From 1ccd8e0d70fbcc66e06358577669778295b486d9 Mon Sep 17 00:00:00 2001 From: Vincent Le Gallic Date: Fri, 12 Apr 2013 16:29:33 +0200 Subject: [PATCH] =?UTF-8?q?En=20fait,=20les=20mails=20=C3=A7a=20servait=20?= =?UTF-8?q?=C3=A0=20quelque=20chose.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Modification de check_keys pour qu'il fasse quelque chose de complet et proprement * Ajout des clé des apprentis dans le example.py * Passage de toutes les clés en Fingerprint complet --- cranspasswords.py | 64 ++++++++++++++++++++++++++------------ serverconfig.example.py | 68 +++++++++++++++++++++++++++-------------- 2 files changed, 89 insertions(+), 43 deletions(-) diff --git a/cranspasswords.py b/cranspasswords.py index d48ddbd..8c0ba44 100755 --- a/cranspasswords.py +++ b/cranspasswords.py @@ -13,6 +13,7 @@ import re import random import string import datetime +import gnupg try: import clientconfig as config except ImportError: @@ -33,6 +34,16 @@ GPG_ARGS = { 'fingerprint': ['--fingerprint'], 'receive-keys': ['--recv-keys'], } +GPG_TRUSTLEVELS = { + u"-" : (u"inconnue", False), + u"n" : (u"nulle", False), + u"m" : (u"marginale", True), + u"f" : (u"entière", True), + u"u" : (u"ultime", True), + u"r" : (u"révoquée", False), + u"e" : (u"expirée", False), + u"q" : (u"/données insuffisantes/", False), + } DEBUG = False VERB = False @@ -159,17 +170,30 @@ def check_keys(): """Vérifie les clés existantes""" keys = all_keys() - - for mail, key in keys.values(): - if key: - _, stdout = gpg("fingerprint", [key]) - if VERB: print "Checking %s" % mail - if str("<%s>" % mail.lower()) not in stdout.read().lower(): - if VERB: print "-->Fail on %s" % mail - break - else: - return True - return False + gpg = gnupg.GPG(gnupghome='~/.gnupg') + localkeys = gpg.list_keys() + failed = False + for (mail, fpr) in keys.values(): + if fpr: + if VERB: print "Checking %s" % (mail) + corresponds = [key for key in localkeys if key["fingerprint"] == fpr] + # On vérifie qu'on possède la clé… + if len(corresponds) == 1: + correspond = corresponds[0] + # …qu'elle correspond au mail… + if mail.lower() in sum([re.findall("<(.*)>", uid.lower()) for uid in correspond["uids"]], []): + meaning, trustvalue = GPG_TRUSTLEVELS[correspond["trust"]] + # … et qu'on lui fait confiance + if not trustvalue: + print (u"--> Fail on %s:%s\nLa confiance en la clé est : %s" % (meaning,)).encode("utf-8") + failed = True + else: + print (u"--> Fail on %s:%s\n!! Le fingerprint et le mail ne correspondent pas !" % (fpr, mail)).encode("utf-8") + failed = True + else: + print (u"--> Fail on %s:%s\nPas (ou trop) de clé avec ce fingerprint." % (fpr, mail)).encode("utf-8") + failed = True + return not failed def get_recipients_of_roles(roles): """Renvoie les destinataires d'un rôle""" @@ -184,8 +208,8 @@ def get_recipients_of_roles(roles): def get_dest_of_roles(roles): """ Summarize recipients of a role """ allkeys = all_keys() - return ["%s (%s)" % (rec, allkeys[rec]) for rec in \ - get_recipients_of_roles(roles) if allkeys[rec]] + return ["%s : %s (%s)" % (rec, allkeys[rec][0], allkeys[rec][1]) + for rec in get_recipients_of_roles(roles) if allkeys[rec][1]] def encrypt(roles, contents): """Chiffre le contenu pour les roles donnés""" @@ -193,14 +217,14 @@ def encrypt(roles, contents): allkeys = all_keys() recipients = get_recipients_of_roles(roles) - email_recipients = [] + fpr_recipients = [] for recipient in recipients: - key = allkeys[recipient] - if key: - email_recipients.append("-r") - email_recipients.append(key) + fpr = allkeys[recipient][1] + if fpr: + fpr_recipients.append("-r") + fpr_recipients.append(fpr) - stdin, stdout = gpg("encrypt", email_recipients) + stdin, stdout = gpg("encrypt", fpr_recipients) stdin.write(contents) stdin.close() out = stdout.read() @@ -406,7 +430,7 @@ def remove_file(fname): def my_check_keys(): - check_keys() and "Base de clés ok" or "Erreurs dans la base" + print (check_keys() and u"Base de clés ok" or u"Erreurs dans la base").encode("utf-8") def my_update_keys(): print update_keys() diff --git a/serverconfig.example.py b/serverconfig.example.py index fc9ebdb..414ce6a 100755 --- a/serverconfig.example.py +++ b/serverconfig.example.py @@ -21,26 +21,46 @@ DEST_MAIL = "root@crans.org" KEYS = { - 'aza-vallina': None, - 'becue': '0D442664194974E2', - 'blockelet': '5314C173AF087A52', - 'boilard': 'C1690AB9C39EB6F4', - 'cauderlier': None, - 'chambart': '43680A46F2530FCE', - 'dandrimont': 'B8E5087766475AAF', - 'dimino': '1E8A30532127F85A', - 'dstan': 'BC9BF8456E1C820B', - 'durand-gasselin': '30F01C448E96ACDA', - 'glondu': '7853DA4D49881AD3', - 'huber': '1EF81A95E0DCF376', - 'iffrig': '18068DEA354B0045', - 'lagorce': '9D9D7CE70BF3708E', - 'legallic': '3602E1C9A94025B0', - 'maioli': None, - 'parret-freaud': '13AC8F777D980513', - 'samir': 'C86AD2AA41C2B76B', - 'tvincent': '1C6BE33AC5C4ACC0' - } + 'aza-vallina': ('Damien.Aza-Vallina@crans.org', None), + 'becue': ('becue@crans.org', '9AE04D986400E3B67528F4930D442664194974E2'), + 'blockelet': ('blockelet@crans.org', '550A057BC913EA4637D250495314C173AF087A52'), + 'boilard': ('boilard@crans.org', 'E73A648AAB5E81BE38038350C1690AB9C39EB6F4'), + 'cauderlier': ('cauderlier@crans.org', None), + 'chambart': ('pierre.chambart@crans.org', '085D0DFB66EAF9448C42979C43680A46F2530FCE'), + 'dandrimont': ('nicolas.dandrimont@crans.org', '791F12396630DD71FD364375B8E5087766475AAF'), + 'dimino': ('jdimino@dptinfo.ens-cachan.fr', '2C938EAC93A16F8129F807C81E8A30532127F85A'), + 'dstan': ('daniel.stan@crans.org', '90520CFDE846E7651A1B751FBC9BF8456E1C820B'), + 'durand-gasselin': ('adg@crans.org', 'B3EA34ED8A4EA3B5C3E6C04D30F01C448E96ACDA'), + 'glondu': ('Stephane.Glondu@crans.org', '58EB0999C64E897EE894B8037853DA4D49881AD3'), + 'huber': ('olivier.huber@crans.org', '3E9473AF796C530F9C4DE7DB1EF81A95E0DCF376'), + 'iffrig': ('iffrig@crans.org', '26A210E2584208FEF6BE8F3718068DEA354B0045'), + 'lagorce': ('xavier.lagorce@crans.org', '08C26F5AABC5570E5E2F52B39D9D7CE70BF3708E'), + 'legallic': ('legallic@crans.org', '4BDD2DC3F10C26B9BC3B0BD93602E1C9A94025B0'), + 'maioli': ('maioli@crans.org', None), + 'parret-freaud': ('parret-freaud@crans.org', 'A93D3EB37C3669F89C01F9AE13AC8F777D980513'), + 'samir': ('samir@crans.org', 'C7B8823E96E8DC2798970340C86AD2AA41C2B76B'), + 'tvincent': ('vincent.thomas@crans.org', 'DFB04CE4394B1115C587AE101C6BE33AC5C4ACC0'), +#Autogen + 'besson': ('lbesson@ens-cachan.fr', None),#'BF105A8DC75491B9D6EDAC5D01AACDB9C108F8A0', + 'tilquin': ('tilquin@crans.org', None), + 'pvincent': ('pvincent@crans.org', None), + 'pommeret': ('pommeret@crans.org', '8D9C890BD2B783A052DBE71405504FF0CF875FE1'), + 'lasseri': ('lasseri@crans.org', '31EF775095485A1CA4CC7CAAA2A902AE80403321'), + 'moisy-mabille': ('moisy-mabille@crans.org', None), + 'guiraud': ('guiraud@crans.org', None), + 'soret': ('soret@crans.org', None), + 'serrano': ('serrano@crans.org', '64ABC0C087EDAA14B79F5F7DEDE22762F030FDC5'), + 'kherouf': ('kherouf@crans.org', None), + 'baste': ('baste@crans.org', None), + 'quelennec': ('quelennec@crans.org', None), + 'grande': ('grande@crans.org', None), + 'gstalter': ('gstalter@crans.org', None), + 'duplouy': ('duplouy@crans.org', None), + 'randazzo': ('randazzo@crans.org', None), + 'epalle': ('epalle@crans.org', None), + 'bonaque': ('bonaque@crans.org', None), + 'kviard': ('kviard@crans.org', None) +} # Les variables suivantes sont utilisées pour définir le dictionnaire des # rôles. @@ -65,10 +85,10 @@ NOUNOUS=RTC+[ "legallic", ] +# Autogen: +APPRENTIS=['grande', 'bonaque', 'moisy-mabille', 'baste', 'duplouy', 'besson', 'pvincent', 'quelennec', 'pommeret', 'guiraud', 'serrano', 'kherouf', 'randazzo', 'tilquin', 'lasseri', 'epalle', 'soret', 'gstalter', 'kviard'] + CA=[ - "samir", - "iffrig", - "cauderlier", ] ## Les vrais rôles ! @@ -77,4 +97,6 @@ ROLES = { "ca-w": CA, "nounous": NOUNOUS, "nounous-w": NOUNOUS, + "apprentis-w": NOUNOUS, + "apprentis": NOUNOUS + APPRENTIS, }