diff options
| author | Todd C. Miller <millert@cvs.openbsd.org> | 1997-07-23 04:24:40 +0000 |
|---|---|---|
| committer | Todd C. Miller <millert@cvs.openbsd.org> | 1997-07-23 04:24:40 +0000 |
| commit | 8b848bfb395da1b8114a1ea4ec9c8fc9d90405ed (patch) | |
| tree | 25342e653888062c69b6e088859a8e706174f293 /usr.bin | |
| parent | b105fb056f12507b74149ded44622241ec68640c (diff) | |
Replace skeyaudit.sh with a setuid binary (necessary for mode 0600 skeykeys)
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/skey/Makefile | 6 | ||||
| -rw-r--r-- | usr.bin/skey/skeyaudit.1 | 29 | ||||
| -rw-r--r-- | usr.bin/skey/skeyaudit.sh | 50 | ||||
| -rw-r--r-- | usr.bin/skeyaudit/Makefile | 9 | ||||
| -rw-r--r-- | usr.bin/skeyaudit/skeyaudit.1 | 39 | ||||
| -rw-r--r-- | usr.bin/skeyaudit/skeyaudit.c | 113 |
6 files changed, 163 insertions, 83 deletions
diff --git a/usr.bin/skey/Makefile b/usr.bin/skey/Makefile index 2563fa06ba9..f3e871f5a06 100644 --- a/usr.bin/skey/Makefile +++ b/usr.bin/skey/Makefile @@ -1,7 +1,7 @@ -# $OpenBSD: Makefile,v 1.11 1997/07/23 04:10:50 millert Exp $ +# $OpenBSD: Makefile,v 1.12 1997/07/23 04:24:37 millert Exp $ PROG= skey -MAN= skey.1 skeyaudit.1 skeyprune.8 +MAN= skey.1 skeyprune.8 LINKS= ${BINDIR}/skey ${BINDIR}/otp-md4 \ ${BINDIR}/skey ${BINDIR}/otp-md5 \ ${BINDIR}/skey ${BINDIR}/otp-sha1 \ @@ -14,8 +14,6 @@ DPADD= ${LIBSKEY} LDADD= -lskey beforeinstall: - ${INSTALL} ${INSTALL_COPY} -m 755 ${.CURDIR}/skeyaudit.sh \ - ${DESTDIR}${BINDIR}/skeyaudit ${INSTALL} ${INSTALL_COPY} -m 755 ${.CURDIR}/skeyprune.pl \ ${DESTDIR}${BINDIR}/skeyprune diff --git a/usr.bin/skey/skeyaudit.1 b/usr.bin/skey/skeyaudit.1 deleted file mode 100644 index 99dc13cd121..00000000000 --- a/usr.bin/skey/skeyaudit.1 +++ /dev/null @@ -1,29 +0,0 @@ -.\" $OpenBSD: skeyaudit.1,v 1.3 1996/10/08 01:20:55 michaels Exp $ -.\" -.\" -.Dd 9 June 1994 -.Dt SKEYAUDIT 1 -.Os -.Sh NAME -.Nm skeyaudit -.Nd warn users if their S/Key will soon expire -.Sh SYNOPSIS -.Nm skeyaudit -.Op Ar limit -.Sh DESCRIPTION -.Nm skeyaudit -searches through the file -.Dq Pa /etc/skeykeys -for users whose S/Key sequence number is less than -.Ar limit , -and sends them a reminder to run -.Xr skeyinit 1 -soon. If no limit is specified a default of 12 is used. -.Sh FILES -.Bl -tag -width /etc/skeykeys -compact -.It Pa /etc/skeykeys -The S/Key key information database -.El -.Sh SEE ALSO -.Xr skeyinit 1 , -.Xr skey 1 diff --git a/usr.bin/skey/skeyaudit.sh b/usr.bin/skey/skeyaudit.sh deleted file mode 100644 index a20bf2ae9cf..00000000000 --- a/usr.bin/skey/skeyaudit.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/sh -# $OpenBSD: skeyaudit.sh,v 1.4 1996/09/29 04:46:18 millert Exp $ -# This script will look thru the skeykeys file for -# people with sequence numbers less then LOWLIMIT=12 -# and send them an e-mail reminder to use skeyinit soon -# - -AWK=/usr/bin/awk -GREP=/usr/bin/grep -ECHO=/bin/echo -KEYDB=/etc/skeykeys -LOWLIMIT=12 -ADMIN=root -SUBJECT="Reminder: Run skeyinit" -HOST=`/bin/hostname` - - -if [ "$1" != "" ] -then - LOWLIMIT=$1 -fi - - -# an skeykeys entry looks like -# jsw 0076 la13079 ba20a75528de9d3a -# the sequence number is the second entry -# - -for i in `$AWK '{print $1}' $KEYDB` -do -SEQ=`$GREP "^$i[ ]" $KEYDB | $AWK '{if ($2 ~ /^[A-z]/) {print $3} else {print $2}}'` -if [ $SEQ -lt $LOWLIMIT ] -then - KEY=`$GREP "^$i[ ]" $KEYDB | $AWK '{if ($2 ~ /^[A-z]/) {print $4} else {print $3}}'` - if [ $SEQ -lt 3 ] - then - SUBJECT="IMPORTANT action required" - fi - ( - $ECHO "You are nearing the end of your current S/Key sequence for account $i" - $ECHO "on system $HOST." - $ECHO "" - $ECHO "Your S/key sequence number is now $SEQ. When it reaches zero you" - $ECHO "will no longer be able to use S/Key to login into the system. " - $ECHO " " - $ECHO "Type \"skeyinit -s\" to reinitialize your sequence number." - $ECHO "" - ) | /usr/bin/Mail -s "$SUBJECT" $i $ADMIN -fi -done diff --git a/usr.bin/skeyaudit/Makefile b/usr.bin/skeyaudit/Makefile new file mode 100644 index 00000000000..8769233b715 --- /dev/null +++ b/usr.bin/skeyaudit/Makefile @@ -0,0 +1,9 @@ +# $OpenBSD: Makefile,v 1.1 1997/07/23 04:24:33 millert Exp $ + +PROG= skeyaudit +BINOWN= root +BINMODE=4555 +DPADD= ${LIBSKEY} +LDADD= -lskey + +.include <bsd.prog.mk> diff --git a/usr.bin/skeyaudit/skeyaudit.1 b/usr.bin/skeyaudit/skeyaudit.1 new file mode 100644 index 00000000000..db43b19e8c9 --- /dev/null +++ b/usr.bin/skeyaudit/skeyaudit.1 @@ -0,0 +1,39 @@ +.\" $OpenBSD: skeyaudit.1,v 1.1 1997/07/23 04:24:35 millert Exp $ +.\" +.\" +.Dd 22 July 1997 +.Dt SKEYAUDIT 1 +.Os +.Sh NAME +.Nm skeyaudit +.Nd warn users if their S/Key will soon expire +.Sh SYNOPSIS +.Nm skeyaudit +.Op Fl i +.Op Fl l Ar limit +.Sh DESCRIPTION +.Nm skeyaudit +searches through the file +.Dq Pa /etc/skeykeys +for users whose S/Key sequence number is less than +.Ar limit , +and mails them a reminder to run +.Xr skeyinit 1 +soon. +.Sh OPTIONS +.Bl -tag -width "-l limit" -indent +The available options are as follows: +.It Fl i +Interactive mode. Don't send mail, just print to standard output. +.It Fl l Ar limit +The limit used to determine whether or not a user should +be notified. The default is to notify if there are fewer +than 12 keys left. +.Sh FILES +.Bl -tag -width /etc/skeykeys -compact +.It Pa /etc/skeykeys +The S/Key key information database +.El +.Sh SEE ALSO +.Xr skeyinit 1 , +.Xr skey 1 diff --git a/usr.bin/skeyaudit/skeyaudit.c b/usr.bin/skeyaudit/skeyaudit.c new file mode 100644 index 00000000000..1e2bc6f984b --- /dev/null +++ b/usr.bin/skeyaudit/skeyaudit.c @@ -0,0 +1,113 @@ +#include <err.h> +#include <errno.h> +#include <limits.h> +#include <paths.h> +#include <pwd.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <skey.h> + +#include <sys/types.h> +#include <sys/param.h> + +extern char *__progname; + +void usage __P((void)); + +int +main(argc, argv) + int argc; + char **argv; +{ + struct passwd *pw; + struct skey key; + int ch, errs, left = 0, iflag = 0, limit = 12; + char *name, hostname[MAXHOSTNAMELEN]; + FILE *out; + + while ((ch = getopt(argc, argv, "il:")) != -1) + switch(ch) { + case 'i': + iflag = 1; + break; + case 'l': + errno = 0; + if ((limit = (int)strtol(optarg, NULL, 10)) == 0) + errno = ERANGE; + if (errno) { + warn("key limit"); + usage(); + } + break; + default: + usage(); + } + + if (argc - optind > 0) + usage(); + + if ((pw = getpwuid(getuid())) == NULL) + errx(1, "no passwd entry for uid %u", getuid()); + if ((name = strdup(pw->pw_name)) == NULL) + err(1, "cannot allocate memory"); + sevenbit(name); + + errs = skeylookup(&key, name); + switch (errs) { + case 0: /* Success! */ + left = key.n - 1; + break; + case -1: /* File error */ + /* XXX - _PATH_SKEYFILE should be in paths.h? */ + warnx("cannot open /etc/skeykeys"); + break; + case 1: /* Unknown user */ + warnx("%s is not listed in /etc/skeykeys", name); + } + + setuid(getuid()); /* Run sendmail as user not root */ + + if (errs || left >= limit) + exit(errs); + + if (gethostname(hostname, sizeof(hostname)) == -1) + strcpy(hostname, "unknown"); + + if (iflag) { + out = stdout; + } else { + char cmd[sizeof(_PATH_SENDMAIL) + 3]; + + sprintf(cmd, "%s -t", _PATH_SENDMAIL); + out = popen(cmd, "w"); + } + + if (!iflag) + (void)fprintf(out, + "To: %s\nSubject: IMPORTANT action required\n", name); + + (void)fprintf(out, +"\nYou are nearing the end of your current S/Key sequence for account\n\ +%s on system %s.\n\n\ +Your S/key sequence number is now %d. When it reaches zero\n\ +you will no longer be able to use S/Key to login into the system.\n\n\ +Type \"skeyinit -s\" to reinitialize your sequence number.\n\n", +name, hostname, left - 1); + + if (iflag) + (void)fclose(out); + else + (void)pclose(out); + + exit(0); +} + +void +usage() +{ + (void)fprintf(stderr, "Usage: %s [-i] [-l limit]\n", + __progname); + exit(1); +} |