crimson/net: sign message and check it if authorizer is available

Signed-off-by: Kefu Chai <[email protected]>
Kioob · Apr 28, 2019 · 0478623 · 0478623
1 parent 1d30bb4
commit 0478623
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/src/crimson/net/ProtocolV1.cc b/src/crimson/net/ProtocolV1.cc
@@ -657,6 +657,9 @@ seastar::future<> ProtocolV1::write_message(MessageRef msg)
   auto& header = msg->get_header();
   header.src = messenger.get_myname();
   msg->encode(conn.features, messenger.get_crc_flags());
+  if (session_security) {
+    session_security->sign_message(msg.get());
+  }
   bufferlist bl;
   bl.append(CEPH_MSGR_TAG_MSG);
   bl.append((const char*)&header, sizeof(header));
@@ -774,6 +777,16 @@ seastar::future<> ProtocolV1::read_message()
       ::decode(m.footer, p);
       auto msg = ::decode_message(nullptr, 0, m.header, m.footer,
                                   m.front, m.middle, m.data, nullptr);
+      if (!msg) {
+	logger().debug("decode message failed");
+	return;
+      }
+      if (session_security) {
+	if (session_security->check_message_signature(msg)) {
+	  logger().debug("signature check failed");
+	  return;
+	}
+      }
       // TODO: set time stamps
       msg->set_byte_throttler(conn.policy.throttler_bytes);