Menu
▾
▴
Tree [4f5d28] master / History
Thomas Knox
Read Me
*********************************************************************
* What is this? *
*********************************************************************
It's an enterprise class password management system, in a self-contained library. It uses a heirarchy of Groups, which hold Hosts, which hold Resources. This can be thought of as the following:
You have Datacenter D, which contains Server S. Server S has logins for users "root" and "user". This would be stored as:
Group: Datacenter D
Host: Server S, belonging to group Datacenter D
Resource: root, belonging to host Server S
Resource: user, belonging to host Server S
You can have an unlimited (limited only by the storage space on the server) number of groups, hosts and resources.
You can define multiple Types (e.g. Generic, Windows, Linux, Cisco, etc) and each Host is associated with a Type.
You can define different allowed Encodings for password generation for each Type. E.g. Type "Cisco" might only allow "a-z", "A-Z" and "0-9", while Type "Linux" might allow "a-z", "A-Z", "0-9" and "!@#$%^&*(),./?:;"
You can store large amounts of miscellany information within each resource, if needed.
*********************************************************************
* Why would you want to use this? *
*********************************************************************
There are NO external dependancies. Everything required is in the library.
NOTE: This library includes sqlite3 <http://sqlite.org/> and polarssl <http://www.polarssl.org/>.
It's secure. Plain text goes in, plain text comes out. Everything that is stored is saved with AES-256 and SHA-512 using the tested polarssl routines. Nothing is stored in plain text, ever.
It's FAST!
It has a very low memory overhead. Memory is allocated only when required, and freed the moment it isn't needed anymore.
It has a large amount of error checking built-in, with any error conditions noted and logged.
It compiles with "gcc -Wall" and produces NO errors or warnings.
According to valgrind, there are NO memory leaks within the library:
valgrind --tool=memcheck --leak-check=full --show-reachable=yes
==6111== HEAP SUMMARY:
==6111== in use at exit: 0 bytes in 0 blocks
==6111== All heap blocks were freed -- no leaks are possible
==6111== ERROR SUMMARY: 0 errors from 0 contexts
It's fully thread-safe. It uses fine-grained mutexes and database locking only when required.
It's a fully transactional database using sqlite3 with full foreign key enforcement, journaling and rollbacks. If anything fails to insert, update or delete because of constraints, violations or any other errors, the database will remain in a valid, consistant state, and the exact error condition will be logged.
It's maintenance free. All database maintenance happens automatically within the library.
It allows for unlimited accounts, each with specific access.
It supports multiple access levels, allowing for fine-grained control of which users are allowed to perform different functions.
It's fully audited, creating an extensive log of every action that occurs, and which user performed it.
It's fully searchable and indexed. All searches are limited by the users access level, so they will only see what they are allowed to see.
Did I mention that it's FAST?
*********************************************************************
* How do you use it? *
*********************************************************************
Short answer:
#include <libpwmanager.h>
main()
{
PWmanager *PWManager=NULL;
if(_pw_initializeAll(&PWManager, "This is my AES encryption key!", \
"/my/database/file", "/my/log/file") != 0)
{
fprintf(stderr, "\nError initializing libpwmanager, aborting.\n");
fprintf(stderr, "Please check the system log and console output for any errors.\n\n");
exit(-1);
}
// Do something.... Probably in a loop until requested to close. :)
_pw_shutdownAll(PWManager);
}
gcc -O2 -Wall -lpwmanager -ldl -lpthread -o myapp myapp.c
Long answer:
Read the API documentation.
