[moira.git] / regtape / verify.pc

/* $Header$
 *
 * This program will verify signatures on user records in the database.
 */

#include <stdio.h>
#include <string.h>
#include <ctype.h>
#include <sys/time.h>
#include <moira.h>
#include <moira_site.h>
#include <des.h>
#include <krb.h>
#include <krb_err.h>
#include <gdss.h>
EXEC SQL INCLUDE sqlca;


char *program;

main(argc, argv)
int argc;
char **argv;
{
    char buf[BUFSIZ], *usercheck[100], sigbuf[256], *data, *db="moira";
    SigInfo si;
    struct save_queue *sq;
    int status, i, wait, check, debug, fix;
    EXEC SQL BEGIN DECLARE SECTION;
    char login[10], mid[32], rawsig[256], who[257];
    EXEC SQL VAR rawsig IS STRING(256);
    int id, timestamp, sms;
    EXEC SQL END DECLARE SECTION;

    initialize_sms_error_table();
    initialize_krb_error_table();
    initialize_gdss_error_table();

    program = "sign";
    check = debug = fix = 0;

    for (i = 1; i < argc; i++) {
	if (!strcmp(argv[i], "-w"))
	  wait++;
	else if (!strcmp(argv[i], "-d"))
	  debug++;
	else if (!strcmp(argv[i], "-D"))
	  setenv("ING_SET", "set printqry");
	else if (!strcmp(argv[i], "-fix"))
	  fix++;
	else if (argv[i][0] == '-')
	  fprintf(stderr, "Usage: %s [-w] [-D] [-fix]\n", argv[0]);
	else usercheck[check++] = argv[i];
    }

    EXEC SQL CONNECT :db IDENTIFIED BY :db;

    if (fix) {
	/* Set the name of our kerberos ticket file */
	krb_set_tkt_string("/tmp/tkt_sign");
	status = 1;
	while (status) {
	    printf("Authenticating as moira.extra:\n");
	    status = krb_get_pw_in_tkt("moira", "extra", "ATHENA.MIT.EDU",
				       "krbtgt", "ATHENA.MIT.EDU",
				       DEFAULT_TKT_LIFE, 0);
	    if (status != 0)
	      com_err(program, status + krb_err_base, " in krb_get_pw_in_tkt");
	}
	com_err(program, 0, "authenticated OK");

	sms = 0;
	EXEC SQL SELECT string_id INTO :sms FROM strings 
	  WHERE string='moira.extra@ATHENA.MIT.EDU';
	if (sms == 0) {
	    com_err(program, 0, " failed to find string moira.extra@ATHENA.MIT.EDU in database");
	    dest_tkt();
	    exit(1);
	}

	sq = sq_create();
    }

    if (check == 0) {
	EXEC SQL DECLARE c CURSOR FOR
	  SELECT login, clearid, signature, string, sigdate
	  FROM users, strings
	  WHERE signature != CHR(0) and sigwho = string_id;
	EXEC SQL OPEN c;
	while (1) {
	    EXEC SQL FETCH c INTO :login, :mid, :rawsig, :who, :timestamp;
	    if (sqlca.sqlcode != 0) break;
	    sprintf(buf, "%s:%s", strtrim(login), strtrim(mid));
	    si.timestamp = timestamp;
	    si.SigInfoVersion = 0;
	    kname_parse(si.pname, si.pinst, si.prealm, strtrim(who));
	    si.rawsig = (unsigned char *) &rawsig[0];
	    status = GDSS_Recompose(&si, sigbuf);
	    if (status) {
		com_err(program, gdss2et(status), "recomposing for user %s",
			login);
		continue;
	    }
	    si.rawsig = NULL;
	    status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
	    if (status) {
		com_err(program, gdss2et(status), "verifying user %s", login);
	    }
	    if (fix && status == GDSS_E_BADSIG) {
		sq_save_data(sq, strsave(buf));
	    }
	    if (wait) {
		printf("Next");
		fflush(stdout);
		gets(buf);
	    }
	}
	if (fix) {
	    while (sq_get_data(sq, &data)) {
		strncpy(login, data, 8);
		if (strchr(login, ':'))
		  *strchr(login, ':') = 0;
	    again:
		com_err(program, 0, "fixing sig for %s", login);
		status = GDSS_Sign(data, strlen(data), sigbuf, &si);
		if (status) {
		    com_err(program, gdss2et(status), "signing data");
		    continue;
		}
		si.rawsig = (unsigned char *)rawsig;
		status = GDSS_Verify(data, strlen(data), sigbuf, &si);
		if (status) {
		    com_err(program, gdss2et(status), "verifying data");
		    continue;
		}
		if (strlen(rawsig) > 68) {
		    sleep(1);
		    goto again;
		}

		timestamp = si.timestamp;
		EXEC SQL UPDATE users 
		  SET signature = :rawsig, sigwho = :sms, sigdate = :timestamp
		    WHERE login = :login;
		if (sqlca.sqlcode != 0) {
		    com_err(program, 0, "dbms error %d", sqlca.sqlcode);
		    dest_tkt();
		    exit(1);
		}
		EXEC SQL COMMIT WORK;
	    }
	}
    } else {
	for (i = check - 1; i >= 0; i--) {
	    strcpy(login, usercheck[i]);
	    EXEC SQL DECLARE s CURSOR FOR
	      SELECT clearid, signature, string, sigdate
	      FROM users, strings
	      WHERE sigwho = string_id and login = :login;
	    EXEC SQL OPEN s;
	    while (1) {
		EXEC SQL FETCH s INTO :mid, :rawsig, :who, :timestamp;
		if (sqlca.sqlcode != 0) break;
		sprintf(buf, "%s:%s", strtrim(login), strtrim(mid));
		if (debug) {
		    printf("Verifying \"%s\"\n", buf);
		}
		si.timestamp = timestamp;
		si.SigInfoVersion = 0;
		kname_parse(si.pname, si.pinst, si.prealm, strtrim(who));
		si.rawsig = (unsigned char *) &rawsig[0];
		status = GDSS_Recompose(&si, sigbuf);
		if (status) {
		    com_err(program, gdss2et(status), "recomposing for user %s", login);
		    continue;
		}
		si.rawsig = NULL;
		status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
		if (fix && status == GDSS_E_BADSIG) {
		    com_err(program, 0, "fixing signature for %s", login);
		againagain:
		    status = GDSS_Sign(buf, strlen(buf), sigbuf);
		    if (status) {
			com_err(program, gdss2et(status), "signing data");
			continue;
		    }
		    si.rawsig = (unsigned char *) rawsig;
		    status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
		    if (status) {
			com_err(program, gdss2et(status), "verifying data");
			continue;
		    }
		    if (strlen(rawsig) > 68) {
			sleep(1);
			goto againagain;
		    }

		    timestamp = si.timestamp;
		    EXEC SQL UPDATE users 
		      SET signature = :rawsig, sigwho = :sms, sigdate = :timestamp
			WHERE login = :login;
		    if (sqlca.sqlcode != 0) {
			com_err(program, 0, "dbms error %d", sqlca.sqlcode);
			dest_tkt();
			exit(1);
		    }
		    EXEC SQL COMMIT WORK;
		} else if (status)
		  com_err(program, gdss2et(status), "verifying user %s", login);
		else {
		    com_err(program, 0, "signature verified %s", buf);
		    if (debug == 2) {
			hex_dump(sigbuf);
		    }
		}
		if (wait) {
		    printf("Next");
		    fflush(stdout);
		    gets(buf);
		}
	    }
	}
    }

    dest_tkt();
    exit(0);
}


hex_dump(p)
unsigned  char *p;
{
    printf("Size: %d\n", strlen(p));
    while (strlen(p) >= 8) {
	printf("%02x %02x %02x %02x %02x %02x %02x %02x\n",
		p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]);
	p += 8;
    }
    switch (strlen(p)) {
    case 7:
	printf("%02x %02x %02x %02x %02x %02x %02x\n",
		p[0], p[1], p[2], p[3], p[4], p[5], p[6]);
	break;
    case 6:
	printf("%02x %02x %02x %02x %02x %02x\n",
		p[0], p[1], p[2], p[3], p[4], p[5]);
	break;
    case 5:
	printf("%02x %02x %02x %02x %02x\n",
		p[0], p[1], p[2], p[3], p[4]);
	break;
    case 4:
	printf("%02x %02x %02x %02x\n",
		p[0], p[1], p[2], p[3]);
	break;
    case 3:
	printf("%02x %02x %02x\n",
		p[0], p[1], p[2]);
	break;
    case 2:
	printf("%02x %02x\n",
		p[0], p[1]);
	break;
    case 1:
	printf("%02x\n",
		p[0]);
	break;
    default:
	return;
    }
}
Commit	Line	Data
02cd9ede	1	/* $Header$
	2	*
	3	* This program will verify signatures on user records in the database.
	4	*/
	5
	6	#include <stdio.h>
9f5e5c05	7	#include <string.h>
02cd9ede	8	#include <ctype.h>
	9	#include <sys/time.h>
	10	#include <moira.h>
	11	#include <moira_site.h>
	12	#include <des.h>
	13	#include <krb.h>
ebacc4d8	14	#include <krb_err.h>
02cd9ede	15	#include <gdss.h>
8da3291e	16	EXEC SQL INCLUDE sqlca;
02cd9ede	17
	18
	19	char *program;
	20
	21	main(argc, argv)
	22	int argc;
	23	char **argv;
8da3291e	24	{
9f5e5c05	25	char buf[BUFSIZ], usercheck[100], sigbuf[256], data, *db="moira";
8da3291e	26	SigInfo si;
ebacc4d8	27	struct save_queue *sq;
8da3291e	28	int status, i, wait, check, debug, fix;
	29	EXEC SQL BEGIN DECLARE SECTION;
	30	char login[10], mid[32], rawsig[256], who[257];
9f5e5c05	31	EXEC SQL VAR rawsig IS STRING(256);
8da3291e	32	int id, timestamp, sms;
8da3291e	33	EXEC SQL END DECLARE SECTION;
02cd9ede	34
8da3291e	35	initialize_sms_error_table();
	36	initialize_krb_error_table();
	37	initialize_gdss_error_table();
02cd9ede	38
8da3291e	39	program = "sign";
8da3291e	40	check = debug = fix = 0;
02cd9ede	41
8da3291e	42	for (i = 1; i < argc; i++) {
02cd9ede	43	if (!strcmp(argv[i], "-w"))
	44	wait++;
	45	else if (!strcmp(argv[i], "-d"))
	46	debug++;
	47	else if (!strcmp(argv[i], "-D"))
	48	setenv("ING_SET", "set printqry");
8da3291e	49	else if (!strcmp(argv[i], "-fix"))
8da3291e	50	fix++;
02cd9ede	51	else if (argv[i][0] == '-')
8da3291e	52	fprintf(stderr, "Usage: %s [-w] [-D] [-fix]\n", argv[0]);
02cd9ede	53	else usercheck[check++] = argv[i];
	54	}
	55
9f5e5c05	56	EXEC SQL CONNECT :db IDENTIFIED BY :db;
8da3291e	57
	58	if (fix) {
	59	/* Set the name of our kerberos ticket file */
	60	krb_set_tkt_string("/tmp/tkt_sign");
	61	status = 1;
	62	while (status) {
	63	printf("Authenticating as moira.extra:\n");
	64	status = krb_get_pw_in_tkt("moira", "extra", "ATHENA.MIT.EDU",
	65	"krbtgt", "ATHENA.MIT.EDU",
	66	DEFAULT_TKT_LIFE, 0);
	67	if (status != 0)
	68	com_err(program, status + krb_err_base, " in krb_get_pw_in_tkt");
	69	}
ebacc4d8	70	com_err(program, 0, "authenticated OK");
02cd9ede	71
8da3291e	72	sms = 0;
	73	EXEC SQL SELECT string_id INTO :sms FROM strings
	74	WHERE string='moira.extra@ATHENA.MIT.EDU';
	75	if (sms == 0) {
	76	com_err(program, 0, " failed to find string moira.extra@ATHENA.MIT.EDU in database");
	77	dest_tkt();
	78	exit(1);
	79	}
ebacc4d8	80
ebacc4d8	81	sq = sq_create();
8da3291e	82	}
	83
	84	if (check == 0) {
	85	EXEC SQL DECLARE c CURSOR FOR
	86	SELECT login, clearid, signature, string, sigdate
	87	FROM users, strings
9f5e5c05	88	WHERE signature != CHR(0) and sigwho = string_id;
8da3291e	89	EXEC SQL OPEN c;
	90	while (1) {
	91	EXEC SQL FETCH c INTO :login, :mid, :rawsig, :who, :timestamp;
	92	if (sqlca.sqlcode != 0) break;
02cd9ede	93	sprintf(buf, "%s:%s", strtrim(login), strtrim(mid));
	94	si.timestamp = timestamp;
	95	si.SigInfoVersion = 0;
	96	kname_parse(si.pname, si.pinst, si.prealm, strtrim(who));
	97	si.rawsig = (unsigned char *) &rawsig[0];
	98	status = GDSS_Recompose(&si, sigbuf);
	99	if (status) {
8da3291e	100	com_err(program, gdss2et(status), "recomposing for user %s",
8da3291e	101	login);
02cd9ede	102	continue;
	103	}
	104	si.rawsig = NULL;
	105	status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
	106	if (status) {
	107	com_err(program, gdss2et(status), "verifying user %s", login);
	108	}
ebacc4d8	109	if (fix && status == GDSS_E_BADSIG) {
	110	sq_save_data(sq, strsave(buf));
	111	}
	112	if (wait) {
	113	printf("Next");
	114	fflush(stdout);
	115	gets(buf);
	116	}
	117	}
	118	if (fix) {
	119	while (sq_get_data(sq, &data)) {
	120	strncpy(login, data, 8);
9f5e5c05	121	if (strchr(login, ':'))
9f5e5c05	122	*strchr(login, ':') = 0;
8da3291e	123	again:
ebacc4d8	124	com_err(program, 0, "fixing sig for %s", login);
ebacc4d8	125	status = GDSS_Sign(data, strlen(data), sigbuf, &si);
8da3291e	126	if (status) {
	127	com_err(program, gdss2et(status), "signing data");
	128	continue;
	129	}
ebacc4d8	130	si.rawsig = (unsigned char *)rawsig;
ebacc4d8	131	status = GDSS_Verify(data, strlen(data), sigbuf, &si);
8da3291e	132	if (status) {
	133	com_err(program, gdss2et(status), "verifying data");
	134	continue;
	135	}
	136	if (strlen(rawsig) > 68) {
	137	sleep(1);
	138	goto again;
	139	}
	140
	141	timestamp = si.timestamp;
9f5e5c05	142	EXEC SQL UPDATE users
8da3291e	143	SET signature = :rawsig, sigwho = :sms, sigdate = :timestamp
	144	WHERE login = :login;
	145	if (sqlca.sqlcode != 0) {
9f5e5c05	146	com_err(program, 0, "dbms error %d", sqlca.sqlcode);
8da3291e	147	dest_tkt();
	148	exit(1);
	149	}
	150	EXEC SQL COMMIT WORK;
	151	}
8da3291e	152	}
02cd9ede	153	} else {
	154	for (i = check - 1; i >= 0; i--) {
	155	strcpy(login, usercheck[i]);
8da3291e	156	EXEC SQL DECLARE s CURSOR FOR
	157	SELECT clearid, signature, string, sigdate
	158	FROM users, strings
9f5e5c05	159	WHERE sigwho = string_id and login = :login;
8da3291e	160	EXEC SQL OPEN s;
	161	while (1) {
	162	EXEC SQL FETCH s INTO :mid, :rawsig, :who, :timestamp;
	163	if (sqlca.sqlcode != 0) break;
02cd9ede	164	sprintf(buf, "%s:%s", strtrim(login), strtrim(mid));
	165	if (debug) {
	166	printf("Verifying \"%s\"\n", buf);
	167	}
	168	si.timestamp = timestamp;
	169	si.SigInfoVersion = 0;
	170	kname_parse(si.pname, si.pinst, si.prealm, strtrim(who));
	171	si.rawsig = (unsigned char *) &rawsig[0];
	172	status = GDSS_Recompose(&si, sigbuf);
	173	if (status) {
	174	com_err(program, gdss2et(status), "recomposing for user %s", login);
	175	continue;
	176	}
	177	si.rawsig = NULL;
	178	status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
ebacc4d8	179	if (fix && status == GDSS_E_BADSIG) {
	180	com_err(program, 0, "fixing signature for %s", login);
	181	againagain:
	182	status = GDSS_Sign(buf, strlen(buf), sigbuf);
8da3291e	183	if (status) {
	184	com_err(program, gdss2et(status), "signing data");
	185	continue;
	186	}
ebacc4d8	187	si.rawsig = (unsigned char *) rawsig;
ebacc4d8	188	status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
8da3291e	189	if (status) {
	190	com_err(program, gdss2et(status), "verifying data");
	191	continue;
	192	}
	193	if (strlen(rawsig) > 68) {
	194	sleep(1);
ebacc4d8	195	goto againagain;
8da3291e	196	}
	197
	198	timestamp = si.timestamp;
9f5e5c05	199	EXEC SQL UPDATE users
8da3291e	200	SET signature = :rawsig, sigwho = :sms, sigdate = :timestamp
	201	WHERE login = :login;
	202	if (sqlca.sqlcode != 0) {
9f5e5c05	203	com_err(program, 0, "dbms error %d", sqlca.sqlcode);
8da3291e	204	dest_tkt();
	205	exit(1);
	206	}
	207	EXEC SQL COMMIT WORK;
ebacc4d8	208	} else if (status)
	209	com_err(program, gdss2et(status), "verifying user %s", login);
	210	else {
	211	com_err(program, 0, "signature verified %s", buf);
	212	if (debug == 2) {
	213	hex_dump(sigbuf);
	214	}
8da3291e	215	}
02cd9ede	216	if (wait) {
	217	printf("Next");
	218	fflush(stdout);
	219	gets(buf);
	220	}
8da3291e	221	}
02cd9ede	222	}
	223	}
	224
8da3291e	225	dest_tkt();
	226	exit(0);
	227	}
02cd9ede	228
	229
	230	hex_dump(p)
	231	unsigned char *p;
	232	{
	233	printf("Size: %d\n", strlen(p));
	234	while (strlen(p) >= 8) {
	235	printf("%02x %02x %02x %02x %02x %02x %02x %02x\n",
	236	p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]);
	237	p += 8;
	238	}
	239	switch (strlen(p)) {
	240	case 7:
	241	printf("%02x %02x %02x %02x %02x %02x %02x\n",
	242	p[0], p[1], p[2], p[3], p[4], p[5], p[6]);
	243	break;
	244	case 6:
	245	printf("%02x %02x %02x %02x %02x %02x\n",
	246	p[0], p[1], p[2], p[3], p[4], p[5]);
	247	break;
	248	case 5:
	249	printf("%02x %02x %02x %02x %02x\n",
	250	p[0], p[1], p[2], p[3], p[4]);
	251	break;
	252	case 4:
	253	printf("%02x %02x %02x %02x\n",
	254	p[0], p[1], p[2], p[3]);
	255	break;
	256	case 3:
	257	printf("%02x %02x %02x\n",
	258	p[0], p[1], p[2]);
	259	break;
	260	case 2:
	261	printf("%02x %02x\n",
	262	p[0], p[1]);
	263	break;
	264	case 1:
	265	printf("%02x\n",
	266	p[0]);
	267	break;
	268	default:
	269	return;
	270	}
	271	}