From 9936f8916749cfafca6e45dd00573f8bedc72256 Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@redhat.com>
Date: Thu, 1 Feb 2018 09:03:32 -0600
Subject: [PATCH] mon: require authentication for MGetConfig and mon metadata

More importantly, the set of non-authentication operations that are allowed
is more restricted: auth messages, getting monmap, ping.

Signed-off-by: Sage Weil <sage@redhat.com>
---
 src/mon/Monitor.cc | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 2588482ae17..bffc1477ca0 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -4050,21 +4050,26 @@ void Monitor::dispatch_op(MonOpRequestRef op)
     case CEPH_MSG_MON_GET_MAP:
       handle_mon_get_map(op);
       break;
+  }
+  if (dealt_with)
+    return;
+
+  if (!op->get_session()->authenticated) {
+    dout(5) << __func__ << " " << op->get_req()->get_source_inst()
+            << " is not authenticated, dropping " << *(op->get_req())
+            << dendl;
+    goto drop;
+  }
 
-      // unauthenticated clients can fetch config
+  switch (op->get_req()->get_type()) {
     case MSG_GET_CONFIG:
       configmon()->handle_get_config(op);
-      break;
+      return;
 
     case CEPH_MSG_MON_METADATA:
       return handle_mon_metadata(op);
 
-    default:
-      dealt_with = false;
-      break;
   }
-  if (dealt_with)
-    return;
 
   /* well, maybe the op belongs to a service... */
   op->set_type_service();
-- 
2.39.5