svn commit: r263728 - stable/10/usr.sbin/ctld

Edward Tomasz Napierala trasz at FreeBSD.org
Tue Mar 25 12:20:30 UTC 2014 

Author: trasz
Date: Tue Mar 25 12:20:29 2014
New Revision: 263728
URL: http://svnweb.freebsd.org/changeset/base/263728

Log:
  MFC r261762:
  
  Use "default" as default discovery-auth-group, instead of "no-access".
  It doesn't change visible behaviour, as previously auth-group "default"
  wasn't redefinable, so by default access was always denied.
  
  Sponsored by:	The FreeBSD Foundation

Modified:
  stable/10/usr.sbin/ctld/ctl.conf.5
  stable/10/usr.sbin/ctld/ctld.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/usr.sbin/ctld/ctl.conf.5
==============================================================================
--- stable/10/usr.sbin/ctld/ctl.conf.5	Tue Mar 25 12:18:37 2014	(r263727)
+++ stable/10/usr.sbin/ctld/ctl.conf.5	Tue Mar 25 12:20:29 2014	(r263728)
@@ -131,9 +131,11 @@ The following statements are available a
 .It Ic discovery-auth-group Aq Ar name
 Assigns previously defined authentication group to that portal group,
 to be used for target discovery.
-By default, the discovery will be denied.
-A special auth-group, "no-authentication", may be used to allow for discovery
-without authentication.
+By default, portal groups that do not specify their own auth settings,
+using clauses such as "chap" or "initiator-name", are assigned
+predefined auth-group "default", which denies discovery.
+Another predefined auth-group, "no-authentication", may be used
+to permit discovery without authentication.
 .It Ic listen Aq Ar address
 Specifies IPv4 or IPv6 address and port to listen on for incoming connections.
 .It Ic listen-iser Aq Ar address

Modified: stable/10/usr.sbin/ctld/ctld.c
==============================================================================
--- stable/10/usr.sbin/ctld/ctld.c	Tue Mar 25 12:18:37 2014	(r263727)
+++ stable/10/usr.sbin/ctld/ctld.c	Tue Mar 25 12:20:29 2014	(r263728)
@@ -1132,7 +1132,7 @@ conf_verify(struct conf *conf)
 		assert(pg->pg_name != NULL);
 		if (pg->pg_discovery_auth_group == NULL) {
 			pg->pg_discovery_auth_group =
-			    auth_group_find(conf, "no-access");
+			    auth_group_find(conf, "default");
 			assert(pg->pg_discovery_auth_group != NULL);
 		}
 
@@ -1159,6 +1159,7 @@ conf_verify(struct conf *conf)
 				break;
 		}
 		if (targ == NULL && ag->ag_name != NULL &&
+		    strcmp(ag->ag_name, "default") != 0 &&
 		    strcmp(ag->ag_name, "no-authentication") != 0 &&
 		    strcmp(ag->ag_name, "no-access") != 0) {
 			log_warnx("auth-group \"%s\" not assigned "

More information about the svn-src-all mailing list