3 * Copyright (c) 2012 The FreeBSD Foundation
6 * This software was developed by Edward Tomasz Napierala under sponsorship
7 * from the FreeBSD Foundation.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include <sys/queue.h>
34 #include <sys/types.h>
48 static struct conf *conf = NULL;
49 static struct auth_group *auth_group = NULL;
50 static struct portal_group *portal_group = NULL;
51 static struct target *target = NULL;
52 static struct lun *lun = NULL;
54 extern void yyerror(const char *);
55 extern int yylex(void);
56 extern void yyrestart(FILE *);
60 %token ALIAS AUTH_GROUP BACKEND BLOCKSIZE CHAP CHAP_MUTUAL CLOSING_BRACKET
61 %token DEBUG DEVICE_ID DISCOVERY_AUTH_GROUP INITIATOR_NAME INITIATOR_PORTAL
62 %token LISTEN LISTEN_ISER LUN MAXPROC NUM OPENING_BRACKET OPTION PATH PIDFILE
63 %token PORTAL_GROUP SERIAL SIZE STR TARGET TIMEOUT
99 conf->conf_debug = $2;
105 conf->conf_timeout = $2;
111 conf->conf_maxproc = $2;
117 if (conf->conf_pidfile_path != NULL) {
118 log_warnx("pidfile specified more than once");
122 conf->conf_pidfile_path = $2;
126 auth_group: AUTH_GROUP auth_group_name
127 OPENING_BRACKET auth_group_entries CLOSING_BRACKET
135 auth_group = auth_group_new(conf, $1);
137 if (auth_group == NULL)
144 auth_group_entries auth_group_entry
150 auth_group_chap_mutual
152 auth_group_initiator_name
154 auth_group_initiator_portal
157 auth_group_chap: CHAP STR STR
159 const struct auth *ca;
161 ca = auth_new_chap(auth_group, $2, $3);
169 auth_group_chap_mutual: CHAP_MUTUAL STR STR STR STR
171 const struct auth *ca;
173 ca = auth_new_chap_mutual(auth_group, $2, $3, $4, $5);
183 auth_group_initiator_name: INITIATOR_NAME STR
185 const struct auth_name *an;
187 an = auth_name_new(auth_group, $2);
194 auth_group_initiator_portal: INITIATOR_PORTAL STR
196 const struct auth_portal *ap;
198 ap = auth_portal_new(auth_group, $2);
205 portal_group: PORTAL_GROUP portal_group_name
206 OPENING_BRACKET portal_group_entries CLOSING_BRACKET
212 portal_group_name: STR
214 portal_group = portal_group_new(conf, $1);
216 if (portal_group == NULL)
221 portal_group_entries:
223 portal_group_entries portal_group_entry
227 portal_group_discovery_auth_group
231 portal_group_listen_iser
234 portal_group_discovery_auth_group: DISCOVERY_AUTH_GROUP STR
236 if (portal_group->pg_discovery_auth_group != NULL) {
237 log_warnx("discovery-auth-group for portal-group "
238 "\"%s\" specified more than once",
239 portal_group->pg_name);
242 portal_group->pg_discovery_auth_group =
243 auth_group_find(conf, $2);
244 if (portal_group->pg_discovery_auth_group == NULL) {
245 log_warnx("unknown discovery-auth-group \"%s\" "
246 "for portal-group \"%s\"",
247 $2, portal_group->pg_name);
254 portal_group_listen: LISTEN STR
258 error = portal_group_add_listen(portal_group, $2, false);
265 portal_group_listen_iser: LISTEN_ISER STR
269 error = portal_group_add_listen(portal_group, $2, true);
276 target: TARGET target_name
277 OPENING_BRACKET target_entries CLOSING_BRACKET
285 target = target_new(conf, $1);
294 target_entries target_entry
306 target_initiator_name
308 target_initiator_portal
315 target_alias: ALIAS STR
317 if (target->t_alias != NULL) {
318 log_warnx("alias for target \"%s\" "
319 "specified more than once", target->t_iqn);
322 target->t_alias = $2;
326 target_auth_group: AUTH_GROUP STR
328 if (target->t_auth_group != NULL) {
329 if (target->t_auth_group->ag_name != NULL)
330 log_warnx("auth-group for target \"%s\" "
331 "specified more than once", target->t_iqn);
333 log_warnx("cannot mix auth-group with explicit "
334 "authorisations for target \"%s\"",
338 target->t_auth_group = auth_group_find(conf, $2);
339 if (target->t_auth_group == NULL) {
340 log_warnx("unknown auth-group \"%s\" for target "
341 "\"%s\"", $2, target->t_iqn);
348 target_chap: CHAP STR STR
350 const struct auth *ca;
352 if (target->t_auth_group != NULL) {
353 if (target->t_auth_group->ag_name != NULL) {
354 log_warnx("cannot mix auth-group with explicit "
355 "authorisations for target \"%s\"",
362 target->t_auth_group = auth_group_new(conf, NULL);
363 if (target->t_auth_group == NULL) {
368 target->t_auth_group->ag_target = target;
370 ca = auth_new_chap(target->t_auth_group, $2, $3);
378 target_chap_mutual: CHAP_MUTUAL STR STR STR STR
380 const struct auth *ca;
382 if (target->t_auth_group != NULL) {
383 if (target->t_auth_group->ag_name != NULL) {
384 log_warnx("cannot mix auth-group with explicit "
385 "authorisations for target \"%s\"",
394 target->t_auth_group = auth_group_new(conf, NULL);
395 if (target->t_auth_group == NULL) {
402 target->t_auth_group->ag_target = target;
404 ca = auth_new_chap_mutual(target->t_auth_group,
415 target_initiator_name: INITIATOR_NAME STR
417 const struct auth_name *an;
419 if (target->t_auth_group != NULL) {
420 if (target->t_auth_group->ag_name != NULL) {
421 log_warnx("cannot mix auth-group with "
422 "initiator-name for target \"%s\"",
428 target->t_auth_group = auth_group_new(conf, NULL);
429 if (target->t_auth_group == NULL) {
433 target->t_auth_group->ag_target = target;
435 an = auth_name_new(target->t_auth_group, $2);
442 target_initiator_portal: INITIATOR_PORTAL STR
444 const struct auth_portal *ap;
446 if (target->t_auth_group != NULL) {
447 if (target->t_auth_group->ag_name != NULL) {
448 log_warnx("cannot mix auth-group with "
449 "initiator-portal for target \"%s\"",
455 target->t_auth_group = auth_group_new(conf, NULL);
456 if (target->t_auth_group == NULL) {
460 target->t_auth_group->ag_target = target;
462 ap = auth_portal_new(target->t_auth_group, $2);
469 target_portal_group: PORTAL_GROUP STR
471 if (target->t_portal_group != NULL) {
472 log_warnx("portal-group for target \"%s\" "
473 "specified more than once", target->t_iqn);
477 target->t_portal_group = portal_group_find(conf, $2);
478 if (target->t_portal_group == NULL) {
479 log_warnx("unknown portal-group \"%s\" for target "
480 "\"%s\"", $2, target->t_iqn);
488 target_lun: LUN lun_number
489 OPENING_BRACKET lun_entries CLOSING_BRACKET
497 lun = lun_new(target, $1);
505 lun_entries lun_entry
524 lun_backend: BACKEND STR
526 if (lun->l_backend != NULL) {
527 log_warnx("backend for lun %d, target \"%s\" "
528 "specified more than once",
529 lun->l_lun, target->t_iqn);
533 lun_set_backend(lun, $2);
538 lun_blocksize: BLOCKSIZE NUM
540 if (lun->l_blocksize != 0) {
541 log_warnx("blocksize for lun %d, target \"%s\" "
542 "specified more than once",
543 lun->l_lun, target->t_iqn);
546 lun_set_blocksize(lun, $2);
550 lun_device_id: DEVICE_ID STR
552 if (lun->l_device_id != NULL) {
553 log_warnx("device_id for lun %d, target \"%s\" "
554 "specified more than once",
555 lun->l_lun, target->t_iqn);
559 lun_set_device_id(lun, $2);
564 lun_option: OPTION STR STR
566 struct lun_option *clo;
568 clo = lun_option_new(lun, $2, $3);
578 if (lun->l_path != NULL) {
579 log_warnx("path for lun %d, target \"%s\" "
580 "specified more than once",
581 lun->l_lun, target->t_iqn);
585 lun_set_path(lun, $2);
590 lun_serial: SERIAL STR
592 if (lun->l_serial != NULL) {
593 log_warnx("serial for lun %d, target \"%s\" "
594 "specified more than once",
595 lun->l_lun, target->t_iqn);
599 lun_set_serial(lun, $2);
606 if (lun->l_size != 0) {
607 log_warnx("size for lun %d, target \"%s\" "
608 "specified more than once",
609 lun->l_lun, target->t_iqn);
612 lun_set_size(lun, $2);
618 yyerror(const char *str)
621 log_warnx("error in configuration file at line %d near '%s': %s",
622 lineno, yytext, str);
626 check_perms(const char *path)
631 error = stat(path, &sb);
636 if (sb.st_mode & S_IWOTH) {
637 log_warnx("%s is world-writable", path);
638 } else if (sb.st_mode & S_IROTH) {
639 log_warnx("%s is world-readable", path);
640 } else if (sb.st_mode & S_IXOTH) {
642 * Ok, this one doesn't matter, but still do it,
643 * just for consistency.
645 log_warnx("%s is world-executable", path);
649 * XXX: Should we also check for owner != 0?
654 conf_new_from_file(const char *path)
656 struct auth_group *ag;
657 struct portal_group *pg;
660 log_debugx("obtaining configuration from %s", path);
664 ag = auth_group_new(conf, "no-authentication");
665 ag->ag_type = AG_TYPE_NO_AUTHENTICATION;
668 * Here, the type doesn't really matter, as the group doesn't contain
669 * any entries and thus will always deny access.
671 ag = auth_group_new(conf, "no-access");
672 ag->ag_type = AG_TYPE_CHAP;
674 pg = portal_group_new(conf, "default");
675 portal_group_add_listen(pg, "0.0.0.0:3260", false);
676 portal_group_add_listen(pg, "[::]:3260", false);
678 yyin = fopen(path, "r");
680 log_warn("unable to open configuration file %s", path);
698 error = conf_verify(conf);