Subversion Repositories planix.SVN

Rev

Rev 2 | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
2 - 1 
#!/bin/rc
2 
# ipso - edit secstore files, reload factotum keys
3 
if(! ~ $service terminal &&
4 
    ! ~ $user `{ ls -ld /mnt/factotum/ctl | awk '{print $4}' }){
5 
	echo >[1=2] ipso should be run only on the terminal
6 
	exit terminal
7 
}
8 
 
9 
rfork e
10 
path=(/bin)
11 
home=(/tmp)
12 
editor = (acme -c1)
13 
name = secstore
14 
get = secstoreget
15 
put = secstoreput
16 
edit = no
17 
load = no
18 
flush = no
19 
 
20 
fn secstoreget{
21 
	auth/secstore -i -g $1 <_password
22 
}
23 
 
24 
fn secstoreput{
25 
	auth/secstore -i -p $1 <_password
26 
}
27 
 
28 
fn aesget{
29 
	if(! ~ $1 /*){
30 
		echo >[1=2] ipso: aescbc requires fully qualified pathname
31 
		exit usage
32 
	}
33 
	auth/aescbc -i -d < $1 > `{basename $1} <[3] _password
34 
}
35 
 
36 
fn aesput{
37 
	auth/aescbc -i -e > $1 < `{basename $1} <[3] _password
38 
}
39 
 
40 
fn editedfiles{
41 
	if(~ $get aesget){
42 
		for(i in $files)
43 
			if(ls -tr | sed '1,/^_timestamp$/d' | grep -s '^'^`{basename $i}^'$')
44 
				echo $i
45 
	}
46 
	if not
47 
		ls -tr | sed '1,/^_timestamp$/d'
48 
}
49 
 
50 
edexp=`{grep '^editor=' /mnt/plumb/rules >[2]/dev/null}
51 
if(~ $#edexp 1)
52 
	eval $edexp
53 
 
54 
while(~ $1 -*){
55 
	switch($1){
56 
	case -s
57 
		editor = sam
58 
	case -a
59 
		name = aescbc
60 
		get = aesget
61 
		put = aesput
62 
	case -f
63 
		flush = yes
64 
	case -e
65 
		edit = yes
66 
	case -l
67 
		load = yes
68 
	case *
69 
		echo >[2=1] 'usage: ipso [-a -f -e -l] [-s] [file ...]'
70 
		exit usage
71 
	}
72 
	shift
73 
}
74 
 
75 
if(~ $flush no && ~ $edit no && ~ $load no){
76 
	load = yes
77 
	edit = yes
78 
	flush = yes
79 
}
80 
 
81 
if(~ $flush yes && ~ $edit no && ~ $load no){
82 
	echo flushing old keys
83 
	echo delkey > /mnt/factotum/ctl
84 
	exit 0
85 
}
86 
 
87 
if(~ $get aesget && ~ $#* 0){
88 
	echo >[2=1] ipso: must specify a fully qualified file name for aescbc '(-a)'
89 
	exit usage
90 
}
91 
 
92 
rfork ne
93 
ramfs -p >[2] /dev/null # silence 'i/o on hungup channel' message at exit
94 
unmount /mnt/plumb
95 
bind -c /tmp /srv
96 
builtin cd /tmp
97 
 
98 
if ( ~ $edit yes ) echo '
99 
	Warning: The editor will display the secret contents of
100 
	your '$name' files in the clear.
101 
'
102 
# get password and remember it
103 
{
104 
	echo rawon
105 
	echo -n $name password: >/dev/cons
106 
	read > _password
107 
	echo > /dev/cons
108 
}</dev/cons > /dev/consctl
109 
 
110 
# get list of files
111 
if(~ $#* 0){
112 
	if(! auth/secstore -G . -i < _password > _listing){
113 
		echo 'secstore read failed - bad password?'
114 
		sleep 2
115 
		exit password
116 
	}
117 
	files=`{sed 's/[ 	]+.*//' _listing}
118 
}
119 
if not
120 
	files = $*
121 
 
122 
# copy the files to local ramfs
123 
for(i in $files){
124 
	if(! $get $i){
125 
		echo $name ' read failed - bad password?'
126 
		sleep 2
127 
		exit password
128 
	}
129 
}
130 
sleep 2; date > _timestamp	# so we can find which files have been edited.
131 
 
132 
# edit the files
133 
if(~ $edit yes) $editor `{for(i in $files) basename $i}
134 
if(~ factotum $files){
135 
	if(~ $flush yes){
136 
		echo flushing old keys
137 
		echo delkey > /mnt/factotum/ctl
138 
	}
139 
	if(~ $load yes){
140 
		echo loading factotum keys
141 
		read -m < factotum > /mnt/factotum/ctl
142 
	}
143 
}
144 
 
145 
# copy the files back
146 
for(i in `{editedfiles}){
147 
	echo -n copy ''''`{basename $i}^'''' back?' [y/n/x]'
148 
	switch(`{read}){
149 
	case [yY]*
150 
		if(! $put $i){
151 
			echo $name ' read failed - bad password?'
152 
			sleep 2
153 
			exit password
154 
		}
155 
		echo ''''$i'''' copied to $name
156 
	case [xXqQ]*
157 
		exit
158 
	case [nN]* *
159 
		echo ''''$i'''' skipped
160 
	}
161 
}
162 
 
163 
exit ''