This pull request adds a status endpoint to the Red October server; as
of this pull request, the status endpoint only returns the current
delegation persistence state. The HTTP UI has not been updated, as
this is scoped out for a future request; however, the CLI utility now
features a status command to fetch this information.
Remove the unexported type used in the NewServer func so that it may be
used outside this package, which allows for integration style tests that
start an instance of a RO server.
The channel based request locking has been replaced with LimitListener,
which prevents simultaneous handling of TCP connections.
Don't assume that the creator of the order wants the delegations.
Instead it's much nicer with our current scheme to take in a big
slice of people who want delegations, so that each person who ne
eds a delegation doesn't need to make an order.
Supports MSP and requires several arguments to add hipchat integration to
red october. RedOctober will then alert on creation of an order, any new
delegation, or several other states.
The idea is to create a new type (to avoid ugly string parsing) and
then, instead of iterating through delegations with the username, iterate
through the delegations and look for your username and matching slot. Also
in cases we don't have the slot (everything but delegation), find the slot
when we match a user.
This fixes a bug introduced by the new socket activation/systemd-brokered listening whereby Red October speaks HTTP rather than HTTPS over that socket.
This allows a single Red October instance to have multiple names,
which is useful for load-balancing across multiple instances (e.g.,
one can have a fleet of instances (ro1, ro2, ...) and also a logical
name (redoctober.example.com) and have working access via both names
thanks to the magic of SNI.
Add a new flag, -systemdfds, which causes Red October to expect to be
provisioned on launch with file descriptors for sockets opened by
systemd. This is useful for socket activation, but also allows systemd
to bind privileged ports for us. I've included example systemd
configuration files that successfully start Red October as a service
user without admin rights but bound to 443 in a Jessie VM for me. They
need to be installed where systemd expects them, which on Jessie is
/etc/systemd/system/redoctober.service and
/etc/systemd/system/sockets.target.wants/redoctober.socket.
're-encrypt' allows us to re-encrypt an RO encryption to a different set
of owners and labels. Currently two delegations are sufficient to carry
out this operation.
This patch adds the /owners API endpoint that returns the list of users
that "own" the given secret. These are the users that can delegate their
passwords for decrypting the secret.
It also adds the "Get Owners" form in the web UI that uses the new API.
Fixes#62
- Update README.md
- Set read-only and write-only channels.
- Reorganized code.
- Set Content-Type and HSTS on index
- House keeping in ecdh.go and symcrypt.go
- Fixed bug; user changes weren't being saved.
