arver 0.0.5

data/lib/arver/io_logger.rb

@@ -0,0 +1,34 @@
+module Arver
+    
+  class IOLogger
+
+     include LogLevels
+
+     attr_accessor :level, :stream
+  
+     def initialize( stream = $stdout, level = Info )
+       @level = level
+       @stream = stream
+     end
+     
+     def trace( string )
+       write( string ) if level <= Trace
+     end
+     def debug( string )
+       write( string ) if level <= Debug
+     end
+     def info( string)
+       write( string ) if level <= Info
+     end
+     def warn( string )
+       write( string ) if level <= Warn
+     end
+     def error( string )
+       write( string ) if level <= Error
+     end
+     def write( string )
+       stream.write( string.to_s+"\n" )
+       stream.flush
+     end
+  end
+end

data/lib/arver/key_generator.rb

@@ -0,0 +1,29 @@
+module Arver
+  class KeyGenerator
+    def initialize
+      @keys = {}
+    end
+    
+    def generate_key( user, partition )
+      key = ActiveSupport::SecureRandom.base64(192)
+      add( user, partition, key )
+      key
+    end
+    
+    def add( user, partition, luks_key )
+      @keys[user] ||= {}
+      @keys[user][partition.path] = { :key => luks_key, :time => Time.now.to_f }
+    end
+
+    def remove_key( user, partition )
+      @keys[user].delete( partition.path )
+    end
+    
+    def dump
+      @keys.each do | user, user_keys |
+        KeySaver.save( user, user_keys.to_yaml ) unless user_keys.empty?
+      end
+      @keys = {}
+    end
+  end
+end

data/lib/arver/key_info_action.rb

@@ -0,0 +1,29 @@
+module Arver
+  class KeyInfoAction < Action
+    def initialize(targets)
+      super(targets)
+      self.open_keystore
+    end
+    def pre_action
+      Arver::Log.write( "Listing keys: (+) available (-) not available: " )
+    end 
+    def pre_host(h)
+      Arver::Log.write( " #{h.name}" )
+    end
+    def pre_partition(p)
+      if keystore.luks_key?(p)
+        line = "   +"
+      else
+        line = "   -"
+      end
+      versions = keystore.key_versions(p).collect do |v| 
+        if v == 0 
+          "0" 
+        else 
+          Date.strptime(v.to_s,'%s') 
+        end
+      end
+      Arver::Log.write( "#{line} #{p.device_path} (#{versions.join(", ")})" )
+    end
+  end
+end

data/lib/arver/key_saver.rb

@@ -0,0 +1,128 @@
+module Arver
+  class KeySaver
+    
+    def self.save( user, key )
+      unless GPGKeyManager.check_key_of( user )
+        return
+      end
+      gpg_key = GPGKeyManager.key_of( user )
+      key = add_padding( key )
+      crypto = GPGME::Crypto.new :armor => true
+      begin
+        if( Arver::RuntimeConfig.instance.trust_all )
+          encrypted = crypto.encrypt( key, {:recipients => gpg_key.fingerprint, :always_trust => true})
+        else
+          encrypted = crypto.encrypt( key, {:recipients => gpg_key.fingerprint, :armor => true})
+        end
+      rescue GPGME::Error => gpgerr
+        Arver::Log.error( "GPGME Error #{gpgerr} Message: #{gpgerr.message}" )
+        return
+      end
+      key_encrypted = encrypted.read
+      unless( Arver::RuntimeConfig.instance.dry_run )
+        FileUtils.mkdir_p key_path(user) unless File.exists?( key_path(user) )
+        filename = key_path(user)+"/"+OpenSSL::Digest::SHA1.new(key_encrypted).to_s
+        File.open( filename, 'w' ) do |f|
+          f.write key_encrypted
+        end
+      end
+      filename
+    end
+    
+    def self.key_path( user )
+      config_path+"/keys/"+user
+    end
+    
+    def self.config_path
+      Arver::LocalConfig.instance.config_dir
+    end
+    
+    def self.purge_keys( user )
+      FileUtils.rm_rf( key_path( user ) )
+    end
+
+    def self.num_of_key_files( user )
+      Dir.entries( key_path( user ) ).size - 2
+    end
+    
+    def self.read( user )
+      GPGKeyManager.check_key_of( user )
+      return [] unless File.exists?( key_path( user ) )
+      decrypted = []
+      crypto = GPGME::Crypto.new
+      Dir.entries( key_path( user ) ).sort.each do | file |
+        unless( file == "." || file == ".." )
+          Arver::Log.trace( "Loading keyfile "+file )
+          key_encrypted = File.open( key_path( user )+"/"+file )
+          begin
+            decrypted_txt = crypto.decrypt( key_encrypted, { :passphrase_callback => method( :passfunc ) } )
+          rescue GPGME::Error => gpgerr
+            Arver::Log.error( "GPGME Error #{gpgerr} Message: #{gpgerr.message}" )
+            next
+          end
+          decrypted_key = substract_padding( decrypted_txt.read )
+          decrypted += [ decrypted_key ];
+        end
+      end
+      decrypted
+    end
+
+    def self.add_padding( key )
+      marker = "--"+ActiveSupport::SecureRandom.base64( 82 )
+      size = 450000
+      padding_size = size - key.size
+      if padding_size <= 0
+        padding_size = 0
+        Arver::Log.warn( "Warning: Your arver keys exceed the maximal padding size, therefore i can no longer disguise how many keys you possess.")
+      end
+      padding = ActiveSupport::SecureRandom.base64( padding_size )
+      marker +"\n"+ key + "\n" + marker + "\n" + padding
+    end
+    
+    def self.substract_padding( key )
+      if( key.starts_with? '--- ' )
+        Arver::Log.warn( "Warning: you are using deprecated unpadded keyfiles. Please run garbage collect!" )
+        return key
+      end
+      marker = ""
+      striped_key = ""
+      key.each_line do |line|
+        if( marker.empty? )
+           marker = line
+        elsif( line == marker )
+          break
+        else
+          striped_key += line
+        end
+      end
+      striped_key.chomp
+    end
+  end
+end
+
+
+def passfunc(hook, uid_hint, passphrase_info, prev_was_bad, fd)
+  Arver::Log.write("Passphrase for #{uid_hint}: ")
+  begin
+    io = IO.for_fd(fd, 'w')
+    io.puts( ask("") { |q| q.echo = false } )
+    io.flush
+  ensure
+    (0 ... $_.length).each do |i| $_[i] = ?0 end if $_
+  end
+  Arver::Log.write("")
+end
+
+def testpassfunc(hook, uid_hint, passphrase_info, prev_was_bad, fd)
+  $stderr.write("Passphrase for #{uid_hint}: (test Mode) ")
+  $stderr.flush
+  begin
+    io = IO.for_fd(fd, 'w')
+    io.puts( "test" )
+    io.flush
+  ensure
+    (0 ... $_.length).each do |i| $_[i] = ?0 end if $_
+  end
+  $stderr.puts
+end
+

data/lib/arver/keystore.rb

@@ -0,0 +1,70 @@
+module Arver
+  class Keystore
+      
+    include Singleton
+    
+    attr_accessor :username
+        
+    def initialize
+      @keys = {}
+      @key_versions = {}
+      self.username= Arver::LocalConfig.instance.username
+    end
+    
+    def load
+      flush_keys
+      KeySaver.read( self.username ).each do | loaded |
+        YAML.load( loaded ).each do | target, key |
+          load_luks_key(target,key)
+        end
+      end
+    end
+    
+    def save
+      purge_keys
+      KeySaver.save(username, @keys.to_yaml)
+    end
+    
+    def purge_keys
+      KeySaver.purge_keys( username )
+    end
+    
+    def flush_keys
+      @keys = {}
+    end
+  
+    def luks_key(partition)
+      @keys[partition.path][:key] unless ! @keys[partition.path]
+    end
+    
+    def load_luks_key(partition, new_key)
+      if( new_key.kind_of? Hash )
+        if( ! @keys[partition] || @keys[partition][:time] <= new_key[:time] )
+          @keys[partition] = new_key
+        end
+      else
+        unless( @keys[partition] )
+          @keys[partition] = { :key => new_key, :time => 0.0 }
+        end
+      end
+      mark_key_version(partition,@keys[partition])
+    end
+
+    def mark_key_version(path,key)
+      @key_versions[path] ||= []
+      @key_versions[path] << key[:time]
+    end
+
+    def key_versions(partition)
+      @key_versions[partition.path] || []
+    end
+    
+    def add_luks_key(partition, new_key)
+      @keys[partition.path] = { :key => new_key, :time => Time.new.to_f }
+    end
+
+    def luks_key?(partition)
+      ! @keys[partition.path].nil?
+    end
+  end
+end  

data/lib/arver/list_action.rb

@@ -0,0 +1,7 @@
+module Arver
+  class ListAction < Action
+    def post_action
+      Arver::Log.write( Arver::Config.instance.tree.to_ascii )
+    end
+  end
+end

data/lib/arver/local_config.rb

@@ -0,0 +1,41 @@
+class Arver::LocalConfig
+  #this Config Object holds the local defaults for Arver. All options correspond to the ones set in .arver.local
+  include Singleton
+
+  def path
+    File.expand_path("~/.arver")
+  end
+
+  def config
+    @config ||= load_file( path )
+  end
+
+  def default
+    { 'config_dir' => "~/.arverdata", 'username' => "" }
+  end
+
+  def load_file(filename)
+    content = YAML.load(File.read(filename)) if File.exists?(filename)
+    self.default.merge(content||{})
+  end
+
+  def save
+    File.open( path, 'w' ) { |f| f.write(self.config.to_yaml) }
+  end
+
+  def username
+    self.config['username']
+  end
+
+  def username= username
+    self.config['username'] = username
+  end
+
+  def config_dir
+    File.expand_path(self.config['config_dir'])
+  end
+
+  def config_dir=(directory)
+    self.config['config_dir'] = directory
+  end
+end

data/lib/arver/log.rb

@@ -0,0 +1,39 @@
+module Arver
+  class Log
+    
+    include LogLevels
+    
+    def self.logger()
+      @@logger ||= IOLogger.new
+    end
+    def self.logger=( logger )
+      @@logger = logger
+    end
+    
+    def self.trace( string )
+      logger.trace( string )
+    end
+    def self.debug( string )
+      logger.debug( string )
+    end
+    def self.info( string )
+      logger.info( string )
+    end
+    def self.warn( string )
+      logger.warn( string )
+    end
+    def self.error( string )
+      logger.error( string )
+    end
+    def self.write( string )
+      logger.write( string )
+    end
+    def self.level( num )
+      logger.level=( num )
+    end
+
+    
+  end
+end
+      
+    

data/lib/arver/log_levels.rb

@@ -0,0 +1,9 @@
+module Arver
+  module LogLevels
+    Trace = 1
+    Debug = 2
+    Info = 3
+    Warn = 4
+    Error = 5
+  end
+end

data/lib/arver/luks_wrapper.rb

@@ -0,0 +1,29 @@
+module Arver
+  class LuksWrapper
+    def self.addKey( key_slot, partition )
+      Arver::SSHCommandWrapper.create( "cryptsetup", [ "--batch-mode", "--key-slot=#{key_slot}", "luksAddKey", partition.device_path ], partition.parent, true )
+    end
+    def self.close( partition )
+      Arver::SSHCommandWrapper.create( "cryptsetup", [ "luksClose", "#{partition.name}"], partition.parent, true )
+    end
+    def self.dump( partition )
+      Arver::SSHCommandWrapper.create( "cryptsetup", [ "luksDump", partition.device_path ], partition.parent, true )
+    end
+    def self.create( key_slot, partition )
+      Arver::SSHCommandWrapper.create( "cryptsetup", [ "--batch-mode", "--key-slot=#{key_slot}", "--cipher=aes-cbc-essiv:sha256", "--key-size=256", "luksFormat", partition.device_path ], partition.parent, true )
+    end
+    def self.killSlot( key_slot, partition )
+      Arver::SSHCommandWrapper.create( "cryptsetup", [ "--batch-mode", "luksKillSlot", partition.device_path, key_slot ], partition.parent, true )
+    end
+    def self.open( partition )
+      Arver::SSHCommandWrapper.create( "cryptsetup", [ "--batch-mode", "luksOpen", "-T 1", partition.device_path, partition.name ], partition.parent, true )
+    end
+    def self.open?( partition )
+      Arver::SSHCommandWrapper.create( "test", [ "-b", "/dev/mapper/#{partition.name}" ], partition.parent, true )
+    end
+    def self.was_wrong_key?( command_wrapper )
+      # before version 1.2 return value was 234
+      command_wrapper.return_value == 234 || command_wrapper.return_value == 2
+    end
+  end
+end

data/lib/arver/node_with_script_hooks.rb

@@ -0,0 +1,25 @@
+module Arver
+  module NodeWithScriptHooks 
+    attr_accessor :pre_open, :pre_close, :post_open, :post_close
+    def script_hooks_to_yaml
+      yaml = ""
+      yaml << "'pre_open': '#{pre_open}'\n" unless pre_open.nil?
+      yaml << "'pre_close': '#{pre_close}'\n" unless pre_close.nil?
+      yaml << "'post_open': '#{post_open}'\n" unless post_open.nil?
+      yaml << "'post_close': '#{post_close}'\n" unless post_close.nil?
+      yaml
+    end
+    def script_hooks_from_hash( hash )
+      hash.each do | name, data |
+        self.pre_open= data if name == "pre_open"
+        self.pre_close= data if name == "pre_close"
+        self.post_open= data if name == "post_open"
+        self.post_close= data if name == "post_close"
+      end
+      hash.delete("pre_open") 
+      hash.delete("pre_close") 
+      hash.delete("post_open") 
+      hash.delete("post_close") 
+    end
+  end
+end