Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 24 Nov 2014 07:59:45 +0000 (UTC)
From:      Edward Tomasz Napierala <trasz@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject:   svn commit: r274949 - stable/10/usr.sbin/ctld
Message-ID:  <201411240759.sAO7xj0t092042@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: trasz
Date: Mon Nov 24 07:59:44 2014
New Revision: 274949
URL: https://svnweb.freebsd.org/changeset/base/274949

Log:
  MFC r273584:
  
  Make the initiator-name and initiator-portal checks a little nicer.
  
  Sponsored by:	The FreeBSD Foundation

Modified:
  stable/10/usr.sbin/ctld/ctld.c
  stable/10/usr.sbin/ctld/ctld.h
  stable/10/usr.sbin/ctld/login.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/usr.sbin/ctld/ctld.c
==============================================================================
--- stable/10/usr.sbin/ctld/ctld.c	Mon Nov 24 07:57:20 2014	(r274948)
+++ stable/10/usr.sbin/ctld/ctld.c	Mon Nov 24 07:59:44 2014	(r274949)
@@ -325,6 +325,18 @@ auth_name_find(const struct auth_group *
 	return (NULL);
 }
 
+int
+auth_name_check(const struct auth_group *ag, const char *initiator_name)
+{
+	if (!auth_name_defined(ag))
+		return (0);
+
+	if (auth_name_find(ag, initiator_name) == NULL)
+		return (1);
+
+	return (0);
+}
+
 const struct auth_portal *
 auth_portal_new(struct auth_group *ag, const char *portal)
 {
@@ -437,6 +449,19 @@ next:
 	return (NULL);
 }
 
+int
+auth_portal_check(const struct auth_group *ag, const struct sockaddr_storage *sa)
+{
+
+	if (!auth_portal_defined(ag))
+		return (0);
+
+	if (auth_portal_find(ag, sa) == NULL)
+		return (1);
+
+	return (0);
+}
+
 struct auth_group *
 auth_group_new(struct conf *conf, const char *name)
 {

Modified: stable/10/usr.sbin/ctld/ctld.h
==============================================================================
--- stable/10/usr.sbin/ctld/ctld.h	Mon Nov 24 07:57:20 2014	(r274948)
+++ stable/10/usr.sbin/ctld/ctld.h	Mon Nov 24 07:59:44 2014	(r274949)
@@ -273,12 +273,16 @@ const struct auth_name	*auth_name_new(st
 bool			auth_name_defined(const struct auth_group *ag);
 const struct auth_name	*auth_name_find(const struct auth_group *ag,
 			    const char *initiator_name);
+int			auth_name_check(const struct auth_group *ag,
+			    const char *initiator_name);
 
 const struct auth_portal	*auth_portal_new(struct auth_group *ag,
 				    const char *initiator_portal);
 bool			auth_portal_defined(const struct auth_group *ag);
 const struct auth_portal	*auth_portal_find(const struct auth_group *ag,
 				    const struct sockaddr_storage *sa);
+int				auth_portal_check(const struct auth_group *ag,
+				    const struct sockaddr_storage *sa);
 
 struct portal_group	*portal_group_new(struct conf *conf, const char *name);
 void			portal_group_delete(struct portal_group *pg);

Modified: stable/10/usr.sbin/ctld/login.c
==============================================================================
--- stable/10/usr.sbin/ctld/login.c	Mon Nov 24 07:57:20 2014	(r274948)
+++ stable/10/usr.sbin/ctld/login.c	Mon Nov 24 07:59:44 2014	(r274949)
@@ -780,28 +780,15 @@ login(struct connection *conn)
 	/*
 	 * Enforce initiator-name and initiator-portal.
 	 */
-	if (auth_name_defined(ag)) {
-		if (auth_name_find(ag, initiator_name) == NULL) {
-			login_send_error(request, 0x02, 0x02);
-			log_errx(1, "initiator does not match allowed "
-			    "initiator names");
-		}
-		log_debugx("initiator matches allowed initiator names");
-	} else {
-		log_debugx("auth-group does not define initiator name "
-		    "restrictions");
+	if (auth_name_check(ag, initiator_name) != 0) {
+		login_send_error(request, 0x02, 0x02);
+		log_errx(1, "initiator does not match allowed initiator names");
 	}
 
-	if (auth_portal_defined(ag)) {
-		if (auth_portal_find(ag, &conn->conn_initiator_sa) == NULL) {
-			login_send_error(request, 0x02, 0x02);
-			log_errx(1, "initiator does not match allowed "
-			    "initiator portals");
-		}
-		log_debugx("initiator matches allowed initiator portals");
-	} else {
-		log_debugx("auth-group does not define initiator portal "
-		    "restrictions");
+	if (auth_portal_check(ag, &conn->conn_initiator_sa) != 0) {
+		login_send_error(request, 0x02, 0x02);
+		log_errx(1, "initiator does not match allowed "
+		    "initiator portals");
 	}
 
 	/*



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201411240759.sAO7xj0t092042>