arver 0.0.5

data/CHANGELOG.textile

@@ -0,0 +1,9 @@
+=== 0.0.4 2012-04-30
+
+* Updated to run with ruby 1.9
+* Validate gpg fingerprints
+
+=== 0.0.1 2010-07-11
+
+* 1 major enhancement:
+  * Initial release

data/README.textile

@@ -0,0 +1,120 @@
+h1. arver
+
+* https://git.codecoop.org/projects/arver
+
+h2. DESCRIPTION:
+
+arver is a tool to manage encrypted harddisks.
+
+Imagine you are a collective with several admin members. Your servers have 
+diffrent LUKS encrypted devices.
+
+Either you would need 1 password for every device which everyone needs to know
+or you use arver! Arver has 1 password for each device and for each member. This
+password is stored encrypted with the personal gpg-key in the data directory.
+The admins only need to know the password to the their own gpg secret key.
+
+This has the following advantages:
+
+* No need to share passwords or password patterns
+** Often people share passwords amongst each another. This has the drawback that
+   in case of an emergency every password needs to be changed. Which means that
+   everyone else needs to learn a bunch of new passwords and changing these
+   passwords is also quite cumbersome and time consuming.
+** As the amount of passwords might grow with your disks and hosts you will start
+   using a password pattern to derive passwords for each disk from that pattern.
+   This has the drawback that you can hardly share only partial access to disks
+   with a certain admin, as if she knows the pattern she will also likely have
+   access to every other disk. Furthermore, if once one password is leaked and
+   the patter is easily visible, all the other passwords are also compromised.
+* Managing your encrypted harddisks is scriptable, which means that you can
+  recover much faster from outages
+* Revoking access for an admin is scriptable and therefore done in one call and
+  also much safer than revoking manually for each disk.
+* Finer grained access. As for each user and each disk there will be a seperate
+  password by design. You can also grant access to certain disks also only
+  selectively. So for example new admins in your group can only open the disks
+  for your most important services or for which they are respnsible, while access
+  to the other disks is restriced to other admins.
+
+h1. Usage
+
+arver ships with a detailed man page, describing the usage in detail. 
+
+h1. Limitations
+
+* arver supports only up to 8 users as LUKS has only 8 key slots (LUKS NUMKEYS).
+
+h1. Known Issues
+
+h2. GPGME and gpg-agent
+
+If arver asks you multiple times for the password, you might consider to use
+gpg-agent, so you can decrypt your keypair once and the use it for all your
+stored keys.
+
+You can test gpg-agent by trying to decrypt an encrypted file for your user in
+data/keys/USERNAME/key_X . It will tell you about possible gpg-erorrs.
+
+Configuring gpg-agent is quite simple and you find information on the following
+website: http://dougbarton.us/PGP/gpg-agent.html
+
+If you install gpg-agent like dougbarton recomends, you need to further verify
+that the environment variable GPG_AGENT_INFO is accessible within the arver
+script. An option is to add the following entry to your .bashrc
+
+    if [ -r "${HOME}/.gpg-agent-info" ]; then
+      . ${HOME}/.gpg-agent-info
+      export GPG_AGENT_INFO
+    fi
+
+h1. Requirements
+
+arver only works with cryptsetup-luks >= 1.0.5 as previous versions do not
+support key slots properly for our usage.
+
+h1. Installation
+
+The easiest way to install arver is by gem
+
+  sudo gem install arver
+
+This will install all required dependecies automatically. If your distributions
+contains an arver package we recommend installation by your package manager.
+
+The following ruby gems are required for arver:
+
+* gpgme 2
+* activesupport 2
+* escape
+
+For development you will need the following additional gems:
+
+* rake
+* cucumber
+* rspec
+
+h1. License
+
+(The MIT License)
+
+Copyright (c) 2010 arver
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/bin/arver

@@ -0,0 +1,10 @@
+#!/usr/bin/env ruby
+#
+#  Created by arver on 2010-7-11.
+#  Copyright (c) 2010. All rights reserved.
+
+$:.unshift File.join(File.dirname(__FILE__), *%w[.. lib])
+require 'arver'
+require "arver/cli"
+
+Arver::CLI.execute($stdout,ARGV)

data/lib/arver.rb

@@ -0,0 +1,6 @@
+%w{ singleton yaml fileutils active_support gpgme escape openssl}.each {|f| require f }
+$:.unshift(File.dirname(__FILE__)) unless
+  $:.include?(File.dirname(__FILE__)) || $:.include?(File.expand_path(File.dirname(__FILE__)))
+ 
+%w{ gpg_key_manager luks_wrapper action create_action list_action gc_action adduser_action deluser_action info_action close_action open_action target_list command_wrapper ssh_command_wrapper log_levels io_logger log string bootstrap local_config config test_config_loader node_with_script_hooks partition_hierarchy_node host hostgroup tree partition test_partition key_generator key_saver keystore runtime_config key_info_action}.each {|f| require "arver/#{f}" }
+

data/lib/arver/action.rb

@@ -0,0 +1,78 @@
+module Arver
+  class Action
+    
+    attr_accessor :keystore, :target_list, :target_user, :slot_of_target_user, :generator, :key
+    
+    def initialize( target_list )
+      self.target_list= target_list
+    end
+    
+    def on_user( username )
+      return true unless needs_target_user?
+      unless Arver::Config.instance.exists?(username)
+        Arver::Log.error( "No such user" )
+        return false
+      end
+      return false unless verify_key_on_target( username ) 
+      self.slot_of_target_user= Arver::Config.instance.slot( username )
+      self.target_user= username
+      true
+    end
+
+    def verify_key_on_target( username )
+      Arver::GPGKeyManager.check_key_of( username )
+    end
+
+    def needs_target_user?
+      false
+    end
+    
+    def new_key_generator
+      self.generator= Arver::KeyGenerator.new
+    end
+    
+    def open_keystore
+      self.keystore= Arver::Keystore.instance
+      keystore.load
+    end
+    
+    def run_on( node )
+      node.run_action( self ) if node.target?( self.target_list )
+    end
+    
+    def pre_action
+    end
+    
+    def post_action
+    end
+    
+    def pre_host( host )
+    end
+    
+    def verify?( partition )
+      true
+    end
+
+    def load_key( partition )
+      self.key= keystore.luks_key( partition )
+
+      if( key.nil? )
+        Arver::Log.error( "No permission on #{partition.path}. Skipping." )
+        return false
+      end
+      true
+    end      
+
+    def pre_partition( partition )
+    end
+    
+    def execute_partition( partition )
+    end
+    
+    def post_partition( partition )
+    end
+    
+    def post_host( host )
+    end
+  end
+end

data/lib/arver/adduser_action.rb

@@ -0,0 +1,54 @@
+module Arver
+  class AdduserAction < Action
+        
+    def initialize( target_list )
+      super( target_list )
+      self.open_keystore
+      self.new_key_generator
+    end
+   
+    def pre_action
+      tl = ""
+      target_list.each { |t| tl += ( tl.empty? ? "": ", " )+t.name }
+      Arver::Log.info( "adduser was called with target(s) #{tl} and user #{target_user} (slot-no #{slot_of_target_user})" )
+    end
+    
+    def needs_target_user?
+      true
+    end
+
+    def verify?( partition )
+      if not Arver::RuntimeConfig.instance.ask_password then
+        return false unless load_key( partition )
+      else
+        self.key= ask("Enter the password for the volume: #{partition.device}") {|q| q.echo = false}
+      end
+      unless( Arver::LuksWrapper.open?(partition).execute )
+        Arver::Log.error( "WARNING: "+partition.name+" is not open. skipping." )
+        return false
+      end
+      true
+    end
+
+    def execute_partition( partition )
+      Arver::Log.info( "Generating keys for partition #{partition.device}" )
+
+      # generate a key for the new user
+      Arver::Log.debug( "generate_key (#{target_user},#{partition.path})" )
+      
+      newkey = generator.generate_key( target_user, partition )
+
+      caller = Arver::LuksWrapper.addKey( slot_of_target_user.to_s, partition )
+      caller.execute( key + "\n" + newkey )
+      
+      unless( caller.success? )
+        Arver::Log.error( "Could not add user to #{partition.path} \n #{caller.output}" )
+        generator.remove_key( target_user, partition )
+      end
+    end
+    
+    def post_action
+      self.generator.dump
+    end
+  end
+end

data/lib/arver/bootstrap.rb

@@ -0,0 +1,35 @@
+class Arver::Bootstrap
+  class << self
+    def run(options)
+      local = Arver::LocalConfig.instance
+      local.config_dir = options[:config_dir] unless options[:config_dir].empty?
+      local.username = options[:user] unless options[:user].empty?
+
+      unless local.username.present?
+        Arver::Log.error( "No user defined" )
+        return false
+      end
+
+      config = Arver::Config.instance
+      config.load
+
+      self.load_runtime_config(options)
+     
+      unless Arver::Config.instance.exists?(local.username)
+        Arver::Log.error( "No such user #{local.username}" )
+        return false
+      end
+      Arver::GPGKeyManager.check_key_of(local.username)
+    end
+
+    def load_runtime_config(options)
+      rtc = Arver::RuntimeConfig.instance
+      rtc.dry_run = options[:dry_run]
+      rtc.ask_password = options[:ask_password]
+      rtc.force = options[:force]
+      rtc.violence = options[:violence]
+      rtc.test_mode = options[:test_mode]
+      rtc.trust_all = options[:trust_all]
+    end  
+  end
+end

data/lib/arver/cli.rb

@@ -0,0 +1,133 @@
+require 'optparse'
+
+module Arver
+  class CLI
+    def self.execute(output,arguments=[])
+
+      Arver::Log.logger= IOLogger.new( output )
+
+      options = {
+        :user     => '',
+        :config_dir   => '',
+        :dry_run  => false,
+        :test_mode => false,
+        :ask_password  => false,
+        :force  => false,
+        :violence  => false,
+        :action => nil,
+        :argument => {},
+      }
+      
+      parser = OptionParser.new do |opts|
+        opts.banner = <<-BANNER.gsub(/^          /,'')
+          arver.
+
+          Usage: #{File.basename($0)} [options] ACTION
+
+          Options:
+        BANNER
+        opts.on("-c", "--config-dir PATH", String,
+                "Path to config dir.",
+                "Default: .arver") { |arg| options[:config_dir] = arg }
+        opts.on("-u", "--user NAME", String,
+                "Username." ) { |arg| options[:user] = arg }
+        opts.on("-h", "--help",
+                "Show this help message.") { Arver::Log.write opts; return }
+        opts.on("--dry-run",
+                "Test your command.") { options[:dry_run] = true }
+        opts.on("--ask-password",
+                "Ask for Password when --add-user.") { options[:ask_password] = true }
+        opts.on("-t", "--trust-all",
+                "Use untrusted GPG Keys.") { options[:trust_all] = true }
+        opts.on("--force",
+                "Apply force (allow duplicate keys)") { options[:force] = true }
+        opts.on("--violence",
+                "Apply violence (allow destruction of disk)") { options[:violence] = true }
+        opts.on("-v",
+                "Verbose") { Arver::Log.level( Arver::LogLevels::Debug ) }
+        opts.on("--vv",
+                "Max Verbose") { Arver::Log.level( Arver::LogLevels::Trace ) }
+        opts.on( "-l", "--list-targets",
+                "List targets." ) { options[:action] = :list; }
+        opts.on( "-g", "--garbage-collect",
+                "Expunge old keys." ) { options[:action] = :gc; }
+        opts.on( "-k TARGET", "--keys TARGET", String,
+                "List local keys for this target.") { |arg| options[:argument][:target] = arg; options[:action] = :key_info; }
+        opts.on("--test-mode",
+                "Test mode (internal use)") { options[:test_mode] = true }
+        opts.separator "Targets:"
+        opts.on(
+                "        Possible Paths are: 'Group', 'Host', 'Device', 'Host/Device',\n"+
+                "        'Group/Host/Device' or 'ALL'.\n"+
+                "        Multiple Parameters can be given as comma separated list.\n"+
+                "        Ambigues Target parameters will not be executed." )
+        opts.separator "Actions:"
+        opts.on_tail( "--create TARGET", String,
+                "Create new arver partition on Target." ) { |arg| options[:argument][:target] = arg; options[:action] = :create; }
+        opts.on_tail( "-o TARGET", "--open TARGET", String,
+                "Open target." ) { |arg| options[:argument][:target] = arg; options[:action] = :open; }
+        opts.on_tail( "-c TARGET", "--close TARGET", String,
+                "Close target." ) { |arg| options[:argument][:target] = arg; options[:action] = :close; }
+        opts.on_tail( "-a USER TARGET", "--add-user USER TARGET", String,
+                "Add a user to target.") { |user| options[:action] = :adduser; options[:argument][:user] = user;  }
+        opts.on_tail( "-d USER TARGET", "--del-user USER TARGET", String,
+                "Remove a user from target.") { |user| options[:action] = :deluser; options[:argument][:user] = user;  }
+        opts.on_tail( "-i TARGET", "--info TARGET", String,
+                "LUKS info about a target.") { |arg| options[:argument][:target] = arg; options[:action] = :info; }
+        
+        begin
+          opts.parse!(arguments)
+        rescue
+          Arver::Log.write opts; return
+        end
+                
+        if options[:action] == :deluser || options[:action] == :adduser
+          options[:argument][:target] = arguments.last
+        end
+        
+        if options[:action].nil? || 
+           ( options[:action] != :list && options[:action] != :gc && ! options[:argument][:target] ) ||
+           ( ( options[:action] == :adduser || options[:action] == :deluser ) && ! options[:argument][:target] )
+          Arver::Log.write opts; return
+        end
+      end
+      
+      unless( Arver::Bootstrap.run( options ) )
+        return
+      end
+      
+      target_list = TargetList.get_list( options[:argument][:target] )
+      if target_list.empty? && ( options[:action] != :list && options[:action] != :gc )
+        Arver::Log.write( "No targets found" )
+        return false
+      end
+ 
+      run_action( options[:action], target_list, options[:argument][:user] )
+    end
+    
+    def self.run_action( action, target_list, target_user )
+      actions = {
+        :list => Arver::ListAction,
+        :gc => Arver::GCAction,
+        :create => Arver::CreateAction,
+        :open => Arver::OpenAction,
+        :close => Arver::CloseAction,
+        :adduser => Arver::AdduserAction,
+        :deluser => Arver::DeluserAction,
+        :info => Arver::InfoAction,
+        :key_info => Arver::KeyInfoAction,
+      }
+
+      action = (actions[ action ]).new( target_list )
+            
+      return false unless( action.on_user( target_user ) )
+      
+      catch ( :abort_action ) do
+        action.pre_action
+        action.run_on( Arver::Config.instance.tree )
+        action.post_action
+      end
+
+    end
+  end
+end