1#!/bin/sh
2#
3#	$NetBSD: skeyaudit.sh,v 1.5 2022/10/11 15:59:38 is Exp $
4#
5# This script will look thru the skeykeys file for
6# people with sequence numbers less than LOWLIMIT=12
7# and send them an e-mail reminder to use skeyinit soon
8# 
9
10AWK=/usr/bin/awk
11GREP=/usr/bin/grep
12ECHO=/bin/echo
13KEYDB=/etc/skeykeys
14LOWLIMIT=12
15ADMIN=root
16SUBJECT="Reminder: Run skeyinit"
17HOST=`/bin/hostname`
18
19
20if [ "$1" != "" ]
21then
22 LOWLIMIT=$1
23fi
24
25if [ ! -s "${KEYDB}" ]; then
26  exit 0
27fi
28
29# an skeykeys entry looks like
30#   jsw 0076 la13079          ba20a75528de9d3a
31#   #oot md5 0005 aspa26398        9432d570ff4421f0  Jul 07,2000 01:36:43
32#   mjl sha1 0099 alpha2           459a5dac23d20a90  Jul 07,2000 02:14:17
33# the sequence number is the second (or third) entry
34#
35
36SKEYS=`$AWK '/^#/ {next} {if($2 ~ /^[0-9]+$/) print $1,$2,$3; else print $1,$3,$4; }' $KEYDB`
37
38set -- ${SKEYS}
39
40while [ "X$1" != "X" ]; do
41  USER=$1
42  SEQ=$2
43  KEY=$3
44  shift 3
45  # echo "$USER -- $SEQ -- $KEY"
46  if [ $SEQ -lt $LOWLIMIT ]; then
47    if [ $SEQ -lt  3 ]; then
48      SUBJECT="IMPORTANT action required"
49    fi
50    (
51    $ECHO "You are nearing the end of your current S/Key sequence for account $i"
52    $ECHO "on system $HOST."
53    $ECHO ""
54    $ECHO "Your S/key sequence number is now $SEQ.  When it reaches zero you"
55    $ECHO "will no longer be able to use S/Key to login into the system.  "
56    $ECHO " "
57    $ECHO "Use \"skeyinit -s\" to reinitialize your sequence number."
58    $ECHO ""
59    ) | /usr/bin/mailx -s "$SUBJECT"  $USER $ADMIN
60  fi
61done
62