Fix incorrect HTTP content length limits

2018-02-28 12:06:01 +01:00 · 2018-02-28 12:06:01 +01:00 · 622127276b
parent 85858e6a36
commit 622127276b
2 changed files with 28 additions and 19 deletions
--- a/doc/12-icinga2-api.md
+++ b/doc/12-icinga2-api.md
@ -230,12 +230,12 @@ Available permissions for specific URL endpoints:
  actions/&lt;action&gt;        | /v1/actions   | Yes               | 1
  config/query                  | /v1/config    | No                | 1
  config/modify                 | /v1/config    | No                | 512
-  console                       | /v1/console   | No                | 512
+  console                       | /v1/console   | No                | 1
  events/&lt;type&gt;           | /v1/events    | No                | 1
  objects/query/&lt;type&gt;    | /v1/objects   | Yes               | 1
-  objects/create/&lt;type&gt;   | /v1/objects   | No                | 512
-  objects/modify/&lt;type&gt;   | /v1/objects   | Yes               | 512
-  objects/delete/&lt;type&gt;   | /v1/objects   | Yes               | 512
+  objects/create/&lt;type&gt;   | /v1/objects   | No                | 1
+  objects/modify/&lt;type&gt;   | /v1/objects   | Yes               | 1
+  objects/delete/&lt;type&gt;   | /v1/objects   | Yes               | 1
  status/query                  | /v1/status    | Yes               | 1
  templates/&lt;type&gt;        | /v1/templates | Yes               | 1
  types                         | /v1/types     | Yes               | 1
--- a/lib/remote/httpserverconnection.cpp
+++ b/lib/remote/httpserverconnection.cpp
@ -190,15 +190,6 @@ bool HttpServerConnection::ProcessMessage(void)

 bool HttpServerConnection::ManageHeaders(HttpResponse& response)
 {
-	static const size_t defaultContentLengthLimit = 1 * 1024 * 1024;
-	static const Dictionary::Ptr specialContentLengthLimits = new Dictionary;
-    specialContentLengthLimits->Set("*", 512 * 1024 * 1024);
-	specialContentLengthLimits->Set("config/modify", 512 * 1024 * 1024);
-	specialContentLengthLimits->Set("console", 512 * 1024 * 1024);
-	specialContentLengthLimits->Set("objects/create", 512 * 1024 * 1024);
-	specialContentLengthLimits->Set("objects/modify", 512 * 1024 * 1024);
-	specialContentLengthLimits->Set("objects/delete", 512 * 1024 * 1024);
-
 	if (m_CurrentRequest.Headers->Get("expect") == "100-continue") {
 		String continueResponse = "HTTP/1.1 100 Continue\r\n\r\n";
 		m_Stream->Write(continueResponse.CStr(), continueResponse.GetLength());
@ -289,16 +280,34 @@ bool HttpServerConnection::ManageHeaders(HttpResponse& response)
 		return false;
 	}

+	static const size_t defaultContentLengthLimit = 1 * 1024 * 1024;
 	size_t maxSize = defaultContentLengthLimit;

 	Array::Ptr permissions = m_AuthenticatedUser->GetPermissions();
-	ObjectLock olock(permissions);

-	for (const Value& permission : permissions) {
-		std::vector<String> permissionParts = String(permission).Split("/");
-		String permissionPath = permissionParts[0] + (permissionParts.size() > 1 ? "/" + permissionParts[1] : "");
-		int size = specialContentLengthLimits->Get(permissionPath);
-		maxSize = size > maxSize ? size : maxSize;
+	if (permissions) {
+		ObjectLock olock(permissions);
+
+		for (const Value& permissionInfo : permissions) {
+			String permission;
+
+			if (permissionInfo.IsObjectType<Dictionary>())
+				permission = static_cast<Dictionary::Ptr>(permissionInfo)->Get("permission");
+			else
+				permission = permissionInfo;
+
+			static std::vector<std::pair<String, size_t>> specialContentLengthLimits {
+				  { "config/modify", 512 * 1024 * 1024 }
+			};
+
+			for (const auto& limitInfo : specialContentLengthLimits) {
+				if (limitInfo.second <= maxSize)
+					continue;
+
+				if (Utility::Match(permission, limitInfo.first))
+					maxSize = limitInfo.second;
+			}
+		}
 	}

 	size_t contentLength = m_CurrentRequest.Headers->Get("content-length");