diff --git a/usr.sbin/ctld/ctld.h b/usr.sbin/ctld/ctld.h --- a/usr.sbin/ctld/ctld.h +++ b/usr.sbin/ctld/ctld.h @@ -73,18 +73,20 @@ int ap_mask; }; -#define AG_TYPE_UNKNOWN 0 -#define AG_TYPE_DENY 1 -#define AG_TYPE_NO_AUTHENTICATION 2 -#define AG_TYPE_CHAP 3 -#define AG_TYPE_CHAP_MUTUAL 4 +enum ag_type { + AG_TYPE_UNKNOWN = 0, + DENY = 1, + NO_AUTHENTICATION = 2, + CHAP = 3, + CHAP_MUTUAL = 4 +}; struct auth_group { TAILQ_ENTRY(auth_group) ag_next; struct conf *ag_conf; char *ag_name; struct target *ag_target; - int ag_type; + enum ag_type ag_type; TAILQ_HEAD(, auth) ag_auths; TAILQ_HEAD(, auth_name) ag_names; TAILQ_HEAD(, auth_portal) ag_portals; @@ -104,11 +106,13 @@ int p_socket; }; -#define PG_FILTER_UNKNOWN 0 -#define PG_FILTER_NONE 1 -#define PG_FILTER_PORTAL 2 -#define PG_FILTER_PORTAL_NAME 3 -#define PG_FILTER_PORTAL_NAME_AUTH 4 +enum pg_filter { + PG_FILTER_UNKNOWN = 0, + PG_FILTER_NONE = 1, + PORTAL = 2, + PORTAL_NAME = 3, + PORTAL_NAME_AUTH = 4 +}; struct portal_group { TAILQ_ENTRY(portal_group) pg_next; @@ -116,7 +120,7 @@ nvlist_t *pg_options; char *pg_name; struct auth_group *pg_discovery_auth_group; - int pg_discovery_filter; + enum pg_filter pg_discovery_filter; int pg_foreign; bool pg_unassigned; TAILQ_HEAD(, portal) pg_portals; @@ -223,16 +227,18 @@ TAILQ_HEAD(, pport) pports; }; -#define CONN_SESSION_TYPE_NONE 0 -#define CONN_SESSION_TYPE_DISCOVERY 1 -#define CONN_SESSION_TYPE_NORMAL 2 +enum conn_session_type { + CONN_SESSION_TYPE_NONE = 0, + DISCOVERY = 1, + NORMAL = 2 +}; struct ctld_connection { struct connection conn; struct portal *conn_portal; struct port *conn_port; struct target *conn_target; - int conn_session_type; + enum conn_session_type conn_session_type; char *conn_initiator_name; char *conn_initiator_addr; char *conn_initiator_alias; diff --git a/usr.sbin/ctld/ctld.c b/usr.sbin/ctld/ctld.c --- a/usr.sbin/ctld/ctld.c +++ b/usr.sbin/ctld/ctld.c @@ -244,8 +244,8 @@ struct auth *auth; if (ag->ag_type == AG_TYPE_UNKNOWN) - ag->ag_type = AG_TYPE_CHAP; - if (ag->ag_type != AG_TYPE_CHAP) { + ag->ag_type = CHAP; + if (ag->ag_type != CHAP) { if (ag->ag_name != NULL) log_warnx("cannot mix \"chap\" authentication with " "other types for auth-group \"%s\"", ag->ag_name); @@ -272,8 +272,8 @@ struct auth *auth; if (ag->ag_type == AG_TYPE_UNKNOWN) - ag->ag_type = AG_TYPE_CHAP_MUTUAL; - if (ag->ag_type != AG_TYPE_CHAP_MUTUAL) { + ag->ag_type = CHAP_MUTUAL; + if (ag->ag_type != CHAP_MUTUAL) { if (ag->ag_name != NULL) log_warnx("cannot mix \"chap-mutual\" authentication " "with other types for auth-group \"%s\"", @@ -543,16 +543,16 @@ int auth_group_set_type(struct auth_group *ag, const char *str) { - int type; + enum ag_type type; if (strcmp(str, "none") == 0) { - type = AG_TYPE_NO_AUTHENTICATION; + type = NO_AUTHENTICATION; } else if (strcmp(str, "deny") == 0) { - type = AG_TYPE_DENY; + type = DENY; } else if (strcmp(str, "chap") == 0) { - type = AG_TYPE_CHAP; + type = CHAP; } else if (strcmp(str, "chap-mutual") == 0) { - type = AG_TYPE_CHAP_MUTUAL; + type = CHAP_MUTUAL; } else { if (ag->ag_name != NULL) log_warnx("invalid auth-type \"%s\" for auth-group " @@ -1010,16 +1010,16 @@ int portal_group_set_filter(struct portal_group *pg, const char *str) { - int filter; + enum pg_filter filter; if (strcmp(str, "none") == 0) { filter = PG_FILTER_NONE; } else if (strcmp(str, "portal") == 0) { - filter = PG_FILTER_PORTAL; + filter = PORTAL; } else if (strcmp(str, "portal-name") == 0) { - filter = PG_FILTER_PORTAL_NAME; + filter = PORTAL_NAME; } else if (strcmp(str, "portal-name-auth") == 0) { - filter = PG_FILTER_PORTAL_NAME_AUTH; + filter = PORTAL_NAME_AUTH; } else { log_warnx("invalid discovery-filter \"%s\" for portal-group " "\"%s\"; valid values are \"none\", \"portal\", " @@ -2369,11 +2369,11 @@ set_timeout(conf->conf_timeout, true); kernel_capsicate(); login(conn); - if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) { + if (conn->conn_session_type == NORMAL) { kernel_handoff(conn); log_debugx("connection handed off to the kernel"); } else { - assert(conn->conn_session_type == CONN_SESSION_TYPE_DISCOVERY); + assert(conn->conn_session_type == DISCOVERY); discovery(conn); } log_debugx("nothing more to do; exiting"); @@ -2560,11 +2560,11 @@ ag = auth_group_new(conf, "no-authentication"); assert(ag != NULL); - ag->ag_type = AG_TYPE_NO_AUTHENTICATION; + ag->ag_type = NO_AUTHENTICATION; ag = auth_group_new(conf, "no-access"); assert(ag != NULL); - ag->ag_type = AG_TYPE_DENY; + ag->ag_type = DENY; pg = portal_group_new(conf, "default"); assert(pg != NULL); @@ -2586,7 +2586,7 @@ "going with defaults"); ag = auth_group_find(conf, "default"); assert(ag != NULL); - ag->ag_type = AG_TYPE_DENY; + ag->ag_type = DENY; } if (conf->conf_default_pg_defined == false) { diff --git a/usr.sbin/ctld/discovery.c b/usr.sbin/ctld/discovery.c --- a/usr.sbin/ctld/discovery.c +++ b/usr.sbin/ctld/discovery.c @@ -163,25 +163,25 @@ assert(pg->pg_discovery_filter != PG_FILTER_UNKNOWN); - if (pg->pg_discovery_filter >= PG_FILTER_PORTAL && + if (pg->pg_discovery_filter >= PORTAL && auth_portal_check(ag, &conn->conn_initiator_sa) != 0) { log_debugx("initiator does not match initiator portals " "allowed for target \"%s\"; skipping", targ->t_name); return (true); } - if (pg->pg_discovery_filter >= PG_FILTER_PORTAL_NAME && + if (pg->pg_discovery_filter >= PORTAL_NAME && auth_name_check(ag, conn->conn_initiator_name) != 0) { log_debugx("initiator does not match initiator names " "allowed for target \"%s\"; skipping", targ->t_name); return (true); } - if (pg->pg_discovery_filter >= PG_FILTER_PORTAL_NAME_AUTH && - ag->ag_type != AG_TYPE_NO_AUTHENTICATION) { + if (pg->pg_discovery_filter >= PORTAL_NAME_AUTH && + ag->ag_type != NO_AUTHENTICATION) { if (conn->conn_chap == NULL) { assert(pg->pg_discovery_auth_group->ag_type == - AG_TYPE_NO_AUTHENTICATION); + NO_AUTHENTICATION); log_debugx("initiator didn't authenticate, but target " "\"%s\" requires CHAP; skipping", targ->t_name); diff --git a/usr.sbin/ctld/login.c b/usr.sbin/ctld/login.c --- a/usr.sbin/ctld/login.c +++ b/usr.sbin/ctld/login.c @@ -307,8 +307,7 @@ /* * Verify the response. */ - assert(ag->ag_type == AG_TYPE_CHAP || - ag->ag_type == AG_TYPE_CHAP_MUTUAL); + assert(ag->ag_type == CHAP || ag->ag_type == CHAP_MUTUAL); auth = auth_find(ag, chap_n); if (auth == NULL) { login_send_error(request, 0x02, 0x01); @@ -364,7 +363,7 @@ log_errx(1, "initiator requested target " "authentication, but didn't send CHAP_C"); } - if (auth->a_auth_group->ag_type != AG_TYPE_CHAP_MUTUAL) { + if (auth->a_auth_group->ag_type != CHAP_MUTUAL) { login_send_error(request, 0x02, 0x01); log_errx(1, "initiator requests target authentication " "for user \"%s\", but mutual user/secret " @@ -474,7 +473,7 @@ /* * We don't handle digests for discovery sessions. */ - if (conn->conn_session_type == CONN_SESSION_TYPE_DISCOVERY) { + if (conn->conn_session_type == DISCOVERY) { log_debugx("discovery session; digests disabled"); keys_add(response_keys, name, "None"); return; @@ -500,7 +499,7 @@ break; } } else if (strcmp(name, "DataDigest") == 0) { - if (conn->conn_session_type == CONN_SESSION_TYPE_DISCOVERY) { + if (conn->conn_session_type == DISCOVERY) { log_debugx("discovery session; digests disabled"); keys_add(response_keys, name, "None"); return; @@ -530,7 +529,7 @@ } else if (strcmp(name, "InitialR2T") == 0) { keys_add(response_keys, name, "Yes"); } else if (strcmp(name, "ImmediateData") == 0) { - if (conn->conn_session_type == CONN_SESSION_TYPE_DISCOVERY) { + if (conn->conn_session_type == DISCOVERY) { log_debugx("discovery session; ImmediateData irrelevant"); keys_add(response_keys, name, "Irrelevant"); } else { @@ -685,7 +684,7 @@ int i; bool redirected, skipped_security; - if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) { + if (conn->conn_session_type == NORMAL) { /* * Query the kernel for various size limits. In case of * offload, it depends on hardware capabilities. @@ -762,7 +761,7 @@ response_keys = keys_new(); if (skipped_security && - conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) { + conn->conn_session_type == NORMAL) { if (conn->conn_target->t_alias != NULL) keys_add(response_keys, "TargetAlias", conn->conn_target->t_alias); @@ -786,7 +785,7 @@ * pairs in the order they are in the request we might have ended up * with illegal values here. */ - if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL && + if (conn->conn_session_type == NORMAL && conn->conn.conn_first_burst_length > conn->conn.conn_max_burst_length) { log_errx(1, "initiator sent FirstBurstLength > MaxBurstLength"); @@ -896,19 +895,19 @@ session_type = keys_find(request_keys, "SessionType"); if (session_type != NULL) { if (strcmp(session_type, "Normal") == 0) { - conn->conn_session_type = CONN_SESSION_TYPE_NORMAL; + conn->conn_session_type = NORMAL; } else if (strcmp(session_type, "Discovery") == 0) { - conn->conn_session_type = CONN_SESSION_TYPE_DISCOVERY; + conn->conn_session_type = DISCOVERY; } else { login_send_error(request, 0x02, 0x00); log_errx(1, "received Login PDU with invalid " "SessionType \"%s\"", session_type); } } else - conn->conn_session_type = CONN_SESSION_TYPE_NORMAL; + conn->conn_session_type = NORMAL; assert(conn->conn_target == NULL); - if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) { + if (conn->conn_session_type == NORMAL) { target_name = keys_find(request_keys, "TargetName"); if (target_name == NULL) { login_send_error(request, 0x02, 0x07); @@ -927,7 +926,7 @@ /* * At this point we know what kind of authentication we need. */ - if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) { + if (conn->conn_session_type == NORMAL) { ag = conn->conn_port->p_auth_group; if (ag == NULL) ag = conn->conn_target->t_auth_group; @@ -941,7 +940,7 @@ "to target \"%s\"", conn->conn_target->t_name); } } else { - assert(conn->conn_session_type == CONN_SESSION_TYPE_DISCOVERY); + assert(conn->conn_session_type == DISCOVERY); ag = pg->pg_discovery_auth_group; if (ag->ag_name != NULL) { log_debugx("initiator requests " @@ -951,7 +950,7 @@ } } - if (ag->ag_type == AG_TYPE_DENY) { + if (ag->ag_type == DENY) { login_send_error(request, 0x02, 0x01); log_errx(1, "auth-type is \"deny\""); } @@ -983,7 +982,7 @@ * at all. */ if (login_csg(request) == BHSLR_STAGE_OPERATIONAL_NEGOTIATION) { - if (ag->ag_type != AG_TYPE_NO_AUTHENTICATION) { + if (ag->ag_type != NO_AUTHENTICATION) { login_send_error(request, 0x02, 0x01); log_errx(1, "initiator skipped the authentication, " "but authentication is required"); @@ -1002,7 +1001,7 @@ response_keys = keys_new(); trans = (bhslr->bhslr_flags & BHSLR_FLAGS_TRANSIT) != 0; auth_method = keys_find(request_keys, "AuthMethod"); - if (ag->ag_type == AG_TYPE_NO_AUTHENTICATION) { + if (ag->ag_type == NO_AUTHENTICATION) { log_debugx("authentication not required"); if (auth_method == NULL || login_list_contains(auth_method, "None")) { @@ -1028,7 +1027,7 @@ fail = true; } } - if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) { + if (conn->conn_session_type == NORMAL) { if (conn->conn_target->t_alias != NULL) keys_add(response_keys, "TargetAlias", conn->conn_target->t_alias); @@ -1048,7 +1047,7 @@ exit(1); } - if (ag->ag_type != AG_TYPE_NO_AUTHENTICATION) { + if (ag->ag_type != NO_AUTHENTICATION) { login_chap(conn, ag); login_negotiate(conn, NULL); } else if (trans) {