summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--usr.bin/skey/Makefile5
-rw-r--r--usr.bin/skey/skeyprune.840
-rw-r--r--usr.bin/skey/skeyprune.pl90
3 files changed, 133 insertions, 2 deletions
diff --git a/usr.bin/skey/Makefile b/usr.bin/skey/Makefile
index 70c0226e1f7..3c0549c4634 100644
--- a/usr.bin/skey/Makefile
+++ b/usr.bin/skey/Makefile
@@ -1,12 +1,13 @@
-# $OpenBSD: Makefile,v 1.3 1996/09/27 15:41:35 millert Exp $
+# $OpenBSD: Makefile,v 1.4 1996/09/28 00:00:40 millert Exp $
PROG= skey
-MAN= skey.1 skeyinfo.1 skeyaudit.1
+MAN= skey.1 skeyinfo.1 skeyaudit.1 skeyprune.8
DPADD= ${LIBSKEY}
LDADD= -lskey
beforeinstall:
install -c -m 755 ${.CURDIR}/skeyaudit.sh ${DESTDIR}${BINDIR}/skeyaudit
install -c -m 755 ${.CURDIR}/skeyinfo.sh ${DESTDIR}${BINDIR}/skeyinfo
+ install -c -m 755 ${.CURDIR}/skeyprune.pl ${DESTDIR}${BINDIR}/skeyprune
.include <bsd.prog.mk>
diff --git a/usr.bin/skey/skeyprune.8 b/usr.bin/skey/skeyprune.8
new file mode 100644
index 00000000000..f7ae9efbd1e
--- /dev/null
+++ b/usr.bin/skey/skeyprune.8
@@ -0,0 +1,40 @@
+.\" $OpenBSD: skeyprune.8,v 1.1 1996/09/28 00:00:41 millert Exp $
+.\"
+.\"
+.Dd 27 Sep 1996
+.Dt SKEYPRUNE 8
+.Os OpenBSD 4
+.Sh NAME
+.Nm skeyprune
+.Nd prune commented out and old entries from keys file
+.Sh SYNOPSIS
+.Nm skeyprune
+.Op Ar days
+.Sh DESCRIPTION
+.Nm skeyprune
+searches through the file
+.Dq Pa /etc/skeykeys
+and prunes out users who have zeroed they entries via
+.Xr skeyinit 1
+as well as entries that have not been modified in
+.Ar days
+days. If
+.Ar days
+is not specified only commented out entries are pruned.
+.Sh FILES
+.Bl -tag -width /etc/skeykeys -compact
+.It Pa /etc/skeykeys
+The S/Key key information database
+.El
+.Sh SEE ALSO
+.Xr skeyinit 1 ,
+.Xr skey 1
+.Sh BUGS
+Since
+.Nm skeyprune
+rewrites
+.Dq Pa /etc/skeykeys ,
+there is a window where S/Key changes could get lost.
+It is therefore suggested that
+.Nm skeyprune
+be run at a time when users are unlikely to be active.
diff --git a/usr.bin/skey/skeyprune.pl b/usr.bin/skey/skeyprune.pl
new file mode 100644
index 00000000000..bb10bda38ed
--- /dev/null
+++ b/usr.bin/skey/skeyprune.pl
@@ -0,0 +1,90 @@
+#!/usr/bin/perl
+#
+# Prune commented out and crufty entries from skeykeys
+# Usage: skeyprune [days]
+#
+# Todd C. Miller <Todd.Miller@courtesan.com>
+# $OpenBSD: skeyprune.pl,v 1.1 1996/09/28 00:00:41 millert Exp $
+
+# We need to be able convert to time_t
+require 'timelocal.pl';
+
+# Keep out the stupid
+die "Only root may run $0.\n" if $>;
+die "Usage: $0 [days]\n" if $#ARGC > 0;
+
+# Pathnames
+$keyfile = '/etc/skeykeys';
+$temp = "$keyfile.tmp$$";
+
+# Quick mapping of month name -> number
+%months = ('Jan', 0, 'Feb', 1, 'Mar', 2, 'Apr', 3, 'May', 4, 'Jun', 5,
+ 'Jul', 6, 'Aug', 7, 'Sep', 8, 'Oct', 9, 'Nov', 10, 'Dec', 11);
+
+# Remove entries that haven't been modified in this many days.
+$days_old = $ARGV[0] || -1;
+
+# Open current key file
+open(OLD, $keyfile) || die "$0: Can't open $keyfile: $!\n";
+
+# Safely open temp file
+umask(077);
+unlink($temp);
+open(NEW, ">$temp") || die "$0: Can't open tempfile $temp: $!\n";
+
+# We need to be extra speedy to close the window where someone can hose us.
+setpriority(0, 0, -4);
+
+while (<OLD>) {
+ # Ignore commented out entries
+ if ( ! /^#[^\s#]+\s+(MD[0-9]+\s+)?[0-9]+\s+[A-z0-9_-]+\s+[a-f0-9]+\s+(Jan|Feb|Mar|Apr|May|Ju[nl]|Aug|Sep|Oct|Nov|Dec)\s+[0-9]+,\s*[0-9]+\s+[0-9]+:[0-9]+:[0-9]+$/ ) {
+ /((Jan|Feb|Mar|Apr|May|Ju[nl]|Aug|Sep|Oct|Nov|Dec)\s+[0-9]+,\s*[0-9]+\s+[0-9]+:[0-9]+:[0-9]+)$/;
+
+ # Prune out old entries if asked to
+ if ($days_old > 0) {
+ # build up time based on date string
+ @date = split(/[\s,:]/, $1);
+ $sec = $date[5];
+ $min = $date[4];
+ $hours = $date[3];
+ $mday = $date[1] - 1;
+ $mon = $months{$date[0]};
+ $year = $date[2] - 1900;
+
+ $now = time();
+ $then = &timelocal($sec,$min,$hours,$mday,$mon,$year);
+ if (($now - $then) / (60 * 60 * 24) - 1 <= $days_old) {
+ print NEW $_ || do {
+ warn "Can't write to $temp: $!\n";
+ unlink($temp);
+ };
+ }
+ } else {
+ print NEW $_ || do {
+ warn "Can't write to $temp: $!\n";
+ unlink($temp);
+ };
+ }
+ }
+}
+close(OLD);
+close(NEW);
+
+# Set owner/group/mode on tempfile and move to real location.
+($mode, $nlink, $uid, $gid) = (stat($keyfile))[2..5];
+if (!defined($mode)) {
+ unlink($temp);
+ die "$0: Unable to stat $keyfile: $!\n";
+}
+if (!chmod($mode, $temp)) {
+ unlink($temp);
+ die "$0: Unable to set mode of $temp to $mode: $!\n";
+}
+if (!chown($uid, $gid, $temp)) {
+ unlink($temp);
+ die "$0: Unable to set owner of $temp to ($uid, $gid): $!\n";
+}
+# Leave temp file in place if rename fails. Might help in debugging.
+rename($temp, $keyfile) || die "$0: Unable to rename $temp to $keyfile: $!\n";
+
+exit(0);