svn commit: r273584 - head/usr.sbin/ctld
Edward Tomasz Napierala
trasz at FreeBSD.org
Fri Oct 24 11:40:11 UTC 2014
Author: trasz
Date: Fri Oct 24 11:40:09 2014
New Revision: 273584
URL: https://svnweb.freebsd.org/changeset/base/273584
Log:
Make the initiator-name and initiator-portal checks a little nicer.
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Modified:
head/usr.sbin/ctld/ctld.c
head/usr.sbin/ctld/ctld.h
head/usr.sbin/ctld/login.c
Modified: head/usr.sbin/ctld/ctld.c
==============================================================================
--- head/usr.sbin/ctld/ctld.c Fri Oct 24 11:34:55 2014 (r273583)
+++ head/usr.sbin/ctld/ctld.c Fri Oct 24 11:40:09 2014 (r273584)
@@ -318,6 +318,18 @@ auth_name_find(const struct auth_group *
return (NULL);
}
+int
+auth_name_check(const struct auth_group *ag, const char *initiator_name)
+{
+ if (!auth_name_defined(ag))
+ return (0);
+
+ if (auth_name_find(ag, initiator_name) == NULL)
+ return (1);
+
+ return (0);
+}
+
const struct auth_portal *
auth_portal_new(struct auth_group *ag, const char *portal)
{
@@ -430,6 +442,19 @@ next:
return (NULL);
}
+int
+auth_portal_check(const struct auth_group *ag, const struct sockaddr_storage *sa)
+{
+
+ if (!auth_portal_defined(ag))
+ return (0);
+
+ if (auth_portal_find(ag, sa) == NULL)
+ return (1);
+
+ return (0);
+}
+
struct auth_group *
auth_group_new(struct conf *conf, const char *name)
{
Modified: head/usr.sbin/ctld/ctld.h
==============================================================================
--- head/usr.sbin/ctld/ctld.h Fri Oct 24 11:34:55 2014 (r273583)
+++ head/usr.sbin/ctld/ctld.h Fri Oct 24 11:40:09 2014 (r273584)
@@ -263,12 +263,16 @@ const struct auth_name *auth_name_new(st
bool auth_name_defined(const struct auth_group *ag);
const struct auth_name *auth_name_find(const struct auth_group *ag,
const char *initiator_name);
+int auth_name_check(const struct auth_group *ag,
+ const char *initiator_name);
const struct auth_portal *auth_portal_new(struct auth_group *ag,
const char *initiator_portal);
bool auth_portal_defined(const struct auth_group *ag);
const struct auth_portal *auth_portal_find(const struct auth_group *ag,
const struct sockaddr_storage *sa);
+int auth_portal_check(const struct auth_group *ag,
+ const struct sockaddr_storage *sa);
struct portal_group *portal_group_new(struct conf *conf, const char *name);
void portal_group_delete(struct portal_group *pg);
Modified: head/usr.sbin/ctld/login.c
==============================================================================
--- head/usr.sbin/ctld/login.c Fri Oct 24 11:34:55 2014 (r273583)
+++ head/usr.sbin/ctld/login.c Fri Oct 24 11:40:09 2014 (r273584)
@@ -780,28 +780,15 @@ login(struct connection *conn)
/*
* Enforce initiator-name and initiator-portal.
*/
- if (auth_name_defined(ag)) {
- if (auth_name_find(ag, initiator_name) == NULL) {
- login_send_error(request, 0x02, 0x02);
- log_errx(1, "initiator does not match allowed "
- "initiator names");
- }
- log_debugx("initiator matches allowed initiator names");
- } else {
- log_debugx("auth-group does not define initiator name "
- "restrictions");
+ if (auth_name_check(ag, initiator_name) != 0) {
+ login_send_error(request, 0x02, 0x02);
+ log_errx(1, "initiator does not match allowed initiator names");
}
- if (auth_portal_defined(ag)) {
- if (auth_portal_find(ag, &conn->conn_initiator_sa) == NULL) {
- login_send_error(request, 0x02, 0x02);
- log_errx(1, "initiator does not match allowed "
- "initiator portals");
- }
- log_debugx("initiator matches allowed initiator portals");
- } else {
- log_debugx("auth-group does not define initiator portal "
- "restrictions");
+ if (auth_portal_check(ag, &conn->conn_initiator_sa) != 0) {
+ login_send_error(request, 0x02, 0x02);
+ log_errx(1, "initiator does not match allowed "
+ "initiator portals");
}
/*
More information about the svn-src-head
mailing list