mon: require authentication for MGetConfig and mon metadata

More importantly, the set of non-authentication operations that are allowed
is more restricted: auth messages, getting monmap, ping.

Signed-off-by: Sage Weil <sage@redhat.com>

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 2588482ae170864d2927f45fbc3144156a3dab4c..bffc1477ca04a5e0d3bce87a035f9af6f762637c 100644 (file)
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -4050,21 +4050,26 @@ void Monitor::dispatch_op(MonOpRequestRef op)
     case CEPH_MSG_MON_GET_MAP:
       handle_mon_get_map(op);
       break;
+  }
+  if (dealt_with)
+    return;
+
+  if (!op->get_session()->authenticated) {
+    dout(5) << __func__ << " " << op->get_req()->get_source_inst()
+            << " is not authenticated, dropping " << *(op->get_req())
+            << dendl;
+    goto drop;
+  }
 
-      // unauthenticated clients can fetch config
+  switch (op->get_req()->get_type()) {
     case MSG_GET_CONFIG:
       configmon()->handle_get_config(op);
-      break;
+      return;
 
     case CEPH_MSG_MON_METADATA:
       return handle_mon_metadata(op);
 
-    default:
-      dealt_with = false;
-      break;
   }
-  if (dealt_with)
-    return;
 
   /* well, maybe the op belongs to a service... */
   op->set_type_service();