X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=userdir_gpg.py;h=b181abed8242b30f01d2e7ec5be279911d368bfe;hb=2525bf73603cb6487cfcea096e2dc347ad360394;hp=82e9ed949664955036f6c42a53b33dbbdc135778;hpb=c50d88536a4feb3087d1aa802e110250cb2861fc;p=mirror%2Fuserdir-ldap.git

diff --git a/userdir_gpg.py b/userdir_gpg.py
index 82e9ed9..b181abe 100644
--- a/userdir_gpg.py
+++ b/userdir_gpg.py
@@ -19,8 +19,7 @@ import rfc822, time, fcntl, FCNTL, anydbm
 GPGPath = "gpg"
 GPGBasicOptions = ["--no-options","--batch","--load-extension","rsa",\
           "--no-default-keyring","--always-trust"];
-GPGKeyRings = ["--keyring","/usr/share/keyrings/debian-keyring.pgp",\
-               "--keyring","/usr/share/keyrings/debian-keyring.gpg"];
+GPGKeyRings = [];
 GPGSigOptions = ["--output","-"];
 GPGSearchOptions = ["--dry-run","--with-colons","--fingerprint"];
 GPGEncryptOptions = ["--output","-","--quiet","--always-trust",\
@@ -34,6 +33,12 @@ CleanCutOff = 7*24*60*60;
 AgeCutOff = 4*24*60*60;
 FutureCutOff = 3*24*60*60;
 
+# Set the keyrings, the input is a list of keyrings
+def SetKeyrings(Rings):
+   for x in Rings:
+      GPGKeyRings.append("--keyring");
+      GPGKeyRings.append(x);	       
+
 # GetClearSig takes an un-seekable email message stream (mimetools.Message) 
 # and returns a standard PGP '---BEGIN PGP SIGNED MESSAGE---' bounded 
 # clear signed text.
@@ -83,7 +88,12 @@ def GetClearSig(Msg):
 
       # Append the PGP boundary header and the signature text to re-form the
       # original signed block [needs to convert to \r\n]
-      Output = "-----BEGIN PGP SIGNED MESSAGE-----\r\n\r\n" + Signed.getvalue() + Signature;
+      Output = "-----BEGIN PGP SIGNED MESSAGE-----\r\n";
+      # Semi-evil hack to get the proper hash type inserted in the message
+      if Msg.getparam('micalg') != None:
+          Output = Output + "Hash: %s\r\n"%(string.upper(Msg.getparam('micalg')[4:]));
+      Output = Output + "\r\n";
+      Output = Output +  string.replace(Signed.getvalue(),"\n---","\n- ---") + Signature;
       return (Output,1);
    else:
       # Just return the message body
@@ -264,16 +274,22 @@ def GPGCheckSig(Message):
             Why = "Verification of signature failed";
 
 	 # Bad signature response
-	 if Split[1] == "ERRSIG" or Split[1] == "NO_PUBKEY":
+	 if Split[1] == "ERRSIG":
 	    GoodSig = 0;
 	    KeyID = Split[2];
-	    if Split[7] == '9':
+            if len(Split) <= 7:
+               Why = "GPG error, ERRSIG status tag is invalid";
+            elif Split[7] == '9':
                Why = "Unable to verify signature, signing key missing.";
             elif Split[7] == '4':
                Why = "Unable to verify signature, unknown packet format/key type";
 	    else:   
                Why = "Unable to verify signature, unknown reason";
 
+         if Split[1] == "NO_PUBKEY":
+	    GoodSig = 0;
+            Why = "Unable to verify signature, signing key missing.";
+
 	 # Expired signature
 	 if Split[1] == "SIGEXPIRED":
 	    GoodSig = 0;
@@ -331,6 +347,7 @@ def GPGKeySearch(SearchCriteria):
    Result = [];
    Owner = "";
    KeyID = "";
+   Hits = {};
    try:
       Strm = os.popen(string.join(Args," "),"r");
       
@@ -349,6 +366,9 @@ def GPGKeySearch(SearchCriteria):
 
          # Output the key
          if Split[0] == 'fpr':
+            if Hits.has_key(Split[9]):
+               continue;
+            Hits[Split[9]] = None;
             Result.append( (KeyID,Split[9],Owner,Length) );
    finally:
       if Strm != None: