From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 19 Jul 2008 14:20:56 +0000 (+0200)
Subject: Check if a key has encryption capabilities and fail saying so when trying to
X-Git-Tag: userdir-ldap-0.3.35
X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=commitdiff_plain;h=7e174bddd965ac6a8f6371c92f97ac73b686eb3d

Check if a key has encryption capabilities and fail saying so when trying to
encrypt stuff (like passwords) to users.  All this does is give nicer error
messages, it previously failed with just "gpg failed".
---

diff --git a/debian/changelog b/debian/changelog
index 9cedc58..0a103f5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+userdir-ldap (0.3.35) unstable; urgency=low
+
+  * Check if a key has encryption capabilities and fail saying so when
+    trying to encrypt stuff (like passwords) to users.  All this does is
+    give nicer error messages, it previously failed with just "gpg failed".
+
+ -- Peter Palfrader <weasel@debian.org>  Sat, 19 Jul 2008 16:17:13 +0200
+
 userdir-ldap (0.3.34) unstable; urgency=low
 
   * ud-info: fix changing of DD status/DD status comment -
diff --git a/userdir_gpg.py b/userdir_gpg.py
index c883d14..1140d44 100644
--- a/userdir_gpg.py
+++ b/userdir_gpg.py
@@ -259,6 +259,14 @@ def GPGEncrypt(Message,To,PGP2):
    # In PGP2 compatible mode IDEA and rfc1991 encoding are used so that
    # PGP2 can read the result. RSA keys do not need PGP2 to be set, as GPG
    # can read a message encrypted with blowfish and RSA.
+   searchkey = GPGKeySearch(To);
+   if len(searchkey) == 0:
+      raise Error, "No key found matching %s"%(To);
+   elif len(searchkey) > 1:
+      raise Error, "Multiple keys found matching %s"%(To);
+   if searchkey[0][4].find("E") < 0:
+      raise Error, "Key %s has no encryption capability - are all encryption subkeys expired or revoked?  Are there any encryption subkeys?"%(To);
+
    if PGP2 == 0:
       try:
          Res = None;
@@ -443,6 +451,7 @@ def GPGKeySearch(SearchCriteria):
    Result = [];
    Owner = "";
    KeyID = "";
+   Capabilities = ""
    Expired = None;
    Hits = {};
 
@@ -464,7 +473,8 @@ def GPGKeySearch(SearchCriteria):
          if Split[0] == 'pub':
             KeyID = Split[4];
             Owner = Split[9];
-            Length = int(Split[2]);
+            Length = int(Split[2])
+            Capabilities = Split[11]
             Expired = Split[1] == 'e'
 
          # Output the key
@@ -473,7 +483,7 @@ def GPGKeySearch(SearchCriteria):
                continue;
             Hits[Split[9]] = None;
             if not Expired:
-               Result.append( (KeyID,Split[9],Owner,Length) );
+               Result.append( (KeyID,Split[9],Owner,Length,Capabilities) );
    finally:
       if Strm != None:
          Strm.close();