From: Joao Eduardo Luis <joao.luis@inktank.com>
Date: Tue, 16 Sep 2014 15:32:37 +0000 (+0100)
Subject: mon: Monitor: check caps and source before dispatching messages
X-Git-Tag: v0.87~41^2~7
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=c0e3bc9a30f5e430d7489ead748011799b48857a;p=ceph.git

mon: Monitor: check caps and source before dispatching messages

Only dispatch messages that a client may send if said client has at
least MON_CAP_R, and only dispatch internal monitor messages if peer is
a monitor.

Backport: firefly

Signed-off-by: Joao Eduardo Luis <joao.luis@inktank.com>
---

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 49939f11d4a..de67aaed259 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -3270,6 +3270,14 @@ void Monitor::dispatch(MonSession *s, Message *m, const bool src_is_mon)
 
   /* messages we, the Monitor class, need to deal with
    * but may be sent by clients. */
+
+  if (!s->is_capable("mon", MON_CAP_R)) {
+    dout(5) << __func__ << " " << m->get_source_inst()
+            << " not enough caps for " << *m << " -- dropping"
+            << dendl;
+    goto drop;
+  }
+
   dealt_with = true;
   switch (m->get_type()) {
 
@@ -3298,6 +3306,13 @@ void Monitor::dispatch(MonSession *s, Message *m, const bool src_is_mon)
   if (dealt_with)
     return;
 
+  if (!src_is_mon) {
+    dout(1) << __func__ << " unexpected monitor message from"
+            << " non-monitor entity " << m->get_source_inst()
+            << " " << *m << " -- dropping" << dendl;
+    goto drop;
+  }
+
   /* messages that should only be sent by another monitor */
   dealt_with = true;
   switch (m->get_type()) {
@@ -3400,8 +3415,12 @@ void Monitor::dispatch(MonSession *s, Message *m, const bool src_is_mon)
   }
   if (!dealt_with) {
     dout(1) << "dropping unexpected " << *m << dendl;
-    m->put();
+    goto drop;
   }
+  return;
+
+drop:
+  m->put();
 }
 
 void Monitor::handle_ping(MPing *m)