changelog shortlog tags branches changeset files revisions annotate raw help

Mercurial > hg > plan9front / rc/bin/ipso

changeset 7243: 34f64dcbbc25
parent: efddda59690a
author: cinap_lenrek@felloff.net
date: Fri, 17 May 2019 18:14:10 +0200
permissions: -rwxr-xr-x
description: 7l: don't hardcode 4k pagesize, use INITRND
1 #!/bin/rc
2 # ipso - edit secstore files, reload factotum keys
3 if(! ~ $service terminal &&
4  ! ~ $user `{ ls -ld /mnt/factotum/ctl | awk '{print $4}' }){
5  echo >[1=2] ipso should be run only on the terminal
6  exit terminal
7 }
8 
9 rfork e
10 path=(/bin)
11 home=(/tmp)
12 editor = (acme -c1)
13 name = secstore
14 get = secstoreget
15 put = secstoreput
16 edit = no
17 load = no
18 flush = no
19 
20 fn secstoreget{
21  auth/secstore -i -g $1 <_password
22 }
23 
24 fn secstoreput{
25  auth/secstore -i -p $1 <_password
26 }
27 
28 fn aesget{
29  if(! ~ $1 /*){
30  echo >[1=2] ipso: aescbc requires fully qualified pathname
31  exit usage
32  }
33  auth/aescbc -i -d < $1 > `{basename $1} <[3] _password
34 }
35 
36 fn aesput{
37  auth/aescbc -i -e > $1 < `{basename $1} <[3] _password
38 }
39 
40 fn editedfiles{
41  if(~ $get aesget){
42  for(i in $files)
43  if(ls -tr | sed '1,/^_timestamp$/d' | grep -s '^'^`{basename $i}^'$')
44  echo $i
45  }
46  if not
47  ls -tr | sed '1,/^_timestamp$/d'
48 }
49 
50 edexp=`{grep '^editor=' /mnt/plumb/rules >[2]/dev/null}
51 if(~ $#edexp 1)
52  eval $edexp
53 
54 while(~ $1 -*){
55  switch($1){
56  case -s
57  editor = sam
58  case -a
59  name = aescbc
60  get = aesget
61  put = aesput
62  case -f
63  flush = yes
64  case -e
65  edit = yes
66  case -l
67  load = yes
68  case *
69  echo >[2=1] 'usage: ipso [-a -f -e -l] [-s] [file ...]'
70  exit usage
71  }
72  shift
73 }
74 
75 if(~ $flush no && ~ $edit no && ~ $load no){
76  load = yes
77  edit = yes
78  flush = yes
79 }
80 
81 if(~ $flush yes && ~ $edit no && ~ $load no){
82  echo flushing old keys
83  echo delkey > /mnt/factotum/ctl
84  exit 0
85 }
86 
87 if(~ $get aesget && ~ $#* 0){
88  echo >[2=1] ipso: must specify a fully qualified file name for aescbc '(-a)'
89  exit usage
90 }
91 
92 rfork ne
93 ramfs -p >[2] /dev/null # silence 'i/o on hungup channel' message at exit
94 unmount /mnt/plumb
95 bind -c /tmp /srv
96 builtin cd /tmp
97 
98 if ( ~ $edit yes ) echo '
99  Warning: The editor will display the secret contents of
100  your '$name' files in the clear.
101 '
102 # get password and remember it
103 {
104  echo rawon
105  echo -n $name password: >/dev/cons
106  read > _password
107  echo > /dev/cons
108 }</dev/cons > /dev/consctl
109 
110 # get list of files
111 if(~ $#* 0){
112  if(! auth/secstore -G . -i < _password > _listing){
113  echo 'secstore read failed - bad password?'
114  sleep 2
115  exit password
116  }
117  files=`{sed 's/[ ]+.*//' _listing}
118 }
119 if not
120  files = $*
121 
122 # copy the files to local ramfs
123 for(i in $files){
124  if(! $get $i){
125  echo $name ' read failed - bad password?'
126  sleep 2
127  exit password
128  }
129 }
130 sleep 2; date > _timestamp # so we can find which files have been edited.
131 
132 # edit the files
133 if(~ $edit yes) $editor `{for(i in $files) basename $i}
134 if(~ $flush yes ){
135  echo flushing old keys
136  echo delkey > /mnt/factotum/ctl
137 }
138 if(~ $load yes){
139  echo loading factotum keys
140  if (~ factotum $files) read -m < factotum > /mnt/factotum/ctl
141 }
142 
143 # copy the files back
144 for(i in `{editedfiles}){
145  echo -n copy ''''`{basename $i}^'''' back?' [y/n/x]'
146  switch(`{read}){
147  case [yY]*
148  if(! $put $i){
149  echo $name ' read failed - bad password?'
150  sleep 2
151  exit password
152  }
153  echo ''''$i'''' copied to $name
154  if(~ $i factotum)
155  read -m < $i > /mnt/factotum/ctl
156  case [xXqQ]*
157  exit
158  case [nN]* *
159  echo ''''$i'''' skipped
160  }
161 }
162 
163 exit ''