change *PK* to !, and fully implement it. remove obsolete/broken ud-killcrypt

[mirror/userdir-ldap.git] / userdir_gpg.py

diff --git a/userdir_gpg.py b/userdir_gpg.py
index 455ba3f..ab192c7 100644 (file)
--- a/userdir_gpg.py
+++ b/userdir_gpg.py
@@ -27,7 +27,7 @@
 #    pgp2 encrypting mode.
 
 import string, mimetools, multifile, sys, StringIO, os, tempfile, re;
-import rfc822, time, fcntl, FCNTL, anydbm
+import rfc822, time, fcntl, anydbm
 
 # General GPG options
 GPGPath = "gpg"
@@ -368,12 +368,12 @@ def GPGCheckSig(Message):
             Why = "Unable to verify signature, signing key missing.";
 
         # Expired signature
-        if Split[1] == "SIGEXPIRED":
+        if Split[1] == "SIGEXPIRED" or Split[1] == "EXPSIG":
            GoodSig = 0;
             Why = "Signature has expired";
            
         # Revoked key
-        if Split[1] == "KEYREVOKED":
+        if Split[1] == "KEYREVOKED" or Split[1] == "REVKEYSIG":
            GoodSig = 0;
             Why = "Signing key has been revoked";
 
@@ -389,7 +389,11 @@ def GPGCheckSig(Message):
 
          # ValidSig has the key finger print
         if Split[1] == "VALIDSIG":
-           KeyFinger = Split[2];
+           # Use the fingerprint of the primary key when available
+           if len(Split) >= 12:
+               KeyFinger = Split[11];
+            else:
+              KeyFinger = Split[2];
 
       # Reopen the stream as a readable stream
       Text = Res[2].read();
@@ -485,7 +489,7 @@ def TemplateSubst(Map,Template):
 class ReplayCache:
    def __init__(self,Database):
       self.Lock = open(Database + ".lock","w",0600);
-      fcntl.flock(self.Lock.fileno(),FCNTL.LOCK_EX);
+      fcntl.flock(self.Lock.fileno(),fcntl.LOCK_EX);
       self.DB = anydbm.open(Database,"c",0600);
       self.CleanCutOff = CleanCutOff;
       self.AgeCutOff = AgeCutOff;