keyrack 0.3.0.pre → 0.3.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: efd84a41e075f8edc77908a7bb71ea21a3590af2
+  data.tar.gz: 3714b2f53884956c10b480ba128efcb58e463727
+SHA512:
+  metadata.gz: d53d8a1ca8ce99b1147907d48d87a6e20a95efe4fcbe13af11d777e179ec294994b6aa903d4f189f27cda35bea060c7cb181e70d1f72f3ff9332b7fe799b9d85
+  data.tar.gz: e0d31fee61321d665a632ed2e59259778a37824ba19136834c3ece001ca3ef39798fcbe3605862e33a80bac26a1f6872cbbb2db1eb746cd9374c283f0cb9b56d

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -1,18 +1,11 @@
-source :rubygems
-# Add dependencies required to use your gem here.
-# Example:
-#   gem "activesupport", ">= 2.3.5"
-gem 'net-scp', :require => 'net/scp'
-gem 'highline'
-gem 'copier'
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in keyrack.gemspec
+gemspec
 
-# Add dependencies to develop your gem here.
-# Include everything needed to run rake, tests, features, etc.
 group :development do
-  gem "bundler", "~> 1.0.0"
-  gem "jeweler", "~> 1.5.1"
-  gem "rcov", ">= 0"
-  gem "mocha", :require => false
-  gem "cucumber"
-  gem 'test-unit'
+  gem 'guard-test'
+  gem 'rb-inotify'
+  gem 'ffi-ncurses'
+  gem 'rake'
 end

data/Guardfile

@@ -0,0 +1,6 @@
+guard :test do
+  watch(%r{^lib/((?:[^/]+\/)*)(.+)\.rb$}) { |m| "test/unit/#{m[1]}test_#{m[2]}.rb" }
+  watch(%r{^test/((?:[^/]+\/)*)test.+\.rb$})
+  watch('test/helper.rb') { "test" }
+  watch('lib/keyrack.rb') { "test" }
+end

data/LICENSE.txt

@@ -1,4 +1,6 @@
-Copyright (c) 2010 Jeremy Stephens
+Copyright (c) 2012 Jeremy Stephens
+
+MIT License
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the
@@ -17,4 +19,4 @@ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
 LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -1,63 +1,9 @@
-require 'rubygems'
-require 'bundler'
-begin
-  Bundler.setup(:default, :development)
-rescue Bundler::BundlerError => e
-  $stderr.puts e.message
-  $stderr.puts "Run `bundle install` to install missing gems"
-  exit e.status_code
-end
-require 'rake'
-
-require 'jeweler'
-Jeweler::Tasks.new do |gem|
-  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
-  gem.name = "keyrack"
-  gem.homepage = "http://github.com/viking/keyrack"
-  gem.license = "MIT"
-  gem.summary = %Q{Simple password manager}
-  gem.description = %Q{Simple password manager with local/remote database storage and RSA encryption.}
-  gem.email = "viking@pillageandplunder.net"
-  gem.authors = ["Jeremy Stephens"]
-  # Include your dependencies below. Runtime dependencies are required when using your gem,
-  # and development dependencies are only needed for development (ie running rake tasks, tests, etc)
-  #  gem.add_runtime_dependency 'jabber4r', '> 0.1'
-  #  gem.add_development_dependency 'rspec', '> 1.2.3'
-#  gem.add_runtime_dependency 'net-scp'
-#  gem.add_runtime_dependency 'highline'
-#  gem.add_runtime_dependency 'clipboard'
-#  gem.add_development_dependency 'rspec', '> 1.2.3'
-#  gem.add_development_dependency "bundler", "~> 1.0.0"
-#  gem.add_development_dependency "jeweler", "~> 1.5.1"
-#  gem.add_development_dependency "rcov", ">= 0"
-#  gem.add_development_dependency "mocha"
-end
-Jeweler::RubygemsDotOrgTasks.new
-
+require "bundler/gem_tasks"
 require 'rake/testtask'
+
 Rake::TestTask.new(:test) do |test|
   test.libs << 'lib' << 'test'
   test.pattern = 'test/**/test_*.rb'
   test.verbose = true
 end
-
-require 'rcov/rcovtask'
-Rcov::RcovTask.new do |test|
-  test.libs << 'test'
-  test.pattern = 'test/**/test_*.rb'
-  test.verbose = true
-end
-
 task :default => :test
-
-require 'rdoc/task'
-Rake::RDocTask.new do |rdoc|
-  version = File.exist?('VERSION') ? File.read('VERSION') : ""
-
-  rdoc.rdoc_dir = 'rdoc'
-  rdoc.title = "keyrack #{version}"
-  rdoc.rdoc_files.include('README*')
-  rdoc.rdoc_files.include('lib/**/*.rb')
-end
-
-task :build => :gemspec

data/keyrack.gemspec

@@ -1,110 +1,28 @@
-# Generated by jeweler
-# DO NOT EDIT THIS FILE DIRECTLY
-# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'keyrack/version'
 
-Gem::Specification.new do |s|
-  s.name = "keyrack"
-  s.version = "0.3.0.pre"
+Gem::Specification.new do |gem|
+  gem.name          = "keyrack"
+  gem.version       = Keyrack::VERSION
+  gem.authors       = ["Jeremy Stephens"]
+  gem.email         = ["viking@pillageandplunder.net"]
+  gem.description   = %q{Simple password manager with local/remote database storage and scrypt encryption.}
+  gem.summary       = %q{Simple password manager}
+  gem.homepage      = "http://github.com/viking/keyrack"
 
-  s.required_rubygems_version = Gem::Requirement.new("> 1.3.1") if s.respond_to? :required_rubygems_version=
-  s.authors = ["Jeremy Stephens"]
-  s.date = "2012-01-11"
-  s.description = "Simple password manager with local/remote database storage and RSA encryption."
-  s.email = "viking@pillageandplunder.net"
-  s.executables = ["keyrack"]
-  s.extra_rdoc_files = [
-    "LICENSE.txt",
-    "README.rdoc",
-    "TODO"
-  ]
-  s.files = [
-    ".document",
-    ".rvmrc",
-    "Gemfile",
-    "Gemfile.lock",
-    "LICENSE.txt",
-    "README.rdoc",
-    "Rakefile",
-    "TODO",
-    "VERSION",
-    "bin/keyrack",
-    "features/console.feature",
-    "features/step_definitions/keyrack_steps.rb",
-    "features/support/env.rb",
-    "keyrack.gemspec",
-    "lib/keyrack.rb",
-    "lib/keyrack/database.rb",
-    "lib/keyrack/runner.rb",
-    "lib/keyrack/store.rb",
-    "lib/keyrack/store/filesystem.rb",
-    "lib/keyrack/store/ssh.rb",
-    "lib/keyrack/ui.rb",
-    "lib/keyrack/ui/console.rb",
-    "lib/keyrack/utils.rb",
-    "test/fixtures/aes",
-    "test/fixtures/config.yml",
-    "test/fixtures/foo.txt",
-    "test/fixtures/id_rsa",
-    "test/helper.rb",
-    "test/keyrack/store/test_filesystem.rb",
-    "test/keyrack/store/test_ssh.rb",
-    "test/keyrack/test_database.rb",
-    "test/keyrack/test_runner.rb",
-    "test/keyrack/test_store.rb",
-    "test/keyrack/test_utils.rb",
-    "test/keyrack/ui/test_console.rb"
-  ]
-  s.homepage = "http://github.com/viking/keyrack"
-  s.licenses = ["MIT"]
-  s.require_paths = ["lib"]
-  s.rubygems_version = "1.8.11"
-  s.summary = "Simple password manager"
-  s.test_files = [
-    "test/helper.rb",
-    "test/keyrack/store/test_filesystem.rb",
-    "test/keyrack/store/test_ssh.rb",
-    "test/keyrack/test_database.rb",
-    "test/keyrack/test_runner.rb",
-    "test/keyrack/test_store.rb",
-    "test/keyrack/test_utils.rb",
-    "test/keyrack/ui/test_console.rb"
-  ]
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
 
-  if s.respond_to? :specification_version then
-    s.specification_version = 3
+  gem.add_runtime_dependency 'net-scp'
+  gem.add_runtime_dependency 'highline'
+  gem.add_runtime_dependency 'clipboard'
+  gem.add_runtime_dependency 'scrypty'
 
-    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<net-scp>, [">= 0"])
-      s.add_runtime_dependency(%q<highline>, [">= 0"])
-      s.add_runtime_dependency(%q<copier>, [">= 0"])
-      s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
-      s.add_development_dependency(%q<jeweler>, ["~> 1.5.1"])
-      s.add_development_dependency(%q<rcov>, [">= 0"])
-      s.add_development_dependency(%q<mocha>, [">= 0"])
-      s.add_development_dependency(%q<cucumber>, [">= 0"])
-      s.add_development_dependency(%q<test-unit>, [">= 0"])
-    else
-      s.add_dependency(%q<net-scp>, [">= 0"])
-      s.add_dependency(%q<highline>, [">= 0"])
-      s.add_dependency(%q<copier>, [">= 0"])
-      s.add_dependency(%q<bundler>, ["~> 1.0.0"])
-      s.add_dependency(%q<jeweler>, ["~> 1.5.1"])
-      s.add_dependency(%q<rcov>, [">= 0"])
-      s.add_dependency(%q<mocha>, [">= 0"])
-      s.add_dependency(%q<cucumber>, [">= 0"])
-      s.add_dependency(%q<test-unit>, [">= 0"])
-    end
-  else
-    s.add_dependency(%q<net-scp>, [">= 0"])
-    s.add_dependency(%q<highline>, [">= 0"])
-    s.add_dependency(%q<copier>, [">= 0"])
-    s.add_dependency(%q<bundler>, ["~> 1.0.0"])
-    s.add_dependency(%q<jeweler>, ["~> 1.5.1"])
-    s.add_dependency(%q<rcov>, [">= 0"])
-    s.add_dependency(%q<mocha>, [">= 0"])
-    s.add_dependency(%q<cucumber>, [">= 0"])
-    s.add_dependency(%q<test-unit>, [">= 0"])
-  end
+  gem.add_development_dependency 'bundler'
+  gem.add_development_dependency 'mocha'
+  gem.add_development_dependency 'test-unit'
 end
-

data/lib/keyrack.rb

@@ -4,13 +4,21 @@ require 'optparse'
 require 'securerandom'
 require 'net/scp'
 require 'highline'
-require 'copier'
+require 'clipboard'
+require 'scrypty'
+require 'fileutils'
+require 'digest'
 
 module Keyrack
 end
 
+require File.dirname(__FILE__) + '/keyrack/exceptions'
 require File.dirname(__FILE__) + '/keyrack/utils'
+require File.dirname(__FILE__) + '/keyrack/event'
+require File.dirname(__FILE__) + '/keyrack/site'
+require File.dirname(__FILE__) + '/keyrack/group'
 require File.dirname(__FILE__) + '/keyrack/database'
 require File.dirname(__FILE__) + '/keyrack/store'
 require File.dirname(__FILE__) + '/keyrack/ui'
 require File.dirname(__FILE__) + '/keyrack/runner'
+require File.dirname(__FILE__) + '/keyrack/migrator'

data/lib/keyrack/database.rb

@@ -1,126 +1,92 @@
 module Keyrack
   class Database
-    def initialize(key, iv, store)
-      @key = key
-      @iv = iv
-      @store = store
-      @data = decrypt
+    DEFAULT_ENCRYPT_OPTIONS = { :maxmem => 0, :maxmemfrac => 0.125, :maxtime => 5.0 }
+    DEFAULT_DECRYPT_OPTIONS = { :maxmem => 0, :maxmemfrac => 0.250, :maxtime => 10.0 }
+    VERSION = 4
+
+    def initialize(password, store, encrypt_options = {}, decrypt_options = {})
       @dirty = false
+      @encrypt_options = DEFAULT_ENCRYPT_OPTIONS.merge(encrypt_options)
+      @decrypt_options = DEFAULT_DECRYPT_OPTIONS.merge(decrypt_options)
+      @store = store
+      @password = password_hash(password)
+      @database = decrypt(password)
+      setup_hooks
     end
 
-    def add(site, username, password, options = {})
-      hash = options[:group] ? @data[options[:group]] ||= {} : @data
-      if hash.has_key?(site)
-        site_entry = hash[site]
-        if site_entry.is_a?(Array)
-          # Multiple entries for this site
-          user_entry = site_entry.detect { |e| e[:username] == username }
-          if user_entry
-            # Update existing entry
-            user_entry[:password] = password
-          else
-            # Add new entry
-            site_entry.push({:username => username, :password => password})
-          end
-        elsif site_entry[:username] == username
-          # Update existing entry
-          site_entry[:password] = password
-        else
-          # Convert single entry into an array, then add new entry
-          hash[site] = [site_entry, {:username => username, :password => password}]
-        end
-      else
-        hash[site] = { :username => username, :password => password }
-      end
-      @dirty = true
+    def version
+      @database['version']
+    end
+
+    def top_group
+      @database['groups']['top']
     end
 
-    def get(*args)
-      options = args.last.is_a?(Hash) ? args.pop : {}
-      site, username = args
+    def dirty?
+      @dirty
+    end
 
-      site_entry = (options[:group] ? @data[options[:group]] : @data)[site]
-      if username
-        if site_entry.is_a?(Array)
-          site_entry.find { |e| e[:username] == username }
-        elsif site_entry[:username] == username
-          site_entry
-        else
-          nil
-        end
+    def save(password)
+      if password_hash(password) == @password
+        @store.write(Scrypty.encrypt(@database.to_yaml, password,
+          *@encrypt_options.values_at(:maxmem, :maxmemfrac, :maxtime)))
+        @dirty = false
+        true
       else
-        site_entry
+        false
       end
     end
 
-    def sites(options = {})
-      hash = options[:group] ? @data[options[:group]] : @data
-      if hash
-        hash.keys.select do |key|
-          val = hash[key]
-          val.is_a?(Array) || (val.is_a?(Hash) && val.has_key?(:username))
-        end.sort
+    def change_password(current_password, new_password)
+      if password_hash(current_password) == @password
+        @password = password_hash(new_password)
+        true
       else
-        # new groups are empty
-        []
+        false
       end
     end
 
-    def groups
-      @data.keys.reject do |key|
-        val = @data[key]
-        val.is_a?(Array) || (val.is_a?(Hash) && val.has_key?(:username))
-      end.sort
-    end
+    private
 
-    def dirty?
-      @dirty
+    def password_hash(password)
+      # Avoid storing the database password as-is in memory, but don't
+      # spend too much effort obfuscating it.
+      sha256 = Digest::SHA256.new
+      sha256.digest "#{password}-#{$$}"
     end
 
-    def save
-      cipher = OpenSSL::Cipher::Cipher.new("AES-128-CBC")
-      cipher.encrypt; cipher.key = @key; cipher.iv = @iv
-      @store.write(cipher.update(Marshal.dump(@data)) + cipher.final)
-      @dirty = false
-    end
+    def decrypt(password)
+      data = @store.read
+      if data
+        str = Scrypty.decrypt(data, password,
+          *@decrypt_options.values_at(:maxmem, :maxmemfrac, :maxtime))
+        hash = YAML.load(str)
+        migrated_hash = Migrator.run(hash)
+        if !migrated_hash.equal?(hash)
+          hash = migrated_hash
+          @dirty = true
+        end
 
-    def delete(site, username, options = {})
-      hash = options[:group] ? @data[options[:group]] : @data
-      site_entry = hash[site]
+        top = Group.new
+        top.load(hash['groups']['top'])
+        hash['groups']['top'] = top
 
-      if site_entry.is_a?(Array)
-        site_entry.each_with_index do |entry, i|
-          if entry[:username] == username
-            case site_entry.length
-            when 2
-              site_entry.delete_at(i)
-              hash[site] = site_entry[0]
-            when 1
-              hash.delete(site)
-            else
-              site_entry.delete_at(i)
-            end
+        hash
+      else
+        {'groups' => {'top' => Group.new('top')}, 'version' => VERSION}
+      end
+    end
 
-            @dirty = true
-            break
-          end
-        end
-      elsif site_entry[:username] == username
-        hash.delete(site)
-        @dirty = true
+    def setup_hooks
+      @database['groups'].each_pair do |group_name, group|
+        add_group_hooks_for(group)
       end
     end
 
-    private
-      def decrypt
-        data = @store.read
-        if data
-          cipher = OpenSSL::Cipher::Cipher.new("AES-128-CBC")
-          cipher.decrypt; cipher.key = @key; cipher.iv = @iv
-          Marshal.load(cipher.update(data) + cipher.final)
-        else
-          {}
-        end
+    def add_group_hooks_for(group)
+      group.after_event do |event|
+        @dirty = true
       end
+    end
   end
 end