ipso 2.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157
  1. #!/bin/rc
  2. if(! ~ $service terminal){
  3. echo >[1=2] ipso should be run only on the terminal
  4. exit terminal
  5. }
  6. path=(/bin)
  7. home=(/tmp)
  8. editor = (acme -c1)
  9. name = secstore
  10. get = secstoreget
  11. put = secstoreput
  12. edit = no
  13. load = no
  14. flush = no
  15. fn secstoreget{
  16. auth/secstore -i -g $1 <_password
  17. }
  18. fn secstoreput{
  19. auth/secstore -i -p $1 <_password
  20. }
  21. fn aesget{
  22. if(! ~ $1 /*){
  23. echo >[1=2] ipso: aescbc requires fully qualified pathname
  24. exit usage
  25. }
  26. auth/aescbc -i -d < $1 > `{basename $1} <[3] _password
  27. }
  28. fn aesput{
  29. auth/aescbc -i -e > $1 < `{basename $1} <[3] _password
  30. }
  31. fn editedfiles{
  32. if(~ $get aesget){
  33. for(i in $files)
  34. if(ls -tr | sed '1,/^_timestamp$/d' | grep -s '^'^`{basename $i}^'$')
  35. echo $i
  36. }
  37. if not
  38. ls -tr | sed '1,/^_timestamp$/d'
  39. }
  40. while(~ $1 -*){
  41. switch($1){
  42. case -s
  43. editor = sam
  44. case -a
  45. name = aescbc
  46. get = aesget
  47. put = aesput
  48. case -f
  49. flush = yes
  50. case -e
  51. edit = yes
  52. case -l
  53. load = yes
  54. case *
  55. echo >[2=1] 'usage: ipso [-a -f -e -l] [-s] [file ...]'
  56. exit usage
  57. }
  58. shift
  59. }
  60. if(~ $flush no && ~ $edit no && ~ $load no){
  61. load = yes
  62. edit = yes
  63. flush = yes
  64. }
  65. if(~ $flush yes && ~ $edit no && ~ $load no){
  66. echo flushing old keys
  67. echo delkey > /mnt/factotum/ctl
  68. exit 0
  69. }
  70. if(~ $get aesget && ~ $#* 0){
  71. echo >[2=1] ipso: must specify a fully qualified file name for aescbc '(-a)'
  72. exit usage
  73. }
  74. rfork ne
  75. ramfs -p >[2] /dev/null # silence 'i/o on hungup channel' message at exit
  76. unmount /mnt/plumb
  77. bind -c /tmp /srv
  78. cd /tmp
  79. if ( ~ $edit yes ) echo '
  80. Warning: The editor will display the secret contents of
  81. your '$name' files in the clear.
  82. '
  83. # get password and remember it
  84. {
  85. echo rawon
  86. echo -n $name password: >/dev/cons
  87. read > _password
  88. echo > /dev/cons
  89. }</dev/cons > /dev/consctl
  90. # get list of files
  91. if(~ $#* 0){
  92. if(! auth/secstore -G . -i < _password > _listing){
  93. echo 'secstore read failed - bad password?'
  94. sleep 2
  95. exit password
  96. }
  97. files=`{sed 's/[ ]+.*//' _listing}
  98. }
  99. if not
  100. files = $*
  101. # copy the files to local ramfs
  102. for(i in $files){
  103. if(! $get $i){
  104. echo $name ' read failed - bad password?'
  105. sleep 2
  106. exit password
  107. }
  108. }
  109. sleep 2; date > _timestamp # so we can find which files have been edited.
  110. # edit the files
  111. if(~ $edit yes) $editor `{for(i in $files) basename $i}
  112. if(~ $flush yes ){
  113. echo flushing old keys
  114. echo delkey > /mnt/factotum/ctl
  115. }
  116. if(~ $load yes){
  117. echo loading factotum keys
  118. if (~ factotum $files) read -m < factotum > /mnt/factotum/ctl
  119. }
  120. # copy the files back
  121. for(i in `{editedfiles}){
  122. echo -n copy ''''`{basename $i}^'''' back?' [y/n/x]'
  123. switch(`{read}){
  124. case [yY]*
  125. if(! $put $i){
  126. echo $name ' read failed - bad password?'
  127. sleep 2
  128. exit password
  129. }
  130. echo ''''$i'''' copied to $name
  131. if(~ $i factotum)
  132. read -m < $i > /mnt/factotum/ctl
  133. case [xXqQ]*
  134. exit
  135. case [nN]* *
  136. echo ''''$i'''' skipped
  137. }
  138. }
  139. exit ''