X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=ud-gpgimport;h=866563c7131db9a6983549467bf241afc70ff17d;hb=d1ad8523f8e88bf96d9c515da8c8c451a3089bea;hp=de79b71f56805f027f6ae75125aa3808686009e9;hpb=db36cbb61b95f316e9f9bc0d89aea2d3bef3dc54;p=mirror%2Fuserdir-ldap.git diff --git a/ud-gpgimport b/ud-gpgimport index de79b71..866563c 100755 --- a/ud-gpgimport +++ b/ud-gpgimport @@ -1,5 +1,24 @@ #!/usr/bin/env python # -*- mode: python -*- + +# Copyright (c) 1999-2000 Jason Gunthorpe +# Copyright (c) 2004 Joey Schulze +# Copyright (c) 2008, 2009, 2010 Peter Palfrader +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + # This script tries to match key fingerprints from a keyring with user # name in a directory. When an unassigned key is found a heuristic match # against the keys given cn/sn and the directory is performed to try to get @@ -14,7 +33,7 @@ # in the directory but not in the key ring will be removed from the # directory. -import string, re, time, ldap, getopt, sys, pwd, os; +import re, time, ldap, getopt, sys, pwd, os; from userdir_ldap import *; from userdir_gpg import *; @@ -32,7 +51,7 @@ def LoadOverride(File): if Line == "": break; Split = re.split("[:\n]",Line); - UnknownMap[Split[0]] = string.strip(Split[1]); + UnknownMap[Split[0]] = Split[1].strip() # Process options AdminUser = pwd.getpwuid(os.getuid())[0]; @@ -44,41 +63,36 @@ for (switch, val) in options: LoadOverride(val); elif (switch == '-a'): NoAct = 0; -if len(arguments) == 0: - print "Give some keyrings to probe"; - sys.exit(0); + # Main program starts here # Connect to the ldap server -l = ldap.open(LDAPServer); if NoAct == 0: - print "Accessing LDAP directory as '" + AdminUser + "'"; - Password = getpass(AdminUser + "'s password: "); - UserDn = "uid=" + AdminUser + "," + BaseDn; - l.simple_bind_s(UserDn,Password); + l = passwdAccessLDAP(BaseDn, AdminUser) else: + l = connectLDAP() l.simple_bind_s("",""); # Download the existing key list and put it into a map print "Fetching key list..", sys.stdout.flush(); -Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"keyfingerprint=*",["keyfingerprint","uid"]); +Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"keyFingerPrint=*",["keyFingerPrint","uid"]); KeyMap = {}; KeyCount = {}; for x in Attrs: try: # Sense a bad fingerprint.. Slapd has problems, it will store a null # value that ldapsearch doesn't show up.. detect and remove - if len(x[1]["keyfingerprint"]) == 0 or x[1]["keyfingerprint"][0] == "": + if len(x[1]["keyFingerPrint"]) == 0 or x[1]["keyFingerPrint"][0] == "": print; print "Fixing bad fingerprint for",x[1]["uid"][0], sys.stdout.flush(); if NoAct == 0: l.modify_s("uid="+x[1]["uid"][0]+","+BaseDn,\ - [(ldap.MOD_DELETE,"keyfingerprint",None)]); + [(ldap.MOD_DELETE,"keyFingerPrint",None)]); else: - for I in x[1]["keyfingerprint"]: + for I in x[1]["keyFingerPrint"]: KeyMap[I] = [x[1]["uid"][0],0]; if KeyCount.has_key(x[1]["uid"][0]): KeyCount[x[1]["uid"][0]] = KeyCount[x[1]["uid"][0]] + 1; @@ -90,15 +104,17 @@ Attrs = None; print; # Popen GPG with the correct magic special options -Args = [GPGPath] + GPGBasicOptions; +ClearKeyrings() +if len(arguments) == 0: + print "Using default keyrings: %s"%ConfModule.add_keyrings; + SetKeyrings(ConfModule.add_keyrings.split(":")) for x in arguments: - Args.append("--keyring"); - if string.find(x,"/") == -1: - Args.append("./"+x); - else: - Args.append(x); -Args = Args + GPGSearchOptions + [" 2> /dev/null"] -Keys = os.popen(string.join(Args," "),"r"); + if x.find("/") == -1: + x= "./"+x + SetKeyrings( [x] ) + +Args = [GPGPath] + GPGBasicOptions + GPGKeyRings + GPGSearchOptions + [" 2> /dev/null"] +Keys = os.popen(" ".join(Args),"r"); # Loop over the GPG key file Outstanding = 0; @@ -109,7 +125,7 @@ while(1): if Line == "": break; - Split = string.split(Line,":"); + Split = Line.split(":") if len(Split) < 8 or Split[0] != "pub": continue; @@ -117,7 +133,7 @@ while(1): Line2 = Keys.readline(); if Line2 == "": break; - Split2 = string.split(Line2,":"); + Split2 = Line2.split(":"); if len(Split2) < 11 or Split2[0] != "fpr": continue; break; @@ -125,7 +141,7 @@ while(1): break; if SeenKeys.has_key(Split2[9]): - print "Dup key 0x",Split2[9],"belonging to",KeyMap[Split2[9]][0]; + print "Dup key ",Split2[9],"belonging to",KeyMap[Split2[9]][0]; continue; SeenKeys[Split2[9]] = None; @@ -140,13 +156,13 @@ while(1): print "None for",SplitEmail(Split[9]),"'%s'"%(Split[9]); if UID[1] != None: for x in UID[1]: print x; - print "MISSING 0x" + Split2[9]; + print "MISSING " + Split2[9]; continue; UID = UID[0] - Rec = [(ldap.MOD_ADD,"keyfingerprint",Split2[9])]; + Rec = [(ldap.MOD_ADD,"keyFingerPrint",Split2[9])]; Dn = "uid=" + UID + "," + BaseDn; - print "Adding key 0x"+Split2[9],"to",UID; + print "Adding key "+Split2[9],"to",UID; if KeyCount.has_key(UID): KeyCount[UID] = KeyCount[UID] + 1; else: @@ -172,12 +188,12 @@ print Ignored,"keys already in the directory (ignored)"; # Look for unmatched keys for x in KeyMap.keys(): if KeyMap[x][1] == 0: - print "key 0x%s belonging to %s removed"%(x,KeyMap[x][0]); + print "key %s belonging to %s removed"%(x,KeyMap[x][0]); if KeyCount.has_key(KeyMap[x][0]) : KeyCount[KeyMap[x][0]] = KeyCount[KeyMap[x][0]] - 1 if KeyCount[KeyMap[x][0]] <= 0: print "**",KeyMap[x][0],"no longer has any keys"; if NoAct == 0: l.modify_s("uid="+KeyMap[x][0]+","+BaseDn,\ - [(ldap.MOD_DELETE,"keyfingerprint",x)]); + [(ldap.MOD_DELETE,"keyFingerPrint",x)]);