summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--usr.bin/skey/skeyprune.848
-rw-r--r--usr.bin/skey/skeyprune.pl136
2 files changed, 100 insertions, 84 deletions
diff --git a/usr.bin/skey/skeyprune.8 b/usr.bin/skey/skeyprune.8
index 2580612a818..ddc9fb889c5 100644
--- a/usr.bin/skey/skeyprune.8
+++ b/usr.bin/skey/skeyprune.8
@@ -1,33 +1,59 @@
-.\" $OpenBSD: skeyprune.8,v 1.6 2001/06/20 22:19:58 millert Exp $
+.\" $OpenBSD: skeyprune.8,v 1.7 2002/05/16 18:27:34 millert Exp $
.\"
.\"
-.Dd September 27, 1996
+.Dd May 16, 2002
.Dt SKEYPRUNE 8
.Os
.Sh NAME
.Nm skeyprune
-.Nd prune commented out and old entries from keys file
+.Nd prune zeroed and old entries from S/Key databse
.Sh SYNOPSIS
.Nm skeyprune
.Op Ar days
.Sh DESCRIPTION
.Nm skeyprune
searches through the S/Key database,
-.Dq Pa /etc/skeykeys ,
-and prunes out invalid entries (including users who have zeroed out their)
-entries via
-.Xr skeyinit 1 )
+.Pa /etc/skey ,
+and prunes out entries that have been zeroed out via
+.Xr skeyinit 1
as well as entries that have not been modified in
.Ar days
days.
If
.Ar days
is not specified, only invalid entries are pruned.
+.Pp
+If a malformed entry is encountered, or if the file mode/type is incorrect,
+an error is printed to the standard error.
+.Sh ERRORS
+The following errors are cause for concern.
+.Bl -tag -width Ds
+.It Can't cd to /etc/skey
+The S/Key database directory,
+.Pa /etc/skey ,
+does not exist.
+The superuser may create it by running
+.Dq skeyinit -E .
+.It Can't open user
+The user's entry was found in
+.Pa /etc/skey
+but it could not be opened.
+.It user is not a regular file
+The user's entry is not a regular file.
+.It Bad mode for user
+The user's entry had a bad file mode (should be 0600).
+.It Bad link count for user.
+The user's entry had a bad link count (should be 1).
+.It Invalid entry for user
+The user's entry was not of the correct format, as specified by
+.Xr skey 5 .
+.El
.Sh FILES
-.Bl -tag -width /etc/skeykeys -compact
-.It Pa /etc/skeykeys
-S/Key key information database
+.Bl -tag -width /etc/skey
+.It Pa /etc/skey
+directory containing S/Key user entries
.El
.Sh SEE ALSO
.Xr skey 1 ,
-.Xr skeyinit 1
+.Xr skeyinit 1 ,
+.Xr skey 5
diff --git a/usr.bin/skey/skeyprune.pl b/usr.bin/skey/skeyprune.pl
index 004fa65ec03..4787266fb69 100644
--- a/usr.bin/skey/skeyprune.pl
+++ b/usr.bin/skey/skeyprune.pl
@@ -1,6 +1,6 @@
#!/usr/bin/perl -w
#
-# Copyright (c) 1996, 2001 Todd C. Miller <Todd.Miller@courtesan.com>
+# Copyright (c) 1996, 2001, 2002 Todd C. Miller <Todd.Miller@courtesan.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -28,24 +28,18 @@
# Prune commented out, bogus, and crufty entries from /etc/skeykeys
# Usage: skeyprune [days]
#
-# $OpenBSD: skeyprune.pl,v 1.2 2001/06/20 22:19:58 millert Exp $
+# $OpenBSD: skeyprune.pl,v 1.3 2002/05/16 18:27:34 millert Exp $
#
-use File::Temp qw(:mktemp);
+use POSIX qw(S_ISREG);
use Fcntl qw(:DEFAULT :flock);
-use Time::Local;
# Keep out the stupid
die "Only root may run $0.\n" if $>;
die "Usage: $0 [days]\n" if $#ARGV > 0;
# Pathnames
-$keyfile = '/etc/skeykeys';
-$template = "$keyfile.XXXXXXXX";
-
-# Quick mapping of month name -> number
-%months = ('Jan', 0, 'Feb', 1, 'Mar', 2, 'Apr', 3, 'May', 4, 'Jun', 5,
- 'Jul', 6, 'Aug', 7, 'Sep', 8, 'Oct', 9, 'Nov', 10, 'Dec', 11);
+$skeydir = '/etc/skey';
# Remove entries that haven't been modified in this many days.
$days_old = $ARGV[0] || -1;
@@ -53,78 +47,74 @@ $days_old = $ARGV[0] || -1;
# Safe umask
umask(077);
-# Open and lock the current key file
-open(OLD, $keyfile) || die "$0: Can't open $keyfile: $!\n";
-flock(OLD, LOCK_EX) || die "$0: Can't lock $keyfile: $!\n";
-
-# Safely open temp file
-($NEW, $temp) = mkstemp($template);
-die "$0: Can't open tempfile $template: $!\n" unless $temp;
+# Current time
+$now = time();
-# Run at a high priority so we don't keep things locked for too long
-setpriority(0, 0, -4);
+# Slurp mode
+undef $/;
-while (<OLD>) {
- chomp();
+chdir($skeydir) || die "$0: Can't cd to $skeydir: $!\n";
+opendir(SKEYDIR, ".") || die "$0: Can't open $skeydir: $!\n";
+while (defined($user = readdir(SKEYDIR))) {
+ next if $user =~ /^\./;
+ if (!sysopen(SKEY, $user, 0, O_RDWR | O_NONBLOCK | O_NOFOLLOW)) {
+ warn "$0: Can't open $user: $!\n";
+ next;
+ }
+ if (!flock(SKEY, LOCK_EX)) {
+ warn "$0: Can't lock $user: $!\n";
+ close(SKEY);
+ next;
+ }
- # Valid entry: 'username hash seq seed key date"
- if ( /^[^\s#]+\s+(\S+\s+)?[0-9]+\s+[A-z0-9]+\s+[a-f0-9]+\s+(Jan|Feb|Mar|Apr|May|Ju[nl]|Aug|Sep|Oct|Nov|Dec)\s+[0-9]+,\s*[0-9]+\s+[0-9]+:[0-9]+:[0-9]+$/ ) {
+ if (!stat(SKEY)) {
+ warn "$0: Can't stat $user: $!\n";
+ close(SKEY);
+ next;
+ }
- @entry = split(/[\s,:]+/, $_);
- # Prune out old entries if asked to
- if ($days_old > 0) {
- # build up time based on date string
- $sec = $date[10];
- $min = $date[9];
- $hours = $date[8];
- $mday = $date[6] - 1;
- $mon = $months{$date[5]};
- $year = $date[7] - 1900;
+ # Sanity checks.
+ if (!S_ISREG((stat(_))[2])) {
+ warn "$0: $user is not a regular file\n";
+ close(SKEY);
+ next;
+ }
+ if (((stat(_))[2] & 07777) != 0600) {
+ printf STDERR ("%s: Bad mode for %s: 0%o\n", $0, $user,
+ (stat(_))[2]);
+ close(SKEY);
+ next;
+ }
+ if ((stat(_))[3] != 1) {
+ printf STDERR ("%s: Bad link count for %s: %d\n", $0, $user,
+ (stat(_))[3]);
+ close(SKEY);
+ next;
+ }
- $now = time();
- $then = timelocal($sec,$min,$hours,$mday,$mon,$year);
- if (($now - $then) / (60 * 60 * 24) - 1 > $days_old) {
- next; # too old
- }
- }
+ # Remove zero size entries
+ if (-z _) {
+ unlink($user) || warn "$0: Can't unlink $user: $!\n";
+ close(SKEY);
+ next;
+ }
- # Missing hash type? Must be md4...
- if ($entry[1] =~ /^\d/) {
- splice(@entry, 1, 0, "md4");
+ # Prune out old entries if asked to
+ if ($days_old > 0) {
+ $then = (stat(_))[9];
+ if (($now - $then) / (60 * 60 * 24) - 1 > $days_old) {
+ unlink($user) || warn "$0: Can't unlink $user: $!\n";
+ close(SKEY);
+ next;
}
+ }
- printf $NEW "%s %s %04d %-16s %s %4s %02d,%-4d %02d:%02d:%02d\n",
- $entry[0], $entry[1], $entry[2], $entry[3], $entry[4],
- $entry[5], $entry[6], $entry[7], $entry[8], $entry[9],
- $entry[10] || do {
- warn "Can't write to $temp: $!\n";
- unlink($temp);
- exit(1);
- };
+ # Read in the entry and check its contents.
+ $entry = <SKEY>;
+ if ($entry !~ /^\S+[\r\n]+\S+[\r\n]+\d+[\r\n]+[A-z0-9]+[\r\n]+[a-f0-9]+[\r\n]+$/) {
+ warn "$0: Invalid entry for $user:\n$entry";
}
-}
-close(OLD);
-close($NEW);
-# Set owner/group/mode on tempfile and move to real location.
-($mode, $nlink, $uid, $gid) = (stat($keyfile))[2..5];
-if (!defined($mode)) {
- unlink($temp);
- die "$0: Unable to stat $keyfile: $!\n";
+ close(SKEY);
}
-if (!chmod($mode, $temp)) {
- unlink($temp);
- die "$0: Unable to set mode of $temp to $mode: $!\n";
-}
-if (!chown($uid, $gid, $temp)) {
- unlink($temp);
- die "$0: Unable to set owner of $temp to ($uid, $gid): $!\n";
-}
-if ($nlink != 1) {
- $nlink--;
- warn "$0: Old $keyfile had $nlink hard links, those will be broken\n";
-}
-# Leave temp file in place if rename fails. Might help in debugging.
-rename($temp, $keyfile) || die "$0: Unable to rename $temp to $keyfile: $!\n";
-
exit(0);