tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Don't allow users to set internal attributes via PUT 

fixes #10601
This commit is contained in:
Gunnar Beutner 2015-11-11 08:29:48 +01:00
parent 63055eb441
commit 356c4cc170
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
lib/remote/configobjectutility.cpp
View File

@ -66,9 +66,23 @@ String ConfigObjectUtility::CreateObjectConfig(const Type::Ptr& type, const Stri
Dictionary::Ptr allAttrs = new Dictionary();
if (attrs)
if (attrs) {
attrs->CopyTo(allAttrs);
ObjectLock olock(attrs);
BOOST_FOREACH(const Dictionary::Pair& kv, attrs) {
int fid = type->GetFieldId(kv.first);
if (fid < 0)
BOOST_THROW_EXCEPTION(ScriptError("Invalid attribute specified: " + kv.first));
Field field = type->GetFieldInfo(fid);
if (field.Attributes & FANoUserModify)
BOOST_THROW_EXCEPTION(ScriptError("Attribute is marked for internal use only and may not be set: " + kv.first));
}
}
if (nameParts)
nameParts->CopyTo(allAttrs);