Repository: kudu Updated Branches: refs/heads/master 981c5e1ab -> ed2bc18de
[security] add WARN_UNUSED_RESULT where possible A lot of our security code could fail in awful ways if return codes are ignored. This commit adds WARN_UNUSED_RESULT where possible in all security headers (I found virtual methods and free functions produced compiler errors with the annotation). Luckily, only test code needed to be fixed up. Change-Id: Ie8f5a0aea10709640e6c15c63d28b44e5de0ec6d Reviewed-on: http://gerrit.cloudera.org:8080/6139 Reviewed-by: Alexey Serbin <[email protected]> Tested-by: Alexey Serbin <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/kudu/repo Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/ed2bc18d Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/ed2bc18d Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/ed2bc18d Branch: refs/heads/master Commit: ed2bc18de1e7318b621bb957aaf6ffbc850ef1b8 Parents: 981c5e1 Author: Dan Burkert <[email protected]> Authored: Fri Feb 24 11:03:27 2017 -0800 Committer: Alexey Serbin <[email protected]> Committed: Sat Feb 25 03:37:12 2017 +0000 ---------------------------------------------------------------------- src/kudu/security/ca/cert_management-test.cc | 2 +- src/kudu/security/ca/cert_management.h | 31 ++++++++++++----------- src/kudu/security/cert-test.cc | 2 +- src/kudu/security/cert.h | 20 +++++++-------- src/kudu/security/crypto-test.cc | 6 ++--- src/kudu/security/crypto.h | 24 +++++++++--------- src/kudu/security/openssl_util.h | 2 +- src/kudu/security/tls_context.h | 21 +++++++-------- src/kudu/security/tls_handshake-test.cc | 8 +++--- src/kudu/security/tls_handshake.h | 10 ++++---- src/kudu/security/token-test.cc | 1 - src/kudu/security/token_signer.h | 6 ++--- src/kudu/security/token_signing_key.h | 2 +- src/kudu/security/token_verifier.h | 3 +-- 14 files changed, 68 insertions(+), 70 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/ca/cert_management-test.cc ---------------------------------------------------------------------- diff --git a/src/kudu/security/ca/cert_management-test.cc b/src/kudu/security/ca/cert_management-test.cc index 6e00df5..d209f5f 100644 --- a/src/kudu/security/ca/cert_management-test.cc +++ b/src/kudu/security/ca/cert_management-test.cc @@ -104,7 +104,7 @@ TEST_F(CertManagementTest, RequestGeneratorBasics) { CertRequestGenerator gen(gen_config); ASSERT_OK(gen.Init()); string key_str; - key.ToString(&key_str, DataFormat::PEM); + ASSERT_OK(key.ToString(&key_str, DataFormat::PEM)); // Check for non-supported number of bits for the key. Status s = GeneratePrivateKey(7, &key); ASSERT_TRUE(s.IsRuntimeError()); http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/ca/cert_management.h ---------------------------------------------------------------------- diff --git a/src/kudu/security/ca/cert_management.h b/src/kudu/security/ca/cert_management.h index 2f36efc..0121513 100644 --- a/src/kudu/security/ca/cert_management.h +++ b/src/kudu/security/ca/cert_management.h @@ -72,12 +72,13 @@ class CertRequestGeneratorBase { // Generate X509 CSR using the specified key. To obtain the key, // call the GeneratePrivateKey() function. - Status GenerateRequest(const PrivateKey& key, CertSignRequest* ret) const; + Status GenerateRequest(const PrivateKey& key, CertSignRequest* ret) const WARN_UNUSED_RESULT; protected: // Push the specified extension into the stack provided. - static Status PushExtension(stack_st_X509_EXTENSION* st, int32_t nid, - StringPiece value); + static Status PushExtension(stack_st_X509_EXTENSION* st, + int32_t nid, + StringPiece value) WARN_UNUSED_RESULT; // Set the certificate-specific extensions into the specified request. virtual Status SetExtensions(X509_REQ* req) const = 0; @@ -96,7 +97,7 @@ class CertRequestGenerator : public CertRequestGeneratorBase { explicit CertRequestGenerator(Config config); ~CertRequestGenerator(); - Status Init() override; + Status Init() override WARN_UNUSED_RESULT; bool Initialized() const override; CertRequestGenerator& enable_self_signing() { @@ -106,7 +107,7 @@ class CertRequestGenerator : public CertRequestGeneratorBase { } protected: - Status SetExtensions(X509_REQ* req) const override; + Status SetExtensions(X509_REQ* req) const override WARN_UNUSED_RESULT; private: stack_st_X509_EXTENSION* extensions_ = nullptr; @@ -121,11 +122,11 @@ class CaCertRequestGenerator : public CertRequestGeneratorBase { explicit CaCertRequestGenerator(Config config); ~CaCertRequestGenerator(); - Status Init() override; + Status Init() override WARN_UNUSED_RESULT; bool Initialized() const override; protected: - Status SetExtensions(X509_REQ* req) const override; + Status SetExtensions(X509_REQ* req) const override WARN_UNUSED_RESULT; private: stack_st_X509_EXTENSION* extensions_; @@ -149,13 +150,13 @@ class CertSigner { static Status SelfSignCA(const PrivateKey& key, CaCertRequestGenerator::Config config, int64_t cert_expiration_seconds, - Cert* cert); + Cert* cert) WARN_UNUSED_RESULT; // Generate a self-signed certificate using the given key and CSR // configuration. static Status SelfSignCert(const PrivateKey& key, CertRequestGenerator::Config config, - Cert* cert); + Cert* cert) WARN_UNUSED_RESULT; // Create a CertSigner. // @@ -174,16 +175,16 @@ class CertSigner { return *this; } - Status Sign(const CertSignRequest& req, Cert* ret) const; + Status Sign(const CertSignRequest& req, Cert* ret) const WARN_UNUSED_RESULT; private: - static Status CopyExtensions(X509_REQ* req, X509* x); - static Status FillCertTemplateFromRequest(X509_REQ* req, X509* tmpl); - static Status DigestSign(const EVP_MD* md, EVP_PKEY* pkey, X509* x); - static Status GenerateSerial(c_unique_ptr<ASN1_INTEGER>* ret); + static Status CopyExtensions(X509_REQ* req, X509* x) WARN_UNUSED_RESULT; + static Status FillCertTemplateFromRequest(X509_REQ* req, X509* tmpl) WARN_UNUSED_RESULT; + static Status DigestSign(const EVP_MD* md, EVP_PKEY* pkey, X509* x) WARN_UNUSED_RESULT; + static Status GenerateSerial(c_unique_ptr<ASN1_INTEGER>* ret) WARN_UNUSED_RESULT; - Status DoSign(const EVP_MD* digest, int32_t exp_seconds, X509 *ret) const; + Status DoSign(const EVP_MD* digest, int32_t exp_seconds, X509 *ret) const WARN_UNUSED_RESULT; // The expiration interval of certs signed by this signer. int32_t exp_interval_sec_ = 24 * 60 * 60; http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/cert-test.cc ---------------------------------------------------------------------- diff --git a/src/kudu/security/cert-test.cc b/src/kudu/security/cert-test.cc index 2185a83..91774bd 100644 --- a/src/kudu/security/cert-test.cc +++ b/src/kudu/security/cert-test.cc @@ -64,7 +64,7 @@ class CertTest : public KuduTest { TEST_F(CertTest, CertInputOutputPEM) { const Cert& cert = ca_cert_; string cert_str; - cert.ToString(&cert_str, DataFormat::PEM); + ASSERT_OK(cert.ToString(&cert_str, DataFormat::PEM)); RemoveExtraWhitespace(&cert_str); string ca_input_cert(kCaCert); http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/cert.h ---------------------------------------------------------------------- diff --git a/src/kudu/security/cert.h b/src/kudu/security/cert.h index 929f8b2..02765d2 100644 --- a/src/kudu/security/cert.h +++ b/src/kudu/security/cert.h @@ -41,9 +41,9 @@ int GetKuduKerberosPrincipalOidNid(); class Cert : public RawDataWrapper<X509> { public: - Status FromString(const std::string& data, DataFormat format); - Status ToString(std::string* data, DataFormat format) const; - Status FromFile(const std::string& fpath, DataFormat format); + Status FromString(const std::string& data, DataFormat format) WARN_UNUSED_RESULT; + Status ToString(std::string* data, DataFormat format) const WARN_UNUSED_RESULT; + Status FromFile(const std::string& fpath, DataFormat format) WARN_UNUSED_RESULT; std::string SubjectName() const; std::string IssuerName() const; @@ -56,30 +56,30 @@ class Cert : public RawDataWrapper<X509> { // Check whether the specified private key matches the certificate. // Return Status::OK() if key match the certificate. - Status CheckKeyMatch(const PrivateKey& key) const; + Status CheckKeyMatch(const PrivateKey& key) const WARN_UNUSED_RESULT; // Returns the 'tls-server-end-point' channel bindings for the certificate as // specified in RFC 5929. - Status GetServerEndPointChannelBindings(std::string* channel_bindings) const; + Status GetServerEndPointChannelBindings(std::string* channel_bindings) const WARN_UNUSED_RESULT; // Adopts the provided X509 certificate, and increments the reference count. void AdoptAndAddRefRawData(X509* data); // Returns the certificate's public key. - Status GetPublicKey(PublicKey* key) const; + Status GetPublicKey(PublicKey* key) const WARN_UNUSED_RESULT; }; class CertSignRequest : public RawDataWrapper<X509_REQ> { public: - Status FromString(const std::string& data, DataFormat format); - Status ToString(std::string* data, DataFormat format) const; - Status FromFile(const std::string& fpath, DataFormat format); + Status FromString(const std::string& data, DataFormat format) WARN_UNUSED_RESULT; + Status ToString(std::string* data, DataFormat format) const WARN_UNUSED_RESULT; + Status FromFile(const std::string& fpath, DataFormat format) WARN_UNUSED_RESULT; // Returns a shallow clone of the CSR (only a reference count is incremented). CertSignRequest Clone() const; // Returns the CSR's public key. - Status GetPublicKey(PublicKey* key) const; + Status GetPublicKey(PublicKey* key) const WARN_UNUSED_RESULT; }; } // namespace security http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/crypto-test.cc ---------------------------------------------------------------------- diff --git a/src/kudu/security/crypto-test.cc b/src/kudu/security/crypto-test.cc index e8136f9..e262912 100644 --- a/src/kudu/security/crypto-test.cc +++ b/src/kudu/security/crypto-test.cc @@ -94,7 +94,7 @@ TEST_F(CryptoTest, RsaPrivateKeyInputOutputPEM) { PrivateKey key; ASSERT_OK(key.FromFile(private_key_file_, DataFormat::PEM)); string key_str; - key.ToString(&key_str, DataFormat::PEM); + ASSERT_OK(key.ToString(&key_str, DataFormat::PEM)); RemoveExtraWhitespace(&key_str); string ref_key_str(kCaPrivateKey); @@ -122,7 +122,7 @@ TEST_F(CryptoTest, RsaPublicKeyInputOutputPEM) { PublicKey key; ASSERT_OK(key.FromFile(public_key_file_, DataFormat::PEM)); string key_str; - key.ToString(&key_str, DataFormat::PEM); + ASSERT_OK(key.ToString(&key_str, DataFormat::PEM)); RemoveExtraWhitespace(&key_str); string ref_key_str(kCaPublicKey); @@ -154,7 +154,7 @@ TEST_F(CryptoTest, RsaExtractPublicPartFromPrivateKey) { PublicKey public_key; ASSERT_OK(private_key.GetPublicKey(&public_key)); string str_public_key; - public_key.ToString(&str_public_key, DataFormat::PEM); + ASSERT_OK(public_key.ToString(&str_public_key, DataFormat::PEM)); RemoveExtraWhitespace(&str_public_key); string ref_str_public_key(kCaPublicKey); http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/crypto.h ---------------------------------------------------------------------- diff --git a/src/kudu/security/crypto.h b/src/kudu/security/crypto.h index c9dd380..a96f1a7 100644 --- a/src/kudu/security/crypto.h +++ b/src/kudu/security/crypto.h @@ -43,21 +43,21 @@ class PublicKey : public RawDataWrapper<EVP_PKEY> { public: ~PublicKey() {} - Status FromString(const std::string& data, DataFormat format); - Status ToString(std::string* data, DataFormat format) const; - Status FromFile(const std::string& fpath, DataFormat format); + Status FromString(const std::string& data, DataFormat format) WARN_UNUSED_RESULT; + Status ToString(std::string* data, DataFormat format) const WARN_UNUSED_RESULT; + Status FromFile(const std::string& fpath, DataFormat format) WARN_UNUSED_RESULT; - Status FromBIO(BIO* bio, DataFormat format); + Status FromBIO(BIO* bio, DataFormat format) WARN_UNUSED_RESULT; // Using the key, verify data signature using the specified message // digest algorithm for signature verification. // The input signature should be in in raw format (i.e. no base64 encoding). Status VerifySignature(DigestType digest, const std::string& data, - const std::string& signature) const; + const std::string& signature) const WARN_UNUSED_RESULT; // Sets 'equals' to true if the other public key equals this. - Status Equals(const PublicKey& other, bool* equals) const; + Status Equals(const PublicKey& other, bool* equals) const WARN_UNUSED_RESULT; }; // A class with generic private key interface, but actually it represents @@ -67,23 +67,23 @@ class PrivateKey : public RawDataWrapper<EVP_PKEY> { public: ~PrivateKey() {} - Status FromString(const std::string& data, DataFormat format); - Status ToString(std::string* data, DataFormat format) const; - Status FromFile(const std::string& fpath, DataFormat format); + Status FromString(const std::string& data, DataFormat format) WARN_UNUSED_RESULT; + Status ToString(std::string* data, DataFormat format) const WARN_UNUSED_RESULT; + Status FromFile(const std::string& fpath, DataFormat format) WARN_UNUSED_RESULT; // Output the public part of the keypair into the specified placeholder. - Status GetPublicKey(PublicKey* public_key) const; + Status GetPublicKey(PublicKey* public_key) const WARN_UNUSED_RESULT; // Using the key, generate data signature using the specified // message digest algorithm. The result signature is in raw format // (i.e. no base64 encoding). Status MakeSignature(DigestType digest, const std::string& data, - std::string* signature) const; + std::string* signature) const WARN_UNUSED_RESULT; }; // Utility method to generate private keys. -Status GeneratePrivateKey(int num_bits, PrivateKey* ret); +Status GeneratePrivateKey(int num_bits, PrivateKey* ret) WARN_UNUSED_RESULT; } // namespace security } // namespace kudu http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/openssl_util.h ---------------------------------------------------------------------- diff --git a/src/kudu/security/openssl_util.h b/src/kudu/security/openssl_util.h index 5830da4..1dd5859 100644 --- a/src/kudu/security/openssl_util.h +++ b/src/kudu/security/openssl_util.h @@ -54,7 +54,7 @@ namespace security { // Disable initialization of OpenSSL. Must be called before // any call to InitializeOpenSSL(). -Status DisableOpenSSLInitialization(); +Status DisableOpenSSLInitialization() WARN_UNUSED_RESULT; // Initializes static state required by the OpenSSL library. // This is a no-op if DisableOpenSSLInitialization() has been called. http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/tls_context.h ---------------------------------------------------------------------- diff --git a/src/kudu/security/tls_context.h b/src/kudu/security/tls_context.h index 27b9baa..6806b0b 100644 --- a/src/kudu/security/tls_context.h +++ b/src/kudu/security/tls_context.h @@ -70,7 +70,7 @@ class TlsContext { ~TlsContext() = default; - Status Init(); + Status Init() WARN_UNUSED_RESULT; // Returns true if this TlsContext has been configured with a cert and key for // use with TLS-encrypted connections. @@ -100,17 +100,17 @@ class TlsContext { // passed in to 'UseCertificateAndKey()' or 'AdoptSignedCert()'. // // If this cert has already been marked as trusted, this has no effect. - Status AddTrustedCertificate(const Cert& cert); + Status AddTrustedCertificate(const Cert& cert) WARN_UNUSED_RESULT; // Dump all of the certs that are currently trusted by this context, in DER // form, into 'cert_ders'. - Status DumpTrustedCerts(std::vector<std::string>* cert_ders) const; + Status DumpTrustedCerts(std::vector<std::string>* cert_ders) const WARN_UNUSED_RESULT; // Uses 'cert' and 'key' as the cert and key for use with TLS connections. // // Checks that the CA that issued the signature on 'cert' is already trusted // by this context (e.g. by AddTrustedCertificate()). - Status UseCertificateAndKey(const Cert& cert, const PrivateKey& key); + Status UseCertificateAndKey(const Cert& cert, const PrivateKey& key) WARN_UNUSED_RESULT; // Generates a self-signed cert and key for use with TLS connections. // @@ -119,7 +119,7 @@ class TlsContext { // CA-signed cert for the generated private key, and 'AdoptSignedCert' can be // used to transition to using the CA-signed cert with subsequent TLS // connections. - Status GenerateSelfSignedCertAndKey(); + Status GenerateSelfSignedCertAndKey() WARN_UNUSED_RESULT; // Returns a new certificate signing request (CSR) in DER format, if this // context's cert is self-signed. If the cert is already signed, returns @@ -135,20 +135,21 @@ class TlsContext { // by this context (e.g. by AddTrustedCertificate()). // // This has no effect if the instance already has a CA-signed cert. - Status AdoptSignedCert(const Cert& cert); + Status AdoptSignedCert(const Cert& cert) WARN_UNUSED_RESULT; // Convenience functions for loading cert/CA/key from file paths. // ------------------------------------------------------------- // Load the server certificate and key (PEM encoded). Status LoadCertificateAndKey(const std::string& certificate_path, - const std::string& key_path); + const std::string& key_path) WARN_UNUSED_RESULT; // Load the certificate authority (PEM encoded). - Status LoadCertificateAuthority(const std::string& certificate_path); + Status LoadCertificateAuthority(const std::string& certificate_path) WARN_UNUSED_RESULT; // Initiates a new TlsHandshake instance. - Status InitiateHandshake(TlsHandshakeType handshake_type, TlsHandshake* handshake) const; + Status InitiateHandshake(TlsHandshakeType handshake_type, + TlsHandshake* handshake) const WARN_UNUSED_RESULT; // Return the number of certs that have been marked as trusted. // Used by tests. @@ -159,7 +160,7 @@ class TlsContext { private: - Status VerifyCertChain(const Cert& cert); + Status VerifyCertChain(const Cert& cert) WARN_UNUSED_RESULT; // Owned SSL context. c_unique_ptr<SSL_CTX> ctx_; http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/tls_handshake-test.cc ---------------------------------------------------------------------- diff --git a/src/kudu/security/tls_handshake-test.cc b/src/kudu/security/tls_handshake-test.cc index 8ffc99c..681e270 100644 --- a/src/kudu/security/tls_handshake-test.cc +++ b/src/kudu/security/tls_handshake-test.cc @@ -83,8 +83,8 @@ class TestTlsHandshake : public KuduTest, Status RunHandshake(TlsVerificationMode client_verify, TlsVerificationMode server_verify) { TlsHandshake client, server; - client_tls_.InitiateHandshake(TlsHandshakeType::CLIENT, &client); - server_tls_.InitiateHandshake(TlsHandshakeType::SERVER, &server); + RETURN_NOT_OK(client_tls_.InitiateHandshake(TlsHandshakeType::CLIENT, &client)); + RETURN_NOT_OK(server_tls_.InitiateHandshake(TlsHandshakeType::SERVER, &server)); client.set_verification_mode(client_verify); server.set_verification_mode(server_verify); @@ -136,8 +136,8 @@ TEST_F(TestTlsHandshake, TestHandshakeSequence) { TlsHandshake server; TlsHandshake client; - client_tls_.InitiateHandshake(TlsHandshakeType::SERVER, &server); - server_tls_.InitiateHandshake(TlsHandshakeType::CLIENT, &client); + ASSERT_OK(client_tls_.InitiateHandshake(TlsHandshakeType::SERVER, &server)); + ASSERT_OK(server_tls_.InitiateHandshake(TlsHandshakeType::CLIENT, &client)); string buf1; string buf2; http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/tls_handshake.h ---------------------------------------------------------------------- diff --git a/src/kudu/security/tls_handshake.h b/src/kudu/security/tls_handshake.h index 7897d10..2e7031f 100644 --- a/src/kudu/security/tls_handshake.h +++ b/src/kudu/security/tls_handshake.h @@ -98,16 +98,16 @@ class TlsHandshake { // round of messages. // // Returns any other status code on error. - Status Continue(const std::string& recv, std::string* send); + Status Continue(const std::string& recv, std::string* send) WARN_UNUSED_RESULT; // Finishes the handshake, wrapping the provided socket in the negotiated TLS // channel. This 'TlsHandshake' instance should not be used again after // calling this. - Status Finish(std::unique_ptr<Socket>* socket); + Status Finish(std::unique_ptr<Socket>* socket) WARN_UNUSED_RESULT; // Finish the handshake, using the provided socket to verify the remote peer, // but without wrapping the socket. - Status FinishNoWrap(const Socket& socket); + Status FinishNoWrap(const Socket& socket) WARN_UNUSED_RESULT; // Retrieve the local certificate. This will return an error status if there // is no local certificate. @@ -150,10 +150,10 @@ class TlsHandshake { } // Populates local_cert_ and remote_cert_. - Status GetCerts(); + Status GetCerts() WARN_UNUSED_RESULT; // Verifies that the handshake is valid for the provided socket. - Status Verify(const Socket& socket) const; + Status Verify(const Socket& socket) const WARN_UNUSED_RESULT; // Owned SSL handle. c_unique_ptr<SSL> ssl_; http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/token-test.cc ---------------------------------------------------------------------- diff --git a/src/kudu/security/token-test.cc b/src/kudu/security/token-test.cc index 36bcdb2..84a0105 100644 --- a/src/kudu/security/token-test.cc +++ b/src/kudu/security/token-test.cc @@ -167,7 +167,6 @@ TEST_F(TokenTest, TestTokenSignerAddKeys) { // It should not need next key right away, but should need next key after // the rotation interval. static const int64_t kKeyRotationIntervalSeconds = 8; - const MonoTime t0 = MonoTime::Now(); TokenSigner signer(10, kKeyRotationIntervalSeconds); std::unique_ptr<TokenSigningPrivateKey> key; ASSERT_OK(signer.CheckNeedKey(&key)); http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/token_signer.h ---------------------------------------------------------------------- diff --git a/src/kudu/security/token_signer.h b/src/kudu/security/token_signer.h index 82aba2b..698bf45 100644 --- a/src/kudu/security/token_signer.h +++ b/src/kudu/security/token_signer.h @@ -230,8 +230,7 @@ class TokenSigner { Status TryRotateKey(bool* has_rotated = nullptr) WARN_UNUSED_RESULT; Status GenerateAuthnToken(std::string username, - SignedTokenPB* signed_token) const - WARN_UNUSED_RESULT; + SignedTokenPB* signed_token) const WARN_UNUSED_RESULT; Status SignToken(SignedTokenPB* token) const WARN_UNUSED_RESULT; @@ -242,8 +241,7 @@ class TokenSigner { static Status GenerateSigningKey(int64_t key_seq_num, int64_t key_expiration, - std::unique_ptr<TokenSigningPrivateKey>* tsk) - WARN_UNUSED_RESULT; + std::unique_ptr<TokenSigningPrivateKey>* tsk) WARN_UNUSED_RESULT; std::shared_ptr<TokenVerifier> verifier_; http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/token_signing_key.h ---------------------------------------------------------------------- diff --git a/src/kudu/security/token_signing_key.h b/src/kudu/security/token_signing_key.h index 875ebbf..2ae6713 100644 --- a/src/kudu/security/token_signing_key.h +++ b/src/kudu/security/token_signing_key.h @@ -69,7 +69,7 @@ class TokenSigningPrivateKey { ~TokenSigningPrivateKey(); // Sign a token, and store the signature and signing key's sequence number. - Status Sign(SignedTokenPB* token) const; + Status Sign(SignedTokenPB* token) const WARN_UNUSED_RESULT; // Export data into corresponding PB structure. void ExportPB(TokenSigningPrivateKeyPB* pb) const; http://git-wip-us.apache.org/repos/asf/kudu/blob/ed2bc18d/src/kudu/security/token_verifier.h ---------------------------------------------------------------------- diff --git a/src/kudu/security/token_verifier.h b/src/kudu/security/token_verifier.h index 00c541f..2879f8c 100644 --- a/src/kudu/security/token_verifier.h +++ b/src/kudu/security/token_verifier.h @@ -63,8 +63,7 @@ class TokenVerifier { // (which might be running on a remote node). If any public keys already // exist with matching key sequence numbers, they are replaced by // the new keys. - Status ImportKeys(const std::vector<TokenSigningPublicKeyPB>& keys) - WARN_UNUSED_RESULT; + Status ImportKeys(const std::vector<TokenSigningPublicKeyPB>& keys) WARN_UNUSED_RESULT; // Export token signing public keys. Specifying the 'after_sequence_number' // allows to get public keys with sequence numbers greater than
