From 15464365dd70fe84e26ba515ba3da12f5c34c2f7 Mon Sep 17 00:00:00 2001 From: tim Date: Tue, 6 Oct 2015 15:09:08 +0000 Subject: [PATCH] Remove the -C option that converts an S/Key database to the new format. It has been 13 years since the new format was introduced. OK millert@ --- usr.bin/skeyinit/skeyinit.1 | 14 ++---- usr.bin/skeyinit/skeyinit.c | 94 ++++--------------------------------- 2 files changed, 11 insertions(+), 97 deletions(-) diff --git a/usr.bin/skeyinit/skeyinit.1 b/usr.bin/skeyinit/skeyinit.1 index c3312af9b6f..8c5647f2b25 100644 --- a/usr.bin/skeyinit/skeyinit.1 +++ b/usr.bin/skeyinit/skeyinit.1 @@ -1,8 +1,8 @@ -.\" $OpenBSD: skeyinit.1,v 1.39 2015/01/16 16:16:36 schwarze Exp $ +.\" $OpenBSD: skeyinit.1,v 1.40 2015/10/06 15:09:08 tim Exp $ .\" $NetBSD: skeyinit.1,v 1.4 1995/07/07 22:24:09 jtc Exp $ .\" @(#)skeyinit.1 1.1 10/28/93 .\" -.Dd $Mdocdate: January 16 2015 $ +.Dd $Mdocdate: October 6 2015 $ .Dt SKEYINIT 1 .Os .Sh NAME @@ -11,7 +11,7 @@ .Sh SYNOPSIS .Nm skeyinit .Bk -words -.Op Fl CDErsx +.Op Fl DErsx .Op Fl a Ar auth-type .Op Fl n Ar count .Op Fl md5 | rmd160 | sha1 @@ -72,14 +72,6 @@ This option allows the authentication type to be specified, such as .Dq passwd or .Dq skey . -.It Fl C -Converts from the old-style -.Pa /etc/skeykeys -database to a new-style database where user records are stored in the -.Pa /etc/skey -directory. -If an entry already exists in the new-style database it will not -be overwritten. .It Fl D Disables access to the S/Key database. Only the superuser may use the diff --git a/usr.bin/skeyinit/skeyinit.c b/usr.bin/skeyinit/skeyinit.c index 10a913acaf4..a375c2e52fe 100644 --- a/usr.bin/skeyinit/skeyinit.c +++ b/usr.bin/skeyinit/skeyinit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: skeyinit.c,v 1.59 2015/10/03 13:10:47 tim Exp $ */ +/* $OpenBSD: skeyinit.c,v 1.60 2015/10/06 15:09:08 tim Exp $ */ /* OpenBSD S/Key (skeyinit.c) * @@ -41,13 +41,12 @@ void usage(void); void secure_mode(int *, char *, char *, size_t, char *, size_t); void normal_mode(char *, int, char *, char *); -void convert_db(void); void enable_db(int); int main(int argc, char **argv) { - int rval, i, l, n, defaultsetup, rmkey, hexmode, enable, convert; + int rval, i, l, n, defaultsetup, rmkey, hexmode, enable; char hostname[HOST_NAME_MAX+1]; char seed[SKEY_MAX_SEED_LEN + 1]; char buf[256], key[SKEY_BINKEY_SIZE], filename[PATH_MAX], *ht; @@ -56,7 +55,7 @@ main(int argc, char **argv) struct skey skey; struct passwd *pp; - n = rmkey = hexmode = enable = convert = 0; + n = rmkey = hexmode = enable = 0; defaultsetup = 1; ht = auth_type = NULL; @@ -106,9 +105,6 @@ main(int argc, char **argv) errx(1, "count must be > 0 and < %d", SKEY_MAX_SEQ); break; - case 'C': - convert = 1; - break; case 'D': enable = -1; break; @@ -130,16 +126,12 @@ main(int argc, char **argv) argv += i; argc -= i; - if (argc > 1 || (enable && convert) || (enable && argc) || - (convert && argc)) + if (argc > 1 || (enable && argc)) usage(); - /* Handle -C, -D, and -E */ - if (convert || enable) { - if (convert) - convert_db(); - else - enable_db(enable); + /* Handle -D and -E */ + if (enable) { + enable_db(enable); exit(0); } @@ -477,82 +469,12 @@ enable_db(int op) } } -#define _PATH_SKEYKEYS "/etc/skeykeys" -void -convert_db(void) -{ - struct passwd *pp; - uid_t uid; - FILE *keyfile; - FILE *newfile; - char buf[256], *logname, *hashtype, *seed, *val, *cp; - char filename[PATH_MAX]; - const char *errstr; - int fd, n; - - if ((keyfile = fopen(_PATH_SKEYKEYS, "r")) == NULL) - err(1, "can't open %s", _PATH_SKEYKEYS); - if (flock(fileno(keyfile), LOCK_EX) != 0) - err(1, "can't lock %s", _PATH_SKEYKEYS); - enable_db(1); - - /* - * Loop over each entry in _PATH_SKEYKEYS, creating a file - * in _PATH_SKEYDIR for each one. - */ - while (fgets(buf, sizeof(buf), keyfile) != NULL) { - if (buf[0] == '#') - continue; - if ((logname = strtok(buf, " \t")) == NULL) - continue; - if ((cp = strtok(NULL, " \t")) == NULL) - continue; - if (!isalpha((unsigned char)*cp)) - continue; - hashtype = cp; - if ((cp = strtok(NULL, " \t")) == NULL) - continue; - n = strtonum(cp, 0, SKEY_MAX_SEQ, &errstr); - if (errstr) - continue; - if ((seed = strtok(NULL, " \t")) == NULL) - continue; - if ((val = strtok(NULL, " \t")) == NULL) - continue; - - if ((pp = getpwnam(logname)) != NULL) - uid = pp->pw_uid; - else - uid = 0; - - /* Now write the new-style record. */ - if (snprintf(filename, sizeof(filename), "%s/%s", _PATH_SKEYDIR, - logname) >= sizeof(filename)) { - warnc(ENAMETOOLONG, "%s", logname); - continue; - } - fd = open(filename, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR); - if (fd == -1 || flock(fd, LOCK_EX) != 0 || - (newfile = fdopen(fd, "r+")) == NULL) { - warn("%s", logname); - continue; - } - (void)fprintf(newfile, "%s\n%s\n%04d\n%s\n%s\n", logname, - hashtype, n, seed, val); - (void)fchown(fileno(newfile), uid, -1); - (void)fclose(newfile); - } - printf("%s has been populated. NOTE: %s has *not* been removed.\n" - "It should be removed once you have verified that the new keys " - "work.\n", _PATH_SKEYDIR, _PATH_SKEYKEYS); -} - void usage(void) { extern char *__progname; - (void)fprintf(stderr, "usage: %s [-CDErsx] [-a auth-type] [-n count]" + (void)fprintf(stderr, "usage: %s [-DErsx] [-a auth-type] [-n count]" "\n\t[-md5 | -rmd160 | -sha1] [user]\n", __progname); exit(1); } -- 2.20.1