X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=userdir_gpg.py;h=fb5b93887a4dd2c6bd62b2e7e9453902352bb50f;hb=fe67fab54bca15f4820e4f0a911023ed10a743b7;hp=c70b5c16d4fe117e1399f5ba52d5a368536b3de9;hpb=8c2da2d918916444695d3bf98163ac9cd65ba91f;p=mirror%2Fuserdir-ldap.git diff --git a/userdir_gpg.py b/userdir_gpg.py index c70b5c1..fb5b938 100644 --- a/userdir_gpg.py +++ b/userdir_gpg.py @@ -26,44 +26,53 @@ # packets so I can tell if a signature is made by pgp2 to enable the # pgp2 encrypting mode. -import sys, StringIO, os, tempfile, re; -import time, fcntl, anydbm -import email, email.message +import sys +import StringIO +import os +import tempfile +import re +import time +import fcntl +import anydbm +import email +import email.message from userdir_exceptions import * # General GPG options GPGPath = "gpg" -# "--load-extension","rsa", -GPGBasicOptions = [ - "--no-options", - "--batch", - "--no-default-keyring", - "--secret-keyring", "/dev/null", - "--always-trust"]; -GPGKeyRings = []; -GPGSigOptions = ["--output","-"]; -GPGSearchOptions = ["--dry-run","--with-colons","--fingerprint",\ - "--fingerprint", "--fixed-list-mode"]; -GPGEncryptOptions = ["--output","-","--quiet","--always-trust",\ - "--armor","--encrypt"]; -GPGEncryptPGP2Options = ["--set-filename","","--rfc1991",\ - "--load-extension","idea",\ - "--cipher-algo","idea"] + GPGEncryptOptions; +# "--load-extension", "rsa", +GPGBasicOptions = ["--no-options", + "--batch", + "--no-default-keyring", + "--secret-keyring", "/dev/null", + "--always-trust"] +GPGKeyRings = [] +GPGSigOptions = ["--output", "-"] +GPGSearchOptions = ["--dry-run", "--with-colons", "--fingerprint", + "--fingerprint", "--fixed-list-mode"] +GPGEncryptOptions = ["--output", "-", "--quiet", "--always-trust", + "--armor", "--encrypt"] +GPGEncryptPGP2Options = ["--set-filename", "", "--rfc1991", + "--load-extension", "idea", + "--cipher-algo", "idea"] + GPGEncryptOptions # Replay cutoff times in seconds -CleanCutOff = 7*24*60*60; -AgeCutOff = 4*24*60*60; -FutureCutOff = 3*24*60*60; +CleanCutOff = 7 * 24 * 60 * 60 +AgeCutOff = 4 * 24 * 60 * 60 +FutureCutOff = 3 * 24 * 60 * 60 + def ClearKeyrings(): del GPGKeyRings[:] + # Set the keyrings, the input is a list of keyrings def SetKeyrings(Rings): for x in Rings: - GPGKeyRings.append("--keyring"); - GPGKeyRings.append(x); + GPGKeyRings.append("--keyring") + GPGKeyRings.append(x) + # GetClearSig takes an un-seekable email message stream (mimetools.Message) # and returns a standard PGP '---BEGIN PGP SIGNED MESSAGE---' bounded @@ -81,7 +90,7 @@ def SetKeyrings(Rings): # # lax_multipart: treat multipart bodies other than multipart/signed # as one big plain text body -def GetClearSig(Msg, Paranoid = 0, lax_multipart = False): +def GetClearSig(Msg, Paranoid=0, lax_multipart=False): if not Msg.__class__ == email.message.Message: raise RuntimeError, "GetClearSign() not called with a email.message.Message" @@ -119,7 +128,7 @@ def GetClearSig(Msg, Paranoid = 0, lax_multipart = False): Output = "-----BEGIN PGP SIGNED MESSAGE-----\r\n"; # Semi-evil hack to get the proper hash type inserted in the message if Msg.get_param('micalg') != None: - Output = Output + "Hash: MD5,SHA1,%s\r\n"%(Msg.get_param('micalg')[4:].upper()) + Output = Output + "Hash: SHA1,%s\r\n"%(Msg.get_param('micalg')[4:].upper()) Output = Output + "\r\n"; Output = Output + Signed.as_string().replace("\n-","\n- -") + "\n" + Signature.get_payload(decode=True) return (Output,1); @@ -334,7 +343,7 @@ def GPGCheckSig(Message): # Good signature response if Split[1] == "GOODSIG": # Just in case GPG returned a bad signal before this (bug?) - if Why == None: + if Why is None: GoodSig = 1; KeyID = Split[2]; Owner = ' '.join(Split[3:]) @@ -407,11 +416,11 @@ def GPGCheckSig(Message): Text = Res[2].read(); # A gpg failure is an automatic bad signature - if Exit[1] != 0 and Why == None: + if Exit[1] != 0 and Why is None: GoodSig = 0; Why = "GPG execution returned non-zero exit status: " + str(Exit[1]); - if GoodSig == 0 and (Why == None or len(Why) == 0): + if GoodSig == 0 and (Why is None or len(Why) == 0): Why = "Checking Failed"; # Try to decide if this message was sent using PGP2 @@ -576,7 +585,7 @@ class ReplayCache: # Check a signature. 'sig' is a 3 tuple that has the sigId, date and # key ID def Check(self,Sig): - if Sig[0] == None or Sig[1] == None or Sig[2] == None: + if Sig[0] is None or Sig[1] is None or Sig[2] is None: return "Invalid signature"; if int(Sig[1]) > time.time() + self.FutureCutOff: return "Signature has a time too far in the future"; @@ -589,7 +598,7 @@ class ReplayCache: # Add a signature, the sig is the same as is given to Check def Add(self,Sig): - if Sig[0] == None or Sig[1] == None: + if Sig[0] is None or Sig[1] is None: raise RuntimeError,"Invalid signature"; if Sig[1] < time.time() - self.CleanCutOff: return; @@ -602,10 +611,10 @@ class ReplayCache: def process(self, sig_info): r = self.Check(sig_info); - if r != None: - raise RuntimeError, "The replay cache rejected your message: %s."%(r); - self.Add(sig_info); - self.close(); + if r is not None: + raise RuntimeError, "The replay cache rejected your message: %s." % (r,) + self.Add(sig_info) + self.close() # vim:set et: # vim:set ts=3: