aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-10-19Random changesext4Joseph Richey
2017-10-19Fscrypt usage is good and dos endings fixedJoseph Richey
2017-10-19fmt almost doneJoe Richey joerichey@google.com
2017-10-19Destroy refactorJoseph Richey
2017-10-19fscrypt.go now has no errorsJoseph Richey
2017-10-19Move around and fscrypt refactorJoe Richey joerichey@google.com
2017-10-19Refactor almost completeJoseph Richey
2017-10-19Command, Context, command line splitting setupJoe Richey joerichey@google.com
2017-10-19FixesJoe Richey joerichey@google.com
2017-10-19ext4: start refactorJoe Richey joerichey@google.com
2017-10-19ext4: Build working, args parsingJoseph Richey
2017-10-19ext4: Initial work for fscrypt-ext4Joe Richey joerichey@google.com
2017-10-04Merge pull request #70 from kant/patch-1Joseph Richey
Typos
2017-10-05TyposDarío Hereñú
2017-10-03Merge pull request #69 from google/makefilev0.2.20.2.2Joseph Richey
Makefile cleanup
2017-10-03Makefile: Updated scripts to run tests in travisJoseph Richey
2017-10-03Merge pull request #68 from dvrkps/patch-1Joseph Richey
travis: update go version
2017-10-03travis: update go versionDavor Kapsa
2017-10-02Merge pull request #67 from google/syncJoseph Richey
security: Sync filesystem before dropping caches
2017-10-02security: Sync filesystem before dropping cachesJoe Richey joerichey@google.com
2017-09-29Merge pull request #64 from google/new_valuesJoseph Richey
Update all external dependencies to the latest version
2017-09-29Merge pull request #65 from google/session_keyringJoseph Richey
security: Add check option to UserKeyringID
2017-09-29vendor: Just add windows to make govendor workJoseph Richey
2017-09-29Fix lintJoseph Richey
2017-09-29security: Add check option to UserKeyringIDJoseph Richey
2017-09-29metadata: Add new encryption modesJoseph Richey
2017-09-29Makefile: Don't update dependancies w/ "make all"Joseph Richey
2017-09-29vendor: Update to latest versionsJoseph Richey
This changes the vendored sources of github.com/golang/protobuf, golang.org/x/crypto/ssh, and golang.org/x/sys/unix to be the current master versions.
2017-09-06Fixes logging string for policiesJoseph Richey
We should always log the descriptor not the entire policy structure.
2017-09-01Merge pull request #56 from google/panicsv0.2.10.2.1Joseph Richey
Fixed failures in PAM module
2017-09-01cmd/fscrypt: Add explanations for keyring failuresJoseph Richey
Now the user is persented with help when they try to access a keyring that isn't theirs or try to use fscrypt without a user keyring linked into the session keyring.
2017-09-01cmd/fscrypt: Check that keyrings are setupJoseph Richey
Chaning the --user flag to (optionally) check for a proper keyring setup allows us to fail early in cases where we need a working keyring.
2017-09-01security: Change user keyring lookup algorithmJoseph Richey
Now instead of spawning a seperate thread we alternate between changing the euid and ruid to both find the keyring and link it to the process keyring. Note that we also ensure that the user keyring is linked into the root keyring whenever possible.
2017-09-01security: No more permenant privilege droppingJoseph Richey
This was creating an issue becasuse fully dropping privileges required spawning a goroutine and using rutime.DropOSThread().
2017-09-01pam_fscrypt: PAM module no longer crashes on panicJoseph Richey
Now the offending panic will just be logged and the module will fail. This is important as to not crash the login process.
2017-08-31Merge pull request #52 from google/keyringsJoseph Richey
Changes to the keyrings interface, corresponding UI changes, and misc changes
2017-08-31Merge pull request #54 from google/uuidJoseph Richey
Use `/dev/disk/by-uuid` to get UUID links to other filesystems
2017-08-31filesystem: libblkid -> search /dev/disk/by-uuidJoe Richey
2017-08-31security: Error if privilege reset goes wrongJoe Richey
2017-08-31Fixed linter issuesJoe Richey
2017-08-30cmd/fscrypt: Add --user flag for running as rootJoe Richey
The --user flag can now be used to have the targe user (the one whose keyring and password will be used in fscrypt) be different than the calling user. Very usefull for things like sudo fscrypt purge /media/joerichey/usb --user=joerichey which will now have privileges to drop caches, but will properly clear the keys from the user's keyring.
2017-08-30pam_fscrypt: Added logging and use of new pam APIJoe Richey
2017-08-30actions: context now hold a target user.UserJoe Richey
This user is used with policies to interface with the keryings and with protectors to indicate which user's login passphrase should be used to protectors of type pam_passphrase.
2017-08-30crypto: Updated to include user parameterJoe Richey
2017-08-30pam: Handle holds data for calling and PAM usersJoe Richey
The functions are now changed to (Start|Stop)AsPamUser to indicate that they handle privilege modification and keyring setup.
2017-08-30security: Rewrite of keryings and permissionsJoe Richey
The keyring lookup functions no longer read from /proc/keys. Now they simply spawn a thread, drop privs, and check with GetKeyringID and KEY_SPEC_USER_KEYRING. See userKeyringID() for more info. The privileges functions have also been changed. Now the concept of setting privileges is seperate form the concept of setting up the keyrings.
2017-08-30util: Added parsing and effective user functionsJoseph Richey
2017-08-30gitignore: Update to include VSCode filesJoseph Richey
2017-08-29Go formatter "gofmt" -> "goimports"Joseph Richey
2017-08-29pam_fscrypt: Handle empty arguments listJoseph Richey
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-10 13:23:56 +0000