secret 0.0.1

data/.gitignore

@@ -0,0 +1,20 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+
+
+.idea

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in secret.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Christopher Thornton
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,52 @@
+Secret Files
+============
+Keeps your files more secure by ensuring saved files are chmoded 0700 by the same user who is running the process.
+For example, this could be used by a Rails application to store certificates only readable by the www-data process.
+
+The secret files gem includes some fun over-engineering with file locking!
+
+## Usage
+Add to your Gemfile:
+
+```ruby
+gem 'secret'
+```
+
+Now you should set up your "default" container in an initializer:
+
+```ruby
+Secret.configure_default 'path/to/secret/dir'
+```
+
+Finally, you should now be able to put stuff into the secret directory, or read contents!
+
+```ruby
+secret = Secret.default
+
+# Save the key
+secret.some_key.stash "ThisIsSomeKey"
+
+# Get the key
+puts secret.some_key.contents
+
+# Manually seek through the file
+secret.some_key.stream do |f|
+    f.seek 1, IO::SEEK_CUR
+end
+```
+
+## How Secure is It?
+Ths is only *somewhat* secure and will provide protection against:
+
+* Someone who gains access to your server with non-root access
+* Other non-root server processes
+
+However, this will **not** protect you against:
+
+* People with root access
+* Arbitrary code execution attacks by the owner (i.e. an `eval()` gone wrong)
+
+## Other Features
+This gem also includes locking support, meaning that it should (hopefully) be resillient against multiple processes
+writing to a file. The primary reason for this is because I really wanted to try file locking. However, don't do
+anything too tricky and you should be okay.

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/lib/secret/container.rb

@@ -0,0 +1,64 @@
+module Secret
+  class Container
+
+    attr_reader :directory, :files
+
+    # Initializes a container. Does significant checking on the directory to ensure it is writeable and it exists.
+    # @param [String] directory the directory to the container
+    # @param [Boolean] auto_create if true, will attempt to create the directory if it does not exist.
+    def initialize(directory, auto_create = true)
+      @directory = directory
+
+      @files = {}
+
+      # Do some checking about our directory
+      if ::File.exist?(directory)
+        raise ArgumentError, "Specified directory '#{directory}' is actually a file!" unless ::File.directory?(directory)
+
+      # Now make our directory if auto_create
+      else
+        raise ArgumentError, "Specified directory '#{directory}' does not exist!" unless auto_create
+        Dir.mkdir(directory, Secret::CHMOD_MODE) # Only give read/write access to this user
+      end
+      raise ArgumentError, "Directory '#{directory}' is not writeable!" unless ::File.writable?(directory)
+    end
+
+    # Gets a file stored in the container.
+    # @param [Symbol] filename the name of the file.
+    # @return [Secret::File] a secret file
+    def file(filename)
+      fn = filename.to_sym
+      f  = files[fn]
+      return f unless f.nil?
+      f  = Secret::File.new(self, filename)
+      files[fn] = f
+      return f
+    end
+
+    def method_missing(meth, *args, &block)
+      super(meth, *args, &block) if args.any? or block_given?
+      return file(meth)
+    end
+
+
+    # Deletes the cache of objects
+    def uncache!
+      @files = {}
+    end
+
+    # This should be called once in some sort of initializer.
+    def initialize_once!
+      destroy_all_locks!
+    end
+
+    # Viciously destroys all locks that the file and its containers may have. Use carefully!
+    # @return [Integer] the number of files destroyed.
+    def destroy_all_locks!
+      files = Dir[::File.join(directory, '*.lock')]
+      files.each{|f| ::File.delete(f) }
+      return files.count
+    end
+
+
+  end
+end

data/lib/secret/encryption.rb

@@ -0,0 +1,45 @@
+require 'openssl'
+
+module Secret
+  module Encryption
+
+
+
+    def encrypt_basic(passphrase)
+      cipher = OpenSSL::Cipher.new('aes-256-cbc')
+      cipher.encrypt
+      key = passphrase
+      iv  = cipher.random_iv
+
+      out = StringIO.new("", "wb") do |outf|
+        StringIO.new(contents, "rb") do |inf|
+          while inf.read(4096, buf)
+            outf << cipher.update(buf)
+          end
+          outf << cipher.final
+        end
+      end
+
+      return out.string
+    end
+
+    # Checks to see if the file is encrypted
+    def encrypted?
+      ::File.exist?(encrypted_meta_filename)
+    end
+
+
+    def stash(content); raise "Not Implemented"; end
+
+    def contents; raise "Not Implemented"; end
+
+
+
+    protected
+
+    def encrypted_meta_filename
+      raise NotImplementedError, "Must implement dis!"
+    end
+
+  end
+end

data/lib/secret/file.rb

@@ -0,0 +1,187 @@
+module Secret
+
+  # Handles file operations.
+  #
+  # Note that locking operations are not perfect!
+  class File
+    include Secret::Locking
+
+    # include Secret::Encryption
+
+    attr_reader :container, :identifier
+
+    # Lock timeout in MS. Defaults to 5000 MS
+    attr_accessor :lock_timeout_ms
+
+    # Whether this current object holds the lock over the file.
+    # @return [Boolean] TRUE if this object was the one that holds the lock (i.e. created the lock), FALSE if another
+    #   object holds the lock, or the file simply isn't locked.
+    attr_reader :owns_lock
+
+    # Creates a new secret file. The specified identifier doesn't already need to exist.
+    # @param [Secret::Container] container the container object
+    # @param [Symbol] identifier an unique identifier for this container
+    def initialize(container, identifier)
+      raise ArgumentError, "Container must be a Secret::Container object" unless container.is_a?(Secret::Container)
+      @container = container; @identifier = identifier; @owns_lock = false
+      @lock_timeout_ms = Secret::Locking::DEFAULT_LOCK_WAIT_MS
+    end
+
+    # Checks whether this file actually exists or not
+    # @return [Boolean] true if the file exists (i.e. has content), false if otherwise.
+    def exist?
+      ::File.exist?(file_path)
+    end
+
+    # Gets a file stream of this file. If the file doesn't exist, then a blank file will be created. By default,
+    # this allows you to write to the file. However, please use the {#stash} command, as it accounts for mid-write
+    # crashes. Don't forget to close the file stream when you're done!
+    # @param [String] mode the mode for this file. Currently defaults to 'r+', which is read-write, with the
+    #   file pointer at the beginning of the file.
+    # @return [IO] an IO stream to this file, if not using a block
+    # @note This completely bypasses any internal locking mechanisms if not using a block!
+    # @example
+    #     file = container.some_file
+    #
+    #     # Unsafe way!
+    #     io = file.stream
+    #     io.write "Hello World!"
+    #     io.close
+    #
+    #     # Safe way, with locking support
+    #     file.stream do |f|
+    #       f.write "Hello World!"
+    #     end
+    def stream(mode = 'r+', &block)
+      touch!
+      return ::File.open(file_path, mode, Secret::CHMOD_MODE)  unless block_given?
+      wait_for_unlock(true, lock_timeout_ms) do
+        io = ::File.open(file_path, mode, Secret::CHMOD_MODE)
+        block.call(io)
+        io.close unless io.closed?
+      end
+    end
+
+
+    # Gets the contents of the file in a string format. Will return an empty string if the file doesn't exist, or the
+    # file just so happens to be empty.
+    # @return [String] the contents of the file
+    def contents
+      wait_for_unlock(false, lock_timeout_ms) do
+        io = stream
+        str = io.read
+        io.close
+      end
+      return str
+    end
+
+
+    # Creates a new file if it doesn't exist. Doesn't actually change the last updated timestamp.
+    # @return [Boolean] true if an empty file was created, false if the file already existed.
+    def touch!
+      unless exist?
+        ::File.open(file_path, 'w') {}
+        secure!
+        return true
+      end
+      return false
+    end
+
+    # Secures the file by chmoding it to 0700
+    # @raise [IOError] if the file doesn't exist on the server.
+    def secure!
+      raise IOError, "File doesn't exist" unless exist?
+      ::File.chmod(Secret::CHMOD_MODE, file_path)
+    end
+
+
+    # Stashes some content into the file! This will write a temporary backup file before stashing, in order to prevent
+    # any partial writes if the server crashes. Once this finishes executing, you can be sure that contents have been
+    # written.
+    # @param [String] content the contents to stash. **Must be a string!**
+    # @raise [ArgumentError] if content is anything other than a String object!
+    def stash(content)
+      raise ArgumentError, "Content must be a String (was type of type #{content.class.name})" unless content.is_a?(String)
+
+      # Get an exclusive lock
+      wait_for_unlock(true, lock_timeout_ms) do
+        touch!
+
+        # Think of this as a beginning of a transaction.
+
+        # Open a temporary file for writing, and close it immediately
+        ::File.open(tmp_file_path, "w", Secret::CHMOD_MODE){|f| f.write content }
+
+        # Rename the existing file path
+        ::File.rename(file_path, backup_file_path)
+
+        # Now rename the temporary file to the correct file
+        ::File.rename(tmp_file_path, file_path)
+
+        # Delete the backup
+        ::File.delete(backup_file_path)
+
+        # Committed! Secure it just in case
+        secure!
+      end
+    end
+
+    # Attempts to restore a backup (i.e. if the computer crashed while doing a stash command)
+    # @return [Boolean] true if the backup was successfully restored, false otherwise
+    def restore_backup!
+      return false if locked?
+      return false unless ::File.exist?(backup_file_path)
+
+      # Ideally we want to get an exclusive lock when doing this!
+      wait_for_unlock(true, lock_timeout_ms) do
+        # If the file actually exists, then the backup file probably wasn't deleted, so just
+        # delete the backup file.
+        if ::File.exist?(file_path)
+          ::File.delete(backup_file_path)
+          return true
+
+        # Otherwise, the temporary file probably wasn't renamed, so restore the backup and delete the temporary file
+        # if it exists. It's possible the file was corrupted in the middle of writing, so it is better to resort
+        # to an old and complete file rather than a new and possibly corrupted file.
+        else
+          ::File.rename(backup_file_path, file_path)
+          ::File.delete(tmp_file_path) if ::File.exist?(tmp_file_path)
+          return true
+        end
+      end
+    end
+
+    protected
+
+    # Gets the path of the lock file
+    def lock_file_path
+      return file_path + '.lock'
+    end
+
+
+    private
+
+    # Gets the actual file path of this container. Intentionally made private (security through obscurity)
+    # @return [String] the absolute path to where this file is
+    def file_path
+      @the_file_path = ::File.join(container.directory, identifier.to_s) if @the_file_path.nil?
+      return @the_file_path
+    end
+
+    # The path of the temporary file. Used as a temporary container for stashing. This file will then be re-named.
+    # @return [String] the path to the temporary file
+    def tmp_file_path
+      return file_path + ".tmp"
+    end
+
+    # Gets the path of the backup file
+    # @return [String] the path of the backup file
+    def backup_file_path
+      return file_path + '.bak'
+    end
+
+
+
+
+  end
+end

data/lib/secret/locking.rb

@@ -0,0 +1,142 @@
+module Secret
+
+  # Locking utilities!
+  module Locking
+
+    # By default, wait for locks for 5 seconds
+    DEFAULT_LOCK_WAIT_MS = 5000
+
+    # Locks the current file. May prevent other object instances (or processes) from reading / writing to this file.
+    # You may use this to upgrade your lock if you wish.
+    # @param [Boolean] exclusive if TRUE, holds an exclusive lock meaning that other processes cannot read or write
+    #   to the file. If FALSE, allows other files to read from the file, but not to write.
+    # @return [Boolean] true if the lock was created successfully, false if it was not (likely due to another process holding a lock,
+    #  or we already hold the lock).
+    # @note Remember to unlock the file once you are done using it!
+    def lock!(exclusive = false)
+      return false if(locked? and !owns_lock?)
+
+      # Write
+      # The file contents will be of '<exclusive bit>:<process id>'
+      lock_string = (exclusive ? '0' : '1') + ":#{Process.pid}"
+      ::File.open(lock_file_path, 'w',Secret::CHMOD_MODE) { |f| f.write lock_string }
+      @owns_lock = true
+
+      return true
+    end
+
+    # Checks to see if this file is locked. Has no indication of whether we own the lock or not.
+    # @param [Boolean] exclusive if TRUE, only checks if it's an exclusive lock
+    # @return [Boolean] true if the file is locked, false otherwise.
+    def locked?(exclusive = false)
+      return false unless ::File.exist?(lock_file_path)
+      return true unless exclusive # Don't bother checking for non-exlusive
+      ex = false
+      begin
+        # Quickly peek at the file to see if it is exclusive
+        ::File.open(lock_file_path, 'r', Secret::CHMOD_MODE) do |f|
+          ex = f.seek(1, IO::SEEK_CUR) == '1'
+          f.close
+        end
+        return ex
+      rescue Exception => e
+        return false
+      end
+    end
+
+
+    # An alias for {#owns_lock}
+    def owns_lock?
+      return owns_lock
+    end
+
+    # Unlocks this file.
+    # @return [Boolean] true if unlock was successful, false if unlock was unsuccessful (i.e. the file wasn't locked,
+    #   or we don't own the lock)
+    def unlock!
+      return false if !locked?
+      return false if !owns_lock?
+
+      ::File.delete(lock_file_path)
+      @owns_lock = false
+      return true
+    end
+
+    # Forcibly unlocks this file, regardless of whether the lock is owned
+    # @return [Boolean] true if unlock was successful, false if the file isn't locked.
+    def force_unlock!
+      return false if !locked?
+      ::File.delete(lock_file_path)
+      @owns_lock = false
+      return true
+    end
+
+
+    # Waits for the file to become unlocked for 'max_time_ms'. If file is locked for that long, then raises an
+    # {Secret::::FileLockedError}.
+    # @param [Boolean] exclusive if TRUE, waits for an exclusive lock or shared lock, and then locks with an
+    #   exclusive lock if a block is given. If FALSE, then only waits for an exclusive lock.
+    # @param [Integer] max_time_ms the maximum number of MS to wait until raising an error. If negative, waits forever.
+    # @param [Integer] sleep_ms the number of MS to sleep before polling the lock again
+    # @param [Proc] block pass a block to then execute block while locked (i.e. {#lock_and_do})
+    def wait_for_unlock(exclusive = false, max_time_ms = DEFAULT_LOCK_WAIT_MS, sleep_ms = 100, &block)
+      ms_start = (Time.now.to_f * 1000.0).to_i
+      wait_exclusive = exclusive or block_given?
+      sleep_ms = sleep_ms / 1000.0
+      while locked?(!wait_exclusive)
+        break if owns_lock?
+        sleep(sleep_ms)
+        continue if max_time_ms < 0
+        ms_new = (Time.now.to_f * 1000.0).to_i
+        if (ms_new - ms_start) > max_time_ms
+          raise Secret::FileLockedError, "Timeout of #{max_time_ms} MS exceeded while waiting for lock!"
+        end
+      end
+
+      # If we are here, waiting has finished
+      lock_and_do(exclusive, &block) if block_given?
+    end
+
+    # Locks and executes a block, then unlocks upon block execution. This will always ensure that the lock
+    # is released upon block execution, regardless of error or no.
+    # @param [Boolean] exclusive if TRUE, uses an exclusive lock. If false, uses a shared lock
+    # @raise [ArgumentError] if a block is not provided
+    # @raise [FileLockedError] if the file is locked
+    def lock_and_do(exclusive = false, &block)
+      raise ArgumentError, 'Block not given' unless block_given?
+      raise Secret::FileLockedError, 'Cannot lock a file if it is already locked!' if locked?
+      lock!(exclusive)
+      begin
+        block.call
+      rescue Exception => e
+        raise e
+      ensure
+        unlock!
+      end
+    end
+
+
+    # Gets information about the current lock:
+    #
+    #   {:pid => 123123, :exclusive => true }
+    #
+    # @return [Hash,nil] information about the current lock, or nil if no lock is present
+    def lock_info
+      return nil unless locked?
+      begin
+        str = nil
+        ::File.open(lock_file_path, 'r', Secret::CHMOD_MODE) {|f| str = f.read }
+        ex,pid = str.split ':'
+        return {:exclusive => (ex == "1"), :pid => pid.to_i}
+      rescue Exception => e
+        return nil
+      end
+    end
+
+    protected
+
+    def lock_file_path
+      raise NotImplementedError, "'lock_file_path' needs to be implemented"
+    end
+  end
+end

data/lib/secret/version.rb

@@ -0,0 +1,3 @@
+module Secret
+  VERSION = "0.0.1"
+end

data/lib/secret.rb

@@ -0,0 +1,36 @@
+require "secret/version"
+require "secret/locking"
+require "secret/file"
+require "secret/container"
+
+module Secret
+
+  # The chmod mode to use for files.
+  CHMOD_MODE = 0700
+
+  # Gets the UID of the current process
+  def self.uid
+    return Process.uid
+  end
+
+  # Gets the default container
+  # @return [Secret::Container] the default container
+  def self.default
+    raise ArgumentError, "Must call 'Secret.configure_default' before you can access the default container" unless @default
+    return @default
+  end
+
+  # Configures the default container once
+  def self.configure_default(directory, auto_create = true)
+    unless @default
+      @default = Secret::Container.new(directory, auto_create)
+      @default.initialize_once!
+      return true
+    else
+      return false
+    end
+  end
+
+  class FileLockedError < Exception; end
+
+end

data/secret.gemspec

@@ -0,0 +1,23 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'secret/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "secret"
+  spec.version       = Secret::VERSION
+  spec.authors       = ["Christopher Thornton"]
+  spec.email         = ["rmdirbin@gmail.com"]
+  spec.description   = %q{Keeps your files more secure by ensuring saved files are chmoded 0700 by the same user who is running the process.}
+  spec.summary       = %q{Keeps files more secure on server environments}
+  spec.homepage      = "https://github.com/cgthornt/secret"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+end

data/test/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gem 'secret', path: '../'

data/test/secrets/cert_key

@@ -0,0 +1 @@
+Hello World!

data/test/tester.rb

@@ -0,0 +1,10 @@
+require 'rubygems'
+require 'bundler/setup'
+
+require 'secret'
+
+Secret.configure_default 'secrets'
+
+container = Secret.default
+container.cert_key.stash "Hello World!"
+puts container.cert_key.encrypt_basic "password"

metadata

@@ -0,0 +1,103 @@
+--- !ruby/object:Gem::Specification
+name: secret
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Christopher Thornton
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-05-04 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Keeps your files more secure by ensuring saved files are chmoded 0700
+  by the same user who is running the process.
+email:
+- rmdirbin@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/secret.rb
+- lib/secret/container.rb
+- lib/secret/encryption.rb
+- lib/secret/file.rb
+- lib/secret/locking.rb
+- lib/secret/version.rb
+- secret.gemspec
+- test/Gemfile
+- test/secrets/cert_key
+- test/tester.rb
+homepage: https://github.com/cgthornt/secret
+licenses:
+- MIT
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 296992438860896651
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 296992438860896651
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.25
+signing_key: 
+specification_version: 3
+summary: Keeps files more secure on server environments
+test_files:
+- test/Gemfile
+- test/secrets/cert_key
+- test/tester.rb