diff options
-rw-r--r-- | usr.bin/skey/Makefile | 5 | ||||
-rw-r--r-- | usr.bin/skey/skeyprune.8 | 40 | ||||
-rw-r--r-- | usr.bin/skey/skeyprune.pl | 90 |
3 files changed, 133 insertions, 2 deletions
diff --git a/usr.bin/skey/Makefile b/usr.bin/skey/Makefile index 70c0226e1f7..3c0549c4634 100644 --- a/usr.bin/skey/Makefile +++ b/usr.bin/skey/Makefile @@ -1,12 +1,13 @@ -# $OpenBSD: Makefile,v 1.3 1996/09/27 15:41:35 millert Exp $ +# $OpenBSD: Makefile,v 1.4 1996/09/28 00:00:40 millert Exp $ PROG= skey -MAN= skey.1 skeyinfo.1 skeyaudit.1 +MAN= skey.1 skeyinfo.1 skeyaudit.1 skeyprune.8 DPADD= ${LIBSKEY} LDADD= -lskey beforeinstall: install -c -m 755 ${.CURDIR}/skeyaudit.sh ${DESTDIR}${BINDIR}/skeyaudit install -c -m 755 ${.CURDIR}/skeyinfo.sh ${DESTDIR}${BINDIR}/skeyinfo + install -c -m 755 ${.CURDIR}/skeyprune.pl ${DESTDIR}${BINDIR}/skeyprune .include <bsd.prog.mk> diff --git a/usr.bin/skey/skeyprune.8 b/usr.bin/skey/skeyprune.8 new file mode 100644 index 00000000000..f7ae9efbd1e --- /dev/null +++ b/usr.bin/skey/skeyprune.8 @@ -0,0 +1,40 @@ +.\" $OpenBSD: skeyprune.8,v 1.1 1996/09/28 00:00:41 millert Exp $ +.\" +.\" +.Dd 27 Sep 1996 +.Dt SKEYPRUNE 8 +.Os OpenBSD 4 +.Sh NAME +.Nm skeyprune +.Nd prune commented out and old entries from keys file +.Sh SYNOPSIS +.Nm skeyprune +.Op Ar days +.Sh DESCRIPTION +.Nm skeyprune +searches through the file +.Dq Pa /etc/skeykeys +and prunes out users who have zeroed they entries via +.Xr skeyinit 1 +as well as entries that have not been modified in +.Ar days +days. If +.Ar days +is not specified only commented out entries are pruned. +.Sh FILES +.Bl -tag -width /etc/skeykeys -compact +.It Pa /etc/skeykeys +The S/Key key information database +.El +.Sh SEE ALSO +.Xr skeyinit 1 , +.Xr skey 1 +.Sh BUGS +Since +.Nm skeyprune +rewrites +.Dq Pa /etc/skeykeys , +there is a window where S/Key changes could get lost. +It is therefore suggested that +.Nm skeyprune +be run at a time when users are unlikely to be active. diff --git a/usr.bin/skey/skeyprune.pl b/usr.bin/skey/skeyprune.pl new file mode 100644 index 00000000000..bb10bda38ed --- /dev/null +++ b/usr.bin/skey/skeyprune.pl @@ -0,0 +1,90 @@ +#!/usr/bin/perl +# +# Prune commented out and crufty entries from skeykeys +# Usage: skeyprune [days] +# +# Todd C. Miller <Todd.Miller@courtesan.com> +# $OpenBSD: skeyprune.pl,v 1.1 1996/09/28 00:00:41 millert Exp $ + +# We need to be able convert to time_t +require 'timelocal.pl'; + +# Keep out the stupid +die "Only root may run $0.\n" if $>; +die "Usage: $0 [days]\n" if $#ARGC > 0; + +# Pathnames +$keyfile = '/etc/skeykeys'; +$temp = "$keyfile.tmp$$"; + +# Quick mapping of month name -> number +%months = ('Jan', 0, 'Feb', 1, 'Mar', 2, 'Apr', 3, 'May', 4, 'Jun', 5, + 'Jul', 6, 'Aug', 7, 'Sep', 8, 'Oct', 9, 'Nov', 10, 'Dec', 11); + +# Remove entries that haven't been modified in this many days. +$days_old = $ARGV[0] || -1; + +# Open current key file +open(OLD, $keyfile) || die "$0: Can't open $keyfile: $!\n"; + +# Safely open temp file +umask(077); +unlink($temp); +open(NEW, ">$temp") || die "$0: Can't open tempfile $temp: $!\n"; + +# We need to be extra speedy to close the window where someone can hose us. +setpriority(0, 0, -4); + +while (<OLD>) { + # Ignore commented out entries + if ( ! /^#[^\s#]+\s+(MD[0-9]+\s+)?[0-9]+\s+[A-z0-9_-]+\s+[a-f0-9]+\s+(Jan|Feb|Mar|Apr|May|Ju[nl]|Aug|Sep|Oct|Nov|Dec)\s+[0-9]+,\s*[0-9]+\s+[0-9]+:[0-9]+:[0-9]+$/ ) { + /((Jan|Feb|Mar|Apr|May|Ju[nl]|Aug|Sep|Oct|Nov|Dec)\s+[0-9]+,\s*[0-9]+\s+[0-9]+:[0-9]+:[0-9]+)$/; + + # Prune out old entries if asked to + if ($days_old > 0) { + # build up time based on date string + @date = split(/[\s,:]/, $1); + $sec = $date[5]; + $min = $date[4]; + $hours = $date[3]; + $mday = $date[1] - 1; + $mon = $months{$date[0]}; + $year = $date[2] - 1900; + + $now = time(); + $then = &timelocal($sec,$min,$hours,$mday,$mon,$year); + if (($now - $then) / (60 * 60 * 24) - 1 <= $days_old) { + print NEW $_ || do { + warn "Can't write to $temp: $!\n"; + unlink($temp); + }; + } + } else { + print NEW $_ || do { + warn "Can't write to $temp: $!\n"; + unlink($temp); + }; + } + } +} +close(OLD); +close(NEW); + +# Set owner/group/mode on tempfile and move to real location. +($mode, $nlink, $uid, $gid) = (stat($keyfile))[2..5]; +if (!defined($mode)) { + unlink($temp); + die "$0: Unable to stat $keyfile: $!\n"; +} +if (!chmod($mode, $temp)) { + unlink($temp); + die "$0: Unable to set mode of $temp to $mode: $!\n"; +} +if (!chown($uid, $gid, $temp)) { + unlink($temp); + die "$0: Unable to set owner of $temp to ($uid, $gid): $!\n"; +} +# Leave temp file in place if rename fails. Might help in debugging. +rename($temp, $keyfile) || die "$0: Unable to rename $temp to $keyfile: $!\n"; + +exit(0); |