mon: Monitor: drop client msg if no session exists and msg is not MAuth

If we are not a monitor and we don't have a session yet, we must first
authenticate with the cluster.  Therefore, the first message to the
monitor must be an MAuth.  If not, we assume it's a stray message and
just drop it.

Signed-off-by: Joao Eduardo Luis <joao.luis@inktank.com>

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 54ea2f41fce2eac279d750ced81c3a3528cc6d2c..cb19dd4b25cb101fea0efe6d44ed607fb7ef1659 100644 (file)
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -2578,10 +2578,23 @@ bool Monitor::_ms_dispatch(Message *m)
     s = NULL;
   }
   if (!s) {
+    // if the sender is not a monitor, make sure their first message for a
+    // session is an MAuth.  If it is not, assume it's a stray message,
+    // and considering that we are creating a new session it is safe to
+    // assume that the sender hasn't authenticated yet, so we have no way
+    // of assessing whether we should handle it or not.
+    if (!src_is_mon && m->get_type() != CEPH_MSG_AUTH) {
+      dout(1) << __func__ << " dropping stray message " << *m
+        << " from " << m->get_source_inst() << dendl;
+      m->put();
+      return false;
+    }
+
     if (!exited_quorum.is_zero() && !src_is_mon) {
       waitlist_or_zap_client(m);
       return true;
     }
+
     dout(10) << "do not have session, making new one" << dendl;
     s = session_map.new_session(m->get_source_inst(), m->get_connection().get());
     m->get_connection()->set_priv(s->get());