3 * Copyright (c) 2012 The FreeBSD Foundation
6 * This software was developed by Edward Tomasz Napierala under sponsorship
7 * from the FreeBSD Foundation.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include <sys/queue.h>
34 #include <sys/types.h>
48 static struct conf *conf = NULL;
49 static struct auth_group *auth_group = NULL;
50 static struct portal_group *portal_group = NULL;
51 static struct target *target = NULL;
52 static struct lun *lun = NULL;
54 extern void yyerror(const char *);
55 extern int yylex(void);
56 extern void yyrestart(FILE *);
60 %token ALIAS AUTH_GROUP AUTH_TYPE BACKEND BLOCKSIZE CHAP CHAP_MUTUAL
61 %token CLOSING_BRACKET DEBUG DEVICE_ID DISCOVERY_AUTH_GROUP DISCOVERY_FILTER
62 %token INITIATOR_NAME INITIATOR_PORTAL ISNS_SERVER ISNS_PERIOD ISNS_TIMEOUT
63 %token LISTEN LISTEN_ISER LUN MAXPROC OPENING_BRACKET OPTION
64 %token PATH PIDFILE PORTAL_GROUP REDIRECT SEMICOLON SERIAL SIZE STR
80 statements statement SEMICOLON
109 if (expand_number($2, &tmp) != 0) {
110 yyerror("invalid numeric value");
115 conf->conf_debug = tmp;
123 if (expand_number($2, &tmp) != 0) {
124 yyerror("invalid numeric value");
129 conf->conf_timeout = tmp;
137 if (expand_number($2, &tmp) != 0) {
138 yyerror("invalid numeric value");
143 conf->conf_maxproc = tmp;
149 if (conf->conf_pidfile_path != NULL) {
150 log_warnx("pidfile specified more than once");
154 conf->conf_pidfile_path = $2;
158 isns_server: ISNS_SERVER STR
162 error = isns_new(conf, $2);
169 isns_period: ISNS_PERIOD STR
173 if (expand_number($2, &tmp) != 0) {
174 yyerror("invalid numeric value");
179 conf->conf_isns_period = tmp;
183 isns_timeout: ISNS_TIMEOUT STR
187 if (expand_number($2, &tmp) != 0) {
188 yyerror("invalid numeric value");
193 conf->conf_isns_timeout = tmp;
197 auth_group: AUTH_GROUP auth_group_name
198 OPENING_BRACKET auth_group_entries CLOSING_BRACKET
207 * Make it possible to redefine default
208 * auth-group. but only once.
210 if (strcmp($1, "default") == 0 &&
211 conf->conf_default_ag_defined == false) {
212 auth_group = auth_group_find(conf, $1);
213 conf->conf_default_ag_defined = true;
215 auth_group = auth_group_new(conf, $1);
218 if (auth_group == NULL)
225 auth_group_entries auth_group_entry
227 auth_group_entries auth_group_entry SEMICOLON
235 auth_group_chap_mutual
237 auth_group_initiator_name
239 auth_group_initiator_portal
242 auth_group_auth_type: AUTH_TYPE STR
246 error = auth_group_set_type(auth_group, $2);
253 auth_group_chap: CHAP STR STR
255 const struct auth *ca;
257 ca = auth_new_chap(auth_group, $2, $3);
265 auth_group_chap_mutual: CHAP_MUTUAL STR STR STR STR
267 const struct auth *ca;
269 ca = auth_new_chap_mutual(auth_group, $2, $3, $4, $5);
279 auth_group_initiator_name: INITIATOR_NAME STR
281 const struct auth_name *an;
283 an = auth_name_new(auth_group, $2);
290 auth_group_initiator_portal: INITIATOR_PORTAL STR
292 const struct auth_portal *ap;
294 ap = auth_portal_new(auth_group, $2);
301 portal_group: PORTAL_GROUP portal_group_name
302 OPENING_BRACKET portal_group_entries CLOSING_BRACKET
308 portal_group_name: STR
311 * Make it possible to redefine default
312 * portal-group. but only once.
314 if (strcmp($1, "default") == 0 &&
315 conf->conf_default_pg_defined == false) {
316 portal_group = portal_group_find(conf, $1);
317 conf->conf_default_pg_defined = true;
319 portal_group = portal_group_new(conf, $1);
322 if (portal_group == NULL)
327 portal_group_entries:
329 portal_group_entries portal_group_entry
331 portal_group_entries portal_group_entry SEMICOLON
335 portal_group_discovery_auth_group
337 portal_group_discovery_filter
341 portal_group_listen_iser
343 portal_group_redirect
346 portal_group_discovery_auth_group: DISCOVERY_AUTH_GROUP STR
348 if (portal_group->pg_discovery_auth_group != NULL) {
349 log_warnx("discovery-auth-group for portal-group "
350 "\"%s\" specified more than once",
351 portal_group->pg_name);
354 portal_group->pg_discovery_auth_group =
355 auth_group_find(conf, $2);
356 if (portal_group->pg_discovery_auth_group == NULL) {
357 log_warnx("unknown discovery-auth-group \"%s\" "
358 "for portal-group \"%s\"",
359 $2, portal_group->pg_name);
366 portal_group_discovery_filter: DISCOVERY_FILTER STR
370 error = portal_group_set_filter(portal_group, $2);
377 portal_group_listen: LISTEN STR
381 error = portal_group_add_listen(portal_group, $2, false);
388 portal_group_listen_iser: LISTEN_ISER STR
392 error = portal_group_add_listen(portal_group, $2, true);
399 portal_group_redirect: REDIRECT STR
403 error = portal_group_set_redirection(portal_group, $2);
410 target: TARGET target_name
411 OPENING_BRACKET target_entries CLOSING_BRACKET
419 target = target_new(conf, $1);
428 target_entries target_entry
430 target_entries target_entry SEMICOLON
444 target_initiator_name
446 target_initiator_portal
455 target_alias: ALIAS STR
457 if (target->t_alias != NULL) {
458 log_warnx("alias for target \"%s\" "
459 "specified more than once", target->t_name);
462 target->t_alias = $2;
466 target_auth_group: AUTH_GROUP STR
468 if (target->t_auth_group != NULL) {
469 if (target->t_auth_group->ag_name != NULL)
470 log_warnx("auth-group for target \"%s\" "
471 "specified more than once", target->t_name);
473 log_warnx("cannot use both auth-group and explicit "
474 "authorisations for target \"%s\"",
478 target->t_auth_group = auth_group_find(conf, $2);
479 if (target->t_auth_group == NULL) {
480 log_warnx("unknown auth-group \"%s\" for target "
481 "\"%s\"", $2, target->t_name);
488 target_auth_type: AUTH_TYPE STR
492 if (target->t_auth_group != NULL) {
493 if (target->t_auth_group->ag_name != NULL) {
494 log_warnx("cannot use both auth-group and "
495 "auth-type for target \"%s\"",
500 target->t_auth_group = auth_group_new(conf, NULL);
501 if (target->t_auth_group == NULL) {
505 target->t_auth_group->ag_target = target;
507 error = auth_group_set_type(target->t_auth_group, $2);
514 target_chap: CHAP STR STR
516 const struct auth *ca;
518 if (target->t_auth_group != NULL) {
519 if (target->t_auth_group->ag_name != NULL) {
520 log_warnx("cannot use both auth-group and "
521 "chap for target \"%s\"",
528 target->t_auth_group = auth_group_new(conf, NULL);
529 if (target->t_auth_group == NULL) {
534 target->t_auth_group->ag_target = target;
536 ca = auth_new_chap(target->t_auth_group, $2, $3);
544 target_chap_mutual: CHAP_MUTUAL STR STR STR STR
546 const struct auth *ca;
548 if (target->t_auth_group != NULL) {
549 if (target->t_auth_group->ag_name != NULL) {
550 log_warnx("cannot use both auth-group and "
551 "chap-mutual for target \"%s\"",
560 target->t_auth_group = auth_group_new(conf, NULL);
561 if (target->t_auth_group == NULL) {
568 target->t_auth_group->ag_target = target;
570 ca = auth_new_chap_mutual(target->t_auth_group,
581 target_initiator_name: INITIATOR_NAME STR
583 const struct auth_name *an;
585 if (target->t_auth_group != NULL) {
586 if (target->t_auth_group->ag_name != NULL) {
587 log_warnx("cannot use both auth-group and "
588 "initiator-name for target \"%s\"",
594 target->t_auth_group = auth_group_new(conf, NULL);
595 if (target->t_auth_group == NULL) {
599 target->t_auth_group->ag_target = target;
601 an = auth_name_new(target->t_auth_group, $2);
608 target_initiator_portal: INITIATOR_PORTAL STR
610 const struct auth_portal *ap;
612 if (target->t_auth_group != NULL) {
613 if (target->t_auth_group->ag_name != NULL) {
614 log_warnx("cannot use both auth-group and "
615 "initiator-portal for target \"%s\"",
621 target->t_auth_group = auth_group_new(conf, NULL);
622 if (target->t_auth_group == NULL) {
626 target->t_auth_group->ag_target = target;
628 ap = auth_portal_new(target->t_auth_group, $2);
635 target_portal_group: PORTAL_GROUP STR
637 if (target->t_portal_group != NULL) {
638 log_warnx("portal-group for target \"%s\" "
639 "specified more than once", target->t_name);
643 target->t_portal_group = portal_group_find(conf, $2);
644 if (target->t_portal_group == NULL) {
645 log_warnx("unknown portal-group \"%s\" for target "
646 "\"%s\"", $2, target->t_name);
654 target_redirect: REDIRECT STR
658 error = target_set_redirection(target, $2);
665 target_lun: LUN lun_number
666 OPENING_BRACKET lun_entries CLOSING_BRACKET
676 if (expand_number($1, &tmp) != 0) {
677 yyerror("invalid numeric value");
682 lun = lun_new(target, tmp);
690 lun_entries lun_entry
692 lun_entries lun_entry SEMICOLON
711 lun_backend: BACKEND STR
713 if (lun->l_backend != NULL) {
714 log_warnx("backend for lun %d, target \"%s\" "
715 "specified more than once",
716 lun->l_lun, target->t_name);
720 lun_set_backend(lun, $2);
725 lun_blocksize: BLOCKSIZE STR
729 if (expand_number($2, &tmp) != 0) {
730 yyerror("invalid numeric value");
735 if (lun->l_blocksize != 0) {
736 log_warnx("blocksize for lun %d, target \"%s\" "
737 "specified more than once",
738 lun->l_lun, target->t_name);
741 lun_set_blocksize(lun, tmp);
745 lun_device_id: DEVICE_ID STR
747 if (lun->l_device_id != NULL) {
748 log_warnx("device_id for lun %d, target \"%s\" "
749 "specified more than once",
750 lun->l_lun, target->t_name);
754 lun_set_device_id(lun, $2);
759 lun_option: OPTION STR STR
761 struct lun_option *clo;
763 clo = lun_option_new(lun, $2, $3);
773 if (lun->l_path != NULL) {
774 log_warnx("path for lun %d, target \"%s\" "
775 "specified more than once",
776 lun->l_lun, target->t_name);
780 lun_set_path(lun, $2);
785 lun_serial: SERIAL STR
787 if (lun->l_serial != NULL) {
788 log_warnx("serial for lun %d, target \"%s\" "
789 "specified more than once",
790 lun->l_lun, target->t_name);
794 lun_set_serial(lun, $2);
803 if (expand_number($2, &tmp) != 0) {
804 yyerror("invalid numeric value");
809 if (lun->l_size != 0) {
810 log_warnx("size for lun %d, target \"%s\" "
811 "specified more than once",
812 lun->l_lun, target->t_name);
815 lun_set_size(lun, tmp);
821 yyerror(const char *str)
824 log_warnx("error in configuration file at line %d near '%s': %s",
825 lineno, yytext, str);
829 check_perms(const char *path)
834 error = stat(path, &sb);
839 if (sb.st_mode & S_IWOTH) {
840 log_warnx("%s is world-writable", path);
841 } else if (sb.st_mode & S_IROTH) {
842 log_warnx("%s is world-readable", path);
843 } else if (sb.st_mode & S_IXOTH) {
845 * Ok, this one doesn't matter, but still do it,
846 * just for consistency.
848 log_warnx("%s is world-executable", path);
852 * XXX: Should we also check for owner != 0?
857 conf_new_from_file(const char *path)
859 struct auth_group *ag;
860 struct portal_group *pg;
863 log_debugx("obtaining configuration from %s", path);
867 ag = auth_group_new(conf, "default");
870 ag = auth_group_new(conf, "no-authentication");
872 ag->ag_type = AG_TYPE_NO_AUTHENTICATION;
874 ag = auth_group_new(conf, "no-access");
876 ag->ag_type = AG_TYPE_DENY;
878 pg = portal_group_new(conf, "default");
881 yyin = fopen(path, "r");
883 log_warn("unable to open configuration file %s", path);
901 if (conf->conf_default_ag_defined == false) {
902 log_debugx("auth-group \"default\" not defined; "
903 "going with defaults");
904 ag = auth_group_find(conf, "default");
906 ag->ag_type = AG_TYPE_DENY;
909 if (conf->conf_default_pg_defined == false) {
910 log_debugx("portal-group \"default\" not defined; "
911 "going with defaults");
912 pg = portal_group_find(conf, "default");
914 portal_group_add_listen(pg, "0.0.0.0:3260", false);
915 portal_group_add_listen(pg, "[::]:3260", false);
918 conf->conf_kernel_port_on = true;
920 error = conf_verify(conf);