Age | Commit message (Expand) | Author | Files | Lines |
2020-11-25 | clearly state the license | Christian Hesse | 9 | -22/+748 |
2020-11-25 | exchange challenge files•••This makes sure that the challenge file is never non-existent.
| Christian Hesse | 1 | -5/+12 |
2020-11-25 | sync challenge file to disk before closing | Christian Hesse | 1 | -0/+4 |
2020-02-08 | update copyright for 2020 | Christian Hesse | 7 | -7/+7 |
2019-02-20 | prepare version 0.7.60.7.6 | Christian Hesse | 1 | -1/+1 |
2019-02-18 | completly replace rand() with getrandom() | Christian Hesse | 1 | -12/+10 |
2019-02-18 | do not use hardcoded size | Christian Hesse | 1 | -1/+1 |
2019-02-18 | replace getrandom() with getentropy() | Christian Hesse | 1 | -1/+1 |
2019-02-17 | Seed with real random number | Christian Hesse | 1 | -5/+7 |
2019-01-01 | update copyright for 2019 | Christian Hesse | 7 | -7/+7 |
2018-08-14 | release: add comment with file name to signatures | Christian Hesse | 1 | -3/+3 |
2018-06-14 | update dependencies' upstream urls | Christian Hesse | 1 | -5/+5 |
2018-06-11 | prepare version 0.7.50.7.5 | Christian Hesse | 1 | -1/+1 |
2018-06-08 | remove trailing spaces, update url | Christian Hesse | 1 | -2/+2 |
2018-06-08 | update .gitignore | Christian Hesse | 1 | -0/+4 |
2018-06-08 | make gitlab.com a mirror•••https://blog.github.com/2018-06-04-github-microsoft/
| Christian Hesse | 1 | -2/+6 |
2018-06-06 | release: write tar signature to git notes | Christian Hesse | 1 | -0/+1 |
2018-04-01 | fix compiler warning/error with GCC 8.x•••GCC 8.x reports:
worker.c:66:2: error: 'strncpy' specified bound 108 equals destination
size [-Werror=stringop-truncation]
Replace strncpy() with memcpy(), fixes #25.
| Christian Hesse | 1 | -1/+1 |
2018-03-14 | drop grub workaround, use upstream support for multiple early initrd images•••This requires grub upstream support for multiple early initrd images:
http://git.savannah.gnu.org/cgit/grub.git/commit/?id=a698240df0c43278b2d1d7259c8e7a6926c63112
grub-2-04 | Christian Hesse | 4 | -27/+18 |
2018-01-29 | improve systemd notification handling | Christian Hesse | 1 | -1/+3 |
2018-01-22 | prepare version 0.7.40.7.4 | Christian Hesse | 1 | -1/+1 |
2018-01-19 | less conditions for string duplication•••This makes sure second_factor is not NULL and prevents later NULL
dereferences. Fixes #23.
| Christian Hesse | 1 | -4/+4 |
2018-01-02 | update copyright for 2018 | Christian Hesse | 7 | -7/+7 |
2017-11-25 | link required libraries only | Christian Hesse | 1 | -6/+6 |
2017-11-25 | prepare version 0.7.30.7.3 | Christian Hesse | 1 | -1/+1 |
2017-11-22 | use printf to generate version.h | Christian Hesse | 1 | -3/+1 |
2017-11-21 | prevent systemd from reporting failed with result 'protocol'•••A systemd service with Type=notify expects READY=1.
| Christian Hesse | 1 | -3/+5 |
2017-10-30 | allow access to the service status notification socket | Christian Hesse | 1 | -0/+1 |
2017-10-30 | update the logic for second factor | Christian Hesse | 1 | -9/+20 |
2017-10-30 | make sure the worker is run from systemd service | Christian Hesse | 3 | -3/+16 |
2017-10-30 | add missing header comment | Christian Hesse | 1 | -0/+5 |
2017-10-20 | use annotated (and signed) tags only | Christian Hesse | 1 | -1/+1 |
2017-10-06 | prepare version 0.7.20.7.2 | Christian Hesse | 1 | -1/+1 |
2017-09-22 | run ykfde-worker after ykfde-2f, but do not require | Christian Hesse | 1 | -1/+0 |
2017-09-22 | sleep and pkill are no longer required | Christian Hesse | 3 | -6/+0 |
2017-09-22 | ... same for dracut | Christian Hesse | 1 | -2/+2 |
2017-09-22 | we always need the worker | Christian Hesse | 1 | -2/+2 |
2017-09-16 | update for recent keyring changes in systemd•••With systemd v235 we will have new KeyringMode= for services. Setting
KeyringMode=shared allows to share secrets between services. Use that
for our services.
As udev is not started with a shared keyring we can not run the worker
directly. Instead always start the service.
systemd-v235 | Christian Hesse | 4 | -1/+4 |
2017-07-04 | prepare version 0.7.10.7.1 | Christian Hesse | 1 | -1/+1 |
2017-07-03 | undo the changes with session keyring•••The keyring handling has been fixed with systemd v234, so revert using
the session keyring.
systemd-v234 | Christian Hesse | 1 | -16/+1 |
2017-07-03 | prepare version 0.7.00.7.0 | Christian Hesse | 1 | -1/+1 |
2017-06-22 | do not track changes in /etc/ykfde.d/ | Christian Hesse | 2 | -1/+4 |
2017-06-22 | rename the worker program•••This is no longer just udev... So rename and move.
| Christian Hesse | 9 | -33/+17 |
2017-06-22 | wipe second factor from memory | Christian Hesse | 1 | -0/+1 |
2017-06-20 | Rework the code, update keyring handling•••This had some historical issue... So rework the code:
* split into more functions
* drop the sleep and notify logic
* update keyring handling
Depending on setup and systemd version (233 and up) the keyring handling
fails. Try to fix this by...
* writing to session keyring first
* setting permissions
* linking to user keyring
* unlinking from session keyring
https://mjg59.dreamwidth.org/37333.html
systemd-v233 | Christian Hesse | 6 | -194/+208 |
2017-06-20 | Revert "request key from user keyring"•••This reverts commit e90e36ae106b4c6ff30a6ce0c0b1d03a5615a363.
The argument expects a destination keyring to create a key in case it is
not found. So keep the zero, which means not to create a key.
| Christian Hesse | 1 | -1/+1 |
2017-06-14 | invert condition | Christian Hesse | 1 | -8/+5 |
2017-06-14 | FIX: save old termio structure properly | Benjamin Pereto | 1 | -2/+2 |
2017-04-28 | Updated ykfde.c to silently skip terminal updates when tcgetattr fails so tha... | Alec Lanter | 1 | -14/+20 |
2017-03-08 | use https for my mirror | Christian Hesse | 1 | -1/+1 |
2017-03-02 | request key from user keyring | Christian Hesse | 1 | -1/+1 |
2017-03-02 | share memory for passphrase and askpass answer | Christian Hesse | 1 | -9/+7 |
2017-03-02 | systemd-ask-password: give id as suggested by man page | Christian Hesse | 1 | -1/+1 |
2017-03-02 | update copyright for 2017 | Christian Hesse | 6 | -6/+6 |
2016-07-09 | prepare version 0.6.40.6.4 | Christian Hesse | 1 | -1/+1 |
2016-07-07 | Small grammar and instruction updates•••Modified a bit of grammar, added a clarifying paragraph or two,
and added a working HOOKS example
Signed-off-by: Christian Hesse <mail@eworm.de>
| Steve Divskinsy | 2 | -42/+62 |
2016-07-06 | proper clean up of resources | Christian Hesse | 1 | -7/+15 |
2016-07-06 | fix some misc issues | Christian Hesse | 1 | -8/+10 |
2016-07-06 | simplify error path | Christian Hesse | 1 | -2/+1 |
2016-07-06 | open the Yubikey when needed•••Some key do an unplug/plug sequence after challenge/response. Thus the
second challenge/response failed.
So let's open the key only when needed and have a clean context.
| Christian Hesse | 1 | -11/+57 |
2016-07-06 | update dracut for latest code•••Did I get everyting? This is untested...
| Christian Hesse | 1 | -3/+5 |
2016-05-28 | add EditorConfig configuration | Christian Hesse | 1 | -0/+18 |
2016-05-28 | indent with tabs | Christian Hesse | 3 | -17/+17 |
2016-05-28 | Merge branch 'systemd-units' | Christian Hesse | 6 | -29/+31 |
2016-05-28 | install systemd unit file without execute permission | Christian Hesse | 1 | -1/+1 |
2016-05-22 | do not install ykfde-2f but ykfde-notify.service | Christian Hesse | 1 | -1/+1 |
2016-05-22 | update dependencies | Christian Hesse | 1 | -1/+3 |
2016-05-22 | add comment about sleep•••Is there any better way than sleeping?
| Christian Hesse | 1 | -0/+3 |
2016-05-22 | do not write password to log•••This requires systemd-ask-password with option --no-output, so it
depends on systemd v230 (or commit a5a4e365).
systemd-v230 | Christian Hesse | 1 | -1/+1 |
2016-05-22 | fix start order of units | Christian Hesse | 1 | -0/+1 |
2016-05-22 | drop shell script and implement with systemd units | Christian Hesse | 4 | -27/+23 |
2016-05-06 | use own function to ask for LUKS passphrase | Christian Hesse | 1 | -5/+11 |
2016-05-06 | prepare version 0.6.30.6.3 | Christian Hesse | 1 | -1/+1 |
2016-05-06 | make ykfde-cpio depend on version.h | Christian Hesse | 1 | -1/+1 |
2016-05-06 | give hint we want the *current* second factor | Christian Hesse | 1 | -1/+1 |
2016-05-04 | update documentation again, give real example | Christian Hesse | 2 | -16/+20 |
2016-05-04 | update help output | Christian Hesse | 2 | -2/+3 |
2016-05-04 | update documentation•••* Use long version of switches.
* Use --new-2nd-factor (instead of --2nd-factor) for initialization.
| Christian Hesse | 2 | -16/+24 |
2016-05-04 | move terminal input to function, verify matching strings for new factor | Christian Hesse | 1 | -37/+49 |
2016-05-04 | simplify code structure | Christian Hesse | 1 | -47/+49 |
2016-05-04 | simplify return code handling•••We do not return the return codes from library functionen, but that is
not a big issue...
| Christian Hesse | 3 | -67/+30 |
2016-05-04 | support reading second factor from terminal•••This increases security by not displaying on display and not writing
to shell history.
| Christian Hesse | 3 | -17/+78 |
2016-05-04 | do not allow to give second factor twice | Christian Hesse | 1 | -0/+12 |
2016-05-04 | fix error condition for yk_close_key() and yk_release() | Christian Hesse | 2 | -4/+4 |
2016-05-04 | fix error condition for yk_init() | Christian Hesse | 2 | -4/+6 |
2016-05-04 | fix error condition for yk_get_serial() | Christian Hesse | 2 | -2/+4 |
2016-05-03 | prepare version 0.6.20.6.2 | Christian Hesse | 1 | -1/+1 |
2016-05-03 | add empty line for indention | Christian Hesse | 1 | -0/+1 |
2016-05-03 | fix error condition for yk_challenge_response() | Christian Hesse | 2 | -9/+12 |
2016-05-03 | do not crypt_free() when crypt_status() fails | Christian Hesse | 1 | -1/+1 |
2016-05-03 | make ykfde-cpio understand command parameters | Christian Hesse | 2 | -2/+35 |
2016-05-03 | fix compiler and linker flags and produce binaries with full RELRO | Christian Hesse | 2 | -2/+4 |
2016-05-03 | warn when second factor is preocessed but not enabled in config | Christian Hesse | 1 | -0/+5 |
2016-05-03 | define new constant for max second factor length | Christian Hesse | 1 | -2/+3 |
2016-04-04 | prepare version 0.6.10.6.1 | Christian Hesse | 1 | -1/+1 |
2016-04-04 | do not write second factor to stdout (and log to journal)•••Signed-off-by: Christian Hesse <mail@eworm.de>
| Christian Hesse | 1 | -1/+1 |
2016-04-04 | let systemd-ask-password add the key to store and drop keyctl•••Signed-off-by: Christian Hesse <mail@eworm.de>
systemd-v227 | Christian Hesse | 2 | -4/+1 |
2016-04-04 | prepare version 0.6.00.6.0 | Christian Hesse | 1 | -1/+1 |
2016-02-26 | shell and commands are required for second factor only | Christian Hesse | 1 | -7/+7 |
2016-02-25 | README-mkinitcpio: emphasize we need a systemd-enabled initramfs•••close #4
Signed-off-by: Christian Hesse <mail@eworm.de>
| Aron Widforss | 1 | -2/+3 |