aboutsummaryrefslogtreecommitdiff
path: root/usr.sbin/ctld/login.c
diff options
context:
space:
mode:
Diffstat (limited to 'usr.sbin/ctld/login.c')
-rw-r--r--usr.sbin/ctld/login.c27
1 files changed, 27 insertions, 0 deletions
diff --git a/usr.sbin/ctld/login.c b/usr.sbin/ctld/login.c
index 758138f1a8d8..662f84f42121 100644
--- a/usr.sbin/ctld/login.c
+++ b/usr.sbin/ctld/login.c
@@ -936,6 +936,33 @@ login(struct connection *conn)
}
/*
+ * Enforce initiator-name and initiator-portal.
+ */
+ if (auth_name_defined(ag)) {
+ if (auth_name_find(ag, initiator_name) == NULL) {
+ login_send_error(request, 0x02, 0x02);
+ log_errx(1, "initiator does not match allowed "
+ "initiator names");
+ }
+ log_debugx("initiator matches allowed initiator names");
+ } else {
+ log_debugx("auth-group does not define initiator name "
+ "restrictions");
+ }
+
+ if (auth_portal_defined(ag)) {
+ if (auth_portal_find(ag, conn->conn_initiator_addr) == NULL) {
+ login_send_error(request, 0x02, 0x02);
+ log_errx(1, "initiator does not match allowed "
+ "initiator portals");
+ }
+ log_debugx("initiator matches allowed initiator portals");
+ } else {
+ log_debugx("auth-group does not define initiator portal "
+ "restrictions");
+ }
+
+ /*
* Let's see if the initiator intends to do any kind of authentication
* at all.
*/
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-10 18:23:46 +0000