empty listen address");
565 free(portal->p_listen);
571 * IPv6 address in square brackets, perhaps with port.
574 addr = strsep(&arg, "]");
576 log_warnx("invalid listen address %s",
578 free(portal->p_listen);
582 if (arg[0] == '\0') {
584 } else if (arg[0] == ':') {
587 log_warnx("invalid listen address %s",
589 free(portal->p_listen);
595 * Either IPv6 address without brackets - and without
596 * a port - or IPv4 address. Just count the colons.
598 for (ch = arg; *ch != '\0'; ch++) {
606 addr = strsep(&arg, ":");
614 memset(&hints, 0, sizeof(hints));
615 hints.ai_family = PF_UNSPEC;
616 hints.ai_socktype = SOCK_STREAM;
617 hints.ai_flags = AI_PASSIVE;
619 error = getaddrinfo(addr, port, &hints, &portal->p_ai);
621 log_warnx("getaddrinfo for %s failed: %s",
622 portal->p_listen, gai_strerror(error));
623 free(portal->p_listen);
629 * XXX: getaddrinfo(3) may return multiple addresses; we should turn
630 * those into multiple portals.
637 valid_hex(const char ch)
669 valid_iscsi_name(const char *name)
673 if (strlen(name) >= MAX_NAME_LEN) {
674 log_warnx("overlong name for target \"%s\"; max length allowed "
675 "by iSCSI specification is %d characters",
681 * In the cases below, we don't return an error, just in case the admin
682 * was right, and we're wrong.
684 if (strncasecmp(name, "iqn.", strlen("iqn.")) == 0) {
685 for (i = strlen("iqn."); name[i] != '\0'; i++) {
687 * XXX: We should verify UTF-8 normalisation, as defined
688 * by 3.2.6.2: iSCSI Name Encoding.
690 if (isalnum(name[i]))
692 if (name[i] == '-' || name[i] == '.' || name[i] == ':')
694 log_warnx("invalid character \"%c\" in target name "
695 "\"%s\"; allowed characters are letters, digits, "
696 "'-', '.', and ':'", name[i], name);
700 * XXX: Check more stuff: valid date and a valid reversed domain.
702 } else if (strncasecmp(name, "eui.", strlen("eui.")) == 0) {
703 if (strlen(name) != strlen("eui.") + 16)
704 log_warnx("invalid target name \"%s\"; the \"eui.\" "
705 "should be followed by exactly 16 hexadecimal "
707 for (i = strlen("eui."); name[i] != '\0'; i++) {
708 if (!valid_hex(name[i])) {
709 log_warnx("invalid character \"%c\" in target "
710 "name \"%s\"; allowed characters are 1-9 "
711 "and A-F", name[i], name);
715 } else if (strncasecmp(name, "naa.", strlen("naa.")) == 0) {
716 if (strlen(name) > strlen("naa.") + 32)
717 log_warnx("invalid target name \"%s\"; the \"naa.\" "
718 "should be followed by at most 32 hexadecimal "
720 for (i = strlen("naa."); name[i] != '\0'; i++) {
721 if (!valid_hex(name[i])) {
722 log_warnx("invalid character \"%c\" in target "
723 "name \"%s\"; allowed characters are 1-9 "
724 "and A-F", name[i], name);
729 log_warnx("invalid target name \"%s\"; should start with "
730 "either \".iqn\", \"eui.\", or \"naa.\"",
737 target_new(struct conf *conf, const char *name)
742 targ = target_find(conf, name);
744 log_warnx("duplicated target \"%s\"", name);
747 if (valid_iscsi_name(name) == false) {
748 log_warnx("target name \"%s\" is invalid", name);
751 targ = calloc(1, sizeof(*targ));
753 log_err(1, "calloc");
754 targ->t_name = checked_strdup(name);
757 * RFC 3722 requires us to normalize the name to lowercase.
760 for (i = 0; i < len; i++)
761 targ->t_name[i] = tolower(targ->t_name[i]);
763 TAILQ_INIT(&targ->t_luns);
765 TAILQ_INSERT_TAIL(&conf->conf_targets, targ, t_next);
771 target_delete(struct target *targ)
773 struct lun *lun, *tmp;
775 TAILQ_REMOVE(&targ->t_conf->conf_targets, targ, t_next);
777 TAILQ_FOREACH_SAFE(lun, &targ->t_luns, l_next, tmp)
784 target_find(struct conf *conf, const char *name)
788 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
789 if (strcasecmp(targ->t_name, name) == 0)
797 lun_new(struct target *targ, int lun_id)
801 lun = lun_find(targ, lun_id);
803 log_warnx("duplicated lun %d for target \"%s\"",
804 lun_id, targ->t_name);
808 lun = calloc(1, sizeof(*lun));
810 log_err(1, "calloc");
812 TAILQ_INIT(&lun->l_options);
813 lun->l_target = targ;
814 TAILQ_INSERT_TAIL(&targ->t_luns, lun, l_next);
820 lun_delete(struct lun *lun)
822 struct lun_option *lo, *tmp;
824 TAILQ_REMOVE(&lun->l_target->t_luns, lun, l_next);
826 TAILQ_FOREACH_SAFE(lo, &lun->l_options, lo_next, tmp)
827 lun_option_delete(lo);
828 free(lun->l_backend);
829 free(lun->l_device_id);
836 lun_find(const struct target *targ, int lun_id)
840 TAILQ_FOREACH(lun, &targ->t_luns, l_next) {
841 if (lun->l_lun == lun_id)
849 lun_set_backend(struct lun *lun, const char *value)
851 free(lun->l_backend);
852 lun->l_backend = checked_strdup(value);
856 lun_set_blocksize(struct lun *lun, size_t value)
859 lun->l_blocksize = value;
863 lun_set_device_id(struct lun *lun, const char *value)
865 free(lun->l_device_id);
866 lun->l_device_id = checked_strdup(value);
870 lun_set_path(struct lun *lun, const char *value)
873 lun->l_path = checked_strdup(value);
877 lun_set_serial(struct lun *lun, const char *value)
880 lun->l_serial = checked_strdup(value);
884 lun_set_size(struct lun *lun, size_t value)
891 lun_set_ctl_lun(struct lun *lun, uint32_t value)
894 lun->l_ctl_lun = value;
898 lun_option_new(struct lun *lun, const char *name, const char *value)
900 struct lun_option *lo;
902 lo = lun_option_find(lun, name);
904 log_warnx("duplicated lun option %s for lun %d, target \"%s\"",
905 name, lun->l_lun, lun->l_target->t_name);
909 lo = calloc(1, sizeof(*lo));
911 log_err(1, "calloc");
912 lo->lo_name = checked_strdup(name);
913 lo->lo_value = checked_strdup(value);
915 TAILQ_INSERT_TAIL(&lun->l_options, lo, lo_next);
921 lun_option_delete(struct lun_option *lo)
924 TAILQ_REMOVE(&lo->lo_lun->l_options, lo, lo_next);
932 lun_option_find(const struct lun *lun, const char *name)
934 struct lun_option *lo;
936 TAILQ_FOREACH(lo, &lun->l_options, lo_next) {
937 if (strcmp(lo->lo_name, name) == 0)
945 lun_option_set(struct lun_option *lo, const char *value)
949 lo->lo_value = checked_strdup(value);
952 static struct connection *
953 connection_new(struct portal *portal, int fd, const char *host)
955 struct connection *conn;
957 conn = calloc(1, sizeof(*conn));
959 log_err(1, "calloc");
960 conn->conn_portal = portal;
961 conn->conn_socket = fd;
962 conn->conn_initiator_addr = checked_strdup(host);
965 * Default values, from RFC 3720, section 12.
967 conn->conn_max_data_segment_length = 8192;
968 conn->conn_max_burst_length = 262144;
969 conn->conn_immediate_data = true;
976 conf_print(struct conf *conf)
978 struct auth_group *ag;
980 struct auth_name *auth_name;
981 struct auth_portal *auth_portal;
982 struct portal_group *pg;
983 struct portal *portal;
986 struct lun_option *lo;
988 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
989 fprintf(stderr, "auth-group %s {\n", ag->ag_name);
990 TAILQ_FOREACH(auth, &ag->ag_auths, a_next)
991 fprintf(stderr, "\t chap-mutual %s %s %s %s\n",
992 auth->a_user, auth->a_secret,
993 auth->a_mutual_user, auth->a_mutual_secret);
994 TAILQ_FOREACH(auth_name, &ag->ag_names, an_next)
995 fprintf(stderr, "\t initiator-name %s\n",
996 auth_name->an_initator_name);
997 TAILQ_FOREACH(auth_portal, &ag->ag_portals, an_next)
998 fprintf(stderr, "\t initiator-portal %s\n",
999 auth_portal->an_initator_portal);
1000 fprintf(stderr, "}\n");
1002 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1003 fprintf(stderr, "portal-group %s {\n", pg->pg_name);
1004 TAILQ_FOREACH(portal, &pg->pg_portals, p_next)
1005 fprintf(stderr, "\t listen %s\n", portal->p_listen);
1006 fprintf(stderr, "}\n");
1008 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1009 fprintf(stderr, "target %s {\n", targ->t_name);
1010 if (targ->t_alias != NULL)
1011 fprintf(stderr, "\t alias %s\n", targ->t_alias);
1012 TAILQ_FOREACH(lun, &targ->t_luns, l_next) {
1013 fprintf(stderr, "\tlun %d {\n", lun->l_lun);
1014 fprintf(stderr, "\t\tpath %s\n", lun->l_path);
1015 TAILQ_FOREACH(lo, &lun->l_options, lo_next)
1016 fprintf(stderr, "\t\toption %s %s\n",
1017 lo->lo_name, lo->lo_value);
1018 fprintf(stderr, "\t}\n");
1020 fprintf(stderr, "}\n");
1026 conf_verify_lun(struct lun *lun)
1028 const struct lun *lun2;
1029 const struct target *targ2;
1031 if (lun->l_backend == NULL)
1032 lun_set_backend(lun, "block");
1033 if (strcmp(lun->l_backend, "block") == 0) {
1034 if (lun->l_path == NULL) {
1035 log_warnx("missing path for lun %d, target \"%s\"",
1036 lun->l_lun, lun->l_target->t_name);
1039 } else if (strcmp(lun->l_backend, "ramdisk") == 0) {
1040 if (lun->l_size == 0) {
1041 log_warnx("missing size for ramdisk-backed lun %d, "
1042 "target \"%s\"", lun->l_lun, lun->l_target->t_name);
1045 if (lun->l_path != NULL) {
1046 log_warnx("path must not be specified "
1047 "for ramdisk-backed lun %d, target \"%s\"",
1048 lun->l_lun, lun->l_target->t_name);
1052 if (lun->l_lun < 0 || lun->l_lun > 255) {
1053 log_warnx("invalid lun number for lun %d, target \"%s\"; "
1054 "must be between 0 and 255", lun->l_lun,
1055 lun->l_target->t_name);
1058 if (lun->l_blocksize == 0) {
1059 lun_set_blocksize(lun, DEFAULT_BLOCKSIZE);
1060 } else if (lun->l_blocksize < 0) {
1061 log_warnx("invalid blocksize for lun %d, target \"%s\"; "
1062 "must be larger than 0", lun->l_lun, lun->l_target->t_name);
1065 if (lun->l_size != 0 && lun->l_size % lun->l_blocksize != 0) {
1066 log_warnx("invalid size for lun %d, target \"%s\"; "
1067 "must be multiple of blocksize", lun->l_lun,
1068 lun->l_target->t_name);
1071 TAILQ_FOREACH(targ2, &lun->l_target->t_conf->conf_targets, t_next) {
1072 TAILQ_FOREACH(lun2, &targ2->t_luns, l_next) {
1075 if (lun->l_path != NULL && lun2->l_path != NULL &&
1076 strcmp(lun->l_path, lun2->l_path) == 0) {
1077 log_debugx("WARNING: path \"%s\" duplicated "
1078 "between lun %d, target \"%s\", and "
1079 "lun %d, target \"%s\"", lun->l_path,
1080 lun->l_lun, lun->l_target->t_name,
1081 lun2->l_lun, lun2->l_target->t_name);
1090 conf_verify(struct conf *conf)
1092 struct auth_group *ag;
1093 struct portal_group *pg;
1094 struct target *targ;
1099 if (conf->conf_pidfile_path == NULL)
1100 conf->conf_pidfile_path = checked_strdup(DEFAULT_PIDFILE);
1102 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1103 if (targ->t_auth_group == NULL) {
1104 targ->t_auth_group = auth_group_find(conf,
1106 assert(targ->t_auth_group != NULL);
1108 if (targ->t_portal_group == NULL) {
1109 targ->t_portal_group = portal_group_find(conf,
1111 assert(targ->t_portal_group != NULL);
1114 TAILQ_FOREACH(lun, &targ->t_luns, l_next) {
1115 error = conf_verify_lun(lun);
1121 log_warnx("no LUNs defined for target \"%s\"",
1125 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1126 assert(pg->pg_name != NULL);
1127 if (pg->pg_discovery_auth_group == NULL) {
1128 pg->pg_discovery_auth_group =
1129 auth_group_find(conf, "default");
1130 assert(pg->pg_discovery_auth_group != NULL);
1133 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1134 if (targ->t_portal_group == pg)
1138 if (strcmp(pg->pg_name, "default") != 0)
1139 log_warnx("portal-group \"%s\" not assigned "
1140 "to any target", pg->pg_name);
1141 pg->pg_unassigned = true;
1143 pg->pg_unassigned = false;
1145 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
1146 if (ag->ag_name == NULL)
1147 assert(ag->ag_target != NULL);
1149 assert(ag->ag_target == NULL);
1151 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1152 if (targ->t_auth_group == ag)
1155 if (targ == NULL && ag->ag_name != NULL &&
1156 strcmp(ag->ag_name, "default") != 0 &&
1157 strcmp(ag->ag_name, "no-authentication") != 0 &&
1158 strcmp(ag->ag_name, "no-access") != 0) {
1159 log_warnx("auth-group \"%s\" not assigned "
1160 "to any target", ag->ag_name);
1168 conf_apply(struct conf *oldconf, struct conf *newconf)
1170 struct target *oldtarg, *newtarg, *tmptarg;
1171 struct lun *oldlun, *newlun, *tmplun;
1172 struct portal_group *oldpg, *newpg;
1173 struct portal *oldp, *newp;
1175 int changed, cumulated_error = 0, error;
1178 if (oldconf->conf_debug != newconf->conf_debug) {
1179 log_debugx("changing debug level to %d", newconf->conf_debug);
1180 log_init(newconf->conf_debug);
1183 if (oldconf->conf_pidfh != NULL) {
1184 assert(oldconf->conf_pidfile_path != NULL);
1185 if (newconf->conf_pidfile_path != NULL &&
1186 strcmp(oldconf->conf_pidfile_path,
1187 newconf->conf_pidfile_path) == 0) {
1188 newconf->conf_pidfh = oldconf->conf_pidfh;
1189 oldconf->conf_pidfh = NULL;
1191 log_debugx("removing pidfile %s",
1192 oldconf->conf_pidfile_path);
1193 pidfile_remove(oldconf->conf_pidfh);
1194 oldconf->conf_pidfh = NULL;
1198 if (newconf->conf_pidfh == NULL && newconf->conf_pidfile_path != NULL) {
1199 log_debugx("opening pidfile %s", newconf->conf_pidfile_path);
1200 newconf->conf_pidfh =
1201 pidfile_open(newconf->conf_pidfile_path, 0600, &otherpid);
1202 if (newconf->conf_pidfh == NULL) {
1203 if (errno == EEXIST)
1204 log_errx(1, "daemon already running, pid: %jd.",
1205 (intmax_t)otherpid);
1206 log_err(1, "cannot open or create pidfile \"%s\"",
1207 newconf->conf_pidfile_path);
1212 * XXX: If target or lun removal fails, we should somehow "move"
1213 * the old lun or target into newconf, so that subsequent
1214 * conf_apply() would try to remove them again. That would
1215 * be somewhat hairy, though, and lun deletion failures don't
1216 * really happen, so leave it as it is for now.
1218 TAILQ_FOREACH_SAFE(oldtarg, &oldconf->conf_targets, t_next, tmptarg) {
1220 * First, remove any targets present in the old configuration
1221 * and missing in the new one.
1223 newtarg = target_find(newconf, oldtarg->t_name);
1224 if (newtarg == NULL) {
1225 TAILQ_FOREACH_SAFE(oldlun, &oldtarg->t_luns, l_next,
1227 log_debugx("target %s not found in new "
1228 "configuration; removing its lun %d, "
1229 "backed by CTL lun %d",
1230 oldtarg->t_name, oldlun->l_lun,
1232 error = kernel_lun_remove(oldlun);
1234 log_warnx("failed to remove lun %d, "
1235 "target %s, CTL lun %d",
1236 oldlun->l_lun, oldtarg->t_name,
1242 kernel_port_remove(oldtarg);
1243 target_delete(oldtarg);
1248 * Second, remove any LUNs present in the old target
1249 * and missing in the new one.
1251 TAILQ_FOREACH_SAFE(oldlun, &oldtarg->t_luns, l_next, tmplun) {
1252 newlun = lun_find(newtarg, oldlun->l_lun);
1253 if (newlun == NULL) {
1254 log_debugx("lun %d, target %s, CTL lun %d "
1255 "not found in new configuration; "
1256 "removing", oldlun->l_lun, oldtarg->t_name,
1258 error = kernel_lun_remove(oldlun);
1260 log_warnx("failed to remove lun %d, "
1261 "target %s, CTL lun %d",
1262 oldlun->l_lun, oldtarg->t_name,
1271 * Also remove the LUNs changed by more than size.
1274 assert(oldlun->l_backend != NULL);
1275 assert(newlun->l_backend != NULL);
1276 if (strcmp(newlun->l_backend, oldlun->l_backend) != 0) {
1277 log_debugx("backend for lun %d, target %s, "
1278 "CTL lun %d changed; removing",
1279 oldlun->l_lun, oldtarg->t_name,
1283 if (oldlun->l_blocksize != newlun->l_blocksize) {
1284 log_debugx("blocksize for lun %d, target %s, "
1285 "CTL lun %d changed; removing",
1286 oldlun->l_lun, oldtarg->t_name,
1290 if (newlun->l_device_id != NULL &&
1291 (oldlun->l_device_id == NULL ||
1292 strcmp(oldlun->l_device_id, newlun->l_device_id) !=
1294 log_debugx("device-id for lun %d, target %s, "
1295 "CTL lun %d changed; removing",
1296 oldlun->l_lun, oldtarg->t_name,
1300 if (newlun->l_path != NULL &&
1301 (oldlun->l_path == NULL ||
1302 strcmp(oldlun->l_path, newlun->l_path) != 0)) {
1303 log_debugx("path for lun %d, target %s, "
1304 "CTL lun %d, changed; removing",
1305 oldlun->l_lun, oldtarg->t_name,
1309 if (newlun->l_serial != NULL &&
1310 (oldlun->l_serial == NULL ||
1311 strcmp(oldlun->l_serial, newlun->l_serial) != 0)) {
1312 log_debugx("serial for lun %d, target %s, "
1313 "CTL lun %d changed; removing",
1314 oldlun->l_lun, oldtarg->t_name,
1319 error = kernel_lun_remove(oldlun);
1321 log_warnx("failed to remove lun %d, "
1322 "target %s, CTL lun %d",
1323 oldlun->l_lun, oldtarg->t_name,
1331 lun_set_ctl_lun(newlun, oldlun->l_ctl_lun);
1336 * Now add new targets or modify existing ones.
1338 TAILQ_FOREACH(newtarg, &newconf->conf_targets, t_next) {
1339 oldtarg = target_find(oldconf, newtarg->t_name);
1341 TAILQ_FOREACH_SAFE(newlun, &newtarg->t_luns, l_next, tmplun) {
1342 if (oldtarg != NULL) {
1343 oldlun = lun_find(oldtarg, newlun->l_lun);
1344 if (oldlun != NULL) {
1345 if (newlun->l_size != oldlun->l_size) {
1346 log_debugx("resizing lun %d, "
1347 "target %s, CTL lun %d",
1352 kernel_lun_resize(newlun);
1354 log_warnx("failed to "
1367 log_debugx("adding lun %d, target %s",
1368 newlun->l_lun, newtarg->t_name);
1369 error = kernel_lun_add(newlun);
1371 log_warnx("failed to add lun %d, target %s",
1372 newlun->l_lun, newtarg->t_name);
1377 if (oldtarg == NULL)
1378 kernel_port_add(newtarg);
1382 * Go through the new portals, opening the sockets as neccessary.
1384 TAILQ_FOREACH(newpg, &newconf->conf_portal_groups, pg_next) {
1385 if (newpg->pg_unassigned) {
1386 log_debugx("not listening on portal-group \"%s\", "
1387 "not assigned to any target",
1391 TAILQ_FOREACH(newp, &newpg->pg_portals, p_next) {
1393 * Try to find already open portal and reuse
1394 * the listening socket. We don't care about
1395 * what portal or portal group that was, what
1396 * matters is the listening address.
1398 TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups,
1400 TAILQ_FOREACH(oldp, &oldpg->pg_portals,
1402 if (strcmp(newp->p_listen,
1403 oldp->p_listen) == 0 &&
1404 oldp->p_socket > 0) {
1412 if (newp->p_socket > 0) {
1414 * We're done with this portal.
1419 #ifdef ICL_KERNEL_PROXY
1421 newpg->pg_conf->conf_portal_id++;
1422 newp->p_id = newpg->pg_conf->conf_portal_id;
1423 log_debugx("listening on %s, portal-group "
1424 "\"%s\", portal id %d, using ICL proxy",
1425 newp->p_listen, newpg->pg_name, newp->p_id);
1426 kernel_listen(newp->p_ai, newp->p_iser,
1431 assert(proxy_mode == false);
1432 assert(newp->p_iser == false);
1434 log_debugx("listening on %s, portal-group \"%s\"",
1435 newp->p_listen, newpg->pg_name);
1436 newp->p_socket = socket(newp->p_ai->ai_family,
1437 newp->p_ai->ai_socktype,
1438 newp->p_ai->ai_protocol);
1439 if (newp->p_socket < 0) {
1440 log_warn("socket(2) failed for %s",
1445 error = setsockopt(newp->p_socket, SOL_SOCKET,
1446 SO_REUSEADDR, &one, sizeof(one));
1448 log_warn("setsockopt(SO_REUSEADDR) failed "
1449 "for %s", newp->p_listen);
1450 close(newp->p_socket);
1455 error = bind(newp->p_socket, newp->p_ai->ai_addr,
1456 newp->p_ai->ai_addrlen);
1458 log_warn("bind(2) failed for %s",
1460 close(newp->p_socket);
1465 error = listen(newp->p_socket, -1);
1467 log_warn("listen(2) failed for %s",
1469 close(newp->p_socket);
1478 * Go through the no longer used sockets, closing them.
1480 TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups, pg_next) {
1481 TAILQ_FOREACH(oldp, &oldpg->pg_portals, p_next) {
1482 if (oldp->p_socket <= 0)
1484 log_debugx("closing socket for %s, portal-group \"%s\"",
1485 oldp->p_listen, oldpg->pg_name);
1486 close(oldp->p_socket);
1491 return (cumulated_error);
1498 return (sigalrm_received);
1502 sigalrm_handler(int dummy __unused)
1505 * It would be easiest to just log an error and exit. We can't
1506 * do this, though, because log_errx() is not signal safe, since
1507 * it calls syslog(3). Instead, set a flag checked by pdu_send()
1508 * and pdu_receive(), to call log_errx() there. Should they fail
1509 * to notice, we'll exit here one second later.
1511 if (sigalrm_received) {
1513 * Oh well. Just give up and quit.
1518 sigalrm_received = true;
1522 set_timeout(const struct conf *conf)
1524 struct sigaction sa;
1525 struct itimerval itv;
1528 if (conf->conf_timeout <= 0) {
1529 log_debugx("session timeout disabled");
1533 bzero(&sa, sizeof(sa));
1534 sa.sa_handler = sigalrm_handler;
1535 sigfillset(&sa.sa_mask);
1536 error = sigaction(SIGALRM, &sa, NULL);
1538 log_err(1, "sigaction");
1541 * First SIGALRM will arive after conf_timeout seconds.
1542 * If we do nothing, another one will arrive a second later.
1544 bzero(&itv, sizeof(itv));
1545 itv.it_interval.tv_sec = 1;
1546 itv.it_value.tv_sec = conf->conf_timeout;
1548 log_debugx("setting session timeout to %d seconds",
1549 conf->conf_timeout);
1550 error = setitimer(ITIMER_REAL, &itv, NULL);
1552 log_err(1, "setitimer");
1556 wait_for_children(bool block)
1564 * If "block" is true, wait for at least one process.
1566 if (block && num == 0)
1567 pid = wait4(-1, &status, 0, NULL);
1569 pid = wait4(-1, &status, WNOHANG, NULL);
1572 if (WIFSIGNALED(status)) {
1573 log_warnx("child process %d terminated with signal %d",
1574 pid, WTERMSIG(status));
1575 } else if (WEXITSTATUS(status) != 0) {
1576 log_warnx("child process %d terminated with exit status %d",
1577 pid, WEXITSTATUS(status));
1579 log_debugx("child process %d terminated gracefully", pid);
1588 handle_connection(struct portal *portal, int fd,
1589 const struct sockaddr *client_sa, socklen_t client_salen, bool dont_fork)
1591 struct connection *conn;
1594 char host[NI_MAXHOST + 1];
1597 conf = portal->p_portal_group->pg_conf;
1600 log_debugx("incoming connection; not forking due to -d flag");
1602 nchildren -= wait_for_children(false);
1603 assert(nchildren >= 0);
1605 while (conf->conf_maxproc > 0 && nchildren >= conf->conf_maxproc) {
1606 log_debugx("maxproc limit of %d child processes hit; "
1607 "waiting for child process to exit", conf->conf_maxproc);
1608 nchildren -= wait_for_children(true);
1609 assert(nchildren >= 0);
1611 log_debugx("incoming connection; forking child process #%d",
1622 pidfile_close(conf->conf_pidfh);
1624 error = getnameinfo(client_sa, client_salen,
1625 host, sizeof(host), NULL, 0, NI_NUMERICHOST);
1627 log_errx(1, "getnameinfo: %s", gai_strerror(error));
1629 log_debugx("accepted connection from %s; portal group \"%s\"",
1630 host, portal->p_portal_group->pg_name);
1631 log_set_peer_addr(host);
1632 setproctitle("%s", host);
1634 conn = connection_new(portal, fd, host);
1638 if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) {
1639 kernel_handoff(conn);
1640 log_debugx("connection handed off to the kernel");
1642 assert(conn->conn_session_type == CONN_SESSION_TYPE_DISCOVERY);
1645 log_debugx("nothing more to do; exiting");
1650 fd_add(int fd, fd_set *fdset, int nfds)
1654 * Skip sockets which we failed to bind.
1666 main_loop(struct conf *conf, bool dont_fork)
1668 struct portal_group *pg;
1669 struct portal *portal;
1670 struct sockaddr_storage client_sa;
1671 socklen_t client_salen;
1672 #ifdef ICL_KERNEL_PROXY
1677 int error, nfds, client_fd;
1679 pidfile_write(conf->conf_pidfh);
1682 if (sighup_received || sigterm_received)
1685 #ifdef ICL_KERNEL_PROXY
1687 client_salen = sizeof(client_sa);
1688 kernel_accept(&connection_id, &portal_id,
1689 (struct sockaddr *)&client_sa, &client_salen);
1691 log_debugx("incoming connection, id %d, portal id %d",
1692 connection_id, portal_id);
1693 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1694 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
1695 if (portal->p_id == portal_id) {
1701 log_errx(1, "kernel returned invalid portal_id %d",
1705 handle_connection(portal, connection_id,
1706 (struct sockaddr *)&client_sa, client_salen,
1710 assert(proxy_mode == false);
1714 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1715 TAILQ_FOREACH(portal, &pg->pg_portals, p_next)
1716 nfds = fd_add(portal->p_socket, &fdset, nfds);
1718 error = select(nfds + 1, &fdset, NULL, NULL, NULL);
1722 log_err(1, "select");
1724 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1725 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
1726 if (!FD_ISSET(portal->p_socket, &fdset))
1728 client_salen = sizeof(client_sa);
1729 client_fd = accept(portal->p_socket,
1730 (struct sockaddr *)&client_sa,
1733 log_err(1, "accept");
1734 handle_connection(portal, client_fd,
1735 (struct sockaddr *)&client_sa,
1736 client_salen, dont_fork);
1740 #ifdef ICL_KERNEL_PROXY
1747 sighup_handler(int dummy __unused)
1750 sighup_received = true;
1754 sigterm_handler(int dummy __unused)
1757 sigterm_received = true;
1761 sigchld_handler(int dummy __unused)
1765 * The only purpose of this handler is to make SIGCHLD
1766 * interrupt the ISCSIDWAIT ioctl(2), so we can call
1767 * wait_for_children().
1772 register_signals(void)
1774 struct sigaction sa;
1777 bzero(&sa, sizeof(sa));
1778 sa.sa_handler = sighup_handler;
1779 sigfillset(&sa.sa_mask);
1780 error = sigaction(SIGHUP, &sa, NULL);
1782 log_err(1, "sigaction");
1784 sa.sa_handler = sigterm_handler;
1785 error = sigaction(SIGTERM, &sa, NULL);
1787 log_err(1, "sigaction");
1789 sa.sa_handler = sigterm_handler;
1790 error = sigaction(SIGINT, &sa, NULL);
1792 log_err(1, "sigaction");
1794 sa.sa_handler = sigchld_handler;
1795 error = sigaction(SIGCHLD, &sa, NULL);
1797 log_err(1, "sigaction");
1801 main(int argc, char **argv)
1803 struct conf *oldconf, *newconf, *tmpconf;
1804 const char *config_path = DEFAULT_CONFIG_PATH;
1805 int debug = 0, ch, error;
1806 bool dont_daemonize = false;
1808 while ((ch = getopt(argc, argv, "df:R")) != -1) {
1811 dont_daemonize = true;
1815 config_path = optarg;
1818 #ifndef ICL_KERNEL_PROXY
1819 log_errx(1, "ctld(8) compiled without ICL_KERNEL_PROXY "
1820 "does not support iSER protocol");
1836 oldconf = conf_new_from_kernel();
1837 newconf = conf_new_from_file(config_path);
1838 if (newconf == NULL)
1839 log_errx(1, "configuration error; exiting");
1841 oldconf->conf_debug = debug;
1842 newconf->conf_debug = debug;
1845 error = conf_apply(oldconf, newconf);
1847 log_errx(1, "failed to apply configuration; exiting");
1849 conf_delete(oldconf);
1854 if (dont_daemonize == false) {
1855 log_debugx("daemonizing");
1856 if (daemon(0, 0) == -1) {
1857 log_warn("cannot daemonize");
1858 pidfile_remove(newconf->conf_pidfh);
1864 main_loop(newconf, dont_daemonize);
1865 if (sighup_received) {
1866 sighup_received = false;
1867 log_debugx("received SIGHUP, reloading configuration");
1868 tmpconf = conf_new_from_file(config_path);
1869 if (tmpconf == NULL) {
1870 log_warnx("configuration error, "
1871 "continuing with old configuration");
1874 tmpconf->conf_debug = debug;
1877 error = conf_apply(oldconf, newconf);
1879 log_warnx("failed to reload "
1881 conf_delete(oldconf);
1884 } else if (sigterm_received) {
1885 log_debugx("exiting on signal; "
1886 "reloading empty configuration");
1888 log_debugx("disabling CTL iSCSI port "
1889 "and terminating all connections");
1892 newconf = conf_new();
1894 newconf->conf_debug = debug;
1895 error = conf_apply(oldconf, newconf);
1897 log_warnx("failed to apply configuration");
1899 log_warnx("exiting on signal");
1902 nchildren -= wait_for_children(false);
1903 assert(nchildren >= 0);