3 * This program will verify signatures on user records in the database.
11 #include <moira_site.h>
16 EXEC SQL INCLUDE sqlca;
25 char buf[BUFSIZ], *usercheck[100], sigbuf[256], *data;
27 struct save_queue *sq;
28 int status, i, wait, check, debug, fix;
29 EXEC SQL BEGIN DECLARE SECTION;
30 char login[10], mid[32], rawsig[256], who[257];
31 int id, timestamp, sms;
32 EXEC SQL END DECLARE SECTION;
34 initialize_sms_error_table();
35 initialize_krb_error_table();
36 initialize_gdss_error_table();
39 check = debug = fix = 0;
41 for (i = 1; i < argc; i++) {
42 if (!strcmp(argv[i], "-w"))
44 else if (!strcmp(argv[i], "-d"))
46 else if (!strcmp(argv[i], "-D"))
47 setenv("ING_SET", "set printqry");
48 else if (!strcmp(argv[i], "-fix"))
50 else if (argv[i][0] == '-')
51 fprintf(stderr, "Usage: %s [-w] [-D] [-fix]\n", argv[0]);
52 else usercheck[check++] = argv[i];
55 EXEC SQL CONNECT moira;
58 /* Set the name of our kerberos ticket file */
59 krb_set_tkt_string("/tmp/tkt_sign");
62 printf("Authenticating as moira.extra:\n");
63 status = krb_get_pw_in_tkt("moira", "extra", "ATHENA.MIT.EDU",
64 "krbtgt", "ATHENA.MIT.EDU",
67 com_err(program, status + krb_err_base, " in krb_get_pw_in_tkt");
69 com_err(program, 0, "authenticated OK");
72 EXEC SQL SELECT string_id INTO :sms FROM strings
73 WHERE string='moira.extra@ATHENA.MIT.EDU';
75 com_err(program, 0, " failed to find string moira.extra@ATHENA.MIT.EDU in database");
84 EXEC SQL DECLARE c CURSOR FOR
85 SELECT login, clearid, signature, string, sigdate
87 WHERE signature != '' and sigwho = string_id;
90 EXEC SQL FETCH c INTO :login, :mid, :rawsig, :who, :timestamp;
91 if (sqlca.sqlcode != 0) break;
92 sprintf(buf, "%s:%s", strtrim(login), strtrim(mid));
93 si.timestamp = timestamp;
94 si.SigInfoVersion = 0;
95 kname_parse(si.pname, si.pinst, si.prealm, strtrim(who));
96 si.rawsig = (unsigned char *) &rawsig[0];
97 status = GDSS_Recompose(&si, sigbuf);
99 com_err(program, gdss2et(status), "recomposing for user %s",
104 status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
106 com_err(program, gdss2et(status), "verifying user %s", login);
108 if (fix && status == GDSS_E_BADSIG) {
109 sq_save_data(sq, strsave(buf));
118 while (sq_get_data(sq, &data)) {
119 strncpy(login, data, 8);
120 if (index(login, ':'))
121 *index(login, ':') = 0;
123 com_err(program, 0, "fixing sig for %s", login);
124 status = GDSS_Sign(data, strlen(data), sigbuf, &si);
126 com_err(program, gdss2et(status), "signing data");
129 si.rawsig = (unsigned char *)rawsig;
130 status = GDSS_Verify(data, strlen(data), sigbuf, &si);
132 com_err(program, gdss2et(status), "verifying data");
135 if (strlen(rawsig) > 68) {
140 timestamp = si.timestamp;
141 EXEC SQL REPEATED UPDATE users
142 SET signature = :rawsig, sigwho = :sms, sigdate = :timestamp
143 WHERE login = :login;
144 if (sqlca.sqlcode != 0) {
145 com_err(program, 0, "ingres error %d", sqlca.sqlcode);
149 EXEC SQL COMMIT WORK;
153 for (i = check - 1; i >= 0; i--) {
154 strcpy(login, usercheck[i]);
155 EXEC SQL DECLARE s CURSOR FOR
156 SELECT clearid, signature, string, sigdate
158 WHERE signature != '' and sigwho = string_id and login = :login;
161 EXEC SQL FETCH s INTO :mid, :rawsig, :who, :timestamp;
162 if (sqlca.sqlcode != 0) break;
163 sprintf(buf, "%s:%s", strtrim(login), strtrim(mid));
165 printf("Verifying \"%s\"\n", buf);
167 si.timestamp = timestamp;
168 si.SigInfoVersion = 0;
169 kname_parse(si.pname, si.pinst, si.prealm, strtrim(who));
170 si.rawsig = (unsigned char *) &rawsig[0];
171 status = GDSS_Recompose(&si, sigbuf);
173 com_err(program, gdss2et(status), "recomposing for user %s", login);
177 status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
178 if (fix && status == GDSS_E_BADSIG) {
179 com_err(program, 0, "fixing signature for %s", login);
181 status = GDSS_Sign(buf, strlen(buf), sigbuf);
183 com_err(program, gdss2et(status), "signing data");
186 si.rawsig = (unsigned char *) rawsig;
187 status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
189 com_err(program, gdss2et(status), "verifying data");
192 if (strlen(rawsig) > 68) {
197 timestamp = si.timestamp;
198 EXEC SQL REPEATED UPDATE users
199 SET signature = :rawsig, sigwho = :sms, sigdate = :timestamp
200 WHERE login = :login;
201 if (sqlca.sqlcode != 0) {
202 com_err(program, 0, "ingres error %d", sqlca.sqlcode);
206 EXEC SQL COMMIT WORK;
208 com_err(program, gdss2et(status), "verifying user %s", login);
210 com_err(program, 0, "signature verified %s", buf);
232 printf("Size: %d\n", strlen(p));
233 while (strlen(p) >= 8) {
234 printf("%02x %02x %02x %02x %02x %02x %02x %02x\n",
235 p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]);
240 printf("%02x %02x %02x %02x %02x %02x %02x\n",
241 p[0], p[1], p[2], p[3], p[4], p[5], p[6]);
244 printf("%02x %02x %02x %02x %02x %02x\n",
245 p[0], p[1], p[2], p[3], p[4], p[5]);
248 printf("%02x %02x %02x %02x %02x\n",
249 p[0], p[1], p[2], p[3], p[4]);
252 printf("%02x %02x %02x %02x\n",
253 p[0], p[1], p[2], p[3]);
256 printf("%02x %02x %02x\n",
260 printf("%02x %02x\n",