Limit anonymous connections to 25

author Jean Flach <jean-marcel.flach@icinga.com>

Mon, 5 Mar 2018 12:22:43 +0000 (13:22 +0100)

committer Jean Flach <jean-marcel.flach@icinga.com>

Mon, 5 Mar 2018 12:22:43 +0000 (13:22 +0100)
author Jean Flach <jean-marcel.flach@icinga.com>
Mon, 5 Mar 2018 12:22:43 +0000 (13:22 +0100)
committer Jean Flach <jean-marcel.flach@icinga.com>
Mon, 5 Mar 2018 12:22:43 +0000 (13:22 +0100)
diff --git a/lib/base/netstring.cpp b/lib/base/netstring.cpp

index e970f3b61d4c9f6491bc24235054b59f7b94ffd9..7d11d8928c6bb37c5a3fe3375388b0bc35417657 100644 (file)
--- a/lib/base/netstring.cpp
+++ b/lib/base/netstring.cpp
@@ -87,7 +87,7 @@ StreamReadStatus NetString::ReadStringFromStream(const Stream::Ptr& stream, Stri
  
         if (maxMessageLength >= 0 && data_length > maxMessageLength) {
                 std::stringstream errorMessage;
-               errorMessage << "Max data length exceeded: " << (maxMessageLength / 1024 / 1024) << " MB";
+               errorMessage << "Max data length exceeded: " << (maxMessageLength / 1024) << " KB";
  
                 BOOST_THROW_EXCEPTION(std::invalid_argument(errorMessage.str()));
         }
diff --git a/lib/remote/apilistener.cpp b/lib/remote/apilistener.cpp

index bc0df4449bdf0103751bf0f53fdb896ad8be994e..c53cd103cd03a9650e631cff1ef107c38e3c1010 100644 (file)
--- a/lib/remote/apilistener.cpp
+++ b/lib/remote/apilistener.cpp
@@ -547,8 +547,12 @@ void ApiListener::NewClientHandlerInternal(const Socket::Ptr& client, const Stri
                         endpoint->AddClient(aclient);
  
                         m_SyncQueue.Enqueue(std::bind(&ApiListener::SyncClient, this, aclient, endpoint, needSync));
-               } else
-                       AddAnonymousClient(aclient);
+               } else {
+                       if (!AddAnonymousClient(aclient)) {
+                               Log(LogNotice, "ApiListener", "Ignoring anonymous JSON-RPC connection. Max connections exceeded.");
+                               aclient->Disconnect();
+                       }
+               }
         } else {
                 Log(LogNotice, "ApiListener", "New HTTP client");
  
@@ -1360,10 +1364,14 @@ double ApiListener::CalculateZoneLag(const Endpoint::Ptr& endpoint)
         return 0;
  }
  
-void ApiListener::AddAnonymousClient(const JsonRpcConnection::Ptr& aclient)
+bool ApiListener::AddAnonymousClient(const JsonRpcConnection::Ptr& aclient)
  {
         boost::mutex::scoped_lock lock(m_AnonymousClientsLock);
+       if (m_AnonymousClients.size() > 25)
+               return false;
+
         m_AnonymousClients.insert(aclient);
+       return true;
  }
  
  void ApiListener::RemoveAnonymousClient(const JsonRpcConnection::Ptr& aclient)
diff --git a/lib/remote/apilistener.hpp b/lib/remote/apilistener.hpp

index eb195f5b5d458802004dd6e317682e1a47586553..b3894992af2f8d69d4a3b6db7e0e7a3cea84415f 100644 (file)
--- a/lib/remote/apilistener.hpp
+++ b/lib/remote/apilistener.hpp
@@ -79,7 +79,7 @@ public:
         static void StatsFunc(const Dictionary::Ptr& status, const Array::Ptr& perfdata);
         std::pair<Dictionary::Ptr, Dictionary::Ptr> GetStatus();
  
-       void AddAnonymousClient(const JsonRpcConnection::Ptr& aclient);
+       bool AddAnonymousClient(const JsonRpcConnection::Ptr& aclient);
         void RemoveAnonymousClient(const JsonRpcConnection::Ptr& aclient);
         std::set<JsonRpcConnection::Ptr> GetAnonymousClients() const;
author	Jean Flach <jean-marcel.flach@icinga.com>
	Mon, 5 Mar 2018 12:22:43 +0000 (13:22 +0100)
committer	Jean Flach <jean-marcel.flach@icinga.com>
	Mon, 5 Mar 2018 12:22:43 +0000 (13:22 +0100)
lib/base/netstring.cpp		patch \| blob \| history
lib/remote/apilistener.cpp		patch \| blob \| history
lib/remote/apilistener.hpp		patch \| blob \| history