3 * This program will verify signatures on user records in the database.
5 * Copyright (C) 1993-1998 by the Massachusetts Institute of Technology
6 * For copying and distribution information, please see the file
10 #include <mit-copyright.h>
12 #include <moira_site.h>
22 EXEC SQL INCLUDE sqlca;
26 void hex_dump(unsigned char *p);
30 int main(int argc, char **argv)
32 char buf[BUFSIZ], *usercheck[100], sigbuf[256], *data, *db = "moira";
34 struct save_queue *sq;
35 int status, i, wait, check, debug, fix;
36 EXEC SQL BEGIN DECLARE SECTION;
37 char login[10], mid[32], rawsig[256], who[257];
38 EXEC SQL VAR rawsig IS STRING(256);
40 EXEC SQL END DECLARE SECTION;
42 initialize_sms_error_table();
43 initialize_krb_error_table();
44 initialize_gdss_error_table();
47 check = debug = fix = 0;
49 for (i = 1; i < argc; i++)
51 if (!strcmp(argv[i], "-w"))
53 else if (!strcmp(argv[i], "-d"))
55 else if (!strcmp(argv[i], "-fix"))
57 else if (argv[i][0] == '-')
58 fprintf(stderr, "Usage: %s [-w] [-D] [-fix]\n", argv[0]);
59 else usercheck[check++] = argv[i];
62 EXEC SQL CONNECT :db IDENTIFIED BY :db;
66 /* Set the name of our kerberos ticket file */
67 krb_set_tkt_string("/tmp/tkt_sign");
71 printf("Authenticating as moira.extra:\n");
72 status = krb_get_pw_in_tkt("moira", "extra", "ATHENA.MIT.EDU",
73 "krbtgt", "ATHENA.MIT.EDU",
76 com_err(program, status + krb_err_base, " in krb_get_pw_in_tkt");
78 com_err(program, 0, "authenticated OK");
81 EXEC SQL SELECT string_id INTO :sms FROM strings
82 WHERE string = 'moira.extra@ATHENA.MIT.EDU';
85 com_err(program, 0, " failed to find string "
86 "moira.extra@ATHENA.MIT.EDU in database");
96 EXEC SQL DECLARE c CURSOR FOR
97 SELECT login, clearid, signature, string, sigdate
99 WHERE signature != CHR(0) and sigwho = string_id;
103 EXEC SQL FETCH c INTO :login, :mid, :rawsig, :who, :timestamp;
106 sprintf(buf, "%s:%s", strtrim(login), strtrim(mid));
107 si.timestamp = timestamp;
108 si.SigInfoVersion = 0;
109 kname_parse(si.pname, si.pinst, si.prealm, strtrim(who));
110 si.rawsig = (unsigned char *) &rawsig[0];
111 status = GDSS_Recompose(&si, sigbuf);
114 com_err(program, gdss2et(status), "recomposing for user %s",
119 status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
121 com_err(program, gdss2et(status), "verifying user %s", login);
122 if (fix && status == GDSS_E_BADSIG)
123 sq_save_data(sq, strdup(buf));
133 while (sq_get_data(sq, &data))
135 strncpy(login, data, 8);
136 if (strchr(login, ':'))
137 *strchr(login, ':') = '\0';
139 com_err(program, 0, "fixing sig for %s", login);
140 status = GDSS_Sign(data, strlen(data), sigbuf);
143 com_err(program, gdss2et(status), "signing data");
146 si.rawsig = (unsigned char *)rawsig;
147 status = GDSS_Verify(data, strlen(data), sigbuf, &si);
150 com_err(program, gdss2et(status), "verifying data");
153 if (strlen(rawsig) > 68)
159 timestamp = si.timestamp;
160 EXEC SQL UPDATE users
161 SET signature = :rawsig, sigwho = :sms, sigdate = :timestamp
162 WHERE login = :login;
165 com_err(program, 0, "dbms error %d", sqlca.sqlcode);
169 EXEC SQL COMMIT WORK;
175 for (i = check - 1; i >= 0; i--)
177 strcpy(login, usercheck[i]);
178 EXEC SQL DECLARE s CURSOR FOR
179 SELECT clearid, signature, string, sigdate
181 WHERE sigwho = string_id and login = :login;
185 EXEC SQL FETCH s INTO :mid, :rawsig, :who, :timestamp;
188 sprintf(buf, "%s:%s", strtrim(login), strtrim(mid));
190 printf("Verifying \"%s\"\n", buf);
191 si.timestamp = timestamp;
192 si.SigInfoVersion = 0;
193 kname_parse(si.pname, si.pinst, si.prealm, strtrim(who));
194 si.rawsig = (unsigned char *) &rawsig[0];
195 status = GDSS_Recompose(&si, sigbuf);
198 com_err(program, gdss2et(status), "recomposing for user %s",
203 status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
204 if (fix && status == GDSS_E_BADSIG)
206 com_err(program, 0, "fixing signature for %s", login);
208 status = GDSS_Sign(buf, strlen(buf), sigbuf);
211 com_err(program, gdss2et(status), "signing data");
214 si.rawsig = (unsigned char *) rawsig;
215 status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
218 com_err(program, gdss2et(status), "verifying data");
221 if (strlen(rawsig) > 68)
227 timestamp = si.timestamp;
228 EXEC SQL UPDATE users
229 SET signature = :rawsig, sigwho = :sms,
231 WHERE login = :login;
232 if (sqlca.sqlcode != 0)
234 com_err(program, 0, "dbms error %d", sqlca.sqlcode);
238 EXEC SQL COMMIT WORK;
241 com_err(program, gdss2et(status), "verifying user %s", login);
244 com_err(program, 0, "signature verified %s", buf);
263 void hex_dump(unsigned char *p)
265 printf("Size: %d\n", strlen(p));
266 while (strlen(p) >= 8)
268 printf("%02x %02x %02x %02x %02x %02x %02x %02x\n",
269 p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]);
275 printf("%02x %02x %02x %02x %02x %02x %02x\n",
276 p[0], p[1], p[2], p[3], p[4], p[5], p[6]);
279 printf("%02x %02x %02x %02x %02x %02x\n",
280 p[0], p[1], p[2], p[3], p[4], p[5]);
283 printf("%02x %02x %02x %02x %02x\n",
284 p[0], p[1], p[2], p[3], p[4]);
287 printf("%02x %02x %02x %02x\n",
288 p[0], p[1], p[2], p[3]);
291 printf("%02x %02x %02x\n",
295 printf("%02x %02x\n",