drbservice 1.0.4

data.tar.gz.sig

@@ -0,0 +1,2 @@
+(
+�I��=��ᨒhZ���I�N�\����ڙ��Ȑ]Q׍g$-:W�(�˅��L&O��H��q�~ۨ��Ơu��i�c]

data/ChangeLog

@@ -0,0 +1,249 @@
+2011-08-29  Michael Granger  <ged@FaerieMUD.org>
+
+	* .hgtags:
+	Added tag v1.0.4 for changeset b250b71fa728
+	[8550332d12a5] [tip]
+
+	* .hgsigs:
+	Added signature for changeset 59c8e5acd8bb
+	[b250b71fa728] [v1.0.4]
+
+	* lib/drbservice.rb:
+	Bump minor version for release.
+	[59c8e5acd8bb]
+
+	* spec/lib/helpers.rb:
+	Fix for RSpec >= 2.6.0.
+	[0fad2566e6ae] [github/master]
+
+	* .hgignore, History.md, History.rdoc, Manifest.txt, README.md,
+	README.rdoc, Rakefile, lib/drb/authsslprotocol.rb,
+	lib/drbservice.rb, lib/drbservice/ldapauth.rb,
+	lib/drbservice/utils.rb:
+	De-Yard, docs cleanup.
+	[87bc5aa9e2be]
+
+	* examples/homedirservice.rb, examples/rubyversion.rb:
+	A few more example fixes.
+	[ad2d90b0aae2]
+
+	* examples/homedirservice.rb:
+	Fix the auth mixin require in the homedirservice example.
+	[6cb7201f5934]
+
+	* examples/homedirservice.rb, examples/rubyversion.rb:
+	Fixed the examples to use the hash-argument ::start instead of the
+	old 4-arg style. Thanks to Mike Hix for pointing this out.
+	[2b1f61e44360]
+
+2011-06-02  Michael Granger  <ged@FaerieMUD.org>
+
+	* .hgsubstate, Rakefile, lib/drbservice.rb,
+	spec/drb/authsslprotocol_spec.rb, spec/drbservice/ldapauth_spec.rb,
+	spec/drbservice/passwordauth_spec.rb, spec/drbservice_spec.rb,
+	spec/lib/helpers.rb:
+	Merge with 127eef144aab
+	[48b523f7d5d1]
+
+2011-06-01  Michael Granger  <ged@FaerieMUD.org>
+
+	* .hgignore:
+	Ignore all PEM files instead of just ones under experiments/
+	[94cb33b621f1]
+
+2011-03-22  Michael Granger  <ged@FaerieMUD.org>
+
+	* .hgignore, .hgsub, .hgsubstate, .hgsubstate, History.md,
+	Manifest.txt, README, README.md, Rakefile,
+	examples/homedirservice.rb, lib/drbservice.rb, project.yml,
+	spec/drb/authsslprotocol_spec.rb, spec/drbservice/ldapauth_spec.rb,
+	spec/drbservice/passwordauth_spec.rb, spec/drbservice_spec.rb,
+	spec/lib/helpers.rb:
+	Converted to Hoe + Rspec2.
+	[43fde1b39dc8]
+
+2010-11-22  Michael Granger  <ged@FaerieMUD.org>
+
+	* .hgtags:
+	Added tag 1.0.3 for changeset 2579ef395c28
+	[127eef144aab]
+
+	* .hgsigs:
+	Added signature for changeset ac1224d968a3
+	[2579ef395c28] [1.0.3]
+
+	* .hgignore, .hgsubstate, Rakefile, lib/drbservice.rb, project.yml,
+	spec/drb/authsslprotocol_spec.rb, spec/drbservice/ldapauth_spec.rb,
+	spec/drbservice/passwordauth_spec.rb, spec/drbservice_spec.rb,
+	spec/lib/helpers.rb:
+	Converted tests to RSpec 2, updated build system.
+	[ac1224d968a3]
+
+2010-09-17  Michael Granger  <ged@FaerieMUD.org>
+
+	* .hgtags:
+	Added tag 1.0.2 for changeset aafc620fe400
+	[2d3b180c09f8]
+
+	* .hgsigs:
+	Added signature for changeset df7b5e123ed7
+	[aafc620fe400] [1.0.2]
+
+	* .hgsub, .hgsubstate, Rakefile, lib/drbservice.rb,
+	spec/drb/authsslprotocol_spec.rb, spec/drbservice/ldapauth_spec.rb,
+	spec/drbservice/passwordauth_spec.rb, spec/drbservice_spec.rb:
+	Runtime fixes, build system updates.
+	* Version bump to 1.0.2
+	* Set the process name to the service name and uri.
+	* Fix the logic for which methods to obscure
+	* Fixes for Ruby 1.9.2
+	[df7b5e123ed7]
+
+2010-06-29  Michael Granger  <ged@FaerieMUD.org>
+
+	* lib/drbservice.rb:
+	Only obscure public methods, as protected methods are already
+	inaccessible
+	[7700fbce0823]
+
+2010-06-17  Michael Granger  <ged@FaerieMUD.org>
+
+	* bin/drbservice, lib/drbservice/ldapauth.rb:
+	Started the drbservice CLI tool, small enhancements to ldapauth
+	mixin.
+	 * Adding drbservice tool for creating new services
+	 * DRbService::LDAPAuth
+	   - Adding authuser and authuser_branch attributes
+	   - Don't log passwords. Stupid.
+	[d846d86005c8]
+
+	* .hgignore:
+	Ignore Emacs backups
+	[fbb2410ab153]
+
+	* lib/drbservice.rb:
+	Fixed REVISION keyword
+	[cfcd91f854e7]
+
+2010-06-16  Michael Granger  <ged@FaerieMUD.org>
+
+	* .hgtags:
+	Added tag 1.0.1 for changeset a44c7cc339e5
+	[c40ae6332bb1]
+
+	* .hgsigs:
+	Added signature for changeset 1e217bbd49c9
+	[a44c7cc339e5] [1.0.1]
+
+	* lib/drbservice.rb, lib/drbservice/ldapauth.rb,
+	spec/drbservice_spec.rb:
+	Pass the service config to the constructor of the front object to
+	allow for configurable services.
+	 * Modified the DRbService.start method to use a config hash instead of
+	a parameter list.
+	 * Log the binding user and password in the LdapAuthentication mixin
+	until I can test it more thoroughly.
+	[1e217bbd49c9]
+
+2010-06-04  Michael Granger  <ged@FaerieMUD.org>
+
+	* .hgignore, README, Rakefile, examples/homedirservice.rb,
+	examples/roottrusted.rb, lib/drbservice.rb, project.yml,
+	spec/drbservice_spec.rb:
+	Fixed the SSL cert problem in DRb::Service.start, README/examples
+	corrections.
+	[7e47a5da137e]
+
+	* .hgtags:
+	Added tag 1.0.0 for changeset 5dbc6f3c1661
+	[2a8d298eb3ee]
+
+	* .hgsigs:
+	Added signature for changeset 8ec0ab828ada
+	[5dbc6f3c1661] [1.0.0]
+
+2010-05-05  Michael Granger  <ged@FaerieMUD.org>
+
+	* .hgignore, .irbrc, README, Rakefile, examples/roottrusted.rb,
+	lib/drbservice.rb, lib/drbservice/ldapauth.rb,
+	lib/drbservice/utils.rb, spec/drbservice/ldapauth_spec.rb,
+	spec/drbservice_spec.rb:
+	* Added a project .irbrc
+	* Updated build system
+	* Added more YARD docs
+	* Made the real_methods hash of the DRbService class a class instance
+	variable instead of a class variable for simplicity
+	* Finished initial work on the LDAPAuthentication mixin
+	[8ec0ab828ada]
+
+2010-04-05  Michael Granger  <ged@FaerieMUD.org>
+
+	* .hgignore, examples/roottrusted.rb, examples/rubyversion.rb,
+	lib/drbservice.rb, lib/drbservice/ldapauth.rb,
+	lib/drbservice/passwordauth.rb, spec/drbservice/ldapauth_spec.rb,
+	spec/drbservice/passwordauth_spec.rb, spec/drbservice_spec.rb:
+	Factored out authentication into a mixin.
+	* Factored the shared-secret authentication from the base DRbService
+	class into DRbService::PasswordAuthentication.
+	* Added a nascent LDAP authentication mixin.
+	* Added some example services.
+	[15d9e50c7f24]
+
+2010-03-29  Michael Granger  <ged@FaerieMUD.org>
+
+	* lib/drb/authsslprotocol.rb, spec/drb/authsslprotocol_spec.rb,
+	spec/drbservice_spec.rb:
+	Authenticated SSL protocol work, more tests for the basic service
+	class.
+	[efd5316143eb]
+
+2010-03-28  Michael Granger  <ged@FaerieMUD.org>
+
+	* lib/drbservice.rb, lib/drbservice/utils.rb:
+	Merged with 3:f0e9e2a7bace
+	[6a8c5fc9d0ac]
+
+2010-03-09  Michael Granger  <ged@FaerieMUD.org>
+
+	* experiments/irbclient.rb, experiments/sslauthservice-spike.rb,
+	features/basicservice.feature, lib/drbservice.rb,
+	lib/drbservice/utils.rb, spec/drbservice_spec.rb,
+	spec/lib/helpers.rb:
+	First working (tested) version, IRb experiment
+	* Created the first working version of the base service class from the
+	strategy worked out in the spike.
+	* Added an experiment script to wrap the service object in an IRb
+	shell for further experimentation.
+	[f0e9e2a7bace]
+
+2010-03-26  Michael Granger  <ged@FaerieMUD.org>
+
+	* experiments/irbclient.rb, experiments/sslauthservice-spike.rb,
+	features/basicservice.feature, lib/drb/authsslprotocol.rb,
+	lib/drbservice.rb, lib/drbservice/utils.rb,
+	spec/drb/authsslprotocol_spec.rb, spec/drbservice_spec.rb,
+	spec/lib/helpers.rb:
+	Checkpoint commit
+	[a3442ae4e182]
+
+2010-03-08  Michael Granger  <ged@FaerieMUD.org>
+
+	* experiments/sslauthclient-spike.rb, experiments/sslauthservice-
+	spike.rb:
+	First working version of the spike. Now to implement as a library
+	/command-line tool.
+	[53f00f271569]
+
+	* .hgignore, experiments/sslauthclient-spike.rb, experiments
+	/sslauthservice-spike.rb:
+	Checkpoint commit
+	[978d5fc07e50]
+
+2010-03-04  Michael Granger  <ged@FaerieMUD.org>
+
+	* LICENSE, README, Rakefile, experiments/sslauthclient-spike.rb,
+	experiments/sslauthservice-spike.rb, features/basicservice.feature,
+	features/commandline.feature, lib/drbservice.rb, project.yml,
+	spec/drbservice_spec.rb:
+	Initial spike of service and client
+	[cbfe682e8e43]

data/History.rdoc

@@ -0,0 +1,4 @@
+## 0.0.1 [2011-03-22] Michael Granger <ged@FaerieMUD.org>
+
+Initial release.
+

data/LICENSE

@@ -0,0 +1,27 @@
+Copyright (c) 2010, Michael Granger
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice,
+  this list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+* Neither the name of the author/s, nor the names of the project's
+  contributors may be used to endorse or promote products derived from this
+  software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/Manifest.txt

@@ -0,0 +1,18 @@
+ChangeLog
+History.rdoc
+LICENSE
+Manifest.txt
+README.rdoc
+Rakefile
+examples/homedirservice.rb
+examples/rubyversion.rb
+lib/drb/authsslprotocol.rb
+lib/drbservice.rb
+lib/drbservice/ldapauth.rb
+lib/drbservice/passwordauth.rb
+lib/drbservice/utils.rb
+spec/drb/authsslprotocol_spec.rb
+spec/drbservice/ldapauth_spec.rb
+spec/drbservice/passwordauth_spec.rb
+spec/drbservice_spec.rb
+spec/lib/helpers.rb

data/README.rdoc

@@ -0,0 +1,74 @@
+= drbservice
+
+* https://bitbucket.org/ged/drbservice
+
+== Description
+
+DRbService is a framework we use at LAIKA for creating authenticated
+SSL-encrypted DRb services that provide access to privileged operations
+without the need to give shell access to everyone.
+
+There are a few examples in the `examples/` directory of the gem, which
+are stripped-down versions of the services we actually use.
+
+The current implementation is kind of a hack, but I intend to 
+eventually finish a DRb protocol that does the same thing in a more
+elegant, less-hackish way, as well as a tool that can generate 
+a new service along with support files for one of several different 
+runtime environments.
+
+If you're curious, see the `drb/authsslprotocol.rb` file for the 
+protocol. This will replace the current method-hiding code in 
+`drbservice.rb`, but existing services should be able to switch over
+quite easily. Or that's the intention.
+
+
+== Installation
+
+    gem install drbservice
+
+
+== Contributing
+
+You can check out the current development source with Mercurial via its
+{Bitbucket project}[https://bitbucket.org/ged/drbservice]. Or if you prefer Git, via 
+{its Github mirror}[https://github.com/ged/drbservice].
+
+After checking out the source, run:
+
+    $ rake newb
+
+This task will install any missing dependencies, run the tests/specs,
+and generate the API documentation.
+
+
+== License
+
+Copyright (c) 2010, 2011, Michael Granger
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice,
+  this list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+* Neither the name of the author/s, nor the names of the project's
+  contributors may be used to endorse or promote products derived from this
+  software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+

data/Rakefile

@@ -0,0 +1,38 @@
+#!/usr/bin/env rake
+
+begin
+	require 'hoe'
+rescue LoadError
+	abort "This Rakefile requires 'hoe' (gem install hoe)"
+end
+
+Hoe.plugin :mercurial
+Hoe.plugin :signing
+
+Hoe.plugins.delete :rubyforge
+
+hoespec = Hoe.spec 'drbservice' do
+	self.readme_file = 'README.rdoc'
+	self.history_file = 'History.rdoc'
+	self.extra_rdoc_files << 'README.rdoc' << 'History.rdoc'
+
+	self.developer 'Michael Granger', 'ged@FaerieMUD.org'
+
+	self.dependency 'rspec', '~> 2.6', :developer
+
+	self.spec_extras[:licenses] = ["BSD"]
+	self.spec_extras[:post_install_message] = %{
+
+		This library isn't really ready for production use yet, but
+		feel free to experiment with it.
+		
+	}.gsub( /^\t{2}/, '' )
+
+	self.require_ruby_version( '>=1.8.7' )
+
+	self.hg_sign_tags = true if self.respond_to?( :hg_sign_tags= )
+	self.rdoc_locations << "deveiate:/usr/local/www/public/code/#{remote_rdoc_dir}"
+end
+
+ENV['VERSION'] ||= hoespec.spec.version.to_s
+

data/examples/homedirservice.rb

@@ -0,0 +1,110 @@
+#!/usr/bin/env ruby
+
+require 'fileutils'
+
+require 'drbservice'
+require 'drbservice/ldapauth'
+
+# An example service that provides functions that operate from a
+# root-trusted host to make changes to a network storage server from
+# unprivileged hosts.
+class HomeDirService < DRbService
+	include DRbService::LDAPAuthentication
+
+	# Home directory Pathname
+	HOMEDIR_BASE = Pathname( '/mnt/storage/acme/home' )
+
+	# Archived homedir path
+	ARCHIVE_BASE = HOMEDIR_BASE + '__archived'
+
+	# Skeldir path
+	SKELDIR = HOMEDIR_BASE + '__skel'
+
+
+	# Configure LDAP authentication
+	ldap_uri 'ldap://ldap.acme.com/dc=acme,dc=com'
+	ldap_dn_search 'uid=%s',
+		:base => 'ou=employees,dc=acme,dc=com',
+		:scope => :one
+
+	# Authorize users who are in the posixGroup called 'sysadmin' under ou=groups
+	ldap_authz_callback do |directory, bound_user|
+		sysadmin_group = directory.ou( :groups ).cn( :sysadmin )
+		return bound_user[:active] &&
+			sysadmin_group[:memberUids].include?( bound_user[:uid].first )
+	end
+
+
+	### Define some methods that can be called without authenticating
+	unguarded do
+
+		### Returns +true+ if either an active home directory or an archived home 
+		### directory for +username+ currently exists.
+		def homedir_exists?( username )
+			self.active_homedir_exists?( username ) ||
+				self.archived_homedir_exists?( username )
+		end
+
+		### Returns +true+ if an active home directory for +username+ currently
+		### exists.
+		def active_homedir_exists?( username )
+			homedir = HOMEDIR_BASE + username
+			return homedir.directory?
+		end
+
+		### Returns +true+ if an archived home directory for +username+ currently
+		### exists.
+		def archived_homedir_exists?( username )
+			archived_homedir = ARCHIVE_BASE + username
+			return archived_homedir.directory?
+		end
+
+	end # unguarded
+
+
+	### Make a new home directory for +username+, cloned from the given +skeldir+.
+	def make_home_directory( username, skeldir=SKELDIR )
+		self.log.info "Making home directory for %p, cloned from %s" % [ username, skeldir ]
+		homedir = HOMEDIR_BASE + username
+		raise "%s: already exists" % [ homedir ] if homedir.exist?
+		raise "%s: already has an archived homedir" % [ username ] if
+			( ARCHIVE_BASE + username ).exist?
+
+		FileUtils.cp_r( skeldir.to_s, homedir )
+		FileUtils.chown_R( username, nil, homedir )
+
+		return homedir.to_s
+	end
+
+
+	### Move a user's home directory to the archive directory
+	def archive_home_directory( username )
+		self.log.info "Archiving home directory for %p" % [ username ]
+		homedir = HOMEDIR_BASE + username
+		archivedir = ARCHIVE_BASE + username
+		raise "#{username}: no current home directory" unless homedir.exist?
+		raise "#{username}: already has an archived home" if archivedir.exist?
+
+		FileUtils.mv( homedir, archivedir )
+	end
+
+
+	### Move a user's archived home directory back to the active directory.
+	def unarchive_home_directory( username )
+		self.log.info "Unarchiving home directory for %p" % [ username ]
+		homedir = HOMEDIR_BASE + username
+		archivedir = ARCHIVE_BASE + username
+		raise "#{username}: already has an unarchived home directory" if homedir.exist?
+		raise "#{username}: no archived home" unless archivedir.exist?
+
+		FileUtils.mv( archivedir, homedir )
+	end
+
+end # HomeDirService
+
+HomeDirService.start(
+	:ip       => '127.0.0.1',
+	:port     => 4848, 
+	:certfile => 'service.pem',
+	:keyfile  => 'service.pem' )
+