Commit 13e6037d authored by Philipp Reisner's avatar Philipp Reisner

drbd: Converted drbd_do_auth() from mdev to tconn

Signed-off-by: default avatarPhilipp Reisner <philipp.reisner@linbit.com>
Signed-off-by: default avatarLars Ellenberg <lars.ellenberg@linbit.com>
parent 61120870
......@@ -61,7 +61,7 @@ enum finish_epoch {
};
static int drbd_do_handshake(struct drbd_tconn *tconn);
static int drbd_do_auth(struct drbd_conf *mdev);
static int drbd_do_auth(struct drbd_tconn *tconn);
static enum finish_epoch drbd_may_finish_epoch(struct drbd_conf *, struct drbd_epoch *, enum epoch_event);
static int e_end_block(struct drbd_conf *, struct drbd_work *, int);
......@@ -889,7 +889,7 @@ static int drbd_connect(struct drbd_conf *mdev)
if (mdev->tconn->cram_hmac_tfm) {
/* drbd_request_state(mdev, NS(conn, WFAuth)); */
switch (drbd_do_auth(mdev)) {
switch (drbd_do_auth(mdev->tconn)) {
case -1:
dev_err(DEV, "Authentication of peer failed\n");
return -1;
......@@ -4052,7 +4052,7 @@ static int drbd_do_handshake(struct drbd_tconn *tconn)
}
#if !defined(CONFIG_CRYPTO_HMAC) && !defined(CONFIG_CRYPTO_HMAC_MODULE)
static int drbd_do_auth(struct drbd_conf *mdev)
static int drbd_do_auth(struct drbd_tconn *tconn)
{
dev_err(DEV, "This kernel was build without CONFIG_CRYPTO_HMAC.\n");
dev_err(DEV, "You need to disable 'cram-hmac-alg' in drbd.conf.\n");
......@@ -4067,73 +4067,73 @@ static int drbd_do_auth(struct drbd_conf *mdev)
-1 - auth failed, don't try again.
*/
static int drbd_do_auth(struct drbd_conf *mdev)
static int drbd_do_auth(struct drbd_tconn *tconn)
{
char my_challenge[CHALLENGE_LEN]; /* 64 Bytes... */
struct scatterlist sg;
char *response = NULL;
char *right_response = NULL;
char *peers_ch = NULL;
unsigned int key_len = strlen(mdev->tconn->net_conf->shared_secret);
unsigned int key_len = strlen(tconn->net_conf->shared_secret);
unsigned int resp_size;
struct hash_desc desc;
struct packet_info pi;
int rv;
desc.tfm = mdev->tconn->cram_hmac_tfm;
desc.tfm = tconn->cram_hmac_tfm;
desc.flags = 0;
rv = crypto_hash_setkey(mdev->tconn->cram_hmac_tfm,
(u8 *)mdev->tconn->net_conf->shared_secret, key_len);
rv = crypto_hash_setkey(tconn->cram_hmac_tfm,
(u8 *)tconn->net_conf->shared_secret, key_len);
if (rv) {
dev_err(DEV, "crypto_hash_setkey() failed with %d\n", rv);
conn_err(tconn, "crypto_hash_setkey() failed with %d\n", rv);
rv = -1;
goto fail;
}
get_random_bytes(my_challenge, CHALLENGE_LEN);
rv = conn_send_cmd2(mdev->tconn, P_AUTH_CHALLENGE, my_challenge, CHALLENGE_LEN);
rv = conn_send_cmd2(tconn, P_AUTH_CHALLENGE, my_challenge, CHALLENGE_LEN);
if (!rv)
goto fail;
rv = drbd_recv_header(mdev->tconn, &pi);
rv = drbd_recv_header(tconn, &pi);
if (!rv)
goto fail;
if (pi.cmd != P_AUTH_CHALLENGE) {
dev_err(DEV, "expected AuthChallenge packet, received: %s (0x%04x)\n",
conn_err(tconn, "expected AuthChallenge packet, received: %s (0x%04x)\n",
cmdname(pi.cmd), pi.cmd);
rv = 0;
goto fail;
}
if (pi.size > CHALLENGE_LEN * 2) {
dev_err(DEV, "expected AuthChallenge payload too big.\n");
conn_err(tconn, "expected AuthChallenge payload too big.\n");
rv = -1;
goto fail;
}
peers_ch = kmalloc(pi.size, GFP_NOIO);
if (peers_ch == NULL) {
dev_err(DEV, "kmalloc of peers_ch failed\n");
conn_err(tconn, "kmalloc of peers_ch failed\n");
rv = -1;
goto fail;
}
rv = drbd_recv(mdev->tconn, peers_ch, pi.size);
rv = drbd_recv(tconn, peers_ch, pi.size);
if (rv != pi.size) {
if (!signal_pending(current))
dev_warn(DEV, "short read AuthChallenge: l=%u\n", rv);
conn_warn(tconn, "short read AuthChallenge: l=%u\n", rv);
rv = 0;
goto fail;
}
resp_size = crypto_hash_digestsize(mdev->tconn->cram_hmac_tfm);
resp_size = crypto_hash_digestsize(tconn->cram_hmac_tfm);
response = kmalloc(resp_size, GFP_NOIO);
if (response == NULL) {
dev_err(DEV, "kmalloc of response failed\n");
conn_err(tconn, "kmalloc of response failed\n");
rv = -1;
goto fail;
}
......@@ -4143,44 +4143,44 @@ static int drbd_do_auth(struct drbd_conf *mdev)
rv = crypto_hash_digest(&desc, &sg, sg.length, response);
if (rv) {
dev_err(DEV, "crypto_hash_digest() failed with %d\n", rv);
conn_err(tconn, "crypto_hash_digest() failed with %d\n", rv);
rv = -1;
goto fail;
}
rv = conn_send_cmd2(mdev->tconn, P_AUTH_RESPONSE, response, resp_size);
rv = conn_send_cmd2(tconn, P_AUTH_RESPONSE, response, resp_size);
if (!rv)
goto fail;
rv = drbd_recv_header(mdev->tconn, &pi);
rv = drbd_recv_header(tconn, &pi);
if (!rv)
goto fail;
if (pi.cmd != P_AUTH_RESPONSE) {
dev_err(DEV, "expected AuthResponse packet, received: %s (0x%04x)\n",
conn_err(tconn, "expected AuthResponse packet, received: %s (0x%04x)\n",
cmdname(pi.cmd), pi.cmd);
rv = 0;
goto fail;
}
if (pi.size != resp_size) {
dev_err(DEV, "expected AuthResponse payload of wrong size\n");
conn_err(tconn, "expected AuthResponse payload of wrong size\n");
rv = 0;
goto fail;
}
rv = drbd_recv(mdev->tconn, response , resp_size);
rv = drbd_recv(tconn, response , resp_size);
if (rv != resp_size) {
if (!signal_pending(current))
dev_warn(DEV, "short read receiving AuthResponse: l=%u\n", rv);
conn_warn(tconn, "short read receiving AuthResponse: l=%u\n", rv);
rv = 0;
goto fail;
}
right_response = kmalloc(resp_size, GFP_NOIO);
if (right_response == NULL) {
dev_err(DEV, "kmalloc of right_response failed\n");
conn_err(tconn, "kmalloc of right_response failed\n");
rv = -1;
goto fail;
}
......@@ -4189,7 +4189,7 @@ static int drbd_do_auth(struct drbd_conf *mdev)
rv = crypto_hash_digest(&desc, &sg, sg.length, right_response);
if (rv) {
dev_err(DEV, "crypto_hash_digest() failed with %d\n", rv);
conn_err(tconn, "crypto_hash_digest() failed with %d\n", rv);
rv = -1;
goto fail;
}
......@@ -4197,8 +4197,8 @@ static int drbd_do_auth(struct drbd_conf *mdev)
rv = !memcmp(response, right_response, resp_size);
if (rv)
dev_info(DEV, "Peer authenticated using %d bytes of '%s' HMAC\n",
resp_size, mdev->tconn->net_conf->cram_hmac_alg);
conn_info(tconn, "Peer authenticated using %d bytes of '%s' HMAC\n",
resp_size, tconn->net_conf->cram_hmac_alg);
else
rv = -1;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment