--- /dev/null
+#!/usr/bin/env python
+# -*- mode: python -*-
+# This script tries to match key fingerprints from a keyring with user
+# name in a directory. When an unassigned key is found a heuristic match
+# against the keys given cn/sn and the directory is performed to try to get
+# a matching. Generally this works about 90% of the time, matching is fairly
+# strict. In the event a non-match a fuzzy sounds-alike search is performed
+# and the results printed to aide the user.
+#
+# GPG is automatically invoked with the correct magic special options,
+# pass the names of all the valid key rings on the command line.
+#
+# The output report will list what actions were taken. Keys that are present
+# in the directory but not in the key ring will be removed from the
+# directory.
+
+import string, re, time, ldap, getopt, sys, pwd, posix;
+from userdir_gpg import *;
+Output = "extrakeys.gpg";
+
+# Process options
+AdminUser = pwd.getpwuid(posix.getuid())[0];
+(options, arguments) = getopt.getopt(sys.argv[1:], "o:")
+for (switch, val) in options:
+ if (switch == '-o'):
+ Output = val
+ elif (switch == '-m'):
+ LoadOverride(val);
+ elif (switch == '-a'):
+ NoAct = 0;
+
+if len(arguments) == 0:
+ print "Give some keyrings to probe";
+ os.exit(0);
+
+# Popen GPG with the correct magic special options
+Args = [GPGPath] + GPGBasicOptions;
+for x in arguments:
+ Args.append("--keyring");
+ if string.find(x,"/") == -1:
+ Args.append("./"+x);
+ else:
+ Args.append(x);
+Args.append("--list-sigs");
+Args = Args + GPGSearchOptions + [" 2> /dev/null"]
+print string.join(Args," ")
+#Keys = os.popen(string.join(Args," "),"r");
+Keys = os.popen("cat sigs","r");
+
+# Loop over the GPG key file
+HaveKeys = {};
+NeedKeys = {};
+print "Reading keys+sigs from keyring";
+while(1):
+ Line = Keys.readline();
+ if Line == "":
+ break;
+
+ Split = string.split(Line,":");
+ if len(Split) >= 8 and Split[0] == "pub":
+ HaveKeys[Split[4]] = "";
+ continue;
+
+ if len(Split) >= 5 and Split[0] == "sig":
+ NeedKeys[Split[4]] = "";
+ continue;
+Keys.close();
+
+# Popen GPG with the correct magic special options
+Args = [GPGPath] + GPGBasicOptions;
+for x in [Output]:
+ Args.append("--keyring");
+ if string.find(x,"/") == -1:
+ Args.append("./"+x);
+ else:
+ Args.append(x);
+OldArgs = Args;
+Args = Args + GPGSearchOptions + [" 2> /dev/null"]
+Keys = os.popen(string.join(Args," "),"r");
+
+print "Reading keys from output";
+while(1):
+ Line = Keys.readline();
+ if Line == "":
+ break;
+
+ Split = string.split(Line,":");
+ if len(Split) >= 8 and Split[0] == "pub":
+ HaveKeys[Split[4]] = "";
+ continue;
+Keys.close();
+
+KeysToFetch = [];
+for x in NeedKeys.keys():
+ if not HaveKeys.has_key(x):
+ KeysToFetch.append("0x"+x);
+
+print "Have %u keys and %u sigs, need %u keys"%(len(HaveKeys),len(NeedKeys),len(KeysToFetch));
+
+Args = OldArgs;
+Args.append("--keyserver 18.43.0.48");
+Args.append("--recv-keys");
+I = len(KeysToFetch);
+while (I > 0):
+ OldI = I;
+ I = I - 20;
+ if I < 0: I = 0;
+ print string.join(Args+KeysToFetch[I:OldI]," ")