3 * This program will verify signatures on user records in the database.
11 #include <moira_site.h>
16 EXEC SQL INCLUDE sqlca;
21 int main(int argc, char **argv)
23 char buf[BUFSIZ], *usercheck[100], sigbuf[256], *data, *db = "moira";
25 struct save_queue *sq;
26 int status, i, wait, check, debug, fix;
27 EXEC SQL BEGIN DECLARE SECTION;
28 char login[10], mid[32], rawsig[256], who[257];
29 EXEC SQL VAR rawsig IS STRING(256);
30 int id, timestamp, sms;
31 EXEC SQL END DECLARE SECTION;
33 initialize_sms_error_table();
34 initialize_krb_error_table();
35 initialize_gdss_error_table();
38 check = debug = fix = 0;
40 for (i = 1; i < argc; i++)
42 if (!strcmp(argv[i], "-w"))
44 else if (!strcmp(argv[i], "-d"))
46 else if (!strcmp(argv[i], "-D"))
47 setenv("ING_SET", "set printqry");
48 else if (!strcmp(argv[i], "-fix"))
50 else if (argv[i][0] == '-')
51 fprintf(stderr, "Usage: %s [-w] [-D] [-fix]\n", argv[0]);
52 else usercheck[check++] = argv[i];
55 EXEC SQL CONNECT :db IDENTIFIED BY :db;
59 /* Set the name of our kerberos ticket file */
60 krb_set_tkt_string("/tmp/tkt_sign");
64 printf("Authenticating as moira.extra:\n");
65 status = krb_get_pw_in_tkt("moira", "extra", "ATHENA.MIT.EDU",
66 "krbtgt", "ATHENA.MIT.EDU",
69 com_err(program, status + krb_err_base, " in krb_get_pw_in_tkt");
71 com_err(program, 0, "authenticated OK");
74 EXEC SQL SELECT string_id INTO :sms FROM strings
75 WHERE string = 'moira.extra@ATHENA.MIT.EDU';
78 com_err(program, 0, " failed to find string "
79 "moira.extra@ATHENA.MIT.EDU in database");
89 EXEC SQL DECLARE c CURSOR FOR
90 SELECT login, clearid, signature, string, sigdate
92 WHERE signature != CHR(0) and sigwho = string_id;
96 EXEC SQL FETCH c INTO :login, :mid, :rawsig, :who, :timestamp;
99 sprintf(buf, "%s:%s", strtrim(login), strtrim(mid));
100 si.timestamp = timestamp;
101 si.SigInfoVersion = 0;
102 kname_parse(si.pname, si.pinst, si.prealm, strtrim(who));
103 si.rawsig = (unsigned char *) &rawsig[0];
104 status = GDSS_Recompose(&si, sigbuf);
107 com_err(program, gdss2et(status), "recomposing for user %s",
112 status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
114 com_err(program, gdss2et(status), "verifying user %s", login);
115 if (fix && status == GDSS_E_BADSIG)
116 sq_save_data(sq, strsave(buf));
126 while (sq_get_data(sq, &data))
128 strncpy(login, data, 8);
129 if (strchr(login, ':'))
130 *strchr(login, ':') = '\0';
132 com_err(program, 0, "fixing sig for %s", login);
133 status = GDSS_Sign(data, strlen(data), sigbuf, &si);
136 com_err(program, gdss2et(status), "signing data");
139 si.rawsig = (unsigned char *)rawsig;
140 status = GDSS_Verify(data, strlen(data), sigbuf, &si);
143 com_err(program, gdss2et(status), "verifying data");
146 if (strlen(rawsig) > 68)
152 timestamp = si.timestamp;
153 EXEC SQL UPDATE users
154 SET signature = :rawsig, sigwho = :sms, sigdate = :timestamp
155 WHERE login = :login;
158 com_err(program, 0, "dbms error %d", sqlca.sqlcode);
162 EXEC SQL COMMIT WORK;
168 for (i = check - 1; i >= 0; i--)
170 strcpy(login, usercheck[i]);
171 EXEC SQL DECLARE s CURSOR FOR
172 SELECT clearid, signature, string, sigdate
174 WHERE sigwho = string_id and login = :login;
178 EXEC SQL FETCH s INTO :mid, :rawsig, :who, :timestamp;
181 sprintf(buf, "%s:%s", strtrim(login), strtrim(mid));
183 printf("Verifying \"%s\"\n", buf);
184 si.timestamp = timestamp;
185 si.SigInfoVersion = 0;
186 kname_parse(si.pname, si.pinst, si.prealm, strtrim(who));
187 si.rawsig = (unsigned char *) &rawsig[0];
188 status = GDSS_Recompose(&si, sigbuf);
191 com_err(program, gdss2et(status), "recomposing for user %s",
196 status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
197 if (fix && status == GDSS_E_BADSIG)
199 com_err(program, 0, "fixing signature for %s", login);
201 status = GDSS_Sign(buf, strlen(buf), sigbuf);
204 com_err(program, gdss2et(status), "signing data");
207 si.rawsig = (unsigned char *) rawsig;
208 status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
211 com_err(program, gdss2et(status), "verifying data");
214 if (strlen(rawsig) > 68)
220 timestamp = si.timestamp;
221 EXEC SQL UPDATE users
222 SET signature = :rawsig, sigwho = :sms,
224 WHERE login = :login;
225 if (sqlca.sqlcode != 0)
227 com_err(program, 0, "dbms error %d", sqlca.sqlcode);
231 EXEC SQL COMMIT WORK;
234 com_err(program, gdss2et(status), "verifying user %s", login);
237 com_err(program, 0, "signature verified %s", buf);
256 hex_dump(unsigned char *p)
258 printf("Size: %d\n", strlen(p));
259 while (strlen(p) >= 8)
261 printf("%02x %02x %02x %02x %02x %02x %02x %02x\n",
262 p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]);
268 printf("%02x %02x %02x %02x %02x %02x %02x\n",
269 p[0], p[1], p[2], p[3], p[4], p[5], p[6]);
272 printf("%02x %02x %02x %02x %02x %02x\n",
273 p[0], p[1], p[2], p[3], p[4], p[5]);
276 printf("%02x %02x %02x %02x %02x\n",
277 p[0], p[1], p[2], p[3], p[4]);
280 printf("%02x %02x %02x %02x\n",
281 p[0], p[1], p[2], p[3]);
284 printf("%02x %02x %02x\n",
288 printf("%02x %02x\n",