From: Peter Palfrader Date: Wed, 20 Oct 2010 11:41:23 +0000 (+0000) Subject: ud-gpgimport: handle guest keyrings X-Git-Tag: userdir-ldap-0.3.79~17 X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=commitdiff_plain;h=ff3b878da940bd8871ff8312722e40f3d7fa8543 ud-gpgimport: handle guest keyrings ud-gpgimport so far used a single list of keyrings, and it expected all keys from that keyring to be in ldap, and to have all users in ldap a key in those keyrings. Now ud-gpgimport has a notion of the guest-keyring. It still expects all keys from the "main" keyring to be in ldap, but not all keys from the guest (DM and guest) keyrings need to have accounts. An account with a key associated to it is OK as long as it has a key in any of the keyrings. --- diff --git a/debian/changelog b/debian/changelog index 32cc612..5da345c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,8 +8,9 @@ userdir-ldap (0.3.7X) Xnstable; urgency=low right keyring. * Remove .pgp (v3 pgp key) keyrings from config. * Update guest welcome template. + * ud-gpgimport: handle guest keyrings. - -- Peter Palfrader Sun, 19 Sep 2010 01:59:46 +0200 + -- Peter Palfrader Wed, 20 Oct 2010 11:41:04 +0000 userdir-ldap (0.3.78) unstable; urgency=low diff --git a/ud-gpgimport b/ud-gpgimport index 866563c..b8c9987 100755 --- a/ud-gpgimport +++ b/ud-gpgimport @@ -53,6 +53,57 @@ def LoadOverride(File): Split = re.split("[:\n]",Line); UnknownMap[Split[0]] = Split[1].strip() + +def load_keys_from_gpg(keyrings): + keys = {} + + # Popen GPG with the correct magic special options + ClearKeyrings() + SetKeyrings(keyrings) + + Args = [GPGPath] + GPGBasicOptions + GPGKeyRings + GPGSearchOptions + [" 2> /dev/null"] + Keys = os.popen(" ".join(Args),"r"); + + # Loop over the GPG key file + Outstanding = 0; + while(1): + Line = Keys.readline(); + if Line == "": + break; + + Split = Line.split(":") + if len(Split) < 8 or Split[0] != "pub": + continue; + + while (1): + Line2 = Keys.readline(); + if Line2 == "": + break; + Split2 = Line2.split(":"); + if len(Split2) < 11 or Split2[0] != "fpr": + continue; + break; + if Line2 == "": + break; + + pgp_uid = Split[9] + fingerprint = Split2[9] + + if fingerprint in keys: + print "Duplicate key in keyrings: %s, belonging to %s"%(fingerprint, pgp_uid) + continue + keys[fingerprint] = pgp_uid + + if Keys.close() != None: + raise "Error","GPG failed" + + return keys + + + + + + # Process options AdminUser = pwd.getpwuid(os.getuid())[0]; (options, arguments) = getopt.getopt(sys.argv[1:], "au:m:n") @@ -103,71 +154,36 @@ for x in Attrs: Attrs = None; print; -# Popen GPG with the correct magic special options -ClearKeyrings() -if len(arguments) == 0: - print "Using default keyrings: %s"%ConfModule.add_keyrings; - SetKeyrings(ConfModule.add_keyrings.split(":")) -for x in arguments: - if x.find("/") == -1: - x= "./"+x - SetKeyrings( [x] ) - -Args = [GPGPath] + GPGBasicOptions + GPGKeyRings + GPGSearchOptions + [" 2> /dev/null"] -Keys = os.popen(" ".join(Args),"r"); - -# Loop over the GPG key file -Outstanding = 0; -Ignored = 0; -SeenKeys = {}; -while(1): - Line = Keys.readline(); - if Line == "": - break; - - Split = Line.split(":") - if len(Split) < 8 or Split[0] != "pub": - continue; - while (1): - Line2 = Keys.readline(); - if Line2 == "": - break; - Split2 = Line2.split(":"); - if len(Split2) < 11 or Split2[0] != "fpr": - continue; - break; - if Line2 == "": - break; - - if SeenKeys.has_key(Split2[9]): - print "Dup key ",Split2[9],"belonging to",KeyMap[Split2[9]][0]; - continue; - SeenKeys[Split2[9]] = None; +pgpkeys = load_keys_from_gpg( ConfModule.add_keyrings.split(":") ) +pgpkeys_extra = load_keys_from_gpg( ConfModule.add_keyrings_guest.split(":") ) - if KeyMap.has_key(Split2[9]): +Ignored = 0; +for fpr in pgpkeys: + pgp_uid = pgpkeys[fpr] + if fpr in KeyMap: Ignored = Ignored + 1; - # print "Ignoring keyID",Split2[9],"belonging to",KeyMap[Split2[9]][0]; - KeyMap[Split2[9]][1] = 1; + # print "Ignoring keyID",fpr,"belonging to",KeyMap[fpr][0]; + KeyMap[fpr][1] = 1; continue; - - UID = GetUID(l,SplitEmail(Split[9]),UnknownMap); + + UID = GetUID(l,SplitEmail(pgp_uid),UnknownMap); if UID[0] == None: - print "None for",SplitEmail(Split[9]),"'%s'"%(Split[9]); - if UID[1] != None: + print "Unassigned key in keyrings: %s, belonging to %s"%(fpr, pgp_uid) + if UID[1] != None: for x in UID[1]: print x; - print "MISSING " + Split2[9]; + print "MISSING " + fpr; continue; UID = UID[0] - Rec = [(ldap.MOD_ADD,"keyFingerPrint",Split2[9])]; + Rec = [(ldap.MOD_ADD,"keyFingerPrint",fpr)]; Dn = "uid=" + UID + "," + BaseDn; - print "Adding key "+Split2[9],"to",UID; + print "Adding key "+fpr,"to",UID; if KeyCount.has_key(UID): KeyCount[UID] = KeyCount[UID] + 1; else: KeyCount[UID] = 1; - + if NoAct == 1: continue; @@ -180,14 +196,11 @@ while(1): if NoAct == 0: FlushOutstanding(l,Outstanding); -if Keys.close() != None: - raise "Error","GPG failed" - print Ignored,"keys already in the directory (ignored)"; # Look for unmatched keys for x in KeyMap.keys(): - if KeyMap[x][1] == 0: + if KeyMap[x][1] == 0 and not x in pgpkeys_extra: print "key %s belonging to %s removed"%(x,KeyMap[x][0]); if KeyCount.has_key(KeyMap[x][0]) : KeyCount[KeyMap[x][0]] = KeyCount[KeyMap[x][0]] - 1 @@ -196,4 +209,7 @@ for x in KeyMap.keys(): if NoAct == 0: l.modify_s("uid="+KeyMap[x][0]+","+BaseDn,\ [(ldap.MOD_DELETE,"keyFingerPrint",x)]); - + +# vim:set et: +# vim:set ts=3: +# vim:set shiftwidth=3: