Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 24 Oct 2014 11:40:10 +0000 (UTC)
From:      Edward Tomasz Napierala <trasz@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r273584 - head/usr.sbin/ctld
Message-ID:  <201410241140.s9OBeAaX071917@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: trasz
Date: Fri Oct 24 11:40:09 2014
New Revision: 273584
URL: https://svnweb.freebsd.org/changeset/base/273584

Log:
  Make the initiator-name and initiator-portal checks a little nicer.
  
  MFC after:	1 month
  Sponsored by:	The FreeBSD Foundation

Modified:
  head/usr.sbin/ctld/ctld.c
  head/usr.sbin/ctld/ctld.h
  head/usr.sbin/ctld/login.c

Modified: head/usr.sbin/ctld/ctld.c
==============================================================================
--- head/usr.sbin/ctld/ctld.c	Fri Oct 24 11:34:55 2014	(r273583)
+++ head/usr.sbin/ctld/ctld.c	Fri Oct 24 11:40:09 2014	(r273584)
@@ -318,6 +318,18 @@ auth_name_find(const struct auth_group *
 	return (NULL);
 }
 
+int
+auth_name_check(const struct auth_group *ag, const char *initiator_name)
+{
+	if (!auth_name_defined(ag))
+		return (0);
+
+	if (auth_name_find(ag, initiator_name) == NULL)
+		return (1);
+
+	return (0);
+}
+
 const struct auth_portal *
 auth_portal_new(struct auth_group *ag, const char *portal)
 {
@@ -430,6 +442,19 @@ next:
 	return (NULL);
 }
 
+int
+auth_portal_check(const struct auth_group *ag, const struct sockaddr_storage *sa)
+{
+
+	if (!auth_portal_defined(ag))
+		return (0);
+
+	if (auth_portal_find(ag, sa) == NULL)
+		return (1);
+
+	return (0);
+}
+
 struct auth_group *
 auth_group_new(struct conf *conf, const char *name)
 {

Modified: head/usr.sbin/ctld/ctld.h
==============================================================================
--- head/usr.sbin/ctld/ctld.h	Fri Oct 24 11:34:55 2014	(r273583)
+++ head/usr.sbin/ctld/ctld.h	Fri Oct 24 11:40:09 2014	(r273584)
@@ -263,12 +263,16 @@ const struct auth_name	*auth_name_new(st
 bool			auth_name_defined(const struct auth_group *ag);
 const struct auth_name	*auth_name_find(const struct auth_group *ag,
 			    const char *initiator_name);
+int			auth_name_check(const struct auth_group *ag,
+			    const char *initiator_name);
 
 const struct auth_portal	*auth_portal_new(struct auth_group *ag,
 				    const char *initiator_portal);
 bool			auth_portal_defined(const struct auth_group *ag);
 const struct auth_portal	*auth_portal_find(const struct auth_group *ag,
 				    const struct sockaddr_storage *sa);
+int				auth_portal_check(const struct auth_group *ag,
+				    const struct sockaddr_storage *sa);
 
 struct portal_group	*portal_group_new(struct conf *conf, const char *name);
 void			portal_group_delete(struct portal_group *pg);

Modified: head/usr.sbin/ctld/login.c
==============================================================================
--- head/usr.sbin/ctld/login.c	Fri Oct 24 11:34:55 2014	(r273583)
+++ head/usr.sbin/ctld/login.c	Fri Oct 24 11:40:09 2014	(r273584)
@@ -780,28 +780,15 @@ login(struct connection *conn)
 	/*
 	 * Enforce initiator-name and initiator-portal.
 	 */
-	if (auth_name_defined(ag)) {
-		if (auth_name_find(ag, initiator_name) == NULL) {
-			login_send_error(request, 0x02, 0x02);
-			log_errx(1, "initiator does not match allowed "
-			    "initiator names");
-		}
-		log_debugx("initiator matches allowed initiator names");
-	} else {
-		log_debugx("auth-group does not define initiator name "
-		    "restrictions");
+	if (auth_name_check(ag, initiator_name) != 0) {
+		login_send_error(request, 0x02, 0x02);
+		log_errx(1, "initiator does not match allowed initiator names");
 	}
 
-	if (auth_portal_defined(ag)) {
-		if (auth_portal_find(ag, &conn->conn_initiator_sa) == NULL) {
-			login_send_error(request, 0x02, 0x02);
-			log_errx(1, "initiator does not match allowed "
-			    "initiator portals");
-		}
-		log_debugx("initiator matches allowed initiator portals");
-	} else {
-		log_debugx("auth-group does not define initiator portal "
-		    "restrictions");
+	if (auth_portal_check(ag, &conn->conn_initiator_sa) != 0) {
+		login_send_error(request, 0x02, 0x02);
+		log_errx(1, "initiator does not match allowed "
+		    "initiator portals");
 	}
 
 	/*



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201410241140.s9OBeAaX071917>