drbd: Converted drbd_do_auth() from mdev to tconn
Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com> Signed-off-by: Lars Ellenberg <lars.ellenberg@linbit.com>
This commit is contained in:
parent
611208706f
commit
13e6037dc9
@ -61,7 +61,7 @@ enum finish_epoch {
|
|||||||
};
|
};
|
||||||
|
|
||||||
static int drbd_do_handshake(struct drbd_tconn *tconn);
|
static int drbd_do_handshake(struct drbd_tconn *tconn);
|
||||||
static int drbd_do_auth(struct drbd_conf *mdev);
|
static int drbd_do_auth(struct drbd_tconn *tconn);
|
||||||
|
|
||||||
static enum finish_epoch drbd_may_finish_epoch(struct drbd_conf *, struct drbd_epoch *, enum epoch_event);
|
static enum finish_epoch drbd_may_finish_epoch(struct drbd_conf *, struct drbd_epoch *, enum epoch_event);
|
||||||
static int e_end_block(struct drbd_conf *, struct drbd_work *, int);
|
static int e_end_block(struct drbd_conf *, struct drbd_work *, int);
|
||||||
@ -889,7 +889,7 @@ retry:
|
|||||||
|
|
||||||
if (mdev->tconn->cram_hmac_tfm) {
|
if (mdev->tconn->cram_hmac_tfm) {
|
||||||
/* drbd_request_state(mdev, NS(conn, WFAuth)); */
|
/* drbd_request_state(mdev, NS(conn, WFAuth)); */
|
||||||
switch (drbd_do_auth(mdev)) {
|
switch (drbd_do_auth(mdev->tconn)) {
|
||||||
case -1:
|
case -1:
|
||||||
dev_err(DEV, "Authentication of peer failed\n");
|
dev_err(DEV, "Authentication of peer failed\n");
|
||||||
return -1;
|
return -1;
|
||||||
@ -4052,7 +4052,7 @@ static int drbd_do_handshake(struct drbd_tconn *tconn)
|
|||||||
}
|
}
|
||||||
|
|
||||||
#if !defined(CONFIG_CRYPTO_HMAC) && !defined(CONFIG_CRYPTO_HMAC_MODULE)
|
#if !defined(CONFIG_CRYPTO_HMAC) && !defined(CONFIG_CRYPTO_HMAC_MODULE)
|
||||||
static int drbd_do_auth(struct drbd_conf *mdev)
|
static int drbd_do_auth(struct drbd_tconn *tconn)
|
||||||
{
|
{
|
||||||
dev_err(DEV, "This kernel was build without CONFIG_CRYPTO_HMAC.\n");
|
dev_err(DEV, "This kernel was build without CONFIG_CRYPTO_HMAC.\n");
|
||||||
dev_err(DEV, "You need to disable 'cram-hmac-alg' in drbd.conf.\n");
|
dev_err(DEV, "You need to disable 'cram-hmac-alg' in drbd.conf.\n");
|
||||||
@ -4067,73 +4067,73 @@ static int drbd_do_auth(struct drbd_conf *mdev)
|
|||||||
-1 - auth failed, don't try again.
|
-1 - auth failed, don't try again.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
static int drbd_do_auth(struct drbd_conf *mdev)
|
static int drbd_do_auth(struct drbd_tconn *tconn)
|
||||||
{
|
{
|
||||||
char my_challenge[CHALLENGE_LEN]; /* 64 Bytes... */
|
char my_challenge[CHALLENGE_LEN]; /* 64 Bytes... */
|
||||||
struct scatterlist sg;
|
struct scatterlist sg;
|
||||||
char *response = NULL;
|
char *response = NULL;
|
||||||
char *right_response = NULL;
|
char *right_response = NULL;
|
||||||
char *peers_ch = NULL;
|
char *peers_ch = NULL;
|
||||||
unsigned int key_len = strlen(mdev->tconn->net_conf->shared_secret);
|
unsigned int key_len = strlen(tconn->net_conf->shared_secret);
|
||||||
unsigned int resp_size;
|
unsigned int resp_size;
|
||||||
struct hash_desc desc;
|
struct hash_desc desc;
|
||||||
struct packet_info pi;
|
struct packet_info pi;
|
||||||
int rv;
|
int rv;
|
||||||
|
|
||||||
desc.tfm = mdev->tconn->cram_hmac_tfm;
|
desc.tfm = tconn->cram_hmac_tfm;
|
||||||
desc.flags = 0;
|
desc.flags = 0;
|
||||||
|
|
||||||
rv = crypto_hash_setkey(mdev->tconn->cram_hmac_tfm,
|
rv = crypto_hash_setkey(tconn->cram_hmac_tfm,
|
||||||
(u8 *)mdev->tconn->net_conf->shared_secret, key_len);
|
(u8 *)tconn->net_conf->shared_secret, key_len);
|
||||||
if (rv) {
|
if (rv) {
|
||||||
dev_err(DEV, "crypto_hash_setkey() failed with %d\n", rv);
|
conn_err(tconn, "crypto_hash_setkey() failed with %d\n", rv);
|
||||||
rv = -1;
|
rv = -1;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
get_random_bytes(my_challenge, CHALLENGE_LEN);
|
get_random_bytes(my_challenge, CHALLENGE_LEN);
|
||||||
|
|
||||||
rv = conn_send_cmd2(mdev->tconn, P_AUTH_CHALLENGE, my_challenge, CHALLENGE_LEN);
|
rv = conn_send_cmd2(tconn, P_AUTH_CHALLENGE, my_challenge, CHALLENGE_LEN);
|
||||||
if (!rv)
|
if (!rv)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
rv = drbd_recv_header(mdev->tconn, &pi);
|
rv = drbd_recv_header(tconn, &pi);
|
||||||
if (!rv)
|
if (!rv)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
if (pi.cmd != P_AUTH_CHALLENGE) {
|
if (pi.cmd != P_AUTH_CHALLENGE) {
|
||||||
dev_err(DEV, "expected AuthChallenge packet, received: %s (0x%04x)\n",
|
conn_err(tconn, "expected AuthChallenge packet, received: %s (0x%04x)\n",
|
||||||
cmdname(pi.cmd), pi.cmd);
|
cmdname(pi.cmd), pi.cmd);
|
||||||
rv = 0;
|
rv = 0;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pi.size > CHALLENGE_LEN * 2) {
|
if (pi.size > CHALLENGE_LEN * 2) {
|
||||||
dev_err(DEV, "expected AuthChallenge payload too big.\n");
|
conn_err(tconn, "expected AuthChallenge payload too big.\n");
|
||||||
rv = -1;
|
rv = -1;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
peers_ch = kmalloc(pi.size, GFP_NOIO);
|
peers_ch = kmalloc(pi.size, GFP_NOIO);
|
||||||
if (peers_ch == NULL) {
|
if (peers_ch == NULL) {
|
||||||
dev_err(DEV, "kmalloc of peers_ch failed\n");
|
conn_err(tconn, "kmalloc of peers_ch failed\n");
|
||||||
rv = -1;
|
rv = -1;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
rv = drbd_recv(mdev->tconn, peers_ch, pi.size);
|
rv = drbd_recv(tconn, peers_ch, pi.size);
|
||||||
|
|
||||||
if (rv != pi.size) {
|
if (rv != pi.size) {
|
||||||
if (!signal_pending(current))
|
if (!signal_pending(current))
|
||||||
dev_warn(DEV, "short read AuthChallenge: l=%u\n", rv);
|
conn_warn(tconn, "short read AuthChallenge: l=%u\n", rv);
|
||||||
rv = 0;
|
rv = 0;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
resp_size = crypto_hash_digestsize(mdev->tconn->cram_hmac_tfm);
|
resp_size = crypto_hash_digestsize(tconn->cram_hmac_tfm);
|
||||||
response = kmalloc(resp_size, GFP_NOIO);
|
response = kmalloc(resp_size, GFP_NOIO);
|
||||||
if (response == NULL) {
|
if (response == NULL) {
|
||||||
dev_err(DEV, "kmalloc of response failed\n");
|
conn_err(tconn, "kmalloc of response failed\n");
|
||||||
rv = -1;
|
rv = -1;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
@ -4143,44 +4143,44 @@ static int drbd_do_auth(struct drbd_conf *mdev)
|
|||||||
|
|
||||||
rv = crypto_hash_digest(&desc, &sg, sg.length, response);
|
rv = crypto_hash_digest(&desc, &sg, sg.length, response);
|
||||||
if (rv) {
|
if (rv) {
|
||||||
dev_err(DEV, "crypto_hash_digest() failed with %d\n", rv);
|
conn_err(tconn, "crypto_hash_digest() failed with %d\n", rv);
|
||||||
rv = -1;
|
rv = -1;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
rv = conn_send_cmd2(mdev->tconn, P_AUTH_RESPONSE, response, resp_size);
|
rv = conn_send_cmd2(tconn, P_AUTH_RESPONSE, response, resp_size);
|
||||||
if (!rv)
|
if (!rv)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
rv = drbd_recv_header(mdev->tconn, &pi);
|
rv = drbd_recv_header(tconn, &pi);
|
||||||
if (!rv)
|
if (!rv)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
if (pi.cmd != P_AUTH_RESPONSE) {
|
if (pi.cmd != P_AUTH_RESPONSE) {
|
||||||
dev_err(DEV, "expected AuthResponse packet, received: %s (0x%04x)\n",
|
conn_err(tconn, "expected AuthResponse packet, received: %s (0x%04x)\n",
|
||||||
cmdname(pi.cmd), pi.cmd);
|
cmdname(pi.cmd), pi.cmd);
|
||||||
rv = 0;
|
rv = 0;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pi.size != resp_size) {
|
if (pi.size != resp_size) {
|
||||||
dev_err(DEV, "expected AuthResponse payload of wrong size\n");
|
conn_err(tconn, "expected AuthResponse payload of wrong size\n");
|
||||||
rv = 0;
|
rv = 0;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
rv = drbd_recv(mdev->tconn, response , resp_size);
|
rv = drbd_recv(tconn, response , resp_size);
|
||||||
|
|
||||||
if (rv != resp_size) {
|
if (rv != resp_size) {
|
||||||
if (!signal_pending(current))
|
if (!signal_pending(current))
|
||||||
dev_warn(DEV, "short read receiving AuthResponse: l=%u\n", rv);
|
conn_warn(tconn, "short read receiving AuthResponse: l=%u\n", rv);
|
||||||
rv = 0;
|
rv = 0;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
right_response = kmalloc(resp_size, GFP_NOIO);
|
right_response = kmalloc(resp_size, GFP_NOIO);
|
||||||
if (right_response == NULL) {
|
if (right_response == NULL) {
|
||||||
dev_err(DEV, "kmalloc of right_response failed\n");
|
conn_err(tconn, "kmalloc of right_response failed\n");
|
||||||
rv = -1;
|
rv = -1;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
@ -4189,7 +4189,7 @@ static int drbd_do_auth(struct drbd_conf *mdev)
|
|||||||
|
|
||||||
rv = crypto_hash_digest(&desc, &sg, sg.length, right_response);
|
rv = crypto_hash_digest(&desc, &sg, sg.length, right_response);
|
||||||
if (rv) {
|
if (rv) {
|
||||||
dev_err(DEV, "crypto_hash_digest() failed with %d\n", rv);
|
conn_err(tconn, "crypto_hash_digest() failed with %d\n", rv);
|
||||||
rv = -1;
|
rv = -1;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
@ -4197,8 +4197,8 @@ static int drbd_do_auth(struct drbd_conf *mdev)
|
|||||||
rv = !memcmp(response, right_response, resp_size);
|
rv = !memcmp(response, right_response, resp_size);
|
||||||
|
|
||||||
if (rv)
|
if (rv)
|
||||||
dev_info(DEV, "Peer authenticated using %d bytes of '%s' HMAC\n",
|
conn_info(tconn, "Peer authenticated using %d bytes of '%s' HMAC\n",
|
||||||
resp_size, mdev->tconn->net_conf->cram_hmac_alg);
|
resp_size, tconn->net_conf->cram_hmac_alg);
|
||||||
else
|
else
|
||||||
rv = -1;
|
rv = -1;
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user