From nobody Tue Jan 27 18:44:27 2026
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4f0vT75gvNz6QG8r
	for <dev-commits-src-branches@mlmmj.nyi.freebsd.org>; Tue, 27 Jan 2026 18:44:27 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4f0vT73h0Gz3rVK
	for <dev-commits-src-branches@FreeBSD.org>; Tue, 27 Jan 2026 18:44:27 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1769539467;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=G8yZl3zoBjs97XVb7m+cB0m2vuyUxoZPKPwmobTJ0gQ=;
	b=lIOO7K20diSEWcoMCbUKluJHR7aFwW4tDb4Sk7J/cWE/fh/i+7YeOj2mhDhkTNTfjYkUTT
	JgGuzsdDYWu1gZHQbkT2kxSMLsMFNRWmROxnpC/t0DWbnkf2Oj7cTKOiJwUTU9qKQbrnVS
	LnRv2bbYsvQUkZ4vLPit9cE3+qWntQlxrBzI0XsKaN76XsHO/LLgIEbKRXQ3bo5ph6eYkj
	qhr1vH51c5Ww16RPaWe42FcZxCBmYD5Z7bu1PHribZT7cwF7apb4GQ+ttvxE0dzzE46Q4H
	9e7JIrXGpRz4eLenOtVBwSFBZei0XBUhVorPRq0ACklK9mPUUmQ6XC2/P0L34g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1769539467;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=G8yZl3zoBjs97XVb7m+cB0m2vuyUxoZPKPwmobTJ0gQ=;
	b=IHva4iYzUWlMFTVJ+kBUrkbNvkyqVnurOnrUGM2+9IybfFqtP58LAr5+9qJlXD9Zjv29BA
	X35XxccEfTKku6UhubhE8pXGP5FFfrzOVHzBLgAnKB5TFU+iTTOUYbHYSIkfbMUHcQ6nbv
	P8/tmELW7kvvuYQj4mjArdIGOpvLvGkd1mI1SDh66bhN/0HQA/Mv8AEOhWd1shr4jv6ggR
	16BZtZqRiMUBZrIbCo6A/Mi8Lm4cEm1uK24o5SypumH6Trvz3MXPeLkYkSK92gftbOYf4Q
	2J9P2kuI+1udb0zT0mHtcClqGZxQD5lidApLpc5FbDRgi5BqT1ksXKlPdzRHsw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1769539467; a=rsa-sha256; cv=none;
	b=EFD8ovpclTiBo9D5RmBIhDC0QDqL2P3Bcm1qDc+/Xjx4yY6Xl9nDEUf8kLyp3IferEq3yS
	ckE1TfqCw/6pz0OEahf2BRU31qkQnKcVN7c+y1FhogTKpxYVs2DSF+zzXDxab7Rn2dC9t8
	WI516jnVDNwtq3q9T31ROVx4rCTZB/SsepuJJwDN0up2e/XdDwWkm2yxl7RlrKEA/51zG2
	+9NiYOhvYXsqzYfNP8U2/CTvlOuA0snQ6VTHiqxww4wmxud4WZEI1tPoZcRF4GF911yEn+
	NQyponCv2kcF2ibUOu6BRHDAAN7qMfPVa2+jrHUm4rAOVKuo+d/yNSC4JOJQMg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4f0vT736VSz3tY
	for <dev-commits-src-branches@FreeBSD.org>; Tue, 27 Jan 2026 18:44:27 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id efd6
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Tue, 27 Jan 2026 18:44:27 +0000
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
From: John Baldwin <jhb@FreeBSD.org>
Subject: git: e87f835bf13b - stable/14 - ctld: Add a label string to auth_groups
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: jhb
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: e87f835bf13bcc514a54f224b8b4d5f85befb213
Auto-Submitted: auto-generated
Date: Tue, 27 Jan 2026 18:44:27 +0000
Message-Id: <6979078b.efd6.47fd1d2c@gitrepo.freebsd.org>

The branch stable/14 has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=e87f835bf13bcc514a54f224b8b4d5f85befb213

commit e87f835bf13bcc514a54f224b8b4d5f85befb213
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2025-04-11 14:00:14 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2026-01-27 18:15:57 +0000

    ctld: Add a label string to auth_groups
    
    This holds the abstract name of an auth-group for use in warning
    messages.  For anonymous groups associated with a target, the label
    includes the target name.
    
    Abstracting this out removes a lot of code duplication of
    nearly-identical warning messages.
    
    Sponsored by:   Chelsio Communications
    Differential Revision:  https://reviews.freebsd.org/D49643
    
    (cherry picked from commit 2736dc8c28a33ba911fd59f87b587a3d9722e975)
---
 usr.sbin/ctld/conf.cc | 33 +++++---------------
 usr.sbin/ctld/ctld.cc | 85 +++++++++++++++++++++++----------------------------
 usr.sbin/ctld/ctld.h  |  4 ++-
 3 files changed, 50 insertions(+), 72 deletions(-)

diff --git a/usr.sbin/ctld/conf.cc b/usr.sbin/ctld/conf.cc
index ac82d06ad8fa..e86b44ee5004 100644
--- a/usr.sbin/ctld/conf.cc
+++ b/usr.sbin/ctld/conf.cc
@@ -126,25 +126,13 @@ _auth_group_set_type(struct auth_group *ag, const char *str)
 	} else if (strcmp(str, "chap-mutual") == 0) {
 		type = AG_TYPE_CHAP_MUTUAL;
 	} else {
-		if (ag->ag_name != NULL)
-			log_warnx("invalid auth-type \"%s\" for auth-group "
-			    "\"%s\"", str, ag->ag_name);
-		else
-			log_warnx("invalid auth-type \"%s\" for target "
-			    "\"%s\"", str, ag->ag_target->t_name);
+		log_warnx("invalid auth-type \"%s\" for %s", str, ag->ag_label);
 		return (false);
 	}
 
 	if (ag->ag_type != AG_TYPE_UNKNOWN && ag->ag_type != type) {
-		if (ag->ag_name != NULL) {
-			log_warnx("cannot set auth-type to \"%s\" for "
-			    "auth-group \"%s\"; already has a different "
-			    "type", str, ag->ag_name);
-		} else {
-			log_warnx("cannot set auth-type to \"%s\" for target "
-			    "\"%s\"; already has a different type",
-			    str, ag->ag_target->t_name);
-		}
+		log_warnx("cannot set auth-type to \"%s\" for %s; "
+		    "already has a different type", str, ag->ag_label);
 		return (false);
 	}
 
@@ -531,10 +519,9 @@ target_add_chap(const char *user, const char *secret)
 			return (false);
 		}
 	} else {
-		target->t_auth_group = auth_group_new(conf, NULL);
+		target->t_auth_group = auth_group_new(conf, target);
 		if (target->t_auth_group == NULL)
 			return (false);
-		target->t_auth_group->ag_target = target;
 	}
 	return (auth_new_chap(target->t_auth_group, user, secret));
 }
@@ -550,10 +537,9 @@ target_add_chap_mutual(const char *user, const char *secret,
 			return (false);
 		}
 	} else {
-		target->t_auth_group = auth_group_new(conf, NULL);
+		target->t_auth_group = auth_group_new(conf, target);
 		if (target->t_auth_group == NULL)
 			return (false);
-		target->t_auth_group->ag_target = target;
 	}
 	return (auth_new_chap_mutual(target->t_auth_group, user, secret, user2,
 	    secret2));
@@ -569,10 +555,9 @@ target_add_initiator_name(const char *name)
 			return (false);
 		}
 	} else {
-		target->t_auth_group = auth_group_new(conf, NULL);
+		target->t_auth_group = auth_group_new(conf, target);
 		if (target->t_auth_group == NULL)
 			return (false);
-		target->t_auth_group->ag_target = target;
 	}
 	return (auth_name_new(target->t_auth_group, name));
 }
@@ -588,10 +573,9 @@ target_add_initiator_portal(const char *addr)
 			return (false);
 		}
 	} else {
-		target->t_auth_group = auth_group_new(conf, NULL);
+		target->t_auth_group = auth_group_new(conf, target);
 		if (target->t_auth_group == NULL)
 			return (false);
-		target->t_auth_group->ag_target = target;
 	}
 	return (auth_portal_new(target->t_auth_group, addr));
 }
@@ -701,10 +685,9 @@ target_set_auth_type(const char *type)
 			return (false);
 		}
 	} else {
-		target->t_auth_group = auth_group_new(conf, NULL);
+		target->t_auth_group = auth_group_new(conf, target);
 		if (target->t_auth_group == NULL)
 			return (false);
-		target->t_auth_group->ag_target = target;
 	}
 	return (_auth_group_set_type(target->t_auth_group, type));
 }
diff --git a/usr.sbin/ctld/ctld.cc b/usr.sbin/ctld/ctld.cc
index 1c2d9779e697..8172e36e97f9 100644
--- a/usr.sbin/ctld/ctld.cc
+++ b/usr.sbin/ctld/ctld.cc
@@ -190,24 +190,14 @@ auth_check_secret_length(const struct auth_group *ag, const char *user,
 
 	len = strlen(secret);
 	if (len > 16) {
-		if (ag->ag_name != NULL)
-			log_warnx("%s for user \"%s\", auth-group \"%s\", "
-			    "is too long; it should be at most 16 characters "
-			    "long", secret_type, user, ag->ag_name);
-		else
-			log_warnx("%s for user \"%s\", target \"%s\", "
-			    "is too long; it should be at most 16 characters "
-			    "long", secret_type, user, ag->ag_target->t_name);
+		log_warnx("%s for user \"%s\", %s, is too long; it should be "
+		    "at most 16 characters long", secret_type, user,
+		    ag->ag_label);
 	}
 	if (len < 12) {
-		if (ag->ag_name != NULL)
-			log_warnx("%s for user \"%s\", auth-group \"%s\", "
-			    "is too short; it should be at least 12 characters "
-			    "long", secret_type, user, ag->ag_name);
-		else
-			log_warnx("%s for user \"%s\", target \"%s\", "
-			    "is too short; it should be at least 12 characters "
-			    "long", secret_type, user, ag->ag_target->t_name);
+		log_warnx("%s for user \"%s\", %s, is too short; it should be "
+		    "at least 12 characters long", secret_type, user,
+		    ag->ag_label);
 	}
 }
 
@@ -220,13 +210,8 @@ auth_new_chap(struct auth_group *ag, const char *user,
 	if (ag->ag_type == AG_TYPE_UNKNOWN)
 		ag->ag_type = AG_TYPE_CHAP;
 	if (ag->ag_type != AG_TYPE_CHAP) {
-		if (ag->ag_name != NULL)
-			log_warnx("cannot mix \"chap\" authentication with "
-			    "other types for auth-group \"%s\"", ag->ag_name);
-		else
-			log_warnx("cannot mix \"chap\" authentication with "
-			    "other types for target \"%s\"",
-			    ag->ag_target->t_name);
+		log_warnx("cannot mix \"chap\" authentication with "
+		    "other types for %s", ag->ag_label);
 		return (false);
 	}
 
@@ -248,14 +233,8 @@ auth_new_chap_mutual(struct auth_group *ag, const char *user,
 	if (ag->ag_type == AG_TYPE_UNKNOWN)
 		ag->ag_type = AG_TYPE_CHAP_MUTUAL;
 	if (ag->ag_type != AG_TYPE_CHAP_MUTUAL) {
-		if (ag->ag_name != NULL)
-			log_warnx("cannot mix \"chap-mutual\" authentication "
-			    "with other types for auth-group \"%s\"",
-			    ag->ag_name);
-		else
-			log_warnx("cannot mix \"chap-mutual\" authentication "
-			    "with other types for target \"%s\"",
-			    ag->ag_target->t_name);
+		log_warnx("cannot mix \"chap-mutual\" authentication "
+		    "with other types for %s", ag->ag_label);
 		return (false);
 	}
 
@@ -454,24 +433,17 @@ auth_portal_check(const struct auth_group *ag, const struct sockaddr_storage *sa
 	return (true);
 }
 
-struct auth_group *
-auth_group_new(struct conf *conf, const char *name)
+static struct auth_group *
+auth_group_create(struct conf *conf, const char *name, char *label)
 {
 	struct auth_group *ag;
 
-	if (name != NULL) {
-		ag = auth_group_find(conf, name);
-		if (ag != NULL) {
-			log_warnx("duplicated auth-group \"%s\"", name);
-			return (NULL);
-		}
-	}
-
 	ag = reinterpret_cast<struct auth_group *>(calloc(1, sizeof(*ag)));
 	if (ag == NULL)
 		log_err(1, "calloc");
 	if (name != NULL)
 		ag->ag_name = checked_strdup(name);
+	ag->ag_label = label;
 	TAILQ_INIT(&ag->ag_auths);
 	TAILQ_INIT(&ag->ag_names);
 	TAILQ_INIT(&ag->ag_portals);
@@ -481,6 +453,31 @@ auth_group_new(struct conf *conf, const char *name)
 	return (ag);
 }
 
+struct auth_group *
+auth_group_new(struct conf *conf, const char *name)
+{
+	struct auth_group *ag;
+	char *label;
+
+	ag = auth_group_find(conf, name);
+	if (ag != NULL) {
+		log_warnx("duplicated auth-group \"%s\"", name);
+		return (NULL);
+	}
+
+	asprintf(&label, "auth-group \"%s\"", name);
+	return (auth_group_create(conf, name, label));
+}
+
+struct auth_group *
+auth_group_new(struct conf *conf, struct target *target)
+{
+	char *label;
+
+	asprintf(&label, "target \"%s\"", target->t_name);
+	return (auth_group_create(conf, NULL, label));
+}
+
 void
 auth_group_delete(struct auth_group *ag)
 {
@@ -497,6 +494,7 @@ auth_group_delete(struct auth_group *ag)
 	TAILQ_FOREACH_SAFE(auth_portal, &ag->ag_portals, ap_next,
 	    auth_portal_tmp)
 		auth_portal_delete(auth_portal);
+	free(ag->ag_label);
 	free(ag->ag_name);
 	free(ag);
 }
@@ -1541,11 +1539,6 @@ conf_verify(struct conf *conf)
 		}
 	}
 	TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
-		if (ag->ag_name == NULL)
-			assert(ag->ag_target != NULL);
-		else
-			assert(ag->ag_target == NULL);
-
 		found = false;
 		TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
 			if (targ->t_auth_group == ag) {
diff --git a/usr.sbin/ctld/ctld.h b/usr.sbin/ctld/ctld.h
index c76708daafe5..2cc9139fed1d 100644
--- a/usr.sbin/ctld/ctld.h
+++ b/usr.sbin/ctld/ctld.h
@@ -82,7 +82,7 @@ struct auth_group {
 	TAILQ_ENTRY(auth_group)		ag_next;
 	struct conf			*ag_conf;
 	char				*ag_name;
-	struct target			*ag_target;
+	char				*ag_label;
 	int				ag_type;
 	TAILQ_HEAD(, auth)		ag_auths;
 	TAILQ_HEAD(, auth_name)		ag_names;
@@ -257,6 +257,8 @@ void			conf_start(struct conf *new_conf);
 bool			conf_verify(struct conf *conf);
 
 struct auth_group	*auth_group_new(struct conf *conf, const char *name);
+struct auth_group	*auth_group_new(struct conf *conf,
+			    struct target *target);
 void			auth_group_delete(struct auth_group *ag);
 struct auth_group	*auth_group_find(const struct conf *conf,
 			    const char *name);