fscrypt.git/pam, branch refactor Go tool for managing Linux filesystem encryption util: Add better user lookup functions 2017-10-19T10:34:51+00:00 Joseph Richey joerichey94@gmail.com 2017-10-19T10:15:28+00:00 b7de8535f899f2b88d61f4f1264fe6a272196536 When looking up users in fscrypt, we often want to proceed even if the requested uid doesn't appear to be a valid user on the system. This mainly occurs when a user is deleted, but they still have a login protector on disk. Thus, GetUser() with a bad uid creates a fake user with a pretty placeholder name. The corresponding call sites of util.EffectiveUser are changed (often simplifying logic). Various documentation is updated and typos are fixed. 
When looking up users in fscrypt, we often want to proceed even if the
requested uid doesn't appear to be a valid user on the system. This
mainly occurs when a user is deleted, but they still have a login
protector on disk.

Thus, GetUser() with a bad uid creates a fake user with a pretty
placeholder name. The corresponding call sites of util.EffectiveUser are
changed (often simplifying logic). Various documentation is updated and
typos are fixed.
security: Add check option to UserKeyringID 2017-09-29T09:52:56+00:00 Joseph Richey joerichey94@gmail.com 2017-09-29T09:52:56+00:00 4d9372795e7b53d105f69790c1d9deadbff85458 






security: Change user keyring lookup algorithm
2017-09-01T07:53:07+00:00

Joseph Richey
joerichey94@gmail.com

2017-09-01T07:53:07+00:00

1ce72a7367967152948dbe332ea8d9834f194c27

Now instead of spawning a seperate thread we alternate between changing
the euid and ruid to both find the keyring and link it to the process
keyring. Note that we also ensure that the user keyring is linked into
the root keyring whenever possible.





Now instead of spawning a seperate thread we alternate between changing
the euid and ruid to both find the keyring and link it to the process
keyring. Note that we also ensure that the user keyring is linked into
the root keyring whenever possible.







security: No more permenant privilege dropping
2017-09-01T07:50:42+00:00

Joseph Richey
joerichey94@gmail.com

2017-09-01T07:50:42+00:00

d5f64c1ecd8f13f01681d0a18b8f3174ff9bd225

This was creating an issue becasuse fully dropping privileges required
spawning a goroutine and using rutime.DropOSThread().





This was creating an issue becasuse fully dropping privileges required
spawning a goroutine and using rutime.DropOSThread().







pam: Handle holds data for calling and PAM users
2017-08-31T00:55:30+00:00

Joe Richey
joerichey@google.com

2017-08-31T00:55:30+00:00

70efc397db81f3ad170e54114f3ad0a97f2ed7d0

The functions are now changed to (Start|Stop)AsPamUser to indicate that
they handle privilege modification and keyring setup.





The functions are now changed to (Start|Stop)AsPamUser to indicate that
they handle privilege modification and keyring setup.







pam_fscrypt: Session accounting completed
2017-08-24T01:51:23+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-08-24T01:51:23+00:00

d617d7725ce8b91df2152d6539da10c401c59325












Added some documentation and improved security API
2017-08-23T19:29:10+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-08-23T19:29:10+00:00

b15792b8d7c197d84970415fd2525c51aee3996c












pam_fscrypt: lock all PAM policies w/ flag
2017-08-22T22:41:18+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-08-22T22:41:18+00:00

ef5cc07774674c66b5dbeb7c655a26ac6371e378












Various small nits a helper functions for PAM
2017-08-22T18:51:31+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-07-19T22:40:35+00:00

f3f1d2f98de26e8180c56d87aaad0e4e98fb4e47












cmd/fscrypt: purge command now clears cache
2017-08-18T05:49:44+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-08-16T01:11:29+00:00

151e8965fa3a9c8f65e316430f9df0fa763fb02d