diff options
| author | trasz <trasz@FreeBSD.org> | 2014-10-24 11:40:09 +0000 |
|---|---|---|
| committer | trasz <trasz@FreeBSD.org> | 2014-10-24 11:40:09 +0000 |
| commit | 904ee8f9378b694958e470ffc7d0ae7fc8ad8f95 (patch) | |
| tree | 661abf2cba7a204ad3c2512c1babfa5b7c3b7d61 /usr.sbin/ctld | |
| parent | e2e58f80cc8a6e6632b043d08a1cc05ef3ccdcd6 (diff) | |
| download | FreeBSD-src-904ee8f9378b694958e470ffc7d0ae7fc8ad8f95.zip FreeBSD-src-904ee8f9378b694958e470ffc7d0ae7fc8ad8f95.tar.gz | |
Make the initiator-name and initiator-portal checks a little nicer.
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Diffstat (limited to 'usr.sbin/ctld')
| -rw-r--r-- | usr.sbin/ctld/ctld.c | 25 | ||||
| -rw-r--r-- | usr.sbin/ctld/ctld.h | 4 | ||||
| -rw-r--r-- | usr.sbin/ctld/login.c | 27 |
3 files changed, 36 insertions, 20 deletions
diff --git a/usr.sbin/ctld/ctld.c b/usr.sbin/ctld/ctld.c index c8ca4a9..d27d73c 100644 --- a/usr.sbin/ctld/ctld.c +++ b/usr.sbin/ctld/ctld.c @@ -318,6 +318,18 @@ auth_name_find(const struct auth_group *ag, const char *name) return (NULL); } +int +auth_name_check(const struct auth_group *ag, const char *initiator_name) +{ + if (!auth_name_defined(ag)) + return (0); + + if (auth_name_find(ag, initiator_name) == NULL) + return (1); + + return (0); +} + const struct auth_portal * auth_portal_new(struct auth_group *ag, const char *portal) { @@ -430,6 +442,19 @@ next: return (NULL); } +int +auth_portal_check(const struct auth_group *ag, const struct sockaddr_storage *sa) +{ + + if (!auth_portal_defined(ag)) + return (0); + + if (auth_portal_find(ag, sa) == NULL) + return (1); + + return (0); +} + struct auth_group * auth_group_new(struct conf *conf, const char *name) { diff --git a/usr.sbin/ctld/ctld.h b/usr.sbin/ctld/ctld.h index e0eb913..f0a03bd 100644 --- a/usr.sbin/ctld/ctld.h +++ b/usr.sbin/ctld/ctld.h @@ -263,12 +263,16 @@ const struct auth_name *auth_name_new(struct auth_group *ag, bool auth_name_defined(const struct auth_group *ag); const struct auth_name *auth_name_find(const struct auth_group *ag, const char *initiator_name); +int auth_name_check(const struct auth_group *ag, + const char *initiator_name); const struct auth_portal *auth_portal_new(struct auth_group *ag, const char *initiator_portal); bool auth_portal_defined(const struct auth_group *ag); const struct auth_portal *auth_portal_find(const struct auth_group *ag, const struct sockaddr_storage *sa); +int auth_portal_check(const struct auth_group *ag, + const struct sockaddr_storage *sa); struct portal_group *portal_group_new(struct conf *conf, const char *name); void portal_group_delete(struct portal_group *pg); diff --git a/usr.sbin/ctld/login.c b/usr.sbin/ctld/login.c index a09814d..575707f 100644 --- a/usr.sbin/ctld/login.c +++ b/usr.sbin/ctld/login.c @@ -780,28 +780,15 @@ login(struct connection *conn) /* * Enforce initiator-name and initiator-portal. */ - if (auth_name_defined(ag)) { - if (auth_name_find(ag, initiator_name) == NULL) { - login_send_error(request, 0x02, 0x02); - log_errx(1, "initiator does not match allowed " - "initiator names"); - } - log_debugx("initiator matches allowed initiator names"); - } else { - log_debugx("auth-group does not define initiator name " - "restrictions"); + if (auth_name_check(ag, initiator_name) != 0) { + login_send_error(request, 0x02, 0x02); + log_errx(1, "initiator does not match allowed initiator names"); } - if (auth_portal_defined(ag)) { - if (auth_portal_find(ag, &conn->conn_initiator_sa) == NULL) { - login_send_error(request, 0x02, 0x02); - log_errx(1, "initiator does not match allowed " - "initiator portals"); - } - log_debugx("initiator matches allowed initiator portals"); - } else { - log_debugx("auth-group does not define initiator portal " - "restrictions"); + if (auth_portal_check(ag, &conn->conn_initiator_sa) != 0) { + login_send_error(request, 0x02, 0x02); + log_errx(1, "initiator does not match allowed " + "initiator portals"); } /* |
