X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=blobdiff_plain;f=sigcheck;h=f3c17f0faeb12b0c132233d949c2205afd0b5b36;hp=95db70814b2adc4b65fdac1bed65b18817da2cf4;hb=refs%2Fheads%2Fmaster;hpb=b1767d1efb529fbbddd895afce31609abdb87e36 diff --git a/sigcheck b/sigcheck index 95db708..f3c17f0 100755 --- a/sigcheck +++ b/sigcheck @@ -25,7 +25,8 @@ # -e /etc/userdir-ldap/templtes/error-reply -- test.sh import sys, traceback, time, os; -import string, pwd, getopt; +import pwd, getopt; +import email, email.parser from userdir_gpg import *; EX_TEMPFAIL = 75; @@ -48,13 +49,14 @@ def verbmsg(msg): # Match the key fingerprint against an LDAP directory def CheckLDAP(FingerPrint): import ldap; + import userdir_ldap; # Connect to the ldap server global ErrTyp, ErrMsg; ErrType = EX_TEMPFAIL; ErrMsg = "An error occurred while performing the LDAP lookup:"; global l; - l = ldap.open(LDAPServer); + l = userdir_ldap.connectLDAP(LDAPServer); l.simple_bind_s("",""); # Search for the matching key fingerprint @@ -100,7 +102,7 @@ for (switch, val) in options: if (switch == '-r'): ReplayCacheFile = val; elif (switch == '-k'): - SetKeyrings(string.split(val,":")); + SetKeyrings(val.split(":")); elif (switch == '-d'): LDAPDn = val; elif (switch == '-l'): @@ -124,55 +126,48 @@ try: if ReplayCacheFile != None: ErrMsg = "Failed to initialize the replay cache:"; RC = ReplayCache(ReplayCacheFile); - RC.Clean(); - + # Get the email ErrType = EX_PERMFAIL; ErrMsg = "Failed to understand the email or find a signature:"; - Email = mimetools.Message(sys.stdin,0); - MsgID = Email.getheader("Message-ID"); + mail = email.parser.Parser().parse(sys.stdin); + MsgID = mail["Message-ID"] + print "Inspecting message %s"%MsgID; verbmsg("Processing message %s" % MsgID) - Msg = GetClearSig(Email,1); - # print Msg + Msg = GetClearSig(mail,1); if AllowMIME == 0 and Msg[1] != 0: raise Error, "PGP/MIME disallowed"; ErrMsg = "Message is not PGP signed:" - if string.find(Msg[0],"-----BEGIN PGP SIGNED MESSAGE-----") == -1: + if Msg[0].find("-----BEGIN PGP SIGNED MESSAGE-----") == -1: raise Error, "No PGP signature"; # Check the signature ErrMsg = "Unable to check the signature or the signature was invalid:"; - Res = GPGCheckSig(Msg[0]); + pgp = GPGCheckSig2(Msg[0]) - if Res[0] != None: - raise Error, Res[0]; - - if Res[3] == None: - raise Error, "Null signature text"; + if not pgp.ok: + raise UDFormatError, pgp.why + if pgp.text is None: + raise UDFormatError, "Null signature text" # Check the signature against the replay cache if ReplayCacheFile != None: - ErrMsg = "The replay cache rejected your message. Check your clock!"; - Rply = RC.Check(Res[1]); - if Rply != None: - raise Error, Rply; - RC.Add(Res[1]); - RC.close(); + RC.process(pgp.sig_info) # Do LDAP stuff if LDAPDn != None: - CheckLDAP(Res[2][1]); - + CheckLDAP(pgp.key_fpr) + ErrMsg = "Verifying message:"; if Phrases != None: F = open(Phrases,"r"); while 1: Line = F.readline(); if Line == "": break; - if string.find(Res[3],string.strip(Line)) == -1: - raise Error,"Phrase '%s' was not found"%(string.strip(Line)); + if pgp.text.find(Line.strip()) == -1: + raise Error,"Phrase '%s' was not found" % (Line.strip()) except: ErrMsg = "[%s] \"%s\" \"%s %s\"\n"%(Now,MsgID,ErrMsg,sys.exc_value);