d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make the initiator-name and initiator-portal checks a little nicer.

Browse Source 
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
This commit is contained in:
Edward Tomasz Napierala 2014-10-24 11:40:09 +00:00
parent ff982835f8
commit e867e16225
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=273584
3 changed files with 36 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
usr.sbin/ctld/ctld.c
View File

@ -318,6 +318,18 @@ auth_name_find(const struct auth_group *ag, const char *name)
return (NULL);
}
int
auth_name_check(const struct auth_group *ag, const char *initiator_name)
{
if (!auth_name_defined(ag))
return (0);
if (auth_name_find(ag, initiator_name) == NULL)
return (1);
return (0);
}
const struct auth_portal *
auth_portal_new(struct auth_group *ag, const char *portal)
{
@ -430,6 +442,19 @@ auth_portal_find(const struct auth_group *ag, const struct sockaddr_storage *ss)
return (NULL);
}
int
auth_portal_check(const struct auth_group *ag, const struct sockaddr_storage *sa)
{
if (!auth_portal_defined(ag))
return (0);
if (auth_portal_find(ag, sa) == NULL)
return (1);
return (0);
}
struct auth_group *
auth_group_new(struct conf *conf, const char *name)
{

4
usr.sbin/ctld/ctld.h
View File

@ -263,12 +263,16 @@ const struct auth_name *auth_name_new(struct auth_group *ag,
bool auth_name_defined(const struct auth_group *ag);
const struct auth_name *auth_name_find(const struct auth_group *ag,
const char *initiator_name);
int auth_name_check(const struct auth_group *ag,
const char *initiator_name);
const struct auth_portal *auth_portal_new(struct auth_group *ag,
const char *initiator_portal);
bool auth_portal_defined(const struct auth_group *ag);
const struct auth_portal *auth_portal_find(const struct auth_group *ag,
const struct sockaddr_storage *sa);
int auth_portal_check(const struct auth_group *ag,
const struct sockaddr_storage *sa);
struct portal_group *portal_group_new(struct conf *conf, const char *name);
void portal_group_delete(struct portal_group *pg);

27
usr.sbin/ctld/login.c
View File

@ -780,28 +780,15 @@ login(struct connection *conn)
/*
* Enforce initiator-name and initiator-portal.
*/
if (auth_name_defined(ag)) {
if (auth_name_find(ag, initiator_name) == NULL) {
login_send_error(request, 0x02, 0x02);
log_errx(1, "initiator does not match allowed "
"initiator names");
}
log_debugx("initiator matches allowed initiator names");
} else {
log_debugx("auth-group does not define initiator name "
"restrictions");
if (auth_name_check(ag, initiator_name) != 0) {
login_send_error(request, 0x02, 0x02);
log_errx(1, "initiator does not match allowed initiator names");
}
if (auth_portal_defined(ag)) {
if (auth_portal_find(ag, &conn->conn_initiator_sa) == NULL) {
login_send_error(request, 0x02, 0x02);
log_errx(1, "initiator does not match allowed "
"initiator portals");
}
log_debugx("initiator matches allowed initiator portals");
} else {
log_debugx("auth-group does not define initiator portal "
"restrictions");
if (auth_portal_check(ag, &conn->conn_initiator_sa) != 0) {
login_send_error(request, 0x02, 0x02);
log_errx(1, "initiator does not match allowed "
"initiator portals");
}
/*