X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=userdir_gpg.py;h=c70b5c16d4fe117e1399f5ba52d5a368536b3de9;hb=587a54ab542cce47d8594d17a615913479177dda;hp=b84a76d8fda2524aecac95d283a4caae2449e330;hpb=b00b7eec003232f689b194f8d2ab7d03c74cc78d;p=mirror%2Fuserdir-ldap.git diff --git a/userdir_gpg.py b/userdir_gpg.py index b84a76d..c70b5c1 100644 --- a/userdir_gpg.py +++ b/userdir_gpg.py @@ -43,7 +43,8 @@ GPGBasicOptions = [ "--always-trust"]; GPGKeyRings = []; GPGSigOptions = ["--output","-"]; -GPGSearchOptions = ["--dry-run","--with-colons","--fingerprint"]; +GPGSearchOptions = ["--dry-run","--with-colons","--fingerprint",\ + "--fingerprint", "--fixed-list-mode"]; GPGEncryptOptions = ["--output","-","--quiet","--always-trust",\ "--armor","--encrypt"]; GPGEncryptPGP2Options = ["--set-filename","","--rfc1991",\ @@ -108,10 +109,10 @@ def GetClearSig(Msg, Paranoid = 0, lax_multipart = False): (Signed, Signature) = payloads - if Signed.get_content_type() != "text/plain": - raise UDFormatError, "Invalid pgp/mime encoding [wrong plaintext type]"; + if Signed.get_content_type() != "text/plain" and not lax_multipart: + raise UDFormatError, "Invalid pgp/mime encoding for first part[wrong plaintext type]"; if Signature.get_content_type() != "application/pgp-signature": - raise UDFormatError, "Invalid pgp/mime encoding [wrong signature type]"; + raise UDFormatError, "Invalid pgp/mime encoding for second part [wrong signature type]"; # Append the PGP boundary header and the signature text to re-form the # original signed block [needs to convert to \r\n] @@ -453,47 +454,75 @@ class GPGCheckSig2: def GPGKeySearch(SearchCriteria): Args = [GPGPath] + GPGBasicOptions + GPGKeyRings + GPGSearchOptions + \ [SearchCriteria," 2> /dev/null"] - Strm = None; - Result = []; - Owner = ""; - KeyID = ""; + Strm = None + Result = [] + Validity = None + Length = 0 + KeyID = "" Capabilities = "" - Expired = None; - Hits = {}; + Fingerprint = "" + Owner = "" + Hits = {} dir = os.path.expanduser("~/.gnupg") if not os.path.isdir(dir): os.mkdir(dir, 0700) try: + # The GPG output will contain zero or more stanza, one stanza per match found. + # Each stanza consists of the following records, in order: + # tru : trust database information + # pub : primary key from which we extract + # field 1 - Validity + # field 2 - Length + # field 4 - KeyID + # field 11 - Capabilities + # fpr : fingerprint of primary key from which we extract + # field 9 - Fingerprint + # uid : first User ID attached to primary key from which we extract + # Field 9 - Owner + # uid : (optional) additional multiple User IDs attached to primary key + # sub : (optional) secondary key + # fpr : (opitonal) fingerprint of secondary key if sub is present Strm = os.popen(" ".join(Args),"r") - + Want = "pub" while(1): - # Grab and split up line - Line = Strm.readline(); + Line = Strm.readline() if Line == "": - break; + break Split = Line.split(":") - # Store some of the key fields - if Split[0] == 'pub': - KeyID = Split[4]; - Owner = Split[9]; + if Split[0] != Want: + continue + + if Want == 'pub': + Validity = Split[1] Length = int(Split[2]) + KeyID = Split[4] Capabilities = Split[11] - Expired = Split[1] == 'e' - - # Output the key - if Split[0] == 'fpr': - if Hits.has_key(Split[9]): - continue; - Hits[Split[9]] = None; - if not Expired: - Result.append( (KeyID,Split[9],Owner,Length,Capabilities) ); + Want = 'fpr' + continue + + if Want == 'fpr': + Fingerprint = Split[9] + if Hits.has_key(Fingerprint): + Want = 'pub' # already seen, skip to next stanza + else: + Hits[Fingerprint] = None + Want = 'uid' + continue + + if Want == 'uid': + Owner = Split[9] + if Validity != 'e': # if not expired + Result.append( (KeyID,Fingerprint,Owner,Length,Capabilities) ) + Want = 'pub' # finished, skip to next stanza + continue + finally: if Strm != None: - Strm.close(); - return Result; + Strm.close() + return Result # Print the available key information in a format similar to GPG's output # We do not know the values of all the feilds so they are just replaced