diff options
| author | Taru Karttunen <taruti@taruti.net> | 2011-03-30 17:14:36 +0300 |
|---|---|---|
| committer | Taru Karttunen <taruti@taruti.net> | 2011-03-30 17:14:36 +0300 |
| commit | 2959e1ede0ebc6fdffd7b8660f43c2ce14c9696f (patch) | |
| tree | f6343b1ce11a8c87251dd27cf3d3e26b50693fa7 /rc/bin/ipso | |
| parent | e463eb40363ff4c68b1d903f4e0cdd0ac1c5977f (diff) | |
Import sources from 2011-03-30 iso image - rc
Diffstat (limited to 'rc/bin/ipso')
| -rwxr-xr-x | rc/bin/ipso | 163 |
1 files changed, 163 insertions, 0 deletions
diff --git a/rc/bin/ipso b/rc/bin/ipso new file mode 100755 index 000000000..1f0344f66 --- /dev/null +++ b/rc/bin/ipso @@ -0,0 +1,163 @@ +#!/bin/rc +# ipso - edit secstore files, reload factotum keys +if(! ~ $service terminal && + ! ~ $user `{ ls -ld /mnt/factotum/ctl | awk '{print $4}' }){ + echo >[1=2] ipso should be run only on the terminal + exit terminal +} + +rfork e +path=(/bin) +home=(/tmp) +editor = (acme -c1) +name = secstore +get = secstoreget +put = secstoreput +edit = no +load = no +flush = no + +fn secstoreget{ + auth/secstore -i -g $1 <_password +} + +fn secstoreput{ + auth/secstore -i -p $1 <_password +} + +fn aesget{ + if(! ~ $1 /*){ + echo >[1=2] ipso: aescbc requires fully qualified pathname + exit usage + } + auth/aescbc -i -d < $1 > `{basename $1} <[3] _password +} + +fn aesput{ + auth/aescbc -i -e > $1 < `{basename $1} <[3] _password +} + +fn editedfiles{ + if(~ $get aesget){ + for(i in $files) + if(ls -tr | sed '1,/^_timestamp$/d' | grep -s '^'^`{basename $i}^'$') + echo $i + } + if not + ls -tr | sed '1,/^_timestamp$/d' +} + +edexp=`{grep '^editor=' /mnt/plumb/rules >[2]/dev/null} +if(~ $#edexp 1) + eval $edexp + +while(~ $1 -*){ + switch($1){ + case -s + editor = sam + case -a + name = aescbc + get = aesget + put = aesput + case -f + flush = yes + case -e + edit = yes + case -l + load = yes + case * + echo >[2=1] 'usage: ipso [-a -f -e -l] [-s] [file ...]' + exit usage + } + shift +} + +if(~ $flush no && ~ $edit no && ~ $load no){ + load = yes + edit = yes + flush = yes +} + +if(~ $flush yes && ~ $edit no && ~ $load no){ + echo flushing old keys + echo delkey > /mnt/factotum/ctl + exit 0 +} + +if(~ $get aesget && ~ $#* 0){ + echo >[2=1] ipso: must specify a fully qualified file name for aescbc '(-a)' + exit usage +} + +rfork ne +ramfs -p >[2] /dev/null # silence 'i/o on hungup channel' message at exit +unmount /mnt/plumb +bind -c /tmp /srv +builtin cd /tmp + +if ( ~ $edit yes ) echo ' + Warning: The editor will display the secret contents of + your '$name' files in the clear. +' +# get password and remember it +{ + echo rawon + echo -n $name password: >/dev/cons + read > _password + echo > /dev/cons +}</dev/cons > /dev/consctl + +# get list of files +if(~ $#* 0){ + if(! auth/secstore -G . -i < _password > _listing){ + echo 'secstore read failed - bad password?' + sleep 2 + exit password + } + files=`{sed 's/[ ]+.*//' _listing} +} +if not + files = $* + +# copy the files to local ramfs +for(i in $files){ + if(! $get $i){ + echo $name ' read failed - bad password?' + sleep 2 + exit password + } +} +sleep 2; date > _timestamp # so we can find which files have been edited. + +# edit the files +if(~ $edit yes) $editor `{for(i in $files) basename $i} +if(~ $flush yes ){ + echo flushing old keys + echo delkey > /mnt/factotum/ctl +} +if(~ $load yes){ + echo loading factotum keys + if (~ factotum $files) read -m < factotum > /mnt/factotum/ctl +} + +# copy the files back +for(i in `{editedfiles}){ + echo -n copy ''''`{basename $i}^'''' back?' [y/n/x]' + switch(`{read}){ + case [yY]* + if(! $put $i){ + echo $name ' read failed - bad password?' + sleep 2 + exit password + } + echo ''''$i'''' copied to $name + if(~ $i factotum) + read -m < $i > /mnt/factotum/ctl + case [xXqQ]* + exit + case [nN]* * + echo ''''$i'''' skipped + } +} + +exit '' |