1009ea47eSEdward Tomasz Napierala /*-
2*4d846d26SWarner Losh * SPDX-License-Identifier: BSD-2-Clause
31de7b4b8SPedro F. Giffuni *
4009ea47eSEdward Tomasz Napierala * Copyright (c) 2012 The FreeBSD Foundation
5009ea47eSEdward Tomasz Napierala *
6009ea47eSEdward Tomasz Napierala * This software was developed by Edward Tomasz Napierala under sponsorship
7009ea47eSEdward Tomasz Napierala * from the FreeBSD Foundation.
8009ea47eSEdward Tomasz Napierala *
9009ea47eSEdward Tomasz Napierala * Redistribution and use in source and binary forms, with or without
10009ea47eSEdward Tomasz Napierala * modification, are permitted provided that the following conditions
11009ea47eSEdward Tomasz Napierala * are met:
12009ea47eSEdward Tomasz Napierala * 1. Redistributions of source code must retain the above copyright
13009ea47eSEdward Tomasz Napierala * notice, this list of conditions and the following disclaimer.
14009ea47eSEdward Tomasz Napierala * 2. Redistributions in binary form must reproduce the above copyright
15009ea47eSEdward Tomasz Napierala * notice, this list of conditions and the following disclaimer in the
16009ea47eSEdward Tomasz Napierala * documentation and/or other materials provided with the distribution.
17009ea47eSEdward Tomasz Napierala *
18009ea47eSEdward Tomasz Napierala * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19009ea47eSEdward Tomasz Napierala * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20009ea47eSEdward Tomasz Napierala * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21009ea47eSEdward Tomasz Napierala * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22009ea47eSEdward Tomasz Napierala * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23009ea47eSEdward Tomasz Napierala * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24009ea47eSEdward Tomasz Napierala * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25009ea47eSEdward Tomasz Napierala * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26009ea47eSEdward Tomasz Napierala * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27009ea47eSEdward Tomasz Napierala * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28009ea47eSEdward Tomasz Napierala * SUCH DAMAGE.
29009ea47eSEdward Tomasz Napierala *
30009ea47eSEdward Tomasz Napierala */
31009ea47eSEdward Tomasz Napierala
32009ea47eSEdward Tomasz Napierala #include <sys/types.h>
3351be90b5SEdward Tomasz Napierala #include <sys/ioctl.h>
34009ea47eSEdward Tomasz Napierala #include <assert.h>
35009ea47eSEdward Tomasz Napierala #include <stdbool.h>
36009ea47eSEdward Tomasz Napierala #include <stdio.h>
37009ea47eSEdward Tomasz Napierala #include <stdlib.h>
38009ea47eSEdward Tomasz Napierala #include <string.h>
39009ea47eSEdward Tomasz Napierala #include <netinet/in.h>
40009ea47eSEdward Tomasz Napierala
41009ea47eSEdward Tomasz Napierala #include "iscsid.h"
42009ea47eSEdward Tomasz Napierala #include "iscsi_proto.h"
43009ea47eSEdward Tomasz Napierala
44009ea47eSEdward Tomasz Napierala static int
login_nsg(const struct pdu * response)45009ea47eSEdward Tomasz Napierala login_nsg(const struct pdu *response)
46009ea47eSEdward Tomasz Napierala {
47009ea47eSEdward Tomasz Napierala struct iscsi_bhs_login_response *bhslr;
48009ea47eSEdward Tomasz Napierala
49009ea47eSEdward Tomasz Napierala bhslr = (struct iscsi_bhs_login_response *)response->pdu_bhs;
50009ea47eSEdward Tomasz Napierala
51009ea47eSEdward Tomasz Napierala return (bhslr->bhslr_flags & 0x03);
52009ea47eSEdward Tomasz Napierala }
53009ea47eSEdward Tomasz Napierala
54009ea47eSEdward Tomasz Napierala static void
login_set_nsg(struct pdu * request,int nsg)55009ea47eSEdward Tomasz Napierala login_set_nsg(struct pdu *request, int nsg)
56009ea47eSEdward Tomasz Napierala {
57009ea47eSEdward Tomasz Napierala struct iscsi_bhs_login_request *bhslr;
58009ea47eSEdward Tomasz Napierala
59009ea47eSEdward Tomasz Napierala assert(nsg == BHSLR_STAGE_SECURITY_NEGOTIATION ||
60009ea47eSEdward Tomasz Napierala nsg == BHSLR_STAGE_OPERATIONAL_NEGOTIATION ||
61009ea47eSEdward Tomasz Napierala nsg == BHSLR_STAGE_FULL_FEATURE_PHASE);
62009ea47eSEdward Tomasz Napierala
63009ea47eSEdward Tomasz Napierala bhslr = (struct iscsi_bhs_login_request *)request->pdu_bhs;
64009ea47eSEdward Tomasz Napierala
65009ea47eSEdward Tomasz Napierala bhslr->bhslr_flags &= 0xFC;
66009ea47eSEdward Tomasz Napierala bhslr->bhslr_flags |= nsg;
67009ea47eSEdward Tomasz Napierala }
68009ea47eSEdward Tomasz Napierala
69009ea47eSEdward Tomasz Napierala static void
login_set_csg(struct pdu * request,int csg)70009ea47eSEdward Tomasz Napierala login_set_csg(struct pdu *request, int csg)
71009ea47eSEdward Tomasz Napierala {
72009ea47eSEdward Tomasz Napierala struct iscsi_bhs_login_request *bhslr;
73009ea47eSEdward Tomasz Napierala
74009ea47eSEdward Tomasz Napierala assert(csg == BHSLR_STAGE_SECURITY_NEGOTIATION ||
75009ea47eSEdward Tomasz Napierala csg == BHSLR_STAGE_OPERATIONAL_NEGOTIATION ||
76009ea47eSEdward Tomasz Napierala csg == BHSLR_STAGE_FULL_FEATURE_PHASE);
77009ea47eSEdward Tomasz Napierala
78009ea47eSEdward Tomasz Napierala bhslr = (struct iscsi_bhs_login_request *)request->pdu_bhs;
79009ea47eSEdward Tomasz Napierala
80009ea47eSEdward Tomasz Napierala bhslr->bhslr_flags &= 0xF3;
81009ea47eSEdward Tomasz Napierala bhslr->bhslr_flags |= csg << 2;
82009ea47eSEdward Tomasz Napierala }
83009ea47eSEdward Tomasz Napierala
84009ea47eSEdward Tomasz Napierala static const char *
login_target_error_str(int class,int detail)85009ea47eSEdward Tomasz Napierala login_target_error_str(int class, int detail)
86009ea47eSEdward Tomasz Napierala {
87009ea47eSEdward Tomasz Napierala static char msg[128];
88009ea47eSEdward Tomasz Napierala
89009ea47eSEdward Tomasz Napierala /*
90009ea47eSEdward Tomasz Napierala * RFC 3270, 10.13.5. Status-Class and Status-Detail
91009ea47eSEdward Tomasz Napierala */
92009ea47eSEdward Tomasz Napierala switch (class) {
93009ea47eSEdward Tomasz Napierala case 0x01:
94009ea47eSEdward Tomasz Napierala switch (detail) {
95009ea47eSEdward Tomasz Napierala case 0x01:
96009ea47eSEdward Tomasz Napierala return ("Target moved temporarily");
97009ea47eSEdward Tomasz Napierala case 0x02:
98009ea47eSEdward Tomasz Napierala return ("Target moved permanently");
99009ea47eSEdward Tomasz Napierala default:
100009ea47eSEdward Tomasz Napierala snprintf(msg, sizeof(msg), "unknown redirection; "
101009ea47eSEdward Tomasz Napierala "Status-Class 0x%x, Status-Detail 0x%x",
102009ea47eSEdward Tomasz Napierala class, detail);
103009ea47eSEdward Tomasz Napierala return (msg);
104009ea47eSEdward Tomasz Napierala }
105009ea47eSEdward Tomasz Napierala case 0x02:
106009ea47eSEdward Tomasz Napierala switch (detail) {
107009ea47eSEdward Tomasz Napierala case 0x00:
108009ea47eSEdward Tomasz Napierala return ("Initiator error");
109009ea47eSEdward Tomasz Napierala case 0x01:
110009ea47eSEdward Tomasz Napierala return ("Authentication failure");
111009ea47eSEdward Tomasz Napierala case 0x02:
112009ea47eSEdward Tomasz Napierala return ("Authorization failure");
113009ea47eSEdward Tomasz Napierala case 0x03:
114009ea47eSEdward Tomasz Napierala return ("Not found");
115009ea47eSEdward Tomasz Napierala case 0x04:
116009ea47eSEdward Tomasz Napierala return ("Target removed");
117009ea47eSEdward Tomasz Napierala case 0x05:
118009ea47eSEdward Tomasz Napierala return ("Unsupported version");
119009ea47eSEdward Tomasz Napierala case 0x06:
120009ea47eSEdward Tomasz Napierala return ("Too many connections");
121009ea47eSEdward Tomasz Napierala case 0x07:
122009ea47eSEdward Tomasz Napierala return ("Missing parameter");
123009ea47eSEdward Tomasz Napierala case 0x08:
124009ea47eSEdward Tomasz Napierala return ("Can't include in session");
125009ea47eSEdward Tomasz Napierala case 0x09:
126009ea47eSEdward Tomasz Napierala return ("Session type not supported");
127009ea47eSEdward Tomasz Napierala case 0x0a:
128009ea47eSEdward Tomasz Napierala return ("Session does not exist");
129009ea47eSEdward Tomasz Napierala case 0x0b:
130009ea47eSEdward Tomasz Napierala return ("Invalid during login");
131009ea47eSEdward Tomasz Napierala default:
132009ea47eSEdward Tomasz Napierala snprintf(msg, sizeof(msg), "unknown initiator error; "
133009ea47eSEdward Tomasz Napierala "Status-Class 0x%x, Status-Detail 0x%x",
134009ea47eSEdward Tomasz Napierala class, detail);
135009ea47eSEdward Tomasz Napierala return (msg);
136009ea47eSEdward Tomasz Napierala }
137009ea47eSEdward Tomasz Napierala case 0x03:
138009ea47eSEdward Tomasz Napierala switch (detail) {
139009ea47eSEdward Tomasz Napierala case 0x00:
140009ea47eSEdward Tomasz Napierala return ("Target error");
141009ea47eSEdward Tomasz Napierala case 0x01:
142009ea47eSEdward Tomasz Napierala return ("Service unavailable");
143009ea47eSEdward Tomasz Napierala case 0x02:
144009ea47eSEdward Tomasz Napierala return ("Out of resources");
145009ea47eSEdward Tomasz Napierala default:
146009ea47eSEdward Tomasz Napierala snprintf(msg, sizeof(msg), "unknown target error; "
147009ea47eSEdward Tomasz Napierala "Status-Class 0x%x, Status-Detail 0x%x",
148009ea47eSEdward Tomasz Napierala class, detail);
149009ea47eSEdward Tomasz Napierala return (msg);
150009ea47eSEdward Tomasz Napierala }
151009ea47eSEdward Tomasz Napierala default:
152009ea47eSEdward Tomasz Napierala snprintf(msg, sizeof(msg), "unknown error; "
153009ea47eSEdward Tomasz Napierala "Status-Class 0x%x, Status-Detail 0x%x",
154009ea47eSEdward Tomasz Napierala class, detail);
155009ea47eSEdward Tomasz Napierala return (msg);
156009ea47eSEdward Tomasz Napierala }
157009ea47eSEdward Tomasz Napierala }
158009ea47eSEdward Tomasz Napierala
15951be90b5SEdward Tomasz Napierala static void
kernel_modify(const struct iscsid_connection * conn,const char * target_address)16063783933SJohn Baldwin kernel_modify(const struct iscsid_connection *conn, const char *target_address)
16151be90b5SEdward Tomasz Napierala {
16251be90b5SEdward Tomasz Napierala struct iscsi_session_modify ism;
16351be90b5SEdward Tomasz Napierala int error;
16451be90b5SEdward Tomasz Napierala
16551be90b5SEdward Tomasz Napierala memset(&ism, 0, sizeof(ism));
16651be90b5SEdward Tomasz Napierala ism.ism_session_id = conn->conn_session_id;
16751be90b5SEdward Tomasz Napierala memcpy(&ism.ism_conf, &conn->conn_conf, sizeof(ism.ism_conf));
16851be90b5SEdward Tomasz Napierala strlcpy(ism.ism_conf.isc_target_addr, target_address,
1695d9b05acSEdward Tomasz Napierala sizeof(ism.ism_conf.isc_target_addr));
17051be90b5SEdward Tomasz Napierala error = ioctl(conn->conn_iscsi_fd, ISCSISMODIFY, &ism);
17151be90b5SEdward Tomasz Napierala if (error != 0) {
17251be90b5SEdward Tomasz Napierala log_err(1, "failed to redirect to %s: ISCSISMODIFY",
17351be90b5SEdward Tomasz Napierala target_address);
17451be90b5SEdward Tomasz Napierala }
17551be90b5SEdward Tomasz Napierala }
17651be90b5SEdward Tomasz Napierala
17751be90b5SEdward Tomasz Napierala /*
17851be90b5SEdward Tomasz Napierala * XXX: The way it works is suboptimal; what should happen is described
17951be90b5SEdward Tomasz Napierala * in draft-gilligan-iscsi-fault-tolerance-00. That, however, would
18051be90b5SEdward Tomasz Napierala * be much more complicated: we would need to keep "dependencies"
18151be90b5SEdward Tomasz Napierala * for sessions, so that, in case described in draft and using draft
18251be90b5SEdward Tomasz Napierala * terminology, we would have three sessions: one for discovery,
18351be90b5SEdward Tomasz Napierala * one for initial target portal, and one for redirect portal.
18451be90b5SEdward Tomasz Napierala * This would allow us to "backtrack" on connection failure,
18551be90b5SEdward Tomasz Napierala * as described in draft.
18651be90b5SEdward Tomasz Napierala */
18751be90b5SEdward Tomasz Napierala static void
login_handle_redirection(struct iscsid_connection * conn,struct pdu * response)18863783933SJohn Baldwin login_handle_redirection(struct iscsid_connection *conn, struct pdu *response)
18951be90b5SEdward Tomasz Napierala {
19051be90b5SEdward Tomasz Napierala struct iscsi_bhs_login_response *bhslr;
19151be90b5SEdward Tomasz Napierala struct keys *response_keys;
19251be90b5SEdward Tomasz Napierala const char *target_address;
19351be90b5SEdward Tomasz Napierala
19451be90b5SEdward Tomasz Napierala bhslr = (struct iscsi_bhs_login_response *)response->pdu_bhs;
19551be90b5SEdward Tomasz Napierala assert (bhslr->bhslr_status_class == 1);
19651be90b5SEdward Tomasz Napierala
19751be90b5SEdward Tomasz Napierala response_keys = keys_new();
19825700db3SJohn Baldwin keys_load_pdu(response_keys, response);
19951be90b5SEdward Tomasz Napierala
20051be90b5SEdward Tomasz Napierala target_address = keys_find(response_keys, "TargetAddress");
20151be90b5SEdward Tomasz Napierala if (target_address == NULL)
20251be90b5SEdward Tomasz Napierala log_errx(1, "received redirection without TargetAddress");
20351be90b5SEdward Tomasz Napierala if (target_address[0] == '\0')
20451be90b5SEdward Tomasz Napierala log_errx(1, "received redirection with empty TargetAddress");
20551be90b5SEdward Tomasz Napierala if (strlen(target_address) >=
20651be90b5SEdward Tomasz Napierala sizeof(conn->conn_conf.isc_target_addr) - 1)
20751be90b5SEdward Tomasz Napierala log_errx(1, "received TargetAddress is too long");
20851be90b5SEdward Tomasz Napierala
20951be90b5SEdward Tomasz Napierala log_debugx("received redirection to \"%s\"", target_address);
21051be90b5SEdward Tomasz Napierala kernel_modify(conn, target_address);
211eb4e5b0aSAlexander Motin keys_delete(response_keys);
21251be90b5SEdward Tomasz Napierala }
21351be90b5SEdward Tomasz Napierala
214009ea47eSEdward Tomasz Napierala static struct pdu *
login_receive(struct connection * conn)21509bf9ac9SEdward Tomasz Napierala login_receive(struct connection *conn)
216009ea47eSEdward Tomasz Napierala {
217009ea47eSEdward Tomasz Napierala struct pdu *response;
218009ea47eSEdward Tomasz Napierala struct iscsi_bhs_login_response *bhslr;
219009ea47eSEdward Tomasz Napierala const char *errorstr;
22009bf9ac9SEdward Tomasz Napierala static bool initial = true;
221009ea47eSEdward Tomasz Napierala
222009ea47eSEdward Tomasz Napierala response = pdu_new(conn);
223009ea47eSEdward Tomasz Napierala pdu_receive(response);
224009ea47eSEdward Tomasz Napierala if (response->pdu_bhs->bhs_opcode != ISCSI_BHS_OPCODE_LOGIN_RESPONSE) {
225009ea47eSEdward Tomasz Napierala log_errx(1, "protocol error: received invalid opcode 0x%x",
226009ea47eSEdward Tomasz Napierala response->pdu_bhs->bhs_opcode);
227009ea47eSEdward Tomasz Napierala }
228009ea47eSEdward Tomasz Napierala bhslr = (struct iscsi_bhs_login_response *)response->pdu_bhs;
229009ea47eSEdward Tomasz Napierala /*
230009ea47eSEdward Tomasz Napierala * XXX: Implement the C flag some day.
231009ea47eSEdward Tomasz Napierala */
232009ea47eSEdward Tomasz Napierala if ((bhslr->bhslr_flags & BHSLR_FLAGS_CONTINUE) != 0)
233009ea47eSEdward Tomasz Napierala log_errx(1, "received Login PDU with unsupported \"C\" flag");
234009ea47eSEdward Tomasz Napierala if (bhslr->bhslr_version_max != 0x00)
235009ea47eSEdward Tomasz Napierala log_errx(1, "received Login PDU with unsupported "
236009ea47eSEdward Tomasz Napierala "Version-max 0x%x", bhslr->bhslr_version_max);
237009ea47eSEdward Tomasz Napierala if (bhslr->bhslr_version_active != 0x00)
238009ea47eSEdward Tomasz Napierala log_errx(1, "received Login PDU with unsupported "
239009ea47eSEdward Tomasz Napierala "Version-active 0x%x", bhslr->bhslr_version_active);
24051be90b5SEdward Tomasz Napierala if (bhslr->bhslr_status_class == 1) {
24163783933SJohn Baldwin login_handle_redirection((struct iscsid_connection *)conn,
24263783933SJohn Baldwin response);
24351be90b5SEdward Tomasz Napierala log_debugx("redirection handled; exiting");
24451be90b5SEdward Tomasz Napierala exit(0);
24551be90b5SEdward Tomasz Napierala }
246009ea47eSEdward Tomasz Napierala if (bhslr->bhslr_status_class != 0) {
247009ea47eSEdward Tomasz Napierala errorstr = login_target_error_str(bhslr->bhslr_status_class,
248009ea47eSEdward Tomasz Napierala bhslr->bhslr_status_detail);
249009ea47eSEdward Tomasz Napierala fail(conn, errorstr);
250009ea47eSEdward Tomasz Napierala log_errx(1, "target returned error: %s", errorstr);
251009ea47eSEdward Tomasz Napierala }
252009ea47eSEdward Tomasz Napierala if (initial == false &&
253009ea47eSEdward Tomasz Napierala ntohl(bhslr->bhslr_statsn) != conn->conn_statsn + 1) {
254009ea47eSEdward Tomasz Napierala /*
255009ea47eSEdward Tomasz Napierala * It's a warning, not an error, to work around what seems
256009ea47eSEdward Tomasz Napierala * to be bug in NetBSD iSCSI target.
257009ea47eSEdward Tomasz Napierala */
258009ea47eSEdward Tomasz Napierala log_warnx("received Login PDU with wrong StatSN: "
2592124e3b0SAlexander Motin "is %u, should be %u", ntohl(bhslr->bhslr_statsn),
260009ea47eSEdward Tomasz Napierala conn->conn_statsn + 1);
261009ea47eSEdward Tomasz Napierala }
262ffe82e05SAlexander Motin conn->conn_tsih = ntohs(bhslr->bhslr_tsih);
263009ea47eSEdward Tomasz Napierala conn->conn_statsn = ntohl(bhslr->bhslr_statsn);
264009ea47eSEdward Tomasz Napierala
26509bf9ac9SEdward Tomasz Napierala initial = false;
26609bf9ac9SEdward Tomasz Napierala
267009ea47eSEdward Tomasz Napierala return (response);
268009ea47eSEdward Tomasz Napierala }
269009ea47eSEdward Tomasz Napierala
270009ea47eSEdward Tomasz Napierala static struct pdu *
login_new_request(struct connection * conn,int csg)271f7048059SEdward Tomasz Napierala login_new_request(struct connection *conn, int csg)
272009ea47eSEdward Tomasz Napierala {
273009ea47eSEdward Tomasz Napierala struct pdu *request;
274009ea47eSEdward Tomasz Napierala struct iscsi_bhs_login_request *bhslr;
275f7048059SEdward Tomasz Napierala int nsg;
276009ea47eSEdward Tomasz Napierala
277009ea47eSEdward Tomasz Napierala request = pdu_new(conn);
278009ea47eSEdward Tomasz Napierala bhslr = (struct iscsi_bhs_login_request *)request->pdu_bhs;
279009ea47eSEdward Tomasz Napierala bhslr->bhslr_opcode = ISCSI_BHS_OPCODE_LOGIN_REQUEST |
280009ea47eSEdward Tomasz Napierala ISCSI_BHS_OPCODE_IMMEDIATE;
281f7048059SEdward Tomasz Napierala
282009ea47eSEdward Tomasz Napierala bhslr->bhslr_flags = BHSLR_FLAGS_TRANSIT;
283f7048059SEdward Tomasz Napierala switch (csg) {
284f7048059SEdward Tomasz Napierala case BHSLR_STAGE_SECURITY_NEGOTIATION:
285f7048059SEdward Tomasz Napierala nsg = BHSLR_STAGE_OPERATIONAL_NEGOTIATION;
286f7048059SEdward Tomasz Napierala break;
287f7048059SEdward Tomasz Napierala case BHSLR_STAGE_OPERATIONAL_NEGOTIATION:
288f7048059SEdward Tomasz Napierala nsg = BHSLR_STAGE_FULL_FEATURE_PHASE;
289f7048059SEdward Tomasz Napierala break;
290f7048059SEdward Tomasz Napierala default:
291f7048059SEdward Tomasz Napierala assert(!"invalid csg");
292f7048059SEdward Tomasz Napierala log_errx(1, "invalid csg %d", csg);
293f7048059SEdward Tomasz Napierala }
294f7048059SEdward Tomasz Napierala login_set_csg(request, csg);
295f7048059SEdward Tomasz Napierala login_set_nsg(request, nsg);
296f7048059SEdward Tomasz Napierala
297009ea47eSEdward Tomasz Napierala memcpy(bhslr->bhslr_isid, &conn->conn_isid, sizeof(bhslr->bhslr_isid));
298ffe82e05SAlexander Motin bhslr->bhslr_tsih = htons(conn->conn_tsih);
299009ea47eSEdward Tomasz Napierala bhslr->bhslr_initiator_task_tag = 0;
300009ea47eSEdward Tomasz Napierala bhslr->bhslr_cmdsn = 0;
301009ea47eSEdward Tomasz Napierala bhslr->bhslr_expstatsn = htonl(conn->conn_statsn + 1);
302009ea47eSEdward Tomasz Napierala
303009ea47eSEdward Tomasz Napierala return (request);
304009ea47eSEdward Tomasz Napierala }
305009ea47eSEdward Tomasz Napierala
306009ea47eSEdward Tomasz Napierala static int
login_list_prefers(const char * list,const char * choice1,const char * choice2)307009ea47eSEdward Tomasz Napierala login_list_prefers(const char *list,
308009ea47eSEdward Tomasz Napierala const char *choice1, const char *choice2)
309009ea47eSEdward Tomasz Napierala {
310009ea47eSEdward Tomasz Napierala char *tofree, *str, *token;
311009ea47eSEdward Tomasz Napierala
312009ea47eSEdward Tomasz Napierala tofree = str = checked_strdup(list);
313009ea47eSEdward Tomasz Napierala
314009ea47eSEdward Tomasz Napierala while ((token = strsep(&str, ",")) != NULL) {
315009ea47eSEdward Tomasz Napierala if (strcmp(token, choice1) == 0) {
316009ea47eSEdward Tomasz Napierala free(tofree);
317009ea47eSEdward Tomasz Napierala return (1);
318009ea47eSEdward Tomasz Napierala }
319009ea47eSEdward Tomasz Napierala if (strcmp(token, choice2) == 0) {
320009ea47eSEdward Tomasz Napierala free(tofree);
321009ea47eSEdward Tomasz Napierala return (2);
322009ea47eSEdward Tomasz Napierala }
323009ea47eSEdward Tomasz Napierala }
324009ea47eSEdward Tomasz Napierala free(tofree);
325009ea47eSEdward Tomasz Napierala return (-1);
326009ea47eSEdward Tomasz Napierala }
327009ea47eSEdward Tomasz Napierala
328009ea47eSEdward Tomasz Napierala static void
login_negotiate_key(struct iscsid_connection * conn,const char * name,const char * value)32963783933SJohn Baldwin login_negotiate_key(struct iscsid_connection *conn, const char *name,
330009ea47eSEdward Tomasz Napierala const char *value)
331009ea47eSEdward Tomasz Napierala {
33297b84d34SNavdeep Parhar struct iscsi_session_limits *isl;
333009ea47eSEdward Tomasz Napierala int which, tmp;
334009ea47eSEdward Tomasz Napierala
33597b84d34SNavdeep Parhar isl = &conn->conn_limits;
336009ea47eSEdward Tomasz Napierala if (strcmp(name, "TargetAlias") == 0) {
337009ea47eSEdward Tomasz Napierala strlcpy(conn->conn_target_alias, value,
338009ea47eSEdward Tomasz Napierala sizeof(conn->conn_target_alias));
339009ea47eSEdward Tomasz Napierala } else if (strcmp(value, "Irrelevant") == 0) {
340009ea47eSEdward Tomasz Napierala /* Ignore. */
3417dbbd1aeSAlexander Motin } else if (strcmp(name, "iSCSIProtocolLevel") == 0) {
3427dbbd1aeSAlexander Motin tmp = strtoul(value, NULL, 10);
3437dbbd1aeSAlexander Motin if (tmp < 0 || tmp > 31)
3447dbbd1aeSAlexander Motin log_errx(1, "received invalid iSCSIProtocolLevel");
3457dbbd1aeSAlexander Motin conn->conn_protocol_level = tmp;
346009ea47eSEdward Tomasz Napierala } else if (strcmp(name, "HeaderDigest") == 0) {
347009ea47eSEdward Tomasz Napierala which = login_list_prefers(value, "CRC32C", "None");
348009ea47eSEdward Tomasz Napierala switch (which) {
349009ea47eSEdward Tomasz Napierala case 1:
350009ea47eSEdward Tomasz Napierala log_debugx("target prefers CRC32C "
351009ea47eSEdward Tomasz Napierala "for header digest; we'll use it");
35263783933SJohn Baldwin conn->conn.conn_header_digest = CONN_DIGEST_CRC32C;
353009ea47eSEdward Tomasz Napierala break;
354009ea47eSEdward Tomasz Napierala case 2:
355009ea47eSEdward Tomasz Napierala log_debugx("target prefers not to do "
356009ea47eSEdward Tomasz Napierala "header digest; we'll comply");
357009ea47eSEdward Tomasz Napierala break;
358009ea47eSEdward Tomasz Napierala default:
359009ea47eSEdward Tomasz Napierala log_warnx("target sent unrecognized "
360009ea47eSEdward Tomasz Napierala "HeaderDigest value \"%s\"; will use None", value);
361009ea47eSEdward Tomasz Napierala break;
362009ea47eSEdward Tomasz Napierala }
363009ea47eSEdward Tomasz Napierala } else if (strcmp(name, "DataDigest") == 0) {
364009ea47eSEdward Tomasz Napierala which = login_list_prefers(value, "CRC32C", "None");
365009ea47eSEdward Tomasz Napierala switch (which) {
366009ea47eSEdward Tomasz Napierala case 1:
367009ea47eSEdward Tomasz Napierala log_debugx("target prefers CRC32C "
368009ea47eSEdward Tomasz Napierala "for data digest; we'll use it");
36963783933SJohn Baldwin conn->conn.conn_data_digest = CONN_DIGEST_CRC32C;
370009ea47eSEdward Tomasz Napierala break;
371009ea47eSEdward Tomasz Napierala case 2:
372009ea47eSEdward Tomasz Napierala log_debugx("target prefers not to do "
373009ea47eSEdward Tomasz Napierala "data digest; we'll comply");
374009ea47eSEdward Tomasz Napierala break;
375009ea47eSEdward Tomasz Napierala default:
376009ea47eSEdward Tomasz Napierala log_warnx("target sent unrecognized "
377009ea47eSEdward Tomasz Napierala "DataDigest value \"%s\"; will use None", value);
378009ea47eSEdward Tomasz Napierala break;
379009ea47eSEdward Tomasz Napierala }
380009ea47eSEdward Tomasz Napierala } else if (strcmp(name, "MaxConnections") == 0) {
381009ea47eSEdward Tomasz Napierala /* Ignore. */
382009ea47eSEdward Tomasz Napierala } else if (strcmp(name, "InitialR2T") == 0) {
383009ea47eSEdward Tomasz Napierala if (strcmp(value, "Yes") == 0)
384009ea47eSEdward Tomasz Napierala conn->conn_initial_r2t = true;
385009ea47eSEdward Tomasz Napierala else
386009ea47eSEdward Tomasz Napierala conn->conn_initial_r2t = false;
387009ea47eSEdward Tomasz Napierala } else if (strcmp(name, "ImmediateData") == 0) {
388009ea47eSEdward Tomasz Napierala if (strcmp(value, "Yes") == 0)
38963783933SJohn Baldwin conn->conn.conn_immediate_data = true;
390009ea47eSEdward Tomasz Napierala else
39163783933SJohn Baldwin conn->conn.conn_immediate_data = false;
392009ea47eSEdward Tomasz Napierala } else if (strcmp(name, "MaxRecvDataSegmentLength") == 0) {
393009ea47eSEdward Tomasz Napierala tmp = strtoul(value, NULL, 10);
394009ea47eSEdward Tomasz Napierala if (tmp <= 0)
395009ea47eSEdward Tomasz Napierala log_errx(1, "received invalid "
396009ea47eSEdward Tomasz Napierala "MaxRecvDataSegmentLength");
39797b84d34SNavdeep Parhar if (tmp > isl->isl_max_send_data_segment_length) {
39897b84d34SNavdeep Parhar log_debugx("capping max_send_data_segment_length "
39997b84d34SNavdeep Parhar "from %d to %d", tmp,
40097b84d34SNavdeep Parhar isl->isl_max_send_data_segment_length);
40197b84d34SNavdeep Parhar tmp = isl->isl_max_send_data_segment_length;
4023f9e1172SAlexander Motin }
40363783933SJohn Baldwin conn->conn.conn_max_send_data_segment_length = tmp;
404009ea47eSEdward Tomasz Napierala } else if (strcmp(name, "MaxBurstLength") == 0) {
405009ea47eSEdward Tomasz Napierala tmp = strtoul(value, NULL, 10);
406009ea47eSEdward Tomasz Napierala if (tmp <= 0)
407009ea47eSEdward Tomasz Napierala log_errx(1, "received invalid MaxBurstLength");
40897b84d34SNavdeep Parhar if (tmp > isl->isl_max_burst_length) {
40903b521d4SEdward Tomasz Napierala log_debugx("capping MaxBurstLength "
41097b84d34SNavdeep Parhar "from %d to %d", tmp, isl->isl_max_burst_length);
41197b84d34SNavdeep Parhar tmp = isl->isl_max_burst_length;
412009ea47eSEdward Tomasz Napierala }
41363783933SJohn Baldwin conn->conn.conn_max_burst_length = tmp;
414009ea47eSEdward Tomasz Napierala } else if (strcmp(name, "FirstBurstLength") == 0) {
415009ea47eSEdward Tomasz Napierala tmp = strtoul(value, NULL, 10);
416009ea47eSEdward Tomasz Napierala if (tmp <= 0)
417009ea47eSEdward Tomasz Napierala log_errx(1, "received invalid FirstBurstLength");
41897b84d34SNavdeep Parhar if (tmp > isl->isl_first_burst_length) {
41903b521d4SEdward Tomasz Napierala log_debugx("capping FirstBurstLength "
42097b84d34SNavdeep Parhar "from %d to %d", tmp, isl->isl_first_burst_length);
42197b84d34SNavdeep Parhar tmp = isl->isl_first_burst_length;
42203b521d4SEdward Tomasz Napierala }
42363783933SJohn Baldwin conn->conn.conn_first_burst_length = tmp;
424009ea47eSEdward Tomasz Napierala } else if (strcmp(name, "DefaultTime2Wait") == 0) {
425009ea47eSEdward Tomasz Napierala /* Ignore */
426009ea47eSEdward Tomasz Napierala } else if (strcmp(name, "DefaultTime2Retain") == 0) {
427009ea47eSEdward Tomasz Napierala /* Ignore */
428009ea47eSEdward Tomasz Napierala } else if (strcmp(name, "MaxOutstandingR2T") == 0) {
429009ea47eSEdward Tomasz Napierala /* Ignore */
430009ea47eSEdward Tomasz Napierala } else if (strcmp(name, "DataPDUInOrder") == 0) {
431009ea47eSEdward Tomasz Napierala /* Ignore */
432009ea47eSEdward Tomasz Napierala } else if (strcmp(name, "DataSequenceInOrder") == 0) {
433009ea47eSEdward Tomasz Napierala /* Ignore */
434009ea47eSEdward Tomasz Napierala } else if (strcmp(name, "ErrorRecoveryLevel") == 0) {
435009ea47eSEdward Tomasz Napierala /* Ignore */
436009ea47eSEdward Tomasz Napierala } else if (strcmp(name, "OFMarker") == 0) {
437009ea47eSEdward Tomasz Napierala /* Ignore */
438009ea47eSEdward Tomasz Napierala } else if (strcmp(name, "IFMarker") == 0) {
439009ea47eSEdward Tomasz Napierala /* Ignore */
4405abae79aSEdward Tomasz Napierala } else if (strcmp(name, "RDMAExtensions") == 0) {
4415abae79aSEdward Tomasz Napierala if (conn->conn_conf.isc_iser == 1 &&
4425abae79aSEdward Tomasz Napierala strcmp(value, "Yes") != 0) {
4435abae79aSEdward Tomasz Napierala log_errx(1, "received unsupported RDMAExtensions");
4445abae79aSEdward Tomasz Napierala }
4455abae79aSEdward Tomasz Napierala } else if (strcmp(name, "InitiatorRecvDataSegmentLength") == 0) {
4465abae79aSEdward Tomasz Napierala tmp = strtoul(value, NULL, 10);
4475abae79aSEdward Tomasz Napierala if (tmp <= 0)
4485abae79aSEdward Tomasz Napierala log_errx(1, "received invalid "
4495abae79aSEdward Tomasz Napierala "InitiatorRecvDataSegmentLength");
45097b84d34SNavdeep Parhar if ((int)tmp > isl->isl_max_recv_data_segment_length) {
4515abae79aSEdward Tomasz Napierala log_debugx("capping InitiatorRecvDataSegmentLength "
45297b84d34SNavdeep Parhar "from %d to %d", tmp,
45397b84d34SNavdeep Parhar isl->isl_max_recv_data_segment_length);
45497b84d34SNavdeep Parhar tmp = isl->isl_max_recv_data_segment_length;
4555abae79aSEdward Tomasz Napierala }
45663783933SJohn Baldwin conn->conn.conn_max_recv_data_segment_length = tmp;
457009ea47eSEdward Tomasz Napierala } else if (strcmp(name, "TargetPortalGroupTag") == 0) {
458009ea47eSEdward Tomasz Napierala /* Ignore */
4595abae79aSEdward Tomasz Napierala } else if (strcmp(name, "TargetRecvDataSegmentLength") == 0) {
4605abae79aSEdward Tomasz Napierala tmp = strtoul(value, NULL, 10);
4615abae79aSEdward Tomasz Napierala if (tmp <= 0) {
4625abae79aSEdward Tomasz Napierala log_errx(1,
4635abae79aSEdward Tomasz Napierala "received invalid TargetRecvDataSegmentLength");
4645abae79aSEdward Tomasz Napierala }
46597b84d34SNavdeep Parhar if (tmp > isl->isl_max_send_data_segment_length) {
4665abae79aSEdward Tomasz Napierala log_debugx("capping TargetRecvDataSegmentLength "
46797b84d34SNavdeep Parhar "from %d to %d", tmp,
46897b84d34SNavdeep Parhar isl->isl_max_send_data_segment_length);
46997b84d34SNavdeep Parhar tmp = isl->isl_max_send_data_segment_length;
4705abae79aSEdward Tomasz Napierala }
47163783933SJohn Baldwin conn->conn.conn_max_send_data_segment_length = tmp;
472009ea47eSEdward Tomasz Napierala } else {
473009ea47eSEdward Tomasz Napierala log_debugx("unknown key \"%s\"; ignoring", name);
474009ea47eSEdward Tomasz Napierala }
475009ea47eSEdward Tomasz Napierala }
476009ea47eSEdward Tomasz Napierala
477009ea47eSEdward Tomasz Napierala static void
login_negotiate(struct iscsid_connection * conn)47863783933SJohn Baldwin login_negotiate(struct iscsid_connection *conn)
479009ea47eSEdward Tomasz Napierala {
480009ea47eSEdward Tomasz Napierala struct pdu *request, *response;
481009ea47eSEdward Tomasz Napierala struct keys *request_keys, *response_keys;
482009ea47eSEdward Tomasz Napierala struct iscsi_bhs_login_response *bhslr;
4830686a20bSEdward Tomasz Napierala int i, nrequests = 0;
48497b84d34SNavdeep Parhar struct iscsi_session_limits *isl;
485009ea47eSEdward Tomasz Napierala
486bbd91c88SEdward Tomasz Napierala log_debugx("beginning operational parameter negotiation");
48763783933SJohn Baldwin request = login_new_request(&conn->conn,
48863783933SJohn Baldwin BHSLR_STAGE_OPERATIONAL_NEGOTIATION);
489009ea47eSEdward Tomasz Napierala request_keys = keys_new();
4907843bd03SEdward Tomasz Napierala
49197b84d34SNavdeep Parhar isl = &conn->conn_limits;
49297b84d34SNavdeep Parhar log_debugx("Limits for offload \"%s\" are "
49397b84d34SNavdeep Parhar "MaxRecvDataSegment=%d, max_send_dsl=%d, "
49497b84d34SNavdeep Parhar "MaxBurstLength=%d, FirstBurstLength=%d",
49597b84d34SNavdeep Parhar conn->conn_conf.isc_offload, isl->isl_max_recv_data_segment_length,
49697b84d34SNavdeep Parhar isl->isl_max_send_data_segment_length, isl->isl_max_burst_length,
49797b84d34SNavdeep Parhar isl->isl_first_burst_length);
49882babffbSEdward Tomasz Napierala
4997843bd03SEdward Tomasz Napierala /*
5007843bd03SEdward Tomasz Napierala * The following keys are irrelevant for discovery sessions.
5017843bd03SEdward Tomasz Napierala */
502009ea47eSEdward Tomasz Napierala if (conn->conn_conf.isc_discovery == 0) {
5037dbbd1aeSAlexander Motin keys_add(request_keys, "iSCSIProtocolLevel", "2");
504009ea47eSEdward Tomasz Napierala if (conn->conn_conf.isc_header_digest != 0)
505009ea47eSEdward Tomasz Napierala keys_add(request_keys, "HeaderDigest", "CRC32C");
5067843bd03SEdward Tomasz Napierala else
5077843bd03SEdward Tomasz Napierala keys_add(request_keys, "HeaderDigest", "None");
508009ea47eSEdward Tomasz Napierala if (conn->conn_conf.isc_data_digest != 0)
509009ea47eSEdward Tomasz Napierala keys_add(request_keys, "DataDigest", "CRC32C");
5107843bd03SEdward Tomasz Napierala else
5117843bd03SEdward Tomasz Napierala keys_add(request_keys, "DataDigest", "None");
512009ea47eSEdward Tomasz Napierala
513009ea47eSEdward Tomasz Napierala keys_add(request_keys, "ImmediateData", "Yes");
51497b84d34SNavdeep Parhar keys_add_int(request_keys, "MaxBurstLength",
51597b84d34SNavdeep Parhar isl->isl_max_burst_length);
51697b84d34SNavdeep Parhar keys_add_int(request_keys, "FirstBurstLength",
51797b84d34SNavdeep Parhar isl->isl_first_burst_length);
518009ea47eSEdward Tomasz Napierala keys_add(request_keys, "InitialR2T", "Yes");
5193f9e1172SAlexander Motin keys_add(request_keys, "MaxOutstandingR2T", "1");
5205abae79aSEdward Tomasz Napierala if (conn->conn_conf.isc_iser == 1) {
5215abae79aSEdward Tomasz Napierala keys_add_int(request_keys, "InitiatorRecvDataSegmentLength",
52297b84d34SNavdeep Parhar isl->isl_max_recv_data_segment_length);
5235abae79aSEdward Tomasz Napierala keys_add_int(request_keys, "TargetRecvDataSegmentLength",
52497b84d34SNavdeep Parhar isl->isl_max_send_data_segment_length);
5255abae79aSEdward Tomasz Napierala keys_add(request_keys, "RDMAExtensions", "Yes");
5265abae79aSEdward Tomasz Napierala } else {
5275abae79aSEdward Tomasz Napierala keys_add_int(request_keys, "MaxRecvDataSegmentLength",
52897b84d34SNavdeep Parhar isl->isl_max_recv_data_segment_length);
5295abae79aSEdward Tomasz Napierala }
5307843bd03SEdward Tomasz Napierala } else {
5317843bd03SEdward Tomasz Napierala keys_add(request_keys, "HeaderDigest", "None");
5327843bd03SEdward Tomasz Napierala keys_add(request_keys, "DataDigest", "None");
533009ea47eSEdward Tomasz Napierala keys_add_int(request_keys, "MaxRecvDataSegmentLength",
53497b84d34SNavdeep Parhar isl->isl_max_recv_data_segment_length);
5355abae79aSEdward Tomasz Napierala }
5365abae79aSEdward Tomasz Napierala
53763783933SJohn Baldwin conn->conn.conn_max_recv_data_segment_length =
538fc79cf4fSEd Maste isl->isl_max_recv_data_segment_length;
539fc79cf4fSEd Maste
540009ea47eSEdward Tomasz Napierala keys_add(request_keys, "DefaultTime2Wait", "0");
541009ea47eSEdward Tomasz Napierala keys_add(request_keys, "DefaultTime2Retain", "0");
5427843bd03SEdward Tomasz Napierala keys_add(request_keys, "ErrorRecoveryLevel", "0");
54325700db3SJohn Baldwin keys_save_pdu(request_keys, request);
544009ea47eSEdward Tomasz Napierala keys_delete(request_keys);
545009ea47eSEdward Tomasz Napierala request_keys = NULL;
546009ea47eSEdward Tomasz Napierala pdu_send(request);
547009ea47eSEdward Tomasz Napierala pdu_delete(request);
548009ea47eSEdward Tomasz Napierala request = NULL;
549009ea47eSEdward Tomasz Napierala
55063783933SJohn Baldwin response = login_receive(&conn->conn);
551009ea47eSEdward Tomasz Napierala response_keys = keys_new();
55225700db3SJohn Baldwin keys_load_pdu(response_keys, response);
553009ea47eSEdward Tomasz Napierala for (i = 0; i < KEYS_MAX; i++) {
554009ea47eSEdward Tomasz Napierala if (response_keys->keys_names[i] == NULL)
555009ea47eSEdward Tomasz Napierala break;
556009ea47eSEdward Tomasz Napierala
557009ea47eSEdward Tomasz Napierala login_negotiate_key(conn,
558009ea47eSEdward Tomasz Napierala response_keys->keys_names[i], response_keys->keys_values[i]);
559009ea47eSEdward Tomasz Napierala }
560009ea47eSEdward Tomasz Napierala
5610686a20bSEdward Tomasz Napierala keys_delete(response_keys);
5620686a20bSEdward Tomasz Napierala response_keys = NULL;
5630686a20bSEdward Tomasz Napierala
5640686a20bSEdward Tomasz Napierala for (;;) {
565009ea47eSEdward Tomasz Napierala bhslr = (struct iscsi_bhs_login_response *)response->pdu_bhs;
5660686a20bSEdward Tomasz Napierala if ((bhslr->bhslr_flags & BHSLR_FLAGS_TRANSIT) != 0)
5670686a20bSEdward Tomasz Napierala break;
5680686a20bSEdward Tomasz Napierala
5690686a20bSEdward Tomasz Napierala nrequests++;
5700686a20bSEdward Tomasz Napierala if (nrequests > 5) {
5710686a20bSEdward Tomasz Napierala log_warnx("received login response "
5720686a20bSEdward Tomasz Napierala "without the \"T\" flag too many times; giving up");
5730686a20bSEdward Tomasz Napierala break;
5740686a20bSEdward Tomasz Napierala }
5750686a20bSEdward Tomasz Napierala
5760686a20bSEdward Tomasz Napierala log_debugx("received login response "
5770686a20bSEdward Tomasz Napierala "without the \"T\" flag; sending another request");
5780686a20bSEdward Tomasz Napierala
5790686a20bSEdward Tomasz Napierala pdu_delete(response);
5800686a20bSEdward Tomasz Napierala
58163783933SJohn Baldwin request = login_new_request(&conn->conn,
5820686a20bSEdward Tomasz Napierala BHSLR_STAGE_OPERATIONAL_NEGOTIATION);
5830686a20bSEdward Tomasz Napierala pdu_send(request);
5840686a20bSEdward Tomasz Napierala pdu_delete(request);
5850686a20bSEdward Tomasz Napierala
58663783933SJohn Baldwin response = login_receive(&conn->conn);
5870686a20bSEdward Tomasz Napierala }
5880686a20bSEdward Tomasz Napierala
5890686a20bSEdward Tomasz Napierala if (login_nsg(response) != BHSLR_STAGE_FULL_FEATURE_PHASE)
590009ea47eSEdward Tomasz Napierala log_warnx("received final login response with wrong NSG 0x%x",
591009ea47eSEdward Tomasz Napierala login_nsg(response));
5920686a20bSEdward Tomasz Napierala pdu_delete(response);
593009ea47eSEdward Tomasz Napierala
594bbd91c88SEdward Tomasz Napierala log_debugx("operational parameter negotiation done; "
595009ea47eSEdward Tomasz Napierala "transitioning to Full Feature phase");
596009ea47eSEdward Tomasz Napierala }
597009ea47eSEdward Tomasz Napierala
598009ea47eSEdward Tomasz Napierala static void
login_send_chap_a(struct connection * conn)599009ea47eSEdward Tomasz Napierala login_send_chap_a(struct connection *conn)
600009ea47eSEdward Tomasz Napierala {
601009ea47eSEdward Tomasz Napierala struct pdu *request;
602009ea47eSEdward Tomasz Napierala struct keys *request_keys;
603009ea47eSEdward Tomasz Napierala
604f7048059SEdward Tomasz Napierala request = login_new_request(conn, BHSLR_STAGE_SECURITY_NEGOTIATION);
605009ea47eSEdward Tomasz Napierala request_keys = keys_new();
606009ea47eSEdward Tomasz Napierala keys_add(request_keys, "CHAP_A", "5");
60725700db3SJohn Baldwin keys_save_pdu(request_keys, request);
608009ea47eSEdward Tomasz Napierala keys_delete(request_keys);
609009ea47eSEdward Tomasz Napierala pdu_send(request);
610009ea47eSEdward Tomasz Napierala pdu_delete(request);
611009ea47eSEdward Tomasz Napierala }
612009ea47eSEdward Tomasz Napierala
613009ea47eSEdward Tomasz Napierala static void
login_send_chap_r(struct pdu * response)614009ea47eSEdward Tomasz Napierala login_send_chap_r(struct pdu *response)
615009ea47eSEdward Tomasz Napierala {
61663783933SJohn Baldwin struct iscsid_connection *conn;
617009ea47eSEdward Tomasz Napierala struct pdu *request;
618009ea47eSEdward Tomasz Napierala struct keys *request_keys, *response_keys;
61945078155SEdward Tomasz Napierala struct rchap *rchap;
620009ea47eSEdward Tomasz Napierala const char *chap_a, *chap_c, *chap_i;
62145078155SEdward Tomasz Napierala char *chap_r;
62245078155SEdward Tomasz Napierala int error;
62345078155SEdward Tomasz Napierala char *mutual_chap_c, *mutual_chap_i;
624009ea47eSEdward Tomasz Napierala
625009ea47eSEdward Tomasz Napierala /*
626009ea47eSEdward Tomasz Napierala * As in the rest of the initiator, 'request' means
627009ea47eSEdward Tomasz Napierala * 'initiator -> target', and 'response' means 'target -> initiator',
628009ea47eSEdward Tomasz Napierala *
629009ea47eSEdward Tomasz Napierala * So, here the 'response' from the target is the packet that contains
630009ea47eSEdward Tomasz Napierala * CHAP challenge; our CHAP response goes into 'request'.
631009ea47eSEdward Tomasz Napierala */
632009ea47eSEdward Tomasz Napierala
63363783933SJohn Baldwin conn = (struct iscsid_connection *)response->pdu_connection;
634009ea47eSEdward Tomasz Napierala
635009ea47eSEdward Tomasz Napierala response_keys = keys_new();
63625700db3SJohn Baldwin keys_load_pdu(response_keys, response);
637009ea47eSEdward Tomasz Napierala
638009ea47eSEdward Tomasz Napierala /*
639009ea47eSEdward Tomasz Napierala * First, compute the response.
640009ea47eSEdward Tomasz Napierala */
641009ea47eSEdward Tomasz Napierala chap_a = keys_find(response_keys, "CHAP_A");
642009ea47eSEdward Tomasz Napierala if (chap_a == NULL)
643009ea47eSEdward Tomasz Napierala log_errx(1, "received CHAP packet without CHAP_A");
644009ea47eSEdward Tomasz Napierala chap_c = keys_find(response_keys, "CHAP_C");
645009ea47eSEdward Tomasz Napierala if (chap_c == NULL)
646009ea47eSEdward Tomasz Napierala log_errx(1, "received CHAP packet without CHAP_C");
647009ea47eSEdward Tomasz Napierala chap_i = keys_find(response_keys, "CHAP_I");
648009ea47eSEdward Tomasz Napierala if (chap_i == NULL)
649009ea47eSEdward Tomasz Napierala log_errx(1, "received CHAP packet without CHAP_I");
650009ea47eSEdward Tomasz Napierala
65145078155SEdward Tomasz Napierala if (strcmp(chap_a, "5") != 0) {
652009ea47eSEdward Tomasz Napierala log_errx(1, "received CHAP packet "
653009ea47eSEdward Tomasz Napierala "with unsupported CHAP_A \"%s\"", chap_a);
65445078155SEdward Tomasz Napierala }
65545078155SEdward Tomasz Napierala
65645078155SEdward Tomasz Napierala rchap = rchap_new(conn->conn_conf.isc_secret);
65745078155SEdward Tomasz Napierala error = rchap_receive(rchap, chap_i, chap_c);
65845078155SEdward Tomasz Napierala if (error != 0) {
65945078155SEdward Tomasz Napierala log_errx(1, "received CHAP packet "
66045078155SEdward Tomasz Napierala "with malformed CHAP_I or CHAP_C");
66145078155SEdward Tomasz Napierala }
66245078155SEdward Tomasz Napierala chap_r = rchap_get_response(rchap);
66345078155SEdward Tomasz Napierala rchap_delete(rchap);
664009ea47eSEdward Tomasz Napierala
665009ea47eSEdward Tomasz Napierala keys_delete(response_keys);
666009ea47eSEdward Tomasz Napierala
66763783933SJohn Baldwin request = login_new_request(&conn->conn,
66863783933SJohn Baldwin BHSLR_STAGE_SECURITY_NEGOTIATION);
669009ea47eSEdward Tomasz Napierala request_keys = keys_new();
670009ea47eSEdward Tomasz Napierala keys_add(request_keys, "CHAP_N", conn->conn_conf.isc_user);
671009ea47eSEdward Tomasz Napierala keys_add(request_keys, "CHAP_R", chap_r);
672009ea47eSEdward Tomasz Napierala free(chap_r);
673009ea47eSEdward Tomasz Napierala
674009ea47eSEdward Tomasz Napierala /*
675009ea47eSEdward Tomasz Napierala * If we want mutual authentication, we're expected to send
676009ea47eSEdward Tomasz Napierala * our CHAP_I/CHAP_C now.
677009ea47eSEdward Tomasz Napierala */
678009ea47eSEdward Tomasz Napierala if (conn->conn_conf.isc_mutual_user[0] != '\0') {
679009ea47eSEdward Tomasz Napierala log_debugx("requesting mutual authentication; "
680009ea47eSEdward Tomasz Napierala "binary challenge size is %zd bytes",
68145078155SEdward Tomasz Napierala sizeof(conn->conn_mutual_chap->chap_challenge));
682009ea47eSEdward Tomasz Napierala
68345078155SEdward Tomasz Napierala assert(conn->conn_mutual_chap == NULL);
68445078155SEdward Tomasz Napierala conn->conn_mutual_chap = chap_new();
68545078155SEdward Tomasz Napierala mutual_chap_i = chap_get_id(conn->conn_mutual_chap);
68645078155SEdward Tomasz Napierala mutual_chap_c = chap_get_challenge(conn->conn_mutual_chap);
687009ea47eSEdward Tomasz Napierala keys_add(request_keys, "CHAP_I", mutual_chap_i);
688009ea47eSEdward Tomasz Napierala keys_add(request_keys, "CHAP_C", mutual_chap_c);
68945078155SEdward Tomasz Napierala free(mutual_chap_i);
690009ea47eSEdward Tomasz Napierala free(mutual_chap_c);
691009ea47eSEdward Tomasz Napierala }
692009ea47eSEdward Tomasz Napierala
69325700db3SJohn Baldwin keys_save_pdu(request_keys, request);
694009ea47eSEdward Tomasz Napierala keys_delete(request_keys);
695009ea47eSEdward Tomasz Napierala pdu_send(request);
696009ea47eSEdward Tomasz Napierala pdu_delete(request);
697009ea47eSEdward Tomasz Napierala }
698009ea47eSEdward Tomasz Napierala
699009ea47eSEdward Tomasz Napierala static void
login_verify_mutual(const struct pdu * response)700009ea47eSEdward Tomasz Napierala login_verify_mutual(const struct pdu *response)
701009ea47eSEdward Tomasz Napierala {
70263783933SJohn Baldwin struct iscsid_connection *conn;
703009ea47eSEdward Tomasz Napierala struct keys *response_keys;
704009ea47eSEdward Tomasz Napierala const char *chap_n, *chap_r;
705009ea47eSEdward Tomasz Napierala int error;
706009ea47eSEdward Tomasz Napierala
70763783933SJohn Baldwin conn = (struct iscsid_connection *)response->pdu_connection;
708009ea47eSEdward Tomasz Napierala
709009ea47eSEdward Tomasz Napierala response_keys = keys_new();
71025700db3SJohn Baldwin keys_load_pdu(response_keys, response);
711009ea47eSEdward Tomasz Napierala
712009ea47eSEdward Tomasz Napierala chap_n = keys_find(response_keys, "CHAP_N");
713009ea47eSEdward Tomasz Napierala if (chap_n == NULL)
714009ea47eSEdward Tomasz Napierala log_errx(1, "received CHAP Response PDU without CHAP_N");
715009ea47eSEdward Tomasz Napierala chap_r = keys_find(response_keys, "CHAP_R");
716009ea47eSEdward Tomasz Napierala if (chap_r == NULL)
717009ea47eSEdward Tomasz Napierala log_errx(1, "received CHAP Response PDU without CHAP_R");
71845078155SEdward Tomasz Napierala
71945078155SEdward Tomasz Napierala error = chap_receive(conn->conn_mutual_chap, chap_r);
720009ea47eSEdward Tomasz Napierala if (error != 0)
72145078155SEdward Tomasz Napierala log_errx(1, "received CHAP Response PDU with invalid CHAP_R");
722009ea47eSEdward Tomasz Napierala
723009ea47eSEdward Tomasz Napierala if (strcmp(chap_n, conn->conn_conf.isc_mutual_user) != 0) {
72463783933SJohn Baldwin fail(&conn->conn, "Mutual CHAP failed");
725009ea47eSEdward Tomasz Napierala log_errx(1, "mutual CHAP authentication failed: wrong user");
726009ea47eSEdward Tomasz Napierala }
727009ea47eSEdward Tomasz Napierala
72845078155SEdward Tomasz Napierala error = chap_authenticate(conn->conn_mutual_chap,
72945078155SEdward Tomasz Napierala conn->conn_conf.isc_mutual_secret);
73045078155SEdward Tomasz Napierala if (error != 0) {
73163783933SJohn Baldwin fail(&conn->conn, "Mutual CHAP failed");
732009ea47eSEdward Tomasz Napierala log_errx(1, "mutual CHAP authentication failed: wrong secret");
733009ea47eSEdward Tomasz Napierala }
734009ea47eSEdward Tomasz Napierala
735009ea47eSEdward Tomasz Napierala keys_delete(response_keys);
73645078155SEdward Tomasz Napierala chap_delete(conn->conn_mutual_chap);
73745078155SEdward Tomasz Napierala conn->conn_mutual_chap = NULL;
738009ea47eSEdward Tomasz Napierala
739009ea47eSEdward Tomasz Napierala log_debugx("mutual CHAP authentication succeeded");
740009ea47eSEdward Tomasz Napierala }
741009ea47eSEdward Tomasz Napierala
742009ea47eSEdward Tomasz Napierala static void
login_chap(struct iscsid_connection * conn)74363783933SJohn Baldwin login_chap(struct iscsid_connection *conn)
744009ea47eSEdward Tomasz Napierala {
745009ea47eSEdward Tomasz Napierala struct pdu *response;
746009ea47eSEdward Tomasz Napierala
747009ea47eSEdward Tomasz Napierala log_debugx("beginning CHAP authentication; sending CHAP_A");
74863783933SJohn Baldwin login_send_chap_a(&conn->conn);
749009ea47eSEdward Tomasz Napierala
750009ea47eSEdward Tomasz Napierala log_debugx("waiting for CHAP_A/CHAP_C/CHAP_I");
75163783933SJohn Baldwin response = login_receive(&conn->conn);
752009ea47eSEdward Tomasz Napierala
753009ea47eSEdward Tomasz Napierala log_debugx("sending CHAP_N/CHAP_R");
754009ea47eSEdward Tomasz Napierala login_send_chap_r(response);
755009ea47eSEdward Tomasz Napierala pdu_delete(response);
756009ea47eSEdward Tomasz Napierala
757009ea47eSEdward Tomasz Napierala /*
758009ea47eSEdward Tomasz Napierala * XXX: Make sure this is not susceptible to MITM.
759009ea47eSEdward Tomasz Napierala */
760009ea47eSEdward Tomasz Napierala
761009ea47eSEdward Tomasz Napierala log_debugx("waiting for CHAP result");
76263783933SJohn Baldwin response = login_receive(&conn->conn);
763009ea47eSEdward Tomasz Napierala if (conn->conn_conf.isc_mutual_user[0] != '\0')
764009ea47eSEdward Tomasz Napierala login_verify_mutual(response);
765009ea47eSEdward Tomasz Napierala pdu_delete(response);
766009ea47eSEdward Tomasz Napierala
767009ea47eSEdward Tomasz Napierala log_debugx("CHAP authentication done");
768009ea47eSEdward Tomasz Napierala }
769009ea47eSEdward Tomasz Napierala
770009ea47eSEdward Tomasz Napierala void
login(struct iscsid_connection * conn)77163783933SJohn Baldwin login(struct iscsid_connection *conn)
772009ea47eSEdward Tomasz Napierala {
773009ea47eSEdward Tomasz Napierala struct pdu *request, *response;
774009ea47eSEdward Tomasz Napierala struct keys *request_keys, *response_keys;
775009ea47eSEdward Tomasz Napierala struct iscsi_bhs_login_response *bhslr2;
776009ea47eSEdward Tomasz Napierala const char *auth_method;
777009ea47eSEdward Tomasz Napierala int i;
778009ea47eSEdward Tomasz Napierala
779009ea47eSEdward Tomasz Napierala log_debugx("beginning Login phase; sending Login PDU");
78063783933SJohn Baldwin request = login_new_request(&conn->conn,
78163783933SJohn Baldwin BHSLR_STAGE_SECURITY_NEGOTIATION);
782009ea47eSEdward Tomasz Napierala request_keys = keys_new();
7837843bd03SEdward Tomasz Napierala if (conn->conn_conf.isc_mutual_user[0] != '\0') {
7847843bd03SEdward Tomasz Napierala keys_add(request_keys, "AuthMethod", "CHAP");
7857843bd03SEdward Tomasz Napierala } else if (conn->conn_conf.isc_user[0] != '\0') {
7867843bd03SEdward Tomasz Napierala /*
7877843bd03SEdward Tomasz Napierala * Give target a chance to skip authentication if it
7887843bd03SEdward Tomasz Napierala * doesn't feel like it.
7897843bd03SEdward Tomasz Napierala *
7907843bd03SEdward Tomasz Napierala * None is first, CHAP second; this is to work around
7917843bd03SEdward Tomasz Napierala * what seems to be LIO (Linux target) bug: otherwise,
7927843bd03SEdward Tomasz Napierala * if target is configured with no authentication,
7937843bd03SEdward Tomasz Napierala * and we are configured to authenticate, the target
7947843bd03SEdward Tomasz Napierala * will erroneously respond with AuthMethod=CHAP
7957843bd03SEdward Tomasz Napierala * instead of AuthMethod=None, and will subsequently
7967843bd03SEdward Tomasz Napierala * fail the connection. This usually happens with
7977843bd03SEdward Tomasz Napierala * Discovery sessions, which default to no authentication.
7987843bd03SEdward Tomasz Napierala */
7997843bd03SEdward Tomasz Napierala keys_add(request_keys, "AuthMethod", "None,CHAP");
8007843bd03SEdward Tomasz Napierala } else {
801009ea47eSEdward Tomasz Napierala keys_add(request_keys, "AuthMethod", "None");
8027843bd03SEdward Tomasz Napierala }
803009ea47eSEdward Tomasz Napierala keys_add(request_keys, "InitiatorName",
804009ea47eSEdward Tomasz Napierala conn->conn_conf.isc_initiator);
805009ea47eSEdward Tomasz Napierala if (conn->conn_conf.isc_initiator_alias[0] != '\0') {
806009ea47eSEdward Tomasz Napierala keys_add(request_keys, "InitiatorAlias",
807009ea47eSEdward Tomasz Napierala conn->conn_conf.isc_initiator_alias);
808009ea47eSEdward Tomasz Napierala }
809009ea47eSEdward Tomasz Napierala if (conn->conn_conf.isc_discovery == 0) {
810009ea47eSEdward Tomasz Napierala keys_add(request_keys, "SessionType", "Normal");
811009ea47eSEdward Tomasz Napierala keys_add(request_keys,
812009ea47eSEdward Tomasz Napierala "TargetName", conn->conn_conf.isc_target);
813009ea47eSEdward Tomasz Napierala } else {
814009ea47eSEdward Tomasz Napierala keys_add(request_keys, "SessionType", "Discovery");
815009ea47eSEdward Tomasz Napierala }
81625700db3SJohn Baldwin keys_save_pdu(request_keys, request);
817009ea47eSEdward Tomasz Napierala keys_delete(request_keys);
818009ea47eSEdward Tomasz Napierala pdu_send(request);
819009ea47eSEdward Tomasz Napierala pdu_delete(request);
820009ea47eSEdward Tomasz Napierala
82163783933SJohn Baldwin response = login_receive(&conn->conn);
822009ea47eSEdward Tomasz Napierala
823009ea47eSEdward Tomasz Napierala response_keys = keys_new();
82425700db3SJohn Baldwin keys_load_pdu(response_keys, response);
825009ea47eSEdward Tomasz Napierala
826009ea47eSEdward Tomasz Napierala for (i = 0; i < KEYS_MAX; i++) {
827009ea47eSEdward Tomasz Napierala if (response_keys->keys_names[i] == NULL)
828009ea47eSEdward Tomasz Napierala break;
829009ea47eSEdward Tomasz Napierala
830009ea47eSEdward Tomasz Napierala /*
831009ea47eSEdward Tomasz Napierala * Not interested in AuthMethod at this point; we only need
832009ea47eSEdward Tomasz Napierala * to parse things such as TargetAlias.
833009ea47eSEdward Tomasz Napierala *
834009ea47eSEdward Tomasz Napierala * XXX: This is somewhat ugly. We should have a way to apply
835009ea47eSEdward Tomasz Napierala * all the keys to the session and use that by default
836009ea47eSEdward Tomasz Napierala * instead of discarding them.
837009ea47eSEdward Tomasz Napierala */
838009ea47eSEdward Tomasz Napierala if (strcmp(response_keys->keys_names[i], "AuthMethod") == 0)
839009ea47eSEdward Tomasz Napierala continue;
840009ea47eSEdward Tomasz Napierala
841009ea47eSEdward Tomasz Napierala login_negotiate_key(conn,
842009ea47eSEdward Tomasz Napierala response_keys->keys_names[i], response_keys->keys_values[i]);
843009ea47eSEdward Tomasz Napierala }
844009ea47eSEdward Tomasz Napierala
845009ea47eSEdward Tomasz Napierala bhslr2 = (struct iscsi_bhs_login_response *)response->pdu_bhs;
846009ea47eSEdward Tomasz Napierala if ((bhslr2->bhslr_flags & BHSLR_FLAGS_TRANSIT) != 0 &&
847009ea47eSEdward Tomasz Napierala login_nsg(response) == BHSLR_STAGE_OPERATIONAL_NEGOTIATION) {
8487843bd03SEdward Tomasz Napierala if (conn->conn_conf.isc_mutual_user[0] != '\0') {
8497843bd03SEdward Tomasz Napierala log_errx(1, "target requested transition "
850bbd91c88SEdward Tomasz Napierala "to operational parameter negotiation, "
851bbd91c88SEdward Tomasz Napierala "but we require mutual CHAP");
8527843bd03SEdward Tomasz Napierala }
8537843bd03SEdward Tomasz Napierala
854009ea47eSEdward Tomasz Napierala log_debugx("target requested transition "
855bbd91c88SEdward Tomasz Napierala "to operational parameter negotiation");
856009ea47eSEdward Tomasz Napierala keys_delete(response_keys);
857009ea47eSEdward Tomasz Napierala pdu_delete(response);
858009ea47eSEdward Tomasz Napierala login_negotiate(conn);
859009ea47eSEdward Tomasz Napierala return;
860009ea47eSEdward Tomasz Napierala }
861009ea47eSEdward Tomasz Napierala
862009ea47eSEdward Tomasz Napierala auth_method = keys_find(response_keys, "AuthMethod");
863009ea47eSEdward Tomasz Napierala if (auth_method == NULL)
864009ea47eSEdward Tomasz Napierala log_errx(1, "received response without AuthMethod");
865009ea47eSEdward Tomasz Napierala if (strcmp(auth_method, "None") == 0) {
8667843bd03SEdward Tomasz Napierala if (conn->conn_conf.isc_mutual_user[0] != '\0') {
8677843bd03SEdward Tomasz Napierala log_errx(1, "target does not require authantication, "
8687843bd03SEdward Tomasz Napierala "but we require mutual CHAP");
8697843bd03SEdward Tomasz Napierala }
8707843bd03SEdward Tomasz Napierala
871009ea47eSEdward Tomasz Napierala log_debugx("target does not require authentication");
872009ea47eSEdward Tomasz Napierala keys_delete(response_keys);
873009ea47eSEdward Tomasz Napierala pdu_delete(response);
874009ea47eSEdward Tomasz Napierala login_negotiate(conn);
875009ea47eSEdward Tomasz Napierala return;
876009ea47eSEdward Tomasz Napierala }
877009ea47eSEdward Tomasz Napierala
878009ea47eSEdward Tomasz Napierala if (strcmp(auth_method, "CHAP") != 0) {
87963783933SJohn Baldwin fail(&conn->conn, "Unsupported AuthMethod");
880009ea47eSEdward Tomasz Napierala log_errx(1, "received response "
881009ea47eSEdward Tomasz Napierala "with unsupported AuthMethod \"%s\"", auth_method);
882009ea47eSEdward Tomasz Napierala }
883009ea47eSEdward Tomasz Napierala
884009ea47eSEdward Tomasz Napierala if (conn->conn_conf.isc_user[0] == '\0' ||
885009ea47eSEdward Tomasz Napierala conn->conn_conf.isc_secret[0] == '\0') {
88663783933SJohn Baldwin fail(&conn->conn, "Authentication required");
887009ea47eSEdward Tomasz Napierala log_errx(1, "target requests CHAP authentication, but we don't "
888009ea47eSEdward Tomasz Napierala "have user and secret");
889009ea47eSEdward Tomasz Napierala }
890009ea47eSEdward Tomasz Napierala
891009ea47eSEdward Tomasz Napierala keys_delete(response_keys);
892009ea47eSEdward Tomasz Napierala response_keys = NULL;
893009ea47eSEdward Tomasz Napierala pdu_delete(response);
894009ea47eSEdward Tomasz Napierala response = NULL;
895009ea47eSEdward Tomasz Napierala
896009ea47eSEdward Tomasz Napierala login_chap(conn);
897009ea47eSEdward Tomasz Napierala login_negotiate(conn);
898009ea47eSEdward Tomasz Napierala }
899