tyler.durden/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2025-04-08 17:05:25 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,020 Commits 421 Branches 120 Tags
Commit Graph

2005 Commits

Author SHA1 Message Date
Alexander Aleksandrovič Klimov
8b2e28a869
Merge pull request #9891 from Icinga/renew-the-ca-9890 
ApiListener#Start(): auto-renew CA on its owner
 2023-12-19 14:57:47 +01:00
Alexander A. Klimov
551c3afa60 CertificateToString(): allow raw pointer input 2023-12-18 15:28:11 +01:00
Alexander A. Klimov
7b55df6f11 CreateCertIcingaCA(EVP_PKEY*, X509_NAME*): enable optional CA creation 2023-12-18 15:28:11 +01:00
Alexander A. Klimov
8bcae97ecc Introduce Dictionary#GetRef() 2023-12-13 16:02:50 +01:00
Alexander A. Klimov
74f52c6fcd Introduce IsCaUptodate() by splitting IsCertUptodate() 2023-12-13 12:08:34 +01:00
Julian Brost
871fa67b52
Merge pull request #9885 from Icinga/renegotiation 2023-12-12 17:38:09 +01:00
Alexander A. Klimov
7ce9457a4a Disable TLS renegotiation 
The API doesn't need it and a customer's security scanner
is afraid of a potential DoS attack vector.
 2023-11-06 18:46:37 +01:00
Theo Buehler
1f06589f7a Remove dead code in GetSignatureAlgorithm() 
This code was added in commit 548eb93 and never did anything useful.
Using X509_get_signature_nid() or its expanded version in the pre-1.1
branch is the correct way of retrieving the signature algorithm of a
certificate.

CLA: trivial
 2023-10-20 18:55:44 +02:00
Alexander Aleksandrovič Klimov
e5d988a2fe
Merge pull request #7799 from Icinga/bugfix/file-end 
Fix file endings
 2023-08-25 11:06:19 +02:00
Alexander Aleksandrovič Klimov
993c9b742d
Make ObjectImpl<Logger>#GetSeverity() non-virtual 
After all it's not overridden.
 2023-08-15 13:03:31 +02:00
Alexander A. Klimov
1308ad62af Stream#Read(): remove de facto unused param allow_partial 
The only caller passes true, so no one forbids partial reads (even implicitly).
All usages in the implementation just assert it being true (allowed).
 2023-07-13 16:55:48 +02:00
Alexander Aleksandrovič Klimov
1af5109ad3
Merge pull request #9734 from Icinga/remove-unused-stream-peek- 
Remove unused Stream#Peek()
 2023-07-13 16:52:29 +02:00
Alexander A. Klimov
8f8a6ee2a0 Application::m_LastReloadFailed: if double isn't always lock free, use uint32_t 
which will overflow in 2106, not 2038.
This fixes a compile failure on 32-bit Raspbian.
 2023-07-10 10:51:02 +02:00
Julian Brost
fe13b96226
Merge pull request #9809 from Icinga/reevaluate-and-update-default-tls-cipher-list-9808 
Copy and paste global default TLS cipher set from ssl-config.mozilla.org
 2023-07-03 19:13:10 +02:00
Alexander A. Klimov
617dda61fb Re-order global default TLS cipher list to prefer AES256 over AES128 2023-07-03 15:36:11 +02:00
Julian Brost
a2e05f89e8 Enable built-in OpenSSL DH parameters to allow DHE TLS ciphers 
Non-ECC DHE ciphers in the `cipher_list` attribute of `ApiListener` (the
default value includes these) had no effect as no DH parameters were available
and therefore the server wouldn't offer these ciphers. OpenSSL provides
built-in DH parameters starting from version 1.1.0, however, these have to be
enables explicitly using the `SSL_CTX_set_dh_auto()` function. This commit does
so and thereby makes it possible to establish a connection to an Icinga 2
server using a DHE cipher.
 2023-06-29 12:06:26 +02:00
Alexander A. Klimov
2e053b0e06 Copy and paste global default TLS cipher set from ssl-config.mozilla.org 
which got more secure by now, but still overlaps with v2.13.x' set.
 2023-06-28 14:49:08 +02:00
Julian Brost
b0899d9ab4
Merge pull request #8429 from Icinga/bugfix/last-reload-attempt-failed-8428 
Share "Last reload attempt failed" time across Icinga process tree on *nix
 2023-05-30 11:42:21 +02:00
Julian Brost
2470e930eb
Merge pull request #9643 from Icinga/hardware_concurrency 
Always use Configuration#Concurrency, not `std:🧵:hardware_concurrency()`
 2023-05-23 19:23:14 +02:00
Alexander A. Klimov
3fae41ef22 Restart thread pool after freezing Configuration 
The user (-D) or we could have changed Configuration.Concurrency,
so correct the thread pool's thread amount.
 2023-05-23 14:41:35 +02:00
Alexander A. Klimov
9376a311ea Fix file endings 
git ls-files -z \
	|grep -zEe '^lib/' \
	|grep -zEe '\.[ch]pp$' \
	|xargs -0 perl -p0i -e 's/\n*(?!(?:.|\n))/\n/'
 2023-05-17 18:05:13 +02:00
Alexander A. Klimov
32eb1680f7 Configuration.Concurrency: default to 1 until Configuration freeze 
not to start many threads before the user could override their amount (-D).
 2023-05-11 16:59:47 +02:00
Alexander A. Klimov
8fb5d53118 Track Configuration.Concurrency modifications 2023-05-11 15:41:35 +02:00
Alexander A. Klimov
5c330e9d4f Share "Last reload attempt failed" time across Icinga process tree on *nix 
... as only the umbrella process knows that time,
but the icinga check running in the main process also needs to know it.

refs #8428
 2023-05-08 14:42:21 +02:00
Julian Brost
af9d67b262
Merge pull request #9726 from Icinga/43624b 
Remove -and notify- expired downtimes immediately, not every 60s II
 2023-05-02 11:25:03 +02:00
Alexander A. Klimov
ba7102cae3 Explicitly stop started timers and wait for them 
before permitting their parent objects' destruction.
For the cases where the handlers have raw pointers to these objects.
 2023-04-14 14:52:04 +02:00
Alexander A. Klimov
a66ace7245 Introduce SharedMemory 2023-04-04 13:40:27 +02:00
Alexander A. Klimov
c41e5fd05d Support multiple redundant Timer#Start() calls 
so that only the first one changes l_AliveTimers (as in Timer#Stop()).
 2023-04-04 10:35:22 +02:00
Alexander A. Klimov
298f3b1973 Timer: actually support non-periodic timers 2023-04-04 10:35:22 +02:00
Alexander A. Klimov
3933502739 Timer#Start(): don't unnecessarily unlock/lock l_TimerMutex 
via new Timer#InternalRescheduleUnlocked()
 2023-04-04 10:35:22 +02:00
Alexander A. Klimov
13b9cfda41 Timer::TimerThreadProc(): don't unnecessarily unlock and lock l_TimerMutex 2023-04-04 10:35:22 +02:00
Alexander A. Klimov
1badbab002 Timer::TimerThreadProc(): keep a Timer alive while it's running 
to prevent the case: Timer callback destroys parent object -> destroys
Timer -> ~Timer() -> Stop(true) -> waits for the Timer callback to finish
-> deadlock.
 2023-04-04 10:35:22 +02:00
Alexander A. Klimov
9b00c1c4dd Timer: drop unnecessary base class 2023-04-04 10:35:22 +02:00
Alexander A. Klimov
24681b30f6 Make Timer::Ptr a std::shared_ptr 2023-04-04 10:35:22 +02:00
Alexander A. Klimov
9ee4d08722 Make Timer#Timer() private to enforce Timer::Create() usage 2023-04-04 10:35:22 +02:00
Alexander A. Klimov
21b68455ce Use Timer::Create() instead of new Timer() 
git ls-files -z |xargs -0 perl -pi -e 's/\bnew Timer\b/Timer::Create/g'

ex. in Timer::Create() itself.
 2023-04-04 10:35:20 +02:00
Alexander A. Klimov
bb1f574b69 Introduce factory method Timer::Create() 2023-04-04 10:35:10 +02:00
Alexander A. Klimov
335688909b Document why Timer::TimerThreadProc() can use Timer members during Timer#~Timer() call 2023-03-29 18:04:19 +02:00
Alexander A. Klimov
78b4dc6509 Remove unused Stream#Peek() 2023-03-24 18:18:13 +01:00
Julian Brost
66b039df9c
Merge pull request #9497 from Icinga/9249 
Application::Exit(): don't exit(), but _exit(), even in debug build mode
 2023-03-10 16:04:54 +01:00
Alexander Aleksandrovič Klimov
55930c8042
ProcessSpawnImpl(): remove redundant _exit(128); 
Now this if doesn’t _exit(128) by itself, but "return" to the outer if which immediately _exit(128)s.
 2023-03-02 12:45:15 +01:00
Julian Brost
cf517050bc
Merge pull request #9711 from Icinga/connect-cancel 
Connect(): don't try next DNS record if operation is canceled
 2023-03-01 15:49:53 +01:00
Alexander A. Klimov
79f1e0666a Connect(): don't try next DNS record if operation is canceled 
Instead return immediately to meet the caller's expectations.
 2023-02-28 10:57:54 +01:00
Julian Brost
bda8be343b
Merge pull request #9662 from Icinga/Repair#9627 
Repair DSL Namespace values being constant broken in #9627
 2023-02-20 16:35:36 +01:00
Julian Brost
d9767cff3f
Merge pull request #9675 from Icinga/third-party/nlohmann_json 
Update third-party/nlohmann_json to v3.9.1
 2023-02-20 15:31:32 +01:00
Julian Brost
3023009804
Merge pull request #9653 from Icinga/9631 
Setup all signal handlers with SA_RESTART flag
 2023-02-14 17:55:09 +01:00
Alexander A. Klimov
34d0b942b9 Update third-party/nlohmann_json to v3.9.1 
the latest version w/o Apache 2.0 licensed code which conflicts with GPL 2.
 2023-02-14 16:19:44 +01:00
Julian Brost
e074e892ce
Merge pull request #9658 from Icinga/unfreeze 
Dictionary#*(): remove bool overrideFrozen if unused
 2023-02-10 19:42:00 +01:00
Alexander A. Klimov
f3f2c943c7 ScriptGlobal::Set(): don't explicitly give Namespace#Set() its default values 2023-02-10 15:55:10 +01:00
Alexander A. Klimov
e61b380808 Call Namespace#Set(), not #SetFieldByName() 
Namespace#SetFieldByName() calls #Set() anyway.
 2023-02-10 15:53:30 +01:00