Commit Graph

182 Commits

Author SHA1 Message Date
Alexander Motin
829603e21f Add basic iSNS client to the iSCSI target.
This makes ctld(8) register its iSCSI targets and portals on configured
iSNS servers to allow initiators find them without active discovery.

Fetching of allowed initiators from iSNS is not implemented now, so target
ACLs still should be configured manually.

Reviewed by:	trasz@
MFC after:	1 month
Sponsored by:	iXsystems, Inc.
2014-10-25 12:50:26 +00:00
Edward Tomasz Napierala
3bea5b97f8 Improve ctld.conf example.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2014-10-24 12:30:43 +00:00
Edward Tomasz Napierala
e867e16225 Make the initiator-name and initiator-portal checks a little nicer.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2014-10-24 11:40:09 +00:00
Edward Tomasz Napierala
ff982835f8 Tidy up the login code; no functional changes.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2014-10-24 11:34:55 +00:00
Edward Tomasz Napierala
7c8e3a7f48 Clean up (refactor) discovery a little; no functional changes.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2014-10-23 12:02:27 +00:00
Edward Tomasz Napierala
a178d09eee Fix ctl.conf example to use proper paths to ZVOLs.
Sponsored by:	The FreeBSD Foundation
2014-10-22 11:30:56 +00:00
Edward Tomasz Napierala
4af184b9f7 Remove misleading statement. Bump date.
MFC after:	1 month
Sponsored by:	FreeBSD Foundation
2014-10-22 11:09:03 +00:00
Edward Tomasz Napierala
3a6accd5a5 Comment out parts about iSER; it's not implemented.
Sponsored by:	The FreeBSD Foundation
2014-10-22 11:06:05 +00:00
Edward Tomasz Napierala
e2eb7f476c Remove spurious empty line.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2014-10-22 10:53:25 +00:00
Edward Tomasz Napierala
4e5c38f8b7 Fix ctld(8) to not show the "auth-group <name> not assigned to any target"
warning for auth-groups assigned to a portal-group.

MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2014-10-22 09:40:46 +00:00
Edward Tomasz Napierala
2bd282696a Whitespace fixes.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2014-10-22 09:17:17 +00:00
Edward Tomasz Napierala
45078155e3 Untangle iSCSI authentication code by splitting off the CHAP
implementation.

Reviewed by:	mav@
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2014-10-22 08:59:23 +00:00
Alexander Motin
19720f4113 Make ctld start even if some LUNs are unable to open backing storage.
Such LUNs will be visible to initiators, but return "not ready" status
on media access commands.  If backing storage become available later,
`ctladm modify ...` or `service ctld reload` can trigger its reopen.
2014-10-10 19:41:09 +00:00
Alexander Motin
8cf98331b0 Make kernel to update LUN size from the backing storage on configuration
reload also if that size was not specified in the new configuration.

Previously it happened only if size was explicitly changed in config.

MFC after:	3 days
2014-09-18 17:39:04 +00:00
Edward Tomasz Napierala
4f66b23341 Fix two small nits in ctl.conf(5).
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2014-09-14 08:35:44 +00:00
Allan Jude
ce20734f95 Resolve an ambiguity with the definition of a new auth-group
Resolve a markup mistake

Reviewed by:	trasz
Approved by:	bcr (mentor), wblock (mentor)
Sponsored by:	ScaleEngine Inc.
CR:		https://reviews.freebsd.org/D735
2014-09-13 23:50:51 +00:00
Allan Jude
263be6a9d1 Fix minor syntax error
Submitted by:	bjk
Approved by:	bcr (mentor)
Sponsored by:	ScaleEngine Inc.
2014-09-12 00:55:42 +00:00
Allan Jude
d1e933edda Improve markup and language throughout the ctl.conf man page
Reviewed by:	trasz
Approved by:	bcr (mentor)
Sponsored by:	ScaleEngine Inc.
2014-09-12 00:08:19 +00:00
Edward Tomasz Napierala
2e779f745b Use keys_add_int() where appropriate. No functional changes.
Sponsored by:	The FreeBSD Foundation
2014-09-09 16:57:02 +00:00
Edward Tomasz Napierala
dce704a67a Fix ctld(8) to not forget to send TargetPortalGroupTag and TargetAlias
when the initiator skips security negotiation.  This fixes interoperability
with Xtend SAN initiator.

PR:		193021
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2014-09-09 16:45:36 +00:00
Edward Tomasz Napierala
44a5953aa1 Avoid ctld(8) crash on getaddrinfo(3) failure.
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2014-09-06 09:03:13 +00:00
Edward Tomasz Napierala
a5f9f526bd Document initiator-portal netmask support.
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2014-09-05 14:58:24 +00:00
Edward Tomasz Napierala
0488e848d9 Turn two errors, which are possible to trigger only by bugs,
into assertions.

Discussed with:	mav@
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2014-09-05 14:48:06 +00:00
Edward Tomasz Napierala
d69440367c Fix typo.
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2014-09-05 11:10:44 +00:00
Edward Tomasz Napierala
b7a65e3936 Make the iSCSI stack use __FBSDID() properly.
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2014-08-21 15:32:38 +00:00
Enji Cooper
b7ca81625e Add missing libraries to DPADD; sort DPADD so DPADD and LDADD match up
This fixes "make checkdpadd"

Approved by: jmmv (mentor)
MFC after: 2 weeks
Phabric: D630
PR: 192765
2014-08-19 18:31:20 +00:00
Alexander Motin
5e46a0660e Fix r269183 build woth GCC.
MFC after:	2 weeks
2014-07-28 14:32:20 +00:00
Alexander Motin
073edb1c91 Add netmasks support to initiator-portal option.
MFC after:	2 weeks
2014-07-28 12:47:09 +00:00
Warren Block
a8a5af866c Correct spelling errors in ctld.8. While here, correct similar errors
in ctl.conf.5 and fix a couple of contractions.

PR:		191984
Submitted by:	olgeni
MFC after:	1 week
2014-07-20 22:13:51 +00:00
Alexander Motin
a6f6f7a632 Fix ctld crash on startup if target alias is not set.
MFC after:	3 days
2014-07-17 11:38:37 +00:00
Alexander Motin
1380b77c12 Close race in r268291 between port destruction, delayed by sessions
teardown, and new port creation during `service ctld restart`.

Close it by returning iSCSI port internal state, that allows to identify
dying ports, which should not be counted as existing, from really alive.
2014-07-06 17:57:59 +00:00
Alexander Motin
6d81c129dd Pass through iSCSI session ISID from LOGIN request to the CTL frontend.
ISID is an important part of initiator transport ID for iSCSI.  It is not
used now, but should be to properly implement persistent reservation.
2014-07-05 21:18:33 +00:00
Alexander Motin
027e5269c9 Burry devid port method, which was a gross hack.
Instead make ports provide wanted port and target IDs, and LUNs provide
wanted LUN IDs.  After that core Device ID VPD code only had to link all
of them together and add relative port and port group numbers.

LUN ID for iSCSI LUNs no longer created by CTL, but by ctld, and passed
to CTL as "scsiname" LUN option.  This makes LUNs to report the same set
of IDs, independently from the port through which it is accessed, as
required by SCSI specifications.
2014-07-05 19:30:20 +00:00
Alexander Motin
917d38fb99 Create separate CTL port for every iSCSI target (and maybe portal group).
Having single port for all iSCSI connections makes problematic implementing
some more advanced SCSI functionality in CTL, that require proper ports
enumeration and identification.

This change extends CTL iSCSI API, making ctld daemon to control list of
iSCSI ports in CTL.  When new target is defined in config fine, ctld will
create respective port in CTL.  When target is removed -- port will be
also removed after all active commands through that port properly aborted.
This change require ctld to be rebuilt to match the kernel.

As a minor side effect, this allows to have iSCSI targets without LUNs.
While that may look odd and not very useful, that is not incorrect.
2014-07-05 18:15:00 +00:00
Josh Paetzel
c9593e36b4 Fix issues in config parser relating to lun serial numbers.
Without this fix some serial numbers needed to be quoted
to avoid the config parser bailing out.

Submitted by:	delphij
Sponsored by:	iXsystems
2014-06-24 19:12:55 +00:00
Baptiste Daroussin
01c2b8ac0d use .Mt to mark up email addresses consistently (part2)
PR:		191174
Submitted by:	Franco Fichtner  <franco@lastsummer.de>
2014-06-20 09:57:27 +00:00
Alexander Motin
8ea4f2ef51 serial_num and device_id fields are not necessarily null-terminated.
Before this it was impossible to use all 16 bytes of serial number, and
client always got serial number NULL-terminated, that is not required.

MFC after:	2 weeks
2014-06-19 19:28:35 +00:00
Alexander Motin
b8c1bd1300 On discovery stage add set of TargetAddress keys to reply, reporting to
the client all the portal groups addresses and ports.

Reviewed by:	trasz@
MFC after:	2 weeks
Sponsored by:	iXsystems, Inc.
2014-06-18 12:26:02 +00:00
Edward Tomasz Napierala
c63d8c3b51 Style fixes. 2014-04-24 11:28:23 +00:00
Edward Tomasz Napierala
61a2a354f8 English.
Sponsored by:	The FreeBSD Foundation
2014-04-16 11:07:29 +00:00
Edward Tomasz Napierala
d5e316e5e8 If we fail to create LUN, try again on next configuration reload.
Sponsored by:	The FreeBSD Foundation
2014-04-16 11:06:45 +00:00
Edward Tomasz Napierala
fe845cdb48 Use consistent punctuation.
Sponsored by:	The FreeBSD Foundation
2014-04-16 11:05:57 +00:00
Edward Tomasz Napierala
639466801c Use proper terminology in debug messages.
Sponsored by:	The FreeBSD Foundation
2014-04-16 11:03:21 +00:00
Edward Tomasz Napierala
d6093026ec Constify.
Sponsored by:	The FreeBSD Foundation
2014-04-16 11:01:59 +00:00
Edward Tomasz Napierala
8eab95d646 Properly pass the initiator address when running in proxy mode.
Sponsored by:	The FreeBSD Foundation
2014-04-16 11:00:10 +00:00
Edward Tomasz Napierala
9a95cfffd8 Use socket address from accept(2) instead of retrieving it via
getpeername(2).

Sponsored by:	The FreeBSD Foundation
2014-04-16 10:49:48 +00:00
Edward Tomasz Napierala
a113ac0506 Rework the way we enable CTL iSCSI port. Previously conf_apply()
needed it to be already enabled, because listening in proxy mode
requires it; however, it's conf_apply() that opens pidfiles,
so it resulted in port being enabled before pidfile was opened.
This was not so bad, but it was also disabled when pidfile couldn't
be opened due to ctld already running; this means that starting
second ctld instance screwed up the first.

Sponsored by:	The FreeBSD Foundation
2014-04-16 10:43:12 +00:00
Edward Tomasz Napierala
8cab2ed4cd Properly identify target portal when running in proxy mode. While here,
remove CTL_ISCSI_CLOSE, it wasn't used or implemented anyway.

Sponsored by:	The FreeBSD Foundation
2014-04-16 10:29:34 +00:00
Edward Tomasz Napierala
ba3a2d31c8 Make it possible for the iSCSI target side to operate in both normal
and ICL_KERNEL_PROXY mode, and fix some bit rot so the latter actually
works again.

Sponsored by:	The FreeBSD Foundation
2014-04-16 10:06:37 +00:00
Edward Tomasz Napierala
19b59f13d8 Stop treating LUN 0 as mandatory. There is no reason to do that.
Suggested by:	mav@
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2014-04-15 14:55:56 +00:00
Edward Tomasz Napierala
e6954b999d Make the error message more clear.
Sponsored by:	The FreeBSD Foundation
2014-03-19 13:00:44 +00:00
Robert Watson
b881b8be1d Update most userspace consumers of capability.h to use capsicum.h instead.
auditdistd is not updated as I will make the change upstream and then do a
vendor import sometime in the next week or two.

MFC after:	3 weeks
2014-03-16 11:04:44 +00:00
Edward Tomasz Napierala
cadf3831b3 Make the debug messages during ctld(8) shutdown less confusing.
Sponsored by:	The FreeBSD Foundation
2014-02-11 11:38:44 +00:00
Edward Tomasz Napierala
6dc3a9f496 Show proper configuration file line numbers in error messages.
Sponsored by:	The FreeBSD Foundation
2014-02-11 11:37:49 +00:00
Edward Tomasz Napierala
e0fccc9806 Make ctld error out on invalid characters in ctl.conf.
Sponsored by:	The FreeBSD Foundation
2014-02-11 11:36:15 +00:00
Edward Tomasz Napierala
b3361aabc8 Improve error reporting.
Sponsored by:	The FreeBSD Foundation
2014-02-11 11:35:26 +00:00
Edward Tomasz Napierala
70b939ecd3 So, it turns out SIGCHLD is discarded by default, so we have to set up
a dummy handler to make it interrupt an ioctl(2) or select(2).

This makes those short-lived ctld(8) zombies disappear.

Sponsored by:	The FreeBSD Foundation
2014-02-11 11:33:44 +00:00
Edward Tomasz Napierala
e76ce4484d Use new auth-type "deny" instead of using "chap" with no chap entries;
it's cleaner this way, and gives better feedback to the user.

Sponsored by:	The FreeBSD Foundation
2014-02-11 11:32:36 +00:00
Edward Tomasz Napierala
ccb1f04d95 Use "default" as default discovery-auth-group, instead of "no-access".
It doesn't change visible behaviour, as previously auth-group "default"
wasn't redefinable, so by default access was always denied.

Sponsored by:	The FreeBSD Foundation
2014-02-11 11:31:08 +00:00
Edward Tomasz Napierala
affb88f5a2 Update manual page to match recent auth-group "default" changes.
Sponsored by:	The FreeBSD Foundation
2014-02-11 11:29:58 +00:00
Edward Tomasz Napierala
e7977549f7 Add a new auth-group "default", defaulting to deny, and make it possible
to redefine it.  From now on, assigning auth-group to a target is no longer
mandatory.

Sponsored by:	The FreeBSD Foundation
2014-02-11 11:29:05 +00:00
Edward Tomasz Napierala
252d941cc3 Make it possible to redefine portal-group "default".
Sponsored by:	The FreeBSD Foundation
2014-02-11 11:27:25 +00:00
Edward Tomasz Napierala
df9900fb5b Add auth-type.
Sponsored by:	The FreeBSD Foundation
2014-02-11 11:26:05 +00:00
Edward Tomasz Napierala
f7ae5bf8de Rename a variable, no functional changes.
Sponsored by:	The FreeBSD Foundation
2014-02-11 11:14:50 +00:00
Edward Tomasz Napierala
e1c0d0d8a3 Yacc cleanup; no functional changes.
Sponsored by:	The FreeBSD Foundation
2014-02-11 11:11:37 +00:00
Edward Tomasz Napierala
1658628dc6 Make function ordering slightly more logical; no functional changes.
Sponsored by:	The FreeBSD Foundation
2014-02-11 11:10:01 +00:00
Edward Tomasz Napierala
8cb2e95863 Implement initiator-name and initiator-portal restrictions.
Sponsored by:	The FreeBSD Foundation
2014-02-11 11:08:04 +00:00
Edward Tomasz Napierala
5d5a95f138 Daemonize after applying configuration, not before, so that
any problems - including "daemon already running" - are visible
on the terminal and not just in logs.

Sponsored by:	The FreeBSD Foundation
2014-02-11 10:59:57 +00:00
Edward Tomasz Napierala
017cbe4aaa Empty data segment during Login Phase is rather unlikely, but it's
not, by itself, a protocol error.  This fixes interoperability with
OpenBSD initiator.

Sponsored by:	The FreeBSD Foundation
2014-02-11 10:58:32 +00:00
Edward Tomasz Napierala
1885dba7b1 The log_whatever() routines don't accept NULL for format strings,
so mark them as __printflike instead of__printf0like.

Sponsored by:	The FreeBSD Foundation
2014-02-11 10:56:43 +00:00
Edward Tomasz Napierala
a19eebb1b7 Improve check for duplicated paths. It shows the warning twice for
every path (once for each duplicate found), but it should do for now.

Sponsored by:	The FreeBSD Foundation
2014-02-11 10:55:32 +00:00
Edward Tomasz Napierala
2fabfaa504 Refactor.
Sponsored by:	The FreeBSD Foundation
2014-02-11 10:53:08 +00:00
Edward Tomasz Napierala
b30f0d901a Fix handling for empty auth-groups. Without it, ctld child process
would either exit on assertion, or, if assertions are not enabled,
fail to authenticate the target.

MFC after:	2 days
Sponsored by:	The FreeBSD Foundation
2013-12-10 17:27:11 +00:00
Edward Tomasz Napierala
5292c670c2 Grammar fix.
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2013-12-02 09:47:22 +00:00
Edward Tomasz Napierala
5d02cc7ff9 Fix typos.
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2013-12-02 09:23:34 +00:00
Edward Tomasz Napierala
c095756f2e Fix typo.
Submitted by:	feld@
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2013-11-10 13:16:28 +00:00
Edward Tomasz Napierala
5989c4cc16 Plug memory leaks.
Coverity CID:	1087993, 1087992
Approved by:	re (marius)
Sponsored by:	FreeBSD Foundation
2013-10-09 13:28:45 +00:00
Edward Tomasz Napierala
1af403658b Fix off-by-one.
Coverity CID:	1011375
Approved by:	re (glebius)
Sponsored by:	FreeBSD Foundation
2013-10-09 12:17:40 +00:00
Edward Tomasz Napierala
7843bd031a Fix several problems in the new iSCSI stack; this includes interoperability
fix for LIO (Linux target), removing possibility for the target to avoid mutual
CHAP by choosing to skip authentication altogether, and fixing truncated error
messages in iscsictl(8) output.  This also fixes several of the problems found
with Coverity.

Note that this change requires world rebuild.

Coverity CID:	1088038, 1087998, 1087990, 1088004, 1088044, 1088041, 1088040
Approved by:	re (blanket)
Sponsored by:	FreeBSD Foundation
2013-09-18 21:15:21 +00:00
Edward Tomasz Napierala
c76e8a9aa0 Make iscsictl(8) automatically try to load the iscsi module. While here,
improve module loading in iscsid(8) and ctld(8).

Approved by:	re (delphij)
2013-09-18 08:37:14 +00:00
Joel Dahl
33e1779ab8 Minor mdoc fixes.
Approved by:	re (blanket)
2013-09-14 21:43:18 +00:00
Edward Tomasz Napierala
009ea47eb2 Bring in the new iSCSI target and initiator.
Reviewed by:	ken (parts)
Approved by:	re (delphij)
Sponsored by:	FreeBSD Foundation
2013-09-14 15:29:06 +00:00