svn commit: r274949 - stable/10/usr.sbin/ctld
Edward Tomasz Napierala
trasz at FreeBSD.org
Mon Nov 24 07:59:46 UTC 2014
Author: trasz
Date: Mon Nov 24 07:59:44 2014
New Revision: 274949
URL: https://svnweb.freebsd.org/changeset/base/274949
Log:
MFC r273584:
Make the initiator-name and initiator-portal checks a little nicer.
Sponsored by: The FreeBSD Foundation
Modified:
stable/10/usr.sbin/ctld/ctld.c
stable/10/usr.sbin/ctld/ctld.h
stable/10/usr.sbin/ctld/login.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/usr.sbin/ctld/ctld.c
==============================================================================
--- stable/10/usr.sbin/ctld/ctld.c Mon Nov 24 07:57:20 2014 (r274948)
+++ stable/10/usr.sbin/ctld/ctld.c Mon Nov 24 07:59:44 2014 (r274949)
@@ -325,6 +325,18 @@ auth_name_find(const struct auth_group *
return (NULL);
}
+int
+auth_name_check(const struct auth_group *ag, const char *initiator_name)
+{
+ if (!auth_name_defined(ag))
+ return (0);
+
+ if (auth_name_find(ag, initiator_name) == NULL)
+ return (1);
+
+ return (0);
+}
+
const struct auth_portal *
auth_portal_new(struct auth_group *ag, const char *portal)
{
@@ -437,6 +449,19 @@ next:
return (NULL);
}
+int
+auth_portal_check(const struct auth_group *ag, const struct sockaddr_storage *sa)
+{
+
+ if (!auth_portal_defined(ag))
+ return (0);
+
+ if (auth_portal_find(ag, sa) == NULL)
+ return (1);
+
+ return (0);
+}
+
struct auth_group *
auth_group_new(struct conf *conf, const char *name)
{
Modified: stable/10/usr.sbin/ctld/ctld.h
==============================================================================
--- stable/10/usr.sbin/ctld/ctld.h Mon Nov 24 07:57:20 2014 (r274948)
+++ stable/10/usr.sbin/ctld/ctld.h Mon Nov 24 07:59:44 2014 (r274949)
@@ -273,12 +273,16 @@ const struct auth_name *auth_name_new(st
bool auth_name_defined(const struct auth_group *ag);
const struct auth_name *auth_name_find(const struct auth_group *ag,
const char *initiator_name);
+int auth_name_check(const struct auth_group *ag,
+ const char *initiator_name);
const struct auth_portal *auth_portal_new(struct auth_group *ag,
const char *initiator_portal);
bool auth_portal_defined(const struct auth_group *ag);
const struct auth_portal *auth_portal_find(const struct auth_group *ag,
const struct sockaddr_storage *sa);
+int auth_portal_check(const struct auth_group *ag,
+ const struct sockaddr_storage *sa);
struct portal_group *portal_group_new(struct conf *conf, const char *name);
void portal_group_delete(struct portal_group *pg);
Modified: stable/10/usr.sbin/ctld/login.c
==============================================================================
--- stable/10/usr.sbin/ctld/login.c Mon Nov 24 07:57:20 2014 (r274948)
+++ stable/10/usr.sbin/ctld/login.c Mon Nov 24 07:59:44 2014 (r274949)
@@ -780,28 +780,15 @@ login(struct connection *conn)
/*
* Enforce initiator-name and initiator-portal.
*/
- if (auth_name_defined(ag)) {
- if (auth_name_find(ag, initiator_name) == NULL) {
- login_send_error(request, 0x02, 0x02);
- log_errx(1, "initiator does not match allowed "
- "initiator names");
- }
- log_debugx("initiator matches allowed initiator names");
- } else {
- log_debugx("auth-group does not define initiator name "
- "restrictions");
+ if (auth_name_check(ag, initiator_name) != 0) {
+ login_send_error(request, 0x02, 0x02);
+ log_errx(1, "initiator does not match allowed initiator names");
}
- if (auth_portal_defined(ag)) {
- if (auth_portal_find(ag, &conn->conn_initiator_sa) == NULL) {
- login_send_error(request, 0x02, 0x02);
- log_errx(1, "initiator does not match allowed "
- "initiator portals");
- }
- log_debugx("initiator matches allowed initiator portals");
- } else {
- log_debugx("auth-group does not define initiator portal "
- "restrictions");
+ if (auth_portal_check(ag, &conn->conn_initiator_sa) != 0) {
+ login_send_error(request, 0x02, 0x02);
+ log_errx(1, "initiator does not match allowed "
+ "initiator portals");
}
/*
More information about the svn-src-stable
mailing list