wikk_password 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 01e1a95e77b30e4ca4435718e0a186724e5ac834
+  data.tar.gz: 72607fb401d8d0b150878c430348be5712a7b3b2
+SHA512:
+  metadata.gz: f06e56560d9d71f61b6e1a115939049d68ceccd7742c3494985c5bb42a6bdfbe16d022df43f50b33f0c890038286b183056295353ec797c3e6a11fd92fafcf96
+  data.tar.gz: 466f382cbbb6a74af37be700ceb140c6c1bafcf999c80edcc90807dad571efa76af9cb765e365935ba584c323b57ebff3e9f9a62f74e31582afc3952e333b862

data/History.txt

@@ -0,0 +1,2 @@
+robertburrowes	Wed Jun 22 21:16:24 2016 +1200
+	first commit

data/Manifest.txt

@@ -0,0 +1,5 @@
+History.txt
+Manifest.txt
+README.md
+Rakefile
+lib/wikk_password.rb

data/README.md

@@ -0,0 +1,73 @@
+# wikk_password
+
+* http://wikarekare.github.com/wikk_password/
+* Source https://github.com/wikarekare/wikk_password
+* Gem https://rubygems.org/gems/wikk_password
+
+## DESCRIPTION:
+
+Reads/writes password file entries of format user:password and provides tests for password validity.
+Works with standard unix password types, clear text for testing, and decryptable AES_256_CBC.
+
+## FEATURES/PROBLEMS:
+
+*Should have locking around the changes to the password file, but haven't gotten around to the Lockfile gem yet.
+
+## SYNOPSIS:
+
+conf = WIKK::Configuration.new('test.js')
+```
+require 'wikk_password'
+require 'wikk_configuration
+
+rachel = WIKK::Password.new('rachel', conf)
+```
+###Sample password file entry
+```
+rob:$aes256$cxpzz9BMCOvyqfyngashHA==$Z9qOyqgMa4V7ffnI0NOjIhPv+ObAfhC0vyNPXoR5bbw=
+```
+###Sample Configuration file (or equivalent Ruby hash or any class with attr_reader :passwordFile, :encryption, :key )
+```
+{
+  "passwordFile": "passwd",
+  "encryption": "aes256", //"none"
+  "key": "kzyE95G6OTkvteywPkhvP0Y9RhM8tZxQMnCOTH7LXrA="
+}
+```
+
+## REQUIREMENTS:
+
+###Gem requires
+* require 'unix_crypt'
+* require 'wikk_aes_256'
+
+## INSTALL:
+
+* sudo gem install unix_crypt wikk_aes_256 wikk_password
+
+## LICENSE:
+
+(The MIT License)
+
+Conversion of original wikarekare library to gem
+
+Copyright (c) 2004-2016
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,30 @@
+# -*- ruby -*-
+
+require 'rubygems'
+require 'hoe'
+Hoe.plugin :yard
+
+Hoe.spec 'wikk_password' do 
+  self.readme_file = "README.md"
+  self.developer( "Rob Burrowes","r.burrowes@auckland.ac.nz")
+  remote_rdoc_dir = '' # Release to root
+  
+  self.yard_title = 'wikk_password'
+  self.yard_options = ['--markup', 'markdown', '--protected']
+  
+  self.dependency "unix_crypt", [">= 1.3.0"]
+  self.dependency "wikk_aes_256", [">= 0.1.4"]
+end
+
+
+#Validate manfest.txt
+#rake check_manifest
+
+#Local checking. Creates pkg/
+#rake gem
+
+#create doc/
+#rake docs  
+
+#Copy up to rubygem.org
+#rake release VERSION=1.0.1

data/lib/wikk_password.rb

@@ -0,0 +1,167 @@
+module WIKK 
+  require 'wikk_aes_256'
+  require 'digest/sha2'
+  require 'unix_crypt'
+  require 'base64'
+  
+  #READS/WRITES our private password file entries.
+  # @attr_reader [String] user the decrypted text
+  # @attr_reader [String] password the encrypted password, in form $type$initial_vector$encrypted_text
+  class Password
+    VERSION = '0.1.0'
+
+    attr_reader :user, :password
+    
+    #New. Fetches a user entry from the password file, or creates a new user (call via Passwd::add_user)
+    #  @param user [String] User name to fetch from password file, or to create, if new_user == true
+    #  @param config [WIKK:Configuration] or hash or class with attr_readers :passwordFile, :encryption, :key
+    #  @param new_user [Boolean] If true, then the user shouldn't be in password file.
+    #  @return [WIKK::Password]
+    #  @raise [IndexError] if the user entry exists.
+  	def initialize(user, config, new_user=false)
+      if config.class == Hash
+        sym = config.each_with_object({}) { |(k,v),h| h[k.to_sym] = v }
+        @config = Struct.new(*(k = sym.keys)).new(*sym.values_at(*k))
+      else
+    	  @config = config
+      end
+  	  raise IndexError, "User \"#{user}\" not found" if getpwnam(user) == false && !new_user
+  	end
+  	
+  	#Sets the user password, but does not save this. You must call save().
+  	#  @param password [String] the clear text password to encypt
+  	#  @return [String] the password file password entry.
+    def set_password(password) 
+      @password = encrypt(password, @config.encryption)
+    end
+    
+    #Compare an SHA256 hashed password + challenge with this users password
+    #  @param challenge [String] a random string, sent to the remote client, added to the password, and SHA256 hashed
+    #  @param response [String] the remote clients hex_SHA256(password + challenge)
+    #  @return [Boolean] True if the users password matches the one that created the response.
+    #  @note The password entry must be decryptable, not a UNIX style hash.
+    #  @raise [ArgumentError] if the encryption method is unknown.
+    def valid_sha256_response?(challenge, response)
+      return response == Digest::SHA256.digest(decrypt + challenge).unpack('H*')[0]
+    end
+      
+    #Compares the password with the user's password by encrypting the password passed in
+    #  @param password [String] The clear text password
+    #  @return [Boolean] True if the passwords match
+    #  @raise [ArgumentError] if the encryption method is unknown.
+    def valid?(ct_password)
+      ignore,encryption,iv,password = @password.split('$')
+      encryption = DES if ignore != '' #No $'s in DES password, so ignore has text.
+      case encryption
+      when 'ct'; return ct_password == @password
+      when 'aes256'; return encrypt(ct_password, encryption, iv) == @password
+      when 'DES'; return UnixCrypt.valid?(ct_password, @password) 
+      when 'MD5','1','SHA256','5','SHA512','6'; return UnixCrypt.valid?(ct_password, @password)
+      else raise ArgumentError, "Unsupported encryption algorithm $#{encryption}"
+      end
+    end
+    
+    #Adds a user to the password file
+    #  @param user [String] New user name. Raises an error if the user exists
+    #  @param password [String] Clear text password. Raises an error if this is nil or ''
+    #  @note Modifies the password file.
+    #  @raise [IndexError] if the user entry exists.
+    #  @raise [ArgumentError] if the password is nil or empty.
+    def self.add_user(user,password,config)
+      user_record = self.new(user, config, true)
+      raise IndexError, "User \"#{user}\" is already present"  if user_record.password != nil
+      raise ArgumentError, "Password can't be empty" if password == nil || password == ''
+      user_record.set_password(password)
+      user_record.save
+    end
+        
+    #Saves changes or a new user entry into the password file
+    def save
+      loadfile
+      @pwent[@user] = @password
+      writefile
+    end
+    
+    #Outputs password file entry as a string
+    #  @return [String] password file entry.
+    def to_s
+      "#{@user}:#{@password}"
+    end
+
+  	private
+  	
+  	#Fetch a password file entry by user's name
+  	#  @param user [String] user name
+  	#  @return [Boolean] True if user entry exists
+  	def getpwnam(user)
+  	  loadfile
+  	  @user = user
+  	  @password = @pwent[@user]
+  	  return @password != nil #i.e. Found a user entry
+	  end
+	  
+	  #Read the password file into the @pwent hash
+  	def loadfile
+  	  @pwent = {}
+  	  File.open(@config.passwordFile, "r") do |fd|
+  	    fd.each do |line|
+  	      tokens = line.chomp.split(/:/)
+  	      @pwent[tokens[0]] = tokens[1] if tokens[0] != ''
+	      end
+      end
+    end
+    
+	  #Overwrite the password file from the @pwent hash
+  	def writefile
+  	  File.open(@config.passwordFile, "w+") do |fd|
+  	    @pwent.each do |k,v|
+  	      fd.puts "#{k}:#{v}"
+	      end
+      end
+    end
+    
+  	#Encrypts a clear text password
+  	#  @param password [String] The clear text password
+  	#  @param challenge [String] Norm
+    #  @raise [ArgumentError] if the encryption algorithm isn't known.
+    def encrypt(password,  algorithm = "aes256", pwd_iv = nil)
+      case algorithm
+      when "aes256"
+        password,key,iv = WIKK::AES_256.cipher_to_s(password, @config.key, pwd_iv)
+        return "$aes256$#{iv}$#{password}"
+      when "DES"
+        return UnixCrypt::DES.build(password)
+      when "MD5","1" #Unix passward digest, which is multiple hashes
+        return UnixCrypt::MD5.build(password)
+      when "SHA256","5" #Unix passward digest, which is multiple hashes
+        return UnixCrypt::SHA256.build(password)
+      when "SHA512","6" #Unix passward digest, which is multiple hashes
+        return UnixCrypt::SHA512.build(password)
+      when 'ct' #ct == clear text
+        return "$ct$$#{password}"
+      else
+        raise ArgumentError, "Unsupported Encryption algorithm #{@config.encryption}"
+      end
+    end
+    
+    #Decrypts @password, if this is possible
+    #  @return [String] the clear text password
+    #  @raise [ArgumentError] if the encryption type can't be decrypted.
+    def decrypt
+      ignore,encryption,iv,password = @password.split('$')
+      case encryption
+      when 'ct' ; password
+      when 'aes256'
+        ct_password, ct_key, ct_iv = WIKK::AES_256.decrypt(password, true, @config.key, iv)
+        return ct_password
+      else
+        raise ArgumentError, "Unsupported decryption algorithm #{@config.encryption}"
+      end
+    end
+  end
+end
+
+
+
+
+

metadata

@@ -0,0 +1,117 @@
+--- !ruby/object:Gem::Specification
+name: wikk_password
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Rob Burrowes
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-06-22 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: unix_crypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.3.0
+- !ruby/object:Gem::Dependency
+  name: wikk_aes_256
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.1.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.1.4
+- !ruby/object:Gem::Dependency
+  name: hoe-yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.1.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.1.2
+- !ruby/object:Gem::Dependency
+  name: hoe
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.15'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.15'
+description: |-
+  Reads/writes password file entries of format user:password and provides tests for password validity.
+  Works with standard unix password types, clear text for testing, and decryptable AES_256_CBC.
+email:
+- r.burrowes@auckland.ac.nz
+executables: []
+extensions: []
+extra_rdoc_files:
+- History.txt
+- Manifest.txt
+- README.md
+files:
+- History.txt
+- Manifest.txt
+- README.md
+- Rakefile
+- lib/wikk_password.rb
+homepage: http://wikarekare.github.com/wikk_password/
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options:
+- "--markup"
+- markdown
+- "--protected"
+- "--title"
+- wikk_password
+- "--quiet"
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Reads/writes password file entries of format user:password and provides tests
+  for password validity
+test_files: []