Module: Reedb

Included in:
Config::Master, Config::Vault, Core, Daemon, Vault
Defined in:
lib/reedb/config.rb,
lib/reedb.rb,
lib/reedb/datafile.rb,
lib/reedb/reevault.rb,
lib/reedb/constants.rb,
lib/reedb/debouncer.rb,
lib/reedb/security/aes.rb,
lib/reedb/utils/logger.rb,
lib/reedb/utils/version.rb,
lib/reedb/security/tokens.rb,
lib/reedb/utils/utilities.rb,
lib/reedb/security/twofish.rb,
lib/reedb/utils/meta_vault.rb,
lib/reedb/errors/exit_errors.rb,
lib/reedb/security/multifish.rb,
lib/reedb/security/encryption.rb,
lib/reedb/security/certificate.rb,
lib/reedb/security/secure_hash.rb

Overview

Salted password hashing with SHA2. Authors: @RedragonX (dicesoft.net), havoc AT defuse.ca

@SpaceKookie, spacekookie AT c-base.org

www: crackstation.net/hashing-security.htm

Defined Under Namespace

Modules: Config, Core, Daemon, Vault Classes: Certificates, DaemonLogger, DataFile, Debouncer, Fish, MCypher, MLE, MetaVault, RAES, ReeVault, SecureHash, SecurityUtils, Timestamp, TokenFactory, Utilities, VaultConfig, VaultLogger, Version1, Version_spec

Constant Summary collapse

VERSION =

The version of reedb. This is actually written into vaults to identify breaking changes and using an older sub-set of the API to interact with legacy vaults.

'0.11.2'
NET_PORT = 
55736
TOKEN_BYTE_SIZE =

in bytes

8
DEFAULT_PATH =

Placeholder

'__sysmas__'
FILE_CACHE_TIME =

Time in ms

2500
DEBOUNCE_DELTA =

Debounce constants

2.5
KEY_CACHE_TIME =

2500 ms

(15 * 60)
THREAD_TIMEOUT_TIME = 
DEBOUNCE_DELTA * 1.0125
DEB_ADD =

Debouncer markers

:add
DEB_REM = 
:remove
CERT_PATH = 
'reedb.crt'
KEY_PATH = 
'reedb.key'
EXIT_STILL_LOCKED =

Exit codes to be used throughout the API

0x10
EXIT_OS_PARSE = 
0x11
EXIT_PANIC_INTERUPT =

Severe panic codes

0x31
EXIT_MISSING_USER_CODE = 
0x32
EXIT_CORRUPT_FS = 
0x33
EXIT_HTTP_MALFUNCT = 
0x34
@@archos =

Returns

nil
@@pw_length = 
-1
# @return [Integer] the minimum passphrase length is
@@verbose = 
false
@@daemon = 
true

Class Method Summary collapse

Class Method Details

.archosString

Returns the platform/ architecture of the daemon and vault handler.

Returns:

  • (String)

    the platform/ architecture of the daemon and vault handler



234
235
236
 
# File 'lib/reedb.rb', line 234

def archos;
	@@archos
end

.daemon?Bool

Returns whether Reedb is running as a daemon.

Returns:

  • (Bool)

    whether Reedb is running as a daemon



253
254
255
 
# File 'lib/reedb.rb', line 253

def daemon?
	@@archos
end

.included(api) ⇒ Object 



38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
 
# File 'lib/reedb.rb', line 38

def self.included(api)
	class << api

		@@counter = 0
		@@started = false

		# Some more runtime variables
		@@path = Reedb::DEFAULT_PATH
		@@config_path = Reedb::DEFAULT_PATH
		@@no_token = false
		@@verbose = false
		@@pw_length = -1
		@@cleanup = true
		@@daemon = true
		@@archos = nil
		@@lock_file = nil

		# Stores the active vaults
		@@active_vaults = {}

		# Stores the active tokens
		@@tokens = {}

		# Stores the master configuration
		@@config = nil

		# PRIVATE FUNCTIONS BELOW
		private

		@@debouncer = nil
		# @return [Object] Debouncer class to handle updates on vaults
		def debouncer;
			@@debouncer
		end

		@@debounce_thread = nil
		# @return [Object] Debouncer THREAD! to handle updates on vaults
		def debounce_thread;
			@@debounce_thread
		end

		# Method that gets called whenever a change to the currently active vault set occurs.
		# It will give change information to the debounce handler that then updates it's secondary vault set
		# for debouncing.
		# This can UNDER NO CIRCUMSTANCES (!) ever be called from an outside source!
		#
		# @param [String] uuid of the vault
		# @param [String] token for the vault
		# @param [Enum] marker to describe what to do
		#
		# @return nil
		#
		def mirror_debounce(uuid, token, marker)
			return @@debouncer.add_vault(uuid, token) if marker == Reedb::DEB_ADD
			return @@debouncer.remove_vault(uuid) if marker == Reedb::DEB_REM
		end

		# Generates an authentication token for vault access.
		# The function also adds the token, bound to the vault name, to the
		# @@tokens set.
		#
		# Params: 	'name' of the vault
		# 					'path' of the vault
		#
		# @return [String] Base64 encoded token
		#
		def generate_token(uuid, path, permanent = false)
			puts '[WARN] Not implemented!' if permanent

			# Concatinates the token together and base64 encodes it
			token = Base64.encode64("#{SecureRandom.base64(Reedb::TOKEN_BYTE_SIZE)}--#{uuid}--#{SecureRandom.base64(Reedb::TOKEN_BYTE_SIZE)}--#{path}--#{SecureRandom.base64(Reedb::TOKEN_BYTE_SIZE)}")
			token.delete!("\n")

			@@tokens[token] = [] unless @@tokens.include?(token)
			@@tokens[token] << uuid

			update_tracked_vault(uuid, nil, nil, nil, token)
			return token
		end

		# Writes a vault into a tracking file for the user
		# That means that the vault will be tracked next time
		# Reedb starts
		#
		# Params: 	name => Public vault name
		# 					path => Location on the system
		# 					tokens => Authentication token for applications
		#
		def track_vault(name, path, size, uuid)
			@@config[:vaults][uuid] = {} unless @@config[:vaults].include?(uuid)

			# Adds actual size as soon as the vault gets unlocked by an application
			@@config[:vaults][uuid][:meta] = MetaVault.new("#{name}", "#{path}", size, uuid)
			@@config[:vaults][uuid][:tokens] = [] unless @@config[:vaults][uuid][:tokens]
			@@config[:vaults][uuid][:tokens] = [] # Do I need this?

			write_config
		end

		def untrack_vault(uuid)
			@@config[:vaults].delete(uuid) if @@config[:vaults].include?(uuid)
			write_config
		end

		def update_tracked_vault(uuid, name, path, size, token)
			token.delete!("\n")
			(puts 'ERROR! UUID not in config!'; return nil) unless @@config[:vaults].include?(uuid)

			@@config[:vaults][uuid][:meta].name = name if name
			@@config[:vaults][uuid][:meta].path = path if path
			@@config[:vaults][uuid][:meta].size = size if size

			@@config[:vaults][uuid][:tokens] = [] unless @@config[:vaults][uuid][:tokens]
			@@config[:vaults][uuid][:tokens] << token if token

			write_config
		end

		# Removes a token from a vault config thus removing any access that token had.
		#
		def remove_token(uuid, token)
			token.delete!("\n")
			return nil unless @@config[:vaults].include?(uuid)
			return nil unless @@config[:vaults][uuid][:tokens].include?(token)

			@@config[:vaults][uuid][:tokens].delete(token)
			write_config
		end

		# Caches the config file to @@config
		#
		#
		def cache_config
			# Now read vault information and put it into @@active_vaults field
			if File.exist?("#{@@config_path}")
				read_config
			else
				# Creates some dummy info
				@@config = {}
				@@config[:global] = {}
				@@config[:global][:logs] = :default
				@@config[:vaults] = {}

				# Writes the config to file with Base64 encoding
				write_config
				FileUtils::chmod_R(0744, "#{@@config_path}")
			end

			check_vault_integreties if @@cleanup

			# At this point @@config has been loaded
			vault_count = @@config[:vaults].size
			DaemonLogger.write("Found #{vault_count} vault(s) on the system.", 'debug')
		end

		# Check vault integreties here!
		# Will try every vault in the config and remove the ones that are no longer
		# available to avoid errors and access corruptions
		#
		def check_vault_integreties
			# Vaults that will be marked for removal
			marked = []
			@@config[:vaults].each do |uuid, data|
				unless ReeVault.new(data[:meta].name, data[:meta].path, :auto).try?
					marked << uuid
				end
			end

			marked.each do |uuid|
				# puts "Removing: #{uuid}"
				DaemonLogger.write("Removing corrupted vault #{uuid}", 'warn')
				@@config[:vaults].delete(uuid)
			end

			# Now save the mess you've made.
			write_config
		end

		def write_config
			data = Marshal.dump(@@config)
			File.open(@@config_path, 'wb+') { |file| file.write(data) }
			read_config
		end

		def read_config
			data = File.open(@@config_path, 'rb').read
			@@config = Marshal.load(data)
		end
	end # Implicit required file, not inspected
end

.passlengthInteger

Returns the minimum passphrase length is.

Returns:

  • (Integer)

    the minimum passphrase length is



240
241
242
 
# File 'lib/reedb.rb', line 240

def passlength;
	@@pw_length
end

.verbose?Bool

Returns whether verbose mode is enabled.

Returns:

  • (Bool)

    whether verbose mode is enabled



246
247
248
 
# File 'lib/reedb.rb', line 246

def verbose?;
	@@archos
end