drbd: Don't go into StandAlone mode when authentification failes because of network error
Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com> Signed-off-by: Lars Ellenberg <lars.ellenberg@linbit.com>
This commit is contained in:
Johannes Thoma
Philipp Reisner
parent
36bfc7e210
commit
b10d96cb9c
1 changed files with 22 additions and 9 deletions
|
|
@ -878,9 +878,13 @@ static int drbd_connect(struct drbd_conf *mdev)
|
|||
|
||||
if (mdev->cram_hmac_tfm) {
|
||||
/* drbd_request_state(mdev, NS(conn, WFAuth)); */
|
||||
if (!drbd_do_auth(mdev)) {
|
||||
switch (drbd_do_auth(mdev)) {
|
||||
case -1:
|
||||
dev_err(DEV, "Authentication of peer failed\n");
|
||||
return -1;
|
||||
case 0:
|
||||
dev_err(DEV, "Authentication of peer failed, trying again.\n");
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -3831,10 +3835,17 @@ static int drbd_do_auth(struct drbd_conf *mdev)
|
|||
{
|
||||
dev_err(DEV, "This kernel was build without CONFIG_CRYPTO_HMAC.\n");
|
||||
dev_err(DEV, "You need to disable 'cram-hmac-alg' in drbd.conf.\n");
|
||||
return 0;
|
||||
return -1;
|
||||
}
|
||||
#else
|
||||
#define CHALLENGE_LEN 64
|
||||
|
||||
/* Return value:
|
||||
1 - auth succeeded,
|
||||
0 - failed, try again (network error),
|
||||
-1 - auth failed, don't try again.
|
||||
*/
|
||||
|
||||
static int drbd_do_auth(struct drbd_conf *mdev)
|
||||
{
|
||||
char my_challenge[CHALLENGE_LEN]; /* 64 Bytes... */
|
||||
|
|
@ -3855,7 +3866,7 @@ static int drbd_do_auth(struct drbd_conf *mdev)
|
|||
(u8 *)mdev->net_conf->shared_secret, key_len);
|
||||
if (rv) {
|
||||
dev_err(DEV, "crypto_hash_setkey() failed with %d\n", rv);
|
||||
rv = 0;
|
||||
rv = -1;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
|
|
@ -3878,14 +3889,14 @@ static int drbd_do_auth(struct drbd_conf *mdev)
|
|||
|
||||
if (p.length > CHALLENGE_LEN*2) {
|
||||
dev_err(DEV, "expected AuthChallenge payload too big.\n");
|
||||
rv = 0;
|
||||
rv = -1;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
peers_ch = kmalloc(p.length, GFP_NOIO);
|
||||
if (peers_ch == NULL) {
|
||||
dev_err(DEV, "kmalloc of peers_ch failed\n");
|
||||
rv = 0;
|
||||
rv = -1;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
|
|
@ -3901,7 +3912,7 @@ static int drbd_do_auth(struct drbd_conf *mdev)
|
|||
response = kmalloc(resp_size, GFP_NOIO);
|
||||
if (response == NULL) {
|
||||
dev_err(DEV, "kmalloc of response failed\n");
|
||||
rv = 0;
|
||||
rv = -1;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
|
|
@ -3911,7 +3922,7 @@ static int drbd_do_auth(struct drbd_conf *mdev)
|
|||
rv = crypto_hash_digest(&desc, &sg, sg.length, response);
|
||||
if (rv) {
|
||||
dev_err(DEV, "crypto_hash_digest() failed with %d\n", rv);
|
||||
rv = 0;
|
||||
rv = -1;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
|
|
@ -3947,7 +3958,7 @@ static int drbd_do_auth(struct drbd_conf *mdev)
|
|||
right_response = kmalloc(resp_size, GFP_NOIO);
|
||||
if (right_response == NULL) {
|
||||
dev_err(DEV, "kmalloc of right_response failed\n");
|
||||
rv = 0;
|
||||
rv = -1;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
|
|
@ -3956,7 +3967,7 @@ static int drbd_do_auth(struct drbd_conf *mdev)
|
|||
rv = crypto_hash_digest(&desc, &sg, sg.length, right_response);
|
||||
if (rv) {
|
||||
dev_err(DEV, "crypto_hash_digest() failed with %d\n", rv);
|
||||
rv = 0;
|
||||
rv = -1;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
|
|
@ -3965,6 +3976,8 @@ static int drbd_do_auth(struct drbd_conf *mdev)
|
|||
if (rv)
|
||||
dev_info(DEV, "Peer authenticated using %d bytes of '%s' HMAC\n",
|
||||
resp_size, mdev->net_conf->cram_hmac_alg);
|
||||
else
|
||||
rv = -1;
|
||||
|
||||
fail:
|
||||
kfree(peers_ch);
|
||||
|
|
|
|||
Loading…
Reference in a new issue