| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2017-10-19 | Makefile: only show changed files in "make format" | Joseph Richey | |
| 2017-10-19 | util: Add better user lookup functions | Joseph Richey | |
| When looking up users in fscrypt, we often want to proceed even if the requested uid doesn't appear to be a valid user on the system. This mainly occurs when a user is deleted, but they still have a login protector on disk. Thus, GetUser() with a bad uid creates a fake user with a pretty placeholder name. The corresponding call sites of util.EffectiveUser are changed (often simplifying logic). Various documentation is updated and typos are fixed. | |||
| 2017-10-19 | util: Reorder functions | Joseph Richey | |
| Variables are generally declared at the top of a file. | |||
| 2017-10-19 | Makefile and .gitignore cleanup | Joseph Richey | |
| Our .gitignore file was overly restrictive, fixed to only include the fscrypt binary. Also, our build tags were incorrectly formatted. The tags are removed and the corresponding lint rule is simplified. The build tags will be added back after the refactor. | |||
| 2017-10-04 | Merge pull request #70 from kant/patch-1 | Joseph Richey | |
| Typos | |||
| 2017-10-05 | Typos | Darío Hereñú | |
| 2017-10-03 | Merge pull request #69 from google/makefilev0.2.20.2.2 | Joseph Richey | |
| Makefile cleanup | |||
| 2017-10-03 | Makefile: Updated scripts to run tests in travis | Joseph Richey | |
| 2017-10-03 | Merge pull request #68 from dvrkps/patch-1 | Joseph Richey | |
| travis: update go version | |||
| 2017-10-03 | travis: update go version | Davor Kapsa | |
| 2017-10-02 | Merge pull request #67 from google/sync | Joseph Richey | |
| security: Sync filesystem before dropping caches | |||
| 2017-10-02 | security: Sync filesystem before dropping caches | Joe Richey joerichey@google.com | |
| 2017-09-29 | Merge pull request #64 from google/new_values | Joseph Richey | |
| Update all external dependencies to the latest version | |||
| 2017-09-29 | Merge pull request #65 from google/session_keyring | Joseph Richey | |
| security: Add check option to UserKeyringID | |||
| 2017-09-29 | vendor: Just add windows to make govendor work | Joseph Richey | |
| 2017-09-29 | Fix lint | Joseph Richey | |
| 2017-09-29 | security: Add check option to UserKeyringID | Joseph Richey | |
| 2017-09-29 | metadata: Add new encryption modes | Joseph Richey | |
| 2017-09-29 | Makefile: Don't update dependancies w/ "make all" | Joseph Richey | |
| 2017-09-29 | vendor: Update to latest versions | Joseph Richey | |
| This changes the vendored sources of github.com/golang/protobuf, golang.org/x/crypto/ssh, and golang.org/x/sys/unix to be the current master versions. | |||
| 2017-09-06 | Fixes logging string for policies | Joseph Richey | |
| We should always log the descriptor not the entire policy structure. | |||
| 2017-09-01 | Merge pull request #56 from google/panicsv0.2.10.2.1 | Joseph Richey | |
| Fixed failures in PAM module | |||
| 2017-09-01 | cmd/fscrypt: Add explanations for keyring failures | Joseph Richey | |
| Now the user is persented with help when they try to access a keyring that isn't theirs or try to use fscrypt without a user keyring linked into the session keyring. | |||
| 2017-09-01 | cmd/fscrypt: Check that keyrings are setup | Joseph Richey | |
| Chaning the --user flag to (optionally) check for a proper keyring setup allows us to fail early in cases where we need a working keyring. | |||
| 2017-09-01 | security: Change user keyring lookup algorithm | Joseph Richey | |
| Now instead of spawning a seperate thread we alternate between changing the euid and ruid to both find the keyring and link it to the process keyring. Note that we also ensure that the user keyring is linked into the root keyring whenever possible. | |||
| 2017-09-01 | security: No more permenant privilege dropping | Joseph Richey | |
| This was creating an issue becasuse fully dropping privileges required spawning a goroutine and using rutime.DropOSThread(). | |||
| 2017-09-01 | pam_fscrypt: PAM module no longer crashes on panic | Joseph Richey | |
| Now the offending panic will just be logged and the module will fail. This is important as to not crash the login process. | |||
| 2017-08-31 | Merge pull request #52 from google/keyrings | Joseph Richey | |
| Changes to the keyrings interface, corresponding UI changes, and misc changes | |||
| 2017-08-31 | Merge pull request #54 from google/uuid | Joseph Richey | |
| Use `/dev/disk/by-uuid` to get UUID links to other filesystems | |||
| 2017-08-31 | filesystem: libblkid -> search /dev/disk/by-uuid | Joe Richey | |
| 2017-08-31 | security: Error if privilege reset goes wrong | Joe Richey | |
| 2017-08-31 | Fixed linter issues | Joe Richey | |
| 2017-08-30 | cmd/fscrypt: Add --user flag for running as root | Joe Richey | |
| The --user flag can now be used to have the targe user (the one whose keyring and password will be used in fscrypt) be different than the calling user. Very usefull for things like sudo fscrypt purge /media/joerichey/usb --user=joerichey which will now have privileges to drop caches, but will properly clear the keys from the user's keyring. | |||
| 2017-08-30 | pam_fscrypt: Added logging and use of new pam API | Joe Richey | |
| 2017-08-30 | actions: context now hold a target user.User | Joe Richey | |
| This user is used with policies to interface with the keryings and with protectors to indicate which user's login passphrase should be used to protectors of type pam_passphrase. | |||
| 2017-08-30 | crypto: Updated to include user parameter | Joe Richey | |
| 2017-08-30 | pam: Handle holds data for calling and PAM users | Joe Richey | |
| The functions are now changed to (Start|Stop)AsPamUser to indicate that they handle privilege modification and keyring setup. | |||
| 2017-08-30 | security: Rewrite of keryings and permissions | Joe Richey | |
| The keyring lookup functions no longer read from /proc/keys. Now they simply spawn a thread, drop privs, and check with GetKeyringID and KEY_SPEC_USER_KEYRING. See userKeyringID() for more info. The privileges functions have also been changed. Now the concept of setting privileges is seperate form the concept of setting up the keyrings. | |||
| 2017-08-30 | util: Added parsing and effective user functions | Joseph Richey | |
| 2017-08-30 | gitignore: Update to include VSCode files | Joseph Richey | |
| 2017-08-29 | Go formatter "gofmt" -> "goimports" | Joseph Richey | |
| 2017-08-29 | pam_fscrypt: Handle empty arguments list | Joseph Richey | |
| 2017-08-29 | cmd/fscrypt: Stop dropping/raising for sudo | Joseph Richey | |
| 2017-08-29 | Merge pull request #49 from google/misc | Joseph Richey | |
| Fix a wide variety of small issues and update documentation | |||
| 2017-08-29 | Merge pull request #48 from google/contrib | Joseph Richey | |
| Update CONTRIBUTING.md to explain how issues will work | |||
| 2017-08-29 | Merge pull request #47 from google/build_tags | Joseph Richey | |
| Makefile: Build version flag no longer needs repo | |||
| 2017-08-29 | README: Clarified boot related encryption issues | Joe Richey | |
| 2017-08-29 | CONTRIBUTING: typo | Joe Richey | |
| 2017-08-29 | crypto: Handle when "ulimit -l" is too low | Joe Richey | |
| 2017-08-29 | Fixed typos | Joe Richey | |
 |
index : fscrypt.git | |
| Go tool for managing Linux filesystem encryption |
| aboutsummaryrefslogtreecommitdiff |