tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,933 Commits 347 Branches 117 Tags 197 MiB
Commit Graph

925 Commits

Author SHA1 Message Date
Alexander A. Klimov 7aae8bd265 JsonRpcConnection: re-add heartbeats 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 84b411501b Re-add JsonRpcConnection#Disconnect() 2019-04-01 13:31:16 +02:00
Alexander A. Klimov 2d16b02520 ApiListener#NewClientHandlerInternal(): shut down TLS stream 2019-04-01 13:30:42 +02:00
Alexander A. Klimov c46157d552 ApiListener: fix self-made security hole 2019-04-01 11:40:14 +02:00
Alexander A. Klimov f9fff54da2 ApiListener: don't require a valid certificate for the TLS handshake to complete 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 6c86c127f1 Port JsonRpcConnection to Boost ASIO 2019-04-01 11:40:14 +02:00
Alexander A. Klimov c76947e8b9 JsonRpc::ReadMessage(): add Boost ASIO overload 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 48b5824e37 ApiListener: send icinga::Hello message 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 49ac7777e0 JsonRpc::SendMessage(): add Boost ASIO overload 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 832365195d ApiListener: connect(2) via Boost ASIO 2019-04-01 11:40:14 +02:00
Alexander A. Klimov e9a64abd09 ApiListener#ListenerCoroutineProc(): catch more edge cases 2019-04-01 11:40:14 +02:00
Alexander A. Klimov a6813ec786 ApiListener: restore previous bind(2) behavior 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 493a97f4f3 EnsureAcceptHeader(): fix wrong condition 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 8c5d629d35 /v1/events: don't truncate any events 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 7681ec10a4 /v1/events: don't lock I/O thread 2019-04-01 11:40:14 +02:00
Alexander A. Klimov fd239ba3fe Adjust /v1/events, too 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 1941c1da28 Adjust all HTTP handlers (ex. /v1/events) 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 9ae1d732af HttpServerConnection: actually handle requests 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 7fe0431ada HttpServerConnection: verify requests via Boost ASIO + Beast 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 04a9879acc Add HttpUtility::SendJsonError() overload for Boost/Beast 2019-04-01 11:40:14 +02:00
Alexander A. Klimov fc22cbaf09 Add HttpUtility::SendJsonBody() overload for Boost/Beast 2019-04-01 11:40:14 +02:00
Alexander A. Klimov e21956e26e ApiListener: detect protocol 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 539855bac1 ApiListener: verify peer 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 720c53ab77 ApiListener: perform TLS handshake 2019-04-01 11:40:14 +02:00
Alexander A. Klimov 2615967e7f Make ApiListener#m_SSLContext a Boost ASIO SSL context 2019-04-01 11:40:14 +02:00
Alexander A. Klimov e4f3422b3a ApiListener: listen(2) via Boost ASIO 2019-04-01 11:40:14 +02:00
Michael Friedrich 4a26a48778 Code Quality: Move authority.cpp into the ApiListener class scope 2019-04-01 08:51:18 +02:00
Michael Friedrich 149f640fd8 Improve DB IDO HA failover behaviour 
- Decrease Object Authority updates to 10s (was 30s)
- Decrease failover timeout to 30s (was 60s)
- Decrease cold startup (after (re)start) with no OA updates to 30s (was 60s)
- Immediately connect on Resume()
- Fix query priority which got broken with #6970
- Add more logging when a failover is in progress

```
[2019-03-29 16:13:53 +0100] information/IdoMysqlConnection: Last update by endpoint 'master1' was 8.33246s ago (< failover timeout of 30s). Retrying.

[2019-03-29 16:14:23 +0100] information/IdoMysqlConnection: Last update by endpoint 'master1' was 38.3288s ago. Taking over 'ido-mysql' in HA zone 'master'.
```

- Add more logging for reconnect and disconnect handling
- Add 'last_failover' attribute to IDO*Connection objects

refs #6970
 2019-04-01 08:50:00 +02:00
Michael Friedrich 804c00ece5
Merge pull request #6999 from Icinga/bugfix/compiler-warnings 
Suppress or fix compiler warnings
 2019-03-18 08:44:30 +01:00
Alexander A. Klimov bf92e32496 Suppress or fix compiler warnings 2019-03-08 14:07:29 +01:00
Alexander A. Klimov 37b044ecda PkiUtility::NewCa(): just warn if the CA files already exist 2019-03-01 14:37:45 +01:00
Michael Friedrich e2df11520e
Merge pull request #6970 from Icinga/bugfix/perfdata-gaps 
Improve reload handling for features (metric & queue flush, activation priority)
 2019-02-26 15:38:15 +01:00
Michael Friedrich 458f997a18 Replace Copyright header with a short version, part II 2019-02-25 15:09:36 +01:00
Michael Friedrich d14a88235d Replace Copyright header with a short version, part I 
CLion -> replace in path
 2019-02-25 14:48:22 +01:00
Michael Friedrich ab7a799369 Implement ReloadTimeout constant and wait for enqueued checks on Stop() 2019-02-25 09:03:47 +01:00
Alexander A. Klimov 9558ebc0f4 Secure ApiUser::GetByAuthHeader() against timing attacks 2019-02-22 16:59:36 +01:00
Michael Friedrich b08d485a41
Merge pull request #6857 from Icinga/bugfix/check_nscp_api-query-sorted-6536 
Url#m_Query: preserve order
 2019-02-11 17:57:32 +01:00
Peter Eckel 5d59863725 Avoid duplicating non-zero count message replay messages in the debug log 2019-02-11 13:54:17 +01:00
Michael Friedrich b16c22448e Cluster: Delete object message should log that 
Atm it is a copy-paste error and irritates during debugging.
Coming from my analysis of existing cluster messages.
 2019-01-28 17:39:22 +01:00
Jean Flach 2aff6a5887 Don't run UpdateObjectAuthority for Comments and Downtimes 2019-01-10 11:44:14 +01:00
Michael Friedrich e1a941e5c7
Merge pull request #6880 from Icinga/bugfix/pki-requestcertificate-no-cert 
pki::RequestCertificate: handle missing certificate/CSR
 2019-01-09 09:30:27 +01:00
Alexander A. Klimov 4a7960f21b pki::RequestCertificate: handle missing certificate/CSR 2019-01-08 11:49:44 +01:00
Alexander A. Klimov f4ab0737d1 HttpServerConnection#DataAvailableHandler(): reduce log spam 2019-01-07 15:32:19 +01:00
Alexander A. Klimov eeb609d4ae Url#m_Query: preserve order 
refs #6536
 2018-12-21 11:52:37 +01:00
Michael Friedrich b58ce84b0e
Merge pull request #6817 from Icinga/bugfix/stalled-tls-connections-6816 
HttpServerConnection#DataAvailableHandler(): be aware of being called multiple times concurrently
 2018-12-05 11:35:35 +01:00
Alexander A. Klimov 7e630c7732 HttpServerConnection#DataAvailableHandler(): be aware of being called multiple times concurrently 
refs #6816
 2018-12-03 19:05:41 +01:00
Michael Friedrich 5f25eb6b2d Add a code comment for connection: close handling 2018-12-03 14:40:50 +01:00
Sven Wegener a83dbc9de5 Restore 'Connection: close' behaviour in HTTP responses 
Actually the `corked` functionality caused problems with
not closing connections properly.

Full Analysis: https://github.com/Icinga/icinga2/issues/6799#issuecomment-443710338

Full credits to @swegener :)

fixes #6799
 2018-12-03 14:27:37 +01:00
Alexander A. Klimov 8de5326d23 Remove redundand check for object existence on creation via API 
refs #3937
 2018-11-29 17:51:53 +01:00
Michael Friedrich 5406ce6540 Ensure that API/JSON-RPC messages in the same session are processed and not stalled 
This basically drops the "corked" implementation which just stalled the
TLS IO polling after some requests. If you need sort of rate limiting
for these events, use an external TLS proxy which terminates that in front
of Icinga.

fixes #6635
 2018-10-29 12:57:24 +01:00
Michael Friedrich 6de4cef3ae
Merge pull request #6719 from Icinga/fix/finished-reconnect-message 
Do not send 'finished reconnecting...' if failed
 2018-10-24 11:51:34 +02:00
Michael Friedrich bd8e9f55da
Merge pull request #6662 from Icinga/bugfix/keep-http-connection-open-until-stream-eof 
Keep the HTTP server connection open until the stream is EOF
 2018-10-24 11:31:06 +02:00
Michael Friedrich 3cb2c1d143 icinga.com: Update everything else 2018-10-18 09:50:53 +02:00
Michael Friedrich dea5ec614e icinga.com: Update CMakeLists.txt 2018-10-18 09:35:18 +02:00
Michael Friedrich 44c3b83769 icinga.com: Update '*.ti' 2018-10-18 09:30:00 +02:00
Michael Friedrich dab53448bc icinga.com: Update *.{h,c}pp 2018-10-18 09:27:04 +02:00
Michael Friedrich 34de8104b8 Fix regression with API permission filters and namespaces in v2.10 
fixes #6682
 2018-10-15 15:47:11 +02:00
Michael Friedrich 85e161ea1e Silence config compiler logging for runtime created objects 
This is especially problematic with many single creation requests,
e.g. many downtimes created via Icinga Web 2 & the REST API.

In addition to the config compiler messages, apply rule matches are
also in there which are removed by this patch.
 2018-10-09 16:41:17 +02:00
Michael Friedrich 83a428c1ba Keep the HTTP server connection open until the stream is EOF 
fixes #4968
 2018-10-09 16:01:43 +02:00
Michael Friedrich e6eb703b36
Merge pull request #6661 from Icinga/bugfix/cache-http-peer-address 
Cache the peer address in the HTTP server
 2018-10-09 16:00:27 +02:00
Michael Friedrich 5c32a5a7dc Cache the peer address in the HTTP server 
Later socket calls are expensive and might lead
into a race condition on close when logging it.

refs #6655
 2018-10-09 15:40:16 +02:00
Michael Friedrich 58cfc3955d
Merge pull request #6658 from Icinga/bugfix/api-connection-close-req-by-client 
Ensure that HTTP/1.0 or 'Connection: close' headers are properly disconnecting the client
 2018-10-09 13:49:22 +02:00
Michael Friedrich 9352f4bfb3
Merge pull request #6657 from Icinga/feature/api-debug-log-request-body 
Enable the HTTP request body debug log entry for release builds
 2018-10-09 13:29:00 +02:00
Michael Friedrich 13239c3172 Ensure that HTTP/1.0 or Connection: close headers are properly disconnecting the client 
Test results: https://github.com/Icinga/icinga2/issues/6514#issuecomment-428155731

fixes #6514
 2018-10-09 13:23:23 +02:00
Michael Friedrich 73263b7702 Enable the HTTP request body debug log entry for release builds 
fixes #4282
 2018-10-09 12:55:53 +02:00
Michael Friedrich 57081176de Improve logging for disconnected HTTP clients 
Previously this was inside the debug log, with the
new socket printers we can enhance checking for proper
connects and disconnects.

refs #6514
 2018-10-09 12:22:19 +02:00
Michael Friedrich 82178e3b33 Don't inherit daemonize parameter from parent process 2018-09-27 20:30:19 +02:00
Thomas Forrer 816cae98fa Fix config validation problem (startup.log) during /v1/config/stages API call 
copy all arguments of parent process in AsyncTryActivateStage
 2018-09-27 20:27:09 +02:00
Michael Friedrich 64e273afdd
Merge pull request #6639 from Icinga/fix/windows-api-log-rename 
Ensure to _unlink before renaming replay log on Windows
 2018-09-27 08:02:00 +02:00
Michael Friedrich c979f86e4e
Merge pull request #6632 from Icinga/feature/cluster-faster-reconnect 
Increase the cluster reconnect frequency to 10s
 2018-09-25 17:07:01 +02:00
Michael Friedrich cbde35ff22 Use a dynamic thread pool for API connections 
The full analysis is located in #6517.

fixes #6517
 2018-09-25 12:43:10 +02:00
Michael Friedrich cd819f74f4 Increase the cluster reconnect frequency to 10s 
This is blocked by #6517.

refs #6234
 2018-09-25 12:36:30 +02:00
Michael Friedrich 29701b4db5 Add ApiListener#tls_handshake_timeout option 
This allows to specify the previously hardcoded
timeout of 10s.

refs #6517
 2018-09-14 09:20:09 +02:00
Michael Friedrich dd59964702
Merge pull request #6596 from Icinga/bugfix/gcc-8-f28-hardening-crash 
Fix crash on API queries with Fedora 28 hardening and GCC 8
 2018-09-11 20:44:12 +02:00
Noah Hilverling 3854ed683b Improve TLS handshake exception logging 2018-09-06 15:58:42 +02:00
Michael Friedrich 1f4f6282c7 Fix crash on API queries with Fedora 28 hardening and GCC 8 
The actual fix is to handle nullptr references differently
for an empty filter expression. The other changes include
oob checks not necesarily involved.

fixes #6533
 2018-09-06 09:56:04 +02:00
Michael Friedrich 9a75f47fc5 Allow to configure anonymous clients limit inside the ApiListener object 
Previously this was hardcoded, and for security reasons users might want
to adjust this value. This affects CSR signing requests as well as
clients which have not yet been configured as endpoints on the current
node.

refs #6566
 2018-09-05 17:45:35 +02:00
Michael Friedrich a1ec919f5b Raise the message size for anonymous client and pki request calls to 1MB 
If one sends the full certificate chain, this previous limit of 64KB
could be hit.
 2018-09-05 17:44:05 +02:00
Michael Friedrich 237fd520db
Merge pull request #6509 from gunnarbeutner/feature/real-constants 
Implement support for namespaces
 2018-08-24 12:10:10 +02:00
Michael Friedrich 7a22113f86
Merge pull request #6570 from Icinga/bugfix/tls-anonymous-clients-limit 
Increase limit for simultaneously connected anonymous TLS clients
 2018-08-23 17:13:41 +02:00
Michael Friedrich 0dd168fe80 Increase limit for simultaneously connected anonymous TLS clients 2018-08-23 17:10:51 +02:00
Michael Friedrich 6a71b75f63 ApiListener: Dump the state file port detail as number 
refs #6511
 2018-08-22 12:57:47 +02:00
Gunnar Beutner e678fa1aa5 Refactor Application::*Const() 2018-08-13 15:27:05 +02:00
Gunnar Beutner 8fda8d72ac Implement support for the namespace and using keywords 2018-08-13 13:44:31 +02:00
Gunnar Beutner 1a8692d972 Implement support for namespaces 2018-08-13 13:44:31 +02:00
Michael Friedrich 060a1ebbd9
Merge pull request #6512 from Icinga/feature/sni-environment 
Refactor environment for API connections
 2018-08-10 13:15:48 +02:00
Michael Friedrich 97513965e6 Introduce IcingaApplication#environment 
Precedence as follows:

- DEnvironment=...
- const Environment = ...
- object IcingaApplication "app" { environment = "..." }

The wrapped script constant handling is required
since we cannot directly link from libremote (SNI handling)
to libicinga where the object resides. Instead we'll
use the Application class helpers for hiding the ScriptGlobal
calls.
 2018-08-10 12:49:48 +02:00
Michael Friedrich a4c689e5cf Build fix for CentOS 7 and non-unity builds 2018-08-09 16:23:24 +02:00
Michael Friedrich b350512b11 Rename to Environment constant 2018-08-09 13:19:33 +02:00
Markus Frosch eb02d9041d Refactor environment for API connections 
* Const renamed to `ApiEnvironment`
* Handling moved to ApiListener
* Now a property of ApiListener
 2018-08-09 13:19:33 +02:00
Michael Friedrich f1e7e635a2
Merge pull request #6531 from Icinga/feature/zone-all_parents 
Expose Zone#all_parents via API
 2018-08-09 13:11:23 +02:00
Michael Friedrich ecb73e08ed Implement ApiListener status file removal on shutdown 2018-08-09 11:54:34 +02:00
Noah Hilverling 7b977b2c52 Do not send 'finished reconnecting...' if failed 2018-08-09 08:29:27 +02:00
Markus Frosch 20269a89d0 ApiListener: Add support for dynamic port handling 2018-08-08 17:42:57 +02:00
Alexander A. Klimov ea5614f7df Expose Zone#all_parents via API 2018-08-08 14:38:02 +02:00
Alexander A. Klimov 7bcbd9b497 Rename Zone#GetAllParents() to Zone#GetAllParentsRaw() 2018-08-08 14:38:02 +02:00
Markus Frosch 9fbc40615a Improve path handling in cmake and daemon 2018-08-07 14:10:26 +02:00
Michael Friedrich 1d22b6e176
Merge pull request #6410 from Icinga/remove-dead-code 
Remove unused code
 2018-07-27 15:56:52 +02:00
Markus Frosch ddc5b951b3
Revert "Implement support for the --env command-line argument" 2018-07-26 17:09:06 +02:00
Michael Friedrich 46e71a83dc
Merge pull request #6414 from Icinga/feature/icinga-envs 
Implement support for the --env command-line argument
 2018-07-26 10:09:42 +02:00
Michael Friedrich 038b2fb94c
Merge pull request #6379 from Icinga/global-zone-validation 
Throw config error when using global zones as parent
 2018-07-26 10:01:46 +02:00
Jean Flach 2b44eff8da Fix "Discard" message being warning 2018-07-26 09:39:03 +02:00
Alexander A. Klimov ac6afadb5a Make HttpServerConnection#m_DataHandlerMutex a boost::recursive_mutex 
refs #6428
 2018-07-09 14:40:32 +02:00
Gunnar Beutner c577554073 Implement support for the --env command-line argument 2018-06-27 13:15:52 +02:00
Jean Flach 4159682cf8 Remove unused code 
These methods and types were used only by the Icinga Studio
 2018-06-25 10:09:30 +02:00
Michael Friedrich a1c2eb3d87 Ensure to _unlink before renaming replay log on Windows 2018-06-22 11:12:09 +02:00
Michael Friedrich 0ffb8af8e3 Conform to RFC for CRLF in HTTP requests 
refs #6242
 2018-06-21 16:53:44 +02:00
Michael Friedrich cfd6c79a03
Merge pull request #6387 from Icinga/fix/remove-broken-api-user-hash 
Remove ApiUser password_hash functionality
 2018-06-19 14:26:32 +02:00
Michael Friedrich 2fd6709952 Remove ApiUser password_hash functionality 
This affects and fixes

- Windows reload
- Config validation
- RHEL 7.5 OpenSSL memory corruption
- Hash algorithm, requested changes

refs #6378
refs #6279
refs #6278
 2018-06-19 11:32:03 +02:00
Alexander A. Klimov a0fca599da HttpRequest#ParseBody(): indicate success on complete body 
refs #6184
 2018-06-18 16:02:22 +02:00
Jean Flach ee9be90fa7 Throw config error when using global zones as parent 2018-06-15 14:40:09 +02:00
Michael Friedrich 8c3c4704d2
Merge pull request #6371 from Icinga/bugfix/socket-io-handling-with-http-json-rpc-6361 
ApiListener#NewClientHandlerInternal(): Explicitly close the TLS stream on any failure
 2018-06-15 14:35:48 +02:00
Michael Friedrich b9bfe70444 Fix missing name for workqueue while creating runtime objects via API 
fixes #6364
 2018-06-15 14:25:03 +02:00
Alexander A. Klimov 7741517df7 ApiListener#NewClientHandlerInternal(): Explicitly close the TLS stream on any failure 
refs #6361
 2018-06-14 15:03:04 +02:00
Michael Friedrich 447dad91c0 Increase header size to 8KB for HTTP requests 
This is the default for Tomcat and Apache too
and avoids problems with cookies and long URLs.

fixes #6355
 2018-06-06 20:25:36 +02:00
Michael Friedrich f788878f79 Update log message for skipped certificate renewal 
Users kept asking about it, still it is just an "information"
that this isn't needed yet.
 2018-05-18 17:04:03 +02:00
Michael Friedrich 7f579db9af
Merge pull request #6305 from gunnarbeutner/feature/environment-variable 
Introduce the 'Environment' variable
 2018-05-15 14:04:50 +02:00
Gunnar Beutner 9c1e00eb94 Introduce the 'Environment' variable 2018-05-15 12:02:15 +02:00
Michael Friedrich f070d2136a Ensure that user input for groups is unique on API object creation 
refs #4732
 2018-05-09 17:26:10 +02:00
Jean Flach c54e042942 Add activation priorities for config object types 
This patch ensures that specific configuration types
are pre-activated and post-activated. In general,
logging is first, then common configuration objects
like host/service, downtimes, etc.
In the end, all features are activated after to ensure
that notifications are only sent once downtimes are applied.
A similar thing happens for starting with checks too early.
The ApiListener feature runs first to allow cluster connections
at first glance.

fixes #6057
fixes #6231
 2018-05-04 11:25:47 +02:00
Michael Friedrich a8b5d8e64a
Merge pull request #6205 from Icinga/feature/api-verbose-errors 
API: Unify verbose error messages
 2018-04-17 16:40:11 +02:00
Jan Beich 106be295eb Explicitly use long with boost::posix_time 
In file included from lib/base/base_unity.cpp:61:
lib/base/timer.cpp:295:31: error: no matching conversion for functional-style cast from 'double' to 'boost::posix_time::milliseconds' (aka 'subsecond_duration<boost::posix_time::time_duration, 1000>')
                        l_TimerCV.timed_wait(lock, boost::posix_time::milliseconds(wait * 1000));
                                                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from lib/remote/remote_unity.cpp:19:
lib/remote/eventqueue.cpp:111:30: error: no matching conversion for functional-style cast from 'double' to 'boost::posix_time::milliseconds' (aka 'subsecond_duration<boost::posix_time::time_duration, 1000>')
                if (!m_CV.timed_wait(lock, boost::posix_time::milliseconds(timeout * 1000)))
                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from lib/checker/checker_unity.cpp:1:
lib/checker/checkercomponent.cpp:128:26: error: no matching conversion for functional-style cast from 'double' to 'boost::posix_time::milliseconds' (aka 'subsecond_duration<boost::posix_time::time_duration, 1000>')
                        m_CV.timed_wait(lock, boost::posix_time::milliseconds(wait * 1000));
                                              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/local/include/boost/date_time/time_duration.hpp:270:30: note: candidate constructor (the implicit copy constructor) not viable: no known conversion from 'double' to 'const boost::date_time::subsecond_duration<boost::posix_time::time_duration, 1000>' for 1st argument
  class BOOST_SYMBOL_VISIBLE subsecond_duration : public base_duration
                             ^
/usr/local/include/boost/date_time/time_duration.hpp:270:30: note: candidate constructor (the implicit move constructor) not viable: no known conversion from 'double' to 'boost::date_time::subsecond_duration<boost::posix_time::time_duration, 1000>' for 1st argument
/usr/local/include/boost/date_time/time_duration.hpp:286:59: note: candidate template ignored: disabled by 'enable_if' [with T = double]
                                typename boost::enable_if<boost::is_integral<T>, void>::type* = 0) :
                                                          ^
 2018-04-15 04:06:11 +00:00
Michael Friedrich b53685db59 Fix error handling on config package delete 2018-04-12 19:24:08 +02:00
Michael Friedrich 194c99a86e Allow to disable brackets for the Url class and Format() 
This commit also adds unit tests.

refs #5706
 2018-04-06 15:22:17 +02:00
Michael Friedrich 1b31ec8378 Fix verbose errors in config files handler 2018-04-06 12:55:03 +02:00
Michael Friedrich 17846e04d8 Fix verbose error message in modify object handler 2018-04-06 12:52:17 +02:00
Michael Friedrich 6b2decb44b Fix verbose error handling in variable and template query handlers 2018-04-06 12:50:06 +02:00
Noah Hilverling 24752f3733
Merge pull request #6204 from Icinga/fix/api-create-object-exists-errors 
API: Check if objects exists and return proper error message
 2018-04-06 12:47:31 +02:00
Michael Friedrich 3e83e94c15 Fix object and status query verbose errors 2018-04-06 12:47:20 +02:00
Michael Friedrich bd7598cb1b API: Check if objects exists and return proper error message 2018-04-06 12:32:27 +02:00
Michael Friedrich c4a6ab0211 Add diagnostic_information as verbose error to config object handlers 2018-04-06 12:26:49 +02:00
Jean Flach 6d81c5c34f
Merge pull request #6199 from Icinga/fix/action-http-code 
Return 500 when no api action is successful
 2018-04-06 11:20:43 +02:00
Jean Flach f133c7914e Build fix 2018-04-06 10:43:33 +02:00
Michael Friedrich a00197e919 Refactor actions error messages 2018-04-06 10:30:27 +02:00
Michael Friedrich 4bf731fc16 More config stages refactoring 2018-04-06 10:13:08 +02:00
Noah Hilverling 22c3a7933e Fix API action status codes 2018-04-06 10:06:15 +02:00
Michael Friedrich 36cdf8a0d2 More refactoring of config packages errors 2018-04-06 09:53:54 +02:00
Michael Friedrich de2d18d85d Enhance error handling in type query handler 2018-04-05 17:23:26 +02:00
Michael Friedrich 7f015c0d2f Enhance error handling in config packages handler 2018-04-05 17:21:14 +02:00
Michael Friedrich 75c5e6f6b0 Enhance error handling in config stages handler 2018-04-05 17:17:30 +02:00
Michael Friedrich 1dd8409691 Check for verbose error handling in SendJsonError() 2018-04-05 17:17:06 +02:00
Jean Flach 9b291be989 Return 500 when no api action is successful 
fixes #5095
 2018-04-05 15:56:06 +02:00
Jean Flach 69ea2f3a64 Fix crash in remote api console 2018-04-04 12:23:45 +02:00
Michael Friedrich b11ab95f41 Fix crash without CORS config settings 
fixes #6173
refs #6098
 2018-03-21 20:42:31 +01:00
Michael Friedrich 064fc80cc3
Merge pull request #6098 from Icinga/fix/improve-cors-implementation 
Clean up CORS implementation
 2018-03-19 16:00:36 +01:00
Michael Friedrich 429f518b49 Improve error handling for empty packages in /v1/config/packages 
- If there is no package main directory, assume "empty packages".
- Catch exceptions thrown through GlobRecursive() and present a better http 500
to the user.

The packages directory tree is automatically created with the first
package creation, either from the user, or by the `_api` package.

fixes #6129
 2018-03-07 13:35:09 +01:00
Gunnar Beutner 9cd5298d8b Ensure that SetCorked() works properly 2018-03-06 09:03:35 +01:00
Gunnar Beutner b172a67867 Fix incorrect argument type for JsonRpc::SendMessage 2018-03-06 08:58:19 +01:00
Jean Flach 1bdd14b428 Limit anonymous connections to 25 2018-03-05 13:22:43 +01:00
Noah Hilverling 54ff60cd8c Limit JSON-RPC message size 2018-03-05 10:29:05 +01:00
Noah Hilverling 186cad9872 Clean up CORS implementation 2018-03-01 14:04:56 +01:00
Gunnar Beutner d23c03bfa5
Merge pull request #6134 from gunnarbeutner/fix/incorrect-content-length-limits 
Fix incorrect HTTP content length limits
 2018-02-28 14:16:15 +01:00
Gunnar Beutner a3bf8cd26e
Merge pull request #6133 from Icinga/fix/cork-socket 
Limit the number of HTTP/JSON-RPC requests we read in parallel
 2018-02-28 12:48:06 +01:00
Gunnar Beutner 45c2803f3e Fix incorrect HTTP content length limits 2018-02-28 12:28:02 +01:00
Gunnar Beutner c1837ea90b
Merge pull request #6131 from Icinga/feature/log-master-ticket-invalid 
Log which ticket was invalid on the master
 2018-02-28 12:22:34 +01:00
Gunnar Beutner 6848af50ff Add SetCorked() calls to the JsonRpcConnection class 2018-02-28 11:42:05 +01:00
Jean Flach d0cf7c654e Use cork in tlsstream and HTTP connection 2018-02-28 11:40:58 +01:00
Gunnar Beutner a4a73fa67c Fix null ptr dereference in HttpServerConnection::ProcessMessageAsync 2018-02-28 11:07:19 +01:00
Gunnar Beutner 6d01808adf Fix incorrect return value 2018-02-28 10:50:33 +01:00
Michael Friedrich ad31e0d118 Log which ticket was invalid on the master 
This helps debugging a lot, especially to reproduce the issue
why the ticket is invalid.
 2018-02-28 10:18:29 +01:00
Jean Flach ef5e7e8510 Fix incorrect size of request limits 
refs #6103
 2018-02-23 14:29:18 +01:00
Jean Flach 6bb2ed4258 Merge branch 'feature/security-features' 2018-02-21 16:19:54 +01:00
Jean Flach 184580f705
Merge pull request #6103 from Icinga/fix/http-security-fixes 
HTTP Security fixes
 2018-02-21 15:04:02 +01:00
Jean Flach 85f45d9b94 Minor codestyle and doc changes 2018-02-21 14:52:44 +01:00
Noah Hilverling 64ffe4f840 Fix nullptr posibility in ProcessEvent 2018-02-21 13:47:46 +01:00
Noah Hilverling 948333225d Fix nullptr deref in cluster events 2018-02-21 13:47:46 +01:00
Noah Hilverling 2823ebb831 Limit HTTP body size 2018-02-20 13:32:04 +01:00
Noah Hilverling 817415f6a5 Fix requests not being closed correctly 2018-02-20 13:32:04 +01:00
Jean Flach 8ffa4f04a7 Add timeout for TLS handshakes 2018-02-20 13:32:04 +01:00
Jean Flach ee5954726d Authenticate API user before parsing body 2018-02-20 13:32:04 +01:00
Jean Flach 73b85bcccb Only read body from authenticated connections 
This means we are not allowing unauthenticated requests anymore
 2018-02-20 13:32:04 +01:00
Jean Flach 81c4004894 Fix nullptr deref 2018-02-20 13:32:04 +01:00
Gunnar Beutner a9f2a8de19 Add HTTP Header size limits 2018-02-20 13:32:04 +01:00
Gunnar Beutner 2789d1a859 Add validation for HTTP connection sizes 2018-02-20 13:32:04 +01:00
Gunnar Beutner 8a8d42b154 Remove redundant 'this->' 2018-02-19 08:08:16 +01:00
Jean Flach 0a0795f09d Code style 2018-02-16 11:47:13 +01:00
Jean Flach df86245fe8 Fix crash when using incorrectly formatted password hash 2018-02-15 13:09:22 +01:00
Jean Flach 65a806f5dc Move new password functions into tlsutility 2018-02-15 13:09:22 +01:00
Jean Flach 92e2faaa08 Hash API password and comparison 
fixes #4920
 2018-02-15 13:09:22 +01:00
Michael Friedrich ad7e801db9 Fix crash with anonymous clients on certificate signing request and storing sent bytes 
refs #5753
 2018-02-09 17:18:20 +01:00
Jean Flach cc73eed2af
Merge pull request #5992 from Icinga/feature/remove-includes 
Remove unused includes
 2018-01-25 09:13:02 +01:00
Gunnar Beutner 0cc9af6bee Remove duplicate semicolons 2018-01-24 12:07:52 +01:00
Gunnar Beutner 94e6be1a65 Remove unused includes 2018-01-22 09:52:29 +01:00
Jean Flach 1da6b2c883 Fix whitespaces in CMakeLists files 
Uses 2 space indentation as standard
 2018-01-19 09:19:40 +01:00
Gunnar Beutner 9d436605f0 Fix compatibility with CMake < 3.1 2018-01-18 15:12:46 +01:00
Gunnar Beutner 71a032579b
Merge pull request #5995 from Icinga/fix/influxdb-requests 
Fix InfluxDB requests
 2018-01-17 10:28:15 +01:00
Noah Hilverling e19ae4e052 Fix HTTP response parsing for HTTP 1.1 
refs #5987
 2018-01-17 10:25:00 +01:00
Gunnar Beutner 2a9dceb367 Use CMake object libraries for our libs 2018-01-17 04:28:21 +01:00
Gunnar Beutner c2fb9fe226 Use initializer lists for arrays and dictionaries 2018-01-16 12:27:44 +01:00
Gunnar Beutner 21254fb610 Avoid accessing attributes for validators where not necessary 2018-01-11 08:20:16 +01:00
Michael Friedrich d073a807b0 API: Add 'pretty' parameter for beautified JSON response bodies 
fixes #5877
 2018-01-08 20:55:36 +01:00
Gunnar Beutner 91c256261a Apply clang-tidy fix 'modernize-use-default-member-init' 2018-01-04 12:24:58 +01:00
Gunnar Beutner becfa85094 Apply clang-tidy fix 'modernize-use-emplace' 2018-01-04 12:24:57 +01:00
Gunnar Beutner e3ad0be769 Apply clang-tidy fix 'modernize-use-auto' 2018-01-04 12:24:57 +01:00
Gunnar Beutner d6062eefbf Apply clang-tidy fix 'modernize-raw-string-literal' 2018-01-04 12:24:57 +01:00
Gunnar Beutner 621eed3f13 Apply clang-tidy fix 'modernize-pass-by-value' 2018-01-04 12:24:57 +01:00
Gunnar Beutner 9ca682496c Apply clang-tidy fix 'modernize-use-override' 2018-01-04 12:24:57 +01:00
Gunnar Beutner ac155d1dda Apply clang-tidy fix 'modernize-redundant-void-arg' 2018-01-04 12:24:57 +01:00
Gunnar Beutner efe99a3e5e Add the final keyword to classes 2018-01-04 05:20:20 +00:00
Michael Friedrich cd33b8b508
Merge pull request #5936 from Icinga/feature/source-lists 
Clean up source lists in the CMakeLists.txt files
 2018-01-03 11:59:35 +01:00
Gunnar Beutner 75e2473616 Clean up source lists in the CMakeLists.txt files 2018-01-03 11:47:46 +01:00
Michael Friedrich 0e6f4b1966
Merge pull request #5939 from Icinga/fix/build-fix-wheezy 
Build fix for Debian wheezy
 2018-01-03 11:28:57 +01:00
Gunnar Beutner abe3f8a959 Build fix for Debian wheezy 2018-01-03 10:32:33 +01:00
Gunnar Beutner 90496b5456 Build libraries as static libraries 2018-01-02 23:29:48 +01:00
Michael Friedrich 1a7e7be6a4
Merge pull request #5925 from Icinga/fix/missing-variable-name 
Fix missing variable name in ApiListener::Start
 2018-01-02 13:48:30 +01:00
Michael Insel 158ae2188e Change copyright header for 2018 2018-01-02 12:08:55 +01:00
Gunnar Beutner 4ed19d5cf6 Fix missing variable name in ApiListener::Start 
fixes #5924
refs #5807
 2017-12-31 19:12:33 +01:00
Jean Flach 2636e6a77a Whitespace fix 
What does this change?
* Remove use of spaces for formatting
These could be found by using `grep -r -l -P '^\t+ +[^*]'
* Removal of training whitespaces
* A few lines longer than 120 chars
 2017-12-20 14:53:52 +01:00
Jean Flach e0bd3d183f Fix package error message 
fixes #5879
 2017-12-18 11:04:40 +01:00
Gunnar Beutner ab8386cf5c Use std::unique_ptr for Expression objects 2017-12-15 10:44:54 +01:00
Gunnar Beutner 1ad83886ac Replace a few more NULLs with nullptr 2017-12-14 15:37:20 +01:00
Gunnar Beutner 3c5af89d5f Fix compiler warnings 2017-12-14 09:15:37 +01:00
Gunnar Beutner 42744fde5b Remove extraneous whitespace 2017-12-14 08:50:09 +01:00
Gunnar Beutner 96e214221d Remove unused variables 2017-12-14 08:50:09 +01:00
Gunnar Beutner d42f81ed11 Fix compiler warning introduced by #5753 2017-12-12 11:55:30 +01:00
Gunnar Beutner 75def4b074
Merge pull request #5753 from Icinga/fix/ringbuffer-does-not-get-updated-if-nothing-is-written-5750 
Fix that RingBuffer does not get updated and add metrics about communication between endpoints
 2017-12-12 11:32:18 +01:00
Noah Hilverling 5519626f84 Add metrics about communication between endpoints 
refs #5509
 2017-12-11 10:20:25 +01:00
Michael Friedrich a72a7b7c89
Merge pull request #5760 from Icinga/fix/http-client-bugs 
Fix incorrect socket handling for the HTTP client
 2017-12-08 12:51:50 +01:00
Michael Friedrich da056b052b
Merge pull request #5827 from Icinga/feature/replace-statsfunction-with-function 
Replace StatsFunction with Function
 2017-11-30 21:28:32 +01:00
Michael Friedrich a238613fdc
Merge pull request #5825 from Icinga/feature/boost-assign 
Replace boost::assign::list_of with initializer lists
 2017-11-30 21:20:46 +01:00
Gunnar Beutner a344f11e6c Replace StatsFunction with Function 2017-11-30 19:02:25 +01:00
Gunnar Beutner 83f17b5bfa Replace boost::assign::list_of with initializer lists 2017-11-30 18:09:38 +01:00
Gunnar Beutner 325e4a2fb9 Use nullptr instead of <Type>::Ptr() 2017-11-30 17:47:09 +01:00
Gunnar Beutner 3c60fbf75d Use std::vector::emplace_back instead of std::vector::push_back 2017-11-30 17:47:09 +01:00
Gunnar Beutner 2e87c280ed Use initializer lists instead of std::vector::push_back 2017-11-30 17:47:09 +01:00
Gunnar Beutner 9ce950b0f1 Replace boost::ref/boost::cref with std::ref/std::cref 2017-11-30 17:47:09 +01:00
Gunnar Beutner 6739023678 Dynamically create and destroy the timer thread 2017-11-30 17:41:02 +01:00
Gunnar Beutner 6d09efc907 Use std::shared_ptr instead of boost::shared_ptr 2017-11-30 17:41:00 +01:00
Gunnar Beutner 7d7eaa8dd3 Replace boost::thread with std::thread 2017-11-30 17:39:20 +01:00
Gunnar Beutner f3c825cb86
Merge pull request #5803 from Icinga/feature/cxx11-std-bind 
Replace boost::bind/boost::function with std::bind/std::function
 2017-11-29 08:28:44 +01:00
Michael Friedrich 8e65aa0677
Merge pull request #5804 from Icinga/fix/update-repository-message-error 
Silence UpdateRepository message errors
 2017-11-28 11:27:12 +01:00
Gunnar Beutner 1006ea0433 Fix missing variable name which can lead to segfaults 2017-11-27 16:06:59 +01:00
Gunnar Beutner 858873b940 Replace boost::bind/boost::function with std::bind/std::function 2017-11-27 15:15:11 +01:00
Michael Friedrich cf16324320 Silence UpdateRepository message errors 
Mixed setups with 2.8 and 2.7 will log this error every time
a new message is received. While this is truly an error,
it just fills the log to infinity. Should be used for debug only.

fixes #5776
 2017-11-27 12:09:42 +01:00
Gunnar Beutner 52692a008e Fix incorrect socket handling for the HTTP client 2017-11-15 09:53:38 +01:00
Noah Hilverling 054faa54d5 Return bytes sent/written in SendMessage() and WriteStringToStream() 
refs #5509
 2017-11-14 08:18:23 +01:00
Gunnar Beutner 2bbb5366fd Merge pull request #5620 from Icinga/fix/api-staging-3668 
WIP: Ensure that the REST API config package/stage creation is atomic
 2017-10-24 12:51:09 +02:00
Gunnar Beutner f2d437e96c Implement support for migrating certificates to /var/lib/icinga2/certs 
This commit includes documentation too.

Signed-off-by: Michael Friedrich <michael.friedrich@icinga.com>
 2017-10-20 14:06:02 +02:00
Jean Flach aad96d6b09 Improve error message for unknow functions 
refs #5686
 2017-10-18 11:25:38 +02:00
Michael Friedrich 77ecdbd85c Merge pull request #5581 from Icinga/fix/api-crash-race-condition 
Fix possible race condition in ApiListener locking
 2017-10-12 13:40:59 +02:00
Michael Friedrich a521f49803 Fix debug builds on Apple Clang 9.0.0 (macOS High Sierra) 2017-10-02 13:49:42 +02:00
Gunnar Beutner 92727d13c7 Fix a build warning 
refs #5443
 2017-09-25 12:15:59 +02:00
Michael Friedrich 953d840cc1 Fix certificate paths for installers 
refs #5450
 2017-09-22 15:00:45 +02:00
Michael Friedrich 601c10b997 Remove bottom-up CLI commands 
refs #4799
 2017-09-22 14:04:43 +02:00
Jean Flach 79166a31d4 Revert "Add Log Warning in case active-stage is empty" 
This reverts commit 287f72b0a0.
 2017-09-21 13:54:29 +02:00
Jean Flach 287f72b0a0 Add Log Warning in case active-stage is empty 
Maybe Critical instead? Throwing an exception seems unnecessary.

refs #3668
 2017-09-20 17:57:14 +02:00
Jean Flach ef5013b903 Use locks in api config staging 
refs #3668
 2017-09-20 16:45:09 +02:00
ryanohnemus 1cb39994a5 API: Add optional reload parameter to config stage upload 
You can now specify a boolean `reload` attribute that
will allow you to skip the icinga2 reload after config
validation. By default this is set to true.

The response text has been updated to show if icinga2
will reload or if it was requested to be skipped.

fixes #4769
 2017-09-20 14:16:55 +02:00
Michael Friedrich 7bdeeeadcf Silence log level for configuration file updates 
This only helps with debugging the configuration sync, but seems
to be highlighted quite often in default configurations (where
the timestamp is equal).

refs #5566
 2017-09-20 13:30:02 +02:00
Noah Hilverling 94fe1b2292 HttpServerConnection: Implement CORS support 
fixes #4326
 2017-09-20 13:18:29 +02:00