X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=userdir_gpg.py;h=f594cea574ede7ae13cbc57048479a9a180eafbf;hb=refs%2Fheads%2Ffordsa;hp=1b9732cc8da57fbc339cc3950db102fc73079e30;hpb=906572ef5c181841210506f6f86039c3256d355b;p=mirror%2Fuserdir-ldap.git diff --git a/userdir_gpg.py b/userdir_gpg.py index 1b9732c..f594cea 100644 --- a/userdir_gpg.py +++ b/userdir_gpg.py @@ -26,44 +26,53 @@ # packets so I can tell if a signature is made by pgp2 to enable the # pgp2 encrypting mode. -import sys, StringIO, os, tempfile, re; -import time, fcntl, anydbm -import email, email.message +import sys +import StringIO +import os +import tempfile +import re +import time +import fcntl +import anydbm +import email +import email.message from userdir_exceptions import * # General GPG options GPGPath = "gpg" -# "--load-extension","rsa", -GPGBasicOptions = [ - "--no-options", - "--batch", - "--no-default-keyring", - "--secret-keyring", "/dev/null", - "--always-trust"]; -GPGKeyRings = []; -GPGSigOptions = ["--output","-"]; -GPGSearchOptions = ["--dry-run","--with-colons","--fingerprint",\ - "--fingerprint", "--fixed-list-mode"]; -GPGEncryptOptions = ["--output","-","--quiet","--always-trust",\ - "--armor","--encrypt"]; -GPGEncryptPGP2Options = ["--set-filename","","--rfc1991",\ - "--load-extension","idea",\ - "--cipher-algo","idea"] + GPGEncryptOptions; +# "--load-extension", "rsa", +GPGBasicOptions = ["--no-options", + "--batch", + "--no-default-keyring", + "--secret-keyring", "/dev/null", + "--always-trust"] +GPGKeyRings = [] +GPGSigOptions = ["--output", "-"] +GPGSearchOptions = ["--dry-run", "--with-colons", "--fingerprint", + "--fingerprint", "--fixed-list-mode"] +GPGEncryptOptions = ["--output", "-", "--quiet", "--always-trust", + "--armor", "--encrypt"] +GPGEncryptPGP2Options = ["--set-filename", "", "--rfc1991", + "--load-extension", "idea", + "--cipher-algo", "idea"] + GPGEncryptOptions # Replay cutoff times in seconds -CleanCutOff = 7*24*60*60; -AgeCutOff = 4*24*60*60; -FutureCutOff = 3*24*60*60; +CleanCutOff = 7 * 24 * 60 * 60 +AgeCutOff = 4 * 24 * 60 * 60 +FutureCutOff = 3 * 24 * 60 * 60 + def ClearKeyrings(): del GPGKeyRings[:] + # Set the keyrings, the input is a list of keyrings def SetKeyrings(Rings): for x in Rings: - GPGKeyRings.append("--keyring"); - GPGKeyRings.append(x); + GPGKeyRings.append("--keyring") + GPGKeyRings.append(x) + # GetClearSig takes an un-seekable email message stream (mimetools.Message) # and returns a standard PGP '---BEGIN PGP SIGNED MESSAGE---' bounded @@ -81,7 +90,7 @@ def SetKeyrings(Rings): # # lax_multipart: treat multipart bodies other than multipart/signed # as one big plain text body -def GetClearSig(Msg, Paranoid = 0, lax_multipart = False): +def GetClearSig(Msg, Paranoid=0, lax_multipart=False): if not Msg.__class__ == email.message.Message: raise RuntimeError, "GetClearSign() not called with a email.message.Message" @@ -118,7 +127,7 @@ def GetClearSig(Msg, Paranoid = 0, lax_multipart = False): # original signed block [needs to convert to \r\n] Output = "-----BEGIN PGP SIGNED MESSAGE-----\r\n"; # Semi-evil hack to get the proper hash type inserted in the message - if Msg.get_param('micalg') != None: + if Msg.get_param('micalg') is not None: Output = Output + "Hash: SHA1,%s\r\n"%(Msg.get_param('micalg')[4:].upper()) Output = Output + "\r\n"; Output = Output + Signed.as_string().replace("\n-","\n- -") + "\n" + Signature.get_payload(decode=True) @@ -207,7 +216,7 @@ def GPGWriteFilter(Program,Options,Message): InPipe[0] = -1; # Send the message - if Message != None: + if Message is not None: try: os.write(InPipe[1],Message); except: @@ -235,12 +244,14 @@ def GPGWriteFilter(Program,Options,Message): Output.close(); GPGText.close(); + + # This takes a text passage, a destination and a flag indicating the # compatibility to use and returns an encrypted message to the recipient. # It is best if the recipient is specified using the hex key fingerprint # of the target, ie 0x64BE1319CCF6D393BF87FF9358A6D4EE def GPGEncrypt(Message,To,PGP2): - Error = "KeyringError" + class KeyringError(Exception): pass # Encrypt using the PGP5 block encoding and with the PGP5 option set. # This will handle either RSA or DSA/DH asymetric keys. # In PGP2 compatible mode IDEA and rfc1991 encoding are used so that @@ -248,11 +259,11 @@ def GPGEncrypt(Message,To,PGP2): # can read a message encrypted with blowfish and RSA. searchkey = GPGKeySearch(To); if len(searchkey) == 0: - raise Error, "No key found matching %s"%(To); + raise KeyringError("No key found matching %s"%(To)) elif len(searchkey) > 1: - raise Error, "Multiple keys found matching %s"%(To); + raise KeyringError("Multiple keys found matching %s"%(To)) if searchkey[0][4].find("E") < 0: - raise Error, "Key %s has no encryption capability - are all encryption subkeys expired or revoked? Are there any encryption subkeys?"%(To); + raise KeyringError("Key %s has no encryption capability - are all encryption subkeys expired or revoked? Are there any encryption subkeys?"%(To)) if PGP2 == 0: try: @@ -263,7 +274,7 @@ def GPGEncrypt(Message,To,PGP2): Text = Res[2].read(); return Text; finally: - if Res != None: + if Res is not None: Res[1].close(); Res[2].close(); else: @@ -285,7 +296,7 @@ def GPGEncrypt(Message,To,PGP2): os.unlink(TmpName); except: pass; - if Res != None: + if Res is not None: Res[1].close(); Res[2].close(); @@ -334,7 +345,7 @@ def GPGCheckSig(Message): # Good signature response if Split[1] == "GOODSIG": # Just in case GPG returned a bad signal before this (bug?) - if Why == None: + if Why is None: GoodSig = 1; KeyID = Split[2]; Owner = ' '.join(Split[3:]) @@ -407,21 +418,21 @@ def GPGCheckSig(Message): Text = Res[2].read(); # A gpg failure is an automatic bad signature - if Exit[1] != 0 and Why == None: + if Exit[1] != 0 and Why is None: GoodSig = 0; Why = "GPG execution returned non-zero exit status: " + str(Exit[1]); - if GoodSig == 0 and (Why == None or len(Why) == 0): + if GoodSig == 0 and (Why is None or len(Why) == 0): Why = "Checking Failed"; # Try to decide if this message was sent using PGP2 PGP2Message = 0; - if (re.search("-----[\n\r][\n\r]?Version: 2\\.",Message) != None): + if (re.search("-----[\n\r][\n\r]?Version: 2\\.",Message) is not None): PGP2Message = 1; return (Why,(SigId,Date,KeyFinger),(KeyID,KeyFinger,Owner,0,PGP2Message),Text); finally: - if Res != None: + if Res is not None: Res[1].close(); Res[2].close(); @@ -520,7 +531,7 @@ def GPGKeySearch(SearchCriteria): continue finally: - if Strm != None: + if Strm is not None: Strm.close() return Result @@ -576,7 +587,7 @@ class ReplayCache: # Check a signature. 'sig' is a 3 tuple that has the sigId, date and # key ID def Check(self,Sig): - if Sig[0] == None or Sig[1] == None or Sig[2] == None: + if Sig[0] is None or Sig[1] is None or Sig[2] is None: return "Invalid signature"; if int(Sig[1]) > time.time() + self.FutureCutOff: return "Signature has a time too far in the future"; @@ -589,7 +600,7 @@ class ReplayCache: # Add a signature, the sig is the same as is given to Check def Add(self,Sig): - if Sig[0] == None or Sig[1] == None: + if Sig[0] is None or Sig[1] is None: raise RuntimeError,"Invalid signature"; if Sig[1] < time.time() - self.CleanCutOff: return; @@ -602,10 +613,10 @@ class ReplayCache: def process(self, sig_info): r = self.Check(sig_info); - if r != None: - raise RuntimeError, "The replay cache rejected your message: %s."%(r); - self.Add(sig_info); - self.close(); + if r is not None: + raise RuntimeError, "The replay cache rejected your message: %s." % (r,) + self.Add(sig_info) + self.close() # vim:set et: # vim:set ts=3: