tyler.durden/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2025-08-19 16:48:16 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,222 Commits 277 Branches 124 Tags
Commit Graph

1041 Commits

Author SHA1 Message Date
Alexander A. Klimov
7a8bd0f6ea RequestCertificateHandler(): also renew if CA needs a renewal 
and a newer one is available.
 2023-12-18 17:07:44 +01:00
Alexander A. Klimov
e7a50f3e7c ApiListener#Start(): auto-renew CA on its owner 
otherwise it would expire.
 2023-12-18 17:07:44 +01:00
Alexander A. Klimov
1e31bc13f0 ApiListener#RenewCert(): enable optional CA creation 2023-12-18 17:07:44 +01:00
Alexander A. Klimov
e0e10a7efa ApiListener#NewClientHandlerInternal(): on basic_socket#cancel() (due to timeout) don't ssl::stream#async_shutdown() 
If a connection hangs for too long in ApiListener#NewClientHandler(),
ApiListener#AddConnection()'s Timeout calls boost::asio::basic_socket#cancel()
on that connection to trigger an exception which unwinds
ApiListener#NewClientHandler(). Previously that unwind could trigger a Defer
which called boost::asio::ssl::stream#async_shutdown() which extended the hang.
 2023-07-03 17:16:26 +02:00
Alexander Aleksandrovič Klimov
6dfc21f9bd
Merge pull request #9678 from Icinga/181b213 
Bump Boost to v1.81
 2023-02-16 16:23:50 +01:00
Alexander A. Klimov
34844c146d Deduplicate and stabilize fragile filesystem transactions 
by using AtomicFile so they ensure all or nothing of a file gets replaced.
 2023-02-15 17:19:57 +01:00
Alexander A. Klimov
f84ffdad68 Handle boost::beast::http::basic_fields#operator[]() signature change (v1.81) 
Use always working std::string(x), not broken x.to_string().
(x is a return value.)
 2023-02-15 10:41:31 +01:00
Yonas Habteab
adc42e101d Evaluate permission filters also on all joined relations 2022-10-31 13:01:12 +01:00
Yonas Habteab
02524f5993 ObjectQueryHandler: Check user permissions on joined relations 2022-10-31 13:01:12 +01:00
Yonas Habteab
21b55cb1ac FilterUtility: Outsource permission matching from CheckPermission() to a separate method 2022-10-31 13:01:12 +01:00
Julian Brost
e289ec689e
Merge pull request #9337 from Icinga/Al2Klimov-patch-3-213 
Let new cluster certificates expire after 397 days, not 15 years
 2022-04-11 21:20:39 +02:00
Julian Brost
5ea4c24c0e
Merge pull request #9335 from Icinga/bugfix/startup-log-213 
Place startup.log and status in /var/lib/icinga2/api, not /var/lib/icinga2/api/zones-stage
 2022-04-11 18:40:16 +02:00
Julian Brost
8b58de4431
Merge pull request #9333 from Icinga/bugfix/compare-cluster-tickets-in-constant-time-213 
Compare cluster tickets in constant time
 2022-04-11 16:30:51 +02:00
Alexander A. Klimov
763431aa35 Protect ApiListener#m_SSLContext with a mutex 2022-04-11 12:43:54 +02:00
Alexander A. Klimov
f63b364d91 Renew certificates also periodically 2022-04-11 12:43:54 +02:00
Alexander A. Klimov
ed3862782f ApiListener#Start(): auto-renew own cert if CA owner 
otherwise that particular cert would expire.
 2022-04-11 12:43:54 +02:00
Alexander A. Klimov
88d2da22f4 Introduce ApiListener#RenewCert() 2022-04-11 12:43:54 +02:00
Alexander A. Klimov
83911d0e05 Introduce IsCertUptodate() 2022-04-11 12:43:54 +02:00
Alexander A. Klimov
1ffc9f8120 Request certificate renewal also master2->master1 
not only sat->master to prevent master2's certificate from expiring.
 2022-04-11 12:43:53 +02:00
Alexander A. Klimov
4fb9e7421e Write also /var/lib/icinga2/api/zones-stage-startup-last-failed.log 
in addition to /var/lib/icinga2/api/zones-stage-startup.log
to prevent the next success to overwrite the last failure.
 2022-04-11 12:28:12 +02:00
Alexander A. Klimov
3b03050340 Place startup.log and status in /var/lib/icinga2/api, not /var/lib/icinga2/api/zones-stage 
not to loose them.
 2022-04-11 12:28:12 +02:00
Alexander A. Klimov
18067df94d Compare cluster tickets in constant time 
Just to be sure.
 2022-04-11 11:42:06 +02:00
Yonas Habteab
8037a2f384 ConfigStagesHandler: Don't allow concurrent package updates anymore 
To prevent Icinga2 from being restarted while
one or more requests are still in progress and end up
as corrupted stages without status file and startup logs.
 2022-04-07 11:58:04 +02:00
Yonas Habteab
668eb4bd0a ConfigPackageUtility: Don't reset ongoing package updates on config validation success and process is going to be reloaded 2022-04-07 11:58:04 +02:00
Alexander Aleksandrovič Klimov
3aa2289c59
Merge pull request #8946 from Icinga/bugfix/old-packages 
ConfigPackageUtility::ValidatePackageName(): always tolerate already existing packages
 2021-08-02 20:27:27 +02:00
Alexander A. Klimov
57df803e35 ConfigPackageUtility::ValidatePackageName(): always tolerate already existing packages 
... not to require migrating invalid ones.
 2021-08-02 15:40:14 +02:00
Alexander A. Klimov
c1df4b70f5 ConfigPackageUtility::PackageExists(): accept invalid package names, too 2021-08-02 15:40:14 +02:00
Alexander A. Klimov
c666f81361 De-couple package and stage name validation 2021-08-02 15:40:14 +02:00
Alexander A. Klimov
504fdda76c Introduce DEFAULT_CONNECT_TIMEOUT 2021-07-27 21:57:02 +02:00
Alexander A. Klimov
7f7637c9b8 Introduce DEFAULT_TLS_CIPHERS and DEFAULT_TLS_PROTOCOLMIN 2021-07-22 11:12:33 +02:00
Alexander A. Klimov
80a1128ec7 Introduce SetupSslContext() 2021-07-22 11:12:33 +02:00
Julian Brost
9f43c143d7
Merge pull request from GHSA-98wp-jc6q-x5q5 
API: hide ApiListener#ticket_salt
 2021-07-15 11:13:35 +02:00
Alexander A. Klimov
07d768f166 API: hide ApiListener#ticket_salt 2021-07-02 16:29:53 +02:00
Alexander Aleksandrovič Klimov
692f5aa615
Merge pull request #8718 from Icinga/feature/tls-1.3 
Support TLS 1.3
 2021-06-29 17:52:55 +02:00
Julian Brost
0e7a05ad7a Support TLS 1.3 2021-06-29 11:08:47 +02:00
Noah Hilverling
8af66ce44c
Merge pull request #8710 from Icinga/feature/windows-event-log 
Add support for Windows Event Log and write early log messages to it
 2021-06-24 09:19:50 +02:00
Noah Hilverling
1fae2f3974
Merge pull request #8769 from Icinga/bugfix/new-connection-timeout 
Add timeout for full Icinga connection handshake
 2021-06-24 09:18:37 +02:00
Alexander Aleksandrovič Klimov
2cd9c1d902
Merge pull request #8835 from Icinga/bugfix/api-filename-truncation 
Fix/restrict truncation of filenames for API-created objects
 2021-06-23 12:06:31 +02:00
Julian Brost
56060bc8d5 ApiListener: Deprecate tls_handshake_timeout in favor of connect_timeout 2021-06-23 11:21:42 +02:00
Julian Brost
84d778580f Add timeout for all new connections 
This commit adds a timeout for both establishing new outgoing and incoming
connections. This timeout applies to everything until the connection is in a
state where either JsonRpcConnection or HttpServerConnection takes over.
 2021-06-23 11:21:42 +02:00
Julian Brost
36ce7d961f Rename silent parameter of ConfigItem::ActivateItems() 
As silent now no longer only controls the generation of log messages, a better
name is required. This changes its name, inverts its value to reflect the new
name and adds a documentation comment.
 2021-06-21 16:07:36 +02:00
Julian Brost
118df982f1 GetObjectConfigPath: only truncate and hash comment and downtime filenames 
This partially reverts 68a0079c26686363b6202a8abd2712d2bf96d9f2 and keeps the
fix only for comment and downtime objects for now. For reasoning, please see
the comment in the code.
 2021-06-17 16:21:01 +02:00
Julian Brost
e079762c8e GetObjectPath: ensure use of escaped name in all cases and use TruncateUsingHash() 
68a0079c26686363b6202a8abd2712d2bf96d9f2 introduced two problems that are fixed
with this commit:
1. The new truncated/hashed name did not use EscapeName()
2. There was a possible collision of names when creating objects with a full
   name of format "[80 characters]...[40 hex digits]" (i.e. the same as the
   truncated/hashed variant but short enough that it isn't hashed)
 2021-06-17 16:21:01 +02:00
Julian Brost
c40b18ef61 ConfigPackageUtility::ValidateName: replace broken regex 
The old validation regex matched if the name consists only of invalid
character, not that it does not contain them, i.e. something like "foo/bar" was
considered valid.

This commit replaces the regex with a check that all characters in the name are
allowed characters.
 2021-06-15 12:16:54 +02:00
Julian Brost
f346a9eea4
Merge pull request #8652 from Icinga/bugfix/l_appversionint-0-8628 
l_AppVersionInt: respect versions like r2.12.0, not just v2.12.0
 2021-06-07 16:07:04 +02:00
Alexander Aleksandrovič Klimov
ee705bb110
Merge pull request #8547 from Icinga/bugfix/unable-to-toggle-notifications-from-icingaweb2-8533 
Fix runtime config updates not working for objects without zone
 2021-03-26 17:18:22 +01:00
Alexander Aleksandrovič Klimov
ef8619f76b
Merge pull request #8601 from Icinga/feature/replace-std-boost-bind-with-lambdas-7006 
Feature: Replace std/boost::bind() with lambdas
 2021-03-18 17:56:13 +01:00
Yonas Habteab
43ba2da39c Replace std/boost::bind() function with lambda expression 2021-03-10 16:29:40 +01:00
Alexander A. Klimov
f60758dc7c JsonRpcConnection: always log errors 2021-03-04 16:23:07 +01:00
Alexander A. Klimov
1c5f69683f l_AppVersionInt: respect versions like r2.12.0, not just v2.12.0 
refs #8628
 2021-02-25 15:31:07 +01:00