ipso 3.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163
  1. #!/bin/rc
  2. # ipso - edit secstore files, reload factotum keys
  3. if(! ~ $service terminal &&
  4. ! ~ $user `{ ls -ld /mnt/factotum/ctl | awk '{print $4}' }){
  5. echo >[1=2] ipso should be run only on the terminal
  6. exit terminal
  7. }
  8. rfork e
  9. path=(/bin)
  10. home=(/tmp)
  11. editor = (acme -c1)
  12. name = secstore
  13. get = secstoreget
  14. put = secstoreput
  15. edit = no
  16. load = no
  17. flush = no
  18. fn secstoreget{
  19. auth/secstore -i -g $1 <_password
  20. }
  21. fn secstoreput{
  22. auth/secstore -i -p $1 <_password
  23. }
  24. fn aesget{
  25. if(! ~ $1 /*){
  26. echo >[1=2] ipso: aescbc requires fully qualified pathname
  27. exit usage
  28. }
  29. auth/aescbc -i -d < $1 > `{basename $1} <[3] _password
  30. }
  31. fn aesput{
  32. auth/aescbc -i -e > $1 < `{basename $1} <[3] _password
  33. }
  34. fn editedfiles{
  35. if(~ $get aesget){
  36. for(i in $files)
  37. if(ls -tr | sed '1,/^_timestamp$/d' | grep -s '^'^`{basename $i}^'$')
  38. echo $i
  39. }
  40. if not
  41. ls -tr | sed '1,/^_timestamp$/d'
  42. }
  43. edexp=`{grep '^editor=' /mnt/plumb/rules >[2]/dev/null}
  44. if(~ $#edexp 1)
  45. eval $edexp
  46. while(~ $1 -*){
  47. switch($1){
  48. case -s
  49. editor = sam
  50. case -a
  51. name = aescbc
  52. get = aesget
  53. put = aesput
  54. case -f
  55. flush = yes
  56. case -e
  57. edit = yes
  58. case -l
  59. load = yes
  60. case *
  61. echo >[2=1] 'usage: ipso [-a -f -e -l] [-s] [file ...]'
  62. exit usage
  63. }
  64. shift
  65. }
  66. if(~ $flush no && ~ $edit no && ~ $load no){
  67. load = yes
  68. edit = yes
  69. flush = yes
  70. }
  71. if(~ $flush yes && ~ $edit no && ~ $load no){
  72. echo flushing old keys
  73. echo delkey > /mnt/factotum/ctl
  74. exit 0
  75. }
  76. if(~ $get aesget && ~ $#* 0){
  77. echo >[2=1] ipso: must specify a fully qualified file name for aescbc '(-a)'
  78. exit usage
  79. }
  80. rfork ne
  81. ramfs -p >[2] /dev/null # silence 'i/o on hungup channel' message at exit
  82. unmount /mnt/plumb
  83. bind -c /tmp /srv
  84. cd /tmp
  85. if ( ~ $edit yes ) echo '
  86. Warning: The editor will display the secret contents of
  87. your '$name' files in the clear.
  88. '
  89. # get password and remember it
  90. {
  91. echo rawon
  92. echo -n $name password: >/dev/cons
  93. read > _password
  94. echo > /dev/cons
  95. }</dev/cons > /dev/consctl
  96. # get list of files
  97. if(~ $#* 0){
  98. if(! auth/secstore -G . -i < _password > _listing){
  99. echo 'secstore read failed - bad password?'
  100. sleep 2
  101. exit password
  102. }
  103. files=`{sed 's/[ ]+.*//' _listing}
  104. }
  105. if not
  106. files = $*
  107. # copy the files to local ramfs
  108. for(i in $files){
  109. if(! $get $i){
  110. echo $name ' read failed - bad password?'
  111. sleep 2
  112. exit password
  113. }
  114. }
  115. sleep 2; date > _timestamp # so we can find which files have been edited.
  116. # edit the files
  117. if(~ $edit yes) $editor `{for(i in $files) basename $i}
  118. if(~ $flush yes ){
  119. echo flushing old keys
  120. echo delkey > /mnt/factotum/ctl
  121. }
  122. if(~ $load yes){
  123. echo loading factotum keys
  124. if (~ factotum $files) read -m < factotum > /mnt/factotum/ctl
  125. }
  126. # copy the files back
  127. for(i in `{editedfiles}){
  128. echo -n copy ''''`{basename $i}^'''' back?' [y/n/x]'
  129. switch(`{read}){
  130. case [yY]*
  131. if(! $put $i){
  132. echo $name ' read failed - bad password?'
  133. sleep 2
  134. exit password
  135. }
  136. echo ''''$i'''' copied to $name
  137. if(~ $i factotum)
  138. read -m < $i > /mnt/factotum/ctl
  139. case [xXqQ]*
  140. exit
  141. case [nN]* *
  142. echo ''''$i'''' skipped
  143. }
  144. }
  145. exit ''