123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157 |
- #!/bin/rc
- if(! ~ $service terminal){
- echo >[1=2] ipso should be run only on the terminal
- exit terminal
- }
- path=(/bin)
- home=(/tmp)
- editor = (acme -c1)
- name = secstore
- get = secstoreget
- put = secstoreput
- edit = no
- load = no
- flush = no
- fn secstoreget{
- auth/secstore -i -g $1 <_password
- }
- fn secstoreput{
- auth/secstore -i -p $1 <_password
- }
- fn aesget{
- if(! ~ $1 /*){
- echo >[1=2] ipso: aescbc requires fully qualified pathname
- exit usage
- }
- auth/aescbc -i -d < $1 > `{basename $1} <[3] _password
- }
- fn aesput{
- auth/aescbc -i -e > $1 < `{basename $1} <[3] _password
- }
- fn editedfiles{
- if(~ $get aesget){
- for(i in $files)
- if(ls -tr | sed '1,/^_timestamp$/d' | grep -s '^'^`{basename $i}^'$')
- echo $i
- }
- if not
- ls -tr | sed '1,/^_timestamp$/d'
- }
- while(~ $1 -*){
- switch($1){
- case -s
- editor = sam
- case -a
- name = aescbc
- get = aesget
- put = aesput
- case -f
- flush = yes
- case -e
- edit = yes
- case -l
- load = yes
- case *
- echo >[2=1] 'usage: ipso [-a -f -e -l] [-s] [file ...]'
- exit usage
- }
- shift
- }
- if(~ $flush no && ~ $edit no && ~ $load no){
- load = yes
- edit = yes
- flush = yes
- }
- if(~ $flush yes && ~ $edit no && ~ $load no){
- echo flushing old keys
- echo delkey > /mnt/factotum/ctl
- exit 0
- }
- if(~ $get aesget && ~ $#* 0){
- echo >[2=1] ipso: must specify a fully qualified file name for aescbc '(-a)'
- exit usage
- }
- rfork ne
- ramfs -p >[2] /dev/null # silence 'i/o on hungup channel' message at exit
- unmount /mnt/plumb
- bind -c /tmp /srv
- cd /tmp
- if ( ~ $edit yes ) echo '
- Warning: The editor will display the secret contents of
- your '$name' files in the clear.
- '
- # get password and remember it
- {
- echo rawon
- echo -n $name password: >/dev/cons
- read > _password
- echo > /dev/cons
- }</dev/cons > /dev/consctl
- # get list of files
- if(~ $#* 0){
- if(! auth/secstore -G . -i < _password > _listing){
- echo 'secstore read failed - bad password?'
- sleep 2
- exit password
- }
- files=`{sed 's/[ ]+.*//' _listing}
- }
- if not
- files = $*
- # copy the files to local ramfs
- for(i in $files){
- if(! $get $i){
- echo $name ' read failed - bad password?'
- sleep 2
- exit password
- }
- }
- sleep 2; date > _timestamp # so we can find which files have been edited.
- # edit the files
- if(~ $edit yes) $editor `{for(i in $files) basename $i}
- if(~ $flush yes ){
- echo flushing old keys
- echo delkey > /mnt/factotum/ctl
- }
- if(~ $load yes){
- echo loading factotum keys
- if (~ factotum $files) read -m < factotum > /mnt/factotum/ctl
- }
- # copy the files back
- for(i in `{editedfiles}){
- echo -n copy ''''`{basename $i}^'''' back?' [y/n/x]'
- switch(`{read}){
- case [yY]*
- if(! $put $i){
- echo $name ' read failed - bad password?'
- sleep 2
- exit password
- }
- echo ''''$i'''' copied to $name
- if(~ $i factotum)
- read -m < $i > /mnt/factotum/ctl
- case [xXqQ]*
- exit
- case [nN]* *
- echo ''''$i'''' skipped
- }
- }
- exit ''
|