}
return NULL;
}
-
-
-void AuthSessionHandler::print_auth_session_handler_stats() {
- ldout(cct,10) << "Auth Session Handler Stats " << this << dendl;
- ldout(cct,10) << " Messages Signed = " << messages_signed << dendl;
- ldout(cct,10) << " Signatures Checked = " << signatures_checked << dendl;
- ldout(cct,10) << " Signatures Matched = " << signatures_matched << dendl;
- ldout(cct,10) << " Signatures Did Not Match = " << signatures_failed << dendl;
- ldout(cct,10) << " Messages Encrypted = " << messages_encrypted << dendl;
- ldout(cct,10) << " Messages Decrypted = " << messages_decrypted << dendl;
-}
CryptoKey key;
public:
- // Keep stats on how many messages were signed, how many messages were encrypted, how many
- // signatures were properly checked, and how many messages were decrypted. PLR
- int messages_signed;
- int signatures_checked;
- int signatures_matched;
- int signatures_failed;
- int messages_encrypted;
- int messages_decrypted;
-
- explicit AuthSessionHandler(CephContext *cct_) : cct(cct_), protocol(CEPH_AUTH_UNKNOWN), messages_signed(0),
- signatures_checked(0), signatures_matched(0), signatures_failed(0), messages_encrypted(0),
- messages_decrypted(0) {}
+ explicit AuthSessionHandler(CephContext *cct_) : cct(cct_), protocol(CEPH_AUTH_UNKNOWN) {}
AuthSessionHandler(CephContext *cct_, int protocol_, CryptoKey key_) : cct(cct_),
- protocol(protocol_), key(key_), messages_signed(0), signatures_checked(0), signatures_matched(0),
- signatures_failed(0), messages_encrypted(0), messages_decrypted(0) {}
+ protocol(protocol_), key(key_) {}
virtual ~AuthSessionHandler() { }
- void print_auth_session_handler_stats() ;
-
virtual bool no_security() = 0;
virtual int sign_message(Message *message) = 0;
virtual int check_message_signature(Message *message) = 0;
ceph_msg_footer& f = m->get_footer();
f.sig = sig;
f.flags = (unsigned)f.flags | CEPH_MSG_FOOTER_SIGNED;
- messages_signed++;
ldout(cct, 20) << "Putting signature in client message(seq # " << m->get_seq()
<< "): sig = " << sig << dendl;
return 0;
if (r < 0)
return r;
- signatures_checked++;
-
if (sig != m->get_footer().sig) {
// Should have been signed, but signature check failed. PLR
if (!(m->get_footer().flags & CEPH_MSG_FOOTER_SIGNED)) {
// security failure, particularly when there are large numbers of
// them, since the latter is a potential sign of an attack. PLR
- signatures_failed++;
ldout(cct, 0) << "Signature failed." << dendl;
return (SESSION_SIGNATURE_FAILURE);
}
- // If we get here, the signature checked. PLR
- signatures_matched++;
-
return 0;
}
projects / ceph-ci.git / commitdiff