High uids are now fair game for everyone, always.

[moira.git] / regtape / sign.pc

/* $Id$
 *
 * This program will bulk sign user records in the database.
 *
 * Copyright (C) 1992-1998 by the Massachusetts Institute of Technology
 * For copying and distribution information, please see the file
 * <mit-copyright.h>.
 */

#include <mit-copyright.h>
#include <moira.h>
#include <moira_site.h>
#include <moira_schema.h>

#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

#include <krb.h>
#include <gdss.h>

EXEC SQL INCLUDE sqlca;

RCSID("$Header$");

char *program;

int main(int argc, char **argv)
{
  char buf[BUFSIZ], *data, *p;
  struct save_queue *sq;
  SigInfo si;
  int found, status, i, wait;
  EXEC SQL BEGIN DECLARE SECTION;
  char login[USERS_LOGIN_SIZE], mid[USERS_CLEARID_SIZE];
  char rawsig[512], *db = "moira";
  int id, timestamp, sms;
  EXEC SQL END DECLARE SECTION;

  program = "sign";
  init_krb_err_tbl();
  init_sms_err_tbl();
  initialize_gdss_error_table();

  for (i = 1; i < argc; i++)
    {
      if (!strcmp(argv[i], "-w"))
        wait++;
      else
        fprintf(stderr, "Usage: %s [-w] [-D]\n", argv[0]);
    }

  /* Set the name of our kerberos ticket file */
  krb_set_tkt_string("/tmp/tkt_sign");
  status = 1;
  while (status)
    {
      printf("Authenticating as moira.extra:\n");
      status = krb_get_pw_in_tkt("moira", "extra", "ATHENA.MIT.EDU",
                                 "krbtgt", "ATHENA.MIT.EDU",
                                 DEFAULT_TKT_LIFE, 0);
      if (status)
        com_err(program, status + krb_err_base, " in krb_get_pw_in_tkt");
    }

  EXEC SQL CONNECT :db IDENTIFIED BY :db;
  if (sqlca.sqlcode)
    {
      com_err(program, 0, "dbms error %d", sqlca.sqlcode);
      exit(1);
    }

  sms = 0;
  EXEC SQL SELECT string_id INTO :sms FROM strings
    WHERE string = 'moira.extra@ATHENA.MIT.EDU';
  if (sms == 0)
    {
      com_err(program, 0, " failed to find string moira.extra@ATHENA.MIT.EDU "
              "in database");
      dest_tkt();
      exit(1);
    }

  found = 0;
  sq = sq_create();

  EXEC SQL DECLARE c CURSOR FOR
    SELECT users_id, login, clearid
    FROM users WHERE signature = CHR(0);
  if (sqlca.sqlcode)
    {
      com_err(program, 0, "dbms error %d", sqlca.sqlcode);
      exit(1);
    }
  EXEC SQL OPEN c;
  if (sqlca.sqlcode)
    {
      com_err(program, 0, "dbms error %d", sqlca.sqlcode);
      exit(1);
    }
  while (1)
    {
      EXEC SQL FETCH c INTO :id, :login, :mid;
      if (sqlca.sqlcode)
        break;
      if (login[0] == '#' || !isdigit(mid[0]))
        continue;
      sprintf(buf, "%d:%s:%s", id, strtrim(login), strtrim(mid));
      sq_save_data(sq, strdup(buf));
      found++;
    }
  EXEC SQL CLOSE c;
  EXEC SQL COMMIT WORK;
  printf("Found %d users to sign.\n", found);

  si.rawsig = (unsigned char *) &rawsig[0];

  while (sq_get_data(sq, &data))
    {
      p = strchr(data, ':');
      if (!p)
        {
          com_err(program, 0, " malformatted data");
          continue;
        }
      *p++ = '\0';
      id = atoi(data);
      data = p;
    again:
      status = GDSS_Sign(data, strlen(data), buf);
      if (status)
        {
          com_err(program, gdss2et(status), "signing data");
          continue;
        }
      status = GDSS_Verify(data, strlen(data), buf, &si);
      if (status)
        {
          com_err(program, gdss2et(status), "verifying data");
          continue;
        }
      if (strlen(rawsig) > 68)
        {
          sleep(1);
          goto again;
        }

      timestamp = si.timestamp;
      EXEC SQL UPDATE users
        SET signature = :rawsig, sigwho = :sms, sigdate = :timestamp
        WHERE users_id = :id;
      if (sqlca.sqlcode)
        {
          com_err(program, 0, "dbms error %d", sqlca.sqlcode);
          exit(1);
        }
      EXEC SQL COMMIT WORK;
      if (wait)
        {
          printf("Next");
          fflush(stdout);
          gets(buf);
        }
    }
  dest_tkt();
  exit(0);
}