tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-08-20 17:28:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,600 Commits 134 Branches 76 Tags
Commit Graph

449 Commits

Author SHA1 Message Date
Markus Frosch
f65759ace8 LdapUserGroupBackend: Base ambiguity decision based on isDN 
Problem was: When a DN did not contain the same base DN, the check failed

This happens when you have an entry referencing a DN of another domain.
(And this value is tested as a sample)
 2017-10-20 15:17:11 +02:00
Eric Lippmann
ab7fa9f925 Add domain part to user groups if the user group backend is reponsible for a domain 2017-07-31 09:03:40 +02:00
Eric Lippmann
b13c38b65b Auth/Groups: Prefer the domain from the LDAP/MSAD user backend 
If a LDAP/MSAD user group backend is linked w/ a user backend, the domain from the user backend is preferred over the domain configured for the user group backend.
 2017-07-11 17:09:24 +02:00
Eric Lippmann
4b11afe7d5 Remove unused method LdapUserBackend::setConfig() 2017-07-11 17:08:16 +02:00
Eric Lippmann
bd23d008ca Auth: Make sure to set the configured domain on LDAP/MSAD user backends 2017-07-11 17:02:32 +02:00
Eric Lippmann
cbde758fc6 Remove unused domain-aware auth related functions from UserBackend 
These functions made it into the master branch accidentally.
 2017-07-11 17:01:06 +02:00
Eric Lippmann
686d022987 Merge pull request #2863 from Icinga/feature/domain-support-for-authn-authz-2153 2017-06-21 13:16:36 +02:00
Eric Lippmann
cfbd5c500e Make LDAP user group backends domain-aware 
refs #2153
 2017-06-12 13:31:07 +02:00
Eric Lippmann
0cbec01743 Make auth via LDAP user backends domain-aware 
refs #2153
 2017-06-12 13:31:07 +02:00
Eric Lippmann
05288e9bea Add interface for user backends which are responsible for a specific domain 
refs #2153
 2017-06-12 13:31:07 +02:00
Eric Lippmann
41acffdc24 Login: set the default domain if necessary 
refs #2153
 2017-06-12 13:31:07 +02:00
Alexander A. Klimov
2b9e9bf2b3 User: split the username into localpart and domain (if given) 2017-06-12 13:31:07 +02:00
Alexander A. Klimov
f323310174 DbUserBackend: don't fail at validation if there aren't any active users 
refs #2598
 2017-02-24 15:29:05 +01:00
Johannes Meyer
181e2ef05c Swag: Fix swag (aka a whole bunch of code style issues..) 2017-01-27 14:48:59 +01:00
Michael Friedrich
08a82daea3 Update to icinga.com 
refs #2687
 2017-01-18 12:04:43 +01:00
Johannes Meyer
0716f87852 Update german translation 2016-12-13 13:57:27 +01:00
Alexander A. Klimov
648f088564 Conform to coding guidelines 
refs #12598
 2016-12-07 17:45:50 +01:00
Rune Darrud
59f1a70d5e Add support for nested AD groups resolved from the user 
This will make sure that nested groups also work with roles.

Signed-off-by: Alexander A. Klimov <alexander.klimov@icinga.com>

refs #12598
 2016-12-07 17:15:59 +01:00
Eric Lippmann
4eb61c2bcf Revert breaking change in Auth::isAuthenticated() 
refs #12580
fixes #13281
 2016-12-06 12:41:22 +01:00
Johannes Meyer
78be71bc92 Merge branch 'bugfix/evaluate-redirect_remote_user-12164' 
fixes #12164
 2016-11-21 08:53:35 +01:00
Eric Lippmann
f7e5cd3b71 Check the correct return type in case preg_replace fails in ExternalBackend.php 2016-11-16 14:10:31 +01:00
Johannes Meyer
3a816ce0f7 ExternalBackend: Don't throw an error if it's not possible to clean usernames 2016-11-16 12:04:46 +01:00
Johannes Meyer
0bd00ba3d0 ExternalBackend: Simplify how remote users are identified 
refs #12164
 2016-11-16 11:55:54 +01:00
Johannes Meyer
f7a8524dce DbUserGroupBackend: Group by group.id when joining group memberships 
Prevents duplicate results in case a group has multiple members.
 2016-11-11 09:19:59 +01:00
Eric Lippmann
2b060d9bd4 Challenge API requests only if the controller requires auth 
fixes #12580
 2016-11-07 10:40:38 +01:00
Alexander A. Klimov
d9330486e9 Replace ExternalBackend::getRemoteUserEnvvars() with an attribute 
refs #12164
 2016-11-04 17:27:36 +01:00
Alexander A. Klimov
d6ac6c8374 setup/AuthenticationPage: don't show the warning about external backend configuration if REDIRECT_REMOTE_USER is set 
refs #12164
 2016-10-18 15:19:13 +02:00
Alexander A. Klimov
4d6160d987 ExternalBackend::getRemoteUser(): restore previous default behavior 
refs #12164
 2016-10-18 10:22:06 +02:00
Alexander A. Klimov
ab01d2f915 ExternalBackend: don't reference more than necessary from the config 
refs #12164
 2016-10-18 10:17:21 +02:00
Alexander A. Klimov
ce951295d3 ExternalBackend: make the variable a webserver assigns a username to configurable 
refs #12164
 2016-10-17 18:46:00 +02:00
Alexander A. Klimov
29c221418b External authentication: respect REDIRECT_REMOTE_USER as well 
refs #12164
 2016-10-17 16:19:26 +02:00
Eric Lippmann
e62d94209f Allow users to change their password if backend is db 
refs #10616
 2016-07-21 17:38:19 +02:00
Eric Lippmann
99d08bf03b Get remote user from $_SERVER if env does not have it in external auth 
refs #11391
 2016-04-11 14:09:04 +02:00
Eric Lippmann
2ac54d7c3e lib: Add ExternalBackend::getRemoteUser() 
If the user is authenticated via the web server, this method should be used to retrieve the user because
it supports both reading the user from the environment or from the $_SERVER variable as fallback.

refs #11391
 2016-04-11 14:01:36 +02:00
Eric Lippmann
c803ec64c5 lib: Move getters before setters in ExternalBackend 2016-04-11 10:57:01 +02:00
Eric Lippmann
e0781cf8b5 Fix PHPDoc of AdmissionLoader::applyRoles() 
refs #10887
 2016-03-29 11:26:00 +02:00
Eric Lippmann
5b5978787b Move permission and restriction initialization in AdmissionLoader 
refs #10887
 2016-03-29 11:25:55 +02:00
Eric Lippmann
32c6a03000 Remove Role::addPermission() 
Method is not used.

refs #10887
 2016-03-29 11:25:53 +02:00
Eric Lippmann
123488cfc0 Remove Role::addRestriction() 
Method is not used.

refs #10887
 2016-03-29 11:25:51 +02:00
Eric Lippmann
08b70267cd Move setters after getter in Role.php 
refs #10887
 2016-03-29 11:25:47 +02:00
Alexander A. Klimov
df0d3aaf1e AdmissionLoader: set the roles of the user 
refs #10887
 2016-03-24 16:24:24 +01:00
Alexander A. Klimov
57ce39834d Role: implement setPermissions() and setRestrictions() 
refs #10887
 2016-03-24 16:11:31 +01:00
Eric Lippmann
f1f4cdc3cb lib: Use AdmissionLoader::applyRoles() in Auth 
refs #10887
 2016-03-24 15:30:30 +01:00
Eric Lippmann
6ec1878977 lib: Add Authentication/Role 
refs #10887
 2016-03-24 15:29:39 +01:00
Eric Lippmann
2699d2c9ed lib: Rename AdmissionLoader::applyPerm... to applyRoles() 
refs #10887
 2016-03-24 15:28:21 +01:00
Markus Frosch
929f45deea Fix session resume for external auths 
When REMOTE_USER is not available from _SERVER (PHP internal webserver)

fixes #11277
 2016-03-02 17:39:05 +01:00
Eric Lippmann
9d5e21e71e Remove IniUserGroupBackend.php 
Does not conform to its interface anymore and is not in use.
 2016-02-26 10:32:13 +01:00
Alexander A. Klimov
c78a7912e7 Fix parse error in Auth.php 2016-02-15 14:50:33 +01:00
Alexander A. Klimov
74b4c344d6 Shorten check for empty auth header 
refs #11151
 2016-02-15 14:22:36 +01:00
Alexander A. Klimov
8a4f15d32c Don't redirect unauthenticated API requests to the login page 
refs #11151
 2016-02-15 13:36:29 +01:00