From: Sage Weil <sage@redhat.com>
Date: Fri, 26 Apr 2019 18:07:06 +0000 (-0500)
Subject: mon/Monitor: require authorizer from peer monitors
X-Git-Tag: v15.1.0~2813^2~1
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=e2f32372a487509b4cde5add641b9a324ed13929;p=ceph-ci.git

mon/Monitor: require authorizer from peer monitors

Mon to mon links use authorizers.  It's only non-mons connecting to mons
that use MAuth messages.

Signed-off-by: Sage Weil <sage@redhat.com>
---

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index c03328e56cc..55231f60bf6 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -6188,9 +6188,11 @@ int Monitor::handle_auth_request(
 	   << " payload " << payload.length()
 	   << dendl;
   if (!payload.length()) {
-    if (!con->is_msgr2()) {
-      // for v1 connections, we tolerate no authorizer, because authentication
-      // happens via MAuth messages.
+    if (!con->is_msgr2() &&
+	con->get_peer_type() != CEPH_ENTITY_TYPE_MON) {
+      // for v1 connections, we tolerate no authorizer (from
+      // non-monitors), because authentication happens via MAuth
+      // messages.
       return 1;
     }
     return -EACCES;