tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,581 Commits 119 Branches 71 Tags 80 MiB
Commit Graph

421 Commits

Author SHA1 Message Date
Johannes Meyer f63dfa5294 DbUserBackend: Use binary string comparison if it's a mysql db 2019-12-11 10:15:05 +01:00
Johannes Meyer 668ae38497 ExternalBackend: Don't authenticate a user if `REMOTE_USER` is empty 2019-12-05 15:13:02 +01:00
Johannes Meyer 9de9fe8f39 Introduce class RolesConfig 2019-07-23 13:53:29 +02:00
Johannes Meyer 59fa054d42 AuthChain: Send failed login-attempts to the audit log 
resolves #3855
 2019-07-11 14:41:17 +02:00
Thomas Gelf 08c879249b Auth: do not ask for unrelated group membership 
If a specific User-Backend has been assigned to a Group Backend, and
the User has been authenticated by another User-Backend, then there is
no need to ask the unrelated Groups Backend for membership.
 2018-12-18 14:51:13 +01:00
Johannes Meyer 2f9037e545 Auth: Log which groups were identified for the user being authenticated 2018-10-08 14:02:26 +02:00
Johannes Meyer 3c69a63ce3 LdapUserGroupBackend: Log what the ambiguity check does 2018-10-08 10:34:27 +02:00
Johannes Meyer f28f7150fc AuditHook: Enforce a named identity and allow to pass a explicit time 2018-07-18 14:45:00 +02:00
Eric Lippmann d6c4df7a5d Use password_hash and password_verify 2018-07-03 13:08:06 +02:00
Eric Lippmann faaff42096 Revert "Introduce PasswordHelper for safer passwords" 
This reverts commit f57277aa96.

Since we're dropping PHP support for versions lower than 5.6 this class is no longer necessary.
 2018-07-03 13:08:06 +02:00
Johannes Meyer 3f66bd7437 Auth: Log login/logout activities to the audit log 
refs #2563
 2018-06-08 14:21:15 +02:00
Eric Lippmann 4a000d0098 Revert "Merge branch 'bugfix/domain-aware-auth-non-domain-ldap-group-backend-3250'" 
This reverts commit 5cb7deda20, reversing
changes made to 02391e648b.

The change must be reverted because it makes it impossible to load groups
if domain aware auth is not enabled and the authenticated user specifies a domain.

refs #3324
 2018-03-19 13:10:47 +01:00
Alexander A. Klimov 72ec132f25 Correct interfaces to conform to PHP 7.2+ 2018-01-24 11:50:10 +01:00
Alexander A. Klimov 7106de5aa2 DbUserGroupBackend: implement Inspectable 
refs #3233
 2018-01-19 16:31:24 +01:00
Alexander A. Klimov 7227e10824 LdapUserGroupBackend: implement Inspectable 
refs #3233
 2018-01-19 16:31:24 +01:00
lippserd ddfafb27f6
Merge pull request #3256 from Icinga/bugfix/multi-domain-support-broken-3232 
Make multi-domain authn working w/ upper-case domains in user names
 2018-01-17 11:57:48 +01:00
Alexander A. Klimov 8c7ccce4a7 Make multi-domain authn working w/ upper-case domains in user names 
refs #3232
 2018-01-16 10:36:22 +01:00
Paolo Schiro c806099e1b Avoid including domain users in a group not belonging to a domain 
Signed-off-by: Alexander A. Klimov <alexander.klimov@icinga.com>

refs #3250
 2018-01-15 11:19:35 +01:00
Markus Frosch 1aae1eab23 DBUserBackend: Replace internal crypt handling with PasswordHelper 
refs #2954
 2017-11-21 08:26:24 +01:00
Markus Frosch f57277aa96 Introduce PasswordHelper for safer passwords 
refs #2954
 2017-11-21 08:26:24 +01:00
Eric Lippmann f495b390da Apply role to all users if the role is defined with users=* 
If the users directive contains at least one single asterisk, the role is applied to all users.
So, this supports roles which define users=username, ..., * and users=*

refs #3095
 2017-11-16 12:02:41 +01:00
ss23 c196a7c7c4 Modify authentication function to support alternative algorithms 
The existing usage of crypt() was borderline incorrect. This simplified
function will allow hashes of other types (e.g. bcrypt) and thus
mitigate #2954 (use password_hash) until this can be implemented.

The getSalt protected method was also removed as this is no longer
required, though this can be added again in future.
 2017-11-06 22:48:42 +13:00
Markus Frosch f65759ace8 LdapUserGroupBackend: Base ambiguity decision based on isDN 
Problem was: When a DN did not contain the same base DN, the check failed

This happens when you have an entry referencing a DN of another domain.
(And this value is tested as a sample)
 2017-10-20 15:17:11 +02:00
Eric Lippmann ab7fa9f925 Add domain part to user groups if the user group backend is reponsible for a domain 2017-07-31 09:03:40 +02:00
Eric Lippmann b13c38b65b Auth/Groups: Prefer the domain from the LDAP/MSAD user backend 
If a LDAP/MSAD user group backend is linked w/ a user backend, the domain from the user backend is preferred over the domain configured for the user group backend.
 2017-07-11 17:09:24 +02:00
Eric Lippmann 4b11afe7d5 Remove unused method LdapUserBackend::setConfig() 2017-07-11 17:08:16 +02:00
Eric Lippmann bd23d008ca Auth: Make sure to set the configured domain on LDAP/MSAD user backends 2017-07-11 17:02:32 +02:00
Eric Lippmann cbde758fc6 Remove unused domain-aware auth related functions from UserBackend 
These functions made it into the master branch accidentally.
 2017-07-11 17:01:06 +02:00
Eric Lippmann 686d022987 Merge pull request #2863 from Icinga/feature/domain-support-for-authn-authz-2153 2017-06-21 13:16:36 +02:00
Eric Lippmann cfbd5c500e Make LDAP user group backends domain-aware 
refs #2153
 2017-06-12 13:31:07 +02:00
Eric Lippmann 0cbec01743 Make auth via LDAP user backends domain-aware 
refs #2153
 2017-06-12 13:31:07 +02:00
Eric Lippmann 05288e9bea Add interface for user backends which are responsible for a specific domain 
refs #2153
 2017-06-12 13:31:07 +02:00
Eric Lippmann 41acffdc24 Login: set the default domain if necessary 
refs #2153
 2017-06-12 13:31:07 +02:00
Alexander A. Klimov 2b9e9bf2b3 User: split the username into localpart and domain (if given) 2017-06-12 13:31:07 +02:00
Alexander A. Klimov f323310174 DbUserBackend: don't fail at validation if there aren't any active users 
refs #2598
 2017-02-24 15:29:05 +01:00
Johannes Meyer 181e2ef05c Swag: Fix swag (aka a whole bunch of code style issues..) 2017-01-27 14:48:59 +01:00
Michael Friedrich 08a82daea3 Update to icinga.com 
refs #2687
 2017-01-18 12:04:43 +01:00
Johannes Meyer 0716f87852 Update german translation 2016-12-13 13:57:27 +01:00
Alexander A. Klimov 648f088564 Conform to coding guidelines 
refs #12598
 2016-12-07 17:45:50 +01:00
Rune Darrud 59f1a70d5e Add support for nested AD groups resolved from the user 
This will make sure that nested groups also work with roles.

Signed-off-by: Alexander A. Klimov <alexander.klimov@icinga.com>

refs #12598
 2016-12-07 17:15:59 +01:00
Eric Lippmann 4eb61c2bcf Revert breaking change in Auth::isAuthenticated() 
refs #12580
fixes #13281
 2016-12-06 12:41:22 +01:00
Johannes Meyer 78be71bc92 Merge branch 'bugfix/evaluate-redirect_remote_user-12164' 
fixes #12164
 2016-11-21 08:53:35 +01:00
Eric Lippmann f7e5cd3b71 Check the correct return type in case preg_replace fails in ExternalBackend.php 2016-11-16 14:10:31 +01:00
Johannes Meyer 3a816ce0f7 ExternalBackend: Don't throw an error if it's not possible to clean usernames 2016-11-16 12:04:46 +01:00
Johannes Meyer 0bd00ba3d0 ExternalBackend: Simplify how remote users are identified 
refs #12164
 2016-11-16 11:55:54 +01:00
Johannes Meyer f7a8524dce DbUserGroupBackend: Group by group.id when joining group memberships 
Prevents duplicate results in case a group has multiple members.
 2016-11-11 09:19:59 +01:00
Eric Lippmann 2b060d9bd4 Challenge API requests only if the controller requires auth 
fixes #12580
 2016-11-07 10:40:38 +01:00
Alexander A. Klimov d9330486e9 Replace ExternalBackend::getRemoteUserEnvvars() with an attribute 
refs #12164
 2016-11-04 17:27:36 +01:00
Alexander A. Klimov d6ac6c8374 setup/AuthenticationPage: don't show the warning about external backend configuration if REDIRECT_REMOTE_USER is set 
refs #12164
 2016-10-18 15:19:13 +02:00
Alexander A. Klimov 4d6160d987 ExternalBackend::getRemoteUser(): restore previous default behavior 
refs #12164
 2016-10-18 10:22:06 +02:00