1#!/bin/rc 2# ipso - edit secstore files, reload factotum keys 3if(! ~ $service terminal && 4 ! ~ $user `{ ls -ld /mnt/factotum/ctl | awk '{print $4}' }){ 5 echo >[1=2] ipso should be run only on the terminal 6 exit terminal 7} 8 9rfork e 10path=(/bin) 11home=(/tmp) 12editor = (acme -c1) 13name = secstore 14get = secstoreget 15put = secstoreput 16edit = no 17load = no 18flush = no 19 20fn secstoreget{ 21 auth/secstore -i -g $1 <_password 22} 23 24fn secstoreput{ 25 auth/secstore -i -p $1 <_password 26} 27 28fn aesget{ 29 if(! ~ $1 /*){ 30 echo >[1=2] ipso: aescbc requires fully qualified pathname 31 exit usage 32 } 33 auth/aescbc -i -d < $1 > `{basename $1} <[3] _password 34} 35 36fn aesput{ 37 auth/aescbc -i -e > $1 < `{basename $1} <[3] _password 38} 39 40fn editedfiles{ 41 if(~ $get aesget){ 42 for(i in $files) 43 if(ls -tr | sed '1,/^_timestamp$/d' | grep -s '^'^`{basename $i}^'$') 44 echo $i 45 } 46 if not 47 ls -tr | sed '1,/^_timestamp$/d' 48} 49 50edexp=`{grep '^editor=' /mnt/plumb/rules >[2]/dev/null} 51if(~ $#edexp 1) 52 eval $edexp 53 54while(~ $1 -*){ 55 switch($1){ 56 case -s 57 editor = sam 58 case -a 59 name = aescbc 60 get = aesget 61 put = aesput 62 case -f 63 flush = yes 64 case -e 65 edit = yes 66 case -l 67 load = yes 68 case * 69 echo >[2=1] 'usage: ipso [-a -f -e -l] [-s] [file ...]' 70 exit usage 71 } 72 shift 73} 74 75if(~ $flush no && ~ $edit no && ~ $load no){ 76 load = yes 77 edit = yes 78 flush = yes 79} 80 81if(~ $flush yes && ~ $edit no && ~ $load no){ 82 echo flushing old keys 83 echo delkey > /mnt/factotum/ctl 84 exit 0 85} 86 87if(~ $get aesget && ~ $#* 0){ 88 echo >[2=1] ipso: must specify a fully qualified file name for aescbc '(-a)' 89 exit usage 90} 91 92rfork ne 93ramfs -p >[2] /dev/null # silence 'i/o on hungup channel' message at exit 94unmount /mnt/plumb 95bind -c /tmp /srv 96builtin cd /tmp 97 98if ( ~ $edit yes ) echo ' 99 Warning: The editor will display the secret contents of 100 your '$name' files in the clear. 101' 102# get password and remember it 103{ 104 echo rawon 105 echo -n $name password: >/dev/cons 106 read > _password 107 echo > /dev/cons 108}</dev/cons > /dev/consctl 109 110# get list of files 111if(~ $#* 0){ 112 if(! auth/secstore -G . -i < _password > _listing){ 113 echo 'secstore read failed - bad password?' 114 sleep 2 115 exit password 116 } 117 files=`{sed 's/[ ]+.*//' _listing} 118} 119if not 120 files = $* 121 122# copy the files to local ramfs 123for(i in $files){ 124 if(! $get $i){ 125 echo $name ' read failed - bad password?' 126 sleep 2 127 exit password 128 } 129} 130sleep 2; date > _timestamp # so we can find which files have been edited. 131 132# edit the files 133if(~ $edit yes) $editor `{for(i in $files) basename $i} 134if(~ factotum $files){ 135 if(~ $flush yes){ 136 echo flushing old keys 137 echo delkey > /mnt/factotum/ctl 138 } 139 if(~ $load yes){ 140 echo loading factotum keys 141 read -m < factotum > /mnt/factotum/ctl 142 } 143} 144 145# copy the files back 146for(i in `{editedfiles}){ 147 echo -n copy ''''`{basename $i}^'''' back?' [y/n/x]' 148 switch(`{read}){ 149 case [yY]* 150 if(! $put $i){ 151 echo $name ' read failed - bad password?' 152 sleep 2 153 exit password 154 } 155 echo ''''$i'''' copied to $name 156 case [xXqQ]* 157 exit 158 case [nN]* * 159 echo ''''$i'''' skipped 160 } 161} 162 163exit '' 164