posix -> os

[mirror/userdir-ldap.git] / userdir_gpg.py

diff --git a/userdir_gpg.py b/userdir_gpg.py
index 82e9ed9..b181abe 100644 (file)
--- a/userdir_gpg.py
+++ b/userdir_gpg.py
@@ -19,8 +19,7 @@ import rfc822, time, fcntl, FCNTL, anydbm
 GPGPath = "gpg"
 GPGBasicOptions = ["--no-options","--batch","--load-extension","rsa",\
           "--no-default-keyring","--always-trust"];
-GPGKeyRings = ["--keyring","/usr/share/keyrings/debian-keyring.pgp",\
-               "--keyring","/usr/share/keyrings/debian-keyring.gpg"];
+GPGKeyRings = [];
 GPGSigOptions = ["--output","-"];
 GPGSearchOptions = ["--dry-run","--with-colons","--fingerprint"];
 GPGEncryptOptions = ["--output","-","--quiet","--always-trust",\
@@ -34,6 +33,12 @@ CleanCutOff = 7*24*60*60;
 AgeCutOff = 4*24*60*60;
 FutureCutOff = 3*24*60*60;
 
+# Set the keyrings, the input is a list of keyrings
+def SetKeyrings(Rings):
+   for x in Rings:
+      GPGKeyRings.append("--keyring");
+      GPGKeyRings.append(x);          
+
 # GetClearSig takes an un-seekable email message stream (mimetools.Message) 
 # and returns a standard PGP '---BEGIN PGP SIGNED MESSAGE---' bounded 
 # clear signed text.
@@ -83,7 +88,12 @@ def GetClearSig(Msg):
 
       # Append the PGP boundary header and the signature text to re-form the
       # original signed block [needs to convert to \r\n]
-      Output = "-----BEGIN PGP SIGNED MESSAGE-----\r\n\r\n" + Signed.getvalue() + Signature;
+      Output = "-----BEGIN PGP SIGNED MESSAGE-----\r\n";
+      # Semi-evil hack to get the proper hash type inserted in the message
+      if Msg.getparam('micalg') != None:
+          Output = Output + "Hash: %s\r\n"%(string.upper(Msg.getparam('micalg')[4:]));
+      Output = Output + "\r\n";
+      Output = Output +  string.replace(Signed.getvalue(),"\n---","\n- ---") + Signature;
       return (Output,1);
    else:
       # Just return the message body
@@ -264,16 +274,22 @@ def GPGCheckSig(Message):
             Why = "Verification of signature failed";
 
         # Bad signature response
-        if Split[1] == "ERRSIG" or Split[1] == "NO_PUBKEY":
+        if Split[1] == "ERRSIG":
            GoodSig = 0;
            KeyID = Split[2];
-           if Split[7] == '9':
+            if len(Split) <= 7:
+               Why = "GPG error, ERRSIG status tag is invalid";
+            elif Split[7] == '9':
                Why = "Unable to verify signature, signing key missing.";
             elif Split[7] == '4':
                Why = "Unable to verify signature, unknown packet format/key type";
            else:   
                Why = "Unable to verify signature, unknown reason";
 
+         if Split[1] == "NO_PUBKEY":
+           GoodSig = 0;
+            Why = "Unable to verify signature, signing key missing.";
+
         # Expired signature
         if Split[1] == "SIGEXPIRED":
            GoodSig = 0;
@@ -331,6 +347,7 @@ def GPGKeySearch(SearchCriteria):
    Result = [];
    Owner = "";
    KeyID = "";
+   Hits = {};
    try:
       Strm = os.popen(string.join(Args," "),"r");
       
@@ -349,6 +366,9 @@ def GPGKeySearch(SearchCriteria):
 
          # Output the key
          if Split[0] == 'fpr':
+            if Hits.has_key(Split[9]):
+               continue;
+            Hits[Split[9]] = None;
             Result.append( (KeyID,Split[9],Owner,Length) );
    finally:
       if Strm != None: