Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 25 Mar 2014 12:20:29 +0000 (UTC)
From:      Edward Tomasz Napierala <trasz@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject:   svn commit: r263728 - stable/10/usr.sbin/ctld
Message-ID:  <201403251220.s2PCKT8c073936@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: trasz
Date: Tue Mar 25 12:20:29 2014
New Revision: 263728
URL: http://svnweb.freebsd.org/changeset/base/263728

Log:
  MFC r261762:
  
  Use "default" as default discovery-auth-group, instead of "no-access".
  It doesn't change visible behaviour, as previously auth-group "default"
  wasn't redefinable, so by default access was always denied.
  
  Sponsored by:	The FreeBSD Foundation

Modified:
  stable/10/usr.sbin/ctld/ctl.conf.5
  stable/10/usr.sbin/ctld/ctld.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/usr.sbin/ctld/ctl.conf.5
==============================================================================
--- stable/10/usr.sbin/ctld/ctl.conf.5	Tue Mar 25 12:18:37 2014	(r263727)
+++ stable/10/usr.sbin/ctld/ctl.conf.5	Tue Mar 25 12:20:29 2014	(r263728)
@@ -131,9 +131,11 @@ The following statements are available a
 .It Ic discovery-auth-group Aq Ar name
 Assigns previously defined authentication group to that portal group,
 to be used for target discovery.
-By default, the discovery will be denied.
-A special auth-group, "no-authentication", may be used to allow for discovery
-without authentication.
+By default, portal groups that do not specify their own auth settings,
+using clauses such as "chap" or "initiator-name", are assigned
+predefined auth-group "default", which denies discovery.
+Another predefined auth-group, "no-authentication", may be used
+to permit discovery without authentication.
 .It Ic listen Aq Ar address
 Specifies IPv4 or IPv6 address and port to listen on for incoming connections.
 .It Ic listen-iser Aq Ar address

Modified: stable/10/usr.sbin/ctld/ctld.c
==============================================================================
--- stable/10/usr.sbin/ctld/ctld.c	Tue Mar 25 12:18:37 2014	(r263727)
+++ stable/10/usr.sbin/ctld/ctld.c	Tue Mar 25 12:20:29 2014	(r263728)
@@ -1132,7 +1132,7 @@ conf_verify(struct conf *conf)
 		assert(pg->pg_name != NULL);
 		if (pg->pg_discovery_auth_group == NULL) {
 			pg->pg_discovery_auth_group =
-			    auth_group_find(conf, "no-access");
+			    auth_group_find(conf, "default");
 			assert(pg->pg_discovery_auth_group != NULL);
 		}
 
@@ -1159,6 +1159,7 @@ conf_verify(struct conf *conf)
 				break;
 		}
 		if (targ == NULL && ag->ag_name != NULL &&
+		    strcmp(ag->ag_name, "default") != 0 &&
 		    strcmp(ag->ag_name, "no-authentication") != 0 &&
 		    strcmp(ag->ag_name, "no-access") != 0) {
 			log_warnx("auth-group \"%s\" not assigned "

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201403251220.s2PCKT8c073936>