bin/ipso - plan9 - Git at Google

 #!/usr/local/plan9/bin/rc

 . 9.rc
 name = secstore
 get = secstoreget
 put = secstoreput
 edit = no
 load = no
 flush = no

 fn secstoreget{
 	secstore -i -g $1 <_password
 }

 fn secstoreput{
 	secstore -i -p $1 <_password
 }

 fn aesget{
 	if(! ~ $1 /*){
 		echo >[1=2] ipso: aescbc requires fully qualified pathname
 		exit usage
 	}
 	aescbc -i -d < $1 > `{basename $1} <[3] _password
 }

 fn aesput{
 	aescbc -i -e > $1 < `{basename $1} <[3] _password
 }

 fn editedfiles{
 	if(~ $get aesget){
 		for(i in $files)
 			if(ls -tr | sed '1,/^_timestamp$/d' | grep -s '^'^`{basename $i}^'$')
 				echo $i
 	}
 	if not
 		ls -tr | sed '1,/^_timestamp$/d'
 }

 while(~ $1 -*){
 	switch($1){
 	case -a
 		name = aescbc
 		get = aesget
 		put = aesput
 	case -f
 		flush = yes
 	case -e
 		edit = yes
 	case -l
 		load = yes
 	case *
 		echo >[2=1] 'usage: ipso [-a -f -e -l] [-s] [file ...]'
 		exit usage
 	}
 	shift
 }

 if(~ $flush no && ~ $edit no && ~ $load no){
 	edit = yes
 	if(~ factotum $*){
 		load = yes
 		flush = yes
 	}
 }

 if(~ $flush yes && ~ $edit no && ~ $load no){
 	echo flushing old keys
 	echo delkey | 9p write factotum/ctl
 	exit 0
 }

 if(~ $get aesget && ~ $#* 0){
 	echo >[2=1] ipso: must specify a fully qualified file name for aescbc '(-a)'
 	exit usage
 }

 user=`{whoami}
 cd /tmp || exit $status
 tmp=`{df | grep -v /lib/init | awk '$1=="tmpfs" {print $NF}'}
 if(! ~ $#tmp 0)
 	cd $tmp(1) || exit $status
 mkdir -p ipso.$user
 chmod 700 ipso.$user || exit $status
 cd ipso.$user
 dir=`{pwd}
 dir=$"dir

 fn sigexit {
 	rm -rf $dir
 }

 if ( ~ $edit yes ) echo '
 	Warning: The editor will display the secret contents of
 	your '$name' files in the clear, and they will
 	be stored temporarily in '^$dir^'
 	in the clear, along with your password.
 '

 # get password and remember it
 readcons -s $name^' password' >_password

 # get list of files
 if(~ $#* 0){
 	if(! secstore -G . -i < _password > _listing){
 		echo 'secstore read failed - bad password?'
 		sleep 2
 		exit password
 	}
 	files=`{sed 's/[ 	]+.*//' _listing}
 }
 if not
 	files = $*

 # copy the files to local ramfs
 for(i in $files){
 	if(! $get $i){
 		echo $name ' read failed - bad password?'
 		sleep 2
 		exit password
 	}
 }
 sleep 2; date > _timestamp	# so we can find which files have been edited.

 # edit the files
 if(~ $edit yes){
 	B `{for(i in $files) basename $i}
 	readcons 'type enter when finished editing' >/dev/null
 }
 if(~ $flush yes ){
 	echo flushing old keys
 	echo delkey | 9p write factotum/ctl
 }
 if(~ $load yes){
 	echo loading factotum keys
 	if (~ factotum $files) cat factotum | 9p write -l factotum/ctl
 }

 # copy the files back
 for(i in `{editedfiles}){
 	prompt='copy '''^`{basename $i}^''' back? [y/n/x]'
 	switch(`{readcons $prompt}){
 	case [yY]*
 		if(! $put $i){
 			echo $name ' read failed - bad password?'
 			sleep 2
 			exit password
 		}
 		echo ''''$i'''' copied to $name
 		if(~ $i factotum && ! ~ $load yes){	# do not do it twice
 			cat $i | 9p write -l factotum/ctl
 		}
 	case [xXqQ]*
 		exit
 	case [nN]* *
 		echo ''''$i'''' skipped
 	}
 }

 exit ''
	#!/usr/local/plan9/bin/rc

	. 9.rc
	name = secstore
	get = secstoreget
	put = secstoreput
	edit = no
	load = no
	flush = no

	fn secstoreget{
	secstore -i -g $1 <_password
	}

	fn secstoreput{
	secstore -i -p $1 <_password
	}

	fn aesget{
	if(! ~ $1 /*){
	echo >[1=2] ipso: aescbc requires fully qualified pathname
	exit usage
	}
	aescbc -i -d < $1 > `{basename $1} <[3] _password
	}

	fn aesput{
	aescbc -i -e > $1 < `{basename $1} <[3] _password
	}

	fn editedfiles{
	if(~ $get aesget){
	for(i in $files)
	if(ls -tr \| sed '1,/^_timestamp$/d' \| grep -s '^'^`{basename $i}^'$')
	echo $i
	}
	if not
	ls -tr \| sed '1,/^_timestamp$/d'
	}

	while(~ $1 -*){
	switch($1){
	case -a
	name = aescbc
	get = aesget
	put = aesput
	case -f
	flush = yes
	case -e
	edit = yes
	case -l
	load = yes
	case *
	echo >[2=1] 'usage: ipso [-a -f -e -l] [-s] [file ...]'
	exit usage
	}
	shift
	}

	if(~ $flush no && ~ $edit no && ~ $load no){
	edit = yes
	if(~ factotum $*){
	load = yes
	flush = yes
	}
	}

	if(~ $flush yes && ~ $edit no && ~ $load no){
	echo flushing old keys
	echo delkey \| 9p write factotum/ctl
	exit 0
	}

	if(~ $get aesget && ~ $#* 0){
	echo >[2=1] ipso: must specify a fully qualified file name for aescbc '(-a)'
	exit usage
	}

	user=`{whoami}
	cd /tmp \|\| exit $status
	tmp=`{df \| grep -v /lib/init \| awk '$1=="tmpfs" {print $NF}'}
	if(! ~ $#tmp 0)
	cd $tmp(1) \|\| exit $status
	mkdir -p ipso.$user
	chmod 700 ipso.$user \|\| exit $status
	cd ipso.$user
	dir=`{pwd}
	dir=$"dir

	fn sigexit {
	rm -rf $dir
	}

	if ( ~ $edit yes ) echo '
	Warning: The editor will display the secret contents of
	your '$name' files in the clear, and they will
	be stored temporarily in '^$dir^'
	in the clear, along with your password.
	'

	# get password and remember it
	readcons -s $name^' password' >_password

	# get list of files
	if(~ $#* 0){
	if(! secstore -G . -i < _password > _listing){
	echo 'secstore read failed - bad password?'
	sleep 2
	exit password
	}
	files=`{sed 's/[ ]+.*//' _listing}
	}
	if not
	files = $*

	# copy the files to local ramfs
	for(i in $files){
	if(! $get $i){
	echo $name ' read failed - bad password?'
	sleep 2
	exit password
	}
	}
	sleep 2; date > _timestamp # so we can find which files have been edited.

	# edit the files
	if(~ $edit yes){
	B `{for(i in $files) basename $i}
	readcons 'type enter when finished editing' >/dev/null
	}
	if(~ $flush yes ){
	echo flushing old keys
	echo delkey \| 9p write factotum/ctl
	}
	if(~ $load yes){
	echo loading factotum keys
	if (~ factotum $files) cat factotum \| 9p write -l factotum/ctl
	}

	# copy the files back
	for(i in `{editedfiles}){
	prompt='copy '''^`{basename $i}^''' back? [y/n/x]'
	switch(`{readcons $prompt}){
	case [yY]*
	if(! $put $i){
	echo $name ' read failed - bad password?'
	sleep 2
	exit password
	}
	echo ''''$i'''' copied to $name
	if(~ $i factotum && ! ~ $load yes){ # do not do it twice
	cat $i \| 9p write -l factotum/ctl
	}
	case [xXqQ]*
	exit
	case [nN]* *
	echo ''''$i'''' skipped
	}
	}

	exit ''