yus 1.0.0

data/bin/yus_add_user

@@ -0,0 +1,72 @@
+#!/usr/bin/env ruby
+
+$: << File.expand_path('../lib', File.dirname(__FILE__))
+
+require 'drb'
+require 'drb/ssl'
+require 'password'
+require 'rclconf'
+require 'yus/session'
+require 'getoptlong'
+
+opts = []
+GetoptLong.new(
+  ['--config', '-c', GetoptLong::OPTIONAL_ARGUMENT],
+  ['--root_name', '-r', GetoptLong::OPTIONAL_ARGUMENT],
+  ['--server_url', '-u', GetoptLong::OPTIONAL_ARGUMENT],
+  ['--yus_dir', '-d', GetoptLong::OPTIONAL_ARGUMENT]
+).each { |pair|
+  opts.push(pair.join('=')[2..-1])
+}
+
+name, action, item = ARGV
+
+unless(name)
+	puts <<-EOS
+Usage: yus_add_user <username> [<action> [<item>]]
+	EOS
+  exit
+end
+
+default_dir = File.join(ENV['HOME'], '.yus')
+default_config_files = [
+  File.join(default_dir, 'yus.yml'),
+  '/etc/yus/yus.yml',
+]
+defaults = {
+  'config'			      => default_config_files,
+  'root_name'         => 'admin',
+  'server_url'        => 'drbssl://localhost:9997',
+  'yus_dir'           => default_dir,
+}
+
+config = RCLConf::RCLConf.new(opts, defaults)
+config.load(config.config)
+
+server = DRb::DRbObject.new(nil, config.server_url)
+server.ping
+
+session = nil
+begin
+  pass = Password.get("Password for #{config.root_name}: ")
+  session = server.login(config.root_name, pass.to_s, 'commandline')
+rescue Yus::YusError => e
+  puts e.message
+  retry
+end
+
+cont = nil
+callcc { |cont| }
+pass1 = Password.get("New Password for #{name}: ")
+pass2 = Password.get("Repeat Password for #{name}: ")
+
+if(pass1 != pass2)
+  puts "Passwords did not match"
+  cont.call
+end
+
+session.create_entity(name)
+session.set_password(name, pass1.to_s)
+if(action)
+  session.grant(name, action, item)
+end

data/bin/yus_delete_user

@@ -0,0 +1,58 @@
+#!/usr/bin/env ruby
+
+$: << File.expand_path('../lib', File.dirname(__FILE__))
+
+require 'drb'
+require 'drb/ssl'
+require 'password'
+require 'rclconf'
+require 'yus/session'
+require 'getoptlong'
+
+opts = []
+GetoptLong.new(
+  ['--config', '-c', GetoptLong::OPTIONAL_ARGUMENT],
+  ['--root_name', '-r', GetoptLong::OPTIONAL_ARGUMENT],
+  ['--server_url', '-u', GetoptLong::OPTIONAL_ARGUMENT],
+  ['--yus_dir', '-d', GetoptLong::OPTIONAL_ARGUMENT]
+).each { |pair|
+  opts.push(pair.join('=')[2..-1])
+}
+
+name, action, item = ARGV
+
+unless(name)
+	puts <<-EOS
+Usage: yus_delete_user <username>
+	EOS
+  exit
+end
+
+default_dir = File.join(ENV['HOME'], '.yus')
+default_config_files = [
+  File.join(default_dir, 'yus.yml'),
+  '/etc/yus/yus.yml',
+]
+defaults = {
+  'config'			      => default_config_files,
+  'root_name'         => 'admin',
+  'server_url'        => 'drbssl://localhost:9997',
+  'yus_dir'           => default_dir,
+}
+
+config = RCLConf::RCLConf.new(opts, defaults)
+config.load(config.config)
+
+server = DRb::DRbObject.new(nil, config.server_url)
+server.ping
+
+session = nil
+begin
+  pass = Password.get("Password for #{config.root_name}: ")
+  session = server.login(config.root_name, pass.to_s, 'commandline')
+rescue Yus::YusError => e
+  puts e.message
+  retry
+end
+
+session.delete_entity(name)

data/bin/yus_grant

@@ -0,0 +1,80 @@
+#!/usr/bin/env ruby
+
+$: << File.expand_path('../lib', File.dirname(__FILE__))
+
+require 'drb'
+require 'drb/ssl'
+require 'password'
+require 'rclconf'
+require 'yus/session'
+require 'getoptlong'
+
+opts = []
+command = :grant
+date = 'until'
+GetoptLong.new(
+  ['--config', '-c', GetoptLong::REQUIRED_ARGUMENT],
+  ['--root_name', '-r', GetoptLong::REQUIRED_ARGUMENT],
+  ['--server_url', '-u', GetoptLong::REQUIRED_ARGUMENT],
+  ['--yus_dir', '-d', GetoptLong::REQUIRED_ARGUMENT],
+  ['--revoke', '-R', GetoptLong::NO_ARGUMENT]
+).each { |key, value|
+	case key
+	when '--revoke'
+		command = :revoke
+    date = 'from'
+	else
+		opts.push([key, value].join('=')[2..-1])
+	end
+}
+
+name, action, item, expires = ARGV
+
+unless(action)
+	puts <<-EOS
+Usage: yus_grant <username> <action> [<item> [<expiry_time>]]
+	EOS
+  exit
+end
+
+default_dir = File.join(ENV['HOME'], '.yus')
+default_config_files = [
+  File.join(default_dir, 'yus.yml'),
+  '/etc/yus/yus.yml',
+]
+defaults = {
+  'config'			      => default_config_files,
+  'root_name'         => 'admin',
+  'server_url'        => 'drbssl://localhost:9997',
+  'yus_dir'           => default_dir,
+}
+
+time = nil
+if expires
+  if match = /(\d{1,2})\.(\d{1,2})\.(\d{4})/.match(expires.to_s)
+  time = Time.local(match[3].to_i, match[2].to_i, match[1].to_i)
+  else
+    puts <<-EOS
+expiry_date must be in the Format: mm.dd.YYYY
+    EOS
+  end
+end
+
+config = RCLConf::RCLConf.new(opts, defaults)
+config.load(config.config)
+
+server = DRb::DRbObject.new(nil, config.server_url)
+server.ping
+
+session = nil
+begin
+  pass = Password.get("Password for #{config.root_name}: ")
+  session = server.login(config.root_name, pass.to_s, 'commandline')
+rescue Yus::YusError => e
+  puts e.message
+  retry
+end
+
+session.send(command, name, action, item, time)
+puts sprintf("%sed permission to %s %s for %s %s %s", 
+             command, action, item, name, date, expires)

data/bin/yus_passwd

@@ -0,0 +1,68 @@
+#!/usr/bin/env ruby
+
+$: << File.expand_path('../lib', File.dirname(__FILE__))
+
+require 'drb'
+require 'drb/ssl'
+require 'password'
+require 'rclconf'
+require 'yus/session'
+require 'getoptlong'
+
+opts = []
+GetoptLong.new(
+  ['--config', '-c', GetoptLong::OPTIONAL_ARGUMENT],
+  ['--root_name', '-r', GetoptLong::OPTIONAL_ARGUMENT],
+  ['--server_url', '-u', GetoptLong::OPTIONAL_ARGUMENT],
+  ['--yus_dir', '-d', GetoptLong::OPTIONAL_ARGUMENT]
+).each { |pair|
+  opts.push(pair.join('=')[2..-1])
+}
+
+name = ARGV.first
+
+unless(name)
+	puts <<-EOS
+Usage: yus_passwd <username>
+	EOS
+  exit
+end
+
+default_dir = File.join(ENV['HOME'], '.yus')
+default_config_files = [
+  File.join(default_dir, 'yus.yml'),
+  '/etc/yus/yus.yml',
+]
+defaults = {
+  'config'			      => default_config_files,
+  'root_name'         => 'admin',
+  'server_url'        => 'drbssl://localhost:9997',
+  'yus_dir'           => default_dir,
+}
+
+config = RCLConf::RCLConf.new(opts, defaults)
+config.load(config.config)
+
+server = DRb::DRbObject.new(nil, config.server_url)
+server.ping
+
+session = nil
+begin
+  pass = Password.get("Password for #{config.root_name}: ")
+  session = server.login(config.root_name, pass.to_s, 'commandline')
+rescue Yus::YusError => e
+  puts e.message
+  retry
+end
+
+cont = nil
+callcc { |cont| }
+pass1 = Password.get("New Password for #{name}: ")
+pass2 = Password.get("Repeat Password for #{name}: ")
+
+if(pass1 != pass2)
+  puts "Passwords did not match"
+  cont.call
+end
+
+session.set_password(name, pass1.to_s)

data/bin/yus_show

@@ -0,0 +1,65 @@
+#!/usr/bin/env ruby
+
+$: << File.expand_path('../lib', File.dirname(__FILE__))
+
+require 'drb'
+require 'drb/ssl'
+require 'password'
+require 'rclconf'
+require 'yus/session'
+require 'getoptlong'
+
+opts = []
+recursive = false
+GetoptLong.new(
+  ['--config', '-c', GetoptLong::REQUIRED_ARGUMENT],
+  ['--root_name', '-r', GetoptLong::REQUIRED_ARGUMENT],
+  ['--server_url', '-u', GetoptLong::REQUIRED_ARGUMENT],
+  ['--yus_dir', '-d', GetoptLong::REQUIRED_ARGUMENT],
+  ['--recursive', '-R', GetoptLong::NO_ARGUMENT]
+).each { |key, value|
+	case key
+	when '--recursive'
+		recursive = true
+	else
+		opts.push([key, value].join('=')[2..-1])
+	end
+}
+
+name = ARGV.first
+
+unless(name)
+	puts <<-EOS
+Usage: yus_show <username>
+	EOS
+  exit
+end
+
+default_dir = File.join(ENV['HOME'], '.yus')
+default_config_files = [
+  File.join(default_dir, 'yus.yml'),
+  '/etc/yus/yus.yml',
+]
+defaults = {
+  'config'			      => default_config_files,
+  'root_name'         => 'admin',
+  'server_url'        => 'drbssl://localhost:9997',
+  'yus_dir'           => default_dir,
+}
+
+config = RCLConf::RCLConf.new(opts, defaults)
+config.load(config.config)
+
+server = DRb::DRbObject.new(nil, config.server_url)
+server.ping
+
+session = nil
+begin
+  pass = Password.get("Password for #{config.root_name}: ")
+  session = server.login(config.root_name, pass.to_s, 'commandline')
+rescue Yus::YusError => e
+  puts e.message
+  retry
+end
+
+puts session.show(name, recursive)

data/bin/yusd

@@ -0,0 +1,99 @@
+#!/usr/bin/env ruby18
+
+$: << File.expand_path('../lib', File.dirname(__FILE__))
+
+require 'rclconf'
+require 'logger'
+require 'drb'
+require 'drb/ssl'
+require 'drb/timeridconv'
+require 'digest/sha2'
+
+default_dir = File.join(ENV['HOME'], '.yus')
+default_config_files = [
+  File.join(default_dir, 'yus.yml'),
+  '/etc/yus/yus.yml',
+]
+defaults = {
+  'cleaning_interval' =>  300,
+  'config'			      => default_config_files,
+  'db_name'           => 'yus',
+  'db_user'           => 'yus',
+  'db_auth'           => 'yus',
+  'db_backend'        => :psql,
+  'digest'            => Digest::SHA256,
+  'log_file'          => STDERR,
+  'log_level'         => 'INFO',
+  'persistence'       => 'odba',
+  'root_name'         => 'admin',
+  'root_pass'         => nil,
+  'server_url'        => 'drbssl://localhost:9997',
+  'session_timeout'   => 300,
+  'ssl_key'           => File.expand_path('../data/yus.key', 
+                                          File.dirname(__FILE__)),
+  'ssl_cert'          => File.expand_path('../data/yus.crt', 
+                                          File.dirname(__FILE__)),
+  'token_lifetime'    => 30,
+  'yus_dir'           => default_dir,
+}
+
+config = RCLConf::RCLConf.new(ARGV, defaults)
+config.load(config.config)
+
+require File.join('yus', 'persistence', config.persistence)
+persistence = nil
+case config.persistence
+when 'odba'
+  require 'odba/connection_pool'
+  require 'odba/drbwrapper'
+  DRb.install_id_conv ODBA::DRbIdConv.new
+  ODBA.storage.dbi = ODBA::ConnectionPool.new("DBI:pg:#{config.db_name}",
+                                             config.db_user, config.db_auth)
+  ODBA.cache.setup
+  persistence = Yus::Persistence::Odba.new
+when 'og'
+  DRb.install_id_conv DRb::TimerIdConv.new
+  Og.setup({
+    :name     => config.db_name,
+    :user     => config.db_user,
+    :password => config.db_auth,
+    :store    => config.db_backend,
+    :evolve_schema => true,
+  })
+  persistence = Yus::Persistence::Og.new
+end
+
+log_file = config.log_file
+if(log_file.is_a?(String))
+	FileUtils.mkdir_p(File.dirname(log_file))
+	log_file = File.open(log_file, 'a')
+	at_exit { log_file.close }
+end
+logger = Logger.new(log_file)
+logger.level = Logger.const_get(config.log_level)
+
+begin
+  server = Yus::Server.new(persistence, config, logger)
+  server.extend(DRbUndumped)
+
+  url = config.server_url
+  drbconf = {}
+  case url
+  when /drbssl/
+    keypath = File.expand_path(config.ssl_key, config.yus_dir)
+    certpath = File.expand_path(config.ssl_cert, config.yus_dir)
+    drbconf.update({      
+      :SSLPrivateKey => OpenSSL::PKey::RSA.new(File.read(keypath)),
+      :SSLCertificate => OpenSSL::X509::Certificate.new(File.read(certpath)),
+    })
+  end
+  url.untaint
+  DRb.start_service(url, server, drbconf)
+  $SAFE = 1
+	logger.info('start') { 
+		sprintf("starting yus-server on %s", url) }
+  DRb.thread.join
+rescue Exception => error
+	logger.error('fatal') { error }
+	raise
+end

data/config.save

@@ -0,0 +1,12 @@
+site-ruby=$prefix/lib/ruby/site_ruby/1.8
+prefix=/usr
+ruby-prog=/usr/bin/ruby18
+ruby-path=/usr/bin/ruby18
+make-prog=make
+site-ruby-common=$prefix/lib/ruby/site_ruby
+rb-dir=$site-ruby
+without-ext=no
+std-ruby=$prefix/lib/ruby/1.8
+bin-dir=$prefix/bin
+data-dir=$prefix/share
+so-dir=$prefix/lib/ruby/site_ruby/1.8/i686-linux

data/data/yus.crt

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICHTCCAYagAwIBAgIJALnXcbCr3dHVMA0GCSqGSIb3DQEBBAUAMFUxGzAZBgNV
+BAoTEkFwYWNoZSBIVFRQIFNlcnZlcjEiMCAGA1UECxMZRm9yIHRlc3RpbmcgcHVy
+cG9zZXMgb25seTESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTA1MDIyODEwMjAyM1oX
+DTA2MDIyODEwMjAyM1owTDEbMBkGA1UEChMSQXBhY2hlIEhUVFAgU2VydmVyMRkw
+FwYDVQQLExBUZXN0IENlcnRpZmljYXRlMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMDjFc5w4Mb9F0Yy0j8/rwpNm/FrhQPL
++5PCT0QqtpFHfLrszQ1Wp9etBPETjZe9Oxrf1D0SQAqxTU60DRAM8igoxYF03pqc
+Z3A2xYBoNAPMSLwtu75cJdpMh5RFzFQVsxEcFyMeB/lrea/LK+YTZ9qyQuPYQnBp
+mZmTZ3Fwlo/JAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAFEc/4uz2PoI9KmZ6ITIf
+iQRmaRIfd1VvsRbWfsYUEv2WWO1Bv78vKFcwwo7chgXwGLSprbTd+9HOcECb31fP
+eGknXjq4kJPhjZhPh4cab+AzGvg5Ob83TL4TyWRFUP1c2MHx6ajpFeT1t9PhRgxC
+tIZ39AqhN+8w6K9TNz/3/Zc=
+-----END CERTIFICATE-----

data/data/yus.key

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDA4xXOcODG/RdGMtI/P68KTZvxa4UDy/uTwk9EKraRR3y67M0N
+VqfXrQTxE42XvTsa39Q9EkAKsU1OtA0QDPIoKMWBdN6anGdwNsWAaDQDzEi8Lbu+
+XCXaTIeURcxUFbMRHBcjHgf5a3mvyyvmE2faskLj2EJwaZmZk2dxcJaPyQIDAQAB
+AoGAfcGQLhAZ/KJ10ibAPMxgau8+hJ/9EQSk+SjuVRsj/IQHJjfNWKzusQb0+dgt
+sIiHSHY2AbssVcxTAsUQ3y4Rkklm2FJtOr6tCIANyW4R7HGrd8me56n0KqcvKmzQ
+ETvpN0TdxIkkdVL0WYQ3zE9nHEkhwhSFFiONQHH6z2JBIiECQQD6o6S39UAcWGY8
+LA8BLTPt1kFAXO1Vof++rtYfx65/nTU3Map3in44BzPYUBcMZP8nlVorJPbLILO6
+LSu9AaBnAkEAxQM5VUyWfI+kn0DC9UQZzhpsCcDgNucLItqBrv2ETFpJF7iZcRbG
+KzFqNfRMXztYo/MExgtXWC9Y+9B67C9wTwJAFc2Idawy8IRMGG3ovDx3aPgbYwLy
+bmGSQr8ox0jyiA1f5LZAUvfMNQmDXAzThHOAsqvOVTR494CXwdlOFbn/fwJBAIi4
+wQwSN4lAAmXGgsXFOgdPTNTD9pYDZzYL39258BswuPLuWAYkYOhOxb+lx257d/tn
+RlPOQRJg4Wb3+qZ4EX8CQQCU5EFsB5txBBrZMgKIta7gpnv7J7HS7xJ6/dYpEr98
+2Wmu/Tj4iquoldgWpc8+QUJsZc0i1QMJDkeNP8pOzoHx
+-----END RSA PRIVATE KEY-----