Some software by Phil Pennock
WARNING: this is a page, restored 2005-09-01, of something previously modified 2002-08-13; it is probably severely out of date
It's all pretty minor stuff, for the most part. Scripts and bits and
pieces. Not my best stuff; most of that is for my employer, and not
publically available.
None of this stuff has version numbers embedded in the filename. I don't
notify people if it's updated. If not stated otherwise in the file, then
the code should be considered placed into the public domain, without
warranty of any kind. If enough people express an interest in any
particular item, then I might start bothering with more formalised release
procedures.
To emphasise, this code can suck, don't use it if you are not
capable of analysing it for yourself and making a balanced risk assessment
judgement.
There's very little documentation, aside from the code itself. Often
things accept "-h" as an option.
C code is likely to have BSD dependencies. Eg, I like using the
<err.h> functions, strlcpy(3) and friends,
etc. It's likely to have been tested on
OpenBSD and
FreeBSD, both x86.
It might have been tested on
Debian GNU/Linux (x86);
I have ready non-console user access to such a system to test, if need be.
vircs & hooks
vircs is a wrapper file around your text editor
($VISUAL, $EDITOR, mg(1) or
vi(1)) and RCS revision control, with lockfile-based
locking around it all.
It provides for 'hooks' at multiple stages (not all described here),
with some defaults. After the editor is exited, then an integrity hook
is run to confirm validity. If not valid, you can go back and re-edit,
or quit, or Force. I strongly believe that the human should be trusted
to know what they're doing and to be able to override the safety
measures. Of course, sometimes some colleagues bring me to the point of
changing my mind. *sigh*.
After that, if proceeding, the user is shown a diff, and can be asked if
they wish to proceed, re-edit, or quit. Then they're thrown into the
commit-prompt of "ci -u". Then there's a post-commit hook.
We use this with some passwordless sudo(1) config to
arrange passphraseless SSH-based distribution of config to multiple
machines, automatically, after an update.
The hooks are given by the name of the functionality being overriden, as
an executable (or link to executable) inside the RCS directory. Since
they don't end ,v there's no namespace collision here. A hook
for one specific file can be given as
hookname_filename.
If the hook has zero size, then that is interpreted as "remove hook".
Obviously, there's a security issue here, if you don't trust the path to
where you are. There's an explicit safety-check for the root user. The
more general case with multiple users in multiple groups, trusting
write-access from certain groups in certain directories, is much more
difficult and not handled. Yes, there is a security risk here. You need
to make a judgement about staff trustworthiness and competence. Ideas
for improvements without using a configuration file are welcome.
Furthermore, the current model invokes the editor on the live file.
There can be a real issue here, with race conditions and invalid data, or
simply file-permissions. Really, vircs should move to editing
a temporary file instead. I've not gotten around to it, that's all.
Often the hook invocation syntax might not be clear. Look at the
examples. It's all messy. Perhaps it's time for some rethinking or
maybe even a config file. :^( Really, this program should be the
incentive for me to learn to write POD. Simply not gotten around to it.
- vircs.pl
- The program itself. Several Perl dependencies.
- bindzone_integrity-simple.pl
- Simple check for BIND zonefiles. Merely ensures that if there's
something which looks like a substantive change, then the serial
number must have been updated.
- bindzone_integrity.pl
- Far more substantial, performing many checks. Some may not be
appropriate for your site. This ensures house style for
Demon Internet Nederland (a
brand of Thus Plc).
- tinydns_integrity.pl
- Akin unto the simple BIND checker, but for the
tinydns data file.
Also checks Z line for my chosen style.
Miscellaneous
- sigfortune.c
- Most people know fortune(6). I had a shell wrapper, to update the
.dat file if it was older than the text file. But the delay
in getting an actual fortune was around 1s, for no apparent reason.
So one day, I put the fortunes into a
CDB file (see
the CDB designer's site),
with the keys being text-string representations of index numbers
and an extra key count. I then wrote the sigfortune program
in Perl. Much faster; but then, on my system Perl is normally in
memory. One day, I got bored and rewrote it in C. The rebuild is
in a separate program, see next item.
This C program represents my first experience at programming to one of
Dan J. Bernstein's APIs. Whilst I'm mostly happy, it's a
little worrying that someone who makes such a fuss about the poor
design of other APIs and how much better it is to redesign them,
didn't even make the effort to make the CDB API consistent.
cdb_findnext() expects key, then key_len. cdb_read
expects data_length and then data. I'd be more embarrassed
at the time taken to track down the problem if this weren't so
stupid.
(NB: there was no library error or warning. The swap meant that I
trashed the stack, so that printf() was segfaulting. When
another printf() was put near the start, the internal
allocations were done there, so the segfault moved to the clean-up
after "return 0;". When I saw that, I put a canary on the
stack and then isolated where the canary was being trashed. This
wouldn't have happened if pointers and lengths were distinct, as in
any other modern API, but here they're both defined as "uint32")
- fortunes_cdbbuild.pl
- Originally, the previous item just said that the build script wasn't
included, as it was such simple Perl. But then, why not? Perhaps
some Perl which is so short and unhacked that it hasn't become
grotesque will keep the pitchforks from my door.
- rfc.pl
- A front-end program for viewing RFCs, BCPs, etc etc. Automatic
retrieval from a NIC mirror into a local cache. Tune the first
three variables (most particularly, $nicmirror).
- spamtest.pl
- Misnamed, this is an RBL-checker.
- urlopen.pl
- Program to open URLs, as they exist in the X11 cut-buffer (or
optionally on command-line). Various bits of massaging performed, to
clean up the URL. If using Netscape, will ask for a new window.
Netscape6; see commented-out block for checking the lockfile with
Netscape4. See another commented-out bit for the old way of getting
the text, simply asking for the CUT_BUFFER0 property of the
root window, using xprop(1). Or see the next item, to
use the more functional new method.
- xfetchselection.c
- C source code for a tool which, "simply", gets the currently selected
text (under X11) and shoves it out stdout. NULLs and all. With nice
applications such as xterm(1) or _old_
ETerm(1), this is overkill as the CUT_BUFFER0
property is updated on the root window. But that's a nicety, for
historical compatibility. The correct method is to ask if someone
"owns the selection". If so, you then need a window, with a property
on the window, and you ask the selection owner to update that property
for you. Only if there is no selection owner should you fall back to
retrieving the CUT_BUFFER0 property from the root window.
Luckily, the window receiving the selection contents doesn't actually
need to be mapped (visible).
- home-usage.pl
- This generates a partition usage report. Reports first some summary
stats about the partition, then a largest-first sorted list of
"disk-usage directory" pairs. By default, checks
/home and puts the output in
/usr/local/share/USAGE-home. Keeps one old version, chmod'd
tighter so that the admin can compare. To test, give it one argument,
a directory, and it will display to stdout. Two arguments, and the
second is a file to write the output to; if no slashes in filename, to
that file within /usr/local/share. So a normal user can run
this from their crontab too. Tested on OpenBSD and FreeBSD (where you
need to knock off "use warnings.pm ..."
since the shipped Perl is so old).
- traceback.c
- C source code for a wrapper around traceroute and
traceroute6; this wrapper will invoke traceroute, back to
the source IP of the socket connected to its stdin. Connect to this
host on port 301, either TCP or TCP6, to see the results. Just
compile, stick a line into inetd.conf, HUP and you're away.
The code is mostly AF independent; since on OpenBSD the traceroute
programs are each restricted to one AF, there is a small switch, with
a default barf, which removes the AF independence. If stdin is not a
socket, but $SSH_CLIENT exists in environ, then the IP
address therein is used.
Not here, but could be
I write shedloads of stuff, in C and Perl, for my employer. A lot of it
is specific to
Demon Internet Nederland, but not
all. Broadly speaking, if it's not basically handing a competitor
critical infrastructure on a plate and it doesn't reveal too much
sensitive stuff, I can probably get release permission. I have a great
boss. :^) It's a case of time and actually getting the
permission.
If I've described some tool somewhere and you came here looking, and are
disappointed, then
mail me for it. Please note
that this is explicitly NOT a request to be added to any
kind of mailing-list.
Things which could probably be here include various helpful scripts for
Exim, MMDF, generic systems administration, etc. Hrm, perhaps the tool
for looking up WONs from names and vice-versa from Half-Life logs.
Maintained by: Phil.Pennock@globnix.org