Commit 3dfd91cb authored by Konrad Sztyber's avatar Konrad Sztyber Committed by Tomasz Zawadzki
Browse files

nvmf/auth: execute AUTH_failure2 message 



This message is sent from the host to the controller in response to a
DH-HMAC-CHAP_success1 message when some kind of failure is detected by
the host.

The host is also responsible for terminating the connection after
sending this message, so we don't really do anything with it besides
logging it and marking authentication as failed.

Signed-off-by: default avatarKonrad Sztyber <konrad.sztyber@intel.com>
Change-Id: Id9d4d10c57456a98df82bcd725fa28b5ac2a180d
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/22853


Reviewed-by: default avatarSeung yeon Shin <syeon.shin@samsung.com>
Community-CI: Mellanox Build Bot
Tested-by: default avatarSPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: default avatarBen Walker <ben@nvidia.com>
Reviewed-by: default avatarJim Harris <jim.harris@samsung.com>
parent f83615b5

lib/nvmf/auth.c

+31 −0
Original line number Diff line number Diff line
@@ -468,6 +468,34 @@ nvmf_auth_success2_exec(struct spdk_nvmf_request *req, struct spdk_nvmf_dhchap_s 
	nvmf_auth_request_complete(req, SPDK_NVME_SCT_GENERIC, SPDK_NVME_SC_SUCCESS, 0);

}



static void

nvmf_auth_failure2_exec(struct spdk_nvmf_request *req, struct spdk_nvmf_auth_failure *msg)

{

	struct spdk_nvmf_qpair *qpair = req->qpair;

	struct spdk_nvmf_qpair_auth *auth = qpair->auth;



	/* AUTH_failure2 is only expected when we're waiting for the success2 message */

	if (auth->state != NVMF_QPAIR_AUTH_SUCCESS2) {

		AUTH_ERRLOG(qpair, "invalid state=%s\n", nvmf_auth_get_state_name(auth->state));

		nvmf_auth_request_fail1(req, SPDK_NVMF_AUTH_INCORRECT_PROTOCOL_MESSAGE);

		return;

	}

	if (req->length != sizeof(*msg)) {

		AUTH_ERRLOG(qpair, "invalid message length=%"PRIu32"\n", req->length);

		nvmf_auth_request_fail1(req, SPDK_NVMF_AUTH_INCORRECT_PAYLOAD);

		return;

	}

	if (msg->t_id != auth->tid) {

		AUTH_ERRLOG(qpair, "transaction id mismatch: %u != %u\n", msg->t_id, auth->tid);

		nvmf_auth_request_fail1(req, SPDK_NVMF_AUTH_INCORRECT_PAYLOAD);

		return;

	}



	AUTH_ERRLOG(qpair, "ctrlr authentication failed: rc=%d, rce=%d\n", msg->rc, msg->rce);

	nvmf_auth_set_state(qpair, NVMF_QPAIR_AUTH_ERROR);

	nvmf_auth_request_complete(req, SPDK_NVME_SCT_GENERIC, SPDK_NVME_SC_SUCCESS, 0);

}



static void

nvmf_auth_send_exec(struct spdk_nvmf_request *req)

{
@@ -495,6 +523,9 @@ nvmf_auth_send_exec(struct spdk_nvmf_request *req) 
		case SPDK_NVMF_AUTH_ID_NEGOTIATE:

			nvmf_auth_negotiate_exec(req, (void *)header);

			break;

		case SPDK_NVMF_AUTH_ID_FAILURE2:

			nvmf_auth_failure2_exec(req, (void *)header);

			break;

		default:

			AUTH_ERRLOG(qpair, "unexpected auth_id=%u\n", header->auth_id);

			nvmf_auth_request_fail1(req, SPDK_NVMF_AUTH_INCORRECT_PROTOCOL_MESSAGE);