MFC r261760:
Add a new auth-group "default", defaulting to deny, and make it possible to redefine it. From now on, assigning auth-group to a target is no longer mandatory. Sponsored by: The FreeBSD Foundation
This commit is contained in:
parent
d57dc1f923
commit
60885b6065
@ -1105,10 +1105,9 @@ conf_verify(struct conf *conf)
|
||||
|
||||
TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
|
||||
if (targ->t_auth_group == NULL) {
|
||||
log_warnx("missing authentication for target \"%s\"; "
|
||||
"must specify either \"auth-group\", \"chap\", "
|
||||
"or \"chap-mutual\"", targ->t_name);
|
||||
return (1);
|
||||
targ->t_auth_group = auth_group_find(conf,
|
||||
"default");
|
||||
assert(targ->t_auth_group != NULL);
|
||||
}
|
||||
if (targ->t_portal_group == NULL) {
|
||||
targ->t_portal_group = portal_group_find(conf,
|
||||
|
@ -132,7 +132,17 @@ auth_group: AUTH_GROUP auth_group_name
|
||||
|
||||
auth_group_name: STR
|
||||
{
|
||||
auth_group = auth_group_new(conf, $1);
|
||||
/*
|
||||
* Make it possible to redefine default
|
||||
* auth-group. but only once.
|
||||
*/
|
||||
if (strcmp($1, "default") == 0 &&
|
||||
conf->conf_default_ag_defined == false) {
|
||||
auth_group = auth_group_find(conf, $1);
|
||||
conf->conf_default_ag_defined = true;
|
||||
} else {
|
||||
auth_group = auth_group_new(conf, $1);
|
||||
}
|
||||
free($1);
|
||||
if (auth_group == NULL)
|
||||
return (1);
|
||||
@ -712,6 +722,9 @@ conf_new_from_file(const char *path)
|
||||
|
||||
conf = conf_new();
|
||||
|
||||
ag = auth_group_new(conf, "default");
|
||||
assert(ag != NULL);
|
||||
|
||||
ag = auth_group_new(conf, "no-authentication");
|
||||
assert(ag != NULL);
|
||||
ag->ag_type = AG_TYPE_NO_AUTHENTICATION;
|
||||
@ -747,6 +760,14 @@ conf_new_from_file(const char *path)
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
if (conf->conf_default_ag_defined == false) {
|
||||
log_debugx("auth-group \"default\" not defined; "
|
||||
"going with defaults");
|
||||
ag = auth_group_find(conf, "default");
|
||||
assert(ag != NULL);
|
||||
ag->ag_type = AG_TYPE_CHAP;
|
||||
}
|
||||
|
||||
if (conf->conf_default_pg_defined == false) {
|
||||
log_debugx("portal-group \"default\" not defined; "
|
||||
"going with defaults");
|
||||
|
Loading…
Reference in New Issue
Block a user