usr.sbin/ctld/discovery.c

   1 /*-
   2  * Copyright (c) 2012 The FreeBSD Foundation
   3  * All rights reserved.
   4  *
   5  * This software was developed by Edward Tomasz Napierala under sponsorship
   6  * from the FreeBSD Foundation.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted provided that the following conditions
  10  * are met:
  11  * 1. Redistributions of source code must retain the above copyright
  12  *    notice, this list of conditions and the following disclaimer.
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  27  * SUCH DAMAGE.
  28  *
  29  */
  30
  31 #include <sys/cdefs.h>
  32 __FBSDID("$FreeBSD$");
  33
  34 #include <assert.h>
  35 #include <stdint.h>
  36 #include <stdio.h>
  37 #include <stdlib.h>
  38 #include <string.h>
  39 #include <netinet/in.h>
  40 #include <netdb.h>
  41 #include <sys/socket.h>
  42
  43 #include "ctld.h"
  44 #include "iscsi_proto.h"
  45
  46 static struct pdu *
  47 text_receive(struct connection *conn)
  48 {
  49         struct pdu *request;
  50         struct iscsi_bhs_text_request *bhstr;
  51
  52         request = pdu_new(conn);
  53         pdu_receive(request);
  54         if ((request->pdu_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) !=
  55             ISCSI_BHS_OPCODE_TEXT_REQUEST)
  56                 log_errx(1, "protocol error: received invalid opcode 0x%x",
  57                     request->pdu_bhs->bhs_opcode);
  58         bhstr = (struct iscsi_bhs_text_request *)request->pdu_bhs;
  59 #if 0
  60         if ((bhstr->bhstr_flags & ISCSI_BHSTR_FLAGS_FINAL) == 0)
  61                 log_errx(1, "received Text PDU without the \"F\" flag");
  62 #endif
  63         /*
  64          * XXX: Implement the C flag some day.
  65          */
  66         if ((bhstr->bhstr_flags & BHSTR_FLAGS_CONTINUE) != 0)
  67                 log_errx(1, "received Text PDU with unsupported \"C\" flag");
  68         if (ISCSI_SNLT(ntohl(bhstr->bhstr_cmdsn), conn->conn_cmdsn)) {
  69                 log_errx(1, "received Text PDU with decreasing CmdSN: "
  70                     "was %u, is %u", conn->conn_cmdsn, ntohl(bhstr->bhstr_cmdsn));
  71         }
  72         if (ntohl(bhstr->bhstr_expstatsn) != conn->conn_statsn) {
  73                 log_errx(1, "received Text PDU with wrong StatSN: "
  74                     "is %u, should be %u", ntohl(bhstr->bhstr_expstatsn),
  75                     conn->conn_statsn);
  76         }
  77         conn->conn_cmdsn = ntohl(bhstr->bhstr_cmdsn);
  78         if ((bhstr->bhstr_opcode & ISCSI_BHS_OPCODE_IMMEDIATE) == 0)
  79                 conn->conn_cmdsn++;
  80
  81         return (request);
  82 }
  83
  84 static struct pdu *
  85 text_new_response(struct pdu *request)
  86 {
  87         struct pdu *response;
  88         struct connection *conn;
  89         struct iscsi_bhs_text_request *bhstr;
  90         struct iscsi_bhs_text_response *bhstr2;
  91
  92         bhstr = (struct iscsi_bhs_text_request *)request->pdu_bhs;
  93         conn = request->pdu_connection;
  94
  95         response = pdu_new_response(request);
  96         bhstr2 = (struct iscsi_bhs_text_response *)response->pdu_bhs;
  97         bhstr2->bhstr_opcode = ISCSI_BHS_OPCODE_TEXT_RESPONSE;
  98         bhstr2->bhstr_flags = BHSTR_FLAGS_FINAL;
  99         bhstr2->bhstr_lun = bhstr->bhstr_lun;
 100         bhstr2->bhstr_initiator_task_tag = bhstr->bhstr_initiator_task_tag;
 101         bhstr2->bhstr_target_transfer_tag = bhstr->bhstr_target_transfer_tag;
 102         bhstr2->bhstr_statsn = htonl(conn->conn_statsn++);
 103         bhstr2->bhstr_expcmdsn = htonl(conn->conn_cmdsn);
 104         bhstr2->bhstr_maxcmdsn = htonl(conn->conn_cmdsn);
 105
 106         return (response);
 107 }
 108
 109 static struct pdu *
 110 logout_receive(struct connection *conn)
 111 {
 112         struct pdu *request;
 113         struct iscsi_bhs_logout_request *bhslr;
 114
 115         request = pdu_new(conn);
 116         pdu_receive(request);
 117         if ((request->pdu_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) !=
 118             ISCSI_BHS_OPCODE_LOGOUT_REQUEST)
 119                 log_errx(1, "protocol error: received invalid opcode 0x%x",
 120                     request->pdu_bhs->bhs_opcode);
 121         bhslr = (struct iscsi_bhs_logout_request *)request->pdu_bhs;
 122         if ((bhslr->bhslr_reason & 0x7f) != BHSLR_REASON_CLOSE_SESSION)
 123                 log_debugx("received Logout PDU with invalid reason 0x%x; "
 124                     "continuing anyway", bhslr->bhslr_reason & 0x7f);
 125         if (ISCSI_SNLT(ntohl(bhslr->bhslr_cmdsn), conn->conn_cmdsn)) {
 126                 log_errx(1, "received Logout PDU with decreasing CmdSN: "
 127                     "was %u, is %u", conn->conn_cmdsn,
 128                     ntohl(bhslr->bhslr_cmdsn));
 129         }
 130         if (ntohl(bhslr->bhslr_expstatsn) != conn->conn_statsn) {
 131                 log_errx(1, "received Logout PDU with wrong StatSN: "
 132                     "is %u, should be %u", ntohl(bhslr->bhslr_expstatsn),
 133                     conn->conn_statsn);
 134         }
 135         conn->conn_cmdsn = ntohl(bhslr->bhslr_cmdsn);
 136         if ((bhslr->bhslr_opcode & ISCSI_BHS_OPCODE_IMMEDIATE) == 0)
 137                 conn->conn_cmdsn++;
 138
 139         return (request);
 140 }
 141
 142 static struct pdu *
 143 logout_new_response(struct pdu *request)
 144 {
 145         struct pdu *response;
 146         struct connection *conn;
 147         struct iscsi_bhs_logout_request *bhslr;
 148         struct iscsi_bhs_logout_response *bhslr2;
 149
 150         bhslr = (struct iscsi_bhs_logout_request *)request->pdu_bhs;
 151         conn = request->pdu_connection;
 152
 153         response = pdu_new_response(request);
 154         bhslr2 = (struct iscsi_bhs_logout_response *)response->pdu_bhs;
 155         bhslr2->bhslr_opcode = ISCSI_BHS_OPCODE_LOGOUT_RESPONSE;
 156         bhslr2->bhslr_flags = 0x80;
 157         bhslr2->bhslr_response = BHSLR_RESPONSE_CLOSED_SUCCESSFULLY;
 158         bhslr2->bhslr_initiator_task_tag = bhslr->bhslr_initiator_task_tag;
 159         bhslr2->bhslr_statsn = htonl(conn->conn_statsn++);
 160         bhslr2->bhslr_expcmdsn = htonl(conn->conn_cmdsn);
 161         bhslr2->bhslr_maxcmdsn = htonl(conn->conn_cmdsn);
 162
 163         return (response);
 164 }
 165
 166 static void
 167 discovery_add_target(struct keys *response_keys, const struct target *targ)
 168 {
 169         struct port *port;
 170         struct portal *portal;
 171         char *buf;
 172         char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
 173         struct addrinfo *ai;
 174         int ret;
 175
 176         keys_add(response_keys, "TargetName", targ->t_name);
 177         TAILQ_FOREACH(port, &targ->t_ports, p_ts) {
 178             if (port->p_portal_group == NULL)
 179                 continue;
 180             TAILQ_FOREACH(portal, &port->p_portal_group->pg_portals, p_next) {
 181                 ai = portal->p_ai;
 182                 ret = getnameinfo(ai->ai_addr, ai->ai_addrlen,
 183                     hbuf, sizeof(hbuf), sbuf, sizeof(sbuf),
 184                     NI_NUMERICHOST | NI_NUMERICSERV);
 185                 if (ret != 0) {
 186                         log_warnx("getnameinfo: %s", gai_strerror(ret));
 187                         continue;
 188                 }
 189                 switch (ai->ai_addr->sa_family) {
 190                 case AF_INET:
 191                         if (strcmp(hbuf, "0.0.0.0") == 0)
 192                                 continue;
 193                         ret = asprintf(&buf, "%s:%s,%d", hbuf, sbuf,
 194                             port->p_portal_group->pg_tag);
 195                         break;
 196                 case AF_INET6:
 197                         if (strcmp(hbuf, "::") == 0)
 198                                 continue;
 199                         ret = asprintf(&buf, "[%s]:%s,%d", hbuf, sbuf,
 200                             port->p_portal_group->pg_tag);
 201                         break;
 202                 default:
 203                         continue;
 204                 }
 205                 if (ret <= 0)
 206                     log_err(1, "asprintf");
 207                 keys_add(response_keys, "TargetAddress", buf);
 208                 free(buf);
 209             }
 210         }
 211 }
 212
 213 static bool
 214 discovery_target_filtered_out(const struct connection *conn,
 215     const struct port *port)
 216 {
 217         const struct auth_group *ag;
 218         const struct portal_group *pg;
 219         const struct target *targ;
 220         const struct auth *auth;
 221         int error;
 222
 223         targ = port->p_target;
 224         ag = port->p_auth_group;
 225         if (ag == NULL)
 226                 ag = targ->t_auth_group;
 227         pg = conn->conn_portal->p_portal_group;
 228
 229         assert(pg->pg_discovery_auth_group != PG_FILTER_UNKNOWN);
 230
 231         if (pg->pg_discovery_filter >= PG_FILTER_PORTAL &&
 232             auth_portal_check(ag, &conn->conn_initiator_sa) != 0) {
 233                 log_debugx("initiator does not match initiator portals "
 234                     "allowed for target \"%s\"; skipping", targ->t_name);
 235                 return (true);
 236         }
 237
 238         if (pg->pg_discovery_filter >= PG_FILTER_PORTAL_NAME &&
 239             auth_name_check(ag, conn->conn_initiator_name) != 0) {
 240                 log_debugx("initiator does not match initiator names "
 241                     "allowed for target \"%s\"; skipping", targ->t_name);
 242                 return (true);
 243         }
 244
 245         if (pg->pg_discovery_filter >= PG_FILTER_PORTAL_NAME_AUTH &&
 246             ag->ag_type != AG_TYPE_NO_AUTHENTICATION) {
 247                 if (conn->conn_chap == NULL) {
 248                         assert(pg->pg_discovery_auth_group->ag_type ==
 249                             AG_TYPE_NO_AUTHENTICATION);
 250
 251                         log_debugx("initiator didn't authenticate, but target "
 252                             "\"%s\" requires CHAP; skipping", targ->t_name);
 253                         return (true);
 254                 }
 255
 256                 assert(conn->conn_user != NULL);
 257                 auth = auth_find(ag, conn->conn_user);
 258                 if (auth == NULL) {
 259                         log_debugx("CHAP user \"%s\" doesn't match target "
 260                             "\"%s\"; skipping", conn->conn_user, targ->t_name);
 261                         return (true);
 262                 }
 263
 264                 error = chap_authenticate(conn->conn_chap, auth->a_secret);
 265                 if (error != 0) {
 266                         log_debugx("password for CHAP user \"%s\" doesn't "
 267                             "match target \"%s\"; skipping",
 268                             conn->conn_user, targ->t_name);
 269                         return (true);
 270                 }
 271         }
 272
 273         return (false);
 274 }
 275
 276 void
 277 discovery(struct connection *conn)
 278 {
 279         struct pdu *request, *response;
 280         struct keys *request_keys, *response_keys;
 281         const struct port *port;
 282         const struct portal_group *pg;
 283         const char *send_targets;
 284
 285         pg = conn->conn_portal->p_portal_group;
 286
 287         log_debugx("beginning discovery session; waiting for Text PDU");
 288         request = text_receive(conn);
 289         request_keys = keys_new();
 290         keys_load(request_keys, request);
 291
 292         send_targets = keys_find(request_keys, "SendTargets");
 293         if (send_targets == NULL)
 294                 log_errx(1, "received Text PDU without SendTargets");
 295
 296         response = text_new_response(request);
 297         response_keys = keys_new();
 298
 299         if (strcmp(send_targets, "All") == 0) {
 300                 TAILQ_FOREACH(port, &pg->pg_ports, p_pgs) {
 301                         if (discovery_target_filtered_out(conn, port)) {
 302                                 /* Ignore this target. */
 303                                 continue;
 304                         }
 305                         discovery_add_target(response_keys, port->p_target);
 306                 }
 307         } else {
 308                 port = port_find_in_pg(pg, send_targets);
 309                 if (port == NULL) {
 310                         log_debugx("initiator requested information on unknown "
 311                             "target \"%s\"; returning nothing", send_targets);
 312                 } else {
 313                         if (discovery_target_filtered_out(conn, port)) {
 314                                 /* Ignore this target. */
 315                         } else {
 316                                 discovery_add_target(response_keys, port->p_target);
 317                         }
 318                 }
 319         }
 320         keys_save(response_keys, response);
 321
 322         pdu_send(response);
 323         pdu_delete(response);
 324         keys_delete(response_keys);
 325         pdu_delete(request);
 326         keys_delete(request_keys);
 327
 328         log_debugx("done sending targets; waiting for Logout PDU");
 329         request = logout_receive(conn);
 330         response = logout_new_response(request);
 331
 332         pdu_send(response);
 333         pdu_delete(response);
 334         pdu_delete(request);
 335
 336         log_debugx("discovery session done");
 337 }