diff options
-rw-r--r-- | drivers/block/drbd/drbd_receiver.c | 31 |
1 files changed, 22 insertions, 9 deletions
diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c index dbd451984e0d..e3716fadc6a5 100644 --- a/drivers/block/drbd/drbd_receiver.c +++ b/drivers/block/drbd/drbd_receiver.c | |||
@@ -878,9 +878,13 @@ retry: | |||
878 | 878 | ||
879 | if (mdev->cram_hmac_tfm) { | 879 | if (mdev->cram_hmac_tfm) { |
880 | /* drbd_request_state(mdev, NS(conn, WFAuth)); */ | 880 | /* drbd_request_state(mdev, NS(conn, WFAuth)); */ |
881 | if (!drbd_do_auth(mdev)) { | 881 | switch (drbd_do_auth(mdev)) { |
882 | case -1: | ||
882 | dev_err(DEV, "Authentication of peer failed\n"); | 883 | dev_err(DEV, "Authentication of peer failed\n"); |
883 | return -1; | 884 | return -1; |
885 | case 0: | ||
886 | dev_err(DEV, "Authentication of peer failed, trying again.\n"); | ||
887 | return 0; | ||
884 | } | 888 | } |
885 | } | 889 | } |
886 | 890 | ||
@@ -3831,10 +3835,17 @@ static int drbd_do_auth(struct drbd_conf *mdev) | |||
3831 | { | 3835 | { |
3832 | dev_err(DEV, "This kernel was build without CONFIG_CRYPTO_HMAC.\n"); | 3836 | dev_err(DEV, "This kernel was build without CONFIG_CRYPTO_HMAC.\n"); |
3833 | dev_err(DEV, "You need to disable 'cram-hmac-alg' in drbd.conf.\n"); | 3837 | dev_err(DEV, "You need to disable 'cram-hmac-alg' in drbd.conf.\n"); |
3834 | return 0; | 3838 | return -1; |
3835 | } | 3839 | } |
3836 | #else | 3840 | #else |
3837 | #define CHALLENGE_LEN 64 | 3841 | #define CHALLENGE_LEN 64 |
3842 | |||
3843 | /* Return value: | ||
3844 | 1 - auth succeeded, | ||
3845 | 0 - failed, try again (network error), | ||
3846 | -1 - auth failed, don't try again. | ||
3847 | */ | ||
3848 | |||
3838 | static int drbd_do_auth(struct drbd_conf *mdev) | 3849 | static int drbd_do_auth(struct drbd_conf *mdev) |
3839 | { | 3850 | { |
3840 | char my_challenge[CHALLENGE_LEN]; /* 64 Bytes... */ | 3851 | char my_challenge[CHALLENGE_LEN]; /* 64 Bytes... */ |
@@ -3855,7 +3866,7 @@ static int drbd_do_auth(struct drbd_conf *mdev) | |||
3855 | (u8 *)mdev->net_conf->shared_secret, key_len); | 3866 | (u8 *)mdev->net_conf->shared_secret, key_len); |
3856 | if (rv) { | 3867 | if (rv) { |
3857 | dev_err(DEV, "crypto_hash_setkey() failed with %d\n", rv); | 3868 | dev_err(DEV, "crypto_hash_setkey() failed with %d\n", rv); |
3858 | rv = 0; | 3869 | rv = -1; |
3859 | goto fail; | 3870 | goto fail; |
3860 | } | 3871 | } |
3861 | 3872 | ||
@@ -3878,14 +3889,14 @@ static int drbd_do_auth(struct drbd_conf *mdev) | |||
3878 | 3889 | ||
3879 | if (p.length > CHALLENGE_LEN*2) { | 3890 | if (p.length > CHALLENGE_LEN*2) { |
3880 | dev_err(DEV, "expected AuthChallenge payload too big.\n"); | 3891 | dev_err(DEV, "expected AuthChallenge payload too big.\n"); |
3881 | rv = 0; | 3892 | rv = -1; |
3882 | goto fail; | 3893 | goto fail; |
3883 | } | 3894 | } |
3884 | 3895 | ||
3885 | peers_ch = kmalloc(p.length, GFP_NOIO); | 3896 | peers_ch = kmalloc(p.length, GFP_NOIO); |
3886 | if (peers_ch == NULL) { | 3897 | if (peers_ch == NULL) { |
3887 | dev_err(DEV, "kmalloc of peers_ch failed\n"); | 3898 | dev_err(DEV, "kmalloc of peers_ch failed\n"); |
3888 | rv = 0; | 3899 | rv = -1; |
3889 | goto fail; | 3900 | goto fail; |
3890 | } | 3901 | } |
3891 | 3902 | ||
@@ -3901,7 +3912,7 @@ static int drbd_do_auth(struct drbd_conf *mdev) | |||
3901 | response = kmalloc(resp_size, GFP_NOIO); | 3912 | response = kmalloc(resp_size, GFP_NOIO); |
3902 | if (response == NULL) { | 3913 | if (response == NULL) { |
3903 | dev_err(DEV, "kmalloc of response failed\n"); | 3914 | dev_err(DEV, "kmalloc of response failed\n"); |
3904 | rv = 0; | 3915 | rv = -1; |
3905 | goto fail; | 3916 | goto fail; |
3906 | } | 3917 | } |
3907 | 3918 | ||
@@ -3911,7 +3922,7 @@ static int drbd_do_auth(struct drbd_conf *mdev) | |||
3911 | rv = crypto_hash_digest(&desc, &sg, sg.length, response); | 3922 | rv = crypto_hash_digest(&desc, &sg, sg.length, response); |
3912 | if (rv) { | 3923 | if (rv) { |
3913 | dev_err(DEV, "crypto_hash_digest() failed with %d\n", rv); | 3924 | dev_err(DEV, "crypto_hash_digest() failed with %d\n", rv); |
3914 | rv = 0; | 3925 | rv = -1; |
3915 | goto fail; | 3926 | goto fail; |
3916 | } | 3927 | } |
3917 | 3928 | ||
@@ -3947,7 +3958,7 @@ static int drbd_do_auth(struct drbd_conf *mdev) | |||
3947 | right_response = kmalloc(resp_size, GFP_NOIO); | 3958 | right_response = kmalloc(resp_size, GFP_NOIO); |
3948 | if (right_response == NULL) { | 3959 | if (right_response == NULL) { |
3949 | dev_err(DEV, "kmalloc of right_response failed\n"); | 3960 | dev_err(DEV, "kmalloc of right_response failed\n"); |
3950 | rv = 0; | 3961 | rv = -1; |
3951 | goto fail; | 3962 | goto fail; |
3952 | } | 3963 | } |
3953 | 3964 | ||
@@ -3956,7 +3967,7 @@ static int drbd_do_auth(struct drbd_conf *mdev) | |||
3956 | rv = crypto_hash_digest(&desc, &sg, sg.length, right_response); | 3967 | rv = crypto_hash_digest(&desc, &sg, sg.length, right_response); |
3957 | if (rv) { | 3968 | if (rv) { |
3958 | dev_err(DEV, "crypto_hash_digest() failed with %d\n", rv); | 3969 | dev_err(DEV, "crypto_hash_digest() failed with %d\n", rv); |
3959 | rv = 0; | 3970 | rv = -1; |
3960 | goto fail; | 3971 | goto fail; |
3961 | } | 3972 | } |
3962 | 3973 | ||
@@ -3965,6 +3976,8 @@ static int drbd_do_auth(struct drbd_conf *mdev) | |||
3965 | if (rv) | 3976 | if (rv) |
3966 | dev_info(DEV, "Peer authenticated using %d bytes of '%s' HMAC\n", | 3977 | dev_info(DEV, "Peer authenticated using %d bytes of '%s' HMAC\n", |
3967 | resp_size, mdev->net_conf->cram_hmac_alg); | 3978 | resp_size, mdev->net_conf->cram_hmac_alg); |
3979 | else | ||
3980 | rv = -1; | ||
3968 | 3981 | ||
3969 | fail: | 3982 | fail: |
3970 | kfree(peers_ch); | 3983 | kfree(peers_ch); |