Rooba
/
odyssey
mirror of https://github.com/yandex/odyssey.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,141 Commits 47 Branches 11 Tags 35 MiB
Commit Graph

93 Commits

Author SHA1 Message Date
Ovchinnikov Andrew 0e44d13290
mdb iamproxy auth support (#561) 2024-02-05 15:25:50 +05:00
reshke abf4e369f5
Add makefile and CMakeFiles code to use custom openssl in build (#529) 
* Add makefile and CMakeFiles code to use custom openssl in build

* APlyy fmt and rebase
 2023-08-31 13:25:58 +05:00
reshke 286802ca55
Do not offer scram-256-plus over non-SSL connection (#528) 2023-08-30 18:27:29 +05:00
reshke d0638f309b
Cache auth info for auth query for 10 sec. (#523) 
* Cache auth info for auth query for 10 sec.

* Invalidate auth cache on reload
 2023-08-01 15:21:47 +05:00
reshke 8ad4666682
Add extended logging to ldap routines and internals (#520) 2023-07-27 14:23:50 +05:00
reshke 39d0c3aeb3
Channel binding for SCRAM auth method (#490) 
* Channel binding for SCRAM auth method

* Apply fmt
 2023-07-10 14:04:48 +03:00
Andrey Borodin e3f08723f7
Fix UNIX socket connection to server (#499) 
* Fix UNIX socket connection to server

target_session_attrs prevented usage usage of UNIX socket because
in some cases we need to pick any connection host. UNIX socket does
not posess one, so the code was SegFaulting.
 2023-05-24 17:35:14 +05:00
Anton Voloshin be82ae08ec
remove extra spaces from "user blocked:" message (#461) 
These spaces are, obviously, leftovers from back when formatting string contained "%s%s" without spaces.
 2022-08-25 19:06:44 +05:00
Ilya Maltsev ce3a777d2b
Access management to PostgreSQL with LDAP (#454) 
This commit extends functionality of ldap authentication. It introduces LDAP server groups match feature, allowing r strict access between different users to different databases on same host.  Odyssey now will receive optional attributes from LDAP server while authenticating user and use them to acquire backend connection under proper role.
 2022-08-13 13:55:13 +05:00
kirill reshke 88578e0b50
Be more explicit about blocking user info (#435) 
* Be more explicit about blocking user info

* apply fmt
 2022-05-23 11:47:44 +05:00
kirill reshke 136dcca1a4
Fixes for release candidate (#434) 
* apply fmt

* Fix od_reset retcode handling

* fix error msg formatting
 2022-05-17 21:25:28 +05:00
kirill reshke d215160b3a
Fix compiler warnings (#386) 2021-12-09 16:34:04 +05:00
reshke 8967555f61 Fix for auth query when user password is empty 2021-12-05 15:51:00 +00:00
kirill reshke 3478c90915
Fix a couple of null pointer refernce (#331) 
Co-authored-by: reshke <Kirill Reshke>
 2021-05-28 13:27:58 +05:00
reshke 71c98b23a8 fix a couple of coverity issues 2021-05-20 18:13:05 +05:00
reshke a78664e7b7 Add password_passthrough option to route 2021-05-19 17:18:49 +05:00
reshke 94b4859df6 fallback to reuse client token to backend auth 2021-04-30 17:09:01 +05:00
reshke 74623edfb5 LDAP auth in od 2021-04-28 17:54:56 +05:00
Andrey Borodin de71caf4ab
Merge pull request #304 from x4m/af_fix 
Pass auth information to server after recieving it from auth_query
 2021-04-19 20:38:09 +03:00
Andrey Borodin 9f78f451ec Apply fmt 2021-04-19 22:25:36 +05:00
Andrey Borodin 8dace7befe Pass auth information to server after recieving it from auth_query 
This should fix #291 for MD5
 2021-04-19 17:27:19 +05:00
reshke 30ee39009a rework module subsystem 2021-04-14 14:25:27 +05:00
reshke fcd349bc44 introduce a couple of hooks in auth & config reload 2021-04-12 21:58:06 +05:00
kirill reshke 3a55be6e61
change formatting (#250) 
Co-authored-by: reshke <Kirill Reshke>
 2020-12-28 15:43:31 +05:00
kirill reshke 89ef383056
fix build (#237) 
Co-authored-by: reshke <Kirill Reshke>
 2020-11-27 23:03:42 +05:00
kirill reshke dd52fbd83e
compiler hints + just make world a better place & formatting things (#236) 2020-11-25 15:17:15 +05:00
kirill reshke 785e85ab6f
Fix leaks and improve locking in cron (#229) 
Also fix some warnings.
 2020-11-23 14:13:28 +05:00
kirill reshke 070c2a7fe1
apply fmt && fix CI second try (#215) 
Co-authored-by: reshke <Kirill Reshke>
 2020-10-19 14:51:02 +05:00
kirill reshke 7135f2f0c8
fix CI (#213) 
Co-authored-by: reshke <Kirill Reshke>
 2020-10-16 21:30:45 +05:00
Andrey Borodin b2cc1a4af6 Format 2020-07-09 10:45:17 +05:00
Andrey Borodin cb094d9722 Suppress few warnings 2020-07-09 10:45:17 +05:00
kirill reshke bfd5e07ed2
PAM PI modifications (#176) 
Co-authored-by: reshke <Kirill Reshke>
 2020-06-16 10:27:33 +05:00
lowgear 11f8567e38
Fix memory leak at auth.c (#151) 
* free pointer after use

* free only after use

* more accurate freeing

* use USE_SSL macro if openssl is found for correct pg sha256 structures definition
 2020-06-11 15:02:48 +05:00
kirill reshke 41a5449969
odyssey modules (#156) 2020-06-09 14:19:11 +05:00
lowgear 1d5d1b5c21
treat buffer respecting size (1) (#160) 2020-06-09 11:51:13 +05:00
lowgear ea79d800d2
added style check to travis (#158) 
* added style check to travis

* fixed style

* missing change

* check style first

* no excludes, use certain clang-format version

* install clang-format-9

* added submodule

* fix exclude
 2020-06-04 22:35:44 +05:00
Andrey Borodin 5c9357f4fe
Improve frequent user error messages (#153) 2020-06-04 15:25:28 +05:00
kirill reshke 6398523292
Add remote hosthona param to pam auth (#142) 
Co-authored-by: reshke <Kirill Reshke>
 2020-04-07 13:58:13 +05:00
Georgy Rylov c25c5bd050
Applying clang-format with saving indentations (#140) 
* applying clang-format with saving indentations

* rebase
 2020-04-02 16:00:56 +05:00
Andrey Borodin b2d75b0b3c
Coverity scan results (#119) 
A lot of small fixes for small bugs of various severity
 2020-02-18 18:05:02 +05:00
Andrey 2a37c37e23 Fix incorrect password response forwarding 2020-01-20 11:46:43 +05:00
Andrey Borodin 42695c614f One more compiler warning 2019-11-19 15:33:51 +05:00
Dima Starkov a8ca664a63 Implements SCRAM Authentication (#73) 2019-11-11 12:28:50 +03:00
Dmitry Simonenko c6542d7003 odyssey: post merge fixes 2019-09-27 16:47:45 +03:00
reshke debfd09d8e Add PAM auth support 2019-09-26 13:54:53 +05:00
Dmitry Simonenko feb97828c6 odyssey: post merge fixes and refactoring 2019-08-10 19:30:45 +03:00
Michael Goryainov 7713e08f41 Moved od_getpeername() call to auth.c 2019-07-17 13:07:34 +03:00
Andrey Borodin 99b1979ea5 Reformat code 2019-06-26 10:49:51 +05:00
Michael Goryainov 7b6fb2ded7 * Corrected SEGFAULT in case of non-existent user in auth_query 
+ Added ability for host-based authentification a-la pg_hba:
  e.g.
  auth_query "SELECT usename, passwd FROM pg_shadow,pg_hba_net WHERE usename='%u' AND ((pg_shadow.usename=pg_hba_net.username and network >> '%h') OR (SELECT COUNT(*) FROM pg_hba_net WHERE username='%u'))
 2019-06-25 17:09:31 +03:00
Andrey Borodin 5fa204b082 Minor fixes 2019-04-25 14:23:23 +05:00