From e2f32372a487509b4cde5add641b9a324ed13929 Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@redhat.com>
Date: Fri, 26 Apr 2019 13:07:06 -0500
Subject: [PATCH] mon/Monitor: require authorizer from peer monitors

Mon to mon links use authorizers.  It's only non-mons connecting to mons
that use MAuth messages.

Signed-off-by: Sage Weil <sage@redhat.com>
---
 src/mon/Monitor.cc | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index c03328e56cc..55231f60bf6 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -6188,9 +6188,11 @@ int Monitor::handle_auth_request(
 	   << " payload " << payload.length()
 	   << dendl;
   if (!payload.length()) {
-    if (!con->is_msgr2()) {
-      // for v1 connections, we tolerate no authorizer, because authentication
-      // happens via MAuth messages.
+    if (!con->is_msgr2() &&
+	con->get_peer_type() != CEPH_ENTITY_TYPE_MON) {
+      // for v1 connections, we tolerate no authorizer (from
+      // non-monitors), because authentication happens via MAuth
+      // messages.
       return 1;
     }
     return -EACCES;
-- 
2.39.5