[moira.git] / regtape / verify.pc

/* $Header$
 *
 * This program will verify signatures on user records in the database.
 */

#include <stdio.h>
#include <string.h>
#include <ctype.h>
#include <sys/time.h>
#include <moira.h>
#include <moira_site.h>
#include <des.h>
#include <krb.h>
#include <krb_err.h>
#include <gdss.h>
EXEC SQL INCLUDE sqlca;


char *program;

int main(int argc, char **argv)
{
  char buf[BUFSIZ], *usercheck[100], sigbuf[256], *data, *db = "moira";
  SigInfo si;
  struct save_queue *sq;
  int status, i, wait, check, debug, fix;
  EXEC SQL BEGIN DECLARE SECTION;
  char login[10], mid[32], rawsig[256], who[257];
  EXEC SQL VAR rawsig IS STRING(256);
  int id, timestamp, sms;
  EXEC SQL END DECLARE SECTION;

  initialize_sms_error_table();
  initialize_krb_error_table();
  initialize_gdss_error_table();

  program = "sign";
  check = debug = fix = 0;

  for (i = 1; i < argc; i++)
    {
      if (!strcmp(argv[i], "-w"))
	wait++;
      else if (!strcmp(argv[i], "-d"))
	debug++;
      else if (!strcmp(argv[i], "-D"))
	setenv("ING_SET", "set printqry");
      else if (!strcmp(argv[i], "-fix"))
	fix++;
      else if (argv[i][0] == '-')
	fprintf(stderr, "Usage: %s [-w] [-D] [-fix]\n", argv[0]);
      else usercheck[check++] = argv[i];
    }

  EXEC SQL CONNECT :db IDENTIFIED BY :db;

  if (fix)
    {
      /* Set the name of our kerberos ticket file */
      krb_set_tkt_string("/tmp/tkt_sign");
      status = 1;
      while (status)
	{
	  printf("Authenticating as moira.extra:\n");
	  status = krb_get_pw_in_tkt("moira", "extra", "ATHENA.MIT.EDU",
				     "krbtgt", "ATHENA.MIT.EDU",
				     DEFAULT_TKT_LIFE, 0);
	  if (status != 0)
	    com_err(program, status + krb_err_base, " in krb_get_pw_in_tkt");
	}
      com_err(program, 0, "authenticated OK");

      sms = 0;
      EXEC SQL SELECT string_id INTO :sms FROM strings
	WHERE string = 'moira.extra@ATHENA.MIT.EDU';
      if (sms == 0)
	{
	  com_err(program, 0, " failed to find string "
		  "moira.extra@ATHENA.MIT.EDU in database");
	  dest_tkt();
	  exit(1);
	}

      sq = sq_create();
    }

  if (check == 0)
    {
      EXEC SQL DECLARE c CURSOR FOR
	SELECT login, clearid, signature, string, sigdate
	FROM users, strings
	WHERE signature != CHR(0) and sigwho = string_id;
      EXEC SQL OPEN c;
      while (1)
	{
	  EXEC SQL FETCH c INTO :login, :mid, :rawsig, :who, :timestamp;
	  if (sqlca.sqlcode)
	    break;
	  sprintf(buf, "%s:%s", strtrim(login), strtrim(mid));
	  si.timestamp = timestamp;
	  si.SigInfoVersion = 0;
	  kname_parse(si.pname, si.pinst, si.prealm, strtrim(who));
	  si.rawsig = (unsigned char *) &rawsig[0];
	  status = GDSS_Recompose(&si, sigbuf);
	  if (status)
	    {
	      com_err(program, gdss2et(status), "recomposing for user %s",
		      login);
	      continue;
	    }
	  si.rawsig = NULL;
	  status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
	  if (status)
	    com_err(program, gdss2et(status), "verifying user %s", login);
	  if (fix && status == GDSS_E_BADSIG)
	    sq_save_data(sq, strsave(buf));
	  if (wait)
	    {
	      printf("Next");
	      fflush(stdout);
	      gets(buf);
	    }
	}
      if (fix)
	{
	  while (sq_get_data(sq, &data))
	    {
	      strncpy(login, data, 8);
	      if (strchr(login, ':'))
		*strchr(login, ':') = '\0';
	    again:
	      com_err(program, 0, "fixing sig for %s", login);
	      status = GDSS_Sign(data, strlen(data), sigbuf, &si);
	      if (status)
		{
		  com_err(program, gdss2et(status), "signing data");
		  continue;
		}
	      si.rawsig = (unsigned char *)rawsig;
	      status = GDSS_Verify(data, strlen(data), sigbuf, &si);
	      if (status)
		{
		  com_err(program, gdss2et(status), "verifying data");
		  continue;
		}
	      if (strlen(rawsig) > 68)
		{
		  sleep(1);
		  goto again;
		}

	      timestamp = si.timestamp;
	      EXEC SQL UPDATE users
		SET signature = :rawsig, sigwho = :sms, sigdate = :timestamp
		WHERE login = :login;
	      if (sqlca.sqlcode)
		{
		  com_err(program, 0, "dbms error %d", sqlca.sqlcode);
		  dest_tkt();
		  exit(1);
		}
	      EXEC SQL COMMIT WORK;
	    }
	}
    }
  else
    {
      for (i = check - 1; i >= 0; i--)
	{
	  strcpy(login, usercheck[i]);
	  EXEC SQL DECLARE s CURSOR FOR
	    SELECT clearid, signature, string, sigdate
	    FROM users, strings
	    WHERE sigwho = string_id and login = :login;
	  EXEC SQL OPEN s;
	  while (1)
	    {
	      EXEC SQL FETCH s INTO :mid, :rawsig, :who, :timestamp;
	      if (sqlca.sqlcode)
		break;
	      sprintf(buf, "%s:%s", strtrim(login), strtrim(mid));
	      if (debug)
		printf("Verifying \"%s\"\n", buf);
	      si.timestamp = timestamp;
	      si.SigInfoVersion = 0;
	      kname_parse(si.pname, si.pinst, si.prealm, strtrim(who));
	      si.rawsig = (unsigned char *) &rawsig[0];
	      status = GDSS_Recompose(&si, sigbuf);
	      if (status)
		{
		  com_err(program, gdss2et(status), "recomposing for user %s",
			  login);
		  continue;
		}
	      si.rawsig = NULL;
	      status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
	      if (fix && status == GDSS_E_BADSIG)
		{
		  com_err(program, 0, "fixing signature for %s", login);
		againagain:
		  status = GDSS_Sign(buf, strlen(buf), sigbuf);
		  if (status)
		    {
		      com_err(program, gdss2et(status), "signing data");
		      continue;
		    }
		  si.rawsig = (unsigned char *) rawsig;
		  status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
		  if (status)
		    {
		      com_err(program, gdss2et(status), "verifying data");
		      continue;
		    }
		  if (strlen(rawsig) > 68)
		    {
		      sleep(1);
		      goto againagain;
		    }

		  timestamp = si.timestamp;
		  EXEC SQL UPDATE users
		    SET signature = :rawsig, sigwho = :sms,
		    sigdate = :timestamp
		    WHERE login = :login;
		  if (sqlca.sqlcode != 0)
		    {
		      com_err(program, 0, "dbms error %d", sqlca.sqlcode);
		      dest_tkt();
		      exit(1);
		    }
		  EXEC SQL COMMIT WORK;
		}
	      else if (status)
		com_err(program, gdss2et(status), "verifying user %s", login);
	      else
		{
		  com_err(program, 0, "signature verified %s", buf);
		  if (debug == 2)
		    hex_dump(sigbuf);
		}
	      if (wait)
		{
		  printf("Next");
		  fflush(stdout);
		  gets(buf);
		}
	    }
	}
    }

  dest_tkt();
  exit(0);
}


hex_dump(unsigned  char *p)
{
  printf("Size: %d\n", strlen(p));
  while (strlen(p) >= 8)
    {
      printf("%02x %02x %02x %02x %02x %02x %02x %02x\n",
	     p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]);
      p += 8;
    }
  switch (strlen(p))
    {
    case 7:
      printf("%02x %02x %02x %02x %02x %02x %02x\n",
	     p[0], p[1], p[2], p[3], p[4], p[5], p[6]);
      break;
    case 6:
      printf("%02x %02x %02x %02x %02x %02x\n",
	     p[0], p[1], p[2], p[3], p[4], p[5]);
      break;
    case 5:
      printf("%02x %02x %02x %02x %02x\n",
	     p[0], p[1], p[2], p[3], p[4]);
      break;
    case 4:
      printf("%02x %02x %02x %02x\n",
	     p[0], p[1], p[2], p[3]);
      break;
    case 3:
      printf("%02x %02x %02x\n",
	     p[0], p[1], p[2]);
      break;
    case 2:
      printf("%02x %02x\n",
	     p[0], p[1]);
      break;
    case 1:
      printf("%02x\n",
	     p[0]);
      break;
    default:
      return;
    }
}
Commit	Line	Data
02cd9ede	1	/* $Header$
	2	*
	3	* This program will verify signatures on user records in the database.
	4	*/
	5
	6	#include <stdio.h>
9f5e5c05	7	#include <string.h>
02cd9ede	8	#include <ctype.h>
	9	#include <sys/time.h>
	10	#include <moira.h>
	11	#include <moira_site.h>
	12	#include <des.h>
	13	#include <krb.h>
ebacc4d8	14	#include <krb_err.h>
02cd9ede	15	#include <gdss.h>
8da3291e	16	EXEC SQL INCLUDE sqlca;
02cd9ede	17
	18
	19	char *program;
	20
5eaef520	21	int main(int argc, char **argv)
8da3291e	22	{
5eaef520	23	char buf[BUFSIZ], usercheck[100], sigbuf[256], data, *db = "moira";
	24	SigInfo si;
	25	struct save_queue *sq;
	26	int status, i, wait, check, debug, fix;
	27	EXEC SQL BEGIN DECLARE SECTION;
	28	char login[10], mid[32], rawsig[256], who[257];
	29	EXEC SQL VAR rawsig IS STRING(256);
	30	int id, timestamp, sms;
	31	EXEC SQL END DECLARE SECTION;
02cd9ede	32
5eaef520	33	initialize_sms_error_table();
	34	initialize_krb_error_table();
	35	initialize_gdss_error_table();
02cd9ede	36
5eaef520	37	program = "sign";
5eaef520	38	check = debug = fix = 0;
02cd9ede	39
5eaef520	40	for (i = 1; i < argc; i++)
	41	{
	42	if (!strcmp(argv[i], "-w"))
	43	wait++;
	44	else if (!strcmp(argv[i], "-d"))
	45	debug++;
	46	else if (!strcmp(argv[i], "-D"))
	47	setenv("ING_SET", "set printqry");
	48	else if (!strcmp(argv[i], "-fix"))
	49	fix++;
	50	else if (argv[i][0] == '-')
	51	fprintf(stderr, "Usage: %s [-w] [-D] [-fix]\n", argv[0]);
	52	else usercheck[check++] = argv[i];
02cd9ede	53	}
02cd9ede	54
5eaef520	55	EXEC SQL CONNECT :db IDENTIFIED BY :db;
8da3291e	56
5eaef520	57	if (fix)
	58	{
	59	/* Set the name of our kerberos ticket file */
	60	krb_set_tkt_string("/tmp/tkt_sign");
	61	status = 1;
	62	while (status)
	63	{
	64	printf("Authenticating as moira.extra:\n");
	65	status = krb_get_pw_in_tkt("moira", "extra", "ATHENA.MIT.EDU",
	66	"krbtgt", "ATHENA.MIT.EDU",
	67	DEFAULT_TKT_LIFE, 0);
	68	if (status != 0)
	69	com_err(program, status + krb_err_base, " in krb_get_pw_in_tkt");
8da3291e	70	}
5eaef520	71	com_err(program, 0, "authenticated OK");
02cd9ede	72
5eaef520	73	sms = 0;
	74	EXEC SQL SELECT string_id INTO :sms FROM strings
	75	WHERE string = 'moira.extra@ATHENA.MIT.EDU';
	76	if (sms == 0)
	77	{
	78	com_err(program, 0, " failed to find string "
	79	"moira.extra@ATHENA.MIT.EDU in database");
	80	dest_tkt();
	81	exit(1);
8da3291e	82	}
ebacc4d8	83
5eaef520	84	sq = sq_create();
8da3291e	85	}
8da3291e	86
5eaef520	87	if (check == 0)
	88	{
	89	EXEC SQL DECLARE c CURSOR FOR
	90	SELECT login, clearid, signature, string, sigdate
	91	FROM users, strings
	92	WHERE signature != CHR(0) and sigwho = string_id;
	93	EXEC SQL OPEN c;
	94	while (1)
	95	{
	96	EXEC SQL FETCH c INTO :login, :mid, :rawsig, :who, :timestamp;
	97	if (sqlca.sqlcode)
	98	break;
	99	sprintf(buf, "%s:%s", strtrim(login), strtrim(mid));
	100	si.timestamp = timestamp;
	101	si.SigInfoVersion = 0;
	102	kname_parse(si.pname, si.pinst, si.prealm, strtrim(who));
	103	si.rawsig = (unsigned char *) &rawsig[0];
	104	status = GDSS_Recompose(&si, sigbuf);
	105	if (status)
	106	{
	107	com_err(program, gdss2et(status), "recomposing for user %s",
	108	login);
	109	continue;
02cd9ede	110	}
5eaef520	111	si.rawsig = NULL;
	112	status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
	113	if (status)
	114	com_err(program, gdss2et(status), "verifying user %s", login);
	115	if (fix && status == GDSS_E_BADSIG)
	116	sq_save_data(sq, strsave(buf));
	117	if (wait)
	118	{
	119	printf("Next");
	120	fflush(stdout);
	121	gets(buf);
ebacc4d8	122	}
ebacc4d8	123	}
5eaef520	124	if (fix)
	125	{
	126	while (sq_get_data(sq, &data))
	127	{
	128	strncpy(login, data, 8);
	129	if (strchr(login, ':'))
	130	*strchr(login, ':') = '\0';
8da3291e	131	again:
5eaef520	132	com_err(program, 0, "fixing sig for %s", login);
	133	status = GDSS_Sign(data, strlen(data), sigbuf, &si);
	134	if (status)
	135	{
	136	com_err(program, gdss2et(status), "signing data");
	137	continue;
8da3291e	138	}
5eaef520	139	si.rawsig = (unsigned char *)rawsig;
	140	status = GDSS_Verify(data, strlen(data), sigbuf, &si);
	141	if (status)
	142	{
	143	com_err(program, gdss2et(status), "verifying data");
	144	continue;
8da3291e	145	}
5eaef520	146	if (strlen(rawsig) > 68)
	147	{
	148	sleep(1);
	149	goto again;
8da3291e	150	}
8da3291e	151
5eaef520	152	timestamp = si.timestamp;
	153	EXEC SQL UPDATE users
	154	SET signature = :rawsig, sigwho = :sms, sigdate = :timestamp
	155	WHERE login = :login;
	156	if (sqlca.sqlcode)
	157	{
	158	com_err(program, 0, "dbms error %d", sqlca.sqlcode);
	159	dest_tkt();
	160	exit(1);
8da3291e	161	}
5eaef520	162	EXEC SQL COMMIT WORK;
8da3291e	163	}
8da3291e	164	}
5eaef520	165	}
	166	else
	167	{
	168	for (i = check - 1; i >= 0; i--)
	169	{
	170	strcpy(login, usercheck[i]);
	171	EXEC SQL DECLARE s CURSOR FOR
	172	SELECT clearid, signature, string, sigdate
	173	FROM users, strings
	174	WHERE sigwho = string_id and login = :login;
	175	EXEC SQL OPEN s;
	176	while (1)
	177	{
	178	EXEC SQL FETCH s INTO :mid, :rawsig, :who, :timestamp;
	179	if (sqlca.sqlcode)
	180	break;
	181	sprintf(buf, "%s:%s", strtrim(login), strtrim(mid));
	182	if (debug)
	183	printf("Verifying \"%s\"\n", buf);
	184	si.timestamp = timestamp;
	185	si.SigInfoVersion = 0;
	186	kname_parse(si.pname, si.pinst, si.prealm, strtrim(who));
	187	si.rawsig = (unsigned char *) &rawsig[0];
	188	status = GDSS_Recompose(&si, sigbuf);
	189	if (status)
	190	{
	191	com_err(program, gdss2et(status), "recomposing for user %s",
	192	login);
	193	continue;
02cd9ede	194	}
5eaef520	195	si.rawsig = NULL;
	196	status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
	197	if (fix && status == GDSS_E_BADSIG)
	198	{
	199	com_err(program, 0, "fixing signature for %s", login);
ebacc4d8	200	againagain:
5eaef520	201	status = GDSS_Sign(buf, strlen(buf), sigbuf);
	202	if (status)
	203	{
	204	com_err(program, gdss2et(status), "signing data");
	205	continue;
8da3291e	206	}
5eaef520	207	si.rawsig = (unsigned char *) rawsig;
	208	status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
	209	if (status)
	210	{
	211	com_err(program, gdss2et(status), "verifying data");
	212	continue;
8da3291e	213	}
5eaef520	214	if (strlen(rawsig) > 68)
	215	{
	216	sleep(1);
	217	goto againagain;
8da3291e	218	}
8da3291e	219
5eaef520	220	timestamp = si.timestamp;
	221	EXEC SQL UPDATE users
	222	SET signature = :rawsig, sigwho = :sms,
	223	sigdate = :timestamp
	224	WHERE login = :login;
	225	if (sqlca.sqlcode != 0)
	226	{
	227	com_err(program, 0, "dbms error %d", sqlca.sqlcode);
	228	dest_tkt();
	229	exit(1);
ebacc4d8	230	}
5eaef520	231	EXEC SQL COMMIT WORK;
	232	}
	233	else if (status)
	234	com_err(program, gdss2et(status), "verifying user %s", login);
	235	else
	236	{
	237	com_err(program, 0, "signature verified %s", buf);
	238	if (debug == 2)
	239	hex_dump(sigbuf);
8da3291e	240	}
5eaef520	241	if (wait)
	242	{
	243	printf("Next");
	244	fflush(stdout);
	245	gets(buf);
02cd9ede	246	}
8da3291e	247	}
02cd9ede	248	}
	249	}
	250
5eaef520	251	dest_tkt();
5eaef520	252	exit(0);
8da3291e	253	}
02cd9ede	254
02cd9ede	255
5eaef520	256	hex_dump(unsigned char *p)
02cd9ede	257	{
5eaef520	258	printf("Size: %d\n", strlen(p));
	259	while (strlen(p) >= 8)
	260	{
	261	printf("%02x %02x %02x %02x %02x %02x %02x %02x\n",
	262	p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]);
	263	p += 8;
02cd9ede	264	}
5eaef520	265	switch (strlen(p))
5eaef520	266	{
02cd9ede	267	case 7:
5eaef520	268	printf("%02x %02x %02x %02x %02x %02x %02x\n",
	269	p[0], p[1], p[2], p[3], p[4], p[5], p[6]);
	270	break;
02cd9ede	271	case 6:
5eaef520	272	printf("%02x %02x %02x %02x %02x %02x\n",
	273	p[0], p[1], p[2], p[3], p[4], p[5]);
	274	break;
02cd9ede	275	case 5:
5eaef520	276	printf("%02x %02x %02x %02x %02x\n",
	277	p[0], p[1], p[2], p[3], p[4]);
	278	break;
02cd9ede	279	case 4:
5eaef520	280	printf("%02x %02x %02x %02x\n",
	281	p[0], p[1], p[2], p[3]);
	282	break;
02cd9ede	283	case 3:
5eaef520	284	printf("%02x %02x %02x\n",
	285	p[0], p[1], p[2]);
	286	break;
02cd9ede	287	case 2:
5eaef520	288	printf("%02x %02x\n",
	289	p[0], p[1]);
	290	break;
02cd9ede	291	case 1:
5eaef520	292	printf("%02x\n",
	293	p[0]);
	294	break;
02cd9ede	295	default:
5eaef520	296	return;
02cd9ede	297	}
02cd9ede	298	}