14547 commits

This branch

This branch

All branches

Author	SHA1	Message	Date
Yonas Habteab	017a4012f3	TimePeriod: properly validate ranges field	2025-11-14 16:38:41 +01:00
Alexander A. Klimov	cba30e7d05	Actually use Registry#Freeze() at startup, when everything has been registered	2025-11-07 18:02:41 +01:00
Alexander A. Klimov	68a8480251	Introduce Registry::GetInstance() to deduplicate such methods ... in derived classes and inline them, as side effect, to speed up calls.	2025-11-07 18:01:38 +01:00
Alexander A. Klimov	2e3551e497	Introduce Registry#Freeze()	2025-11-07 18:01:38 +01:00
Alexander A. Klimov	496a65d0d0	Registry#Get*(): use shared locking to allow concurrent access	2025-11-07 18:01:38 +01:00
Alexander A. Klimov	7fc722e581	Make Registry#ItemMap a hash table to speed up lookups	2025-11-07 18:01:38 +01:00
Alexander A. Klimov	c3d9727133	Inline Registry#RegisterInternal() used only once	2025-11-07 18:01:38 +01:00
Alexander A. Klimov	87a2f9fade	Remove unused Registry#OnRegistered	2025-11-07 18:01:38 +01:00
Alexander A. Klimov	0fb4e4d642	Remove unused Registry#OnUnregistered	2025-11-07 18:01:38 +01:00
Yonas Habteab	35fdea8805	Merge pull request #10613 from Icinga/clear-suppr-notif-after-tp-resume ... Clear suppressed notifications only after the TimePeriod is resumed	2025-11-03 17:52:13 +01:00
Yonas Habteab	5e109b869b	SELinux: allow logrotate to execute icinga2 binary	2025-11-03 17:24:54 +01:00
Johannes Schmidt	75c7d28bb1	Adapt the unit-test to reflect fix in the previous commit	2025-11-03 15:39:39 +01:00
Johannes Schmidt	a9c139f5c5	Subtract inapplicable suppressed notifications at a later point ... Without this commit, every time the NotificationTimerHandler runs it will discard notifications that don't apply to the reason of the latest check result. This is probably intended to clear outdated suppressed notifications immediately when the TimePeriod resumes, but it also clears out important ones (see the test case). This commit fixes that by clearing out inapplicable notifications when the timer runs the first time after the TimePeriod resumes. By that time we can expect that no new suppressed notifications will be added and all notifications that don't conflict with the last check-result can still be run. Fixes #10575	2025-11-03 15:39:39 +01:00
Johannes Schmidt	68b3b9fd3a	Add unit-tests for NotificationComponent ... This includes a few common scenarios and a reproduction of the current behavior affected by the underlying bug of issue #10575. This is done both to document the change in behavior, as well as to ensure the behavior of the other scenarios stays the same before and after the fix is applied.	2025-11-03 15:39:35 +01:00
Johannes Schmidt	84cdddb176	Add ClearTestLogger method to TestLoggerFixture	2025-10-22 10:31:17 +02:00
Johannes Schmidt	f42510f981	Merge pull request #9411 from Icinga/compiler-warnings ... Fix compiler warnings	2025-10-21 15:23:31 +02:00
Alexander A. Klimov	d877e818db	Fix compiler warnings	2025-10-17 17:08:31 +02:00
Alexander A. Klimov	9612de881a	Fix compiler warnings by not std::move()ing where redundant	2025-10-17 17:08:31 +02:00
Alexander A. Klimov	78631fa319	Fix compiler warnings by ensuring variable initialization	2025-10-17 17:08:31 +02:00
Alexander A. Klimov	315c9a3692	Fix compiler warnings by replacing x&&y||z with (x&&y)||z	2025-10-17 17:08:30 +02:00
Alexander Aleksandrovič Klimov	5d46ca4f77	Merge pull request #9730 from Icinga/don-t-define-use-openssl-callback-for-in-openssl-v1-1 ... Don't define/use OpenSSL*Callback() for/in OpenSSL > v1.1	2025-10-17 16:41:07 +02:00
Alexander A. Klimov	37b5c39e20	Fix compiler warnings by re-ordering member init in constructors	2025-10-17 15:33:57 +02:00
Alexander Aleksandrovič Klimov	c25297e26a	Merge pull request #9729 from Icinga/fix-compiler-warnings-by-removing-unused-variables ... Fix compiler warnings by removing unused variables	2025-10-17 15:12:05 +02:00
Alexander A. Klimov	728d6fff3e	Don't define/use OpenSSL*Callback() for/in OpenSSL > v1.1 ... Since OpenSSL v1.1 the macros they're passed to expand to nothing creating the illusion those functions aren't used. That triggers compiler warnings.	2025-10-17 14:28:00 +02:00
Alexander Aleksandrovič Klimov	2c9233db80	GHA: add Ubuntu 25.10	2025-10-17 13:24:59 +02:00
Alexander Aleksandrovič Klimov	6d98756fb5	Merge pull request #10580 from Icinga/opensuse16 ... GHA: Add openSUSE 16	2025-10-17 13:21:53 +02:00
Julian Brost	82cd88f093	Merge pull request #10552 from Icinga/remove-obsolete-gcc-workaround ... Remove workaround for GCC 4.x	2025-10-17 12:17:14 +02:00
Alexander A. Klimov	3d69a31043	Fix compiler warnings by removing unused variables	2025-10-17 09:56:46 +02:00
Julian Brost	d372ecc20b	AtomicOrLocked: use std::conditional_t and std::is_trivially_copyable_v ... std::conditional_t was added in C++14, is_trivially_copyable_v in C++17, both do the same as the previous implementation and are a bit more compact.	2025-10-16 16:50:03 +02:00
Julian Brost	a2dc35031c	Remove obsolete workaround for GCC 4.x ... The fallback implementation was added for GCC 4.x as that didn't yet implement std::is_trivially_copyable. However, by now we're using C++17 as our language standard and that wasn't even implemented in GCC 4.x yet[^1]: Some C++17 features are available since GCC 5, but support was experimental and the ABI of C++17 features was not stable until GCC 9. Hence, this became more or less dead code and can be removed. [^1]: https://gcc.gnu.org/projects/cxx-status.html#cxx17	2025-10-16 16:50:03 +02:00
Julian Brost	cfff82ba05	Merge commit from fork ... DerefExpression: Add missing nullptr check	2025-10-16 14:14:45 +02:00
Julian Brost	56255ac7a6	Merge commit from fork ... Check for permissions when evaluating object filters	2025-10-16 14:13:36 +02:00
Julian Brost	3de8975223	Merge pull request #10551 from Icinga/add-github-problem-matchers ... Add Github Problem Matchers actions for GCC/MSVC	2025-10-16 11:32:28 +02:00
Julian Brost	c7ae088ec0	Merge pull request #10588 from Icinga/bump-openssl ... windows: bump OpenSSL to `3.0.18`	2025-10-09 10:33:40 +02:00
Alexander Aleksandrovič Klimov	8c2f6192c3	Merge pull request #10589 from Icinga/Al2Klimov-patch-3 ... GHA: re-add Debian 11	2025-10-08 18:07:46 +02:00
Alexander Aleksandrovič Klimov	7e672f61bc	GHA: re-add Debian 11 ... We are still packaging it at the moment.	2025-10-08 15:44:44 +02:00
Yonas Habteab	73abf6a70b	windows: bump OpenSSL to 3.0.18	2025-10-08 15:32:00 +02:00
Julian Brost	ce600ce01c	Merge pull request #10530 from Icinga/kill-drop-permissions ... Send signals as Icinga user in safe-reload and logrotate	2025-10-08 14:29:27 +02:00
Yonas Habteab	8aafeb48a3	Merge pull request #10581 from Icinga/cleanup-ghas ... GHA: drop all distros that are no longer supported	2025-10-08 10:57:30 +02:00
Julian Brost	a02a4594f4	DerefExpression: Add missing nullptr check ... Due to this missing check, evaluating a DSL expression can result in a null dereference, crashing the Icinga 2 process. Given that API users can also provide DSL expression as filters, this can be triggered over the network as well. This issue was assigned CVE-2025-61908.	2025-10-08 10:04:52 +02:00
Yonas Habteab	df1e5c95e3	GHA: drop all distros that are no longer supported	2025-10-07 16:46:06 +02:00
Yonas Habteab	31b9c4eec9	GHA: Add openSUSE 16	2025-10-07 16:03:34 +02:00
Alvar	beddc3ff93	Merge pull request #10564 from freaknils/master ... ITL: Enhanced SMART attributes monitoring plugin check configuration to more parameters	2025-10-07 07:50:10 +00:00
Nils Czernia	0dbc1a7e6b	ITL: Enhanced SMART attributes monitoring plugin check configuration to more parameters	2025-10-06 15:27:17 +02:00
Johannes Schmidt	2378b7e121	Remove TicketSalt in VariableQueryHandler as early as possible ... This is to avoid another kind of exploit found by where TicketSalt can be accessed when the object filter is evaluated by checking its name via the local `variable` reference and then `throw`ing it to print it in the error message. Reported-by: julian.brost@icinga.com	2025-10-02 15:51:42 +02:00
Johannes Schmidt	578ad5115e	Add test-cases for checking permissions in filter exprs	2025-10-02 15:51:42 +02:00
Johannes Schmidt	9fed14d6fa	Filter global variables when Sandboxed	2025-10-02 15:51:42 +02:00
Johannes Schmidt	218e41aed6	Declare functions as unsafe that aren't useful in filter expressions ... + get_objects(): Has no use because in sandboxed contexts the result can't be filtered or iterated over. + get_template(): Currently this is not dangerous because the returned dictionary object does not hold any interesting information. However, someone could add more details in the future and forget to add a permission check. + get_templates(): Combines the reasons for get_objects() and get_template() + get_env(): There is no point of ever using this in a filter expression.	2025-10-02 15:51:42 +02:00
Johannes Schmidt	07216bdf77	Check for permission in get_object()	2025-10-02 15:51:42 +02:00
Johannes Schmidt	61670d5f23	Add permission checking to script frames and filter utilities	2025-10-02 15:51:38 +02:00