1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
#!/usr/bin/perl
#
# Prune commented out and crufty entries from skeykeys
# Usage: skeyprune [days]
#
# Todd C. Miller <Todd.Miller@courtesan.com>
# $OpenBSD: skeyprune.pl,v 1.1 1996/09/28 00:00:41 millert Exp $
# We need to be able convert to time_t
require 'timelocal.pl';
# Keep out the stupid
die "Only root may run $0.\n" if $>;
die "Usage: $0 [days]\n" if $#ARGC > 0;
# Pathnames
$keyfile = '/etc/skeykeys';
$temp = "$keyfile.tmp$$";
# Quick mapping of month name -> number
%months = ('Jan', 0, 'Feb', 1, 'Mar', 2, 'Apr', 3, 'May', 4, 'Jun', 5,
'Jul', 6, 'Aug', 7, 'Sep', 8, 'Oct', 9, 'Nov', 10, 'Dec', 11);
# Remove entries that haven't been modified in this many days.
$days_old = $ARGV[0] || -1;
# Open current key file
open(OLD, $keyfile) || die "$0: Can't open $keyfile: $!\n";
# Safely open temp file
umask(077);
unlink($temp);
open(NEW, ">$temp") || die "$0: Can't open tempfile $temp: $!\n";
# We need to be extra speedy to close the window where someone can hose us.
setpriority(0, 0, -4);
while (<OLD>) {
# Ignore commented out entries
if ( ! /^#[^\s#]+\s+(MD[0-9]+\s+)?[0-9]+\s+[A-z0-9_-]+\s+[a-f0-9]+\s+(Jan|Feb|Mar|Apr|May|Ju[nl]|Aug|Sep|Oct|Nov|Dec)\s+[0-9]+,\s*[0-9]+\s+[0-9]+:[0-9]+:[0-9]+$/ ) {
/((Jan|Feb|Mar|Apr|May|Ju[nl]|Aug|Sep|Oct|Nov|Dec)\s+[0-9]+,\s*[0-9]+\s+[0-9]+:[0-9]+:[0-9]+)$/;
# Prune out old entries if asked to
if ($days_old > 0) {
# build up time based on date string
@date = split(/[\s,:]/, $1);
$sec = $date[5];
$min = $date[4];
$hours = $date[3];
$mday = $date[1] - 1;
$mon = $months{$date[0]};
$year = $date[2] - 1900;
$now = time();
$then = &timelocal($sec,$min,$hours,$mday,$mon,$year);
if (($now - $then) / (60 * 60 * 24) - 1 <= $days_old) {
print NEW $_ || do {
warn "Can't write to $temp: $!\n";
unlink($temp);
};
}
} else {
print NEW $_ || do {
warn "Can't write to $temp: $!\n";
unlink($temp);
};
}
}
}
close(OLD);
close(NEW);
# Set owner/group/mode on tempfile and move to real location.
($mode, $nlink, $uid, $gid) = (stat($keyfile))[2..5];
if (!defined($mode)) {
unlink($temp);
die "$0: Unable to stat $keyfile: $!\n";
}
if (!chmod($mode, $temp)) {
unlink($temp);
die "$0: Unable to set mode of $temp to $mode: $!\n";
}
if (!chown($uid, $gid, $temp)) {
unlink($temp);
die "$0: Unable to set owner of $temp to ($uid, $gid): $!\n";
}
# Leave temp file in place if rename fails. Might help in debugging.
rename($temp, $keyfile) || die "$0: Unable to rename $temp to $keyfile: $!\n";
exit(0);
|
