kstor 0.4.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: af39f01820f488e20a4b602f5151e87e07176268cf543aecc90f19bcb6166ec2
+  data.tar.gz: 84352bc5dddd13f4e33c1efac2aae1d360c4a53fb1be24b2fd32d8e61111b770
+SHA512:
+  metadata.gz: 646da6b5709b454e971d4a129890c6718ad1b177c614f113fd77556df12bfb4feb7c6d44d8beb4e17af4bb9b44d68c2321acf8c54b42fc5f6bc728d6b4e0a40d
+  data.tar.gz: 71264b16719b3d516ff7c5bdea5fc362bedee48c23ed804401877010a65f5cb7cc75336266c70699bbebc63737ef1f775eb4986193ba7722cb289e1a18c5c709

data/README.md

@@ -0,0 +1,7 @@
+# KStor
+
+KStor stores and shares secrets among teams of users.
+
+It doesn't work yet.
+
+This is the server part, supporting a command-line client and a web user interface.

data/bin/kstor

@@ -0,0 +1,286 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'kstor'
+
+require 'json'
+require 'socket'
+require 'etc'
+require 'fileutils'
+require 'slop'
+
+module KStor
+  # Manage KStor client configuration and state on disk.
+  module ClientState
+    class << self
+      DEFAULT_CONFIG = {
+        'socket' => '/home/jpi/code/kstor/testworkdir/kstor.socket'
+      }.freeze
+
+      def load_config(progr)
+        DEFAULT_CONFIG.merge(load_config_file(progr))
+      end
+
+      def session_id_file(progr)
+        dir = File.join(xdg_runtime, progr)
+        FileUtils.mkdir_p(dir)
+        file = File.join(dir, 'session-id')
+        FileUtils.touch(file)
+        FileUtils.chmod(0o600, file)
+        file
+      end
+
+      def load_session_id(progr)
+        sid = nil
+        File.open(session_id_file(progr)) { |f| sid = f.read.chomp }
+        sid = nil if sid.empty?
+
+        sid
+      end
+
+      private
+
+      def xdg_config
+        ENV.fetch('XDG_CONFIG_HOME', File.join(Dir.home, '.config'))
+      end
+
+      def xdg_state
+        ENV.fetch('XDG_STATE_HOME', File.join(Dir.home, '.local', 'state'))
+      end
+
+      def xdg_runtime
+        dir = ENV.fetch('XDG_RUNTIME_DIR', nil)
+        return dir if dir
+
+        warn('XDG_RUNTIME_DIR is undefined, using XDG_STATE_HOME instead')
+        xdg_state
+      end
+
+      def config_file(progr)
+        dir = File.join(xdg_config, progr)
+        FileUtils.mkdir_p(dir)
+        File.join(dir, 'session-id')
+      end
+
+      def load_config_file(progr)
+        data = File.read(config_file(progr))
+        YAML.parse(data)
+      rescue Errno::ENOENT
+        {}
+      end
+    end
+  end
+
+  # Sub-commands that can be invoked from the command-line.
+  module ClientSubCommands
+    def group_create
+      request('group-create') do |o|
+        o.string('-n', '--name', 'Group name')
+      end
+    end
+
+    def secret_create
+      req = request('secret-create') do |o|
+        o.string('-p', '--plaintext', 'Value of the secret')
+        o.array('-g', '--group_ids', 'Groups that can unlock the secret')
+        o.string('-a', '--app', 'application of this secret')
+        o.string('-d', '--database', 'database of this secret')
+        o.string('-l', '--login', 'login of this secret')
+        o.string('-S', '--server', 'server of this secret')
+        o.string('-u', '--url', 'url for this secret')
+      end
+      reorganize_secret_meta_args(req)
+    end
+
+    def secret_search
+      request('secret-search') do |o|
+        o.string('-a', '--app', 'secrets for this application')
+        o.string('-d', '--database', 'secrets for this database')
+        o.string('-l', '--login', 'secrets for this login')
+        o.string('-s', '--server', 'secrets for this server')
+        o.string('-u', '--url', 'secrets for this url')
+      end
+    end
+
+    def secret_unlock
+      request('secret-unlock') do |o|
+        o.string('-s', '--secret-id', 'secret ID to unlock')
+      end
+    end
+
+    def secret_update_meta
+      req = request('secret-update-meta') do |o|
+        o.string('-s', '--secret-id', 'secret ID to modify')
+        o.string('-a', '--app', 'new application of this secret')
+        o.string('-d', '--database', 'new database of this secret')
+        o.string('-l', '--login', 'new login of this secret')
+        o.string('-S', '--server', 'new server of this secret')
+        o.string('-u', '--url', 'new url for this secret')
+      end
+      reorganize_secret_meta_args(req)
+    end
+
+    def secret_update_value
+      request('secret-update-value') do |o|
+        o.string('-s', '--secret-id', 'secret ID to modify')
+        o.string('-p', '--plaintext', 'new plaintext value')
+      end
+    end
+
+    def secret_delete
+      request('secret-delete') do |o|
+        o.string('-s', '--secret-id', 'secret ID to delete')
+      end
+    end
+  end
+
+  # KStor command-line client.
+  class Client
+    include ClientSubCommands
+
+    def initialize
+      @progr = File.basename($PROGRAM_NAME)
+      @config = ClientState.load_config(@progr)
+      @user = user_from_argv
+    end
+
+    def run
+      request_type = ARGV.shift
+      resp = send_request(request_type)
+      handle_error!(resp) if resp.error?
+
+      puts format_response(resp)
+      return unless resp.respond_to?(:session_id)
+
+      File.open(ClientState.session_id_file(@progr), 'w') do |f|
+        f.puts(resp.session_id)
+      end
+    end
+
+    private
+
+    def format_response(resp)
+      data = resp.args.dup
+      data.delete('session_id')
+      JSON.pretty_generate(data)
+    end
+
+    def reorganize_secret_meta_args(req)
+      req.args['meta'] = {
+        'app' => req.args.delete('app'),
+        'database' => req.args.delete('database'),
+        'login' => req.args.delete('login'),
+        'server' => req.args.delete('server'),
+        'url' => req.args.delete('url')
+      }
+      req.args['meta'].compact!
+      req
+    end
+
+    def handle_error!(resp)
+      if resp.args['code'] == 'AUTH/BADSESSION'
+        FileUtils.rm(ClientState.session_id_file(@progr))
+        warn('session expired')
+      else
+        warn(resp.args['message'])
+      end
+      exit 1
+    end
+
+    def send_request(request_type)
+      meth = method_name(request_type)
+
+      req = __send__(meth)
+      socket = UNIXSocket.new(@config['socket'])
+      socket.send(req.serialize, 0)
+
+      data, = socket.recvfrom(4096)
+      Response.parse(data)
+    rescue UnparsableResponse
+      warn('server speaks funny; look at logs!')
+      exit(1)
+    end
+
+    REQUEST_METHODS = {
+      'group-create' => :group_create,
+      'secret-create' => :secret_create,
+      'secret-search' => :secret_search,
+      'secret-unlock' => :secret_unlock,
+      'secret-update-meta' => :secret_update_meta,
+      'secret-update-value' => :secret_update_value,
+      'secret-delete' => :secret_delete
+    }.freeze
+
+    def method_name(request_type)
+      if request_type.nil?
+        base_usage
+        exit 0
+      end
+      meth = REQUEST_METHODS[request_type]
+      if meth.nil?
+        warn("Unknown request type #{request_type.inspect}")
+        base_usage
+        exit 1
+      end
+      meth
+    end
+
+    def user_from_argv
+      md = /^(-u|--user)$/.match(ARGV.first)
+      md ? ARGV.shift(2).last : Etc.getlogin
+    end
+
+    def base_usage
+      puts "usage: #{@progr} [--user USER] <req-type> [--help | REQ-ARGS]"
+      request_types = %w[group-create secret-create secret-search secret-unlock]
+      puts "request types: #{request_types.join(', ')}"
+    end
+
+    def ask_password
+      require 'io/console'
+
+      $stdout.print 'Password: '
+      password = $stdin.noecho(&:gets)
+      $stdout.puts('')
+
+      password.chomp
+    end
+
+    def auth
+      session_id = ClientState.load_session_id(@progr)
+
+      if session_id
+        { 'session_id' => session_id }
+      else
+        { 'login' => @user, 'password' => ask_password }
+      end
+    end
+
+    def request(type, &block)
+      hreq = {}
+      hreq['type'] = type
+      hreq['args'] = parse_opts(type) do |o|
+        block.call(o)
+      end
+      KStor::Message.parse_request(hreq.merge(auth).to_json)
+    end
+
+    def parse_opts(request_type)
+      opts = Slop.parse do |o|
+        o.banner = <<-EOUSAGE
+        usage: #{@progr} [--user USER] #{request_type} [--help | REQ-ARGS]
+        EOUSAGE
+        o.on('-h', '--help', 'show this text') do
+          puts o
+          exit 0
+        end
+        o.separator('')
+        yield o
+      end
+      opts.to_hash.compact
+    end
+  end
+end
+
+cli = KStor::Client.new
+cli.run

data/bin/kstor-srv

@@ -0,0 +1,26 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'kstor'
+
+KStor::Log.reporting_level = Journald::LOG_DEBUG
+
+config = KStor::Config.load(ARGV.shift)
+
+store = KStor::Store.new(config.database)
+session_store = KStor::SessionStore.new(
+  config.session_idle_timeout,
+  config.session_life_timeout
+)
+request_handler = KStor::Controller::RequestHandler.new(store, session_store)
+
+server = KStor::Server.new(
+  controller: request_handler,
+  socket_path: config.socket,
+  nworkers: config.nworkers
+)
+
+me = File.basename($PROGRAM_NAME)
+Process.setproctitle(me)
+
+server.start

data/lib/kstor/config.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+require 'yaml'
+
+module KStor
+  # Configuration items stored as YAML.
+  class Config
+    # Default values for configuration items.
+    #
+    # They are used when loading configuration from a file, and for defining
+    # accessor methods.
+    #
+    # @!attribute [r] database
+    #   @return [String] path to SQLite database file
+    #
+    # @!attribute [r] socket
+    #   @return [String] path to KStor server listening socket
+    #
+    # @!attribute [r] nworkers
+    #   @return [Integer] number of worker threads
+    #
+    # @!attribute [r] session_idle_timeout
+    #   @return [Integer] seconds of inactivity before a session is closed
+    #
+    # @!attribute [r] session_life_timeout
+    #   @return [Integer] seconds before a session is closed
+    DEFAULTS = {
+      'database' => 'data/db.sqlite',
+      'socket' => 'run/kstor-server.socket',
+      'nworkers' => 5,
+      'session_idle_timeout' => 15 * 60,
+      'session_life_timeout' => 4 * 60 * 60
+    }.freeze
+
+    class << self
+      # Load configuration from a file.
+      #
+      # For each missing configuration item in file, use the default from
+      # DEFAULTS.
+      #
+      # @param path [String] path to config file
+      # @return [KStor::Config] configuration object
+      def load(path)
+        hash = if path && File.file?(path)
+                 YAML.load_file(path)
+               else
+                 {}
+               end
+        new(DEFAULTS.merge(hash))
+      end
+    end
+
+    # Create configuration from hash data.
+    #
+    # @param hash [Hash] configuration items
+    def initialize(hash)
+      @data = hash
+    end
+
+    DEFAULTS.each_key do |k|
+      define_method(k.to_sym) do
+        @data[k]
+      end
+    end
+  end
+end

data/lib/kstor/controller/authentication.rb

@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+module KStor
+  module Controller
+    # Handle user authentication and sessions.
+    class Authentication
+      def initialize(store, session_store)
+        @store = store
+        @sessions = session_store
+      end
+
+      def authenticate(req)
+        if @store.users?
+          unlock_user(req)
+        else
+          create_first_user(req)
+        end
+      end
+
+      # return true if login is allowed to access the database.
+      def allowed?(user)
+        user.status == 'new' || user.status == 'active'
+      end
+
+      def unlock_user(req)
+        if req.respond_to?(:session_id)
+          session_id = req.session_id
+          user, secret_key = load_session(session_id)
+        else
+          user = load_user(req.login)
+          secret_key = user.secret_key(req.password)
+          session = Session.create(user, secret_key)
+          @sessions << session
+          session_id = session.id
+        end
+        user.unlock(secret_key)
+
+        [user, session_id]
+      end
+
+      def load_session(sid)
+        Log.debug("loading session #{sid}")
+        session = @sessions[sid]
+        raise Error.for_code('AUTH/BADSESSION', sid) unless session
+
+        [session.user, session.secret_key]
+      end
+
+      def load_user(login)
+        Log.debug("authenticating user #{login.inspect}")
+        user = @store.user_by_login(login)
+        Log.debug("loaded user ##{user.id} #{user.login}")
+        unless user && allowed?(user)
+          raise Error.for_code('AUTH/FORBIDDEN', login)
+        end
+
+        user
+      end
+
+      def create_first_user(req)
+        raise Error.for_code('AUTH/MISSING') unless req.respond_to?(:login)
+
+        Log.info("no user in database, creating #{req.login.inspect}")
+        user = Model::User.new(
+          login: req.login, name: req.login, status: 'new', keychain: {}
+        )
+        secret_key = user.secret_key(req.password)
+        user.unlock(secret_key)
+        @store.user_create(user)
+        Log.info("user #{user.login} created")
+
+        session = Session.create(user, secret_key)
+        @sessions << session
+
+        [user, session.id]
+      end
+    end
+  end
+end

data/lib/kstor/controller/secret.rb

@@ -0,0 +1,201 @@
+# frozen_string_literal: true
+
+require 'kstor/store'
+require 'kstor/model'
+require 'kstor/crypto'
+
+module KStor
+  class SecretNotFound < Error
+    error_code 'SECRET/NOTFOUND'
+    error_message 'Secret #%s not found.'
+  end
+
+  module Controller
+    # Handle secret-related requests.
+    class Secret
+      def initialize(store)
+        @store = store
+      end
+
+      def handle_request(user, req)
+        case req.type
+        when 'secret-create' then handle_create(user, req)
+        when 'secret-search' then handle_search(user, req)
+        when 'secret-unlock' then handle_unlock(user, req)
+        when 'secret-update-meta' then handle_update_meta(user, req)
+        when 'secret-update-value' then handle_update_value(user, req)
+        when 'secret-delete' then handle_delete(user, req)
+        else
+          raise Error.for_code('REQ/UNKNOWN', req.type)
+        end
+      end
+
+      private
+
+      def handle_create(user, req)
+        meta = Model::SecretMeta.new(**req.args['meta'])
+        secret_groups = req.args['group_ids'].map { |gid| groups[gid.to_i] }
+        secret_id = create(
+          user, req.args['plaintext'], secret_groups, meta
+        )
+        Response.new('secret.created', 'secret_id' => secret_id)
+      end
+
+      def handle_search(user, req)
+        secrets = search(user, Model::SecretMeta.new(**req.args))
+        args = secrets.map do |s|
+          h = s.to_h
+          h.delete('group_id')
+          h
+        end
+        Response.new(
+          'secret.list',
+          'secrets' => args
+        )
+      end
+
+      def handle_unlock(user, req)
+        secret_id = req.args['secret_id']
+        secret = unlock(user, secret_id)
+        args = unlock_format(secret)
+
+        Response.new('secret.value', **args)
+      end
+
+      def handle_update_meta(user, req)
+        meta = Model::SecretMeta.new(req.args['meta'])
+        Log.debug("secret#handle_update_meta: meta=#{meta.to_h.inspect}")
+        update_meta(user, req.args['secret_id'], meta)
+        Response.new('secret.updated', 'secret_id' => req.args['secret_id'])
+      end
+
+      def handle_update_value(user, req)
+        update_value(user, req.args['secret_id'], req.args['plaintext'])
+        Response.new('secret.updated', 'secret_id' => req.args['secret_id'])
+      end
+
+      def handle_delete(user, req)
+        delete(user, req.args['secret_id'])
+        Response.new('secret.deleted', 'secret_id' => req.args['secret_id'])
+      end
+
+      def users
+        @users ||= @store.users
+      end
+
+      def groups
+        @groups ||= @store.groups
+      end
+
+      # in: metadata wildcards
+      # needs: private key of one common group between user and secrets
+      # out: array of:
+      #   - secret id
+      #   - secret metadata
+      #   - secret metadata and value authors
+      def search(user, meta)
+        return [] if user.keychain.empty?
+
+        @store.secrets_for_user(user.id).select do |secret|
+          unlock_metadata(user, secret)
+          secret.metadata.match?(meta)
+        end
+      end
+
+      # in: secret_id
+      # needs: private key of one common group between user and secret
+      # out: plaintext
+      def unlock(user, secret_id)
+        secret = @store.secret_fetch(secret_id, user.id)
+        group_privk = user.keychain[secret.group_id].privk
+
+        value_author = users[secret.value_author_id]
+        secret.unlock(value_author.pubk, group_privk)
+
+        meta_author = users[secret.meta_author_id]
+        secret.unlock_metadata(meta_author.pubk, group_privk)
+
+        secret
+      end
+
+      # in: plaintext, group ids, metadata
+      # needs: encrypted metadata and ciphertext for each group
+      # out: secret id
+      def create(user, plaintext, groups, meta)
+        encrypted_data = {}
+        Log.debug("secret#create: group_ids = #{groups.inspect}")
+        groups.each do |g|
+          encrypted_data[g.id] = [
+            Crypto.encrypt_secret_value(g.pubk, user.privk, plaintext),
+            Crypto.encrypt_secret_metadata(g.pubk, user.privk, meta.to_h)
+          ]
+        end
+        @store.secret_create(user.id, encrypted_data)
+      end
+
+      # in: secret id, metadata
+      # needs: every group public key for this secret, user private key
+      # out: nil
+      def update_meta(user, secret_id, partial_meta)
+        secret = @store.secret_fetch(secret_id, user.id)
+        unlock_metadata(user, secret)
+        meta = secret.metadata.merge(partial_meta)
+        group_ids = @store.groups_for_secret(secret.id)
+        group_encrypted_metadata = group_ids.to_h do |group_id|
+          group_pubk = groups[group_id].pubk
+          author_privk = user.privk
+          encrypted_meta = Crypto.encrypt_secret_metadata(
+            group_pubk, author_privk, meta.to_h
+          )
+          [group_id, encrypted_meta]
+        end
+        @store.secret_setmeta(secret.id, user.id, group_encrypted_metadata)
+      end
+
+      # in: secret id, plaintext
+      # needs: every group public key for this secret, user private key
+      # out: nil
+      def update_value(user, secret_id, plaintext)
+        secret = @store.secret_fetch(secret_id, user.id)
+        group_ids = @store.groups_for_secret(secret.id)
+        group_ciphertexts = group_ids.to_h do |group_id|
+          group_pubk = groups[group_id].pubk
+          author_privk = user.privk
+          encrypted_value = Crypto.encrypt_secret_value(
+            group_pubk, author_privk, plaintext
+          )
+          [group_id, encrypted_value]
+        end
+        @store.secret_setvalue(secret.id, user.id, group_ciphertexts)
+      end
+
+      # in: secret id
+      # needs: nil
+      # out: nil
+      def delete(user, secret_id)
+        # Check if user can see this secret:
+        secret = @store.secret_fetch(secret_id, user.id)
+        raise Error.for_code('SECRET/NOTFOUND', secret_id) if secret.nil?
+
+        @store.secret_delete(secret_id)
+      end
+
+      def unlock_format(secret)
+        args = secret.to_h
+        args['value_author'] = users[secret.value_author_id].to_h
+        args['metadata_author'] = users[secret.meta_author_id].to_h
+
+        group_ids = @store.groups_for_secret(secret.id)
+        args['groups'] = groups.values_at(*group_ids).map(&:to_h)
+
+        args
+      end
+
+      def unlock_metadata(user, secret)
+        group_privk = user.keychain[secret.group_id].privk
+        author = users[secret.meta_author_id]
+        secret.unlock_metadata(author.pubk, group_privk)
+      end
+    end
+  end
+end