tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,597 Commits 121 Branches 71 Tags 80 MiB
Commit Graph

421 Commits

Author SHA1 Message Date
Alexander A. Klimov ab01d2f915 ExternalBackend: don't reference more than necessary from the config 
refs #12164
 2016-10-18 10:17:21 +02:00
Alexander A. Klimov ce951295d3 ExternalBackend: make the variable a webserver assigns a username to configurable 
refs #12164
 2016-10-17 18:46:00 +02:00
Alexander A. Klimov 29c221418b External authentication: respect REDIRECT_REMOTE_USER as well 
refs #12164
 2016-10-17 16:19:26 +02:00
Eric Lippmann e62d94209f Allow users to change their password if backend is db 
refs #10616
 2016-07-21 17:38:19 +02:00
Eric Lippmann 99d08bf03b Get remote user from $_SERVER if env does not have it in external auth 
refs #11391
 2016-04-11 14:09:04 +02:00
Eric Lippmann 2ac54d7c3e lib: Add ExternalBackend::getRemoteUser() 
If the user is authenticated via the web server, this method should be used to retrieve the user because
it supports both reading the user from the environment or from the $_SERVER variable as fallback.

refs #11391
 2016-04-11 14:01:36 +02:00
Eric Lippmann c803ec64c5 lib: Move getters before setters in ExternalBackend 2016-04-11 10:57:01 +02:00
Eric Lippmann e0781cf8b5 Fix PHPDoc of AdmissionLoader::applyRoles() 
refs #10887
 2016-03-29 11:26:00 +02:00
Eric Lippmann 5b5978787b Move permission and restriction initialization in AdmissionLoader 
refs #10887
 2016-03-29 11:25:55 +02:00
Eric Lippmann 32c6a03000 Remove Role::addPermission() 
Method is not used.

refs #10887
 2016-03-29 11:25:53 +02:00
Eric Lippmann 123488cfc0 Remove Role::addRestriction() 
Method is not used.

refs #10887
 2016-03-29 11:25:51 +02:00
Eric Lippmann 08b70267cd Move setters after getter in Role.php 
refs #10887
 2016-03-29 11:25:47 +02:00
Alexander A. Klimov df0d3aaf1e AdmissionLoader: set the roles of the user 
refs #10887
 2016-03-24 16:24:24 +01:00
Alexander A. Klimov 57ce39834d Role: implement setPermissions() and setRestrictions() 
refs #10887
 2016-03-24 16:11:31 +01:00
Eric Lippmann f1f4cdc3cb lib: Use AdmissionLoader::applyRoles() in Auth 
refs #10887
 2016-03-24 15:30:30 +01:00
Eric Lippmann 6ec1878977 lib: Add Authentication/Role 
refs #10887
 2016-03-24 15:29:39 +01:00
Eric Lippmann 2699d2c9ed lib: Rename AdmissionLoader::applyPerm... to applyRoles() 
refs #10887
 2016-03-24 15:28:21 +01:00
Markus Frosch 929f45deea Fix session resume for external auths 
When REMOTE_USER is not available from _SERVER (PHP internal webserver)

fixes #11277
 2016-03-02 17:39:05 +01:00
Eric Lippmann 9d5e21e71e Remove IniUserGroupBackend.php 
Does not conform to its interface anymore and is not in use.
 2016-02-26 10:32:13 +01:00
Alexander A. Klimov c78a7912e7 Fix parse error in Auth.php 2016-02-15 14:50:33 +01:00
Alexander A. Klimov 74b4c344d6 Shorten check for empty auth header 
refs #11151
 2016-02-15 14:22:36 +01:00
Alexander A. Klimov 8a4f15d32c Don't redirect unauthenticated API requests to the login page 
refs #11151
 2016-02-15 13:36:29 +01:00
Alexander A. Klimov a464e74aa4 Allow basic auth for API requests only 
refs #11151
 2016-02-15 10:53:32 +01:00
Alexander A. Klimov dc9cfc1c81 Call getRequest() only once in Auth::authHttp() 
refs #11151
 2016-02-15 10:44:33 +01:00
Alexander A. Klimov 4c97fb7d01 Don't request basic auth if auth scheme isn't basic 
fixes #10506
 2016-02-15 10:39:18 +01:00
Alexander A. Klimov 32876ca8ae LdapUserGroupBackend: respect config option group_filter 
refs #11142
 2016-02-11 15:49:28 +01:00
Alexander A. Klimov 474803fee4 Change all license headers to only reflect a file's year of creation 
refs #11000
 2016-02-08 15:41:00 +01:00
Eric Lippmann 7fd575080e PHP7: Rename String to StringHelper 
refs #10251
 2016-01-27 16:46:55 +01:00
Eric Lippmann 9968fb9011 Reload CSS after login because the user may have a different theme (WIP) 
This is just a quick fix.

refs #10957
 2016-01-18 12:56:02 +01:00
Alexander A. Klimov fc8873ec0a Use getenv() instead of $_SERVER to get REMOTE_USER 
refs #10488
 2015-12-18 13:46:34 +01:00
Johannes Meyer 916c417666 LdapUserGroupBackend: Avoid inspecting a group with no members 
fixes #10659
 2015-11-24 09:45:49 +01:00
Eric Lippmann 0cc54ce34b Refresh session every 10 minutes 
Quick and dirty fix.

fixes #10229
 2015-11-16 14:19:33 +01:00
Johannes Meyer d2cc854a61 LdapUserBackend: Set a query's base DN when a table gets required 
This ensures that the query receives the correct base DN even if the table
gets adjusted by calling from() subsequently.

refs #10567
 2015-11-11 12:55:17 +01:00
Johannes Meyer 8bf4e8d217 LdapUserGroupBackend: Set a query's base DN when a table gets required 
This ensures that the query receives the correct base DN even if the table
gets adjusted by calling from() subsequently.

refs #10567
 2015-11-11 12:54:49 +01:00
Johannes Meyer 2917f352b5 Merge branch 'master' into bugfix/unreliable-attribute-ambiguity-check-10567 
Conflicts:
	library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php
	library/Icinga/Protocol/Ldap/LdapConnection.php
 2015-11-11 11:53:19 +01:00
Johannes Meyer 453aa864cc LdapUserGroupBackend: Set the appropriate base dn when resolving dns 
refs #10567
 2015-11-11 11:38:32 +01:00
Johannes Meyer 72f3ba1161 LdapUserGroupBackend: Offer "user_name" as filter column instead of "user" 
refs #10370
 2015-11-10 11:52:06 +01:00
Johannes Meyer d56056bba7 LdapUserGroupBackend: Utilize $virtualTables 2015-11-10 09:56:58 +01:00
Johannes Meyer 505f5902c7 LdapUserBackend: Utilize $virtualTables 2015-11-10 09:56:27 +01:00
Johannes Meyer c416216822 LdapUserGroupBackend: Fix typo in method requireTable() 
refs #10370
 2015-11-09 16:00:55 +01:00
Johannes Meyer ffcc2ed56b LdapUserGroupBackend: Fix exception when searching for single chars 
refs #10370
 2015-11-09 16:00:24 +01:00
Johannes Meyer 9b826e6e5f Drop class Ldap\Expression and introduce LdapQuery::$nativeFilter 
I'm about to add support for our Data\Filter implementation, since it cannot
parse native LDAP filters and a user may have configured such, we need to
differentiate the two types of filter.

refs #10370
 2015-11-09 13:04:02 +01:00
Johannes Meyer cfb26e22b3 LdapUserGroupBackend: Dynamically verify member attribute ambiguity 
refs #10567
 2015-11-09 11:41:11 +01:00
Johannes Meyer 99719bec7d Merge branch 'master' into bugfix/broken-user-and-group-management-10367 
Conflicts:
	library/Icinga/Authentication/User/LdapUserBackend.php
	library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php
 2015-10-29 08:52:07 +01:00
Johannes Meyer 36340aafa6 Repository: Ensure that we'll internally only work with virtual table names 
refs #10367
 2015-10-27 13:31:47 +01:00
Johannes Meyer 0b9a141591 LdapUserGroupBackend: Use the group_base_dn as user_base_dn.. 
..if neither the config nor the defaults provide a value.

refs #10402
 2015-10-20 11:28:18 +02:00
Markus Frosch 33956e02f8 Fix collection of user_base_dn from the UserBackend 
Currently the group_base_dn is used, unless a user_base_dn is configured in the group backend.

refs #10402
 2015-10-20 10:02:42 +02:00
Johannes Meyer 878bd78587 LdapUserBackend: Unfold the user_name_attribute automatically 
This is.. the currently easiest solution. As long as attribute unfolding
is not very performance intensive this solution suffices.

refs #10367
refs #10332
 2015-10-16 17:25:42 +02:00
Johannes Meyer 8ed489c637 LdapUserGroupBackend: Add method persistUserName() 
refs #10367
refs #10370
 2015-10-16 15:28:44 +02:00
Johannes Meyer 58fc87b2e5 Repository: Ensure that we'll internally only work with virtual table names 
refs #10367
 2015-10-16 14:46:44 +02:00
Johannes Meyer 1b7dc1098c DbUserGroupBackend: Use LEFT JOIN to join the group_membership table 
Fixes the issue that groups are not found if they do not have any members
even though they meet the where clause
 2015-10-16 13:10:39 +02:00
Johannes Meyer 7ef76932d4 DbRepository: Validate the table when inserting, updating and deleting 2015-10-16 12:36:47 +02:00
Johannes Meyer 33037eebbb Revert "Fix group base DN is erroneously used in place of user base DN" 
This reverts commit ac7546d9f2.
 2015-10-16 10:08:14 +02:00
Johannes Meyer 34bf0c3cb0 Add method getUserBackendName() to UserGroupBackendInterface 
refs #10367
refs #10373
 2015-10-15 15:28:03 +02:00
Eric Lippmann 331822ad15 Merge pull request #47 from anenviousguest/master 2015-10-15 12:53:10 +02:00
Vladislav Ponomarev ac7546d9f2 Fix group base DN is erroneously used in place of user base DN 
refs #10340
refs #10367

Signed-off-by: Eric Lippmann <eric.lippmann@netways.de>
 2015-10-15 12:52:17 +02:00
Johannes Meyer d6432cd881 LdapUserGroupBackend: Fix invalid query column initialization, again 
I've mistakenly reverted a change from Aaron Collins that would have
prevented this issue from occuring.

fixes #10318
 2015-10-09 03:53:22 +02:00
Johannes Meyer 8358f82885 LdapUserGroupBackend: Do not consider every "member" as a "user" 
Not all members of a group are actual user objects. I would have liked to
actually only show real users, but this is currently not possible.

refs #9772
 2015-09-29 11:29:05 +02:00
Johannes Meyer d33b1954aa LdapUserGroupBackend: Fetch the uid for a member's DN 
refs #9772
 2015-09-29 09:48:57 +02:00
Johannes Meyer ef1a81897b LdapUserGroupBackend: Automatically unfold the user_name attribute 
refs #9772
 2015-09-29 09:48:22 +02:00
Johannes Meyer b7ddb6e4c2 LdapUserGroupBackend: Register the user backend for later use 
refs #9772
 2015-09-29 09:44:01 +02:00
Johannes Meyer e7e3520375 LdapUserGroupBackend: Fix method getMemberships() 
refs #9950
 2015-09-28 10:57:17 +02:00
Johannes Meyer e5f2174c1e LdapUserGroupBackend: Restore method requireTable() 
refs #9950
 2015-09-25 16:24:16 +02:00
Johannes Meyer fe9ee48d65 LdapUserGroupBackend: Fix incorrect table name initialization 
refs #9950
 2015-09-25 16:23:13 +02:00
Johannes Meyer b19ecbfb43 LdapUserGroupBackend: Remove the remaining code duplicates 
refs #9950
refs #9772
 2015-09-25 16:21:33 +02:00
Aaron Collins 23631c8f39 changed order of posix check 
refs #9950

Signed-off-by: Eric Lippmann <eric.lippmann@netways.de>
 2015-09-25 14:35:08 +02:00
Aaron Collins 73715c94b1 Fixes for ldap group auth 
The current LdapUserGroupBackend was incomplete and suffered from a little over zealous copy pasta.  It had over written certain functions that where unnecessary such as the constructor and a table validator.  This patch aims to clean those up.  Additionally it also makes this group auth work with posixGroup that use the username as the member identifier and not just inetGroups that use the full dn

refs #9950

Signed-off-by: Eric Lippmann <eric.lippmann@netways.de>
 2015-09-25 14:34:33 +02:00
Matthias Jentsch b69311165c Conform to coding guidelines 2015-09-22 14:53:29 +02:00
Matthias Jentsch 42fb1a174b Do not crash when ldap_dn is defined in additional variables 
refs #9950
 2015-09-22 14:08:15 +02:00
Matthias Jentsch 46f2f71c57 Improve logging of membership queries 
refs #9950
 2015-09-22 13:02:08 +02:00
Matthias Jentsch 84554d245d Conform to coding guidelines 
refs #9950
 2015-09-22 12:51:00 +02:00
Jo Rhett f3df1f228d Fix for support issue 9950, do lookups properly on posixGroup group classes 2015-09-18 13:37:04 -07:00
Alexander A. Klimov 17e8f01d24 Use the DN to fetch group memberships from LDAP 
fixes #9901
 2015-09-18 15:34:12 +02:00
Russell Kubik 056ab0c96c Fix that DbUserBackend::inspect() reports 0 users when only one exists 
refs #9739

Signed-off-by: Eric Lippmann <eric.lippmann@netways.de>
 2015-09-01 23:08:24 +02:00
Eric Lippmann d2a4b880b1 Revert "Accept DbUserBackends with only one single user" 
This reverts commit c8d065b3e0.

There's a PR on GitHub open that was contributed earlier than this fix. Thus giving credit to the PR's author.

refs #9739
 2015-09-01 23:05:34 +02:00
Johannes Meyer 1e6c394693 Controller: Create the filter editor in setupFilterControl() ... 
...instead of demanding a concrete controller to do so.
We still have to decide how to handle parameter preservation
properly.

refs #9029
 2015-08-13 17:05:13 +02:00
Johannes Meyer 4b6849eea7 Repository: Introduce query column blacklists 
We can no longer use $filterColumns to blacklist query columns so
there is now another set of column names required to achieve this.

refs #9029
 2015-08-13 14:06:27 +02:00
Johannes Meyer 316a4d8b82 Merge branch 'master' into bugfix/allow-to-configure-how-to-manage-groups-9609 2015-07-30 16:16:04 +02:00
Eric Lippmann a234852f32 Merge branch 'feature/basic-auth-9660' 
resolves #9660
 2015-07-30 15:05:07 +02:00
Eric Lippmann feed927fd2 Let external auth win over session auth and session auth over http auth 
refs #9660
 2015-07-30 14:50:05 +02:00
Eric Lippmann 55ad2dd65f Don't fail if password contains a colon on basic auth 
refs #9660
 2015-07-30 13:59:47 +02:00
Eric Lippmann c594d6db33 Challenge client on invalid basic access auth credentials 
refs #9660
 2015-07-30 13:59:18 +02:00
Eric Lippmann 3aae37aff3 Don't redirect on external auth 
refs #9660
 2015-07-30 12:02:42 +02:00
Eric Lippmann 36ff2d8914 lib: Set User::$isHttpUser in Auth 
refs #9660
 2015-07-30 09:32:24 +02:00
Eric Lippmann cf8c680482 lib: Add basic access authentication (WIP) 
refs #9660
 2015-07-29 17:22:55 +02:00
Johannes Meyer fb7666e6bd LdapUserGroupBackend: Adjust usage of LdapCapabilities::hasAdOid() 
Usage search ftw..
 2015-07-29 16:26:39 +02:00
Eric Lippmann c3a057dbdb lib: Add AuthChain::setSkipExternalBackends() in favor of setIteratorMode() 
There's only one mode.

refs #9660
 2015-07-29 16:18:30 +02:00
Eric Lippmann 3ca85f9daa lib: Add Auth::getRequest() 
Basic auth will require the request.

refs #9660
 2015-07-29 15:56:45 +02:00
Eric Lippmann 96e3111f58 lib: Reorder functions in Auth 
refs #9660
 2015-07-29 15:52:56 +02:00
Eric Lippmann 37ef87b9ab lib: Fix PHPDoc in ExternalBackend 
refs #9660
 2015-07-29 15:46:40 +02:00
Eric Lippmann 1b5c5deace lib: Rename remote user to external user 
We renamed our backend. Code now reflects this.

refs #9660
 2015-07-29 15:44:32 +02:00
Johannes Meyer 3f7081296b Merge branch 'master' into bugfix/allow-to-configure-how-to-manage-groups-9609 2015-07-29 15:02:20 +02:00
Eric Lippmann ae4b7144cd lib: Implement Auth::getAuthChain() 
Saves one use statement for auth chain usages.

refs #9660
 2015-07-29 14:14:19 +02:00
Eric Lippmann 745e30259d lib: Implement AuthChain::authenticate() 
Right now the LoginController has all the authentication which is kind of a mess. Further, the upcoming basic access authentication has to reuse this code.
Thus AuthChain::authenticate() is introduced to handle both cases.

refs #9660
 2015-07-29 14:11:54 +02:00
Johannes Meyer 13edbf901d UserBackend: Implement interface ConfigAwareFactory 
refs #9609
 2015-07-29 13:44:26 +02:00
Johannes Meyer 83aafe8cda Allow to discover LDAP connections in the wizard as well 
...
 2015-07-29 09:26:53 +02:00
Eric Lippmann 4d44a0625c lib: Move UserBackendInterface::authenticate() to new interface Authenticatable 
refs #9660
 2015-07-29 09:25:14 +02:00
Eric Lippmann 2a4e614b5e Fix code style in AuthChain 
refs #9660
 2015-07-28 19:55:26 +02:00
Eric Lippmann 07849e0fea lib: Rename Authentication/Manager to Authentication/Auth 
refs #9660
 2015-07-28 17:08:55 +02:00
Matthias Jentsch c8d065b3e0 Accept DbUserBackends with only one single user 
fixes #9739
 2015-07-28 12:41:08 +02:00