Index: head/usr.sbin/ctld/chap.c =================================================================== --- head/usr.sbin/ctld/chap.c (revision 304604) +++ head/usr.sbin/ctld/chap.c (revision 304605) @@ -1,422 +1,422 @@ /*- * Copyright (c) 2014 The FreeBSD Foundation * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include "ctld.h" static void chap_compute_md5(const char id, const char *secret, const void *challenge, size_t challenge_len, void *response, size_t response_len) { MD5_CTX ctx; assert(response_len == CHAP_DIGEST_LEN); MD5Init(&ctx); MD5Update(&ctx, &id, sizeof(id)); MD5Update(&ctx, secret, strlen(secret)); MD5Update(&ctx, challenge, challenge_len); MD5Final(response, &ctx); } static int chap_hex2int(const char hex) { switch (hex) { case '0': return (0x00); case '1': return (0x01); case '2': return (0x02); case '3': return (0x03); case '4': return (0x04); case '5': return (0x05); case '6': return (0x06); case '7': return (0x07); case '8': return (0x08); case '9': return (0x09); case 'a': case 'A': return (0x0a); case 'b': case 'B': return (0x0b); case 'c': case 'C': return (0x0c); case 'd': case 'D': return (0x0d); case 'e': case 'E': return (0x0e); case 'f': case 'F': return (0x0f); default: return (-1); } } static int chap_b642bin(const char *b64, void **binp, size_t *bin_lenp) { char *bin; int b64_len, bin_len; b64_len = strlen(b64); bin_len = (b64_len + 3) / 4 * 3; bin = calloc(bin_len, 1); if (bin == NULL) log_err(1, "calloc"); bin_len = b64_pton(b64, bin, bin_len); if (bin_len < 0) { log_warnx("malformed base64 variable"); free(bin); return (-1); } *binp = bin; *bin_lenp = bin_len; return (0); } /* * XXX: Review this _carefully_. */ static int chap_hex2bin(const char *hex, void **binp, size_t *bin_lenp) { int i, hex_len, nibble; bool lo = true; /* As opposed to 'hi'. */ char *bin; size_t bin_off, bin_len; if (strncasecmp(hex, "0b", strlen("0b")) == 0) return (chap_b642bin(hex + 2, binp, bin_lenp)); if (strncasecmp(hex, "0x", strlen("0x")) != 0) { log_warnx("malformed variable, should start with \"0x\"" " or \"0b\""); return (-1); } hex += strlen("0x"); hex_len = strlen(hex); if (hex_len < 1) { log_warnx("malformed variable; doesn't contain anything " "but \"0x\""); return (-1); } bin_len = hex_len / 2 + hex_len % 2; bin = calloc(bin_len, 1); if (bin == NULL) log_err(1, "calloc"); bin_off = bin_len - 1; for (i = hex_len - 1; i >= 0; i--) { nibble = chap_hex2int(hex[i]); if (nibble < 0) { log_warnx("malformed variable, invalid char \"%c\"", hex[i]); free(bin); return (-1); } assert(bin_off < bin_len); if (lo) { bin[bin_off] = nibble; lo = false; } else { bin[bin_off] |= nibble << 4; bin_off--; lo = true; } } *binp = bin; *bin_lenp = bin_len; return (0); } #ifdef USE_BASE64 static char * chap_bin2hex(const char *bin, size_t bin_len) { unsigned char *b64, *tmp; size_t b64_len; b64_len = (bin_len + 2) / 3 * 4 + 3; /* +2 for "0b", +1 for '\0'. */ b64 = malloc(b64_len); if (b64 == NULL) log_err(1, "malloc"); tmp = b64; tmp += sprintf(tmp, "0b"); b64_ntop(bin, bin_len, tmp, b64_len - 2); return (b64); } #else static char * chap_bin2hex(const char *bin, size_t bin_len) { unsigned char *hex, *tmp, ch; size_t hex_len; size_t i; hex_len = bin_len * 2 + 3; /* +2 for "0x", +1 for '\0'. */ hex = malloc(hex_len); if (hex == NULL) log_err(1, "malloc"); tmp = hex; tmp += sprintf(tmp, "0x"); for (i = 0; i < bin_len; i++) { ch = bin[i]; tmp += sprintf(tmp, "%02x", ch); } return (hex); } #endif /* !USE_BASE64 */ struct chap * chap_new(void) { struct chap *chap; - chap = calloc(sizeof(*chap), 1); + chap = calloc(1, sizeof(*chap)); if (chap == NULL) log_err(1, "calloc"); /* * Generate the challenge. */ arc4random_buf(chap->chap_challenge, sizeof(chap->chap_challenge)); arc4random_buf(&chap->chap_id, sizeof(chap->chap_id)); return (chap); } char * chap_get_id(const struct chap *chap) { char *chap_i; int ret; ret = asprintf(&chap_i, "%d", chap->chap_id); if (ret < 0) log_err(1, "asprintf"); return (chap_i); } char * chap_get_challenge(const struct chap *chap) { char *chap_c; chap_c = chap_bin2hex(chap->chap_challenge, sizeof(chap->chap_challenge)); return (chap_c); } static int chap_receive_bin(struct chap *chap, void *response, size_t response_len) { if (response_len != sizeof(chap->chap_response)) { log_debugx("got CHAP response with invalid length; " "got %zd, should be %zd", response_len, sizeof(chap->chap_response)); return (1); } memcpy(chap->chap_response, response, response_len); return (0); } int chap_receive(struct chap *chap, const char *response) { void *response_bin; size_t response_bin_len; int error; error = chap_hex2bin(response, &response_bin, &response_bin_len); if (error != 0) { log_debugx("got incorrectly encoded CHAP response \"%s\"", response); return (1); } error = chap_receive_bin(chap, response_bin, response_bin_len); free(response_bin); return (error); } int chap_authenticate(struct chap *chap, const char *secret) { char expected_response[CHAP_DIGEST_LEN]; chap_compute_md5(chap->chap_id, secret, chap->chap_challenge, sizeof(chap->chap_challenge), expected_response, sizeof(expected_response)); if (memcmp(chap->chap_response, expected_response, sizeof(expected_response)) != 0) { return (-1); } return (0); } void chap_delete(struct chap *chap) { free(chap); } struct rchap * rchap_new(const char *secret) { struct rchap *rchap; - rchap = calloc(sizeof(*rchap), 1); + rchap = calloc(1, sizeof(*rchap)); if (rchap == NULL) log_err(1, "calloc"); rchap->rchap_secret = checked_strdup(secret); return (rchap); } static void rchap_receive_bin(struct rchap *rchap, const unsigned char id, const void *challenge, size_t challenge_len) { rchap->rchap_id = id; rchap->rchap_challenge = calloc(challenge_len, 1); if (rchap->rchap_challenge == NULL) log_err(1, "calloc"); memcpy(rchap->rchap_challenge, challenge, challenge_len); rchap->rchap_challenge_len = challenge_len; } int rchap_receive(struct rchap *rchap, const char *id, const char *challenge) { unsigned char id_bin; void *challenge_bin; size_t challenge_bin_len; int error; id_bin = strtoul(id, NULL, 10); error = chap_hex2bin(challenge, &challenge_bin, &challenge_bin_len); if (error != 0) { log_debugx("got incorrectly encoded CHAP challenge \"%s\"", challenge); return (1); } rchap_receive_bin(rchap, id_bin, challenge_bin, challenge_bin_len); free(challenge_bin); return (0); } static void rchap_get_response_bin(struct rchap *rchap, void **responsep, size_t *response_lenp) { void *response_bin; size_t response_bin_len = CHAP_DIGEST_LEN; response_bin = calloc(response_bin_len, 1); if (response_bin == NULL) log_err(1, "calloc"); chap_compute_md5(rchap->rchap_id, rchap->rchap_secret, rchap->rchap_challenge, rchap->rchap_challenge_len, response_bin, response_bin_len); *responsep = response_bin; *response_lenp = response_bin_len; } char * rchap_get_response(struct rchap *rchap) { void *response; size_t response_len; char *chap_r; rchap_get_response_bin(rchap, &response, &response_len); chap_r = chap_bin2hex(response, response_len); free(response); return (chap_r); } void rchap_delete(struct rchap *rchap) { free(rchap->rchap_secret); free(rchap->rchap_challenge); free(rchap); } Index: head/usr.sbin/ctld/keys.c =================================================================== --- head/usr.sbin/ctld/keys.c (revision 304604) +++ head/usr.sbin/ctld/keys.c (revision 304605) @@ -1,198 +1,198 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include "ctld.h" struct keys * keys_new(void) { struct keys *keys; - keys = calloc(sizeof(*keys), 1); + keys = calloc(1, sizeof(*keys)); if (keys == NULL) log_err(1, "calloc"); return (keys); } void keys_delete(struct keys *keys) { free(keys->keys_data); free(keys); } void keys_load(struct keys *keys, const struct pdu *pdu) { int i; char *pair; size_t pair_len; if (pdu->pdu_data_len == 0) return; if (pdu->pdu_data[pdu->pdu_data_len - 1] != '\0') log_errx(1, "protocol error: key not NULL-terminated\n"); assert(keys->keys_data == NULL); keys->keys_data_len = pdu->pdu_data_len; keys->keys_data = malloc(keys->keys_data_len); if (keys->keys_data == NULL) log_err(1, "malloc"); memcpy(keys->keys_data, pdu->pdu_data, keys->keys_data_len); /* * XXX: Review this carefully. */ pair = keys->keys_data; for (i = 0;; i++) { if (i >= KEYS_MAX) log_errx(1, "too many keys received"); pair_len = strlen(pair); keys->keys_values[i] = pair; keys->keys_names[i] = strsep(&keys->keys_values[i], "="); if (keys->keys_names[i] == NULL || keys->keys_values[i] == NULL) log_errx(1, "malformed keys"); log_debugx("key received: \"%s=%s\"", keys->keys_names[i], keys->keys_values[i]); pair += pair_len + 1; /* +1 to skip the terminating '\0'. */ if (pair == keys->keys_data + keys->keys_data_len) break; assert(pair < keys->keys_data + keys->keys_data_len); } } void keys_save(struct keys *keys, struct pdu *pdu) { char *data; size_t len; int i; /* * XXX: Not particularly efficient. */ len = 0; for (i = 0; i < KEYS_MAX; i++) { if (keys->keys_names[i] == NULL) break; /* * +1 for '=', +1 for '\0'. */ len += strlen(keys->keys_names[i]) + strlen(keys->keys_values[i]) + 2; } if (len == 0) return; data = malloc(len); if (data == NULL) log_err(1, "malloc"); pdu->pdu_data = data; pdu->pdu_data_len = len; for (i = 0; i < KEYS_MAX; i++) { if (keys->keys_names[i] == NULL) break; data += sprintf(data, "%s=%s", keys->keys_names[i], keys->keys_values[i]); data += 1; /* for '\0'. */ } } const char * keys_find(struct keys *keys, const char *name) { int i; /* * Note that we don't handle duplicated key names here, * as they are not supposed to happen in requests, and if they do, * it's an initiator error. */ for (i = 0; i < KEYS_MAX; i++) { if (keys->keys_names[i] == NULL) return (NULL); if (strcmp(keys->keys_names[i], name) == 0) return (keys->keys_values[i]); } return (NULL); } void keys_add(struct keys *keys, const char *name, const char *value) { int i; log_debugx("key to send: \"%s=%s\"", name, value); /* * Note that we don't check for duplicates here, as they are perfectly * fine in responses, e.g. the "TargetName" keys in discovery sesion * response. */ for (i = 0; i < KEYS_MAX; i++) { if (keys->keys_names[i] == NULL) { keys->keys_names[i] = checked_strdup(name); keys->keys_values[i] = checked_strdup(value); return; } } log_errx(1, "too many keys"); } void keys_add_int(struct keys *keys, const char *name, int value) { char *str; int ret; ret = asprintf(&str, "%d", value); if (ret <= 0) log_err(1, "asprintf"); keys_add(keys, name, str); free(str); } Index: head/usr.sbin/ctld/pdu.c =================================================================== --- head/usr.sbin/ctld/pdu.c (revision 304604) +++ head/usr.sbin/ctld/pdu.c (revision 304605) @@ -1,264 +1,264 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include "ctld.h" #include "iscsi_proto.h" #ifdef ICL_KERNEL_PROXY #include #endif extern bool proxy_mode; static int pdu_ahs_length(const struct pdu *pdu) { return (pdu->pdu_bhs->bhs_total_ahs_len * 4); } static int pdu_data_segment_length(const struct pdu *pdu) { uint32_t len = 0; len += pdu->pdu_bhs->bhs_data_segment_len[0]; len <<= 8; len += pdu->pdu_bhs->bhs_data_segment_len[1]; len <<= 8; len += pdu->pdu_bhs->bhs_data_segment_len[2]; return (len); } static void pdu_set_data_segment_length(struct pdu *pdu, uint32_t len) { pdu->pdu_bhs->bhs_data_segment_len[2] = len; pdu->pdu_bhs->bhs_data_segment_len[1] = len >> 8; pdu->pdu_bhs->bhs_data_segment_len[0] = len >> 16; } struct pdu * pdu_new(struct connection *conn) { struct pdu *pdu; - pdu = calloc(sizeof(*pdu), 1); + pdu = calloc(1, sizeof(*pdu)); if (pdu == NULL) log_err(1, "calloc"); - pdu->pdu_bhs = calloc(sizeof(*pdu->pdu_bhs), 1); + pdu->pdu_bhs = calloc(1, sizeof(*pdu->pdu_bhs)); if (pdu->pdu_bhs == NULL) log_err(1, "calloc"); pdu->pdu_connection = conn; return (pdu); } struct pdu * pdu_new_response(struct pdu *request) { return (pdu_new(request->pdu_connection)); } #ifdef ICL_KERNEL_PROXY static void pdu_receive_proxy(struct pdu *pdu) { size_t len; assert(proxy_mode); kernel_receive(pdu); len = pdu_ahs_length(pdu); if (len > 0) log_errx(1, "protocol error: non-empty AHS"); len = pdu_data_segment_length(pdu); assert(len <= MAX_DATA_SEGMENT_LENGTH); pdu->pdu_data_len = len; } static void pdu_send_proxy(struct pdu *pdu) { assert(proxy_mode); pdu_set_data_segment_length(pdu, pdu->pdu_data_len); kernel_send(pdu); } #endif /* ICL_KERNEL_PROXY */ static size_t pdu_padding(const struct pdu *pdu) { if ((pdu->pdu_data_len % 4) != 0) return (4 - (pdu->pdu_data_len % 4)); return (0); } static void pdu_read(int fd, char *data, size_t len) { ssize_t ret; while (len > 0) { ret = read(fd, data, len); if (ret < 0) { if (timed_out()) log_errx(1, "exiting due to timeout"); log_err(1, "read"); } else if (ret == 0) log_errx(1, "read: connection lost"); len -= ret; data += ret; } } void pdu_receive(struct pdu *pdu) { size_t len, padding; char dummy[4]; #ifdef ICL_KERNEL_PROXY if (proxy_mode) return (pdu_receive_proxy(pdu)); #endif assert(proxy_mode == false); pdu_read(pdu->pdu_connection->conn_socket, (char *)pdu->pdu_bhs, sizeof(*pdu->pdu_bhs)); len = pdu_ahs_length(pdu); if (len > 0) log_errx(1, "protocol error: non-empty AHS"); len = pdu_data_segment_length(pdu); if (len > 0) { if (len > MAX_DATA_SEGMENT_LENGTH) { log_errx(1, "protocol error: received PDU " "with DataSegmentLength exceeding %d", MAX_DATA_SEGMENT_LENGTH); } pdu->pdu_data_len = len; pdu->pdu_data = malloc(len); if (pdu->pdu_data == NULL) log_err(1, "malloc"); pdu_read(pdu->pdu_connection->conn_socket, (char *)pdu->pdu_data, pdu->pdu_data_len); padding = pdu_padding(pdu); if (padding != 0) { assert(padding < sizeof(dummy)); pdu_read(pdu->pdu_connection->conn_socket, (char *)dummy, padding); } } } void pdu_send(struct pdu *pdu) { ssize_t ret, total_len; size_t padding; uint32_t zero = 0; struct iovec iov[3]; int iovcnt; #ifdef ICL_KERNEL_PROXY if (proxy_mode) return (pdu_send_proxy(pdu)); #endif assert(proxy_mode == false); pdu_set_data_segment_length(pdu, pdu->pdu_data_len); iov[0].iov_base = pdu->pdu_bhs; iov[0].iov_len = sizeof(*pdu->pdu_bhs); total_len = iov[0].iov_len; iovcnt = 1; if (pdu->pdu_data_len > 0) { iov[1].iov_base = pdu->pdu_data; iov[1].iov_len = pdu->pdu_data_len; total_len += iov[1].iov_len; iovcnt = 2; padding = pdu_padding(pdu); if (padding > 0) { assert(padding < sizeof(zero)); iov[2].iov_base = &zero; iov[2].iov_len = padding; total_len += iov[2].iov_len; iovcnt = 3; } } ret = writev(pdu->pdu_connection->conn_socket, iov, iovcnt); if (ret < 0) { if (timed_out()) log_errx(1, "exiting due to timeout"); log_err(1, "writev"); } if (ret != total_len) log_errx(1, "short write"); } void pdu_delete(struct pdu *pdu) { free(pdu->pdu_data); free(pdu->pdu_bhs); free(pdu); } Index: head/usr.sbin/iscsid/chap.c =================================================================== --- head/usr.sbin/iscsid/chap.c (revision 304604) +++ head/usr.sbin/iscsid/chap.c (revision 304605) @@ -1,422 +1,422 @@ /*- * Copyright (c) 2014 The FreeBSD Foundation * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include "iscsid.h" static void chap_compute_md5(const char id, const char *secret, const void *challenge, size_t challenge_len, void *response, size_t response_len) { MD5_CTX ctx; assert(response_len == CHAP_DIGEST_LEN); MD5Init(&ctx); MD5Update(&ctx, &id, sizeof(id)); MD5Update(&ctx, secret, strlen(secret)); MD5Update(&ctx, challenge, challenge_len); MD5Final(response, &ctx); } static int chap_hex2int(const char hex) { switch (hex) { case '0': return (0x00); case '1': return (0x01); case '2': return (0x02); case '3': return (0x03); case '4': return (0x04); case '5': return (0x05); case '6': return (0x06); case '7': return (0x07); case '8': return (0x08); case '9': return (0x09); case 'a': case 'A': return (0x0a); case 'b': case 'B': return (0x0b); case 'c': case 'C': return (0x0c); case 'd': case 'D': return (0x0d); case 'e': case 'E': return (0x0e); case 'f': case 'F': return (0x0f); default: return (-1); } } static int chap_b642bin(const char *b64, void **binp, size_t *bin_lenp) { char *bin; int b64_len, bin_len; b64_len = strlen(b64); bin_len = (b64_len + 3) / 4 * 3; bin = calloc(bin_len, 1); if (bin == NULL) log_err(1, "calloc"); bin_len = b64_pton(b64, bin, bin_len); if (bin_len < 0) { log_warnx("malformed base64 variable"); free(bin); return (-1); } *binp = bin; *bin_lenp = bin_len; return (0); } /* * XXX: Review this _carefully_. */ static int chap_hex2bin(const char *hex, void **binp, size_t *bin_lenp) { int i, hex_len, nibble; bool lo = true; /* As opposed to 'hi'. */ char *bin; size_t bin_off, bin_len; if (strncasecmp(hex, "0b", strlen("0b")) == 0) return (chap_b642bin(hex + 2, binp, bin_lenp)); if (strncasecmp(hex, "0x", strlen("0x")) != 0) { log_warnx("malformed variable, should start with \"0x\"" " or \"0b\""); return (-1); } hex += strlen("0x"); hex_len = strlen(hex); if (hex_len < 1) { log_warnx("malformed variable; doesn't contain anything " "but \"0x\""); return (-1); } bin_len = hex_len / 2 + hex_len % 2; bin = calloc(bin_len, 1); if (bin == NULL) log_err(1, "calloc"); bin_off = bin_len - 1; for (i = hex_len - 1; i >= 0; i--) { nibble = chap_hex2int(hex[i]); if (nibble < 0) { log_warnx("malformed variable, invalid char \"%c\"", hex[i]); free(bin); return (-1); } assert(bin_off < bin_len); if (lo) { bin[bin_off] = nibble; lo = false; } else { bin[bin_off] |= nibble << 4; bin_off--; lo = true; } } *binp = bin; *bin_lenp = bin_len; return (0); } #ifdef USE_BASE64 static char * chap_bin2hex(const char *bin, size_t bin_len) { unsigned char *b64, *tmp; size_t b64_len; b64_len = (bin_len + 2) / 3 * 4 + 3; /* +2 for "0b", +1 for '\0'. */ b64 = malloc(b64_len); if (b64 == NULL) log_err(1, "malloc"); tmp = b64; tmp += sprintf(tmp, "0b"); b64_ntop(bin, bin_len, tmp, b64_len - 2); return (b64); } #else static char * chap_bin2hex(const char *bin, size_t bin_len) { unsigned char *hex, *tmp, ch; size_t hex_len; size_t i; hex_len = bin_len * 2 + 3; /* +2 for "0x", +1 for '\0'. */ hex = malloc(hex_len); if (hex == NULL) log_err(1, "malloc"); tmp = hex; tmp += sprintf(tmp, "0x"); for (i = 0; i < bin_len; i++) { ch = bin[i]; tmp += sprintf(tmp, "%02x", ch); } return (hex); } #endif /* !USE_BASE64 */ struct chap * chap_new(void) { struct chap *chap; - chap = calloc(sizeof(*chap), 1); + chap = calloc(1, sizeof(*chap)); if (chap == NULL) log_err(1, "calloc"); /* * Generate the challenge. */ arc4random_buf(chap->chap_challenge, sizeof(chap->chap_challenge)); arc4random_buf(&chap->chap_id, sizeof(chap->chap_id)); return (chap); } char * chap_get_id(const struct chap *chap) { char *chap_i; int ret; ret = asprintf(&chap_i, "%d", chap->chap_id); if (ret < 0) log_err(1, "asprintf"); return (chap_i); } char * chap_get_challenge(const struct chap *chap) { char *chap_c; chap_c = chap_bin2hex(chap->chap_challenge, sizeof(chap->chap_challenge)); return (chap_c); } static int chap_receive_bin(struct chap *chap, void *response, size_t response_len) { if (response_len != sizeof(chap->chap_response)) { log_debugx("got CHAP response with invalid length; " "got %zd, should be %zd", response_len, sizeof(chap->chap_response)); return (1); } memcpy(chap->chap_response, response, response_len); return (0); } int chap_receive(struct chap *chap, const char *response) { void *response_bin; size_t response_bin_len; int error; error = chap_hex2bin(response, &response_bin, &response_bin_len); if (error != 0) { log_debugx("got incorrectly encoded CHAP response \"%s\"", response); return (1); } error = chap_receive_bin(chap, response_bin, response_bin_len); free(response_bin); return (error); } int chap_authenticate(struct chap *chap, const char *secret) { char expected_response[CHAP_DIGEST_LEN]; chap_compute_md5(chap->chap_id, secret, chap->chap_challenge, sizeof(chap->chap_challenge), expected_response, sizeof(expected_response)); if (memcmp(chap->chap_response, expected_response, sizeof(expected_response)) != 0) { return (-1); } return (0); } void chap_delete(struct chap *chap) { free(chap); } struct rchap * rchap_new(const char *secret) { struct rchap *rchap; - rchap = calloc(sizeof(*rchap), 1); + rchap = calloc(1, sizeof(*rchap)); if (rchap == NULL) log_err(1, "calloc"); rchap->rchap_secret = checked_strdup(secret); return (rchap); } static void rchap_receive_bin(struct rchap *rchap, const unsigned char id, const void *challenge, size_t challenge_len) { rchap->rchap_id = id; rchap->rchap_challenge = calloc(challenge_len, 1); if (rchap->rchap_challenge == NULL) log_err(1, "calloc"); memcpy(rchap->rchap_challenge, challenge, challenge_len); rchap->rchap_challenge_len = challenge_len; } int rchap_receive(struct rchap *rchap, const char *id, const char *challenge) { unsigned char id_bin; void *challenge_bin; size_t challenge_bin_len; int error; id_bin = strtoul(id, NULL, 10); error = chap_hex2bin(challenge, &challenge_bin, &challenge_bin_len); if (error != 0) { log_debugx("got incorrectly encoded CHAP challenge \"%s\"", challenge); return (1); } rchap_receive_bin(rchap, id_bin, challenge_bin, challenge_bin_len); free(challenge_bin); return (0); } static void rchap_get_response_bin(struct rchap *rchap, void **responsep, size_t *response_lenp) { void *response_bin; size_t response_bin_len = CHAP_DIGEST_LEN; response_bin = calloc(response_bin_len, 1); if (response_bin == NULL) log_err(1, "calloc"); chap_compute_md5(rchap->rchap_id, rchap->rchap_secret, rchap->rchap_challenge, rchap->rchap_challenge_len, response_bin, response_bin_len); *responsep = response_bin; *response_lenp = response_bin_len; } char * rchap_get_response(struct rchap *rchap) { void *response; size_t response_len; char *chap_r; rchap_get_response_bin(rchap, &response, &response_len); chap_r = chap_bin2hex(response, response_len); free(response); return (chap_r); } void rchap_delete(struct rchap *rchap) { free(rchap->rchap_secret); free(rchap->rchap_challenge); free(rchap); } Index: head/usr.sbin/iscsid/keys.c =================================================================== --- head/usr.sbin/iscsid/keys.c (revision 304604) +++ head/usr.sbin/iscsid/keys.c (revision 304605) @@ -1,198 +1,198 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include "iscsid.h" struct keys * keys_new(void) { struct keys *keys; - keys = calloc(sizeof(*keys), 1); + keys = calloc(1, sizeof(*keys)); if (keys == NULL) log_err(1, "calloc"); return (keys); } void keys_delete(struct keys *keys) { free(keys->keys_data); free(keys); } void keys_load(struct keys *keys, const struct pdu *pdu) { int i; char *pair; size_t pair_len; if (pdu->pdu_data_len == 0) return; if (pdu->pdu_data[pdu->pdu_data_len - 1] != '\0') log_errx(1, "protocol error: key not NULL-terminated\n"); assert(keys->keys_data == NULL); keys->keys_data_len = pdu->pdu_data_len; keys->keys_data = malloc(keys->keys_data_len); if (keys->keys_data == NULL) log_err(1, "malloc"); memcpy(keys->keys_data, pdu->pdu_data, keys->keys_data_len); /* * XXX: Review this carefully. */ pair = keys->keys_data; for (i = 0;; i++) { if (i >= KEYS_MAX) log_errx(1, "too many keys received"); pair_len = strlen(pair); keys->keys_values[i] = pair; keys->keys_names[i] = strsep(&keys->keys_values[i], "="); if (keys->keys_names[i] == NULL || keys->keys_values[i] == NULL) log_errx(1, "malformed keys"); log_debugx("key received: \"%s=%s\"", keys->keys_names[i], keys->keys_values[i]); pair += pair_len + 1; /* +1 to skip the terminating '\0'. */ if (pair == keys->keys_data + keys->keys_data_len) break; assert(pair < keys->keys_data + keys->keys_data_len); } } void keys_save(struct keys *keys, struct pdu *pdu) { char *data; size_t len; int i; /* * XXX: Not particularly efficient. */ len = 0; for (i = 0; i < KEYS_MAX; i++) { if (keys->keys_names[i] == NULL) break; /* * +1 for '=', +1 for '\0'. */ len += strlen(keys->keys_names[i]) + strlen(keys->keys_values[i]) + 2; } if (len == 0) return; data = malloc(len); if (data == NULL) log_err(1, "malloc"); pdu->pdu_data = data; pdu->pdu_data_len = len; for (i = 0; i < KEYS_MAX; i++) { if (keys->keys_names[i] == NULL) break; data += sprintf(data, "%s=%s", keys->keys_names[i], keys->keys_values[i]); data += 1; /* for '\0'. */ } } const char * keys_find(struct keys *keys, const char *name) { int i; /* * Note that we don't handle duplicated key names here, * as they are not supposed to happen in requests, and if they do, * it's an initiator error. */ for (i = 0; i < KEYS_MAX; i++) { if (keys->keys_names[i] == NULL) return (NULL); if (strcmp(keys->keys_names[i], name) == 0) return (keys->keys_values[i]); } return (NULL); } void keys_add(struct keys *keys, const char *name, const char *value) { int i; log_debugx("key to send: \"%s=%s\"", name, value); /* * Note that we don't check for duplicates here, as they are perfectly * fine in responses, e.g. the "TargetName" keys in discovery sesion * response. */ for (i = 0; i < KEYS_MAX; i++) { if (keys->keys_names[i] == NULL) { keys->keys_names[i] = checked_strdup(name); keys->keys_values[i] = checked_strdup(value); return; } } log_errx(1, "too many keys"); } void keys_add_int(struct keys *keys, const char *name, int value) { char *str; int ret; ret = asprintf(&str, "%d", value); if (ret <= 0) log_err(1, "asprintf"); keys_add(keys, name, str); free(str); } Index: head/usr.sbin/iscsid/pdu.c =================================================================== --- head/usr.sbin/iscsid/pdu.c (revision 304604) +++ head/usr.sbin/iscsid/pdu.c (revision 304605) @@ -1,304 +1,304 @@ /*- * Copyright (c) 2012 The FreeBSD Foundation * All rights reserved. * * This software was developed by Edward Tomasz Napierala under sponsorship * from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include "iscsid.h" #include "iscsi_proto.h" #ifdef ICL_KERNEL_PROXY #include #endif static int pdu_ahs_length(const struct pdu *pdu) { return (pdu->pdu_bhs->bhs_total_ahs_len * 4); } static int pdu_data_segment_length(const struct pdu *pdu) { uint32_t len = 0; len += pdu->pdu_bhs->bhs_data_segment_len[0]; len <<= 8; len += pdu->pdu_bhs->bhs_data_segment_len[1]; len <<= 8; len += pdu->pdu_bhs->bhs_data_segment_len[2]; return (len); } static void pdu_set_data_segment_length(struct pdu *pdu, uint32_t len) { pdu->pdu_bhs->bhs_data_segment_len[2] = len; pdu->pdu_bhs->bhs_data_segment_len[1] = len >> 8; pdu->pdu_bhs->bhs_data_segment_len[0] = len >> 16; } struct pdu * pdu_new(struct connection *conn) { struct pdu *pdu; - pdu = calloc(sizeof(*pdu), 1); + pdu = calloc(1, sizeof(*pdu)); if (pdu == NULL) log_err(1, "calloc"); - pdu->pdu_bhs = calloc(sizeof(*pdu->pdu_bhs), 1); + pdu->pdu_bhs = calloc(1, sizeof(*pdu->pdu_bhs)); if (pdu->pdu_bhs == NULL) log_err(1, "calloc"); pdu->pdu_connection = conn; return (pdu); } struct pdu * pdu_new_response(struct pdu *request) { return (pdu_new(request->pdu_connection)); } #ifdef ICL_KERNEL_PROXY static void pdu_receive_proxy(struct pdu *pdu) { struct iscsi_daemon_receive *idr; size_t len; int error; assert(pdu->pdu_connection->conn_conf.isc_iser != 0); pdu->pdu_data = malloc(ISCSI_MAX_DATA_SEGMENT_LENGTH); if (pdu->pdu_data == NULL) log_err(1, "malloc"); idr = calloc(1, sizeof(*idr)); if (idr == NULL) log_err(1, "calloc"); idr->idr_session_id = pdu->pdu_connection->conn_session_id; idr->idr_bhs = pdu->pdu_bhs; idr->idr_data_segment_len = ISCSI_MAX_DATA_SEGMENT_LENGTH; idr->idr_data_segment = pdu->pdu_data; error = ioctl(pdu->pdu_connection->conn_iscsi_fd, ISCSIDRECEIVE, idr); if (error != 0) log_err(1, "ISCSIDRECEIVE"); len = pdu_ahs_length(pdu); if (len > 0) log_errx(1, "protocol error: non-empty AHS"); len = pdu_data_segment_length(pdu); assert(len <= ISCSI_MAX_DATA_SEGMENT_LENGTH); pdu->pdu_data_len = len; free(idr); } static void pdu_send_proxy(struct pdu *pdu) { struct iscsi_daemon_send *ids; int error; assert(pdu->pdu_connection->conn_conf.isc_iser != 0); pdu_set_data_segment_length(pdu, pdu->pdu_data_len); ids = calloc(1, sizeof(*ids)); if (ids == NULL) log_err(1, "calloc"); ids->ids_session_id = pdu->pdu_connection->conn_session_id; ids->ids_bhs = pdu->pdu_bhs; ids->ids_data_segment_len = pdu->pdu_data_len; ids->ids_data_segment = pdu->pdu_data; error = ioctl(pdu->pdu_connection->conn_iscsi_fd, ISCSIDSEND, ids); if (error != 0) log_err(1, "ISCSIDSEND"); free(ids); } #endif /* ICL_KERNEL_PROXY */ static size_t pdu_padding(const struct pdu *pdu) { if ((pdu->pdu_data_len % 4) != 0) return (4 - (pdu->pdu_data_len % 4)); return (0); } static void pdu_read(const struct connection *conn, char *data, size_t len) { ssize_t ret; while (len > 0) { ret = read(conn->conn_socket, data, len); if (ret < 0) { if (timed_out()) { fail(conn, "Login Phase timeout"); log_errx(1, "exiting due to timeout"); } fail(conn, strerror(errno)); log_err(1, "read"); } else if (ret == 0) { fail(conn, "connection lost"); log_errx(1, "read: connection lost"); } len -= ret; data += ret; } } void pdu_receive(struct pdu *pdu) { size_t len, padding; char dummy[4]; #ifdef ICL_KERNEL_PROXY if (pdu->pdu_connection->conn_conf.isc_iser != 0) return (pdu_receive_proxy(pdu)); #endif assert(pdu->pdu_connection->conn_conf.isc_iser == 0); pdu_read(pdu->pdu_connection, (char *)pdu->pdu_bhs, sizeof(*pdu->pdu_bhs)); len = pdu_ahs_length(pdu); if (len > 0) log_errx(1, "protocol error: non-empty AHS"); len = pdu_data_segment_length(pdu); if (len > 0) { if (len > ISCSI_MAX_DATA_SEGMENT_LENGTH) { log_errx(1, "protocol error: received PDU " "with DataSegmentLength exceeding %d", ISCSI_MAX_DATA_SEGMENT_LENGTH); } pdu->pdu_data_len = len; pdu->pdu_data = malloc(len); if (pdu->pdu_data == NULL) log_err(1, "malloc"); pdu_read(pdu->pdu_connection, (char *)pdu->pdu_data, pdu->pdu_data_len); padding = pdu_padding(pdu); if (padding != 0) { assert(padding < sizeof(dummy)); pdu_read(pdu->pdu_connection, (char *)dummy, padding); } } } void pdu_send(struct pdu *pdu) { ssize_t ret, total_len; size_t padding; uint32_t zero = 0; struct iovec iov[3]; int iovcnt; #ifdef ICL_KERNEL_PROXY if (pdu->pdu_connection->conn_conf.isc_iser != 0) return (pdu_send_proxy(pdu)); #endif assert(pdu->pdu_connection->conn_conf.isc_iser == 0); pdu_set_data_segment_length(pdu, pdu->pdu_data_len); iov[0].iov_base = pdu->pdu_bhs; iov[0].iov_len = sizeof(*pdu->pdu_bhs); total_len = iov[0].iov_len; iovcnt = 1; if (pdu->pdu_data_len > 0) { iov[1].iov_base = pdu->pdu_data; iov[1].iov_len = pdu->pdu_data_len; total_len += iov[1].iov_len; iovcnt = 2; padding = pdu_padding(pdu); if (padding > 0) { assert(padding < sizeof(zero)); iov[2].iov_base = &zero; iov[2].iov_len = padding; total_len += iov[2].iov_len; iovcnt = 3; } } ret = writev(pdu->pdu_connection->conn_socket, iov, iovcnt); if (ret < 0) { if (timed_out()) log_errx(1, "exiting due to timeout"); log_err(1, "writev"); } if (ret != total_len) log_errx(1, "short write"); } void pdu_delete(struct pdu *pdu) { free(pdu->pdu_data); free(pdu->pdu_bhs); free(pdu); }