1227 commits

Author	SHA1	Message	Date
Yonas Habteab	895dea2dc4	Merge pull request #10770 from Icinga/problem-chars ... Warn on problematic object names	2026-03-27 10:21:58 +01:00
Yonas Habteab	da521203b1	Endpoint: warn if endpoint name exceeds 64 characters	2026-03-26 13:58:57 +01:00
Julian Brost	ed403294a3	OutgoingHttpMessage: don't use shared_ptr for m_CpuBoundWork ... This change just gives clear ownership over the CpuBoundWork to the OutgoingHttpMessage, instead of the previous shared_ptr and weak_ptr combination with an unclear purpose.	2026-03-26 11:47:45 +01:00
Alexander A. Klimov	e03db5f71d	[Refactor] CpuBoundWork#CpuBoundWork(): require an io_context::strand	2026-03-19 14:53:29 +01:00
Alexander A. Klimov	fdc08c2e00	OutgoingHttpMessage#Flush(): release CpuBoundWork slot ... so that `/v1/events` doesn't have to use `IoBoundWorkSlot`. `IoBoundWorkSlot#~IoBoundWorkSlot()` will wait for a free semaphore slot which will be almost immediately released by `CpuBoundWork#~CpuBoundWork()`. Just releasing the already aquired slot manually is more efficient.	2026-03-19 14:51:19 +01:00
Julian Brost	0d376b5d5a	/v1/console: prevent concurrent use of the same session by multiple requests ... If there are such requests, without this change, they would all be allowed and processed, resulting in unsafe concurrent (write) access to these data structures, which can ultimately crash the daemon or lead to other unintended behavior.	2026-03-03 11:32:39 +01:00
William Calliari	11726b741c	Take a mutex before accessing the l_ApiScriptFrames ... Take a mutex to avoid race conditions in the map that lead to segmentation faults. Move the ApiScriptFrame object back behind a shared pointer to avoid holding the mutex for too long. Fixes #10674	2026-02-25 08:37:03 +01:00
Julian Brost	d02cdda5e9	Merge pull request #10716 from Icinga/drop-thread-local-variable-apiuser ... Remove `AuthenticatedApiUser` thread-local variable & pass it as arg instead	2026-02-13 14:43:36 +01:00
Yonas Habteab	3b80153848	Remove AuthenticatedApiUser thread-local variable & pass it as param instead	2026-02-11 11:39:57 +01:00
Yonas Habteab	d4d46a9780	HTTP: stream responses where appropriate	2026-02-11 09:47:39 +01:00
Yonas Habteab	32887884e5	Make ValueGenerator more flexible & easy to use ... This commit refactors the ValueGenerator class to be a template that can work with any container type. Previously, one has to manually take care of the used container by lazily iterating over it within a lambda. Now, the `ValueGenerator` class itself takes care of all the iteration, making it easier to use and less error-prone. The new base `Generator` class is required to allow the `JsonEncoder` to handle generators in a type-erased manner.	2026-02-10 16:57:56 +01:00
Yonas Habteab	91c7e60df8	Replace all existing copyright headers with SPDX headers ... I've used the following command to replace the original copyright header lines in a C-style comment block: ``` $ find . \( -type d \( -name '\..*' -o -name third-party -o -name scripts -o -name prefix -o -name malloc -o -name server -o -name docker -o -name build -o -name doc \) -prune \) -o -type f -exec perl -pi -e 's{/\*[^*]*\(\s*c\s*\)\s*(\d{4})\s*Icinga\s+GmbH[^*]*\*/}{// SPDX-FileCopyrightText: \1 Icinga GmbH <https://icinga.com>\n// SPDX-License-Identifier: GPL-2.0-or-later}gi' {} + ``` For files that use shell-style comments (#) like CMakeLists.txt, I've used this command: ``` $ find . \( -type d \( -name '\..*' -o -name third-party -o -name scripts -o -name prefix -o -name malloc -o -name server -o -name docker -o -name build -o -name doc \) -prune \) -o -type f -exec perl -pi -e 's{#.*\(\s*c\s*\)\s(\d{4})\sIcinga\s+GmbH.*}{# SPDX-FileCopyrightText: \1 Icinga GmbH <https://icinga.com>\n# SPDX-License-Identifier: GPL-2.0-or-later}gi' {} + ``` And for SQL files: ``` $ find . \( -type d \( -name '\..*' -o -name third-party -o -name scripts -o -name prefix -o -name malloc -o -name server -o -name docker -o -name build -o -name doc \) -prune \) -o -type f \( -name '*.sql' \) -exec perl -pi -e 's{--.*\(c\)\s(\d{4})\sIcinga\sGmbH.*}{-- SPDX-FileCopyrightText: \1 Icinga GmbH <https://icinga.com>\n-- SPDX-License-Identifier: GPL-2.0-or-later}gi' {} + $ find . \( -type d \( -name '\..*' -o -name third-party -o -name scripts -o -name prefix -o -name malloc -o -name server -o -name docker -o -name build -o -name doc \) -prune \) -o -type f \( -name '*.sql' \) -exec perl -pi -e 's{-- Copyright \(c\)\s(\d{4})\sIcinga\s+Development\sTeam.*}{-- SPDX-FileCopyrightText: \1 Icinga GmbH <https://icinga.com>\n-- SPDX-License-Identifier: GPL-2.0-or-later}gi' {} + ```	2026-02-04 14:00:05 +01:00
Alexander Aleksandrovič Klimov	9bffe06169	Merge pull request #10388 from Icinga/Registry-Freeze ... Freeze registries at startup, when everything has been registered	2026-01-26 17:28:43 +01:00
Alexander A. Klimov	b4192bd80a	Replace class B : public A { }; with using B = A; (refactor only)	2026-01-26 14:34:29 +01:00
Alexander A. Klimov	74ac0183ca	Registry<U,T>: remove unused template typename U	2026-01-26 10:24:22 +01:00
Alexander A. Klimov	4ba46f9eb2	Silence compiler warnings about unused parameters ... Every of these parameters exists for a reason. The best we can do is to convince the compiler.	2026-01-23 13:31:01 +01:00
Johannes Schmidt	1505f09ed6	Refactor HttpMessage into generalized templated types ... This adds generalized IncomingHttpMessage and OutgoingHttpMessage templates that support different types of streams (via a std::variant) and can both be used for either requests or responses. The tacked on metadata from the old HttpRequest and server connection from the old HttpServerConnection have been moved to HttpApi(Request|Response) classes that derive from the above generalized message types.	2026-01-22 17:20:32 +01:00
Johannes Schmidt	a0f603f608	Update names of HttpRequest and HttpResponse	2026-01-22 12:41:21 +01:00
Egor-OSSRevival	0d32ae3159	docs: Remove 'queue' parameter requirement from event stream document… (#10495) ... * docs: Remove 'queue' parameter requirement from event stream documentation * Update AUTHORS	2026-01-07 14:51:26 +01:00
Julian Brost	dc09713ac4	Merge pull request #10350 from Icinga/unittest-certificate-verification ... Test internal cert generation & verification process	2026-01-07 12:00:28 +01:00
Yonas Habteab	0b2f22ce40	tlsutility: make cert ts configurable & use ASN1_TIME_compare for comparison	2025-12-04 13:01:48 +01:00
Julian Brost	fa3063d148	IsValidHeaderValue: use front()/back() instead of iterators ... Don't ask me why I wasn't thinking of the very basic front() and back() methods when writing this code. Does exactly the same here, but is much more straight-forward than the extra iterator detour.	2025-12-03 11:09:44 +01:00
Julian Brost	985db970bb	Allow to set extra headers in HTTP responses ... Use case: Allow settings headers like Strict-Transport-Security if one likes. How this headers would benefit the Icinga 2 API is questionable, but there are security scanners that see HTTPS and complain about it, so this gives an easy way to make them happy (with this probably being the only benefit).	2025-11-28 16:19:19 +01:00
Julian Brost	aca67f6d88	HttpUtility: add functions for validating HTTP header names and values	2025-11-28 16:19:19 +01:00
Johannes Schmidt	a2e0ce426f	Fix -Wunused-variable warnings	2025-11-19 12:00:58 +01:00
Johannes Schmidt	8ef1604f72	Fix -Wunused-but-set-variable warnings (clang)	2025-11-19 12:00:58 +01:00
Johannes Schmidt	93e69ed0e8	Fix -Wsign-compare warnings	2025-11-19 12:00:58 +01:00
Johannes Schmidt	9a69dd9a45	Use 64bit unsigned integer for Replay log timestamps	2025-11-19 09:41:13 +01:00
Alexander A. Klimov	cba30e7d05	Actually use Registry#Freeze() at startup, when everything has been registered	2025-11-07 18:02:41 +01:00
Alexander A. Klimov	68a8480251	Introduce Registry::GetInstance() to deduplicate such methods ... in derived classes and inline them, as side effect, to speed up calls.	2025-11-07 18:01:38 +01:00
Alexander Aleksandrovič Klimov	c25297e26a	Merge pull request #9729 from Icinga/fix-compiler-warnings-by-removing-unused-variables ... Fix compiler warnings by removing unused variables	2025-10-17 15:12:05 +02:00
Alexander A. Klimov	3d69a31043	Fix compiler warnings by removing unused variables	2025-10-17 09:56:46 +02:00
Julian Brost	56255ac7a6	Merge commit from fork ... Check for permissions when evaluating object filters	2025-10-16 14:13:36 +02:00
Johannes Schmidt	2378b7e121	Remove TicketSalt in VariableQueryHandler as early as possible ... This is to avoid another kind of exploit found by where TicketSalt can be accessed when the object filter is evaluated by checking its name via the local `variable` reference and then `throw`ing it to print it in the error message. Reported-by: julian.brost@icinga.com	2025-10-02 15:51:42 +02:00
Johannes Schmidt	61670d5f23	Add permission checking to script frames and filter utilities	2025-10-02 15:51:38 +02:00
Julian Brost	be2b1a878e	Endpoint expose seconds_processing_messages attribute ... Co-authored-by: Alexander A. Klimov <alexander.klimov@icinga.com>	2025-09-23 11:05:08 +02:00
Julian Brost	e3ee07b5a0	Measure and store message processing time per endpoint ... Co-authored-by: Alexander A. Klimov <alexander.klimov@icinga.com>	2025-09-23 11:05:08 +02:00
Yonas Habteab	5f862ce3bb	HttpServerConnection: use std::chrono for m_Seen	2025-09-12 13:40:36 +02:00
Yonas Habteab	97ad0fc552	Make HTTP livness timout configurable for unittests ... It's annoying to have to wait 10 seconds for the `liveness_disconnect` test to complete, so make the timeout configurable and set it to a way lower value to test the functionality.	2025-09-12 12:54:18 +02:00
Julian Brost	87df80d322	Merge pull request #10516 from Icinga/http-handlers-stream-refactor ... Refactor HTTP connection handling and some handlers to stream responses	2025-08-29 11:33:34 +02:00
Johannes Schmidt	4782ea8a75	Make inherited protected functions of ApiListener public ... This is needed so it's possible to manually add an ApiListener object for the purpose of unit-testing.	2025-08-28 13:22:18 +02:00
Johannes Schmidt	bb75d73012	Refactor ObjectQueryHandler to use new JSON stream encoder	2025-08-28 13:22:18 +02:00
Johannes Schmidt	62b2dadbac	Remove extra parameters from HTTP handler signature ... These parameters are no longer needed since they were only used by EventsHandler which was refactored in an earlier commit.	2025-08-28 13:22:18 +02:00
Johannes Schmidt	d32f04a863	Refactor EventsHandler to stream responses via chunked encoding	2025-08-28 13:22:18 +02:00
Johannes Schmidt	3832bb4296	Use new HTTP message classes in HttpServerConnection and Handlers	2025-08-28 13:22:18 +02:00
Johannes Schmidt	37df843700	Add HttpRequest and HttpResponse classes	2025-08-28 13:22:15 +02:00
Alexander Aleksandrovič Klimov	9905e9af32	Merge pull request #10389 from Icinga/zone-endpoint-order ... Zone#GetEndpoints(): return endpoints in the specified order, not randomly🎲	2025-08-22 10:11:51 +02:00
Alexander Aleksandrovič Klimov	5f2ee6e119	Merge pull request #10393 from Icinga/zone-endpoint-log ... ApiListener#RelayMessageOne(): log🪵 to which Endpoint messages are relayed	2025-08-22 10:11:25 +02:00
Alexander A. Klimov	17b49bd5b6	ApiListener#RelayMessageOne(): log to which Endpoint messages are relayed ... if they're for our parent Zone.	2025-08-15 11:03:55 +02:00
Yonas Habteab	ce3275d27f	Disallow stage deletions during reload ... Once the new worker process has read the config, it also includes a `include */include.conf` statement within the config packages root directory, and from there on we must not allow to delete any stage directory from the config package. Otherwise, when the worker actually evaluates that include statement, it will fail to find the directory where the include file is located, or the `active.conf` file, which is included from each stage's `include.conf` file, thus causing the worker fail. Co-Authored-By: Johannes Schmidt <johannes.schmidt@icinga.com>	2025-07-24 16:02:30 +02:00