xref: /plan9/rc/bin/ipso (revision 6f8e93f6894df6375fc490745e7cb8df51855166) 
1d9306527SDavid du Colombier#!/bin/rc
2ac84fd08SDavid du Colombier# ipso - edit secstore files, reload factotum keys
3ac84fd08SDavid du Colombierif(! ~ $service terminal &&
4ac84fd08SDavid du Colombier    ! ~ $user `{ ls -ld /mnt/factotum/ctl | awk '{print $4}' }){
5d9306527SDavid du Colombier	echo >[1=2] ipso should be run only on the terminal
6d9306527SDavid du Colombier	exit terminal
7d9306527SDavid du Colombier}
8d9306527SDavid du Colombier
9ac84fd08SDavid du Colombierrfork e
10d9306527SDavid du Colombierpath=(/bin)
11d9306527SDavid du Colombierhome=(/tmp)
12d9306527SDavid du Colombiereditor = (acme -c1)
13d9306527SDavid du Colombiername = secstore
14d9306527SDavid du Colombierget = secstoreget
15d9306527SDavid du Colombierput = secstoreput
16b7327ca2SDavid du Colombieredit = no
17b7327ca2SDavid du Colombierload = no
18b7327ca2SDavid du Colombierflush = no
19d9306527SDavid du Colombier
20d9306527SDavid du Colombierfn secstoreget{
21d9306527SDavid du Colombier	auth/secstore -i -g $1 <_password
22d9306527SDavid du Colombier}
23d9306527SDavid du Colombier
24d9306527SDavid du Colombierfn secstoreput{
25d9306527SDavid du Colombier	auth/secstore -i -p $1 <_password
26d9306527SDavid du Colombier}
27d9306527SDavid du Colombier
28d9306527SDavid du Colombierfn aesget{
29d9306527SDavid du Colombier	if(! ~ $1 /*){
30d9306527SDavid du Colombier		echo >[1=2] ipso: aescbc requires fully qualified pathname
31d9306527SDavid du Colombier		exit usage
32d9306527SDavid du Colombier	}
33d9306527SDavid du Colombier	auth/aescbc -i -d < $1 > `{basename $1} <[3] _password
34d9306527SDavid du Colombier}
35d9306527SDavid du Colombier
36d9306527SDavid du Colombierfn aesput{
37d9306527SDavid du Colombier	auth/aescbc -i -e > $1 < `{basename $1} <[3] _password
38d9306527SDavid du Colombier}
39d9306527SDavid du Colombier
40d9306527SDavid du Colombierfn editedfiles{
41d9306527SDavid du Colombier	if(~ $get aesget){
42d9306527SDavid du Colombier		for(i in $files)
43d9306527SDavid du Colombier			if(ls -tr | sed '1,/^_timestamp$/d' | grep -s '^'^`{basename $i}^'$')
44d9306527SDavid du Colombier				echo $i
45d9306527SDavid du Colombier	}
46d9306527SDavid du Colombier	if not
47d9306527SDavid du Colombier		ls -tr | sed '1,/^_timestamp$/d'
48d9306527SDavid du Colombier}
49d9306527SDavid du Colombier
50ac84fd08SDavid du Colombieredexp=`{grep '^editor=' /mnt/plumb/rules >[2]/dev/null}
51ac84fd08SDavid du Colombierif(~ $#edexp 1)
52ac84fd08SDavid du Colombier	eval $edexp
53ac84fd08SDavid du Colombier
54d9306527SDavid du Colombierwhile(~ $1 -*){
55d9306527SDavid du Colombier	switch($1){
56d9306527SDavid du Colombier	case -s
57d9306527SDavid du Colombier		editor = sam
58d9306527SDavid du Colombier	case -a
59d9306527SDavid du Colombier		name = aescbc
60d9306527SDavid du Colombier		get = aesget
61d9306527SDavid du Colombier		put = aesput
62b7327ca2SDavid du Colombier	case -f
63b7327ca2SDavid du Colombier		flush = yes
64b7327ca2SDavid du Colombier	case -e
65b7327ca2SDavid du Colombier		edit = yes
66b7327ca2SDavid du Colombier	case -l
67b7327ca2SDavid du Colombier		load = yes
68d9306527SDavid du Colombier	case *
69b7327ca2SDavid du Colombier		echo >[2=1] 'usage: ipso [-a -f -e -l] [-s] [file ...]'
70d9306527SDavid du Colombier		exit usage
71d9306527SDavid du Colombier	}
72d9306527SDavid du Colombier	shift
73d9306527SDavid du Colombier}
74d9306527SDavid du Colombier
75b7327ca2SDavid du Colombierif(~ $flush no && ~ $edit no && ~ $load no){
76b7327ca2SDavid du Colombier	load = yes
77b7327ca2SDavid du Colombier	edit = yes
78b7327ca2SDavid du Colombier	flush = yes
79b7327ca2SDavid du Colombier}
80b7327ca2SDavid du Colombier
81b7327ca2SDavid du Colombierif(~ $flush yes && ~ $edit no && ~ $load no){
82b7327ca2SDavid du Colombier	echo flushing old keys
83b7327ca2SDavid du Colombier	echo delkey > /mnt/factotum/ctl
84b7327ca2SDavid du Colombier	exit 0
85b7327ca2SDavid du Colombier}
86b7327ca2SDavid du Colombier
87d9306527SDavid du Colombierif(~ $get aesget && ~ $#* 0){
88d9306527SDavid du Colombier	echo >[2=1] ipso: must specify a fully qualified file name for aescbc '(-a)'
89d9306527SDavid du Colombier	exit usage
90d9306527SDavid du Colombier}
91d9306527SDavid du Colombier
92d9306527SDavid du Colombierrfork ne
93d9306527SDavid du Colombierramfs -p >[2] /dev/null # silence 'i/o on hungup channel' message at exit
94d9306527SDavid du Colombierunmount /mnt/plumb
95d9306527SDavid du Colombierbind -c /tmp /srv
96d1da931cSDavid du Colombierbuiltin cd /tmp
97d9306527SDavid du Colombier
98b7327ca2SDavid du Colombierif ( ~ $edit yes ) echo '
99d9306527SDavid du Colombier	Warning: The editor will display the secret contents of
100d9306527SDavid du Colombier	your '$name' files in the clear.
101d9306527SDavid du Colombier'
102d9306527SDavid du Colombier# get password and remember it
103d9306527SDavid du Colombier{
104d9306527SDavid du Colombier	echo rawon
105d9306527SDavid du Colombier	echo -n $name password: >/dev/cons
106d9306527SDavid du Colombier	read > _password
107d9306527SDavid du Colombier	echo > /dev/cons
108d9306527SDavid du Colombier}</dev/cons > /dev/consctl
109d9306527SDavid du Colombier
110d9306527SDavid du Colombier# get list of files
111d9306527SDavid du Colombierif(~ $#* 0){
112d9306527SDavid du Colombier	if(! auth/secstore -G . -i < _password > _listing){
113d9306527SDavid du Colombier		echo 'secstore read failed - bad password?'
114d9306527SDavid du Colombier		sleep 2
115d9306527SDavid du Colombier		exit password
116d9306527SDavid du Colombier	}
117d9306527SDavid du Colombier	files=`{sed 's/[ 	]+.*//' _listing}
118d9306527SDavid du Colombier}
119d9306527SDavid du Colombierif not
120d9306527SDavid du Colombier	files = $*
121d9306527SDavid du Colombier
122d9306527SDavid du Colombier# copy the files to local ramfs
123d9306527SDavid du Colombierfor(i in $files){
124d9306527SDavid du Colombier	if(! $get $i){
125d9306527SDavid du Colombier		echo $name ' read failed - bad password?'
126d9306527SDavid du Colombier		sleep 2
127d9306527SDavid du Colombier		exit password
128d9306527SDavid du Colombier	}
129d9306527SDavid du Colombier}
130d9306527SDavid du Colombiersleep 2; date > _timestamp	# so we can find which files have been edited.
131d9306527SDavid du Colombier
132d9306527SDavid du Colombier# edit the files
133b7327ca2SDavid du Colombierif(~ $edit yes) $editor `{for(i in $files) basename $i}
134*6f8e93f6SDavid du Colombierif(~ factotum $files){
135b7327ca2SDavid du Colombier	if(~ $flush yes){
136b7327ca2SDavid du Colombier		echo flushing old keys
137b7327ca2SDavid du Colombier		echo delkey > /mnt/factotum/ctl
138b7327ca2SDavid du Colombier	}
139b7327ca2SDavid du Colombier	if(~ $load yes){
140b7327ca2SDavid du Colombier		echo loading factotum keys
141*6f8e93f6SDavid du Colombier		read -m < factotum > /mnt/factotum/ctl
142*6f8e93f6SDavid du Colombier	}
143b7327ca2SDavid du Colombier}
144d9306527SDavid du Colombier
145d9306527SDavid du Colombier# copy the files back
146d9306527SDavid du Colombierfor(i in `{editedfiles}){
147d9306527SDavid du Colombier	echo -n copy ''''`{basename $i}^'''' back?' [y/n/x]'
148d9306527SDavid du Colombier	switch(`{read}){
149d9306527SDavid du Colombier	case [yY]*
150d9306527SDavid du Colombier		if(! $put $i){
151d9306527SDavid du Colombier			echo $name ' read failed - bad password?'
152d9306527SDavid du Colombier			sleep 2
153d9306527SDavid du Colombier			exit password
154d9306527SDavid du Colombier		}
155d9306527SDavid du Colombier		echo ''''$i'''' copied to $name
156d9306527SDavid du Colombier	case [xXqQ]*
157d9306527SDavid du Colombier		exit
158d9306527SDavid du Colombier	case [nN]* *
159d9306527SDavid du Colombier		echo ''''$i'''' skipped
160d9306527SDavid du Colombier	}
161d9306527SDavid du Colombier}
162d9306527SDavid du Colombier
163d9306527SDavid du Colombierexit ''
164