From owner-svn-src-all@FreeBSD.ORG Tue Mar 25 12:20:30 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 408D1F75; Tue, 25 Mar 2014 12:20:30 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 132852BA; Tue, 25 Mar 2014 12:20:30 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s2PCKTWP073938; Tue, 25 Mar 2014 12:20:29 GMT (envelope-from trasz@svn.freebsd.org) Received: (from trasz@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s2PCKT8c073936; Tue, 25 Mar 2014 12:20:29 GMT (envelope-from trasz@svn.freebsd.org) Message-Id: <201403251220.s2PCKT8c073936@svn.freebsd.org> From: Edward Tomasz Napierala Date: Tue, 25 Mar 2014 12:20:29 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r263728 - stable/10/usr.sbin/ctld X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Mar 2014 12:20:30 -0000 Author: trasz Date: Tue Mar 25 12:20:29 2014 New Revision: 263728 URL: http://svnweb.freebsd.org/changeset/base/263728 Log: MFC r261762: Use "default" as default discovery-auth-group, instead of "no-access". It doesn't change visible behaviour, as previously auth-group "default" wasn't redefinable, so by default access was always denied. Sponsored by: The FreeBSD Foundation Modified: stable/10/usr.sbin/ctld/ctl.conf.5 stable/10/usr.sbin/ctld/ctld.c Directory Properties: stable/10/ (props changed) Modified: stable/10/usr.sbin/ctld/ctl.conf.5 ============================================================================== --- stable/10/usr.sbin/ctld/ctl.conf.5 Tue Mar 25 12:18:37 2014 (r263727) +++ stable/10/usr.sbin/ctld/ctl.conf.5 Tue Mar 25 12:20:29 2014 (r263728) @@ -131,9 +131,11 @@ The following statements are available a .It Ic discovery-auth-group Aq Ar name Assigns previously defined authentication group to that portal group, to be used for target discovery. -By default, the discovery will be denied. -A special auth-group, "no-authentication", may be used to allow for discovery -without authentication. +By default, portal groups that do not specify their own auth settings, +using clauses such as "chap" or "initiator-name", are assigned +predefined auth-group "default", which denies discovery. +Another predefined auth-group, "no-authentication", may be used +to permit discovery without authentication. .It Ic listen Aq Ar address Specifies IPv4 or IPv6 address and port to listen on for incoming connections. .It Ic listen-iser Aq Ar address Modified: stable/10/usr.sbin/ctld/ctld.c ============================================================================== --- stable/10/usr.sbin/ctld/ctld.c Tue Mar 25 12:18:37 2014 (r263727) +++ stable/10/usr.sbin/ctld/ctld.c Tue Mar 25 12:20:29 2014 (r263728) @@ -1132,7 +1132,7 @@ conf_verify(struct conf *conf) assert(pg->pg_name != NULL); if (pg->pg_discovery_auth_group == NULL) { pg->pg_discovery_auth_group = - auth_group_find(conf, "no-access"); + auth_group_find(conf, "default"); assert(pg->pg_discovery_auth_group != NULL); } @@ -1159,6 +1159,7 @@ conf_verify(struct conf *conf) break; } if (targ == NULL && ag->ag_name != NULL && + strcmp(ag->ag_name, "default") != 0 && strcmp(ag->ag_name, "no-authentication") != 0 && strcmp(ag->ag_name, "no-access") != 0) { log_warnx("auth-group \"%s\" not assigned "