3 # This script tries to match key fingerprints from a keyring with user
4 # name in a directory. When an unassigned key is found a heuristic match
5 # against the keys given cn/sn and the directory is performed to try to get
6 # a matching. Generally this works about 90% of the time, matching is fairly
7 # strict. In the event a non-match a fuzzy sounds-alike search is performed
8 # and the results printed to aide the user.
10 # GPG is automatically invoked with the correct magic special options,
11 # pass the names of all the valid key rings on the command line.
13 # The output report will list what actions were taken. Keys that are present
14 # in the directory but not in the key ring will be removed from the
17 import string, re, time, ldap, getopt, sys, pwd, os;
18 from userdir_ldap import *;
19 from userdir_gpg import *;
21 # This map deals with people who put the wrong sort of stuff in their pgp
26 # Read the override file into the unknown map. The override file is a list
27 # of colon delimited entires mapping PGP email addresess to local users
28 def LoadOverride(File):
29 List = open(File,"r");
31 Line = List.readline();
34 Split = re.split("[:\n]",Line);
35 UnknownMap[Split[0]] = string.strip(Split[1]);
38 AdminUser = pwd.getpwuid(os.getuid())[0];
39 (options, arguments) = getopt.getopt(sys.argv[1:], "au:m:n")
40 for (switch, val) in options:
43 elif (switch == '-m'):
45 elif (switch == '-a'):
47 if len(arguments) == 0:
48 print "Give some keyrings to probe";
51 # Main program starts here
53 # Connect to the ldap server
54 l = ldap.open(LDAPServer);
56 print "Accessing LDAP directory as '" + AdminUser + "'";
57 Password = getpass(AdminUser + "'s password: ");
58 UserDn = "uid=" + AdminUser + "," + BaseDn;
59 l.simple_bind_s(UserDn,Password);
61 l.simple_bind_s("","");
63 # Download the existing key list and put it into a map
64 print "Fetching key list..",
66 Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"keyfingerprint=*",["keyfingerprint","uid"]);
71 # Sense a bad fingerprint.. Slapd has problems, it will store a null
72 # value that ldapsearch doesn't show up.. detect and remove
73 if len(x[1]["keyfingerprint"]) == 0 or x[1]["keyfingerprint"][0] == "":
75 print "Fixing bad fingerprint for",x[1]["uid"][0],
78 l.modify_s("uid="+x[1]["uid"][0]+","+BaseDn,\
79 [(ldap.MOD_DELETE,"keyfingerprint",None)]);
81 for I in x[1]["keyfingerprint"]:
82 KeyMap[I] = [x[1]["uid"][0],0];
83 if KeyCount.has_key(x[1]["uid"][0]):
84 KeyCount[x[1]["uid"][0]] = KeyCount[x[1]["uid"][0]] + 1;
86 KeyCount[x[1]["uid"][0]] = 1;
92 # Popen GPG with the correct magic special options
93 Args = [GPGPath] + GPGBasicOptions;
95 Args.append("--keyring");
96 if string.find(x,"/") == -1:
100 Args = Args + GPGSearchOptions + [" 2> /dev/null"]
101 Keys = os.popen(string.join(Args," "),"r");
103 # Loop over the GPG key file
108 Line = Keys.readline();
112 Split = string.split(Line,":");
113 if len(Split) < 8 or Split[0] != "pub":
117 Line2 = Keys.readline();
120 Split2 = string.split(Line2,":");
121 if len(Split2) < 11 or Split2[0] != "fpr":
127 if SeenKeys.has_key(Split2[9]):
128 print "Dup key 0x",Split2[9],"belonging to",KeyMap[Split2[9]][0];
130 SeenKeys[Split2[9]] = None;
132 if KeyMap.has_key(Split2[9]):
133 Ignored = Ignored + 1;
134 # print "Ignoring keyID",Split2[9],"belonging to",KeyMap[Split2[9]][0];
135 KeyMap[Split2[9]][1] = 1;
138 UID = GetUID(l,SplitEmail(Split[9]),UnknownMap);
140 print "None for",SplitEmail(Split[9]),"'%s'"%(Split[9]);
142 for x in UID[1]: print x;
143 print "MISSING 0x" + Split2[9];
147 Rec = [(ldap.MOD_ADD,"keyfingerprint",Split2[9])];
148 Dn = "uid=" + UID + "," + BaseDn;
149 print "Adding key 0x"+Split2[9],"to",UID;
150 if KeyCount.has_key(UID):
151 KeyCount[UID] = KeyCount[UID] + 1;
158 # Send the modify request
160 Outstanding = Outstanding + 1;
161 Outstanding = FlushOutstanding(l,Outstanding,1);
165 FlushOutstanding(l,Outstanding);
167 if Keys.close() != None:
168 raise "Error","GPG failed"
170 print Ignored,"keys already in the directory (ignored)";
172 # Look for unmatched keys
173 for x in KeyMap.keys():
174 if KeyMap[x][1] == 0:
175 print "key 0x%s belonging to %s removed"%(x,KeyMap[x][0]);
176 if KeyCount.has_key(KeyMap[x][0]) :
177 KeyCount[KeyMap[x][0]] = KeyCount[KeyMap[x][0]] - 1
178 if KeyCount[KeyMap[x][0]] <= 0:
179 print "**",KeyMap[x][0],"no longer has any keys";
181 l.modify_s("uid="+KeyMap[x][0]+","+BaseDn,\
182 [(ldap.MOD_DELETE,"keyfingerprint",x)]);