3 * This program will verify signatures on user records in the database.
11 #include <moira_site.h>
16 EXEC SQL INCLUDE sqlca;
25 char buf[BUFSIZ], *usercheck[100], sigbuf[256], *data, *db="moira";
27 struct save_queue *sq;
28 int status, i, wait, check, debug, fix;
29 EXEC SQL BEGIN DECLARE SECTION;
30 char login[10], mid[32], rawsig[256], who[257];
31 EXEC SQL VAR rawsig IS STRING(256);
32 int id, timestamp, sms;
33 EXEC SQL END DECLARE SECTION;
35 initialize_sms_error_table();
36 initialize_krb_error_table();
37 initialize_gdss_error_table();
40 check = debug = fix = 0;
42 for (i = 1; i < argc; i++) {
43 if (!strcmp(argv[i], "-w"))
45 else if (!strcmp(argv[i], "-d"))
47 else if (!strcmp(argv[i], "-D"))
48 setenv("ING_SET", "set printqry");
49 else if (!strcmp(argv[i], "-fix"))
51 else if (argv[i][0] == '-')
52 fprintf(stderr, "Usage: %s [-w] [-D] [-fix]\n", argv[0]);
53 else usercheck[check++] = argv[i];
56 EXEC SQL CONNECT :db IDENTIFIED BY :db;
59 /* Set the name of our kerberos ticket file */
60 krb_set_tkt_string("/tmp/tkt_sign");
63 printf("Authenticating as moira.extra:\n");
64 status = krb_get_pw_in_tkt("moira", "extra", "ATHENA.MIT.EDU",
65 "krbtgt", "ATHENA.MIT.EDU",
68 com_err(program, status + krb_err_base, " in krb_get_pw_in_tkt");
70 com_err(program, 0, "authenticated OK");
73 EXEC SQL SELECT string_id INTO :sms FROM strings
74 WHERE string='moira.extra@ATHENA.MIT.EDU';
76 com_err(program, 0, " failed to find string moira.extra@ATHENA.MIT.EDU in database");
85 EXEC SQL DECLARE c CURSOR FOR
86 SELECT login, clearid, signature, string, sigdate
88 WHERE signature != CHR(0) and sigwho = string_id;
91 EXEC SQL FETCH c INTO :login, :mid, :rawsig, :who, :timestamp;
92 if (sqlca.sqlcode != 0) break;
93 sprintf(buf, "%s:%s", strtrim(login), strtrim(mid));
94 si.timestamp = timestamp;
95 si.SigInfoVersion = 0;
96 kname_parse(si.pname, si.pinst, si.prealm, strtrim(who));
97 si.rawsig = (unsigned char *) &rawsig[0];
98 status = GDSS_Recompose(&si, sigbuf);
100 com_err(program, gdss2et(status), "recomposing for user %s",
105 status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
107 com_err(program, gdss2et(status), "verifying user %s", login);
109 if (fix && status == GDSS_E_BADSIG) {
110 sq_save_data(sq, strsave(buf));
119 while (sq_get_data(sq, &data)) {
120 strncpy(login, data, 8);
121 if (strchr(login, ':'))
122 *strchr(login, ':') = 0;
124 com_err(program, 0, "fixing sig for %s", login);
125 status = GDSS_Sign(data, strlen(data), sigbuf, &si);
127 com_err(program, gdss2et(status), "signing data");
130 si.rawsig = (unsigned char *)rawsig;
131 status = GDSS_Verify(data, strlen(data), sigbuf, &si);
133 com_err(program, gdss2et(status), "verifying data");
136 if (strlen(rawsig) > 68) {
141 timestamp = si.timestamp;
142 EXEC SQL UPDATE users
143 SET signature = :rawsig, sigwho = :sms, sigdate = :timestamp
144 WHERE login = :login;
145 if (sqlca.sqlcode != 0) {
146 com_err(program, 0, "dbms error %d", sqlca.sqlcode);
150 EXEC SQL COMMIT WORK;
154 for (i = check - 1; i >= 0; i--) {
155 strcpy(login, usercheck[i]);
156 EXEC SQL DECLARE s CURSOR FOR
157 SELECT clearid, signature, string, sigdate
159 WHERE sigwho = string_id and login = :login;
162 EXEC SQL FETCH s INTO :mid, :rawsig, :who, :timestamp;
163 if (sqlca.sqlcode != 0) break;
164 sprintf(buf, "%s:%s", strtrim(login), strtrim(mid));
166 printf("Verifying \"%s\"\n", buf);
168 si.timestamp = timestamp;
169 si.SigInfoVersion = 0;
170 kname_parse(si.pname, si.pinst, si.prealm, strtrim(who));
171 si.rawsig = (unsigned char *) &rawsig[0];
172 status = GDSS_Recompose(&si, sigbuf);
174 com_err(program, gdss2et(status), "recomposing for user %s", login);
178 status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
179 if (fix && status == GDSS_E_BADSIG) {
180 com_err(program, 0, "fixing signature for %s", login);
182 status = GDSS_Sign(buf, strlen(buf), sigbuf);
184 com_err(program, gdss2et(status), "signing data");
187 si.rawsig = (unsigned char *) rawsig;
188 status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
190 com_err(program, gdss2et(status), "verifying data");
193 if (strlen(rawsig) > 68) {
198 timestamp = si.timestamp;
199 EXEC SQL UPDATE users
200 SET signature = :rawsig, sigwho = :sms, sigdate = :timestamp
201 WHERE login = :login;
202 if (sqlca.sqlcode != 0) {
203 com_err(program, 0, "dbms error %d", sqlca.sqlcode);
207 EXEC SQL COMMIT WORK;
209 com_err(program, gdss2et(status), "verifying user %s", login);
211 com_err(program, 0, "signature verified %s", buf);
233 printf("Size: %d\n", strlen(p));
234 while (strlen(p) >= 8) {
235 printf("%02x %02x %02x %02x %02x %02x %02x %02x\n",
236 p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]);
241 printf("%02x %02x %02x %02x %02x %02x %02x\n",
242 p[0], p[1], p[2], p[3], p[4], p[5], p[6]);
245 printf("%02x %02x %02x %02x %02x %02x\n",
246 p[0], p[1], p[2], p[3], p[4], p[5]);
249 printf("%02x %02x %02x %02x %02x\n",
250 p[0], p[1], p[2], p[3], p[4]);
253 printf("%02x %02x %02x %02x\n",
254 p[0], p[1], p[2], p[3]);
257 printf("%02x %02x %02x\n",
261 printf("%02x %02x\n",