[moira.git] / regtape / verify.dc

/* $Header$
 *
 * This program will verify signatures on user records in the database.
 */

#include <stdio.h>
#include <strings.h>
#include <ctype.h>
#include <sys/time.h>
#include <moira.h>
#include <moira_site.h>
#include <des.h>
#include <krb.h>
#include <krb_err.h>
#include <gdss.h>
EXEC SQL INCLUDE sqlca;


char *program;

main(argc, argv)
int argc;
char **argv;
{
    char buf[BUFSIZ], *usercheck[100], sigbuf[256], *data;
    SigInfo si;
    struct save_queue *sq;
    int status, i, wait, check, debug, fix;
    EXEC SQL BEGIN DECLARE SECTION;
    char login[10], mid[32], rawsig[256], who[257];
    int id, timestamp, sms;
    EXEC SQL END DECLARE SECTION;

    initialize_sms_error_table();
    initialize_krb_error_table();
    initialize_gdss_error_table();

    program = "sign";
    check = debug = fix = 0;

    for (i = 1; i < argc; i++) {
	if (!strcmp(argv[i], "-w"))
	  wait++;
	else if (!strcmp(argv[i], "-d"))
	  debug++;
	else if (!strcmp(argv[i], "-D"))
	  setenv("ING_SET", "set printqry");
	else if (!strcmp(argv[i], "-fix"))
	  fix++;
	else if (argv[i][0] == '-')
	  fprintf(stderr, "Usage: %s [-w] [-D] [-fix]\n", argv[0]);
	else usercheck[check++] = argv[i];
    }

    EXEC SQL CONNECT moira;

    if (fix) {
	/* Set the name of our kerberos ticket file */
	krb_set_tkt_string("/tmp/tkt_sign");
	status = 1;
	while (status) {
	    printf("Authenticating as moira.extra:\n");
	    status = krb_get_pw_in_tkt("moira", "extra", "ATHENA.MIT.EDU",
				       "krbtgt", "ATHENA.MIT.EDU",
				       DEFAULT_TKT_LIFE, 0);
	    if (status != 0)
	      com_err(program, status + krb_err_base, " in krb_get_pw_in_tkt");
	}
	com_err(program, 0, "authenticated OK");

	sms = 0;
	EXEC SQL SELECT string_id INTO :sms FROM strings 
	  WHERE string='moira.extra@ATHENA.MIT.EDU';
	if (sms == 0) {
	    com_err(program, 0, " failed to find string moira.extra@ATHENA.MIT.EDU in database");
	    dest_tkt();
	    exit(1);
	}

	sq = sq_create();
    }

    if (check == 0) {
	EXEC SQL DECLARE c CURSOR FOR
	  SELECT login, clearid, signature, string, sigdate
	  FROM users, strings
	  WHERE signature != '' and sigwho = string_id;
	EXEC SQL OPEN c;
	while (1) {
	    EXEC SQL FETCH c INTO :login, :mid, :rawsig, :who, :timestamp;
	    if (sqlca.sqlcode != 0) break;
	    sprintf(buf, "%s:%s", strtrim(login), strtrim(mid));
	    si.timestamp = timestamp;
	    si.SigInfoVersion = 0;
	    kname_parse(si.pname, si.pinst, si.prealm, strtrim(who));
	    si.rawsig = (unsigned char *) &rawsig[0];
	    status = GDSS_Recompose(&si, sigbuf);
	    if (status) {
		com_err(program, gdss2et(status), "recomposing for user %s",
			login);
		continue;
	    }
	    si.rawsig = NULL;
	    status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
	    if (status) {
		com_err(program, gdss2et(status), "verifying user %s", login);
	    }
	    if (fix && status == GDSS_E_BADSIG) {
		sq_save_data(sq, strsave(buf));
	    }
	    if (wait) {
		printf("Next");
		fflush(stdout);
		gets(buf);
	    }
	}
	if (fix) {
	    while (sq_get_data(sq, &data)) {
		strncpy(login, data, 8);
		if (index(login, ':'))
		  *index(login, ':') = 0;
	    again:
		com_err(program, 0, "fixing sig for %s", login);
		status = GDSS_Sign(data, strlen(data), sigbuf, &si);
		if (status) {
		    com_err(program, gdss2et(status), "signing data");
		    continue;
		}
		si.rawsig = (unsigned char *)rawsig;
		status = GDSS_Verify(data, strlen(data), sigbuf, &si);
		if (status) {
		    com_err(program, gdss2et(status), "verifying data");
		    continue;
		}
		if (strlen(rawsig) > 68) {
		    sleep(1);
		    goto again;
		}

		timestamp = si.timestamp;
		EXEC SQL REPEATED UPDATE users 
		  SET signature = :rawsig, sigwho = :sms, sigdate = :timestamp
		    WHERE login = :login;
		if (sqlca.sqlcode != 0) {
		    com_err(program, 0, "ingres error %d", sqlca.sqlcode);
		    dest_tkt();
		    exit(1);
		}
		EXEC SQL COMMIT WORK;
	    }
	}
    } else {
	for (i = check - 1; i >= 0; i--) {
	    strcpy(login, usercheck[i]);
	    EXEC SQL DECLARE s CURSOR FOR
	      SELECT clearid, signature, string, sigdate
	      FROM users, strings
	      WHERE signature != '' and sigwho = string_id and login = :login;
	    EXEC SQL OPEN s;
	    while (1) {
		EXEC SQL FETCH s INTO :mid, :rawsig, :who, :timestamp;
		if (sqlca.sqlcode != 0) break;
		sprintf(buf, "%s:%s", strtrim(login), strtrim(mid));
		if (debug) {
		    printf("Verifying \"%s\"\n", buf);
		}
		si.timestamp = timestamp;
		si.SigInfoVersion = 0;
		kname_parse(si.pname, si.pinst, si.prealm, strtrim(who));
		si.rawsig = (unsigned char *) &rawsig[0];
		status = GDSS_Recompose(&si, sigbuf);
		if (status) {
		    com_err(program, gdss2et(status), "recomposing for user %s", login);
		    continue;
		}
		si.rawsig = NULL;
		status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
		if (fix && status == GDSS_E_BADSIG) {
		    com_err(program, 0, "fixing signature for %s", login);
		againagain:
		    status = GDSS_Sign(buf, strlen(buf), sigbuf);
		    if (status) {
			com_err(program, gdss2et(status), "signing data");
			continue;
		    }
		    si.rawsig = (unsigned char *) rawsig;
		    status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
		    if (status) {
			com_err(program, gdss2et(status), "verifying data");
			continue;
		    }
		    if (strlen(rawsig) > 68) {
			sleep(1);
			goto againagain;
		    }

		    timestamp = si.timestamp;
		    EXEC SQL REPEATED UPDATE users 
		      SET signature = :rawsig, sigwho = :sms, sigdate = :timestamp
			WHERE login = :login;
		    if (sqlca.sqlcode != 0) {
			com_err(program, 0, "ingres error %d", sqlca.sqlcode);
			dest_tkt();
			exit(1);
		    }
		    EXEC SQL COMMIT WORK;
		} else if (status)
		  com_err(program, gdss2et(status), "verifying user %s", login);
		else {
		    com_err(program, 0, "signature verified %s", buf);
		    if (debug == 2) {
			hex_dump(sigbuf);
		    }
		}
		if (wait) {
		    printf("Next");
		    fflush(stdout);
		    gets(buf);
		}
	    }
	}
    }

    dest_tkt();
    exit(0);
}


hex_dump(p)
unsigned  char *p;
{
    printf("Size: %d\n", strlen(p));
    while (strlen(p) >= 8) {
	printf("%02x %02x %02x %02x %02x %02x %02x %02x\n",
		p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]);
	p += 8;
    }
    switch (strlen(p)) {
    case 7:
	printf("%02x %02x %02x %02x %02x %02x %02x\n",
		p[0], p[1], p[2], p[3], p[4], p[5], p[6]);
	break;
    case 6:
	printf("%02x %02x %02x %02x %02x %02x\n",
		p[0], p[1], p[2], p[3], p[4], p[5]);
	break;
    case 5:
	printf("%02x %02x %02x %02x %02x\n",
		p[0], p[1], p[2], p[3], p[4]);
	break;
    case 4:
	printf("%02x %02x %02x %02x\n",
		p[0], p[1], p[2], p[3]);
	break;
    case 3:
	printf("%02x %02x %02x\n",
		p[0], p[1], p[2]);
	break;
    case 2:
	printf("%02x %02x\n",
		p[0], p[1]);
	break;
    case 1:
	printf("%02x\n",
		p[0]);
	break;
    default:
	return;
    }
}
Commit	Line	Data
02cd9ede	1	/* $Header$
	2	*
	3	* This program will verify signatures on user records in the database.
	4	*/
	5
	6	#include <stdio.h>
	7	#include <strings.h>
	8	#include <ctype.h>
	9	#include <sys/time.h>
	10	#include <moira.h>
	11	#include <moira_site.h>
	12	#include <des.h>
	13	#include <krb.h>
ebacc4d8	14	#include <krb_err.h>
02cd9ede	15	#include <gdss.h>
8da3291e	16	EXEC SQL INCLUDE sqlca;
02cd9ede	17
	18
	19	char *program;
	20
	21	main(argc, argv)
	22	int argc;
	23	char **argv;
8da3291e	24	{
ebacc4d8	25	char buf[BUFSIZ], usercheck[100], sigbuf[256], data;
8da3291e	26	SigInfo si;
ebacc4d8	27	struct save_queue *sq;
8da3291e	28	int status, i, wait, check, debug, fix;
	29	EXEC SQL BEGIN DECLARE SECTION;
	30	char login[10], mid[32], rawsig[256], who[257];
	31	int id, timestamp, sms;
	32	EXEC SQL END DECLARE SECTION;
02cd9ede	33
8da3291e	34	initialize_sms_error_table();
	35	initialize_krb_error_table();
	36	initialize_gdss_error_table();
02cd9ede	37
8da3291e	38	program = "sign";
8da3291e	39	check = debug = fix = 0;
02cd9ede	40
8da3291e	41	for (i = 1; i < argc; i++) {
02cd9ede	42	if (!strcmp(argv[i], "-w"))
	43	wait++;
	44	else if (!strcmp(argv[i], "-d"))
	45	debug++;
	46	else if (!strcmp(argv[i], "-D"))
	47	setenv("ING_SET", "set printqry");
8da3291e	48	else if (!strcmp(argv[i], "-fix"))
8da3291e	49	fix++;
02cd9ede	50	else if (argv[i][0] == '-')
8da3291e	51	fprintf(stderr, "Usage: %s [-w] [-D] [-fix]\n", argv[0]);
02cd9ede	52	else usercheck[check++] = argv[i];
	53	}
	54
8da3291e	55	EXEC SQL CONNECT moira;
	56
	57	if (fix) {
	58	/* Set the name of our kerberos ticket file */
	59	krb_set_tkt_string("/tmp/tkt_sign");
	60	status = 1;
	61	while (status) {
	62	printf("Authenticating as moira.extra:\n");
	63	status = krb_get_pw_in_tkt("moira", "extra", "ATHENA.MIT.EDU",
	64	"krbtgt", "ATHENA.MIT.EDU",
	65	DEFAULT_TKT_LIFE, 0);
	66	if (status != 0)
	67	com_err(program, status + krb_err_base, " in krb_get_pw_in_tkt");
	68	}
ebacc4d8	69	com_err(program, 0, "authenticated OK");
02cd9ede	70
8da3291e	71	sms = 0;
	72	EXEC SQL SELECT string_id INTO :sms FROM strings
	73	WHERE string='moira.extra@ATHENA.MIT.EDU';
	74	if (sms == 0) {
	75	com_err(program, 0, " failed to find string moira.extra@ATHENA.MIT.EDU in database");
	76	dest_tkt();
	77	exit(1);
	78	}
ebacc4d8	79
ebacc4d8	80	sq = sq_create();
8da3291e	81	}
	82
	83	if (check == 0) {
	84	EXEC SQL DECLARE c CURSOR FOR
	85	SELECT login, clearid, signature, string, sigdate
	86	FROM users, strings
	87	WHERE signature != '' and sigwho = string_id;
	88	EXEC SQL OPEN c;
	89	while (1) {
	90	EXEC SQL FETCH c INTO :login, :mid, :rawsig, :who, :timestamp;
	91	if (sqlca.sqlcode != 0) break;
02cd9ede	92	sprintf(buf, "%s:%s", strtrim(login), strtrim(mid));
	93	si.timestamp = timestamp;
	94	si.SigInfoVersion = 0;
	95	kname_parse(si.pname, si.pinst, si.prealm, strtrim(who));
	96	si.rawsig = (unsigned char *) &rawsig[0];
	97	status = GDSS_Recompose(&si, sigbuf);
	98	if (status) {
8da3291e	99	com_err(program, gdss2et(status), "recomposing for user %s",
8da3291e	100	login);
02cd9ede	101	continue;
	102	}
	103	si.rawsig = NULL;
	104	status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
	105	if (status) {
	106	com_err(program, gdss2et(status), "verifying user %s", login);
	107	}
ebacc4d8	108	if (fix && status == GDSS_E_BADSIG) {
	109	sq_save_data(sq, strsave(buf));
	110	}
	111	if (wait) {
	112	printf("Next");
	113	fflush(stdout);
	114	gets(buf);
	115	}
	116	}
	117	if (fix) {
	118	while (sq_get_data(sq, &data)) {
	119	strncpy(login, data, 8);
	120	if (index(login, ':'))
	121	*index(login, ':') = 0;
8da3291e	122	again:
ebacc4d8	123	com_err(program, 0, "fixing sig for %s", login);
ebacc4d8	124	status = GDSS_Sign(data, strlen(data), sigbuf, &si);
8da3291e	125	if (status) {
	126	com_err(program, gdss2et(status), "signing data");
	127	continue;
	128	}
ebacc4d8	129	si.rawsig = (unsigned char *)rawsig;
ebacc4d8	130	status = GDSS_Verify(data, strlen(data), sigbuf, &si);
8da3291e	131	if (status) {
	132	com_err(program, gdss2et(status), "verifying data");
	133	continue;
	134	}
	135	if (strlen(rawsig) > 68) {
	136	sleep(1);
	137	goto again;
	138	}
	139
	140	timestamp = si.timestamp;
	141	EXEC SQL REPEATED UPDATE users
	142	SET signature = :rawsig, sigwho = :sms, sigdate = :timestamp
	143	WHERE login = :login;
	144	if (sqlca.sqlcode != 0) {
	145	com_err(program, 0, "ingres error %d", sqlca.sqlcode);
	146	dest_tkt();
	147	exit(1);
	148	}
	149	EXEC SQL COMMIT WORK;
	150	}
8da3291e	151	}
02cd9ede	152	} else {
	153	for (i = check - 1; i >= 0; i--) {
	154	strcpy(login, usercheck[i]);
8da3291e	155	EXEC SQL DECLARE s CURSOR FOR
	156	SELECT clearid, signature, string, sigdate
	157	FROM users, strings
	158	WHERE signature != '' and sigwho = string_id and login = :login;
	159	EXEC SQL OPEN s;
	160	while (1) {
	161	EXEC SQL FETCH s INTO :mid, :rawsig, :who, :timestamp;
	162	if (sqlca.sqlcode != 0) break;
02cd9ede	163	sprintf(buf, "%s:%s", strtrim(login), strtrim(mid));
	164	if (debug) {
	165	printf("Verifying \"%s\"\n", buf);
	166	}
	167	si.timestamp = timestamp;
	168	si.SigInfoVersion = 0;
	169	kname_parse(si.pname, si.pinst, si.prealm, strtrim(who));
	170	si.rawsig = (unsigned char *) &rawsig[0];
	171	status = GDSS_Recompose(&si, sigbuf);
	172	if (status) {
	173	com_err(program, gdss2et(status), "recomposing for user %s", login);
	174	continue;
	175	}
	176	si.rawsig = NULL;
	177	status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
ebacc4d8	178	if (fix && status == GDSS_E_BADSIG) {
	179	com_err(program, 0, "fixing signature for %s", login);
	180	againagain:
	181	status = GDSS_Sign(buf, strlen(buf), sigbuf);
8da3291e	182	if (status) {
	183	com_err(program, gdss2et(status), "signing data");
	184	continue;
	185	}
ebacc4d8	186	si.rawsig = (unsigned char *) rawsig;
ebacc4d8	187	status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
8da3291e	188	if (status) {
	189	com_err(program, gdss2et(status), "verifying data");
	190	continue;
	191	}
	192	if (strlen(rawsig) > 68) {
	193	sleep(1);
ebacc4d8	194	goto againagain;
8da3291e	195	}
	196
	197	timestamp = si.timestamp;
	198	EXEC SQL REPEATED UPDATE users
	199	SET signature = :rawsig, sigwho = :sms, sigdate = :timestamp
	200	WHERE login = :login;
	201	if (sqlca.sqlcode != 0) {
	202	com_err(program, 0, "ingres error %d", sqlca.sqlcode);
	203	dest_tkt();
	204	exit(1);
	205	}
	206	EXEC SQL COMMIT WORK;
ebacc4d8	207	} else if (status)
	208	com_err(program, gdss2et(status), "verifying user %s", login);
	209	else {
	210	com_err(program, 0, "signature verified %s", buf);
	211	if (debug == 2) {
	212	hex_dump(sigbuf);
	213	}
8da3291e	214	}
02cd9ede	215	if (wait) {
	216	printf("Next");
	217	fflush(stdout);
	218	gets(buf);
	219	}
8da3291e	220	}
02cd9ede	221	}
	222	}
	223
8da3291e	224	dest_tkt();
	225	exit(0);
	226	}
02cd9ede	227
	228
	229	hex_dump(p)
	230	unsigned char *p;
	231	{
	232	printf("Size: %d\n", strlen(p));
	233	while (strlen(p) >= 8) {
	234	printf("%02x %02x %02x %02x %02x %02x %02x %02x\n",
	235	p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]);
	236	p += 8;
	237	}
	238	switch (strlen(p)) {
	239	case 7:
	240	printf("%02x %02x %02x %02x %02x %02x %02x\n",
	241	p[0], p[1], p[2], p[3], p[4], p[5], p[6]);
	242	break;
	243	case 6:
	244	printf("%02x %02x %02x %02x %02x %02x\n",
	245	p[0], p[1], p[2], p[3], p[4], p[5]);
	246	break;
	247	case 5:
	248	printf("%02x %02x %02x %02x %02x\n",
	249	p[0], p[1], p[2], p[3], p[4]);
	250	break;
	251	case 4:
	252	printf("%02x %02x %02x %02x\n",
	253	p[0], p[1], p[2], p[3]);
	254	break;
	255	case 3:
	256	printf("%02x %02x %02x\n",
	257	p[0], p[1], p[2]);
	258	break;
	259	case 2:
	260	printf("%02x %02x\n",
	261	p[0], p[1]);
	262	break;
	263	case 1:
	264	printf("%02x\n",
	265	p[0]);
	266	break;
	267	default:
	268	return;
	269	}
	270	}