1 #!/usr/local/plan9/bin/rc
2 
3 . 9.rc
4 name = secstore
5 get = secstoreget
6 put = secstoreput
7 edit = no
8 load = no
9 flush = no
10 
11 fn secstoreget{
12 	secstore -i -g $1 <_password
13 }
14 
15 fn secstoreput{
16 	secstore -i -p $1 <_password
17 }
18 
19 fn aesget{
20 	if(! ~ $1 /*){
21 		echo >[1=2] ipso: aescbc requires fully qualified pathname
22 		exit usage
23 	}
24 	aescbc -i -d < $1 > `{basename $1} <[3] _password
25 }
26 
27 fn aesput{
28 	aescbc -i -e > $1 < `{basename $1} <[3] _password
29 }
30 
31 fn editedfiles{
32 	if(~ $get aesget){
33 		for(i in $files)
34 			if(ls -tr | sed '1,/^_timestamp$/d' | grep -s '^'^`{basename $i}^'$')
35 				echo $i
36 	}
37 	if not
38 		ls -tr | sed '1,/^_timestamp$/d'
39 }
40 
41 while(~ $1 -*){
42 	switch($1){
43 	case -a
44 		name = aescbc
45 		get = aesget
46 		put = aesput
47 	case -f
48 		flush = yes
49 	case -e
50 		edit = yes
51 	case -l
52 		load = yes
53 	case *
54 		echo >[2=1] 'usage: ipso [-a -f -e -l] [-s] [file ...]'
55 		exit usage
56 	}
57 	shift
58 }
59 
60 if(~ $flush no && ~ $edit no && ~ $load no){
61 	load = yes
62 	edit = yes
63 	flush = yes
64 }
65 
66 if(~ $flush yes && ~ $edit no && ~ $load no){
67 	echo flushing old keys
68 	echo delkey | 9p write factotum/ctl
69 	exit 0
70 }
71 
72 if(~ $get aesget && ~ $#* 0){
73 	echo >[2=1] ipso: must specify a fully qualified file name for aescbc '(-a)'
74 	exit usage
75 }
76 
77 user=`{whoami}
78 cd /tmp || exit $status
79 tmp=`{df | awk '$1=="tmpfs" {print $NF}'}
80 if(! ~ $#tmp 0)
81 	cd $tmp(1) || exit $status
82 mkdir -p ipso.$user
83 chmod 700 ipso.$user || exit $status
84 cd ipso.$user
85 dir=`{pwd}
86 dir=$"dir
87 
88 fn sigexit {
89 	rm -rf $dir
90 }
91 
92 if ( ~ $edit yes ) echo '
93 	Warning: The editor will display the secret contents of
94 	your '$name' files in the clear, and they will
95 	be stored temporarily in '^$dir^'
96 	in the clear, along with your password.
97 '
98 
99 # get password and remember it
100 readcons -s $name^' password' >_password
101 
102 # get list of files
103 if(~ $#* 0){
104 	if(! secstore -G . -i < _password > _listing){
105 		echo 'secstore read failed - bad password?'
106 		sleep 2
107 		exit password
108 	}
109 	files=`{sed 's/[ 	]+.*//' _listing}
110 }
111 if not
112 	files = $*
113 
114 # copy the files to local ramfs
115 for(i in $files){
116 	if(! $get $i){
117 		echo $name ' read failed - bad password?'
118 		sleep 2
119 		exit password
120 	}
121 }
122 sleep 2; date > _timestamp	# so we can find which files have been edited.
123 
124 # edit the files
125 if(~ $edit yes){
126 	B `{for(i in $files) basename $i}
127 	readcons 'type enter when finished editing' >/dev/null
128 }
129 if(~ $flush yes ){
130 	echo flushing old keys
131 	echo delkey | 9p write factotum/ctl
132 }
133 if(~ $load yes){
134 	echo loading factotum keys
135 	if (~ factotum $files) cat factotum | 9p write -l factotum/ctl
136 }
137 
138 # copy the files back
139 for(i in `{editedfiles}){
140 	prompt='copy '''^`{basename $i}^''' back? [y/n/x]'
141 	switch(`{readcons $prompt}){
142 	case [yY]*
143 		if(! $put $i){
144 			echo $name ' read failed - bad password?'
145 			sleep 2
146 			exit password
147 		}
148 		echo ''''$i'''' copied to $name
149 		if(~ $i factotum && ! ~ $load yes){	# do not do it twice
150 			cat $i | 9p write -l factotum/ctl
151 		}
152 	case [xXqQ]*
153 		exit
154 	case [nN]* *
155 		echo ''''$i'''' skipped
156 	}
157 }
158 
159 exit ''