3 * Copyright (c) 2012 The FreeBSD Foundation
6 * This software was developed by Edward Tomasz Napierala under sponsorship
7 * from the FreeBSD Foundation.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include <sys/queue.h>
34 #include <sys/types.h>
48 static struct conf *conf = NULL;
49 static struct auth_group *auth_group = NULL;
50 static struct portal_group *portal_group = NULL;
51 static struct target *target = NULL;
52 static struct lun *lun = NULL;
54 extern void yyerror(const char *);
55 extern int yylex(void);
56 extern void yyrestart(FILE *);
60 %token ALIAS AUTH_GROUP BACKEND BLOCKSIZE CHAP CHAP_MUTUAL CLOSING_BRACKET
61 %token DEBUG DEVICE_ID DISCOVERY_AUTH_GROUP LISTEN LISTEN_ISER LUN MAXPROC NUM
62 %token OPENING_BRACKET OPTION PATH PIDFILE PORTAL_GROUP SERIAL SIZE STR TARGET
92 portal_group_definition
97 debug_statement: DEBUG NUM
99 conf->conf_debug = $2;
103 timeout_statement: TIMEOUT NUM
105 conf->conf_timeout = $2;
109 maxproc_statement: MAXPROC NUM
111 conf->conf_maxproc = $2;
115 pidfile_statement: PIDFILE STR
117 if (conf->conf_pidfile_path != NULL) {
118 log_warnx("pidfile specified more than once");
122 conf->conf_pidfile_path = $2;
126 auth_group_definition: AUTH_GROUP auth_group_name
127 OPENING_BRACKET auth_group_entries CLOSING_BRACKET
135 auth_group = auth_group_new(conf, $1);
137 if (auth_group == NULL)
144 auth_group_entries auth_group_entry
150 auth_group_chap_mutual
153 auth_group_chap: CHAP STR STR
155 const struct auth *ca;
157 ca = auth_new_chap(auth_group, $2, $3);
165 auth_group_chap_mutual: CHAP_MUTUAL STR STR STR STR
167 const struct auth *ca;
169 ca = auth_new_chap_mutual(auth_group, $2, $3, $4, $5);
179 portal_group_definition: PORTAL_GROUP portal_group_name
180 OPENING_BRACKET portal_group_entries CLOSING_BRACKET
186 portal_group_name: STR
188 portal_group = portal_group_new(conf, $1);
190 if (portal_group == NULL)
195 portal_group_entries:
197 portal_group_entries portal_group_entry
201 portal_group_discovery_auth_group
205 portal_group_listen_iser
208 portal_group_discovery_auth_group: DISCOVERY_AUTH_GROUP STR
210 if (portal_group->pg_discovery_auth_group != NULL) {
211 log_warnx("discovery-auth-group for portal-group "
212 "\"%s\" specified more than once",
213 portal_group->pg_name);
216 portal_group->pg_discovery_auth_group =
217 auth_group_find(conf, $2);
218 if (portal_group->pg_discovery_auth_group == NULL) {
219 log_warnx("unknown discovery-auth-group \"%s\" "
220 "for portal-group \"%s\"",
221 $2, portal_group->pg_name);
228 portal_group_listen: LISTEN STR
232 error = portal_group_add_listen(portal_group, $2, false);
239 portal_group_listen_iser: LISTEN_ISER STR
243 error = portal_group_add_listen(portal_group, $2, true);
250 target_statement: TARGET target_iqn
251 OPENING_BRACKET target_entries CLOSING_BRACKET
259 target = target_new(conf, $1);
268 target_entries target_entry
278 chap_mutual_statement
280 portal_group_statement
285 alias_statement: ALIAS STR
287 if (target->t_alias != NULL) {
288 log_warnx("alias for target \"%s\" "
289 "specified more than once", target->t_iqn);
292 target->t_alias = $2;
296 auth_group_statement: AUTH_GROUP STR
298 if (target->t_auth_group != NULL) {
299 if (target->t_auth_group->ag_name != NULL)
300 log_warnx("auth-group for target \"%s\" "
301 "specified more than once", target->t_iqn);
303 log_warnx("cannot mix auth-group with explicit "
304 "authorisations for target \"%s\"",
308 target->t_auth_group = auth_group_find(conf, $2);
309 if (target->t_auth_group == NULL) {
310 log_warnx("unknown auth-group \"%s\" for target "
311 "\"%s\"", $2, target->t_iqn);
318 chap_statement: CHAP STR STR
320 const struct auth *ca;
322 if (target->t_auth_group != NULL) {
323 if (target->t_auth_group->ag_name != NULL) {
324 log_warnx("cannot mix auth-group with explicit "
325 "authorisations for target \"%s\"",
332 target->t_auth_group = auth_group_new(conf, NULL);
333 if (target->t_auth_group == NULL) {
338 target->t_auth_group->ag_target = target;
340 ca = auth_new_chap(target->t_auth_group, $2, $3);
348 chap_mutual_statement: CHAP_MUTUAL STR STR STR STR
350 const struct auth *ca;
352 if (target->t_auth_group != NULL) {
353 if (target->t_auth_group->ag_name != NULL) {
354 log_warnx("cannot mix auth-group with explicit "
355 "authorisations for target \"%s\"",
364 target->t_auth_group = auth_group_new(conf, NULL);
365 if (target->t_auth_group == NULL) {
372 target->t_auth_group->ag_target = target;
374 ca = auth_new_chap_mutual(target->t_auth_group,
385 portal_group_statement: PORTAL_GROUP STR
387 if (target->t_portal_group != NULL) {
388 log_warnx("portal-group for target \"%s\" "
389 "specified more than once", target->t_iqn);
393 target->t_portal_group = portal_group_find(conf, $2);
394 if (target->t_portal_group == NULL) {
395 log_warnx("unknown portal-group \"%s\" for target "
396 "\"%s\"", $2, target->t_iqn);
404 lun_statement: LUN lun_number
405 OPENING_BRACKET lun_statement_entries CLOSING_BRACKET
413 lun = lun_new(target, $1);
419 lun_statement_entries:
421 lun_statement_entries lun_statement_entry
440 backend_statement: BACKEND STR
442 if (lun->l_backend != NULL) {
443 log_warnx("backend for lun %d, target \"%s\" "
444 "specified more than once",
445 lun->l_lun, target->t_iqn);
449 lun_set_backend(lun, $2);
454 blocksize_statement: BLOCKSIZE NUM
456 if (lun->l_blocksize != 0) {
457 log_warnx("blocksize for lun %d, target \"%s\" "
458 "specified more than once",
459 lun->l_lun, target->t_iqn);
462 lun_set_blocksize(lun, $2);
466 device_id_statement: DEVICE_ID STR
468 if (lun->l_device_id != NULL) {
469 log_warnx("device_id for lun %d, target \"%s\" "
470 "specified more than once",
471 lun->l_lun, target->t_iqn);
475 lun_set_device_id(lun, $2);
480 option_statement: OPTION STR STR
482 struct lun_option *clo;
484 clo = lun_option_new(lun, $2, $3);
492 path_statement: PATH STR
494 if (lun->l_path != NULL) {
495 log_warnx("path for lun %d, target \"%s\" "
496 "specified more than once",
497 lun->l_lun, target->t_iqn);
501 lun_set_path(lun, $2);
506 serial_statement: SERIAL STR
508 if (lun->l_serial != NULL) {
509 log_warnx("serial for lun %d, target \"%s\" "
510 "specified more than once",
511 lun->l_lun, target->t_iqn);
515 lun_set_serial(lun, $2);
520 size_statement: SIZE NUM
522 if (lun->l_size != 0) {
523 log_warnx("size for lun %d, target \"%s\" "
524 "specified more than once",
525 lun->l_lun, target->t_iqn);
528 lun_set_size(lun, $2);
534 yyerror(const char *str)
537 log_warnx("error in configuration file at line %d near '%s': %s",
538 lineno, yytext, str);
542 check_perms(const char *path)
547 error = stat(path, &sb);
552 if (sb.st_mode & S_IWOTH) {
553 log_warnx("%s is world-writable", path);
554 } else if (sb.st_mode & S_IROTH) {
555 log_warnx("%s is world-readable", path);
556 } else if (sb.st_mode & S_IXOTH) {
558 * Ok, this one doesn't matter, but still do it,
559 * just for consistency.
561 log_warnx("%s is world-executable", path);
565 * XXX: Should we also check for owner != 0?
570 conf_new_from_file(const char *path)
572 struct auth_group *ag;
573 struct portal_group *pg;
576 log_debugx("obtaining configuration from %s", path);
580 ag = auth_group_new(conf, "no-authentication");
581 ag->ag_type = AG_TYPE_NO_AUTHENTICATION;
584 * Here, the type doesn't really matter, as the group doesn't contain
585 * any entries and thus will always deny access.
587 ag = auth_group_new(conf, "no-access");
588 ag->ag_type = AG_TYPE_CHAP;
590 pg = portal_group_new(conf, "default");
591 portal_group_add_listen(pg, "0.0.0.0:3260", false);
592 portal_group_add_listen(pg, "[::]:3260", false);
594 yyin = fopen(path, "r");
596 log_warn("unable to open configuration file %s", path);
614 error = conf_verify(conf);