git: 80888d8610ee - stable/14 - ctld: Reduce code duplication in auth_check_secret_length

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: John Baldwin <jhb_at_FreeBSD.org>
Date: Tue, 27 Jan 2026 18:44:26 UTC
The branch stable/14 has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=80888d8610ee6d0c3553ca22fa684117e186f70a

commit 80888d8610ee6d0c3553ca22fa684117e186f70a
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2025-04-11 13:59:52 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2026-01-27 18:15:57 +0000

    ctld: Reduce code duplication in auth_check_secret_length
    
    Only check a single secret length in the function and call it twice
    for the CHAP-MUTUAL case.
    
    Sponsored by:   Chelsio Communications
    Differential Revision:  https://reviews.freebsd.org/D49642
    
    (cherry picked from commit 4214775235ebc01e0d22da5f09a2e4cff16bfa74)
---
 usr.sbin/ctld/ctld.cc | 67 ++++++++++++++-------------------------------------
 1 file changed, 18 insertions(+), 49 deletions(-)

diff --git a/usr.sbin/ctld/ctld.cc b/usr.sbin/ctld/ctld.cc
index eb873acda59e..1c2d9779e697 100644
--- a/usr.sbin/ctld/ctld.cc
+++ b/usr.sbin/ctld/ctld.cc
@@ -183,63 +183,31 @@ auth_find(const struct auth_group *ag, const char *user)
 }
 
 static void
-auth_check_secret_length(struct auth *auth)
+auth_check_secret_length(const struct auth_group *ag, const char *user,
+    const char *secret, const char *secret_type)
 {
 	size_t len;
 
-	len = strlen(auth->a_secret);
+	len = strlen(secret);
 	if (len > 16) {
-		if (auth->a_auth_group->ag_name != NULL)
-			log_warnx("secret for user \"%s\", auth-group \"%s\", "
+		if (ag->ag_name != NULL)
+			log_warnx("%s for user \"%s\", auth-group \"%s\", "
 			    "is too long; it should be at most 16 characters "
-			    "long", auth->a_user, auth->a_auth_group->ag_name);
+			    "long", secret_type, user, ag->ag_name);
 		else
-			log_warnx("secret for user \"%s\", target \"%s\", "
+			log_warnx("%s for user \"%s\", target \"%s\", "
 			    "is too long; it should be at most 16 characters "
-			    "long", auth->a_user,
-			    auth->a_auth_group->ag_target->t_name);
+			    "long", secret_type, user, ag->ag_target->t_name);
 	}
 	if (len < 12) {
-		if (auth->a_auth_group->ag_name != NULL)
-			log_warnx("secret for user \"%s\", auth-group \"%s\", "
+		if (ag->ag_name != NULL)
+			log_warnx("%s for user \"%s\", auth-group \"%s\", "
 			    "is too short; it should be at least 12 characters "
-			    "long", auth->a_user,
-			    auth->a_auth_group->ag_name);
+			    "long", secret_type, user, ag->ag_name);
 		else
-			log_warnx("secret for user \"%s\", target \"%s\", "
+			log_warnx("%s for user \"%s\", target \"%s\", "
 			    "is too short; it should be at least 12 characters "
-			    "long", auth->a_user,
-			    auth->a_auth_group->ag_target->t_name);
-	}
-
-	if (auth->a_mutual_secret != NULL) {
-		len = strlen(auth->a_mutual_secret);
-		if (len > 16) {
-			if (auth->a_auth_group->ag_name != NULL)
-				log_warnx("mutual secret for user \"%s\", "
-				    "auth-group \"%s\", is too long; it should "
-				    "be at most 16 characters long",
-				    auth->a_user, auth->a_auth_group->ag_name);
-			else
-				log_warnx("mutual secret for user \"%s\", "
-				    "target \"%s\", is too long; it should "
-				    "be at most 16 characters long",
-				    auth->a_user,
-				    auth->a_auth_group->ag_target->t_name);
-		}
-		if (len < 12) {
-			if (auth->a_auth_group->ag_name != NULL)
-				log_warnx("mutual secret for user \"%s\", "
-				    "auth-group \"%s\", is too short; it "
-				    "should be at least 12 characters long",
-				    auth->a_user, auth->a_auth_group->ag_name);
-			else
-				log_warnx("mutual secret for user \"%s\", "
-				    "target \"%s\", is too short; it should be "
-				    "at least 12 characters long",
-				    auth->a_user,
-				    auth->a_auth_group->ag_target->t_name);
-		}
+			    "long", secret_type, user, ag->ag_target->t_name);
 	}
 }
 
@@ -262,12 +230,12 @@ auth_new_chap(struct auth_group *ag, const char *user,
 		return (false);
 	}
 
+	auth_check_secret_length(ag, user, secret, "secret");
+
 	auth = auth_new(ag);
 	auth->a_user = checked_strdup(user);
 	auth->a_secret = checked_strdup(secret);
 
-	auth_check_secret_length(auth);
-
 	return (true);
 }
 
@@ -291,14 +259,15 @@ auth_new_chap_mutual(struct auth_group *ag, const char *user,
 		return (false);
 	}
 
+	auth_check_secret_length(ag, user, secret, "secret");
+	auth_check_secret_length(ag, user, secret2, "mutual secret");
+
 	auth = auth_new(ag);
 	auth->a_user = checked_strdup(user);
 	auth->a_secret = checked_strdup(secret);
 	auth->a_mutual_user = checked_strdup(user2);
 	auth->a_mutual_secret = checked_strdup(secret2);
 
-	auth_check_secret_length(auth);
-
 	return (true);
 }