This allows a single Red October instance to have multiple names,
which is useful for load-balancing across multiple instances (e.g.,
one can have a fleet of instances (ro1, ro2, ...) and also a logical
name (redoctober.example.com) and have working access via both names
thanks to the magic of SNI.
Add a new flag, -systemdfds, which causes Red October to expect to be
provisioned on launch with file descriptors for sockets opened by
systemd. This is useful for socket activation, but also allows systemd
to bind privileged ports for us. I've included example systemd
configuration files that successfully start Red October as a service
user without admin rights but bound to 443 in a Jessie VM for me. They
need to be installed where systemd expects them, which on Jessie is
/etc/systemd/system/redoctober.service and
/etc/systemd/system/sockets.target.wants/redoctober.socket.
're-encrypt' allows us to re-encrypt an RO encryption to a different set
of owners and labels. Currently two delegations are sufficient to carry
out this operation.
This patch adds the /owners API endpoint that returns the list of users
that "own" the given secret. These are the users that can delegate their
passwords for decrypting the secret.
It also adds the "Get Owners" form in the web UI that uses the new API.
Fixes#62
- Update README.md
- Set read-only and write-only channels.
- Reorganized code.
- Set Content-Type and HSTS on index
- House keeping in ecdh.go and symcrypt.go
- Fixed bug; user changes weren't being saved.
