Date: Mon, 24 Nov 2014 07:59:45 +0000 (UTC) From: Edward Tomasz Napierala <trasz@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r274949 - stable/10/usr.sbin/ctld Message-ID: <201411240759.sAO7xj0t092042@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: trasz Date: Mon Nov 24 07:59:44 2014 New Revision: 274949 URL: https://svnweb.freebsd.org/changeset/base/274949 Log: MFC r273584: Make the initiator-name and initiator-portal checks a little nicer. Sponsored by: The FreeBSD Foundation Modified: stable/10/usr.sbin/ctld/ctld.c stable/10/usr.sbin/ctld/ctld.h stable/10/usr.sbin/ctld/login.c Directory Properties: stable/10/ (props changed) Modified: stable/10/usr.sbin/ctld/ctld.c ============================================================================== --- stable/10/usr.sbin/ctld/ctld.c Mon Nov 24 07:57:20 2014 (r274948) +++ stable/10/usr.sbin/ctld/ctld.c Mon Nov 24 07:59:44 2014 (r274949) @@ -325,6 +325,18 @@ auth_name_find(const struct auth_group * return (NULL); } +int +auth_name_check(const struct auth_group *ag, const char *initiator_name) +{ + if (!auth_name_defined(ag)) + return (0); + + if (auth_name_find(ag, initiator_name) == NULL) + return (1); + + return (0); +} + const struct auth_portal * auth_portal_new(struct auth_group *ag, const char *portal) { @@ -437,6 +449,19 @@ next: return (NULL); } +int +auth_portal_check(const struct auth_group *ag, const struct sockaddr_storage *sa) +{ + + if (!auth_portal_defined(ag)) + return (0); + + if (auth_portal_find(ag, sa) == NULL) + return (1); + + return (0); +} + struct auth_group * auth_group_new(struct conf *conf, const char *name) { Modified: stable/10/usr.sbin/ctld/ctld.h ============================================================================== --- stable/10/usr.sbin/ctld/ctld.h Mon Nov 24 07:57:20 2014 (r274948) +++ stable/10/usr.sbin/ctld/ctld.h Mon Nov 24 07:59:44 2014 (r274949) @@ -273,12 +273,16 @@ const struct auth_name *auth_name_new(st bool auth_name_defined(const struct auth_group *ag); const struct auth_name *auth_name_find(const struct auth_group *ag, const char *initiator_name); +int auth_name_check(const struct auth_group *ag, + const char *initiator_name); const struct auth_portal *auth_portal_new(struct auth_group *ag, const char *initiator_portal); bool auth_portal_defined(const struct auth_group *ag); const struct auth_portal *auth_portal_find(const struct auth_group *ag, const struct sockaddr_storage *sa); +int auth_portal_check(const struct auth_group *ag, + const struct sockaddr_storage *sa); struct portal_group *portal_group_new(struct conf *conf, const char *name); void portal_group_delete(struct portal_group *pg); Modified: stable/10/usr.sbin/ctld/login.c ============================================================================== --- stable/10/usr.sbin/ctld/login.c Mon Nov 24 07:57:20 2014 (r274948) +++ stable/10/usr.sbin/ctld/login.c Mon Nov 24 07:59:44 2014 (r274949) @@ -780,28 +780,15 @@ login(struct connection *conn) /* * Enforce initiator-name and initiator-portal. */ - if (auth_name_defined(ag)) { - if (auth_name_find(ag, initiator_name) == NULL) { - login_send_error(request, 0x02, 0x02); - log_errx(1, "initiator does not match allowed " - "initiator names"); - } - log_debugx("initiator matches allowed initiator names"); - } else { - log_debugx("auth-group does not define initiator name " - "restrictions"); + if (auth_name_check(ag, initiator_name) != 0) { + login_send_error(request, 0x02, 0x02); + log_errx(1, "initiator does not match allowed initiator names"); } - if (auth_portal_defined(ag)) { - if (auth_portal_find(ag, &conn->conn_initiator_sa) == NULL) { - login_send_error(request, 0x02, 0x02); - log_errx(1, "initiator does not match allowed " - "initiator portals"); - } - log_debugx("initiator matches allowed initiator portals"); - } else { - log_debugx("auth-group does not define initiator portal " - "restrictions"); + if (auth_portal_check(ag, &conn->conn_initiator_sa) != 0) { + login_send_error(request, 0x02, 0x02); + log_errx(1, "initiator does not match allowed " + "initiator portals"); } /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201411240759.sAO7xj0t092042>