diff options
| author | trasz <trasz@FreeBSD.org> | 2014-03-25 12:16:52 +0000 |
|---|---|---|
| committer | trasz <trasz@FreeBSD.org> | 2014-03-25 12:16:52 +0000 |
| commit | 60885b60652396779ffeb99ae98820f8ed38cb5f (patch) | |
| tree | 93ea7ed7c049aaf07918e39ef96c68a4e95d24b5 /usr.sbin | |
| parent | d57dc1f9239e6fb8feab69be05440bd3d3c61c85 (diff) | |
| download | FreeBSD-src-60885b60652396779ffeb99ae98820f8ed38cb5f.zip FreeBSD-src-60885b60652396779ffeb99ae98820f8ed38cb5f.tar.gz | |
MFC r261760:
Add a new auth-group "default", defaulting to deny, and make it possible
to redefine it. From now on, assigning auth-group to a target is no longer
mandatory.
Sponsored by: The FreeBSD Foundation
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/ctld/ctld.c | 7 | ||||
| -rw-r--r-- | usr.sbin/ctld/parse.y | 23 |
2 files changed, 25 insertions, 5 deletions
diff --git a/usr.sbin/ctld/ctld.c b/usr.sbin/ctld/ctld.c index 3519695..f99f32c 100644 --- a/usr.sbin/ctld/ctld.c +++ b/usr.sbin/ctld/ctld.c @@ -1105,10 +1105,9 @@ conf_verify(struct conf *conf) TAILQ_FOREACH(targ, &conf->conf_targets, t_next) { if (targ->t_auth_group == NULL) { - log_warnx("missing authentication for target \"%s\"; " - "must specify either \"auth-group\", \"chap\", " - "or \"chap-mutual\"", targ->t_name); - return (1); + targ->t_auth_group = auth_group_find(conf, + "default"); + assert(targ->t_auth_group != NULL); } if (targ->t_portal_group == NULL) { targ->t_portal_group = portal_group_find(conf, diff --git a/usr.sbin/ctld/parse.y b/usr.sbin/ctld/parse.y index bed1b5c..c1a506e 100644 --- a/usr.sbin/ctld/parse.y +++ b/usr.sbin/ctld/parse.y @@ -132,7 +132,17 @@ auth_group: AUTH_GROUP auth_group_name auth_group_name: STR { - auth_group = auth_group_new(conf, $1); + /* + * Make it possible to redefine default + * auth-group. but only once. + */ + if (strcmp($1, "default") == 0 && + conf->conf_default_ag_defined == false) { + auth_group = auth_group_find(conf, $1); + conf->conf_default_ag_defined = true; + } else { + auth_group = auth_group_new(conf, $1); + } free($1); if (auth_group == NULL) return (1); @@ -712,6 +722,9 @@ conf_new_from_file(const char *path) conf = conf_new(); + ag = auth_group_new(conf, "default"); + assert(ag != NULL); + ag = auth_group_new(conf, "no-authentication"); assert(ag != NULL); ag->ag_type = AG_TYPE_NO_AUTHENTICATION; @@ -747,6 +760,14 @@ conf_new_from_file(const char *path) return (NULL); } + if (conf->conf_default_ag_defined == false) { + log_debugx("auth-group \"default\" not defined; " + "going with defaults"); + ag = auth_group_find(conf, "default"); + assert(ag != NULL); + ag->ag_type = AG_TYPE_CHAP; + } + if (conf->conf_default_pg_defined == false) { log_debugx("portal-group \"default\" not defined; " "going with defaults"); |
