diff --git a/.vagrant-puppet/manifests/default.pp b/.vagrant-puppet/manifests/default.pp index 390b31b7b..ede5c5c36 100644 --- a/.vagrant-puppet/manifests/default.pp +++ b/.vagrant-puppet/manifests/default.pp @@ -5,8 +5,12 @@ include openldap Exec { path => '/bin:/usr/bin:/sbin' } -$icingaVersion = '1.11.2' -$icinga2Version = '2.0.0' +$icingaVersion = '1.11.5' +$icinga2Version = '2.0.1' +$pluginVersion = '2.0' +$livestatusVersion = '1.2.4p5' +$phantomjsVersion = '1.9.1' +$casperjsVersion = '1.0.2' mysql::database { 'icinga': username => 'icinga', @@ -201,8 +205,8 @@ exec { 'icinga-htpasswd': } cmmi { 'icinga-plugins': - url => 'https://www.monitoring-plugins.org/download/nagios-plugins-1.5.tar.gz', - output => 'nagios-plugins-1.5.tar.gz', + url => "https://www.monitoring-plugins.org/download/monitoring-plugins-${pluginVersion}.tar.gz", + output => "monitoring-plugins-${pluginVersion}.tar.gz", flags => '--prefix=/usr/lib64/nagios/plugins \ --with-nagios-user=icinga --with-nagios-group=icinga \ --with-cgiurl=/icinga-mysql/cgi-bin', @@ -212,8 +216,8 @@ cmmi { 'icinga-plugins': } cmmi { 'mk-livestatus': - url => 'http://mathias-kettner.de/download/mk-livestatus-1.2.2p1.tar.gz', - output => 'mk-livestatus-1.2.2p1.tar.gz', + url => "http://mathias-kettner.de/download/mk-livestatus-${livestatusVersion}.tar.gz", + output => "mk-livestatus-${livestatusVersion}.tar.gz", flags => '--prefix=/usr/local/icinga-mysql --exec-prefix=/usr/local/icinga-mysql', creates => '/usr/local/icinga-mysql/lib/mk-livestatus', make => 'make && make install', @@ -256,14 +260,14 @@ exec { 'populate-openldap': } class { 'phantomjs': - url => 'https://phantomjs.googlecode.com/files/phantomjs-1.9.1-linux-x86_64.tar.bz2', - output => 'phantomjs-1.9.1-linux-x86_64.tar.bz2', + url => "https://phantomjs.googlecode.com/files/phantomjs-${phantomjsVersion}-linux-x86_64.tar.bz2", + output => "phantomjs-${phantomjsVersion}-linux-x86_64.tar.bz2", creates => '/usr/local/phantomjs' } class { 'casperjs': - url => 'https://github.com/n1k0/casperjs/tarball/1.0.2', - output => 'casperjs-1.0.2.tar.gz', + url => "https://github.com/n1k0/casperjs/tarball/${casperjsVersion}", + output => "casperjs-${casperjsVersion}.tar.gz", creates => '/usr/local/casperjs' } diff --git a/application/controllers/AuthenticationController.php b/application/controllers/AuthenticationController.php index bbb475989..7d4864d5a 100644 --- a/application/controllers/AuthenticationController.php +++ b/application/controllers/AuthenticationController.php @@ -14,6 +14,7 @@ use Icinga\Exception\AuthenticationException; use Icinga\Exception\NotReadableError; use Icinga\Exception\ConfigurationError; use Icinga\User; +use Icinga\Web\Session; use Icinga\Web\Url; /** @@ -131,9 +132,10 @@ class AuthenticationController extends ActionController public function logoutAction() { $auth = $this->Auth(); + $isRemoteUser = $auth->getUser()->isRemoteUser(); $auth->removeAuthorization(); - if ($auth->isAuthenticatedFromRemoteUser()) { + if ($isRemoteUser === true) { $this->_helper->layout->setLayout('login'); $this->_response->setHttpResponseCode(401); } else { diff --git a/application/views/scripts/authentication/logout.phtml b/application/views/scripts/authentication/logout.phtml index eb0d6dc44..9b03d190f 100644 --- a/application/views/scripts/authentication/logout.phtml +++ b/application/views/scripts/authentication/logout.phtml @@ -7,10 +7,7 @@ in every further request until the browser was closed. To allow logout and to allow the user to change the logged-in user this JavaScript provides a workaround to force a new authentication prompt in most browsers. --> - -
-
-
+

-
-
-
-
- +
-
- diff --git a/library/Icinga/Authentication/Backend/AutoLoginBackend.php b/library/Icinga/Authentication/Backend/AutoLoginBackend.php index d793b50dd..16373bb6c 100644 --- a/library/Icinga/Authentication/Backend/AutoLoginBackend.php +++ b/library/Icinga/Authentication/Backend/AutoLoginBackend.php @@ -53,6 +53,7 @@ class AutoLoginBackend extends UserBackend { if (isset($_SERVER['REMOTE_USER'])) { $username = $_SERVER['REMOTE_USER']; + $user->setRemoteUserInformation($username, 'REMOTE_USER'); if ($this->stripUsernameRegexp !== null) { $stripped = preg_replace($this->stripUsernameRegexp, '', $username); if ($stripped !== false) { diff --git a/library/Icinga/Authentication/Manager.php b/library/Icinga/Authentication/Manager.php index 01964ef00..ec49aa416 100644 --- a/library/Icinga/Authentication/Manager.php +++ b/library/Icinga/Authentication/Manager.php @@ -30,12 +30,6 @@ class Manager */ private $user; - /** - * If the user was authenticated from the REMOTE_USER server variable - * - * @var Boolean - */ - private $fromRemoteUser = false; private function __construct() { @@ -117,6 +111,13 @@ class Manager public function authenticateFromSession() { $this->user = Session::getSession()->get('user'); + + if ($this->user !== null && $this->user->isRemoteUser() === true) { + list($originUsername, $field) = $this->user->getRemoteUserInformation(); + if (array_key_exists($field, $_SERVER) && $_SERVER[$field] !== $originUsername) { + $this->removeAuthorization(); + } + } } /** @@ -204,35 +205,4 @@ class Manager { return $this->user->getGroups(); } - - /** - * Tries to authenticate the user from the session, and then from the REMOTE_USER superglobal, that can be set by - * an external authentication provider. - */ - public function authenticateFromRemoteUser() - { - if (array_key_exists('REMOTE_USER', $_SERVER)) { - $this->fromRemoteUser = true; - } - $this->authenticateFromSession(); - if ($this->user !== null) { - if (array_key_exists('REMOTE_USER', $_SERVER) && $this->user->getUsername() !== $_SERVER["REMOTE_USER"]) { - // Remote user has changed, clear all sessions - $this->removeAuthorization(); - } - return; - } - if (array_key_exists('REMOTE_USER', $_SERVER) && $_SERVER["REMOTE_USER"]) { - $this->user = new User($_SERVER["REMOTE_USER"]); - $this->persistCurrentUser(); - } - } - - /** - * If the session was established from the REMOTE_USER server variable. - */ - public function isAuthenticatedFromRemoteUser() - { - return $this->fromRemoteUser; - } } diff --git a/library/Icinga/User.php b/library/Icinga/User.php index 848877850..13f62881a 100644 --- a/library/Icinga/User.php +++ b/library/Icinga/User.php @@ -58,6 +58,18 @@ class User */ protected $additionalInformation = array(); + /** + * Information if the user is external authenticated + * + * Keys: + * + * 0: origin username + * 1: origin field name + * + * @var array + */ + protected $remoteUserInformation = array(); + /** * Set of permissions * @@ -401,4 +413,35 @@ class User { $this->messages = null; } + + /** + * Set additional remote user information + * + * @param stirng $username + * @param string $field + */ + public function setRemoteUserInformation($username, $field) + { + $this->remoteUserInformation = array($username, $field); + } + + /** + * Get additional remote user information + * + * @return array + */ + public function getRemoteUserInformation() + { + return $this->remoteUserInformation; + } + + /** + * Return true if user has remote user information set + * + * @return bool + */ + public function isRemoteUser() + { + return (count($this->remoteUserInformation)) ? true : false; + } } diff --git a/library/Icinga/Web/Controller/ActionController.php b/library/Icinga/Web/Controller/ActionController.php index b28bddc37..1c4111e4b 100644 --- a/library/Icinga/Web/Controller/ActionController.php +++ b/library/Icinga/Web/Controller/ActionController.php @@ -362,6 +362,8 @@ class ActionController extends Zend_Controller_Action 'X-Icinga-Title', rawurlencode($this->view->title . ' :: Icinga Web') ); + } else { + $resp->setHeader('X-Icinga-Title', rawurlencode('Icinga Web')); } if ($this->rerenderLayout) { diff --git a/modules/monitoring/application/clicommands/ListCommand.php b/modules/monitoring/application/clicommands/ListCommand.php index 42a377763..e6b86f4ef 100644 --- a/modules/monitoring/application/clicommands/ListCommand.php +++ b/modules/monitoring/application/clicommands/ListCommand.php @@ -72,6 +72,7 @@ class ListCommand extends Command protected function showFormatted($query, $format, $columns) { + $query = $query->getQuery(); switch($format) { case 'json': echo json_encode($query->fetchAll()); @@ -155,7 +156,7 @@ class ListCommand extends Command 'service_perfdata', 'service_last_state_change' ); - $query = $this->getQuery('status', $columns) + $query = $this->getQuery('serviceStatus', $columns) ->order('host_name'); echo $this->renderStatusQuery($query); } @@ -167,6 +168,7 @@ class ListCommand extends Command $screen = $this->screen; $utils = new CliUtils($screen); $maxCols = $screen->getColumns(); + $query = $query->getQuery(); $rows = $query->fetchAll(); $count = $query->count(); $count = count($rows); diff --git a/modules/monitoring/library/Monitoring/Plugin/Perfdata.php b/modules/monitoring/library/Monitoring/Plugin/Perfdata.php index a6eaddabd..6af3cde17 100644 --- a/modules/monitoring/library/Monitoring/Plugin/Perfdata.php +++ b/modules/monitoring/library/Monitoring/Plugin/Perfdata.php @@ -190,6 +190,9 @@ class Perfdata if ($this->maxValue !== null) { $minValue = $this->minValue !== null ? $this->minValue : 0; + if ($this->maxValue - $minValue === 0.0) { + return null; + } if ($this->value > $minValue) { return (($this->value - $minValue) / ($this->maxValue - $minValue)) * 100; @@ -267,9 +270,13 @@ class Perfdata switch (count($parts)) { case 5: - $this->maxValue = self::convert($parts[4], $this->unit); + if ($parts[4] !== '') { + $this->maxValue = self::convert($parts[4], $this->unit); + } case 4: - $this->minValue = self::convert($parts[3], $this->unit); + if ($parts[3] !== '') { + $this->minValue = self::convert($parts[3], $this->unit); + } case 3: // TODO(#6123): Tresholds have the same UOM and need to be converted as well! $this->criticalThreshold = trim($parts[2]) ? trim($parts[2]) : null; diff --git a/modules/monitoring/test/php/library/Monitoring/Plugin/PerfdataTest.php b/modules/monitoring/test/php/library/Monitoring/Plugin/PerfdataTest.php index 2d8a98b73..9cc132eb2 100644 --- a/modules/monitoring/test/php/library/Monitoring/Plugin/PerfdataTest.php +++ b/modules/monitoring/test/php/library/Monitoring/Plugin/PerfdataTest.php @@ -347,6 +347,14 @@ class PerfdataTest extends BaseTestCase Perfdata::fromString('test=25;;;50;100')->getPercentage(), 'Perfdata objects do return a percentage though their value is lower than it\'s allowed minimum' ); + $this->assertNull( + Perfdata::fromString('test=25;;;0;')->getPercentage(), + 'Perfdata objects do not ignore empty max values when returning percentages' + ); + $this->assertNull( + Perfdata::fromString('test=25;;;0;0')->getPercentage(), + 'Perfdata objects do not ignore impossible min/max combinations when returning percentages' + ); } /**