Some software by Phil Pennock

WARNING: this is a page, restored 2005-09-01, of something previously modified 2002-08-13; it is probably severely out of date

It's all pretty minor stuff, for the most part. Scripts and bits and pieces. Not my best stuff; most of that is for my employer, and not publically available.

None of this stuff has version numbers embedded in the filename. I don't notify people if it's updated. If not stated otherwise in the file, then the code should be considered placed into the public domain, without warranty of any kind. If enough people express an interest in any particular item, then I might start bothering with more formalised release procedures.

To emphasise, this code can suck, don't use it if you are not capable of analysing it for yourself and making a balanced risk assessment judgement.

There's very little documentation, aside from the code itself. Often things accept "-h" as an option.

C code is likely to have BSD dependencies. Eg, I like using the <err.h> functions, strlcpy(3) and friends, etc. It's likely to have been tested on OpenBSD and FreeBSD, both x86. It might have been tested on Debian GNU/Linux (x86); I have ready non-console user access to such a system to test, if need be.

vircs & hooks

vircs is a wrapper file around your text editor ($VISUAL, $EDITOR, mg(1) or vi(1)) and RCS revision control, with lockfile-based locking around it all.
It provides for 'hooks' at multiple stages (not all described here), with some defaults. After the editor is exited, then an integrity hook is run to confirm validity. If not valid, you can go back and re-edit, or quit, or Force. I strongly believe that the human should be trusted to know what they're doing and to be able to override the safety measures. Of course, sometimes some colleagues bring me to the point of changing my mind. *sigh*.
After that, if proceeding, the user is shown a diff, and can be asked if they wish to proceed, re-edit, or quit. Then they're thrown into the commit-prompt of "ci -u". Then there's a post-commit hook. We use this with some passwordless sudo(1) config to arrange passphraseless SSH-based distribution of config to multiple machines, automatically, after an update.

The hooks are given by the name of the functionality being overriden, as an executable (or link to executable) inside the RCS directory. Since they don't end ,v there's no namespace collision here. A hook for one specific file can be given as hookname_filename. If the hook has zero size, then that is interpreted as "remove hook".

Obviously, there's a security issue here, if you don't trust the path to where you are. There's an explicit safety-check for the root user. The more general case with multiple users in multiple groups, trusting write-access from certain groups in certain directories, is much more difficult and not handled. Yes, there is a security risk here. You need to make a judgement about staff trustworthiness and competence. Ideas for improvements without using a configuration file are welcome.

Furthermore, the current model invokes the editor on the live file. There can be a real issue here, with race conditions and invalid data, or simply file-permissions. Really, vircs should move to editing a temporary file instead. I've not gotten around to it, that's all.

Often the hook invocation syntax might not be clear. Look at the examples. It's all messy. Perhaps it's time for some rethinking or maybe even a config file. :^( Really, this program should be the incentive for me to learn to write POD. Simply not gotten around to it.

vircs.pl

The program itself. Several Perl dependencies.

bindzone_integrity-simple.pl

Simple check for BIND zonefiles. Merely ensures that if there's something which looks like a substantive change, then the serial number must have been updated.

bindzone_integrity.pl

Far more substantial, performing many checks. Some may not be appropriate for your site. This ensures house style for Demon Internet Nederland (a brand of Thus Plc).

tinydns_integrity.pl

Akin unto the simple BIND checker, but for the tinydns data file. Also checks Z line for my chosen style.

Miscellaneous

sigfortune.c

Most people know fortune(6). I had a shell wrapper, to update the .dat file if it was older than the text file. But the delay in getting an actual fortune was around 1s, for no apparent reason. So one day, I put the fortunes into a CDB file (see the CDB designer's site), with the keys being text-string representations of index numbers and an extra key count. I then wrote the sigfortune program in Perl. Much faster; but then, on my system Perl is normally in memory. One day, I got bored and rewrote it in C. The rebuild is in a separate program, see next item.
This C program represents my first experience at programming to one of Dan J. Bernstein's APIs. Whilst I'm mostly happy, it's a little worrying that someone who makes such a fuss about the poor design of other APIs and how much better it is to redesign them, didn't even make the effort to make the CDB API consistent. cdb_findnext() expects key, then key_len. cdb_read expects data_length and then data. I'd be more embarrassed at the time taken to track down the problem if this weren't so stupid.
(NB: there was no library error or warning. The swap meant that I trashed the stack, so that printf() was segfaulting. When another printf() was put near the start, the internal allocations were done there, so the segfault moved to the clean-up after "return 0;". When I saw that, I put a canary on the stack and then isolated where the canary was being trashed. This wouldn't have happened if pointers and lengths were distinct, as in any other modern API, but here they're both defined as "uint32")

fortunes_cdbbuild.pl

Originally, the previous item just said that the build script wasn't included, as it was such simple Perl. But then, why not? Perhaps some Perl which is so short and unhacked that it hasn't become grotesque will keep the pitchforks from my door.

rfc.pl

A front-end program for viewing RFCs, BCPs, etc etc. Automatic retrieval from a NIC mirror into a local cache. Tune the first three variables (most particularly, $nicmirror).

spamtest.pl

Misnamed, this is an RBL-checker.

urlopen.pl

Program to open URLs, as they exist in the X11 cut-buffer (or optionally on command-line). Various bits of massaging performed, to clean up the URL. If using Netscape, will ask for a new window. Netscape6; see commented-out block for checking the lockfile with Netscape4. See another commented-out bit for the old way of getting the text, simply asking for the CUT_BUFFER0 property of the root window, using xprop(1). Or see the next item, to use the more functional new method.

xfetchselection.c

C source code for a tool which, "simply", gets the currently selected text (under X11) and shoves it out stdout. NULLs and all. With nice applications such as xterm(1) or _old_ ETerm(1), this is overkill as the CUT_BUFFER0 property is updated on the root window. But that's a nicety, for historical compatibility. The correct method is to ask if someone "owns the selection". If so, you then need a window, with a property on the window, and you ask the selection owner to update that property for you. Only if there is no selection owner should you fall back to retrieving the CUT_BUFFER0 property from the root window. Luckily, the window receiving the selection contents doesn't actually need to be mapped (visible).

home-usage.pl

This generates a partition usage report. Reports first some summary stats about the partition, then a largest-first sorted list of "disk-usage directory" pairs. By default, checks /home and puts the output in /usr/local/share/USAGE-home. Keeps one old version, chmod'd tighter so that the admin can compare. To test, give it one argument, a directory, and it will display to stdout. Two arguments, and the second is a file to write the output to; if no slashes in filename, to that file within /usr/local/share. So a normal user can run this from their crontab too. Tested on OpenBSD and FreeBSD (where you need to knock off "use warnings.pm ..." since the shipped Perl is so old).

traceback.c

C source code for a wrapper around traceroute and traceroute6; this wrapper will invoke traceroute, back to the source IP of the socket connected to its stdin. Connect to this host on port 301, either TCP or TCP6, to see the results. Just compile, stick a line into inetd.conf, HUP and you're away. The code is mostly AF independent; since on OpenBSD the traceroute programs are each restricted to one AF, there is a small switch, with a default barf, which removes the AF independence. If stdin is not a socket, but $SSH_CLIENT exists in environ, then the IP address therein is used.

Not here, but could be

I write shedloads of stuff, in C and Perl, for my employer. A lot of it is specific to Demon Internet Nederland, but not all. Broadly speaking, if it's not basically handing a competitor critical infrastructure on a plate and it doesn't reveal too much sensitive stuff, I can probably get release permission. I have a great boss. :^) It's a case of time and actually getting the permission.

If I've described some tool somewhere and you came here looking, and are disappointed, then mail me for it. Please note that this is explicitly NOT a request to be added to any kind of mailing-list.

Things which could probably be here include various helpful scripts for Exim, MMDF, generic systems administration, etc. Hrm, perhaps the tool for looking up WONs from names and vice-versa from Half-Life logs.