tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-28 08:14:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into feature/deduplicate-puppet-code-6842

Browse Source
This commit is contained in:
Alexander Klimov 2014-08-05 13:50:23 +02:00
parent 82fa6e690f
commit fe11ca4744
10 changed files with 98 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
.vagrant-puppet/manifests/default.pp
View File

@ -5,8 +5,12 @@ include openldap
Exec { path => '/bin:/usr/bin:/sbin' } Exec { path => '/bin:/usr/bin:/sbin' }
$icingaVersion = '1.11.2' $icingaVersion = '1.11.5'
$icinga2Version = '2.0.0' $icinga2Version = '2.0.1'
$pluginVersion = '2.0'
$livestatusVersion = '1.2.4p5'
$phantomjsVersion = '1.9.1'
$casperjsVersion = '1.0.2'
mysql::database { 'icinga': mysql::database { 'icinga':
username => 'icinga', username => 'icinga',
@ -201,8 +205,8 @@ exec { 'icinga-htpasswd':
} }
cmmi { 'icinga-plugins': cmmi { 'icinga-plugins':
url => 'https://www.monitoring-plugins.org/download/nagios-plugins-1.5.tar.gz', url => "https://www.monitoring-plugins.org/download/monitoring-plugins-${pluginVersion}.tar.gz",
output => 'nagios-plugins-1.5.tar.gz', output => "monitoring-plugins-${pluginVersion}.tar.gz",
flags => '--prefix=/usr/lib64/nagios/plugins \ flags => '--prefix=/usr/lib64/nagios/plugins \
--with-nagios-user=icinga --with-nagios-group=icinga \ --with-nagios-user=icinga --with-nagios-group=icinga \
--with-cgiurl=/icinga-mysql/cgi-bin', --with-cgiurl=/icinga-mysql/cgi-bin',
@ -212,8 +216,8 @@ cmmi { 'icinga-plugins':
} }
cmmi { 'mk-livestatus': cmmi { 'mk-livestatus':
url => 'http://mathias-kettner.de/download/mk-livestatus-1.2.2p1.tar.gz', url => "http://mathias-kettner.de/download/mk-livestatus-${livestatusVersion}.tar.gz",
output => 'mk-livestatus-1.2.2p1.tar.gz', output => "mk-livestatus-${livestatusVersion}.tar.gz",
flags => '--prefix=/usr/local/icinga-mysql --exec-prefix=/usr/local/icinga-mysql', flags => '--prefix=/usr/local/icinga-mysql --exec-prefix=/usr/local/icinga-mysql',
creates => '/usr/local/icinga-mysql/lib/mk-livestatus', creates => '/usr/local/icinga-mysql/lib/mk-livestatus',
make => 'make && make install', make => 'make && make install',
@ -256,14 +260,14 @@ exec { 'populate-openldap':
} }
class { 'phantomjs': class { 'phantomjs':
url => 'https://phantomjs.googlecode.com/files/phantomjs-1.9.1-linux-x86_64.tar.bz2', url => "https://phantomjs.googlecode.com/files/phantomjs-${phantomjsVersion}-linux-x86_64.tar.bz2",
output => 'phantomjs-1.9.1-linux-x86_64.tar.bz2', output => "phantomjs-${phantomjsVersion}-linux-x86_64.tar.bz2",
creates => '/usr/local/phantomjs' creates => '/usr/local/phantomjs'
} }
class { 'casperjs': class { 'casperjs':
url => 'https://github.com/n1k0/casperjs/tarball/1.0.2', url => "https://github.com/n1k0/casperjs/tarball/${casperjsVersion}",
output => 'casperjs-1.0.2.tar.gz', output => "casperjs-${casperjsVersion}.tar.gz",
creates => '/usr/local/casperjs' creates => '/usr/local/casperjs'
} }

4
application/controllers/AuthenticationController.php
View File

@ -14,6 +14,7 @@ use Icinga\Exception\AuthenticationException;
use Icinga\Exception\NotReadableError; use Icinga\Exception\NotReadableError;
use Icinga\Exception\ConfigurationError; use Icinga\Exception\ConfigurationError;
use Icinga\User; use Icinga\User;
use Icinga\Web\Session;
use Icinga\Web\Url; use Icinga\Web\Url;
/** /**
@ -131,9 +132,10 @@ class AuthenticationController extends ActionController
public function logoutAction() public function logoutAction()
{ {
$auth = $this->Auth(); $auth = $this->Auth();
$isRemoteUser = $auth->getUser()->isRemoteUser();
$auth->removeAuthorization(); $auth->removeAuthorization();
if ($auth->isAuthenticatedFromRemoteUser()) { if ($isRemoteUser === true) {
$this->_helper->layout->setLayout('login'); $this->_helper->layout->setLayout('login');
$this->_response->setHttpResponseCode(401); $this->_response->setHttpResponseCode(401);
} else { } else {

41
application/views/scripts/authentication/logout.phtml
View File

@ -7,10 +7,7 @@
in every further request until the browser was closed. To allow logout and to allow the user to change the in every further request until the browser was closed. To allow logout and to allow the user to change the
logged-in user this JavaScript provides a workaround to force a new authentication prompt in most browsers. logged-in user this JavaScript provides a workaround to force a new authentication prompt in most browsers.
--> -->
<div class="content">
<div class="row">
<br/>
<div class="md-offset-3 col-md-6 col-sm-6 col-sm-offset-3">
<div class="alert alert-warning" id="logout-status"> <div class="alert alert-warning" id="logout-status">
<b> <?= t('Logging out...'); ?> </b> <br /> <b> <?= t('Logging out...'); ?> </b> <br />
<?= t( <?= t(
@ -19,37 +16,19 @@
'browser session.' 'browser session.'
); ?> ); ?>
</div> </div>
</div>
</div>
<div class="row">
<div class="col-md-4 col-md-offset-4 col-sm-6 col-sm-offset-3">
<div class="container" > <div class="container" >
<a class="button btn btn-cta form-control input-sm" href="<?= $this->href('dashboard/index'); ?>"> <?= t('Login'); ?></a> <a href="<?= $this->href('dashboard/index'); ?>"> <?= t('Login'); ?></a>
</div> </div>
</div>
</div> </div>
<script type="text/javascript"> <script type="text/javascript">
/** /**
* When JavaScript is available, trigger an XmlHTTPRequest with the non-existing user 'logout' and abort it * When JavaScript is available, trigger an XmlHTTPRequest with the non-existing user 'logout' and abort it
* before it is able to finish. This will cause the browser to show a new authentication prompt in the next * before it is able to finish. This will cause the browser to show a new authentication prompt in the next
* request. * request.
*/ */
window.onload = function () { $(document).ready(function() {
function getXMLHttpRequest() { msg = $('#logout-status');
var xmlhttp = null;
try {
if (window.XMLHttpRequest) {
xmlhttp = new XMLHttpRequest();
} else if (window.ActiveXObject) {
xmlhttp = new ActiveXObject('Microsoft.XMLHTTP');
}
} catch (e) {}
return xmlhttp;
}
var msg = document.getElementById('logout-status');
try { try {
if (navigator.userAgent.toLowerCase().indexOf('msie') !== -1) { if (navigator.userAgent.toLowerCase().indexOf('msie') !== -1) {
document.execCommand('ClearAuthenticationCache'); document.execCommand('ClearAuthenticationCache');
@ -60,13 +39,9 @@
xhttp.abort(); xhttp.abort();
} }
} catch (e) { } catch (e) {
msg.innerHTML = '<?= t(
'Logout not possible, it may be necessary to quit the session manually ' .
'by clearing the cache, or closing the current browser session. Error: '
);?>' + ': ' + e.getMessage() ;
msg.setAttribute('class', 'alert alert-danger');
} }
msg.innerHTML = '<?= t('Logout successful!'); ?>'; msg.html('<?= t('Logout successful!'); ?>');
msg.setAttribute('class', 'alert alert-success'); msg.removeClass();
}; msg.addClass('alert alert-success');
});
</script> </script>

1
library/Icinga/Authentication/Backend/AutoLoginBackend.php
View File

@ -53,6 +53,7 @@ class AutoLoginBackend extends UserBackend
{ {
if (isset($_SERVER['REMOTE_USER'])) { if (isset($_SERVER['REMOTE_USER'])) {
$username = $_SERVER['REMOTE_USER']; $username = $_SERVER['REMOTE_USER'];
$user->setRemoteUserInformation($username, 'REMOTE_USER');
if ($this->stripUsernameRegexp !== null) { if ($this->stripUsernameRegexp !== null) {
$stripped = preg_replace($this->stripUsernameRegexp, '', $username); $stripped = preg_replace($this->stripUsernameRegexp, '', $username);
if ($stripped !== false) { if ($stripped !== false) {

44
library/Icinga/Authentication/Manager.php
View File

@ -30,12 +30,6 @@ class Manager
*/ */
private $user; private $user;
/**
* If the user was authenticated from the REMOTE_USER server variable
*
* @var Boolean
*/
private $fromRemoteUser = false;
private function __construct() private function __construct()
{ {
@ -117,6 +111,13 @@ class Manager
public function authenticateFromSession() public function authenticateFromSession()
{ {
$this->user = Session::getSession()->get('user'); $this->user = Session::getSession()->get('user');
if ($this->user !== null && $this->user->isRemoteUser() === true) {
list($originUsername, $field) = $this->user->getRemoteUserInformation();
if (array_key_exists($field, $_SERVER) && $_SERVER[$field] !== $originUsername) {
$this->removeAuthorization();
}
}
} }
/** /**
@ -204,35 +205,4 @@ class Manager
{ {
return $this->user->getGroups(); return $this->user->getGroups();
} }
/**
* Tries to authenticate the user from the session, and then from the REMOTE_USER superglobal, that can be set by
* an external authentication provider.
*/
public function authenticateFromRemoteUser()
{
if (array_key_exists('REMOTE_USER', $_SERVER)) {
$this->fromRemoteUser = true;
}
$this->authenticateFromSession();
if ($this->user !== null) {
if (array_key_exists('REMOTE_USER', $_SERVER) && $this->user->getUsername() !== $_SERVER["REMOTE_USER"]) {
// Remote user has changed, clear all sessions
$this->removeAuthorization();
}
return;
}
if (array_key_exists('REMOTE_USER', $_SERVER) && $_SERVER["REMOTE_USER"]) {
$this->user = new User($_SERVER["REMOTE_USER"]);
$this->persistCurrentUser();
}
}
/**
* If the session was established from the REMOTE_USER server variable.
*/
public function isAuthenticatedFromRemoteUser()
{
return $this->fromRemoteUser;
}
} }

43
library/Icinga/User.php
View File

@ -58,6 +58,18 @@ class User
*/ */
protected $additionalInformation = array(); protected $additionalInformation = array();
/**
* Information if the user is external authenticated
*
* Keys:
*
* 0: origin username
* 1: origin field name
*
* @var array
*/
protected $remoteUserInformation = array();
/** /**
* Set of permissions * Set of permissions
* *
@ -401,4 +413,35 @@ class User
{ {
$this->messages = null; $this->messages = null;
} }
/**
* Set additional remote user information
*
* @param stirng $username
* @param string $field
*/
public function setRemoteUserInformation($username, $field)
{
$this->remoteUserInformation = array($username, $field);
}
/**
* Get additional remote user information
*
* @return array
*/
public function getRemoteUserInformation()
{
return $this->remoteUserInformation;
}
/**
* Return true if user has remote user information set
*
* @return bool
*/
public function isRemoteUser()
{
return (count($this->remoteUserInformation)) ? true : false;
}
} }

2
library/Icinga/Web/Controller/ActionController.php
View File

@ -362,6 +362,8 @@ class ActionController extends Zend_Controller_Action
'X-Icinga-Title', 'X-Icinga-Title',
rawurlencode($this->view->title . ' :: Icinga Web') rawurlencode($this->view->title . ' :: Icinga Web')
); );
} else {
$resp->setHeader('X-Icinga-Title', rawurlencode('Icinga Web'));
} }
if ($this->rerenderLayout) { if ($this->rerenderLayout) {

4
modules/monitoring/application/clicommands/ListCommand.php
View File

@ -72,6 +72,7 @@ class ListCommand extends Command
protected function showFormatted($query, $format, $columns) protected function showFormatted($query, $format, $columns)
{ {
$query = $query->getQuery();
switch($format) { switch($format) {
case 'json': case 'json':
echo json_encode($query->fetchAll()); echo json_encode($query->fetchAll());
@ -155,7 +156,7 @@ class ListCommand extends Command
'service_perfdata', 'service_perfdata',
'service_last_state_change' 'service_last_state_change'
); );
$query = $this->getQuery('status', $columns) $query = $this->getQuery('serviceStatus', $columns)
->order('host_name'); ->order('host_name');
echo $this->renderStatusQuery($query); echo $this->renderStatusQuery($query);
} }
@ -167,6 +168,7 @@ class ListCommand extends Command
$screen = $this->screen; $screen = $this->screen;
$utils = new CliUtils($screen); $utils = new CliUtils($screen);
$maxCols = $screen->getColumns(); $maxCols = $screen->getColumns();
$query = $query->getQuery();
$rows = $query->fetchAll(); $rows = $query->fetchAll();
$count = $query->count(); $count = $query->count();
$count = count($rows); $count = count($rows);

11
modules/monitoring/library/Monitoring/Plugin/Perfdata.php
View File

@ -190,6 +190,9 @@ class Perfdata
if ($this->maxValue !== null) { if ($this->maxValue !== null) {
$minValue = $this->minValue !== null ? $this->minValue : 0; $minValue = $this->minValue !== null ? $this->minValue : 0;
if ($this->maxValue - $minValue === 0.0) {
return null;
}
if ($this->value > $minValue) { if ($this->value > $minValue) {
return (($this->value - $minValue) / ($this->maxValue - $minValue)) * 100; return (($this->value - $minValue) / ($this->maxValue - $minValue)) * 100;
@ -267,9 +270,13 @@ class Perfdata
switch (count($parts)) switch (count($parts))
{ {
case 5: case 5:
$this->maxValue = self::convert($parts[4], $this->unit); if ($parts[4] !== '') {
$this->maxValue = self::convert($parts[4], $this->unit);
}
case 4: case 4:
$this->minValue = self::convert($parts[3], $this->unit); if ($parts[3] !== '') {
$this->minValue = self::convert($parts[3], $this->unit);
}
case 3: case 3:
// TODO(#6123): Tresholds have the same UOM and need to be converted as well! // TODO(#6123): Tresholds have the same UOM and need to be converted as well!
$this->criticalThreshold = trim($parts[2]) ? trim($parts[2]) : null; $this->criticalThreshold = trim($parts[2]) ? trim($parts[2]) : null;

8
modules/monitoring/test/php/library/Monitoring/Plugin/PerfdataTest.php
View File

@ -347,6 +347,14 @@ class PerfdataTest extends BaseTestCase
Perfdata::fromString('test=25;;;50;100')->getPercentage(), Perfdata::fromString('test=25;;;50;100')->getPercentage(),
'Perfdata objects do return a percentage though their value is lower than it\'s allowed minimum' 'Perfdata objects do return a percentage though their value is lower than it\'s allowed minimum'
); );
$this->assertNull(
Perfdata::fromString('test=25;;;0;')->getPercentage(),
'Perfdata objects do not ignore empty max values when returning percentages'
);
$this->assertNull(
Perfdata::fromString('test=25;;;0;0')->getPercentage(),
'Perfdata objects do not ignore impossible min/max combinations when returning percentages'
);
} }
/** /**