Remove the -C option that converts an S/Key database to the new format. It has

been 13 years since the new format was introduced.

OK millert@

diff --git a/usr.bin/skeyinit/skeyinit.1 b/usr.bin/skeyinit/skeyinit.1
index c3312af..8c5647f 100644 (file)
--- a/usr.bin/skeyinit/skeyinit.1
+++ b/usr.bin/skeyinit/skeyinit.1
@@ -1,8 +1,8 @@
-.\"    $OpenBSD: skeyinit.1,v 1.39 2015/01/16 16:16:36 schwarze Exp $
+.\"    $OpenBSD: skeyinit.1,v 1.40 2015/10/06 15:09:08 tim Exp $
 .\"    $NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $
 .\"    @(#)skeyinit.1  1.1     10/28/93
 .\"
-.Dd $Mdocdate: January 16 2015 $
+.Dd $Mdocdate: October 6 2015 $
 .Dt SKEYINIT 1
 .Os
 .Sh NAME
@@ -11,7 +11,7 @@
 .Sh SYNOPSIS
 .Nm skeyinit
 .Bk -words
-.Op Fl CDErsx
+.Op Fl DErsx
 .Op Fl a Ar auth-type
 .Op Fl n Ar count
 .Op Fl md5 | rmd160 | sha1
@@ -72,14 +72,6 @@ This option allows the authentication type to be specified, such as
 .Dq passwd
 or
 .Dq skey .
-.It Fl C
-Converts from the old-style
-.Pa /etc/skeykeys
-database to a new-style database where user records are stored in the
-.Pa /etc/skey
-directory.
-If an entry already exists in the new-style database it will not
-be overwritten.
 .It Fl D
 Disables access to the S/Key database.
 Only the superuser may use the

diff --git a/usr.bin/skeyinit/skeyinit.c b/usr.bin/skeyinit/skeyinit.c
index 10a913a..a375c2e 100644 (file)
--- a/usr.bin/skeyinit/skeyinit.c
+++ b/usr.bin/skeyinit/skeyinit.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: skeyinit.c,v 1.59 2015/10/03 13:10:47 tim Exp $       */
+/*     $OpenBSD: skeyinit.c,v 1.60 2015/10/06 15:09:08 tim Exp $       */
 
 /* OpenBSD S/Key (skeyinit.c)
  *
@@ -41,13 +41,12 @@
 void   usage(void);
 void   secure_mode(int *, char *, char *, size_t, char *, size_t);
 void   normal_mode(char *, int, char *, char *);
-void   convert_db(void);
 void   enable_db(int);
 
 int
 main(int argc, char **argv)
 {
-       int     rval, i, l, n, defaultsetup, rmkey, hexmode, enable, convert;
+       int     rval, i, l, n, defaultsetup, rmkey, hexmode, enable;
        char    hostname[HOST_NAME_MAX+1];
        char    seed[SKEY_MAX_SEED_LEN + 1];
        char    buf[256], key[SKEY_BINKEY_SIZE], filename[PATH_MAX], *ht;
@@ -56,7 +55,7 @@ main(int argc, char **argv)
        struct skey skey;
        struct passwd *pp;
 
-       n = rmkey = hexmode = enable = convert = 0;
+       n = rmkey = hexmode = enable = 0;
        defaultsetup = 1;
        ht = auth_type = NULL;
 
@@ -106,9 +105,6 @@ main(int argc, char **argv)
                                        errx(1, "count must be > 0 and < %d",
                                             SKEY_MAX_SEQ);
                                break;
-                       case 'C':
-                               convert = 1;
-                               break;
                        case 'D':
                                enable = -1;
                                break;
@@ -130,16 +126,12 @@ main(int argc, char **argv)
        argv += i;
        argc -= i;
 
-       if (argc > 1 || (enable && convert) || (enable && argc) ||
-           (convert && argc))
+       if (argc > 1 || (enable && argc))
                usage();
 
-       /* Handle -C, -D, and -E */
-       if (convert || enable) {
-               if (convert)
-                       convert_db();
-               else
-                       enable_db(enable);
+       /* Handle -D and -E */
+       if (enable) {
+               enable_db(enable);
                exit(0);
        }
 
@@ -477,82 +469,12 @@ enable_db(int op)
        }
 }
 
-#define _PATH_SKEYKEYS "/etc/skeykeys"
-void
-convert_db(void)
-{
-       struct passwd *pp;
-       uid_t uid;
-       FILE *keyfile;
-       FILE *newfile;
-       char buf[256], *logname, *hashtype, *seed, *val, *cp;
-       char filename[PATH_MAX];
-       const char *errstr;
-       int fd, n;
-
-       if ((keyfile = fopen(_PATH_SKEYKEYS, "r")) == NULL)
-               err(1, "can't open %s", _PATH_SKEYKEYS);
-       if (flock(fileno(keyfile), LOCK_EX) != 0)
-               err(1, "can't lock %s", _PATH_SKEYKEYS);
-       enable_db(1);
-
-       /*
-        * Loop over each entry in _PATH_SKEYKEYS, creating a file
-        * in _PATH_SKEYDIR for each one.
-        */
-       while (fgets(buf, sizeof(buf), keyfile) != NULL) {
-               if (buf[0] == '#')
-                       continue;
-               if ((logname = strtok(buf, " \t")) == NULL)
-                       continue;
-               if ((cp = strtok(NULL, " \t")) == NULL)
-                       continue;
-               if (!isalpha((unsigned char)*cp))
-                       continue;
-               hashtype = cp;
-               if ((cp = strtok(NULL, " \t")) == NULL)
-                       continue;
-               n = strtonum(cp, 0, SKEY_MAX_SEQ, &errstr);
-               if (errstr)
-                       continue;
-               if ((seed = strtok(NULL, " \t")) == NULL)
-                       continue;
-               if ((val = strtok(NULL, " \t")) == NULL)
-                       continue;
-
-               if ((pp = getpwnam(logname)) != NULL)
-                       uid = pp->pw_uid;
-               else
-                       uid = 0;
-
-               /* Now write the new-style record. */
-               if (snprintf(filename, sizeof(filename), "%s/%s", _PATH_SKEYDIR,
-                   logname) >= sizeof(filename)) {
-                       warnc(ENAMETOOLONG, "%s", logname);
-                       continue;
-               }
-               fd = open(filename, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR);
-               if (fd == -1 || flock(fd, LOCK_EX) != 0 ||
-                   (newfile = fdopen(fd, "r+")) == NULL) {
-                       warn("%s", logname);
-                       continue;
-               }
-               (void)fprintf(newfile, "%s\n%s\n%04d\n%s\n%s\n", logname,
-                           hashtype, n, seed, val);
-               (void)fchown(fileno(newfile), uid, -1);
-               (void)fclose(newfile);
-       }
-       printf("%s has been populated.  NOTE: %s has *not* been removed.\n"
-           "It should be removed once you have verified that the new keys "
-           "work.\n", _PATH_SKEYDIR, _PATH_SKEYKEYS);
-}
-
 void
 usage(void)
 {
        extern char *__progname;
 
-       (void)fprintf(stderr, "usage: %s [-CDErsx] [-a auth-type] [-n count]"
+       (void)fprintf(stderr, "usage: %s [-DErsx] [-a auth-type] [-n count]"
            "\n\t[-md5 | -rmd160 | -sha1] [user]\n", __progname);
        exit(1);
 }