Merge branch 'master' into feature/deduplicate-puppet-code-6842

2025-07-28 00:04:04 +02:00 · 2014-08-05 13:50:23 +02:00 · 2014-08-05 13:50:23 +02:00 · fe11ca4744
commit fe11ca4744
parent 82fa6e690f
10 changed files with 98 additions and 84 deletions
--- a/.vagrant-puppet/manifests/default.pp
+++ b/.vagrant-puppet/manifests/default.pp
@ -5,8 +5,12 @@ include openldap

 Exec { path => '/bin:/usr/bin:/sbin' }

-$icingaVersion = '1.11.2'
-$icinga2Version = '2.0.0'
+$icingaVersion = '1.11.5'
+$icinga2Version = '2.0.1'
+$pluginVersion = '2.0'
+$livestatusVersion = '1.2.4p5'
+$phantomjsVersion = '1.9.1'
+$casperjsVersion = '1.0.2'

 mysql::database { 'icinga':
  username => 'icinga',
@ -201,8 +205,8 @@ exec { 'icinga-htpasswd':
 }

 cmmi { 'icinga-plugins':
-  url     => 'https://www.monitoring-plugins.org/download/nagios-plugins-1.5.tar.gz',
-  output  => 'nagios-plugins-1.5.tar.gz',
+  url     => "https://www.monitoring-plugins.org/download/monitoring-plugins-${pluginVersion}.tar.gz",
+  output  => "monitoring-plugins-${pluginVersion}.tar.gz",
  flags   => '--prefix=/usr/lib64/nagios/plugins \
              --with-nagios-user=icinga --with-nagios-group=icinga \
              --with-cgiurl=/icinga-mysql/cgi-bin',
@ -212,8 +216,8 @@ cmmi { 'icinga-plugins':
 }

 cmmi { 'mk-livestatus':
-  url     => 'http://mathias-kettner.de/download/mk-livestatus-1.2.2p1.tar.gz',
-  output  => 'mk-livestatus-1.2.2p1.tar.gz',
+  url     => "http://mathias-kettner.de/download/mk-livestatus-${livestatusVersion}.tar.gz",
+  output  => "mk-livestatus-${livestatusVersion}.tar.gz",
  flags   => '--prefix=/usr/local/icinga-mysql --exec-prefix=/usr/local/icinga-mysql',
  creates => '/usr/local/icinga-mysql/lib/mk-livestatus',
  make    => 'make && make install',
@ -256,14 +260,14 @@ exec { 'populate-openldap':
 }

 class { 'phantomjs':
-  url     => 'https://phantomjs.googlecode.com/files/phantomjs-1.9.1-linux-x86_64.tar.bz2',
-  output  => 'phantomjs-1.9.1-linux-x86_64.tar.bz2',
+  url     => "https://phantomjs.googlecode.com/files/phantomjs-${phantomjsVersion}-linux-x86_64.tar.bz2",
+  output  => "phantomjs-${phantomjsVersion}-linux-x86_64.tar.bz2",
  creates => '/usr/local/phantomjs'
 }

 class { 'casperjs':
-  url     => 'https://github.com/n1k0/casperjs/tarball/1.0.2',
-  output  => 'casperjs-1.0.2.tar.gz',
+  url     => "https://github.com/n1k0/casperjs/tarball/${casperjsVersion}",
+  output  => "casperjs-${casperjsVersion}.tar.gz",
  creates => '/usr/local/casperjs'
 }

--- a/application/controllers/AuthenticationController.php
+++ b/application/controllers/AuthenticationController.php
@ -14,6 +14,7 @@ use Icinga\Exception\AuthenticationException;
 use Icinga\Exception\NotReadableError;
 use Icinga\Exception\ConfigurationError;
 use Icinga\User;
+use Icinga\Web\Session;
 use Icinga\Web\Url;

 /**
@ -131,9 +132,10 @@ class AuthenticationController extends ActionController
    public function logoutAction()
    {
        $auth = $this->Auth();
+        $isRemoteUser = $auth->getUser()->isRemoteUser();
        $auth->removeAuthorization();

-        if ($auth->isAuthenticatedFromRemoteUser()) {
+        if ($isRemoteUser === true) {
            $this->_helper->layout->setLayout('login');
            $this->_response->setHttpResponseCode(401);
        } else {
--- a/application/views/scripts/authentication/logout.phtml
+++ b/application/views/scripts/authentication/logout.phtml
@ -7,10 +7,7 @@
    in every further request until the browser was closed. To allow logout and to allow the user to change the
    logged-in user this JavaScript provides a workaround to force a new authentication prompt in most browsers.
 -->
-
-<div class="row">
-  <br/>
-  <div class="md-offset-3 col-md-6 col-sm-6 col-sm-offset-3">
+<div class="content">
    <div class="alert alert-warning" id="logout-status">
        <b> <?= t('Logging out...'); ?> </b> <br />
        <?= t(
@ -19,37 +16,19 @@
            'browser session.'
        ); ?>
    </div>
-  </div>
-</div>

-<div class="row">
-  <div class="col-md-4 col-md-offset-4 col-sm-6 col-sm-offset-3">
    <div class="container" >
-        <a class="button btn btn-cta form-control input-sm" href="<?= $this->href('dashboard/index'); ?>"> <?= t('Login'); ?></a>
+        <a href="<?= $this->href('dashboard/index'); ?>"> <?= t('Login'); ?></a>
    </div>
-  </div>
 </div>
-
 <script type="text/javascript">
-
    /**
     * When JavaScript is available, trigger an XmlHTTPRequest with the non-existing user 'logout' and abort it
     * before it is able to finish. This will cause the browser to show a new authentication prompt in the next
     * request.
     */
-    window.onload = function () {
-        function getXMLHttpRequest() {
-            var xmlhttp = null;
-            try {
-                if (window.XMLHttpRequest) {
-                    xmlhttp = new XMLHttpRequest();
-                } else if (window.ActiveXObject) {
-                    xmlhttp = new ActiveXObject('Microsoft.XMLHTTP');
-                }
-            } catch (e) {}
-            return xmlhttp;
-        }
-        var msg = document.getElementById('logout-status');
+    $(document).ready(function() {
+        msg = $('#logout-status');
        try {
            if (navigator.userAgent.toLowerCase().indexOf('msie') !== -1) {
                document.execCommand('ClearAuthenticationCache');
@ -60,13 +39,9 @@
                xhttp.abort();
            }
        } catch (e) {
-            msg.innerHTML = '<?= t(
-                'Logout not possible, it may be necessary to quit the session manually ' .
-                'by clearing the cache, or closing the current browser session. Error: '
-            );?>' + ': ' + e.getMessage() ;
-            msg.setAttribute('class', 'alert alert-danger');
        }
-        msg.innerHTML = '<?= t('Logout successful!'); ?>';
-        msg.setAttribute('class', 'alert alert-success');
-    };
+        msg.html('<?= t('Logout successful!'); ?>');
+        msg.removeClass();
+        msg.addClass('alert alert-success');
+    });
 </script>
--- a/library/Icinga/Authentication/Backend/AutoLoginBackend.php
+++ b/library/Icinga/Authentication/Backend/AutoLoginBackend.php
@ -53,6 +53,7 @@ class AutoLoginBackend extends UserBackend
    {
        if (isset($_SERVER['REMOTE_USER'])) {
            $username = $_SERVER['REMOTE_USER'];
+            $user->setRemoteUserInformation($username, 'REMOTE_USER');
            if ($this->stripUsernameRegexp !== null) {
                $stripped = preg_replace($this->stripUsernameRegexp, '', $username);
                if ($stripped !== false) {
--- a/library/Icinga/Authentication/Manager.php
+++ b/library/Icinga/Authentication/Manager.php
@ -30,12 +30,6 @@ class Manager
     */
    private $user;

-    /**
-     * If the user was authenticated from the REMOTE_USER server variable
-     *
-     * @var Boolean
-     */
-    private $fromRemoteUser = false;

    private function __construct()
    {
@ -117,6 +111,13 @@ class Manager
    public function authenticateFromSession()
    {
        $this->user = Session::getSession()->get('user');
+
+        if ($this->user !== null && $this->user->isRemoteUser() === true) {
+            list($originUsername, $field) = $this->user->getRemoteUserInformation();
+            if (array_key_exists($field, $_SERVER) && $_SERVER[$field] !== $originUsername) {
+                $this->removeAuthorization();
+            }
+        }
    }

    /**
@ -204,35 +205,4 @@ class Manager
    {
        return $this->user->getGroups();
    }
-
-    /**
-     * Tries to authenticate the user from the session, and then from the REMOTE_USER superglobal, that can be set by
-     * an external authentication provider.
-     */
-    public function authenticateFromRemoteUser()
-    {
-        if (array_key_exists('REMOTE_USER', $_SERVER)) {
-            $this->fromRemoteUser = true;
-        }
-        $this->authenticateFromSession();
-        if ($this->user !== null) {
-            if (array_key_exists('REMOTE_USER', $_SERVER) && $this->user->getUsername() !== $_SERVER["REMOTE_USER"]) {
-                // Remote user has changed, clear all sessions
-                $this->removeAuthorization();
-            }
-            return;
-        }
-        if (array_key_exists('REMOTE_USER', $_SERVER) && $_SERVER["REMOTE_USER"]) {
-            $this->user = new User($_SERVER["REMOTE_USER"]);
-            $this->persistCurrentUser();
-        }
-    }
-
-    /**
-     * If the session was established from the REMOTE_USER server variable.
-     */
-    public function isAuthenticatedFromRemoteUser()
-    {
-        return $this->fromRemoteUser;
-    }
 }
--- a/library/Icinga/User.php
+++ b/library/Icinga/User.php
@ -58,6 +58,18 @@ class User
     */
    protected $additionalInformation = array();

+    /**
+     * Information if the user is external authenticated
+     *
+     * Keys:
+     *
+     * 0: origin username
+     * 1: origin field name
+     *
+     * @var array
+     */
+    protected $remoteUserInformation = array();
+
    /**
     * Set of permissions
     *
@ -401,4 +413,35 @@ class User
    {
        $this->messages = null;
    }
+
+    /**
+     * Set additional remote user information
+     *
+     * @param stirng    $username
+     * @param string    $field
+     */
+    public function setRemoteUserInformation($username, $field)
+    {
+        $this->remoteUserInformation = array($username, $field);
+    }
+
+    /**
+     * Get additional remote user information
+     *
+     * @return array
+     */
+    public function getRemoteUserInformation()
+    {
+        return $this->remoteUserInformation;
+    }
+
+    /**
+     * Return true if user has remote user information set
+     *
+     * @return bool
+     */
+    public function isRemoteUser()
+    {
+        return (count($this->remoteUserInformation)) ? true : false;
+    }
 }
--- a/library/Icinga/Web/Controller/ActionController.php
+++ b/library/Icinga/Web/Controller/ActionController.php
@ -362,6 +362,8 @@ class ActionController extends Zend_Controller_Action
                'X-Icinga-Title',
                rawurlencode($this->view->title . ' :: Icinga Web')
            );
+        } else {
+            $resp->setHeader('X-Icinga-Title', rawurlencode('Icinga Web'));
        }

        if ($this->rerenderLayout) {
--- a/modules/monitoring/application/clicommands/ListCommand.php
+++ b/modules/monitoring/application/clicommands/ListCommand.php
@ -72,6 +72,7 @@ class ListCommand extends Command

    protected function showFormatted($query, $format, $columns)
    {
+        $query = $query->getQuery();
        switch($format) {
            case 'json':
                echo json_encode($query->fetchAll());
@ -155,7 +156,7 @@ class ListCommand extends Command
            'service_perfdata',
            'service_last_state_change'
        );
-        $query = $this->getQuery('status', $columns)
+        $query = $this->getQuery('serviceStatus', $columns)
            ->order('host_name');
        echo $this->renderStatusQuery($query);
    }
@ -167,6 +168,7 @@ class ListCommand extends Command
        $screen = $this->screen;
        $utils = new CliUtils($screen);
        $maxCols = $screen->getColumns();
+        $query = $query->getQuery();
        $rows = $query->fetchAll();
        $count = $query->count();
        $count = count($rows);
--- a/modules/monitoring/library/Monitoring/Plugin/Perfdata.php
+++ b/modules/monitoring/library/Monitoring/Plugin/Perfdata.php
@ -190,6 +190,9 @@ class Perfdata

        if ($this->maxValue !== null) {
            $minValue = $this->minValue !== null ? $this->minValue : 0;
+            if ($this->maxValue - $minValue === 0.0) {
+                return null;
+            }

            if ($this->value > $minValue) {
                return (($this->value - $minValue) / ($this->maxValue - $minValue)) * 100;
@ -267,9 +270,13 @@ class Perfdata
        switch (count($parts))
        {
            case 5:
-                $this->maxValue = self::convert($parts[4], $this->unit);
+                if ($parts[4] !== '') {
+                    $this->maxValue = self::convert($parts[4], $this->unit);
+                }
            case 4:
-                $this->minValue = self::convert($parts[3], $this->unit);
+                if ($parts[3] !== '') {
+                    $this->minValue = self::convert($parts[3], $this->unit);
+                }
            case 3:
                // TODO(#6123): Tresholds have the same UOM and need to be converted as well!
                $this->criticalThreshold = trim($parts[2]) ? trim($parts[2]) : null;
--- a/modules/monitoring/test/php/library/Monitoring/Plugin/PerfdataTest.php
+++ b/modules/monitoring/test/php/library/Monitoring/Plugin/PerfdataTest.php
@ -347,6 +347,14 @@ class PerfdataTest extends BaseTestCase
            Perfdata::fromString('test=25;;;50;100')->getPercentage(),
            'Perfdata objects do return a percentage though their value is lower than it\'s allowed minimum'
        );
+        $this->assertNull(
+            Perfdata::fromString('test=25;;;0;')->getPercentage(),
+            'Perfdata objects do not ignore empty max values when returning percentages'
+        );
+        $this->assertNull(
+            Perfdata::fromString('test=25;;;0;0')->getPercentage(),
+            'Perfdata objects do not ignore impossible min/max combinations when returning percentages'
+        );
    }

    /**