Eric Lippmann
36ff2d8914
lib: Set User::$isHttpUser in Auth
...
refs #9660
2015-07-30 09:32:24 +02:00
Eric Lippmann
cf8c680482
lib: Add basic access authentication (WIP)
...
refs #9660
2015-07-29 17:22:55 +02:00
Johannes Meyer
fb7666e6bd
LdapUserGroupBackend: Adjust usage of LdapCapabilities::hasAdOid()
...
Usage search ftw..
2015-07-29 16:26:39 +02:00
Eric Lippmann
c3a057dbdb
lib: Add AuthChain::setSkipExternalBackends() in favor of setIteratorMode()
...
There's only one mode.
refs #9660
2015-07-29 16:18:30 +02:00
Eric Lippmann
3ca85f9daa
lib: Add Auth::getRequest()
...
Basic auth will require the request.
refs #9660
2015-07-29 15:56:45 +02:00
Eric Lippmann
96e3111f58
lib: Reorder functions in Auth
...
refs #9660
2015-07-29 15:52:56 +02:00
Eric Lippmann
37ef87b9ab
lib: Fix PHPDoc in ExternalBackend
...
refs #9660
2015-07-29 15:46:40 +02:00
Eric Lippmann
1b5c5deace
lib: Rename remote user to external user
...
We renamed our backend. Code now reflects this.
refs #9660
2015-07-29 15:44:32 +02:00
Johannes Meyer
3f7081296b
Merge branch 'master' into bugfix/allow-to-configure-how-to-manage-groups-9609
2015-07-29 15:02:20 +02:00
Eric Lippmann
ae4b7144cd
lib: Implement Auth::getAuthChain()
...
Saves one use statement for auth chain usages.
refs #9660
2015-07-29 14:14:19 +02:00
Eric Lippmann
745e30259d
lib: Implement AuthChain::authenticate()
...
Right now the LoginController has all the authentication which is kind of a mess. Further, the upcoming basic access authentication has to reuse this code.
Thus AuthChain::authenticate() is introduced to handle both cases.
refs #9660
2015-07-29 14:11:54 +02:00
Johannes Meyer
13edbf901d
UserBackend: Implement interface ConfigAwareFactory
...
refs #9609
2015-07-29 13:44:26 +02:00
Johannes Meyer
83aafe8cda
Allow to discover LDAP connections in the wizard as well
...
...
2015-07-29 09:26:53 +02:00
Eric Lippmann
4d44a0625c
lib: Move UserBackendInterface::authenticate() to new interface Authenticatable
...
refs #9660
2015-07-29 09:25:14 +02:00
Eric Lippmann
2a4e614b5e
Fix code style in AuthChain
...
refs #9660
2015-07-28 19:55:26 +02:00
Eric Lippmann
07849e0fea
lib: Rename Authentication/Manager to Authentication/Auth
...
refs #9660
2015-07-28 17:08:55 +02:00
Matthias Jentsch
c8d065b3e0
Accept DbUserBackends with only one single user
...
fixes #9739
2015-07-28 12:41:08 +02:00
Matthias Jentsch
5478027855
Bring back user count in ldap backend inspection
...
We already use count later in the wizard anyways.
refs #9630
2015-07-16 16:52:56 +02:00
Matthias Jentsch
e357960d1e
Add Inspection API to DB backend
...
refs #9641
2015-07-16 16:16:55 +02:00
Matthias Jentsch
ffe672c252
Improve message texts and scalabillity
...
Always start uppercase and don't use count() function until we've got a more scalable implementation in the LdapConnection.
refs #9630
2015-07-16 13:51:26 +02:00
Matthias Jentsch
6b8e5da76d
Move all assertion functions into the inspect functions
...
Reduce code duplication and add class Inspection
refs #9630
2015-07-16 12:21:11 +02:00
Matthias Jentsch
59c4f8d056
Use Inspection API in User Backend Form
...
refs #9630
2015-07-15 19:35:25 +02:00
Matthias Jentsch
3ddb8ca1bd
Add abillity to discover AD version and vendor name to discovery
...
refs #9605
2015-07-14 18:32:44 +02:00
Johannes Meyer
f5089dab1a
DbUserGroupBackend: Use is_numeric() instead of is_int()
...
Using MySQL fetchColumn() returns integers for id fields, using MariaDB
though, fetchColumn() returns strings..
fixes #9572
2015-07-07 14:07:55 +02:00
Johannes Meyer
066b3d9e28
ApplicationConfigForm: Make preference options be global options
...
refs #8709
2015-07-01 15:41:45 +02:00
Johannes Meyer
3dddee8b7d
Setup: Fix authentication backend validation
...
This is a ridiculous dirty fix. We'll definitely need to
improve how we create authentication backends...
fixes #9509
2015-06-25 14:36:51 +02:00
Johannes Meyer
3c47ef6826
Ldap\Exception: Rename to LdapException
...
refs #8954
2015-06-24 09:19:41 +02:00
Johannes Meyer
6d8c56a12f
Ldap\Connection: Return false if nothing is found for fetchRow()
...
This should behave like DbConnection::fetchRow().
refs #8954
2015-06-23 10:49:51 +02:00
Johannes Meyer
15220da645
Automatically strip unnecessary parentheses from custom ldap filters
...
fixes #9348
2015-06-23 10:32:45 +02:00
Johannes Meyer
5688f0cb85
Allow to configure user group backends of type LDAP
...
refs #7343
2015-06-05 14:53:29 +02:00
Johannes Meyer
cacd97fb46
LdapUserGroupBackend: Make default configuration providers public
...
I'd like to access these when preparing a config form.
refs #7343
2015-06-05 11:09:31 +02:00
Johannes Meyer
02d2ea682e
LdapUserGroupBackend: Do not permit to link different directories
...
I cannot think of a valid usecase right now. In case someone got one,
revert this commit and make use of the backend itself and not only
its configuration.
refs #7343
2015-06-05 10:51:54 +02:00
Johannes Meyer
0ab192cd1f
LdapUserGroupBackend: Allow to link a user backend
...
refs #7343
2015-06-05 10:41:47 +02:00
Johannes Meyer
127489ca20
UserBackend: Allow to only pass a backend's name
2015-06-05 10:40:47 +02:00
Johannes Meyer
ee2462a6b2
LdapUserGroupBackend: Let the backend decide which defaults to use
...
refs #7343
2015-06-05 10:19:28 +02:00
Johannes Meyer
3fd0d99db2
LdapUserGroupBackend: Add support for custom query filters
...
refs #7343
2015-06-05 09:57:40 +02:00
Johannes Meyer
90d946f149
LdapUserGroupBackend: We need a datasource, actually
...
Forgot to add this when disabling LdapRepository inheritance...
refs #7343
2015-06-03 16:40:14 +02:00
Johannes Meyer
d9eb8f9e8d
LdapUserGroupBackend: Do not extend LdapRepository
...
Selecting groups works, but not memberships. Does not make sense
until both things work...
refs #7343
2015-06-03 16:33:22 +02:00
Johannes Meyer
89d992278b
Introduce class LdapUserGroupBackend
...
refs #743
2015-06-03 16:27:50 +02:00
Johannes Meyer
86c63ec913
Introduce class LdapRepository
...
refs #7343
2015-06-03 15:28:07 +02:00
Johannes Meyer
96f5f8fd49
LdapUserBackend: Do not fetch a user's groups
...
refs #7343
2015-06-03 15:16:54 +02:00
Johannes Meyer
e0c0e9c874
LdapUserBackend: Move function retrieveGeneralizedTime into its parent
...
refs #7343
2015-06-03 14:36:46 +02:00
Johannes Meyer
cd0c418854
Merge branch 'master' into feature/user-and-group-management-8826
2015-06-02 10:44:13 +02:00
Johannes Meyer
e936c76ca9
DbUserGroupBackend: Really clear memberships and parent relations...
...
...when removing a group.
refs #8826
2015-06-01 15:34:38 +02:00
Johannes Meyer
1385295e4e
DbUserGroupBackend: Properly handle sequences of group names
...
refs #8826
2015-06-01 15:33:35 +02:00
Johannes Meyer
62fff94808
DbUserGroupBackend: Do not try to fetch a group id for null
...
refs #8826
2015-06-01 15:16:03 +02:00
Johannes Meyer
beb5bd7370
Repository: Clone a filter implicitly in self::requireFilter($clone = true)
...
refs #8826
2015-06-01 15:03:08 +02:00
Johannes Meyer
601b720a03
LdapUserBackend: Fetch and interpret the correct attributes (OpenLDAP)
...
refs #8826
2015-06-01 14:05:44 +02:00
Johannes Meyer
d1a5321d02
LdapUserBackend: Fetch and interpret the correct attributes (ActiveDirectory)
...
refs #8826
2015-06-01 12:23:16 +02:00
Johannes Meyer
a88037f45d
DbUserGroupBackend: Fetch and persist a group's id when it's name is given
...
refs #8826
2015-05-29 11:33:35 +02:00
Johannes Meyer
bb285db05b
Differentiate the source or destination of a column when converting values
...
refs #8826
2015-05-29 11:32:15 +02:00
Johannes Meyer
60ce78c958
DbUserGroupBackend: Adjust how to load the name of a group's parent
...
refs #8826
2015-05-29 08:57:49 +02:00
Johannes Meyer
c94e6a3292
Db/IniUserGroupBackend: Drop column parent_name, it's not a name anymore
...
refs #8826
2015-05-29 08:56:58 +02:00
Johannes Meyer
32b99be8ab
DbUserGroupBackend: Adjust to fit the new database schema
...
refs #8826
2015-05-28 15:22:15 +02:00
Alexander A. Klimov
cba36ec017
Ignore the preferences' loadability during authentication
...
fixes #8956
2015-05-27 15:13:53 +02:00
Johannes Meyer
10b158a182
LdapUserBackend: Fix sorting when sorting by user_name
...
refs #8826
2015-05-21 13:53:27 +02:00
Johannes Meyer
4d79731646
DbUserBackend: Fix sorting when sorting by user_name
...
refs #8826
2015-05-21 13:53:18 +02:00
Johannes Meyer
9278d708d7
IniUserGroupBackend: Do not sort by parent when sorting by group_name
...
refs #8826
2015-05-21 13:51:24 +02:00
Johannes Meyer
6369643145
DbUserGroupBackend: Do not sort by parent when sorting by group_name
...
refs #8826
2015-05-21 13:51:15 +02:00
Johannes Meyer
0a387573f3
Logger: Fix substitution of exception messages
2015-05-13 10:46:34 +02:00
Johannes Meyer
f93c2de6be
UserGroupBackend: Disable default backend type `ini'
...
We're not going to support this until a proper membership implementation
exists (or is required at all).
refs #8826
2015-05-13 10:45:54 +02:00
Johannes Meyer
223ecab991
DbUserGroupBackend: Make it possible to handle memberships
...
refs #8826
2015-05-13 10:34:39 +02:00
Johannes Meyer
47dfcf5e1d
DbUserGroupBackend: Do not use the repository abstraction internally
...
That's overhead which is not necessary.
refs #8826
2015-05-13 10:34:00 +02:00
Johannes Meyer
104c1c6bba
DbUserBackend: Utilize Zend_Db_Select when fetching the password hash
2015-05-13 09:16:24 +02:00
Johannes Meyer
7d08dd2765
DbConnection: Adjust insert and update to support custom type definitions
...
This strips the custom insert and update implementataions in
DbUserBackend down so that it does not need to do such low level stuff...
refs #8826
2015-05-13 09:15:18 +02:00
Johannes Meyer
053c9cdcb3
Repository: Check whether a column is queried from the correct table
...
refs #8826
2015-05-12 15:38:29 +02:00
Johannes Meyer
44bbd93cbc
DbUserBackend: Provide a custom insert and update implementation
...
As we're transmitting password hashes which may contain special chars
and the like, we need to utilize prepared statements with explicit types.
refs #8826
2015-05-11 16:00:24 +02:00
Matthias Jentsch
25f397042b
Merge branch 'master' into feature/improve-multi-select-view-8565
...
Conflicts:
modules/monitoring/application/controllers/HostsController.php
modules/monitoring/application/controllers/ServicesController.php
modules/monitoring/application/views/scripts/hosts/show.phtml
modules/monitoring/application/views/scripts/list/hosts.phtml
modules/monitoring/application/views/scripts/partials/host/objects-header.phtml
modules/monitoring/application/views/scripts/partials/service/objects-header.phtml
modules/monitoring/application/views/scripts/services/show.phtml
modules/monitoring/public/css/module.less
public/js/icinga/behavior/tooltip.js
2015-05-11 13:28:43 +02:00
Johannes Meyer
b3957c556b
DbUserGroupBackend: Properly utilize the insert and update capability
...
refs #8826
2015-05-11 13:28:01 +02:00
Johannes Meyer
f1c82fc318
IniUserGroupBackend: Convert timestamps and arrays...
...
...to formatted datetime strings and comma separated strings respectively
refs #8826
2015-05-08 15:28:10 +02:00
Johannes Meyer
59ec11f047
IniUserGroupBackend: Extend IniRepository
...
We are now able to insert, update and delete user groups stored in INI files
refs #8826
2015-05-08 15:26:35 +02:00
Johannes Meyer
99be358714
Repository: Make it possible to initialize column properties lazily
...
refs #8826
2015-05-07 08:28:32 +02:00
Johannes Meyer
4d83b2f93d
Authentication\Manager: Fix invalid class path in use statement
...
refs #8826
2015-05-06 12:18:57 +02:00
Johannes Meyer
4044e56a03
LdapUserBackend: Provide filter column `user'
...
refs #8826
2015-05-06 10:27:26 +02:00
Johannes Meyer
9c799dca22
IniUserGroupBackend: Automatically set section names on column `name'
...
refs #8826
2015-05-06 08:41:54 +02:00
Johannes Meyer
89029308ef
IniUserGroupBackend: Extend Repository and implement UserGroupBackendInterface
...
Note that it was necessary to change the structure of ini files providing
the membership information. They need to be structured like our db
table rows now.
refs #8826
2015-05-05 15:24:18 +02:00
Johannes Meyer
de68d78938
DbUserGroupBackend: Add case insensitive filter columns `group' and `parent'
...
refs #8826
2015-05-05 09:34:49 +02:00
Johannes Meyer
37e47f0d3f
DbUserBackend: Add case insensitive filter column `user'
...
refs #8826
2015-05-05 09:34:23 +02:00
Johannes Meyer
58233b0072
DbUserGroupBackend: Extend DbRepository and implement UserGroupBackendInterface
...
refs #8826
2015-05-05 09:23:29 +02:00
Johannes Meyer
b1454c199a
Introduce interface UserGroupBackendInterface
...
refs #8826
2015-05-05 08:27:11 +02:00
Johannes Meyer
7b2fc1ba41
Make class UserGroupBackend being just a factory for user group backends
...
refs #8826
2015-05-05 08:26:38 +02:00
Johannes Meyer
842b043f7f
LdapUserBackend: Use is_active as well as a default sort column
...
refs #8826
2015-05-04 15:56:13 +02:00
Johannes Meyer
b86a0024c3
DbUserBackend: Use is_active as well as a default sort column
...
refs #8826
2015-05-04 15:55:36 +02:00
Johannes Meyer
c441117324
LdapUserBackend: Extend Repository and implement UserBackendInterface
...
refs #8826
2015-05-04 12:18:25 +02:00
Johannes Meyer
e74194c18e
ExternalBackend: Implement UserBackendInterface
...
refs #8826
2015-05-04 12:15:50 +02:00
Johannes Meyer
99ac0b78ea
DbUserBackend: Extend DbRepository and implement UserBackendInterface
...
refs #8826
2015-05-04 12:15:05 +02:00
Johannes Meyer
7b41fc020a
AuthChain: Yield UserBackendInterface instead of UserBackend
...
refs #8826
2015-05-04 11:44:41 +02:00
Johannes Meyer
1824eb9c3b
Make class UserBackend being just a factory for user backends
...
refs #8826
2015-05-04 11:43:53 +02:00
Johannes Meyer
68657c02ee
Introduce interface Icinga\Authentication\User\UserBackendInterface
...
refs #8826
2015-05-04 11:40:17 +02:00
Johannes Meyer
7960e911a6
UserGroupBackend: Add support for custom backends to fetch user groups
...
refs #8826
refs #9122
2015-04-22 09:52:08 +02:00
Johannes Meyer
a2cd5d63f1
UserBackend: Wrap config directives as part of errors in single quotes
2015-04-22 09:36:45 +02:00
Johannes Meyer
a1d8ed6e8f
UserBackend: Utilize ResourceFactory::create
2015-04-22 09:35:41 +02:00
Johannes Meyer
c9dcddb134
UserGroupBackend: Add missing and fix existing method documentation
2015-04-22 09:35:06 +02:00
Johannes Meyer
847c02ed8e
UserBackend: Add support for custom authentication backends
...
refs #8826
refs #8877
2015-04-22 09:28:42 +02:00
Johannes Meyer
b45e576722
UserBackend: Remove testing only related code
...
There are no tests for this class at all.
2015-04-21 14:15:43 +02:00
Johannes Meyer
97caeb27f7
UserBackend: Add missing and fix existing method documentation
...
refs #8826
2015-04-21 13:59:35 +02:00
Johannes Meyer
319ca3625c
LdapUserBackend: Drop redundant method hasUser
...
refs #8826
2015-04-21 13:15:40 +02:00
Johannes Meyer
60a8654614
ExternalBackend: Drop redundant method hasUser
...
refs #8826
2015-04-21 13:15:06 +02:00
Johannes Meyer
11f522d929
DbUserBackend: Drop redundant method hasUser
...
refs #8826
2015-04-21 13:14:50 +02:00
Johannes Meyer
a7af546078
UserBackend: Drop abstract method hasUser
...
refs #8826
2015-04-21 13:14:27 +02:00
Johannes Meyer
6ca68f438d
Move concrete UserBackend classes to Icinga\Authentication\User
...
refs #8826
2015-04-21 12:51:31 +02:00
Johannes Meyer
39473e8939
Move UserGroupBackend to Icinga\Authentication\User
...
refs #8826
2015-04-21 12:42:21 +02:00
Johannes Meyer
b51ce9c7ab
Move concrete UserGroupBackend classes to Icinga\Authentication\UserGroup
...
refs #8826
2015-04-21 12:38:57 +02:00
Johannes Meyer
8058eb0215
Move UserGroupBackend class to Icinga\Authentication\UserGroup
...
refs #8826
2015-04-21 12:32:18 +02:00
Alexander Klimov
967a2e82dc
Use (only) "@return $this" in fluent interfaces' documentation
2015-04-07 14:24:11 +02:00
Johannes Meyer
0bc1416b10
Use the correct name for malformed LDAP attributes automatically
...
...or more purposefully: Guard lazy users from themselves. I hope I don't
have to explain why _this_ is not part of Icinga\Protocol\Ldap\Query...
resolves #8608
2015-03-13 11:17:43 +01:00
Johannes Meyer
39a74c4f3d
LDAP-Auth backend config: Add support for custom LDAP filter rules
...
refs #8365
2015-03-11 09:52:14 +01:00
Johannes Meyer
f3fa743022
Fix login when using a PostgreSQL database as authentication backend
...
fixes #8524
2015-03-06 11:03:45 +01:00
Matthias Jentsch
cb0ca6d6ac
Remove unused piechart code
2015-03-06 09:41:38 +01:00
Thomas Gelf
88315db1eb
UserBackend: reasonable defaults for AD groups
...
I didn't do farther research, but those values seem to work fine.
2015-02-09 15:31:47 +01:00
Thomas Gelf
81f65a7cd4
LdapUserBackend: disable "health check"
...
I see no point in checking this at every login. It could however be a
nice addition for our config backends and the setup wizard. I'd also
opt for completely removing this parameter - who wants to use this
method should explicitely call it.
2015-02-09 15:29:52 +01:00
Thomas Gelf
7b1b5b9b40
Authentication\Manager: do not override user groups
...
Needs more care, but this way we are at least able to fetch groups
unless we get out improved implementation.
2015-02-09 15:27:50 +01:00
Johannes Meyer
8b94e4c701
Fix documentation and code style in the LdapUserBackend
2015-02-06 16:32:26 +01:00
Eric Lippmann
6bae2e0a53
Note that our license is GPL v2 or any later version in our license header instead of pointing to the license's URL
2015-02-04 10:52:27 +01:00
Eric Lippmann
5b4fab0750
Add license header
...
This time without syntax errors hopefully :)
2015-02-03 16:27:59 +01:00
Eric Lippmann
5fa2e3cfdc
Revert "Add license header"
...
This reverts commit 338d067aba
.
2015-02-03 16:16:26 +01:00
Eric Lippmann
4c7d120523
Revert "Fix typo in UserBackend"
...
This reverts commit 9fa1fd626c
.
2015-02-03 16:16:26 +01:00
Eric Lippmann
160b3a96ca
Revert "Fix typo in UserGroupBackend"
...
This reverts commit e8c4f45d68
.
2015-02-03 16:16:26 +01:00
Eric Lippmann
e8c4f45d68
Fix typo in UserGroupBackend
2015-02-03 16:14:13 +01:00
Eric Lippmann
9fa1fd626c
Fix typo in UserBackend
2015-02-03 16:13:22 +01:00
Eric Lippmann
6517f8e2be
security: Activate permissions
2015-02-03 16:08:35 +01:00
Eric Lippmann
338d067aba
Add license header
...
fixes #7788
2015-02-03 15:51:04 +01:00
Johannes Meyer
7989b48248
Fix ldap auth when the userNameAttribute holds multiple values
...
fixes #8246
2015-02-03 10:15:54 +01:00
Johannes Meyer
2a115e71d4
Add support for paged LDAP search results
...
fixes #8261
refs #6176
2015-01-29 15:53:15 +01:00
Johannes Meyer
50fc85d7ff
Rename authentication type "autologin" to "external"
...
refs #8274
2015-01-27 09:49:36 +01:00
Johannes Meyer
d452f3218d
Use "ini" as preferences store in case preferences are not configured
...
refs #8234
2015-01-23 16:25:24 +01:00
Johannes Meyer
14a4aaeb77
Revert "Fix that when chosing to not to store preferences an invalid config is created"
...
This reverts commit 6284da451e
.
2015-01-23 15:23:43 +01:00
Johannes Meyer
6284da451e
Fix that when chosing to not to store preferences an invalid config is created
...
fixes #8234
2015-01-23 14:42:09 +01:00
Eric Lippmann
44de790cc9
Security: Temporary grant all permissions
2015-01-22 17:12:49 +01:00
Eric Lippmann
2bd2f32b2e
postgresql/auth: Fix that users cannot login when using PostgreSQL >= version 9.0
...
fixes #8251
2015-01-19 16:43:19 +01:00
Tom Ford
dc0f396fbf
Check LDAP username in case insensitive way
...
Signed-off-by: Eric Lippmann <eric.lippmann@netways.de>
refs #7991
2014-12-10 16:00:39 +01:00
Eric Lippmann
3e1583ca40
Security: Remove getPermissions and getRestrictions from the AdmissionLoader
...
These funtctions are superseded by getRestrictionsAndPermissions.
refs #5647
2014-11-19 15:13:45 +01:00
Eric Lippmann
bed11ebb60
Security: Load user permissions and restrictions from roles.ini
...
refs #5647
2014-11-19 15:11:14 +01:00
Eric Lippmann
b01a9a65e0
Security: Introduce AdmissionLoader::getPermissionsAndRestrictions() for loading permissins and restrictions from roles.ini
...
When loading from roles.ini there's currently an empty permission added which is of course a bug and will be fixed asap.
refs #5647
2014-11-19 15:10:09 +01:00
Johannes Meyer
7621f6642d
Adjust usages of Icinga\Application\Config
...
refs #7147
2014-11-18 13:11:52 +01:00
Johannes Meyer
eb4672923f
Require the OpenSSL module instead of providing an unsafe fallback
...
refs #7163
2014-11-11 10:19:09 +01:00
Johannes Meyer
9d292269b1
Merge branch 'master' into feature/setup-wizard-7163
...
Conflicts:
application/forms/Config/Resource/LdapResourceForm.php
test/php/application/forms/Config/Authentication/LdapBackendFormTest.php
2014-11-11 09:44:11 +01:00
Johannes Meyer
2bb7217d04
Do not require the openssl extension
2014-11-10 11:20:02 +01:00
Johannes Meyer
124f64ad89
Merge branch 'master' into bugfix/drop-zend-config-7147
2014-11-07 14:07:15 +01:00
Johannes Meyer
7b99b74ae1
Prefer Icinga\Application\Config instead of Zend_Config
...
refs #7147
2014-11-07 13:53:03 +01:00
Matthias Jentsch
d0706a55ea
Chain exceptions in LdapUserBackend instead of printing the message
2014-11-06 16:32:43 +01:00
Johannes Meyer
7569c55796
Fix how password hashes are stored and retrieved in DbUserBackend
2014-11-04 15:52:09 +01:00
Johannes Meyer
170ded6510
Merge branch 'master' into feature/setup-wizard-7163
...
Conflicts:
library/Icinga/Authentication/Backend/LdapUserBackend.php
library/Icinga/File/Ini/IniWriter.php
2014-11-04 14:22:53 +01:00
Johannes Meyer
8913bf53c9
Fix salt extraction
2014-11-04 13:03:36 +01:00
Johannes Meyer
99277383b9
Fix retrieving a user's data from the database
2014-11-04 13:03:12 +01:00
Johannes Meyer
cad8f7538e
Leave it up to the database to decide what is the current time
2014-11-04 12:42:39 +01:00
Matthias Jentsch
f9fee2df70
Do not interrupt authentication chain on invalid ldap connection infos
...
Catch LdapExceptions and throw AuthenticationException to not interrupt authentication chain
fixes #7497
2014-11-04 12:35:41 +01:00
Eric Lippmann
16352fc10c
Move Logger to the Application namespace
...
fixes #7148
2014-10-31 10:27:17 +01:00
Johannes Meyer
4f1e1ddb6f
Adjust the DbUserBackend to reflect the new database schema
2014-10-30 15:40:07 +01:00
Johannes Meyer
c1bff9a26e
Merge branch 'master' into feature/setup-wizard-7163
2014-10-30 10:38:21 +01:00
Eric Lippmann
f68c591a46
LDAP Auth: Make group loading really optional
...
fixes #7432
2014-10-23 03:50:03 +02:00
Johannes Meyer
8c62c66a4e
Make regular expression pattern in autologin backend being fully optional
2014-10-20 15:14:14 +02:00
Eric Lippmann
424cee6b4a
Auth: Load user groups using the new user group backends
2014-10-20 13:43:40 +02:00
Eric Lippmann
aa56f3010c
lib: Add DbUserGroupBackend
2014-10-20 13:42:33 +02:00
Eric Lippmann
d170cf0c9d
lib: Replace Membership with IniUserGroupBackend
2014-10-20 13:42:15 +02:00
Eric Lippmann
d1228deef2
lib: Add UserGroupBackend as base class and factory for user group backends
2014-10-20 13:41:33 +02:00
Eric Lippmann
cee261bf7e
Use lowercase username and user groups for loading user permissions and restrictions
2014-10-20 13:36:37 +02:00
Matthias Jentsch
9a9aa84e23
Respect base_dn in LdapUserBackend
2014-10-14 14:37:21 +02:00
Matthias Jentsch
dd21b7b5d1
Make sure that we work only with arrays when handling LDAP groups
2014-10-09 10:14:42 +02:00
Matthias Jentsch
04e83a53c5
Add `base_dn' directive to LDAP backend config
2014-10-09 10:10:09 +02:00
Johannes Meyer
1cbe2451a8
Merge branch 'master' into feature/setup-wizard-7163
...
Conflicts:
application/forms/Config/Resource/StatusdatResourceForm.php
2014-10-08 16:34:31 +02:00
Johannes Meyer
96ba45d896
Convert password salt to ASCII to avoid encoding issues with PostgreSQL
2014-10-08 15:26:42 +02:00
Johannes Meyer
393191ced1
Add admin creation routine
...
refs #7163
2014-10-08 10:26:12 +02:00
Alexander Fuhr
421263af00
Make LDAP Groups optional
...
refs #7343
2014-10-06 13:35:17 +02:00
Alexander Fuhr
017d4b8c9d
Introduce Groups from LDAP to User Object
2014-10-01 16:03:42 +02:00
Eric Lippmann
74bd9b319d
restrictions: Include restriction's section name in user restrictions
2014-10-01 14:08:21 +02:00
Eric Lippmann
084691570e
permissions: Use a comma-separated list as config instead of the `permission_*' directives
...
Permissions are now set using a comma-separated list of permissions using the `permissions' config because
the `users' and `groups' are comma-separated lists too.
2014-10-01 08:14:03 +02:00
Johannes Meyer
8fcf21a6b8
Make it possible to retrieve a list of available users for authentication
...
refs #7163
2014-09-29 11:21:40 +02:00
Johannes Meyer
c00dbf9f46
Write session on response
...
There should not be any necessity to write the session once changes are
being made to it. We now track whether changes were made and write
the session when responding to the user's request if so.
2014-09-24 10:46:35 +02:00
Eric Lippmann
f1d3b72f05
autologin: Fix externally-authenticated users still being authenticated after external authentication is disabled
...
The if condition for revoking authentication if the username changed relied on having the `$_SERVER' variable set which was used for authentication.
Authentication is now revoked if the username changed or external authentication is no longer in effect.
refs #6462
2014-09-18 15:20:46 +02:00
Eric Lippmann
794910256a
Use `User::can()' in `hasPermission()' of the authentication manager
2014-09-18 14:57:24 +02:00
Alexander Klimov
45638b218c
Throw IcingaException rather than Exception
...
fixes #7014
2014-08-27 16:03:15 +02:00
Alexander Klimov
9c5878cbbe
ConfigurationError: extend IcingaException
...
refs #6931
2014-08-22 11:46:11 +02:00
Alexander Klimov
b764993091
AuthenticationException: extend IcingaException
...
refs #6931
2014-08-22 10:59:52 +02:00
Marius Hein
56a29354d3
AutoLogin: Check the remote username against logged in user
...
fixes #6462
2014-07-30 12:54:08 +02:00
Marius Hein
e2c761a7aa
AutoLogin/Logout: Remove own session namespace
...
Store data in the user and implement interface to left
backends store remote information.
fixes #6461
2014-07-30 12:35:55 +02:00
Eric Lippmann
294728ac47
Revert "Autologin: Test logged session against remote user"
...
This reverts commit 64954e9924
.
If the strip_username_regex is configured on the autologin backend and applies on a user's name,
the authenticated user's username does never match the REMOTE_USER server variable.
Thus the application will logout/login on every request which results in a redirect loop.
refs #6462
2014-07-29 17:50:44 +02:00
Marius Hein
64954e9924
Autologin: Test logged session against remote user
...
fixes #6462
2014-07-29 12:06:43 +02:00
Marius Hein
8b9d446d2e
Autologin: Remove deprecated autologin methods
...
Remove methods from manager because autologin
is now handled with special backends (AutoLoginBackend).
The session is used to store the status about a remote
user authentication to send a 401 header to the client
upon logout.
refs #6461
2014-07-29 10:48:57 +02:00
Johannes Meyer
b40027b6c7
Purge session when logging out
...
fixes #6739
2014-07-16 09:55:22 +02:00
Johannes Meyer
19f05256a0
Only call session_start() when reading from session
...
fixes #6383
2014-07-16 09:55:22 +02:00
Johannes Meyer
3105c2059e
Remove license headers from all files
...
refs #6309
2014-07-15 13:43:52 +02:00
Matthias Jentsch
57f3023ec4
Fix coding style
2014-07-03 16:20:45 +02:00
Matthias Jentsch
c18b6f26f0
Throw Ldap\Exception when something goes wrong in a Ldap connection
2014-06-25 12:41:17 +02:00
Matthias Jentsch
77a9dd1e6e
Throw exception on fetchDN, when no row exists
...
Instead of fetchDN, authentication now uses hasUser to check if the user
exists before querying the password, to prevent the exception from messing
up the whole authentication process
2014-06-23 14:02:45 +02:00
Thomas Gelf
4bada86731
Authentication\Manager: fix fromRemoteUser boolean
...
This used to be always true in case an autologin backend was enabled.
We only have a REMOTE_USER if there is such.
2014-06-20 12:58:17 +02:00
Thomas Gelf
d2ccc68214
Merge remote-tracking branch 'origin/master' into feature/query-interfaces-6018
...
Conflicts:
modules/monitoring/application/controllers/ListController.php
2014-06-17 09:47:14 +00:00
Eric Lippmann
db73d324de
Autologin: Fix that the backend name must have been `autologin'
...
Before, the code validated the name of the backend instead of the `backend' directive against `autologin'.
2014-06-12 17:05:54 +02:00
Eric Lippmann
7d2ee41f42
Autologin: Fix PHPDoc
2014-06-11 15:46:59 +02:00
Eric Lippmann
992ccf4f6d
Autologin: Actually set the username upon authentication
...
Before, when using autologin the username of the authenticated user always was the empty string.
2014-06-11 15:46:59 +02:00
Eric Lippmann
65a2bd41bc
Autologin: Do not use absolute `use'
2014-06-11 15:46:58 +02:00
Eric Lippmann
7215ba4f59
Autologin: Do not require a bogus password in the source code
2014-06-11 15:46:58 +02:00
Eric Lippmann
63fc8eb27e
Autologin: Use REMOTE_USER for authentication
...
It's not safe to rely on PHP_AUTH_USER and PHP_AUTH_TYPE because
PHP cgi handlers (fgcid for example) only set the REMOTE_USER environment variable
and the authentication type for negogiation methods (Kerberos for example) is neither
Basic nor Digest.
We may have to add REDIRECT_REMOTE_USER for authentication for proxy setups.
2014-06-11 15:46:58 +02:00
Eric Lippmann
c09341d77e
Autologin: Do NOT sanitize username
...
I don't know the reason why this was done initially but a username must not be changed.
2014-06-11 15:46:58 +02:00
Matthias Jentsch
c42c7977be
Call extended backend health checks when creating ldap authentication backends
...
fixes #6457
2014-06-11 15:09:36 +02:00
Matthias Jentsch
6c82cb8988
Check ldap backend health during Authentication
...
Check if authentication is possible during authentication, to generate more
useful error and log messages, in case the backend configuration is wrong
ref #6457
2014-06-11 15:08:05 +02:00
Matthias Jentsch
bca166c644
Do not throw an exception when the username does not exist
...
refs #6457
2014-06-11 15:08:05 +02:00
Thomas Gelf
db3accc704
Data\Db: rename Query and Connection to Db...
...
Class names in namespaces should not be chosen as once we didn't have
such. The fact that we already did "use Db\Connection as DbConnection"
is the best hint that naming was wrong.
So this patch renames Db\Connection to Db\DbConnection and does the
same with DbQuery. DbQuery has been adjusted to fit our new SimpleQuery
and to handle the new Filter implementation.
2014-06-06 06:43:13 +00:00
Marius Hein
29f593a357
Authentication: Add backend to handle external authentication
...
Drop external auth configuration from config.ini and move
implementation into a single backend provider named
'autologin'. This provider can strip realm names from
username with a custom regexp.
fixes #6081
2014-06-03 17:59:22 +02:00
Eric Lippmann
cfcaf019bd
User backends: Throw exception when authentication fails due to an exception
...
refs #5685
2014-06-02 15:52:58 +02:00