Johannes Meyer
124f64ad89
Merge branch 'master' into bugfix/drop-zend-config-7147
2014-11-07 14:07:15 +01:00
Johannes Meyer
7b99b74ae1
Prefer Icinga\Application\Config instead of Zend_Config
...
refs #7147
2014-11-07 13:53:03 +01:00
Matthias Jentsch
d0706a55ea
Chain exceptions in LdapUserBackend instead of printing the message
2014-11-06 16:32:43 +01:00
Matthias Jentsch
f9fee2df70
Do not interrupt authentication chain on invalid ldap connection infos
...
Catch LdapExceptions and throw AuthenticationException to not interrupt authentication chain
fixes #7497
2014-11-04 12:35:41 +01:00
Eric Lippmann
16352fc10c
Move Logger to the Application namespace
...
fixes #7148
2014-10-31 10:27:17 +01:00
Eric Lippmann
f68c591a46
LDAP Auth: Make group loading really optional
...
fixes #7432
2014-10-23 03:50:03 +02:00
Eric Lippmann
424cee6b4a
Auth: Load user groups using the new user group backends
2014-10-20 13:43:40 +02:00
Eric Lippmann
aa56f3010c
lib: Add DbUserGroupBackend
2014-10-20 13:42:33 +02:00
Eric Lippmann
d170cf0c9d
lib: Replace Membership with IniUserGroupBackend
2014-10-20 13:42:15 +02:00
Eric Lippmann
d1228deef2
lib: Add UserGroupBackend as base class and factory for user group backends
2014-10-20 13:41:33 +02:00
Eric Lippmann
cee261bf7e
Use lowercase username and user groups for loading user permissions and restrictions
2014-10-20 13:36:37 +02:00
Alexander Fuhr
421263af00
Make LDAP Groups optional
...
refs #7343
2014-10-06 13:35:17 +02:00
Alexander Fuhr
017d4b8c9d
Introduce Groups from LDAP to User Object
2014-10-01 16:03:42 +02:00
Eric Lippmann
74bd9b319d
restrictions: Include restriction's section name in user restrictions
2014-10-01 14:08:21 +02:00
Eric Lippmann
084691570e
permissions: Use a comma-separated list as config instead of the `permission_*' directives
...
Permissions are now set using a comma-separated list of permissions using the `permissions' config because
the `users' and `groups' are comma-separated lists too.
2014-10-01 08:14:03 +02:00
Eric Lippmann
f1d3b72f05
autologin: Fix externally-authenticated users still being authenticated after external authentication is disabled
...
The if condition for revoking authentication if the username changed relied on having the `$_SERVER' variable set which was used for authentication.
Authentication is now revoked if the username changed or external authentication is no longer in effect.
refs #6462
2014-09-18 15:20:46 +02:00
Eric Lippmann
794910256a
Use User::can()' in
hasPermission()' of the authentication manager
2014-09-18 14:57:24 +02:00
Alexander Klimov
45638b218c
Throw IcingaException rather than Exception
...
fixes #7014
2014-08-27 16:03:15 +02:00
Alexander Klimov
9c5878cbbe
ConfigurationError: extend IcingaException
...
refs #6931
2014-08-22 11:46:11 +02:00
Alexander Klimov
b764993091
AuthenticationException: extend IcingaException
...
refs #6931
2014-08-22 10:59:52 +02:00
Marius Hein
56a29354d3
AutoLogin: Check the remote username against logged in user
...
fixes #6462
2014-07-30 12:54:08 +02:00
Marius Hein
e2c761a7aa
AutoLogin/Logout: Remove own session namespace
...
Store data in the user and implement interface to left
backends store remote information.
fixes #6461
2014-07-30 12:35:55 +02:00
Eric Lippmann
294728ac47
Revert "Autologin: Test logged session against remote user"
...
This reverts commit 64954e99244f26cc6b6dccc7d60a253c105bd550.
If the strip_username_regex is configured on the autologin backend and applies on a user's name,
the authenticated user's username does never match the REMOTE_USER server variable.
Thus the application will logout/login on every request which results in a redirect loop.
refs #6462
2014-07-29 17:50:44 +02:00
Marius Hein
64954e9924
Autologin: Test logged session against remote user
...
fixes #6462
2014-07-29 12:06:43 +02:00
Marius Hein
8b9d446d2e
Autologin: Remove deprecated autologin methods
...
Remove methods from manager because autologin
is now handled with special backends (AutoLoginBackend).
The session is used to store the status about a remote
user authentication to send a 401 header to the client
upon logout.
refs #6461
2014-07-29 10:48:57 +02:00
Johannes Meyer
b40027b6c7
Purge session when logging out
...
fixes #6739
2014-07-16 09:55:22 +02:00
Johannes Meyer
19f05256a0
Only call session_start() when reading from session
...
fixes #6383
2014-07-16 09:55:22 +02:00
Johannes Meyer
3105c2059e
Remove license headers from all files
...
refs #6309
2014-07-15 13:43:52 +02:00
Matthias Jentsch
57f3023ec4
Fix coding style
2014-07-03 16:20:45 +02:00
Matthias Jentsch
c18b6f26f0
Throw Ldap\Exception when something goes wrong in a Ldap connection
2014-06-25 12:41:17 +02:00
Matthias Jentsch
77a9dd1e6e
Throw exception on fetchDN, when no row exists
...
Instead of fetchDN, authentication now uses hasUser to check if the user
exists before querying the password, to prevent the exception from messing
up the whole authentication process
2014-06-23 14:02:45 +02:00
Thomas Gelf
4bada86731
Authentication\Manager: fix fromRemoteUser boolean
...
This used to be always true in case an autologin backend was enabled.
We only have a REMOTE_USER if there is such.
2014-06-20 12:58:17 +02:00
Thomas Gelf
d2ccc68214
Merge remote-tracking branch 'origin/master' into feature/query-interfaces-6018
...
Conflicts:
modules/monitoring/application/controllers/ListController.php
2014-06-17 09:47:14 +00:00
Eric Lippmann
db73d324de
Autologin: Fix that the backend name must have been `autologin'
...
Before, the code validated the name of the backend instead of the `backend' directive against `autologin'.
2014-06-12 17:05:54 +02:00
Eric Lippmann
7d2ee41f42
Autologin: Fix PHPDoc
2014-06-11 15:46:59 +02:00
Eric Lippmann
992ccf4f6d
Autologin: Actually set the username upon authentication
...
Before, when using autologin the username of the authenticated user always was the empty string.
2014-06-11 15:46:59 +02:00
Eric Lippmann
65a2bd41bc
Autologin: Do not use absolute `use'
2014-06-11 15:46:58 +02:00
Eric Lippmann
7215ba4f59
Autologin: Do not require a bogus password in the source code
2014-06-11 15:46:58 +02:00
Eric Lippmann
63fc8eb27e
Autologin: Use REMOTE_USER for authentication
...
It's not safe to rely on PHP_AUTH_USER and PHP_AUTH_TYPE because
PHP cgi handlers (fgcid for example) only set the REMOTE_USER environment variable
and the authentication type for negogiation methods (Kerberos for example) is neither
Basic nor Digest.
We may have to add REDIRECT_REMOTE_USER for authentication for proxy setups.
2014-06-11 15:46:58 +02:00
Eric Lippmann
c09341d77e
Autologin: Do NOT sanitize username
...
I don't know the reason why this was done initially but a username must not be changed.
2014-06-11 15:46:58 +02:00
Matthias Jentsch
c42c7977be
Call extended backend health checks when creating ldap authentication backends
...
fixes #6457
2014-06-11 15:09:36 +02:00
Matthias Jentsch
6c82cb8988
Check ldap backend health during Authentication
...
Check if authentication is possible during authentication, to generate more
useful error and log messages, in case the backend configuration is wrong
ref #6457
2014-06-11 15:08:05 +02:00
Matthias Jentsch
bca166c644
Do not throw an exception when the username does not exist
...
refs #6457
2014-06-11 15:08:05 +02:00
Thomas Gelf
db3accc704
Data\Db: rename Query and Connection to Db...
...
Class names in namespaces should not be chosen as once we didn't have
such. The fact that we already did "use Db\Connection as DbConnection"
is the best hint that naming was wrong.
So this patch renames Db\Connection to Db\DbConnection and does the
same with DbQuery. DbQuery has been adjusted to fit our new SimpleQuery
and to handle the new Filter implementation.
2014-06-06 06:43:13 +00:00
Marius Hein
29f593a357
Authentication: Add backend to handle external authentication
...
Drop external auth configuration from config.ini and move
implementation into a single backend provider named
'autologin'. This provider can strip realm names from
username with a custom regexp.
fixes #6081
2014-06-03 17:59:22 +02:00
Eric Lippmann
cfcaf019bd
User backends: Throw exception when authentication fails due to an exception
...
refs #5685
2014-06-02 15:52:58 +02:00
Eric Lippmann
2274b6e11e
lib: Add phpdoc to class `AuthChain'
...
refs #5685
2014-06-02 15:46:15 +02:00
Johannes Meyer
bafa8cc032
Fix authentication error handling
2014-03-28 14:45:03 +01:00
Marius Hein
c92e1307f6
Fix: Database login
...
fixes #5706
2014-03-06 14:07:33 +01:00
Eric Lippmann
07d04628cf
Merge branch 'feature/installation-and-configuration-cleanup-5638'
...
Conflicts:
config/config.ini.in
library/Icinga/Application/ApplicationBootstrap.php
library/Icinga/Application/Cli.php
library/Icinga/Application/EmbeddedWeb.php
library/Icinga/Application/Logger.php
library/Icinga/Application/Modules/Manager.php
library/Icinga/Application/Web.php
library/Icinga/Authentication/Backend/DbUserBackend.php
library/Icinga/Authentication/Manager.php
library/Icinga/User/Preferences/IniStore.php
test/php/library/Icinga/Application/LoggerTest.php
2014-03-03 19:03:39 +01:00