[Da-tools-commits] ./debian/userdir-ldap r438: Check if a key has encryption capabilities and fail saying so when trying to

[Peter Palfrader]

------------------------------------------------------------
revno: 438
committer: Peter Palfrader <peter at palfrader.org>
branch nick: userdir-ldap
timestamp: Sat 2008-07-19 16:20:56 +0200
message:
  Check if a key has encryption capabilities and fail saying so when trying to
  encrypt stuff (like passwords) to users.  All this does is give nicer error
  messages, it previously failed with just "gpg failed".
modified:
  debian/changelog
  userdir_gpg.py
-------------- next part --------------
=== modified file 'debian/changelog'
--- a/debian/changelog	2008-07-08 12:33:13 +0000
+++ b/debian/changelog	2008-07-19 14:20:56 +0000
@@ -1,3 +1,11 @@
+userdir-ldap (0.3.35) unstable; urgency=low
+
+  * Check if a key has encryption capabilities and fail saying so when
+    trying to encrypt stuff (like passwords) to users.  All this does is
+    give nicer error messages, it previously failed with just "gpg failed".
+
+ -- Peter Palfrader <weasel at debian.org>  Sat, 19 Jul 2008 16:17:13 +0200
+
 userdir-ldap (0.3.34) unstable; urgency=low
 
   * ud-info: fix changing of DD status/DD status comment -

=== modified file 'userdir_gpg.py'
--- a/userdir_gpg.py	2008-07-08 12:33:06 +0000
+++ b/userdir_gpg.py	2008-07-19 14:20:56 +0000
@@ -259,6 +259,14 @@
    # In PGP2 compatible mode IDEA and rfc1991 encoding are used so that
    # PGP2 can read the result. RSA keys do not need PGP2 to be set, as GPG
    # can read a message encrypted with blowfish and RSA.
+   searchkey = GPGKeySearch(To);
+   if len(searchkey) == 0:
+      raise Error, "No key found matching %s"%(To);
+   elif len(searchkey) > 1:
+      raise Error, "Multiple keys found matching %s"%(To);
+   if searchkey[0][4].find("E") < 0:
+      raise Error, "Key %s has no encryption capability - are all encryption subkeys expired or revoked?  Are there any encryption subkeys?"%(To);
+
    if PGP2 == 0:
       try:
          Res = None;
@@ -443,6 +451,7 @@
    Result = [];
    Owner = "";
    KeyID = "";
+   Capabilities = ""
    Expired = None;
    Hits = {};
 
@@ -464,7 +473,8 @@
          if Split[0] == 'pub':
             KeyID = Split[4];
             Owner = Split[9];
-            Length = int(Split[2]);
+            Length = int(Split[2])
+            Capabilities = Split[11]
             Expired = Split[1] == 'e'
 
          # Output the key
@@ -473,7 +483,7 @@
                continue;
             Hits[Split[9]] = None;
             if not Expired:
-               Result.append( (KeyID,Split[9],Owner,Length) );
+               Result.append( (KeyID,Split[9],Owner,Length,Capabilities) );
    finally:
       if Strm != None:
          Strm.close();