diff options
| author | trasz <trasz@FreeBSD.org> | 2014-03-25 12:01:55 +0000 |
|---|---|---|
| committer | trasz <trasz@FreeBSD.org> | 2014-03-25 12:01:55 +0000 |
| commit | c67809725b91564418db05d81c4defd4948baa01 (patch) | |
| tree | 8f32ea3fb07ad18a77ceef48d79fdb7f6a75212e /usr.sbin/ctld/login.c | |
| parent | cf1ffe3cac870ee6ad26c728c25900ce607b3839 (diff) | |
| download | FreeBSD-src-c67809725b91564418db05d81c4defd4948baa01.zip FreeBSD-src-c67809725b91564418db05d81c4defd4948baa01.tar.gz | |
MFC r261754:
Implement initiator-name and initiator-portal restrictions.
Sponsored by: The FreeBSD Foundation
Diffstat (limited to 'usr.sbin/ctld/login.c')
| -rw-r--r-- | usr.sbin/ctld/login.c | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/usr.sbin/ctld/login.c b/usr.sbin/ctld/login.c index b528fc0..c3e7532 100644 --- a/usr.sbin/ctld/login.c +++ b/usr.sbin/ctld/login.c @@ -940,6 +940,33 @@ login(struct connection *conn) } /* + * Enforce initiator-name and initiator-portal. + */ + if (auth_name_defined(ag)) { + if (auth_name_find(ag, initiator_name) == NULL) { + login_send_error(request, 0x02, 0x02); + log_errx(1, "initiator does not match allowed " + "initiator names"); + } + log_debugx("initiator matches allowed initiator names"); + } else { + log_debugx("auth-group does not define initiator name " + "restrictions"); + } + + if (auth_portal_defined(ag)) { + if (auth_portal_find(ag, conn->conn_initiator_addr) == NULL) { + login_send_error(request, 0x02, 0x02); + log_errx(1, "initiator does not match allowed " + "initiator portals"); + } + log_debugx("initiator matches allowed initiator portals"); + } else { + log_debugx("auth-group does not define initiator portal " + "restrictions"); + } + + /* * Let's see if the initiator intends to do any kind of authentication * at all. */ |
