Limit anonymous connections to 25

author Jean Flach <jean-marcel.flach@icinga.com>

Mon, 5 Mar 2018 12:22:43 +0000 (13:22 +0100)

committer Gunnar Beutner <gunnar.beutner@icinga.com>

Tue, 6 Mar 2018 07:53:52 +0000 (08:53 +0100)
author Jean Flach <jean-marcel.flach@icinga.com>
Mon, 5 Mar 2018 12:22:43 +0000 (13:22 +0100)
committer Gunnar Beutner <gunnar.beutner@icinga.com>
Tue, 6 Mar 2018 07:53:52 +0000 (08:53 +0100)
diff --git a/lib/base/netstring.cpp b/lib/base/netstring.cpp

index e77a41285cb752be58d1116a22a198a9abb3cc44..f238538645faa324cabd63a4a80f407d37004f71 100644 (file)
--- a/lib/base/netstring.cpp
+++ b/lib/base/netstring.cpp
@@ -87,7 +87,7 @@ StreamReadStatus NetString::ReadStringFromStream(const Stream::Ptr& stream, Stri
  
         if (maxMessageLength >= 0 && data_length > maxMessageLength) {
                 std::stringstream errorMessage;
-               errorMessage << "Max data length exceeded: " << (maxMessageLength / 1024 / 1024) << " MB";
+               errorMessage << "Max data length exceeded: " << (maxMessageLength / 1024) << " KB";
  
                 BOOST_THROW_EXCEPTION(std::invalid_argument(errorMessage.str()));
         }
diff --git a/lib/remote/apilistener.cpp b/lib/remote/apilistener.cpp

index 107c142b7ca749baad56350efaceb191742a8ef1..65adce3becd3b5a0f7c1f8760a471c30efa975f0 100644 (file)
--- a/lib/remote/apilistener.cpp
+++ b/lib/remote/apilistener.cpp
@@ -546,8 +546,12 @@ void ApiListener::NewClientHandlerInternal(const Socket::Ptr& client, const Stri
                         endpoint->AddClient(aclient);
  
                         m_SyncQueue.Enqueue(boost::bind(&ApiListener::SyncClient, this, aclient, endpoint, needSync));
-               } else
-                       AddAnonymousClient(aclient);
+               } else {
+                       if (!AddAnonymousClient(aclient)) {
+                               Log(LogNotice, "ApiListener", "Ignoring anonymous JSON-RPC connection. Max connections exceeded.");
+                               aclient->Disconnect();
+                       }
+               }
         } else {
                 Log(LogNotice, "ApiListener", "New HTTP client");
  
@@ -1358,10 +1362,14 @@ double ApiListener::CalculateZoneLag(const Endpoint::Ptr& endpoint)
         return 0;
  }
  
-void ApiListener::AddAnonymousClient(const JsonRpcConnection::Ptr& aclient)
+bool ApiListener::AddAnonymousClient(const JsonRpcConnection::Ptr& aclient)
  {
         boost::mutex::scoped_lock lock(m_AnonymousClientsLock);
+       if (m_AnonymousClients.size() > 25)
+               return false;
+
         m_AnonymousClients.insert(aclient);
+       return true;
  }
  
  void ApiListener::RemoveAnonymousClient(const JsonRpcConnection::Ptr& aclient)
diff --git a/lib/remote/apilistener.hpp b/lib/remote/apilistener.hpp

index 1ce70316c7c4510df2ab21587fa911001a7f1c30..da492517c416aff3bad60684a924b8c36303b0b3 100644 (file)
--- a/lib/remote/apilistener.hpp
+++ b/lib/remote/apilistener.hpp
@@ -79,7 +79,7 @@ public:
         static void StatsFunc(const Dictionary::Ptr& status, const Array::Ptr& perfdata);
         std::pair<Dictionary::Ptr, Dictionary::Ptr> GetStatus(void);
  
-       void AddAnonymousClient(const JsonRpcConnection::Ptr& aclient);
+       bool AddAnonymousClient(const JsonRpcConnection::Ptr& aclient);
         void RemoveAnonymousClient(const JsonRpcConnection::Ptr& aclient);
         std::set<JsonRpcConnection::Ptr> GetAnonymousClients(void) const;
author	Jean Flach <jean-marcel.flach@icinga.com>
	Mon, 5 Mar 2018 12:22:43 +0000 (13:22 +0100)
committer	Gunnar Beutner <gunnar.beutner@icinga.com>
	Tue, 6 Mar 2018 07:53:52 +0000 (08:53 +0100)
lib/base/netstring.cpp		patch \| blob \| history
lib/remote/apilistener.cpp		patch \| blob \| history
lib/remote/apilistener.hpp		patch \| blob \| history