mon: Monitor: check caps and source before dispatching messages

Only dispatch messages that a client may send if said client has at
least MON_CAP_R, and only dispatch internal monitor messages if peer is
a monitor.

Backport: firefly

Signed-off-by: Joao Eduardo Luis <joao.luis@inktank.com>

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 49939f11d4a9e15b1f93b12bce3ed3510234320f..de67aaed259801ddcfc9c30a178e7ffa29ee3c91 100644 (file)
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -3270,6 +3270,14 @@ void Monitor::dispatch(MonSession *s, Message *m, const bool src_is_mon)
 
   /* messages we, the Monitor class, need to deal with
    * but may be sent by clients. */
+
+  if (!s->is_capable("mon", MON_CAP_R)) {
+    dout(5) << __func__ << " " << m->get_source_inst()
+            << " not enough caps for " << *m << " -- dropping"
+            << dendl;
+    goto drop;
+  }
+
   dealt_with = true;
   switch (m->get_type()) {
 
@@ -3298,6 +3306,13 @@ void Monitor::dispatch(MonSession *s, Message *m, const bool src_is_mon)
   if (dealt_with)
     return;
 
+  if (!src_is_mon) {
+    dout(1) << __func__ << " unexpected monitor message from"
+            << " non-monitor entity " << m->get_source_inst()
+            << " " << *m << " -- dropping" << dendl;
+    goto drop;
+  }
+
   /* messages that should only be sent by another monitor */
   dealt_with = true;
   switch (m->get_type()) {
@@ -3400,8 +3415,12 @@ void Monitor::dispatch(MonSession *s, Message *m, const bool src_is_mon)
   }
   if (!dealt_with) {
     dout(1) << "dropping unexpected " << *m << dendl;
-    m->put();
+    goto drop;
   }
+  return;
+
+drop:
+  m->put();
 }
 
 void Monitor::handle_ping(MPing *m)