crimson/net: sign message and check it if authorizer is available

Signed-off-by: Kefu Chai <kchai@redhat.com>

diff --git a/src/crimson/net/ProtocolV1.cc b/src/crimson/net/ProtocolV1.cc
index a4917959eab48beade3a4831a4eb4fb03551906e..408f7f0d0fecce440c6eccad8513348639686016 100644 (file)
--- a/src/crimson/net/ProtocolV1.cc
+++ b/src/crimson/net/ProtocolV1.cc
@@ -657,6 +657,9 @@ seastar::future<> ProtocolV1::write_message(MessageRef msg)
   auto& header = msg->get_header();
   header.src = messenger.get_myname();
   msg->encode(conn.features, messenger.get_crc_flags());
+  if (session_security) {
+    session_security->sign_message(msg.get());
+  }
   bufferlist bl;
   bl.append(CEPH_MSGR_TAG_MSG);
   bl.append((const char*)&header, sizeof(header));
@@ -774,6 +777,16 @@ seastar::future<> ProtocolV1::read_message()
       ::decode(m.footer, p);
       auto msg = ::decode_message(nullptr, 0, m.header, m.footer,
                                   m.front, m.middle, m.data, nullptr);
+      if (!msg) {
+       logger().debug("decode message failed");
+       return;
+      }
+      if (session_security) {
+       if (session_security->check_message_signature(msg)) {
+         logger().debug("signature check failed");
+         return;
+       }
+      }
       // TODO: set time stamps
       msg->set_byte_throttler(conn.policy.throttler_bytes);