svn commit: r261762 - head/usr.sbin/ctld
Edward Tomasz Napierala
trasz at FreeBSD.org
Tue Feb 11 11:31:09 UTC 2014
Author: trasz
Date: Tue Feb 11 11:31:08 2014
New Revision: 261762
URL: http://svnweb.freebsd.org/changeset/base/261762
Log:
Use "default" as default discovery-auth-group, instead of "no-access".
It doesn't change visible behaviour, as previously auth-group "default"
wasn't redefinable, so by default access was always denied.
Sponsored by: The FreeBSD Foundation
Modified:
head/usr.sbin/ctld/ctl.conf.5
head/usr.sbin/ctld/ctld.c
Modified: head/usr.sbin/ctld/ctl.conf.5
==============================================================================
--- head/usr.sbin/ctld/ctl.conf.5 Tue Feb 11 11:29:58 2014 (r261761)
+++ head/usr.sbin/ctld/ctl.conf.5 Tue Feb 11 11:31:08 2014 (r261762)
@@ -131,9 +131,11 @@ The following statements are available a
.It Ic discovery-auth-group Aq Ar name
Assigns previously defined authentication group to that portal group,
to be used for target discovery.
-By default, the discovery will be denied.
-A special auth-group, "no-authentication", may be used to allow for discovery
-without authentication.
+By default, portal groups that do not specify their own auth settings,
+using clauses such as "chap" or "initiator-name", are assigned
+predefined auth-group "default", which denies discovery.
+Another predefined auth-group, "no-authentication", may be used
+to permit discovery without authentication.
.It Ic listen Aq Ar address
Specifies IPv4 or IPv6 address and port to listen on for incoming connections.
.It Ic listen-iser Aq Ar address
Modified: head/usr.sbin/ctld/ctld.c
==============================================================================
--- head/usr.sbin/ctld/ctld.c Tue Feb 11 11:29:58 2014 (r261761)
+++ head/usr.sbin/ctld/ctld.c Tue Feb 11 11:31:08 2014 (r261762)
@@ -1132,7 +1132,7 @@ conf_verify(struct conf *conf)
assert(pg->pg_name != NULL);
if (pg->pg_discovery_auth_group == NULL) {
pg->pg_discovery_auth_group =
- auth_group_find(conf, "no-access");
+ auth_group_find(conf, "default");
assert(pg->pg_discovery_auth_group != NULL);
}
@@ -1159,6 +1159,7 @@ conf_verify(struct conf *conf)
break;
}
if (targ == NULL && ag->ag_name != NULL &&
+ strcmp(ag->ag_name, "default") != 0 &&
strcmp(ag->ag_name, "no-authentication") != 0 &&
strcmp(ag->ag_name, "no-access") != 0) {
log_warnx("auth-group \"%s\" not assigned "
More information about the svn-src-all
mailing list