tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,640 Commits 347 Branches 117 Tags 201 MiB
Commit Graph

1953 Commits

Author SHA1 Message Date
Alexander Aleksandrovič Klimov 949d983a76
Merge pull request #9895 from Icinga/targeted-api-filter 
FilterUtility::GetFilterTargets(): don't run filter for specific object(s) for all objects
 2023-12-19 15:18:41 +01:00
Alexander Aleksandrovič Klimov 8b2e28a869
Merge pull request #9891 from Icinga/renew-the-ca-9890 
ApiListener#Start(): auto-renew CA on its owner
 2023-12-19 14:57:47 +01:00
Alexander A. Klimov 551c3afa60 CertificateToString(): allow raw pointer input 2023-12-18 15:28:11 +01:00
Alexander A. Klimov 7b55df6f11 CreateCertIcingaCA(EVP_PKEY*, X509_NAME*): enable optional CA creation 2023-12-18 15:28:11 +01:00
Alexander A. Klimov 8bcae97ecc Introduce Dictionary#GetRef() 2023-12-13 16:02:50 +01:00
Alexander A. Klimov 74f52c6fcd Introduce IsCaUptodate() by splitting IsCertUptodate() 2023-12-13 12:08:34 +01:00
Julian Brost 871fa67b52
Merge pull request #9885 from Icinga/renegotiation 2023-12-12 17:38:09 +01:00
Alexander A. Klimov 7ce9457a4a Disable TLS renegotiation 
The API doesn't need it and a customer's security scanner
is afraid of a potential DoS attack vector.
 2023-11-06 18:46:37 +01:00
Theo Buehler 1f06589f7a Remove dead code in GetSignatureAlgorithm() 
This code was added in commit 548eb93 and never did anything useful.
Using X509_get_signature_nid() or its expanded version in the pre-1.1
branch is the correct way of retrieving the signature algorithm of a
certificate.

CLA: trivial
 2023-10-20 18:55:44 +02:00
Alexander Aleksandrovič Klimov e5d988a2fe
Merge pull request #7799 from Icinga/bugfix/file-end 
Fix file endings
 2023-08-25 11:06:19 +02:00
Alexander Aleksandrovič Klimov 1af5109ad3
Merge pull request #9734 from Icinga/remove-unused-stream-peek- 
Remove unused Stream#Peek()
 2023-07-13 16:52:29 +02:00
Alexander A. Klimov 8f8a6ee2a0 Application::m_LastReloadFailed: if double isn't always lock free, use uint32_t 
which will overflow in 2106, not 2038.
This fixes a compile failure on 32-bit Raspbian.
 2023-07-10 10:51:02 +02:00
Julian Brost fe13b96226
Merge pull request #9809 from Icinga/reevaluate-and-update-default-tls-cipher-list-9808 
Copy and paste global default TLS cipher set from ssl-config.mozilla.org
 2023-07-03 19:13:10 +02:00
Alexander A. Klimov 617dda61fb Re-order global default TLS cipher list to prefer AES256 over AES128 2023-07-03 15:36:11 +02:00
Julian Brost a2e05f89e8 Enable built-in OpenSSL DH parameters to allow DHE TLS ciphers 
Non-ECC DHE ciphers in the `cipher_list` attribute of `ApiListener` (the
default value includes these) had no effect as no DH parameters were available
and therefore the server wouldn't offer these ciphers. OpenSSL provides
built-in DH parameters starting from version 1.1.0, however, these have to be
enables explicitly using the `SSL_CTX_set_dh_auto()` function. This commit does
so and thereby makes it possible to establish a connection to an Icinga 2
server using a DHE cipher.
 2023-06-29 12:06:26 +02:00
Alexander A. Klimov 2e053b0e06 Copy and paste global default TLS cipher set from ssl-config.mozilla.org 
which got more secure by now, but still overlaps with v2.13.x' set.
 2023-06-28 14:49:08 +02:00
Julian Brost b0899d9ab4
Merge pull request #8429 from Icinga/bugfix/last-reload-attempt-failed-8428 
Share "Last reload attempt failed" time across Icinga process tree on *nix
 2023-05-30 11:42:21 +02:00
Julian Brost 2470e930eb
Merge pull request #9643 from Icinga/hardware_concurrency 
Always use Configuration#Concurrency, not `std:🧵:hardware_concurrency()`
 2023-05-23 19:23:14 +02:00
Alexander A. Klimov 3fae41ef22 Restart thread pool after freezing Configuration 
The user (-D) or we could have changed Configuration.Concurrency,
so correct the thread pool's thread amount.
 2023-05-23 14:41:35 +02:00
Alexander A. Klimov 9376a311ea Fix file endings 
git ls-files -z \
	|grep -zEe '^lib/' \
	|grep -zEe '\.[ch]pp$' \
	|xargs -0 perl -p0i -e 's/\n*(?!(?:.|\n))/\n/'
 2023-05-17 18:05:13 +02:00
Alexander A. Klimov 32eb1680f7 Configuration.Concurrency: default to 1 until Configuration freeze 
not to start many threads before the user could override their amount (-D).
 2023-05-11 16:59:47 +02:00
Alexander A. Klimov 8fb5d53118 Track Configuration.Concurrency modifications 2023-05-11 15:41:35 +02:00
Alexander A. Klimov 5c330e9d4f Share "Last reload attempt failed" time across Icinga process tree on *nix 
... as only the umbrella process knows that time,
but the icinga check running in the main process also needs to know it.

refs #8428
 2023-05-08 14:42:21 +02:00
Julian Brost af9d67b262
Merge pull request #9726 from Icinga/43624b 
Remove -and notify- expired downtimes immediately, not every 60s II
 2023-05-02 11:25:03 +02:00
Alexander A. Klimov ba7102cae3 Explicitly stop started timers and wait for them 
before permitting their parent objects' destruction.
For the cases where the handlers have raw pointers to these objects.
 2023-04-14 14:52:04 +02:00
Alexander A. Klimov a66ace7245 Introduce SharedMemory 2023-04-04 13:40:27 +02:00
Alexander A. Klimov c41e5fd05d Support multiple redundant Timer#Start() calls 
so that only the first one changes l_AliveTimers (as in Timer#Stop()).
 2023-04-04 10:35:22 +02:00
Alexander A. Klimov 298f3b1973 Timer: actually support non-periodic timers 2023-04-04 10:35:22 +02:00
Alexander A. Klimov 3933502739 Timer#Start(): don't unnecessarily unlock/lock l_TimerMutex 
via new Timer#InternalRescheduleUnlocked()
 2023-04-04 10:35:22 +02:00
Alexander A. Klimov 13b9cfda41 Timer::TimerThreadProc(): don't unnecessarily unlock and lock l_TimerMutex 2023-04-04 10:35:22 +02:00
Alexander A. Klimov 1badbab002 Timer::TimerThreadProc(): keep a Timer alive while it's running 
to prevent the case: Timer callback destroys parent object -> destroys
Timer -> ~Timer() -> Stop(true) -> waits for the Timer callback to finish
-> deadlock.
 2023-04-04 10:35:22 +02:00
Alexander A. Klimov 9b00c1c4dd Timer: drop unnecessary base class 2023-04-04 10:35:22 +02:00
Alexander A. Klimov 24681b30f6 Make Timer::Ptr a std::shared_ptr 2023-04-04 10:35:22 +02:00
Alexander A. Klimov 9ee4d08722 Make Timer#Timer() private to enforce Timer::Create() usage 2023-04-04 10:35:22 +02:00
Alexander A. Klimov 21b68455ce Use Timer::Create() instead of new Timer() 
git ls-files -z |xargs -0 perl -pi -e 's/\bnew Timer\b/Timer::Create/g'

ex. in Timer::Create() itself.
 2023-04-04 10:35:20 +02:00
Alexander A. Klimov bb1f574b69 Introduce factory method Timer::Create() 2023-04-04 10:35:10 +02:00
Alexander A. Klimov 335688909b Document why Timer::TimerThreadProc() can use Timer members during Timer#~Timer() call 2023-03-29 18:04:19 +02:00
Alexander A. Klimov 78b4dc6509 Remove unused Stream#Peek() 2023-03-24 18:18:13 +01:00
Julian Brost 66b039df9c
Merge pull request #9497 from Icinga/9249 
Application::Exit(): don't exit(), but _exit(), even in debug build mode
 2023-03-10 16:04:54 +01:00
Alexander Aleksandrovič Klimov 55930c8042
ProcessSpawnImpl(): remove redundant _exit(128); 
Now this if doesn’t _exit(128) by itself, but "return" to the outer if which immediately _exit(128)s.
 2023-03-02 12:45:15 +01:00
Julian Brost cf517050bc
Merge pull request #9711 from Icinga/connect-cancel 
Connect(): don't try next DNS record if operation is canceled
 2023-03-01 15:49:53 +01:00
Alexander A. Klimov 79f1e0666a Connect(): don't try next DNS record if operation is canceled 
Instead return immediately to meet the caller's expectations.
 2023-02-28 10:57:54 +01:00
Julian Brost bda8be343b
Merge pull request #9662 from Icinga/Repair#9627 
Repair DSL Namespace values being constant broken in #9627
 2023-02-20 16:35:36 +01:00
Julian Brost d9767cff3f
Merge pull request #9675 from Icinga/third-party/nlohmann_json 
Update third-party/nlohmann_json to v3.9.1
 2023-02-20 15:31:32 +01:00
Julian Brost 3023009804
Merge pull request #9653 from Icinga/9631 
Setup all signal handlers with SA_RESTART flag
 2023-02-14 17:55:09 +01:00
Alexander A. Klimov 34d0b942b9 Update third-party/nlohmann_json to v3.9.1 
the latest version w/o Apache 2.0 licensed code which conflicts with GPL 2.
 2023-02-14 16:19:44 +01:00
Julian Brost e074e892ce
Merge pull request #9658 from Icinga/unfreeze 
Dictionary#*(): remove bool overrideFrozen if unused
 2023-02-10 19:42:00 +01:00
Alexander A. Klimov f3f2c943c7 ScriptGlobal::Set(): don't explicitly give Namespace#Set() its default values 2023-02-10 15:55:10 +01:00
Alexander A. Klimov e61b380808 Call Namespace#Set(), not #SetFieldByName() 
Namespace#SetFieldByName() calls #Set() anyway.
 2023-02-10 15:53:30 +01:00
Alexander A. Klimov 683095a165 Make globals.Internal values non-const by default 
That namespace is internal anyway.

Previous commit, icinga2 console:
Error: Constants must not be removed.

This commit fixes it.
 2023-02-10 15:47:25 +01:00