svn commit: r261758 - head/usr.sbin/ctld
Edward Tomasz Napierala
trasz at FreeBSD.org
Tue Feb 11 11:26:06 UTC 2014
Author: trasz
Date: Tue Feb 11 11:26:05 2014
New Revision: 261758
URL: http://svnweb.freebsd.org/changeset/base/261758
Log:
Add auth-type.
Sponsored by: The FreeBSD Foundation
Modified:
head/usr.sbin/ctld/ctl.conf.5
head/usr.sbin/ctld/ctld.c
head/usr.sbin/ctld/ctld.h
head/usr.sbin/ctld/parse.y
head/usr.sbin/ctld/token.l
Modified: head/usr.sbin/ctld/ctl.conf.5
==============================================================================
--- head/usr.sbin/ctld/ctl.conf.5 Tue Feb 11 11:14:50 2014 (r261757)
+++ head/usr.sbin/ctld/ctl.conf.5 Tue Feb 11 11:26:05 2014 (r261758)
@@ -101,6 +101,11 @@ Setting it to 0 disables the timeout.
.Ss auth-group level
The following statements are available at the auth-group level:
.Bl -tag -width indent
+.It Ic auth-type Ao Ar type Ac
+Specifies authentication type.
+Type can be either "none", "chap", or "chap-mutual".
+In most cases it is not neccessary to set the type using this clause;
+it is usually used to disable authentication for a given auth-group.
.It Ic chap Ao Ar user Ac Aq Ar secret
Specifies CHAP authentication credentials.
.It Ic chap-mutual Ao Ar user Ac Ao Ar secret Ac Ao Ar mutualuser Ac Aq Ar mutualsecret
@@ -147,6 +152,13 @@ There is no default; every target must u
or chap, or chap-mutual statements.
A special auth-group, "no-authentication", may be used to permit access
without authentication.
+.It Ic auth-type Ao Ar type Ac
+Specifies authentication type.
+Type can be either "none", "chap", or "chap-mutual".
+In most cases it is not neccessary to set the type using this clause;
+it is usually used to disable authentication for a given target.
+This clause is mutually exclusive with auth-group; one cannot use
+both in a single target.
.It Ic chap Ao Ar user Ac Aq Ar secret
Specifies CHAP authentication credentials.
Note that targets must use either auth-group, or chap,
Modified: head/usr.sbin/ctld/ctld.c
==============================================================================
--- head/usr.sbin/ctld/ctld.c Tue Feb 11 11:14:50 2014 (r261757)
+++ head/usr.sbin/ctld/ctld.c Tue Feb 11 11:26:05 2014 (r261758)
@@ -417,6 +417,58 @@ auth_group_find(struct conf *conf, const
return (NULL);
}
+static int
+auth_group_set_type(struct auth_group *ag, int type)
+{
+
+ if (ag->ag_type == AG_TYPE_UNKNOWN) {
+ ag->ag_type = type;
+ return (0);
+ }
+
+ if (ag->ag_type == type)
+ return (0);
+
+ return (1);
+}
+
+int
+auth_group_set_type_str(struct auth_group *ag, const char *str)
+{
+ int error, type;
+
+ if (strcmp(str, "none") == 0) {
+ type = AG_TYPE_NO_AUTHENTICATION;
+ } else if (strcmp(str, "chap") == 0) {
+ type = AG_TYPE_CHAP;
+ } else if (strcmp(str, "chap-mutual") == 0) {
+ type = AG_TYPE_CHAP_MUTUAL;
+ } else {
+ if (ag->ag_name != NULL)
+ log_warnx("invalid auth-type \"%s\" for auth-group "
+ "\"%s\"", str, ag->ag_name);
+ else
+ log_warnx("invalid auth-type \"%s\" for target "
+ "\"%s\"", str, ag->ag_target->t_name);
+ return (1);
+ }
+
+ error = auth_group_set_type(ag, type);
+ if (error != 0) {
+ if (ag->ag_name != NULL)
+ log_warnx("cannot set auth-type to \"%s\" for "
+ "auth-group \"%s\"; already has a different "
+ "type", str, ag->ag_name);
+ else
+ log_warnx("cannot set auth-type to \"%s\" for target "
+ "\"%s\"; already has a different type",
+ str, ag->ag_target->t_name);
+ return (1);
+ }
+
+ return (error);
+}
+
static struct portal *
portal_new(struct portal_group *pg)
{
Modified: head/usr.sbin/ctld/ctld.h
==============================================================================
--- head/usr.sbin/ctld/ctld.h Tue Feb 11 11:14:50 2014 (r261757)
+++ head/usr.sbin/ctld/ctld.h Tue Feb 11 11:26:05 2014 (r261758)
@@ -197,6 +197,8 @@ int conf_verify(struct conf *conf);
struct auth_group *auth_group_new(struct conf *conf, const char *name);
void auth_group_delete(struct auth_group *ag);
struct auth_group *auth_group_find(struct conf *conf, const char *name);
+int auth_group_set_type_str(struct auth_group *ag,
+ const char *type);
const struct auth *auth_new_chap(struct auth_group *ag,
const char *user, const char *secret);
Modified: head/usr.sbin/ctld/parse.y
==============================================================================
--- head/usr.sbin/ctld/parse.y Tue Feb 11 11:14:50 2014 (r261757)
+++ head/usr.sbin/ctld/parse.y Tue Feb 11 11:26:05 2014 (r261758)
@@ -57,10 +57,10 @@ extern void yyrestart(FILE *);
%}
-%token ALIAS AUTH_GROUP BACKEND BLOCKSIZE CHAP CHAP_MUTUAL CLOSING_BRACKET
-%token DEBUG DEVICE_ID DISCOVERY_AUTH_GROUP INITIATOR_NAME INITIATOR_PORTAL
-%token LISTEN LISTEN_ISER LUN MAXPROC NUM OPENING_BRACKET OPTION PATH PIDFILE
-%token PORTAL_GROUP SERIAL SIZE STR TARGET TIMEOUT
+%token ALIAS AUTH_GROUP AUTH_TYPE BACKEND BLOCKSIZE CHAP CHAP_MUTUAL
+%token CLOSING_BRACKET DEBUG DEVICE_ID DISCOVERY_AUTH_GROUP INITIATOR_NAME
+%token INITIATOR_PORTAL LISTEN LISTEN_ISER LUN MAXPROC NUM OPENING_BRACKET
+%token OPTION PATH PIDFILE PORTAL_GROUP SERIAL SIZE STR TARGET TIMEOUT
%union
{
@@ -145,6 +145,8 @@ auth_group_entries:
;
auth_group_entry:
+ auth_group_auth_type
+ |
auth_group_chap
|
auth_group_chap_mutual
@@ -154,6 +156,17 @@ auth_group_entry:
auth_group_initiator_portal
;
+auth_group_auth_type: AUTH_TYPE STR
+ {
+ int error;
+
+ error = auth_group_set_type_str(auth_group, $2);
+ free($2);
+ if (error != 0)
+ return (1);
+ }
+ ;
+
auth_group_chap: CHAP STR STR
{
const struct auth *ca;
@@ -299,6 +312,8 @@ target_entry:
|
target_auth_group
|
+ target_auth_type
+ |
target_chap
|
target_chap_mutual
@@ -330,7 +345,7 @@ target_auth_group: AUTH_GROUP STR
log_warnx("auth-group for target \"%s\" "
"specified more than once", target->t_name);
else
- log_warnx("cannot mix auth-group with explicit "
+ log_warnx("cannot use both auth-group and explicit "
"authorisations for target \"%s\"",
target->t_name);
return (1);
@@ -345,14 +360,40 @@ target_auth_group: AUTH_GROUP STR
}
;
+target_auth_type: AUTH_TYPE STR
+ {
+ int error;
+
+ if (target->t_auth_group != NULL) {
+ if (target->t_auth_group->ag_name != NULL) {
+ log_warnx("cannot use both auth-group and "
+ "auth-type for target \"%s\"",
+ target->t_name);
+ return (1);
+ }
+ } else {
+ target->t_auth_group = auth_group_new(conf, NULL);
+ if (target->t_auth_group == NULL) {
+ free($2);
+ return (1);
+ }
+ target->t_auth_group->ag_target = target;
+ }
+ error = auth_group_set_type_str(target->t_auth_group, $2);
+ free($2);
+ if (error != 0)
+ return (1);
+ }
+ ;
+
target_chap: CHAP STR STR
{
const struct auth *ca;
if (target->t_auth_group != NULL) {
if (target->t_auth_group->ag_name != NULL) {
- log_warnx("cannot mix auth-group with explicit "
- "authorisations for target \"%s\"",
+ log_warnx("cannot use both auth-group and "
+ "chap for target \"%s\"",
target->t_name);
free($2);
free($3);
@@ -381,8 +422,8 @@ target_chap_mutual: CHAP_MUTUAL STR STR
if (target->t_auth_group != NULL) {
if (target->t_auth_group->ag_name != NULL) {
- log_warnx("cannot mix auth-group with explicit "
- "authorisations for target \"%s\"",
+ log_warnx("cannot use both auth-group and "
+ "chap-mutual for target \"%s\"",
target->t_name);
free($2);
free($3);
@@ -418,7 +459,7 @@ target_initiator_name: INITIATOR_NAME ST
if (target->t_auth_group != NULL) {
if (target->t_auth_group->ag_name != NULL) {
- log_warnx("cannot mix auth-group with "
+ log_warnx("cannot use both auth-group and "
"initiator-name for target \"%s\"",
target->t_name);
free($2);
@@ -445,7 +486,7 @@ target_initiator_portal: INITIATOR_PORTA
if (target->t_auth_group != NULL) {
if (target->t_auth_group->ag_name != NULL) {
- log_warnx("cannot mix auth-group with "
+ log_warnx("cannot use both auth-group and "
"initiator-portal for target \"%s\"",
target->t_name);
free($2);
Modified: head/usr.sbin/ctld/token.l
==============================================================================
--- head/usr.sbin/ctld/token.l Tue Feb 11 11:14:50 2014 (r261757)
+++ head/usr.sbin/ctld/token.l Tue Feb 11 11:26:05 2014 (r261758)
@@ -50,6 +50,7 @@ extern int yylex(void);
%%
alias { return ALIAS; }
auth-group { return AUTH_GROUP; }
+auth-type { return AUTH_TYPE; }
backend { return BACKEND; }
blocksize { return BLOCKSIZE; }
chap { return CHAP; }
More information about the svn-src-all
mailing list