From f77007527616c75d0899c656683b5a6341b5d5f6 Mon Sep 17 00:00:00 2001 From: Marius Hein Date: Tue, 22 Oct 2013 13:32:10 +0200 Subject: [PATCH 01/11] Autoconf: Fix database validation refs #4941 --- .vagrant-puppet/manifests/default.pp | 2 +- aclocal.m4 | 11 ++++++++++- configure | 24 ++++++++++++++++++++++++ configure.ac | 4 ++++ 4 files changed, 39 insertions(+), 2 deletions(-) diff --git a/.vagrant-puppet/manifests/default.pp b/.vagrant-puppet/manifests/default.pp index 274595668..39d1bc30c 100644 --- a/.vagrant-puppet/manifests/default.pp +++ b/.vagrant-puppet/manifests/default.pp @@ -471,7 +471,7 @@ exec { 'create-mysql-icingaweb-db': unless => 'mysql -uicingaweb -picinga icingaweb', command => 'mysql -uroot -e "CREATE DATABASE icingaweb; \ GRANT ALL ON icingaweb.* TO icingaweb@localhost \ - IDENTIFIED BY \'icinga\';"', + IDENTIFIED BY \'icingaweb\';"', require => Service['mysqld'] } diff --git a/aclocal.m4 b/aclocal.m4 index 188b3a13a..71102248e 100755 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -52,7 +52,6 @@ AC_DEFUN([AC_CHECK_BIN], [ test "XX${$1}" == "XXnot found" && $1="" ]) - AC_DEFUN([AC_PATH_GUESS], [ $2=$3 for x in $1; do @@ -63,3 +62,13 @@ AC_DEFUN([AC_PATH_GUESS], [ ) done ]) + +# ICINGA_CHECK_DBTYPE(DBTYPE, ARGUMENT_NAME) +# ------------------------------------------ +AC_DEFUN([ICINGA_CHECK_DBTYPE], [ + AC_MSG_CHECKING([Testing database type for $2]) + AS_IF(echo "$1" | $GREP -q "^\(my\|pg\)sql$", + AC_MSG_RESULT([OK ($1)]), + AC_MSG_ERROR([$1]) + ) +]) diff --git a/configure b/configure index 82f5a7b2a..ec8ecc314 100755 --- a/configure +++ b/configure @@ -2358,6 +2358,18 @@ fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking Testing database type for --with-internal-db-type" >&5 +$as_echo_n "checking Testing database type for --with-internal-db-type... " >&6; } + if echo "$internal_db_type" | $GREP -q "^\(my\|pg\)sql$"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: OK ($internal_db_type)" >&5 +$as_echo "OK ($internal_db_type)" >&6; } +else + as_fn_error $? "$internal_db_type" "$LINENO" 5 + +fi + + + # Check whether --with-internal_db_name was given. if test "${with_internal_db_name+set}" = set; then : withval=$with_internal_db_name; internal_db_name=$withval @@ -2564,6 +2576,18 @@ fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking Testing database type for --with-ido-db-type" >&5 +$as_echo_n "checking Testing database type for --with-ido-db-type... " >&6; } + if echo "$ido_db_type" | $GREP -q "^\(my\|pg\)sql$"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: OK ($ido_db_type)" >&5 +$as_echo "OK ($ido_db_type)" >&6; } +else + as_fn_error $? "$ido_db_type" "$LINENO" 5 + +fi + + + # Check whether --with-ido_host was given. if test "${with_ido_host+set}" = set; then : withval=$with_ido_host; ido_host=$withval diff --git a/configure.ac b/configure.ac index 19a1f5dcf..78903cdae 100755 --- a/configure.ac +++ b/configure.ac @@ -98,6 +98,8 @@ AC_ARG_WITH([internal_db_type], internal_db_type=mysql ) +ICINGA_CHECK_DBTYPE($internal_db_type, [--with-internal-db-type]) + AC_ARG_WITH([internal_db_name], AS_HELP_STRING([--with-internal-db-name=NAME], [database name to use for internal database (default icingaweb)]), internal_db_name=$withval, @@ -228,6 +230,8 @@ AC_ARG_WITH([ido_db_type], ido_db_type="mysql" ) +ICINGA_CHECK_DBTYPE($ido_db_type, [--with-ido-db-type]) + AC_ARG_WITH([ido_host], AS_HELP_STRING([--with-ido-host=HOST], [host to use for retrieving data from the ido db (default: localhost)]), ido_host=$withval, From 6017432750f2191f18dce9ccfbaf29b141e36c9f Mon Sep 17 00:00:00 2001 From: Marius Hein Date: Tue, 22 Oct 2013 13:35:41 +0200 Subject: [PATCH 02/11] Logger: Same default file names as installes refs #4941 --- library/Icinga/Application/Logger.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/Icinga/Application/Logger.php b/library/Icinga/Application/Logger.php index e72554ab2..35d24e41c 100755 --- a/library/Icinga/Application/Logger.php +++ b/library/Icinga/Application/Logger.php @@ -49,12 +49,12 @@ final class Logger /** * Default log target */ - const DEFAULT_LOG_TARGET = "./var/log/icinga.log"; + const DEFAULT_LOG_TARGET = "./var/log/icingaweb.log"; /** * Default debug target */ - const DEFAULT_DEBUG_TARGET = "./var/log/icinga.debug.log"; + const DEFAULT_DEBUG_TARGET = "./var/log/icingaweb.debug.log"; /** * Array of writers From 9ebd2c0478674c35ec7e539dcd283211883b01d8 Mon Sep 17 00:00:00 2001 From: Marius Hein Date: Tue, 22 Oct 2013 13:49:04 +0200 Subject: [PATCH 03/11] Fix port for internal db Fix db factory to use that port refs #4941 --- config/resources.ini.in | 3 ++- library/Icinga/Application/DbAdapterFactory.php | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) mode change 100644 => 100755 config/resources.ini.in diff --git a/config/resources.ini.in b/config/resources.ini.in old mode 100644 new mode 100755 index 5cf86e817..aca3a227a --- a/config/resources.ini.in +++ b/config/resources.ini.in @@ -17,6 +17,7 @@ type = db db = @internal_db_type@ host = @internal_db_host@ +port = @internal_db_port@ password = @internal_db_pass@ username = @internal_db_user@ dbname = @internal_db_name@ @@ -25,7 +26,7 @@ dbname = @internal_db_name@ type = db db = @ido_db_type@ host = @ido_host@ +port = @ido_port@ password = @ido_user@ username = @ido_user@ -port = @ido_port@ dbname = @ido_database@ diff --git a/library/Icinga/Application/DbAdapterFactory.php b/library/Icinga/Application/DbAdapterFactory.php index 92604f5ce..56ea4afd3 100644 --- a/library/Icinga/Application/DbAdapterFactory.php +++ b/library/Icinga/Application/DbAdapterFactory.php @@ -219,8 +219,10 @@ class DbAdapterFactory implements ConfigAwareFactory ); switch ($config->db) { case 'mysql': + $options['port'] = $config->get('port', 3306); return self::callFactory('Pdo_Mysql', $options); case 'pgsql': + $options['port'] = $config->get('port', 5432); return self::callFactory('Pdo_Pgsql', $options); default: if (!$config->db) { From 25611777656a1ad4c2e98086e20f8e3557649deb Mon Sep 17 00:00:00 2001 From: Marius Hein Date: Tue, 22 Oct 2013 14:16:46 +0200 Subject: [PATCH 04/11] Fix enable and disable authentication refs #4941 --- configure | 4 ++-- configure.ac | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/configure b/configure index ec8ecc314..da53bc61e 100755 --- a/configure +++ b/configure @@ -2426,7 +2426,7 @@ fi # Check whether --with-internal_authentication was given. if test "${with_internal_authentication+set}" = set; then : - withval=$with_internal_authentication; internal_authentication=yes + withval=$with_internal_authentication; internal_authentication=$withval else internal_authentication=yes @@ -2436,7 +2436,7 @@ fi # Check whether --with-ldap_authentication was given. if test "${with_ldap_authentication+set}" = set; then : - withval=$with_ldap_authentication; ldap_authentication=yes + withval=$with_ldap_authentication; ldap_authentication=$withval else ldap_authentication=no diff --git a/configure.ac b/configure.ac index 78903cdae..89249bc8f 100755 --- a/configure.ac +++ b/configure.ac @@ -136,13 +136,13 @@ AC_ARG_WITH([internal_db_user], AC_ARG_WITH([internal_authentication], AC_HELP_STRING([--with-internal-authentication], [use the internal database for authentication (default: yes)]), - internal_authentication=yes, + internal_authentication=$withval, internal_authentication=yes ) AC_ARG_WITH([ldap_authentication], AC_HELP_STRING([--with-ldap-authentication], [use a ldap server for authentication (default: no)]), - ldap_authentication=yes, + ldap_authentication=$withval, ldap_authentication=no ) From 439168ecfb8ca1e0b29930823bfdd6d47098a268 Mon Sep 17 00:00:00 2001 From: Marius Hein Date: Tue, 22 Oct 2013 14:25:56 +0200 Subject: [PATCH 05/11] Fix ldap connection port setting refs #4941 --- .../Backend/LdapUserBackend.php | 2 +- library/Icinga/Protocol/Ldap/Connection.php | 35 ++++++++++++++++--- 2 files changed, 31 insertions(+), 6 deletions(-) diff --git a/library/Icinga/Authentication/Backend/LdapUserBackend.php b/library/Icinga/Authentication/Backend/LdapUserBackend.php index eade05e30..54378495e 100644 --- a/library/Icinga/Authentication/Backend/LdapUserBackend.php +++ b/library/Icinga/Authentication/Backend/LdapUserBackend.php @@ -70,7 +70,7 @@ class LdapUserBackend implements UserBackend */ public function __construct(Zend_Config $config) { - $this->connection = new Ldap\Connection($config); + $this->connection = new Connection($config); $this->config = $config; $this->name = $config->name; } diff --git a/library/Icinga/Protocol/Ldap/Connection.php b/library/Icinga/Protocol/Ldap/Connection.php index b434b656e..c240f9c57 100644 --- a/library/Icinga/Protocol/Ldap/Connection.php +++ b/library/Icinga/Protocol/Ldap/Connection.php @@ -1,13 +1,37 @@ + * @license http://www.gnu.org/licenses/gpl-2.0.txt GPL, version 2 + * @author Icinga Development Team */ +// {{{ICINGA_LICENSE_HEADER}}} + namespace Icinga\Protocol\Ldap; use Icinga\Application\Platform; -use \Icinga\Application\Config; +use Icinga\Application\Config; use Icinga\Application\Logger as Log; +use \Zend_Config; /** * Backend class managing all the LDAP stuff for you. @@ -89,14 +113,15 @@ class Connection * * TODO: Allow to pass port and SSL options * - * @param array LDAP connection credentials + * @param Zend_Config $config */ - public function __construct($config) + public function __construct(Zend_Config $config) { $this->hostname = $config->hostname; $this->bind_dn = $config->bind_dn; $this->bind_pw = $config->bind_pw; $this->root_dn = $config->root_dn; + $this->port = $config->get('port', $this->port); } From 1fc66eef8441ba7bb0e369700af696e588d5883e Mon Sep 17 00:00:00 2001 From: Marius Hein Date: Tue, 22 Oct 2013 14:51:24 +0200 Subject: [PATCH 06/11] Removed unused ldap attributes refs #4941 --- config/authentication.ini.in | 6 ++--- configure | 48 ------------------------------------ configure.ac | 21 ---------------- 3 files changed, 3 insertions(+), 72 deletions(-) diff --git a/config/authentication.ini.in b/config/authentication.ini.in index e65561981..80bfc1aeb 100755 --- a/config/authentication.ini.in +++ b/config/authentication.ini.in @@ -21,11 +21,11 @@ @use_ldap_auth@bind_dn = "@ldap_binddn@" @use_ldap_auth@bind_pw = "@ldap_bindpass@" -; Attributes for ldap user lookup +; Object class of the user @use_ldap_auth@user_class = "@ldap_user_objectclass@" -@use_ldap_auth@user_name_attribute = "@ldap_attribute_username@" -@use_ldap_auth@user_password_attribute = "@ldap_attribute_password@" +; Attribute name for username +@use_ldap_auth@user_name_attribute = "@ldap_attribute_username@" @use_internal_auth@[internal_authentication] @use_internal_auth@backend = db diff --git a/configure b/configure index da53bc61e..5f4497146 100755 --- a/configure +++ b/configure @@ -603,9 +603,6 @@ ido_port ido_host ido_db_type icinga_backend -ldap_attribute_groupname -ldap_group_objectclass -ldap_attribute_password ldap_attribute_username ldap_attribute_basedn ldap_user_objectclass @@ -699,9 +696,6 @@ with_ldap_bindpass with_ldap_rootdn with_ldap_user_objectclass with_ldap_attribute_username -with_ldap_attribute_password -with_ldap_group_objectclass -with_ldap_attribute_groupname with_icinga_backend with_ido_db_type with_ido_host @@ -1379,15 +1373,6 @@ Optional Packages: --with-ldap-attribute-username=LDAP_ATTRIBUTE user attribute to use for the username (default: uid) - --with-ldap-attribute-password=LDAP_ATTRIBUTE - user attribute to use for the password (default: - password) - --with-ldap-group-objectclass=LDAP_ATTRIBUTE - ldap object type to use for group authentication - (default: inetOrgPerson) - --with-ldap-attribute-groupname=LDAP_OBJECT_CLASS - user object type to use for the authentication - (default: inetOrgPerson) --with-icinga-backend=(ido, statusdat, livestatus) backend to use for rb (default: statusdat) --with-ido-db-type=(mysql, pgsql) @@ -2517,36 +2502,6 @@ else fi - -# Check whether --with-ldap_attribute_password was given. -if test "${with_ldap_attribute_password+set}" = set; then : - withval=$with_ldap_attribute_password; ldap_attribute_password=$withval -else - ldap_attribute_password="password" - -fi - - - -# Check whether --with-ldap_group_objectclass was given. -if test "${with_ldap_group_objectclass+set}" = set; then : - withval=$with_ldap_group_objectclass; ldap_group_objectclass=$withval -else - ldap_group_objectclass="group" - -fi - - - -# Check whether --with-ldap_attribute_groupname was given. -if test "${with_ldap_attribute_groupname+set}" = set; then : - withval=$with_ldap_attribute_groupname; ldap_attribute_groupname=$withval -else - ldap_attribute_groupname="guid" - -fi - - # # Icinga backend selection # @@ -2939,9 +2894,6 @@ fi - - - # backend setup diff --git a/configure.ac b/configure.ac index 89249bc8f..00936eda2 100755 --- a/configure.ac +++ b/configure.ac @@ -192,24 +192,6 @@ AC_ARG_WITH([ldap_attribute_username], ldap_attribute_username="uid" ) -AC_ARG_WITH([ldap_attribute_password], - AS_HELP_STRING([--with-ldap-attribute-password=LDAP_ATTRIBUTE], [user attribute to use for the password (default: password)]), - ldap_attribute_password=$withval, - ldap_attribute_password="password" -) - -AC_ARG_WITH([ldap_group_objectclass], - AS_HELP_STRING([--with-ldap-group-objectclass=LDAP_ATTRIBUTE], [ldap object type to use for group authentication (default: inetOrgPerson)]), - ldap_group_objectclass=$withval, - ldap_group_objectclass="group" -) - -AC_ARG_WITH([ldap_attribute_groupname], - AS_HELP_STRING([--with-ldap-attribute-groupname=LDAP_OBJECT_CLASS], [user object type to use for the authentication (default: inetOrgPerson)]), - ldap_attribute_groupname=$withval, - ldap_attribute_groupname="guid" -) - # # Icinga backend selection # @@ -410,9 +392,6 @@ AC_SUBST(ldap_bindpass) AC_SUBST(ldap_user_objectclass) AC_SUBST(ldap_attribute_basedn) AC_SUBST(ldap_attribute_username) -AC_SUBST(ldap_attribute_password) -AC_SUBST(ldap_group_objectclass) -AC_SUBST(ldap_attribute_groupname) # backend setup AC_SUBST(icinga_backend) From 8c640cbab7f98d822e5ae714f087dc2a5eb02a38 Mon Sep 17 00:00:00 2001 From: Marius Hein Date: Tue, 22 Oct 2013 15:00:24 +0200 Subject: [PATCH 07/11] Fix missing database dependencies for vagrant/puppet refs #4941 --- .vagrant-puppet/manifests/default.pp | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/.vagrant-puppet/manifests/default.pp b/.vagrant-puppet/manifests/default.pp index 39d1bc30c..185772614 100644 --- a/.vagrant-puppet/manifests/default.pp +++ b/.vagrant-puppet/manifests/default.pp @@ -15,7 +15,7 @@ exec { 'create-mysql-icinga-db': exec{ 'create-pgsql-icinga-db': unless => 'sudo -u postgres psql -tAc "SELECT 1 FROM pg_roles WHERE rolname=\'icinga\'" | grep -q 1', - command => 'sudo -u postgres psql -c "CREATE ROLE icinga WITH LOGIN PASSWORD \'icinga\';" && \ + command => 'sudo -u postgres psql -c "CREATE ROLE icinga WITH LOGIN PASSWORD \'icingaweb\';" && \ sudo -u postgres createdb -O icinga -E UTF8 icinga && \ sudo -u postgres createlang plpgsql icinga', require => Service['postgresql'] @@ -340,7 +340,10 @@ configure { 'icingaweb': flags => '--prefix=/vagrant \ --with-icinga-commandpipe="/usr/local/icinga-mysql/var/rw/icinga.cmd" \ --with-statusdat-file="/usr/local/icinga-mysql/var/status.dat" \ - --with-httpd-config-path="/etc/httpd/conf.d"' + --with-httpd-config-path="/etc/httpd/conf.d" \ + --with-ldap-authentication \ + --with-internal-authentication \ + --with-livestatus-socket="/usr/local/icinga-mysql/var/rw/live"' } file { 'icingaweb-public': @@ -468,7 +471,7 @@ populate_monitoring_test_config_plugins{ ['test_hostcheck.pl', 'test_servicechec # Following section creates and populates MySQL and PostgreSQL Icinga 2 Web databases # exec { 'create-mysql-icingaweb-db': - unless => 'mysql -uicingaweb -picinga icingaweb', + unless => 'mysql -uicingaweb -picingaweb icingaweb', command => 'mysql -uroot -e "CREATE DATABASE icingaweb; \ GRANT ALL ON icingaweb.* TO icingaweb@localhost \ IDENTIFIED BY \'icingaweb\';"', @@ -484,8 +487,8 @@ exec { 'create-pgsql-icingaweb-db': } exec { 'populate-icingaweb-mysql-db-accounts': - unless => 'mysql -uicingaweb -picinga icingaweb -e "SELECT * FROM account;" &> /dev/null', - command => 'mysql -uicingaweb -picinga icingaweb < /vagrant/etc/schema/accounts.mysql.sql', + unless => 'mysql -uicingaweb -picingaweb icingaweb -e "SELECT * FROM account;" &> /dev/null', + command => 'mysql -uicingaweb -picingaweb icingaweb < /vagrant/etc/schema/accounts.mysql.sql', require => [ Exec['create-mysql-icingaweb-db'] ] } @@ -496,8 +499,8 @@ exec { 'populate-icingweba-pgsql-db-accounts': } exec { 'populate-icingaweb-mysql-db-preferences': - unless => 'mysql -uicingaweb -picinga icingaweb -e "SELECT * FROM preference;" &> /dev/null', - command => 'mysql -uicingaweb -picinga icingaweb < /vagrant/etc/schema/preferences.mysql.sql', + unless => 'mysql -uicingaweb -picingaweb icingaweb -e "SELECT * FROM preference;" &> /dev/null', + command => 'mysql -uicingaweb -picingaweb icingaweb < /vagrant/etc/schema/preferences.mysql.sql', require => [ Exec['create-mysql-icingaweb-db'] ] } From b9f03e27b7012f0ca91dfb13d0c78177428b65cc Mon Sep 17 00:00:00 2001 From: Marius Hein Date: Tue, 22 Oct 2013 16:04:38 +0200 Subject: [PATCH 08/11] Fix backend configuration while installation refs #4941 --- config/modules/monitoring/backends.ini.in | 16 ++++++------ config/resources.ini.in | 9 +++++++ configure | 18 ++++++++++--- configure.ac | 11 +++++--- library/Icinga/Data/ResourceFactory.php | 2 +- .../monitoring/library/Monitoring/Backend.php | 25 ++++++++++++++++--- 6 files changed, 61 insertions(+), 20 deletions(-) diff --git a/config/modules/monitoring/backends.ini.in b/config/modules/monitoring/backends.ini.in index c763f076a..910f17f81 100644 --- a/config/modules/monitoring/backends.ini.in +++ b/config/modules/monitoring/backends.ini.in @@ -1,15 +1,17 @@ [localdb] -type = ido -resource = "ido" +@ido_enabled@ +type = ido +resource = "ido" [locallive] -type = livestatus -socket = @livestatus_socket@ +@livestatus_enabled@ +type = livestatus +resource = livestatus [localfile] -type = statusdat -status_file = @statusdat_file@ -objects_file = @objects_cache_file@ +@statusdat_enabled@ +type = statusdat +resource = statusdat ;[localfailsafe] ;enabled=false diff --git a/config/resources.ini.in b/config/resources.ini.in index aca3a227a..e1daeb27a 100755 --- a/config/resources.ini.in +++ b/config/resources.ini.in @@ -30,3 +30,12 @@ port = @ido_port@ password = @ido_user@ username = @ido_user@ dbname = @ido_database@ + +[statusdat] +type = statusdat +status_file = /usr/local/icinga-mysql/var/status.dat +object_file = /usr/local/icinga-mysql/var/objects.cache + +[livestatus] +type = livestatus +socket = @livestatus_socket@ diff --git a/configure b/configure index 5f4497146..7b92f7802 100755 --- a/configure +++ b/configure @@ -593,15 +593,18 @@ INSTALL_OPTS use_internal_auth use_ldap_auth icinga_commandpipe +livestatus_enabled livestatus_socket objects_cache_file statusdat_file +statusdat_enabled ido_password ido_user ido_database ido_port ido_host ido_db_type +ido_enabled icinga_backend ldap_attribute_username ldap_attribute_basedn @@ -1394,7 +1397,7 @@ Optional Packages: location of the status.dat file when retrieving data from status.dat (default: /usr/local/icinga/var/status.dat) - --with-objects-file=FILE + --with-objects-cache-file=FILE location of the objects.cache file when retrieving data from status.dat (default: /usr/local/icinga/var/objects.cache) @@ -1405,6 +1408,10 @@ Optional Packages: location of the command pipe used for sending commands (default: /usr/local/icinga/var/rw/icinga.cmd) + --with-objects-file=FILE + location of the objects.cache file when retrieving + data from status.dat (default: + /usr/local/icinga/var/objects.cache) Some influential environment variables: PHP php cli binary @@ -2810,9 +2817,9 @@ fi # Comment out the disabled backends per default # -ido_enabled="disable=1" -statusdat_enabled="disable=1" -livestatus_enabled="disable=1" +ido_enabled="disabled = \"1\"" +statusdat_enabled="disabled = \"1\"" +livestatus_enabled="disabled = \"1\"" case $icinga_backend in #( "ido") : @@ -2905,13 +2912,16 @@ fi + # status.dat backend + # livestatus backend + # command pipe diff --git a/configure.ac b/configure.ac index 00936eda2..277703bc6 100755 --- a/configure.ac +++ b/configure.ac @@ -255,7 +255,7 @@ AC_ARG_WITH([statusdat_file], ) AC_ARG_WITH([objects_cache_file], - AS_HELP_STRING([--with-objects-file=FILE], [location of the objects.cache file when retrieving data from status.dat (default: /usr/local/icinga/var/objects.cache)]), + AS_HELP_STRING([--with-objects-cache-file=FILE], [location of the objects.cache file when retrieving data from status.dat (default: /usr/local/icinga/var/objects.cache)]), objects_cache_file=$withval, objects_cache_file="/usr/local/icinga/var/objects.cache" ) @@ -338,9 +338,9 @@ AS_IF([test "x$ido_db_type" = xpgsql], [ # Comment out the disabled backends per default # -ido_enabled="disable=1" -statusdat_enabled="disable=1" -livestatus_enabled="disable=1" +ido_enabled="disabled = \"1\"" +statusdat_enabled="disabled = \"1\"" +livestatus_enabled="disabled = \"1\"" AS_CASE([$icinga_backend], ["ido"], [ido_enabled=""], @@ -397,6 +397,7 @@ AC_SUBST(ldap_attribute_username) AC_SUBST(icinga_backend) # ido backend variables +AC_SUBST(ido_enabled) AC_SUBST(ido_db_type) AC_SUBST(ido_host) AC_SUBST(ido_port) @@ -405,11 +406,13 @@ AC_SUBST(ido_user) AC_SUBST(ido_password) # status.dat backend +AC_SUBST(statusdat_enabled) AC_SUBST(statusdat_file) AC_SUBST(objects_cache_file) # livestatus backend AC_SUBST(livestatus_socket) +AC_SUBST(livestatus_enabled) # command pipe AC_SUBST(icinga_commandpipe) diff --git a/library/Icinga/Data/ResourceFactory.php b/library/Icinga/Data/ResourceFactory.php index bfd5afcab..3d4343b1c 100644 --- a/library/Icinga/Data/ResourceFactory.php +++ b/library/Icinga/Data/ResourceFactory.php @@ -40,7 +40,7 @@ class ResourceFactory implements ConfigAwareFactory $resource = new StatusdatReader($config); break; default: - throw new ConfigurationError('Unsupported Backend "' + $config->type + '"'); + throw new ConfigurationError('Unsupported resource type "' . $config->type . '"'); } return $resource; diff --git a/modules/monitoring/library/Monitoring/Backend.php b/modules/monitoring/library/Monitoring/Backend.php index 500666f54..75a5e949e 100644 --- a/modules/monitoring/library/Monitoring/Backend.php +++ b/modules/monitoring/library/Monitoring/Backend.php @@ -128,8 +128,17 @@ class Backend implements ConfigAwareFactory, DatasourceInterface 'Cannot get default backend as no backend has been configured' ); } - reset($configs); - return key($configs); + + // We won't have disabled backends + foreach ($configs as $name => $config) { + if (!$config->get('disabled') == '1') { + return $name; + } + } + + throw new ConfigurationError( + 'All backends are disabled' + ); } /** @@ -149,11 +158,19 @@ class Backend implements ConfigAwareFactory, DatasourceInterface $name = self::getDefaultBackendName(); } + $config = null; + if (isset(self::$backendConfigs[$name])) { + /** @var Zend_Config $config */ $config = self::$backendConfigs[$name]; - } else { + if ($config->get('disabled') == '1') { + $config = null; + } + } + + if ($config === null) { throw new ConfigurationError( - 'No configuration for backend' . $name + 'No configuration for backend:' . $name ); } From b071160cdc99f1667f6726efc83af6cbf913c8ca Mon Sep 17 00:00:00 2001 From: Marius Hein Date: Tue, 22 Oct 2013 16:24:49 +0200 Subject: [PATCH 09/11] Fix tests for ldap and login mask refs #4941 --- .../library/Icinga/Protocol/Ldap/QueryTest.php | 17 +++++++++++------ test/php/regression/LoginMaskBroken4459Test.php | 11 +++++++---- 2 files changed, 18 insertions(+), 10 deletions(-) diff --git a/test/php/library/Icinga/Protocol/Ldap/QueryTest.php b/test/php/library/Icinga/Protocol/Ldap/QueryTest.php index 8f07dc5a5..c449243cb 100644 --- a/test/php/library/Icinga/Protocol/Ldap/QueryTest.php +++ b/test/php/library/Icinga/Protocol/Ldap/QueryTest.php @@ -3,6 +3,7 @@ namespace Tests\Icinga\Protocol\Ldap; require_once '../../library/Icinga/Protocol/Ldap/Query.php'; require_once '../../library/Icinga/Protocol/Ldap/Connection.php'; require_once '../../library/Icinga/Protocol/Ldap/LdapUtils.php'; +require_once('Zend/Config.php'); /** * * Test class for Query @@ -13,12 +14,16 @@ class QueryTest extends \PHPUnit_Framework_TestCase { private function emptySelect() { - $connection = new \Icinga\Protocol\Ldap\Connection((object) array( - 'hostname' => 'localhost', - 'root_dn' => 'dc=example,dc=com', - 'bind_dn' => 'cn=user,ou=users,dc=example,dc=com', - 'bind_pw' => '***' - )); + $config = new \Zend_Config( + array( + 'hostname' => 'localhost', + 'root_dn' => 'dc=example,dc=com', + 'bind_dn' => 'cn=user,ou=users,dc=example,dc=com', + 'bind_pw' => '***' + ) + ); + + $connection = new \Icinga\Protocol\Ldap\Connection($config); return $connection->select(); } diff --git a/test/php/regression/LoginMaskBroken4459Test.php b/test/php/regression/LoginMaskBroken4459Test.php index 724017609..76520f2cd 100644 --- a/test/php/regression/LoginMaskBroken4459Test.php +++ b/test/php/regression/LoginMaskBroken4459Test.php @@ -46,10 +46,13 @@ namespace Tests\Icinga\Regression { $request = $this->getRequest(); - $request->setMethod("POST")->setPost(array( - "username" => "test", - "password" => "test" - )); + $request->setMethod("POST")->setPost( + array( + "username" => "test", + "password" => "test", + "btn_submit" => "1" + ) + ); $view = new \Zend_View(); $form = new LoginForm(); From dd214bbe16f7180506c0de4ef0249b787631b077 Mon Sep 17 00:00:00 2001 From: Marius Hein Date: Tue, 22 Oct 2013 16:47:04 +0200 Subject: [PATCH 10/11] Implement disable flag for authentication backends refs #4941 --- config/authentication.ini.in | 30 ++++++++++++----------- configure | 12 ++++----- configure.ac | 12 ++++----- library/Icinga/Authentication/Manager.php | 5 ++++ 4 files changed, 33 insertions(+), 26 deletions(-) diff --git a/config/authentication.ini.in b/config/authentication.ini.in index 80bfc1aeb..aae7fee63 100755 --- a/config/authentication.ini.in +++ b/config/authentication.ini.in @@ -12,22 +12,24 @@ ; priority. -@use_ldap_auth@[ldap_authentication] -@use_ldap_auth@backend = "ldap" -@use_ldap_auth@target = "user" -@use_ldap_auth@hostname = "@ldap_host@" -@use_ldap_auth@port = "@ldap_port@" -@use_ldap_auth@root_dn = "@ldap_rootdn@" -@use_ldap_auth@bind_dn = "@ldap_binddn@" -@use_ldap_auth@bind_pw = "@ldap_bindpass@" +[ldap_authentication] +@ldap_auth_disabled@ +backend = "ldap" +target = "user" +hostname = "@ldap_host@" +port = "@ldap_port@" +root_dn = "@ldap_rootdn@" +bind_dn = "@ldap_binddn@" +bind_pw = "@ldap_bindpass@" ; Object class of the user -@use_ldap_auth@user_class = "@ldap_user_objectclass@" +user_class = "@ldap_user_objectclass@" ; Attribute name for username -@use_ldap_auth@user_name_attribute = "@ldap_attribute_username@" +user_name_attribute = "@ldap_attribute_username@" -@use_internal_auth@[internal_authentication] -@use_internal_auth@backend = db -@use_internal_auth@target = "user" -@use_internal_auth@resource = "internal_db" +[internal_authentication] +@internal_auth_disabled@ +backend = db +target = "user" +resource = "internal_db" diff --git a/configure b/configure index 7b92f7802..8eda78a50 100755 --- a/configure +++ b/configure @@ -590,8 +590,8 @@ ac_subst_vars='LTLIBOBJS LIBOBJS INSTALL_OPTS_WEB INSTALL_OPTS -use_internal_auth -use_ldap_auth +internal_auth_disabled +ldap_auth_disabled icinga_commandpipe livestatus_enabled livestatus_socket @@ -2832,7 +2832,7 @@ case $icinga_backend in #( statusdat_enabled="" ;; esac -use_ldap_auth=";" +ldap_auth_disabled="disabled = \"1\"" if test "x$ldap_authentication" != xno; then : for x in ldap;do @@ -2846,11 +2846,11 @@ else fi done - use_ldap_auth="" + ldap_auth_disabled="" fi -use_internal_auth=";" +internal_auth_disabled="disabled = \"1\"" if test "x$internal_authentication" != xno; then : for x in ldap;do @@ -2864,7 +2864,7 @@ else fi done - use_internal_auth="" + internal_auth_disabled="" fi diff --git a/configure.ac b/configure.ac index 277703bc6..ebcedf63b 100755 --- a/configure.ac +++ b/configure.ac @@ -348,16 +348,16 @@ AS_CASE([$icinga_backend], ["livestatus"], [livestatus_enabled=""], [statusdat_enabled=""]) -use_ldap_auth=";" +ldap_auth_disabled="disabled = \"1\"" AS_IF([test "x$ldap_authentication" != xno], AC_CHECK_PHP_MODULE([ldap]) - use_ldap_auth="" + ldap_auth_disabled="" ) -use_internal_auth=";" +internal_auth_disabled="disabled = \"1\"" AS_IF([test "x$internal_authentication" != xno], AC_CHECK_PHP_MODULE([ldap]) - use_internal_auth="" + internal_auth_disabled="" ) # @@ -419,8 +419,8 @@ AC_SUBST(icinga_commandpipe) # Comment placeholders for toggling backends -AC_SUBST(use_ldap_auth) -AC_SUBST(use_internal_auth) +AC_SUBST(ldap_auth_disabled) +AC_SUBST(internal_auth_disabled) # Application and installation AC_SUBST(PHP) diff --git a/library/Icinga/Authentication/Manager.php b/library/Icinga/Authentication/Manager.php index e9f8edd1e..66677cf10 100644 --- a/library/Icinga/Authentication/Manager.php +++ b/library/Icinga/Authentication/Manager.php @@ -163,6 +163,11 @@ class Manager private function setupBackends(Zend_Config $config) { foreach ($config as $name => $backendConfig) { + // We won't initialize disabled backends + if ($backendConfig->get('disabled') == '1') { + continue; + } + if ($backendConfig->name === null) { $backendConfig->name = $name; } From bcfc1b56bb82c4f48016a99a9b2d5c1d148ae353 Mon Sep 17 00:00:00 2001 From: Marius Hein Date: Tue, 22 Oct 2013 17:49:49 +0200 Subject: [PATCH 11/11] Fix database switches and backend configuration refs #4941 --- aclocal.m4 | 10 ++++++++++ config/resources.ini.in | 10 +++++----- configure | 44 ++++++++++++++++++++++++++--------------- configure.ac | 26 +++++++++++++----------- 4 files changed, 57 insertions(+), 33 deletions(-) diff --git a/aclocal.m4 b/aclocal.m4 index 71102248e..ed4703fd0 100755 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -72,3 +72,13 @@ AC_DEFUN([ICINGA_CHECK_DBTYPE], [ AC_MSG_ERROR([$1]) ) ]) + +# ICINGA_CHECK_BACKENDTYPE(BACKENDTYPE, ARGUMENT_NAME) +# ------------------------------------------ +AC_DEFUN([ICINGA_CHECK_BACKENDTYPE], [ + AC_MSG_CHECKING([Testing backend type for $2]) + AS_IF(echo "$1" | $GREP -q "^\(ido\|statusdat\|livestatus\)$", + AC_MSG_RESULT([OK ($1)]), + AC_MSG_ERROR([$1]) + ) +]) diff --git a/config/resources.ini.in b/config/resources.ini.in index e1daeb27a..1085fff94 100755 --- a/config/resources.ini.in +++ b/config/resources.ini.in @@ -18,7 +18,7 @@ type = db db = @internal_db_type@ host = @internal_db_host@ port = @internal_db_port@ -password = @internal_db_pass@ +password = @internal_db_password@ username = @internal_db_user@ dbname = @internal_db_name@ @@ -27,14 +27,14 @@ type = db db = @ido_db_type@ host = @ido_host@ port = @ido_port@ -password = @ido_user@ +password = @ido_password@ username = @ido_user@ -dbname = @ido_database@ +dbname = @ido_db_name@ [statusdat] type = statusdat -status_file = /usr/local/icinga-mysql/var/status.dat -object_file = /usr/local/icinga-mysql/var/objects.cache +status_file = @statusdat_file@ +object_file = @objects_cache_file@ [livestatus] type = livestatus diff --git a/configure b/configure index 8eda78a50..07073a2de 100755 --- a/configure +++ b/configure @@ -600,7 +600,7 @@ statusdat_file statusdat_enabled ido_password ido_user -ido_database +ido_db_name ido_port ido_host ido_db_type @@ -614,7 +614,7 @@ ldap_binddn ldap_rootdn ldap_port ldap_host -internal_db_pass +internal_db_password internal_db_user internal_db_port internal_db_host @@ -688,7 +688,7 @@ with_internal_db_type with_internal_db_name with_internal_db_host with_internal_db_port -with_internal_db_pass +with_internal_db_password with_internal_db_user with_internal_authentication with_ldap_authentication @@ -703,7 +703,7 @@ with_icinga_backend with_ido_db_type with_ido_host with_ido_port -with_ido_database +with_ido_db_name with_ido_user with_ido_password with_statusdat_file @@ -1347,7 +1347,7 @@ Optional Packages: --with-internal-db-port=PORT database port to use for internal database (default: 3306 for mysql, 5432 for pgsql) - --with-internal-db-pass=PASS + --with-internal-db-password=PASS database pass to use for internal database (default icingaweb) --with-internal-db-user=USER @@ -1385,10 +1385,10 @@ Optional Packages: (default: localhost) --with-ido-port=PORT backend to use for retrieving data from the ido db (default: 3306 for mysql. 5432 for pgsql) - --with-ido-database=DATABASE + --with-ido-db-name=DATABASE database name to use for retrieving data from the ido db (default: icinga) - --with-ido-host=USER user to use for retrieving data from the ido db + --with-ido-user=USER user to use for retrieving data from the ido db (default: icinga) --with-ido-password=PASSWORD password to use for retrieving data from the ido db @@ -2392,11 +2392,11 @@ fi -# Check whether --with-internal_db_pass was given. -if test "${with_internal_db_pass+set}" = set; then : - withval=$with_internal_db_pass; internal_db_pass=$withval +# Check whether --with-internal_db_password was given. +if test "${with_internal_db_password+set}" = set; then : + withval=$with_internal_db_password; internal_db_password=$withval else - internal_db_pass=icingaweb + internal_db_password=icingaweb fi @@ -2523,6 +2523,18 @@ else fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking Testing backend type for --with-icinga-backend" >&5 +$as_echo_n "checking Testing backend type for --with-icinga-backend... " >&6; } + if echo "$icinga_backend" | $GREP -q "^\(ido\|statusdat\|livestatus\)$"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: OK ($icinga_backend)" >&5 +$as_echo "OK ($icinga_backend)" >&6; } +else + as_fn_error $? "$icinga_backend" "$LINENO" 5 + +fi + + # # Ido settings # @@ -2570,11 +2582,11 @@ fi -# Check whether --with-ido_database was given. -if test "${with_ido_database+set}" = set; then : - withval=$with_ido_database; ido_database=$withval +# Check whether --with-ido_db_name was given. +if test "${with_ido_db_name+set}" = set; then : + withval=$with_ido_db_name; ido_db_name=$withval else - ido_database="icinga" + ido_db_name="icinga" fi @@ -2814,7 +2826,7 @@ fi fi # -# Comment out the disabled backends per default +# Disable authentication backends # ido_enabled="disabled = \"1\"" diff --git a/configure.ac b/configure.ac index ebcedf63b..42a37f3dc 100755 --- a/configure.ac +++ b/configure.ac @@ -118,10 +118,10 @@ AC_ARG_WITH([internal_db_port], internal_db_port=db_default_port ) -AC_ARG_WITH([internal_db_pass], - AS_HELP_STRING([--with-internal-db-pass=PASS], [database pass to use for internal database (default icingaweb)]), - internal_db_pass=$withval, - internal_db_pass=icingaweb +AC_ARG_WITH([internal_db_password], + AS_HELP_STRING([--with-internal-db-password=PASS], [database pass to use for internal database (default icingaweb)]), + internal_db_password=$withval, + internal_db_password=icingaweb ) AC_ARG_WITH([internal_db_user], @@ -202,6 +202,8 @@ AC_ARG_WITH([icinga_backend], icinga_backend="statusdat" ) +ICINGA_CHECK_BACKENDTYPE($icinga_backend, [--with-icinga-backend]) + # # Ido settings # @@ -226,14 +228,14 @@ AC_ARG_WITH([ido_port], ido_port=db_default_port ) -AC_ARG_WITH([ido_database], - AS_HELP_STRING([--with-ido-database=DATABASE], [database name to use for retrieving data from the ido db (default: icinga)]), - ido_database=$withval, - ido_database="icinga" +AC_ARG_WITH([ido_db_name], + AS_HELP_STRING([--with-ido-db-name=DATABASE], [database name to use for retrieving data from the ido db (default: icinga)]), + ido_db_name=$withval, + ido_db_name="icinga" ) AC_ARG_WITH([ido_user], - AS_HELP_STRING([--with-ido-host=USER], [user to use for retrieving data from the ido db (default: icinga)]), + AS_HELP_STRING([--with-ido-user=USER], [user to use for retrieving data from the ido db (default: icinga)]), ido_user=$withval, ido_user="icinga" ) @@ -335,7 +337,7 @@ AS_IF([test "x$ido_db_type" = xpgsql], [ ]) # -# Comment out the disabled backends per default +# Disable authentication backends # ido_enabled="disabled = \"1\"" @@ -381,7 +383,7 @@ AC_SUBST(internal_db_name) AC_SUBST(internal_db_host) AC_SUBST(internal_db_port) AC_SUBST(internal_db_user) -AC_SUBST(internal_db_pass) +AC_SUBST(internal_db_password) # ldap setup AC_SUBST(ldap_host) @@ -401,7 +403,7 @@ AC_SUBST(ido_enabled) AC_SUBST(ido_db_type) AC_SUBST(ido_host) AC_SUBST(ido_port) -AC_SUBST(ido_database) +AC_SUBST(ido_db_name) AC_SUBST(ido_user) AC_SUBST(ido_password)