#include <moira_site.h>
#include <des.h>
#include <krb.h>
+#include <krb_err.h>
#include <gdss.h>
EXEC SQL INCLUDE sqlca;
int argc;
char **argv;
{
- char buf[BUFSIZ], *usercheck[100], sigbuf[256];
+ char buf[BUFSIZ], *usercheck[100], sigbuf[256], *data;
SigInfo si;
- int status, i, wait, check, debug;
+ struct save_queue *sq;
+ int status, i, wait, check, debug, fix;
EXEC SQL BEGIN DECLARE SECTION;
char login[10], mid[32], rawsig[256], who[257];
- int id, timestamp;
+ int id, timestamp, sms;
EXEC SQL END DECLARE SECTION;
initialize_sms_error_table();
initialize_gdss_error_table();
program = "sign";
- check = debug = 0;
+ check = debug = fix = 0;
for (i = 1; i < argc; i++) {
if (!strcmp(argv[i], "-w"))
debug++;
else if (!strcmp(argv[i], "-D"))
setenv("ING_SET", "set printqry");
+ else if (!strcmp(argv[i], "-fix"))
+ fix++;
else if (argv[i][0] == '-')
- fprintf(stderr, "Usage: %s [-w] [-D]\n", argv[0]);
+ fprintf(stderr, "Usage: %s [-w] [-D] [-fix]\n", argv[0]);
else usercheck[check++] = argv[i];
}
EXEC SQL CONNECT moira;
+ if (fix) {
+ /* Set the name of our kerberos ticket file */
+ krb_set_tkt_string("/tmp/tkt_sign");
+ status = 1;
+ while (status) {
+ printf("Authenticating as moira.extra:\n");
+ status = krb_get_pw_in_tkt("moira", "extra", "ATHENA.MIT.EDU",
+ "krbtgt", "ATHENA.MIT.EDU",
+ DEFAULT_TKT_LIFE, 0);
+ if (status != 0)
+ com_err(program, status + krb_err_base, " in krb_get_pw_in_tkt");
+ }
+ com_err(program, 0, "authenticated OK");
+
+ sms = 0;
+ EXEC SQL SELECT string_id INTO :sms FROM strings
+ WHERE string='moira.extra@ATHENA.MIT.EDU';
+ if (sms == 0) {
+ com_err(program, 0, " failed to find string moira.extra@ATHENA.MIT.EDU in database");
+ dest_tkt();
+ exit(1);
+ }
+
+ sq = sq_create();
+ }
+
if (check == 0) {
EXEC SQL DECLARE c CURSOR FOR
SELECT login, clearid, signature, string, sigdate
if (status) {
com_err(program, gdss2et(status), "verifying user %s", login);
}
+ if (fix && status == GDSS_E_BADSIG) {
+ sq_save_data(sq, strsave(buf));
+ }
if (wait) {
printf("Next");
fflush(stdout);
gets(buf);
}
}
+ if (fix) {
+ while (sq_get_data(sq, &data)) {
+ strncpy(login, data, 8);
+ if (index(login, ':'))
+ *index(login, ':') = 0;
+ again:
+ com_err(program, 0, "fixing sig for %s", login);
+ status = GDSS_Sign(data, strlen(data), sigbuf, &si);
+ if (status) {
+ com_err(program, gdss2et(status), "signing data");
+ continue;
+ }
+ si.rawsig = (unsigned char *)rawsig;
+ status = GDSS_Verify(data, strlen(data), sigbuf, &si);
+ if (status) {
+ com_err(program, gdss2et(status), "verifying data");
+ continue;
+ }
+ if (strlen(rawsig) > 68) {
+ sleep(1);
+ goto again;
+ }
+
+ timestamp = si.timestamp;
+ EXEC SQL REPEATED UPDATE users
+ SET signature = :rawsig, sigwho = :sms, sigdate = :timestamp
+ WHERE login = :login;
+ if (sqlca.sqlcode != 0) {
+ com_err(program, 0, "ingres error %d", sqlca.sqlcode);
+ dest_tkt();
+ exit(1);
+ }
+ EXEC SQL COMMIT WORK;
+ }
+ }
} else {
for (i = check - 1; i >= 0; i--) {
strcpy(login, usercheck[i]);
}
si.rawsig = NULL;
status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
- if (status)
+ if (fix && status == GDSS_E_BADSIG) {
+ com_err(program, 0, "fixing signature for %s", login);
+ againagain:
+ status = GDSS_Sign(buf, strlen(buf), sigbuf);
+ if (status) {
+ com_err(program, gdss2et(status), "signing data");
+ continue;
+ }
+ si.rawsig = (unsigned char *) rawsig;
+ status = GDSS_Verify(buf, strlen(buf), sigbuf, &si);
+ if (status) {
+ com_err(program, gdss2et(status), "verifying data");
+ continue;
+ }
+ if (strlen(rawsig) > 68) {
+ sleep(1);
+ goto againagain;
+ }
+
+ timestamp = si.timestamp;
+ EXEC SQL REPEATED UPDATE users
+ SET signature = :rawsig, sigwho = :sms, sigdate = :timestamp
+ WHERE login = :login;
+ if (sqlca.sqlcode != 0) {
+ com_err(program, 0, "ingres error %d", sqlca.sqlcode);
+ dest_tkt();
+ exit(1);
+ }
+ EXEC SQL COMMIT WORK;
+ } else if (status)
com_err(program, gdss2et(status), "verifying user %s", login);
else {
com_err(program, 0, "signature verified %s", buf);
}
}
- exit(0);
+ dest_tkt();
+ exit(0);
}
andersk / moira.git / blobdiff