6c03598678
Merge pull request #9896 from Icinga/provide-cancel_time-where-has_been_cancelled-may-be-1
...
Disallow triggering a cancelled downtime, but provide cancel_time in Icinga DB downtime history where has_been_cancelled may be 1
2023-12-20 10:03:09 +01:00
949d983a76
Merge pull request #9895 from Icinga/targeted-api-filter
...
FilterUtility::GetFilterTargets(): don't run filter for specific object(s) for all objects
2023-12-19 15:18:41 +01:00
8b2e28a869
Merge pull request #9891 from Icinga/renew-the-ca-9890
...
ApiListener#Start(): auto-renew CA on its owner
2023-12-19 14:57:47 +01:00
96cfc4abe8
Merge pull request #9887 from Icinga/argument-list-too-long-9340
...
PluginNotificationTask::ScriptFunc(): on Linux truncate output and comment
2023-12-19 14:36:57 +01:00
175153ce6a
PluginNotificationTask::ScriptFunc(): on Linux truncate output and comment
...
not to run into an exec(3) error E2BIG due to a too long argument.
This sends a notification with truncated output instead of not sending.
2023-12-19 12:21:03 +01:00
966216f4ba
RequestCertificateHandler(): also renew if CA needs a renewal
...
and a newer one is available.
2023-12-18 15:28:11 +01:00
551c3afa60
CertificateToString(): allow raw pointer input
2023-12-18 15:28:11 +01:00
bc778116e9
ApiListener#Start(): auto-renew CA on its owner
...
otherwise it would expire.
2023-12-18 15:28:11 +01:00
36a08b0497
ApiListener#RenewCert(): enable optional CA creation
2023-12-18 15:28:11 +01:00
7b55df6f11
CreateCertIcingaCA(EVP_PKEY*, X509_NAME*): enable optional CA creation
2023-12-18 15:28:11 +01:00
953eeba061
Merge pull request #9893 from Icinga/do-not-re-notify-if-filtered-states-don-t-change-4503
...
Discard likely duplicate problem notifications via Notification#last_notified_state_per_user
2023-12-13 16:13:28 +01:00
ecfc9033b0
FilterUtility::GetFilterTargets(): don't run filter for specific object(s) for all objects
2023-12-13 16:02:50 +01:00
15191bcd74
ApplyRule::GetTarget*s(): support constant strings from variables
...
in addition to literal strings. This is for sandboxed filters with some
variables pre-set by the caller. They're "constant" in that scope, too.
2023-12-13 16:02:50 +01:00
a04cef1890
Introduce DictExpression#GetExpressions()
2023-12-13 16:02:50 +01:00
8bcae97ecc
Introduce Dictionary#GetRef()
2023-12-13 16:02:50 +01:00
97cd05db7a
Notification#BeginExecuteNotification(): on recovery clear last_notified_state_per_user
2023-12-13 13:21:22 +01:00
44e9c6f40d
Notification#BeginExecuteNotification(): discard likely duplicate problem notifications
2023-12-13 13:21:19 +01:00
74f52c6fcd
Introduce IsCaUptodate() by splitting IsCertUptodate()
2023-12-13 12:08:34 +01:00
871fa67b52
Merge pull request #9885 from Icinga/renegotiation
2023-12-12 17:38:09 +01:00
2cff763295
Cluster-sync Notification#last_notified_state_per_user
2023-12-12 15:29:50 +01:00
b25ba7a316
Notification#BeginExecuteNotification(): track state change notifications
2023-12-07 12:43:30 +01:00
d2a7117007
Merge pull request #9899 from Icinga/icinga2-crashes-silently-9897
...
IcingaDB#SendConfigDelete(): fix missing nullptr check before deref
2023-11-21 11:03:28 +01:00
7fc7d054af
Merge pull request #9841 from WuerthPhoenix/fix-9840-lock-console-api-during-reload
2023-11-21 10:36:26 +01:00
7174dc864d
IcingaDB#SendConfigDelete(): fix missing nullptr check before deref
2023-11-10 17:43:33 +01:00
9aaa9901bd
Icinga DB downtime history: provide cancel_time where has_been_cancelled may be 1
...
The table sla_history_downtime requires a downtime_end.
The Go daemon takes the cancel_time if has_been_cancelled is 1.
So we must supply a cancel_time whereever has_been_cancelled is 1.
Otherwise the Go daemon can't process some entries.
2023-11-08 15:22:39 +01:00
7ce9457a4a
Disable TLS renegotiation
...
The API doesn't need it and a customer's security scanner
is afraid of a potential DoS attack vector.
2023-11-06 18:46:37 +01:00
1f06589f7a
Remove dead code in GetSignatureAlgorithm()
...
This code was added in commit 548eb93
2023-10-20 18:55:44 +02:00
bba6a76f4a
Merge pull request #9853 from Icinga/GelfWriter-m_StreamMutex
...
GelfWriter: protect m_Stream via m_WorkQueue, not ObjectLock(this)
2023-09-07 11:46:38 +02:00
e5d988a2fe
Merge pull request #7799 from Icinga/bugfix/file-end
...
Fix file endings
2023-08-25 11:06:19 +02:00
4ee10a6c20
GelfWriter: protect m_Stream via m_WorkQueue, not ObjectLock(this)
...
On shutdown or HA re-connect ConfigObject#SetAuthority(false) is called which
does ObjectLock(this) and ConfigObject#Pause(). GelfWriter#Pause(), with the
above ObjectLock, calls m_WorkQueue.Join(). But items inside that also doing
ObjectLock(this) cause a deadlock.
2023-08-24 17:48:09 +02:00
41e21cb8cf
Prevent calls to command API while the configuration is reloading.
...
Fixes #9840
2023-08-09 08:45:04 +02:00
1af5109ad3
Merge pull request #9734 from Icinga/remove-unused-stream-peek-
...
Remove unused Stream#Peek()
2023-07-13 16:52:29 +02:00
8f8a6ee2a0
Application::m_LastReloadFailed: if double isn't always lock free, use uint32_t
...
which will overflow in 2106, not 2038.
This fixes a compile failure on 32-bit Raspbian.
2023-07-10 10:51:02 +02:00
000a776dfb
Built-in check command: ifw-api ( #9062 )
2023-07-06 14:18:21 +02:00
26a75f8a6f
Merge pull request #9812 from Icinga/support-elasticsearch-8-0-9251
...
ElasticsearchWriter: switch to v7+ URL schema to support v8
2023-07-05 10:15:10 +02:00
fe13b96226
Merge pull request #9809 from Icinga/reevaluate-and-update-default-tls-cipher-list-9808
...
Copy and paste global default TLS cipher set from ssl-config.mozilla.org
2023-07-03 19:13:10 +02:00
617dda61fb
Re-order global default TLS cipher list to prefer AES256 over AES128
2023-07-03 15:36:11 +02:00
4c2e59a690
ElasticsearchWriter: switch to v7+ URL schema to support v8
...
and OpenSearch 2. This breaks the EOL v5 and v6.
2023-07-03 14:43:45 +02:00
70d6b6e424
Merge pull request #9810 from Icinga/Al2Klimov-patch-8
...
ElasticsearchWriter#Pause(): call Flush() only once
2023-06-30 17:21:16 +02:00
076eb59443
ElasticsearchWriter#Pause(): lock m_DataBufferMutex during Flush()
...
just to be sure regarding race conditions.
2023-06-30 14:57:18 +02:00
a2e05f89e8
Enable built-in OpenSSL DH parameters to allow DHE TLS ciphers
...
Non-ECC DHE ciphers in the `cipher_list` attribute of `ApiListener` (the
default value includes these) had no effect as no DH parameters were available
and therefore the server wouldn't offer these ciphers. OpenSSL provides
built-in DH parameters starting from version 1.1.0, however, these have to be
enables explicitly using the `SSL_CTX_set_dh_auto()` function. This commit does
so and thereby makes it possible to establish a connection to an Icinga 2
server using a DHE cipher.
2023-06-29 12:06:26 +02:00
d5e6ecec8a
ElasticsearchWriter#Pause(): call Flush() only once
...
The first Flush() is redundant and may access m_DataBuffer at the same time as some Flush() in m_WorkQueue (race condition) which isn't joined, yet.
2023-06-29 10:42:12 +02:00
2e053b0e06
Copy and paste global default TLS cipher set from ssl-config.mozilla.org
...
which got more secure by now, but still overlaps with v2.13.x' set.
2023-06-28 14:49:08 +02:00
a2926b8604
Merge pull request #9794 from Icinga/round-notification-times-begin-end-not-to-crash-go-daemon
...
IcingaDB::PrepareObject(): round Notification#times.{begin,end} not to crash Go daemon
2023-06-27 17:08:41 +02:00
dccb678882
IcingaDB::PrepareObject(): cut off (null) negative Notification#times.{begin,end} not to crash Go daemon
...
At least our PostgreSQL schema enforces positive values.
2023-06-27 12:58:08 +02:00
415b810abf
IcingaDB::PrepareObject(): round Notification#times.{begin,end} not to crash Go daemon
...
The latter expects ints, not floats - not to mention strings.
Luckily Icinga already enforces numeric strings so that we can cast it to number.
2023-06-27 12:53:08 +02:00
9cf519316e
Merge pull request #9805 from Icinga/checkcommand-timeout-0-crashes-icinga-db-daemon-9804
...
IcingaDB::PrepareObject(): cut off (0) negative Command#timeout for Redis
2023-06-27 10:45:02 +02:00
c08d3beeb1
Merge pull request #9785 from Icinga/Al2Klimov-patch-8
...
Icinga DB: also write ConfigObject#original_attributes into Redis
2023-06-27 10:24:41 +02:00
bd11bc2eb4
Merge pull request #9793 from Icinga/unmarshal-number-42-5-into-go-struct-field-notification-notification_interval
...
IcingaDB::PrepareObject(): round Notification#interval and limit it to >=0
2023-06-27 10:12:13 +02:00
d641a3c799
IcingaDB::PrepareObject(): cut off (0) negative Command#timeout for Redis
...
not to crash the Go daemon which expects positive values there.
2023-06-26 15:36:47 +02:00
Alexander Aleksandrovič Klimov
Julian Brost
Alexander Aleksandrovič Klimov
Theo Buehler
Mattia Codato