164 lines
3.0 KiB
Plaintext
164 lines
3.0 KiB
Plaintext
|
#!/bin/rc
|
||
|
# ipso - edit secstore files, reload factotum keys
|
||
|
if(! ~ $service terminal &&
|
||
|
! ~ $user `{ ls -ld /mnt/factotum/ctl | awk '{print $4}' }){
|
||
|
echo >[1=2] ipso should be run only on the terminal
|
||
|
exit terminal
|
||
|
}
|
||
|
|
||
|
rfork e
|
||
|
path=(/bin)
|
||
|
home=(/tmp)
|
||
|
editor = (acme -c1)
|
||
|
name = secstore
|
||
|
get = secstoreget
|
||
|
put = secstoreput
|
||
|
edit = no
|
||
|
load = no
|
||
|
flush = no
|
||
|
|
||
|
fn secstoreget{
|
||
|
auth/secstore -i -g $1 <_password
|
||
|
}
|
||
|
|
||
|
fn secstoreput{
|
||
|
auth/secstore -i -p $1 <_password
|
||
|
}
|
||
|
|
||
|
fn aesget{
|
||
|
if(! ~ $1 /*){
|
||
|
echo >[1=2] ipso: aescbc requires fully qualified pathname
|
||
|
exit usage
|
||
|
}
|
||
|
auth/aescbc -i -d < $1 > `{basename $1} <[3] _password
|
||
|
}
|
||
|
|
||
|
fn aesput{
|
||
|
auth/aescbc -i -e > $1 < `{basename $1} <[3] _password
|
||
|
}
|
||
|
|
||
|
fn editedfiles{
|
||
|
if(~ $get aesget){
|
||
|
for(i in $files)
|
||
|
if(ls -tr | sed '1,/^_timestamp$/d' | grep -s '^'^`{basename $i}^'$')
|
||
|
echo $i
|
||
|
}
|
||
|
if not
|
||
|
ls -tr | sed '1,/^_timestamp$/d'
|
||
|
}
|
||
|
|
||
|
edexp=`{grep '^editor=' /mnt/plumb/rules >[2]/dev/null}
|
||
|
if(~ $#edexp 1)
|
||
|
eval $edexp
|
||
|
|
||
|
while(~ $1 -*){
|
||
|
switch($1){
|
||
|
case -s
|
||
|
editor = sam
|
||
|
case -a
|
||
|
name = aescbc
|
||
|
get = aesget
|
||
|
put = aesput
|
||
|
case -f
|
||
|
flush = yes
|
||
|
case -e
|
||
|
edit = yes
|
||
|
case -l
|
||
|
load = yes
|
||
|
case *
|
||
|
echo >[2=1] 'usage: ipso [-a -f -e -l] [-s] [file ...]'
|
||
|
exit usage
|
||
|
}
|
||
|
shift
|
||
|
}
|
||
|
|
||
|
if(~ $flush no && ~ $edit no && ~ $load no){
|
||
|
load = yes
|
||
|
edit = yes
|
||
|
flush = yes
|
||
|
}
|
||
|
|
||
|
if(~ $flush yes && ~ $edit no && ~ $load no){
|
||
|
echo flushing old keys
|
||
|
echo delkey > /mnt/factotum/ctl
|
||
|
exit 0
|
||
|
}
|
||
|
|
||
|
if(~ $get aesget && ~ $#* 0){
|
||
|
echo >[2=1] ipso: must specify a fully qualified file name for aescbc '(-a)'
|
||
|
exit usage
|
||
|
}
|
||
|
|
||
|
rfork ne
|
||
|
ramfs -p >[2] /dev/null # silence 'i/o on hungup channel' message at exit
|
||
|
unmount /mnt/plumb
|
||
|
bind -c /tmp /srv
|
||
|
builtin cd /tmp
|
||
|
|
||
|
if ( ~ $edit yes ) echo '
|
||
|
Warning: The editor will display the secret contents of
|
||
|
your '$name' files in the clear.
|
||
|
'
|
||
|
# get password and remember it
|
||
|
{
|
||
|
echo rawon
|
||
|
echo -n $name password: >/dev/cons
|
||
|
read > _password
|
||
|
echo > /dev/cons
|
||
|
}</dev/cons > /dev/consctl
|
||
|
|
||
|
# get list of files
|
||
|
if(~ $#* 0){
|
||
|
if(! auth/secstore -G . -i < _password > _listing){
|
||
|
echo 'secstore read failed - bad password?'
|
||
|
sleep 2
|
||
|
exit password
|
||
|
}
|
||
|
files=`{sed 's/[ ]+.*//' _listing}
|
||
|
}
|
||
|
if not
|
||
|
files = $*
|
||
|
|
||
|
# copy the files to local ramfs
|
||
|
for(i in $files){
|
||
|
if(! $get $i){
|
||
|
echo $name ' read failed - bad password?'
|
||
|
sleep 2
|
||
|
exit password
|
||
|
}
|
||
|
}
|
||
|
sleep 2; date > _timestamp # so we can find which files have been edited.
|
||
|
|
||
|
# edit the files
|
||
|
if(~ $edit yes) $editor `{for(i in $files) basename $i}
|
||
|
if(~ $flush yes ){
|
||
|
echo flushing old keys
|
||
|
echo delkey > /mnt/factotum/ctl
|
||
|
}
|
||
|
if(~ $load yes){
|
||
|
echo loading factotum keys
|
||
|
if (~ factotum $files) read -m < factotum > /mnt/factotum/ctl
|
||
|
}
|
||
|
|
||
|
# copy the files back
|
||
|
for(i in `{editedfiles}){
|
||
|
echo -n copy ''''`{basename $i}^'''' back?' [y/n/x]'
|
||
|
switch(`{read}){
|
||
|
case [yY]*
|
||
|
if(! $put $i){
|
||
|
echo $name ' read failed - bad password?'
|
||
|
sleep 2
|
||
|
exit password
|
||
|
}
|
||
|
echo ''''$i'''' copied to $name
|
||
|
if(~ $i factotum)
|
||
|
read -m < $i > /mnt/factotum/ctl
|
||
|
case [xXqQ]*
|
||
|
exit
|
||
|
case [nN]* *
|
||
|
echo ''''$i'''' skipped
|
||
|
}
|
||
|
}
|
||
|
|
||
|
exit ''
|