3 # Sync fingerprint and uid tables with a debian.org LDAP DB
4 # Copyright (C) 2003, 2004 James Troup <james@nocrew.org>
5 # $Id: emilie,v 1.3 2004-11-27 13:25:35 troup Exp $
7 # This program is free software; you can redistribute it and/or modify
8 # it under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 2 of the License, or
10 # (at your option) any later version.
12 # This program is distributed in the hope that it will be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with this program; if not, write to the Free Software
19 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 ################################################################################
23 # <elmo> ping@debian.org ?
24 # <aj> missing@ ? wtfru@ ?
27 # <aj> all you have to do is retrofit wtfru into an acronym and no one
28 # could possibly be offended!
29 # <elmo> aj: worried terriers for russian unity ?
32 # <elmo> wthru is a little less offensive maybe? but myabe that's
33 # just because I read h as heck, not hell
35 # <aj> (surely the "f" stands for "freedom" though...)
36 # <elmo> where the freedom are you?
38 # <elmo> or worried terriers freed (of) russian unilateralism ?
39 # <aj> freedom -- it's the "foo" of the 21st century
40 # <aj> oo, how about "wat@" as in wherefore art thou?
41 # <neuro> or worried attack terriers
42 # <aj> Waning Trysts Feared - Return? Unavailable?
43 # <aj> (i find all these terriers more worrying, than worried)
44 # <neuro> worrying attack terriers, then
46 ################################################################################
48 import commands, ldap, pg, re, sys, time;
50 import db_access, utils;
52 ################################################################################
57 re_gpg_fingerprint = re.compile(r"^\s+Key fingerprint = (.*)$", re.MULTILINE);
58 re_debian_address = re.compile(r"^.*<(.*)@debian\.org>$", re.MULTILINE);
60 ################################################################################
62 def usage(exit_code=0):
63 print """Usage: emilie
64 Syncs fingerprint and uid tables with a debian.org LDAP DB
66 -h, --help show this help and exit."""
69 ################################################################################
71 def get_ldap_value(entry, value):
72 ret = entry.get(value);
76 # FIXME: what about > 0 ?
82 Cnf = utils.get_conf()
83 Arguments = [('h',"help","Emilie::Options::Help")];
85 if not Cnf.has_key("Emilie::Options::%s" % (i)):
86 Cnf["Emilie::Options::%s" % (i)] = "";
88 apt_pkg.ParseCommandLine(Cnf, Arguments, sys.argv);
90 Options = Cnf.SubTree("Emilie::Options")
94 projectB = pg.connect(Cnf["DB::Name"], Cnf["DB::Host"], int(Cnf["DB::Port"]));
95 db_access.init(Cnf, projectB);
97 #before = time.time();
98 #sys.stderr.write("[Getting info from the LDAP server...");
99 LDAPDn = Cnf["Emilie::LDAPDn"];
100 LDAPServer = Cnf["Emilie::LDAPServer"];
101 l = ldap.open(LDAPServer);
102 l.simple_bind_s("","");
103 Attrs = l.search_s(LDAPDn, ldap.SCOPE_ONELEVEL,
104 "(&(keyfingerprint=*)(gidnumber=%s))" % (Cnf["Julia::ValidGID"]),
105 ["uid", "keyfingerprint"]);
106 #sys.stderr.write("done. (%d seconds)]\n" % (int(time.time()-before)));
109 projectB.query("BEGIN WORK");
114 ldap_fin_uid_id = {};
115 q = projectB.query("""
116 SELECT f.fingerprint, f.id, u.uid FROM fingerprint f, uid u WHERE f.uid = u.id
117 UNION SELECT f.fingerprint, f.id, null FROM fingerprint f where f.uid is null""");
118 for i in q.getresult():
119 (fingerprint, fingerprint_id, uid) = i;
120 db_fin_uid[fingerprint] = (uid, fingerprint_id);
124 fingerprints = entry["keyFingerPrint"];
125 uid = entry["uid"][0];
126 uid_id = db_access.get_or_set_uid_id(uid);
127 for fingerprint in fingerprints:
128 ldap_fin_uid_id[fingerprint] = (uid, uid_id);
129 if db_fin_uid.has_key(fingerprint):
130 (existing_uid, fingerprint_id) = db_fin_uid[fingerprint];
132 q = projectB.query("UPDATE fingerprint SET uid = %s WHERE id = %s" % (uid_id, fingerprint_id));
133 print "Assigning %s to 0x%s." % (uid, fingerprint);
135 if existing_uid != uid:
136 utils.fubar("%s has %s in LDAP, but projectB says it should be %s." % (uid, fingerprint, existing_uid));
138 # Try to update people who sign with non-primary key
139 q = projectB.query("SELECT fingerprint, id FROM fingerprint WHERE uid is null");
140 for i in q.getresult():
141 (fingerprint, fingerprint_id) = i;
142 cmd = "gpg --no-default-keyring --keyring=%s --keyring=%s --fingerprint %s" \
143 % (Cnf["Dinstall::PGPKeyring"], Cnf["Dinstall::GPGKeyring"],
145 (result, output) = commands.getstatusoutput(cmd);
147 m = re_gpg_fingerprint.search(output);
150 utils.fubar("0x%s: No fingerprint found in gpg output but it returned 0?\n%s" % (fingerprint, utils.prefix_multi_line_string(output, " [GPG output:] ")));
151 primary_key = m.group(1);
152 primary_key = primary_key.replace(" ","");
153 if not ldap_fin_uid_id.has_key(primary_key):
154 utils.fubar("0x%s (from 0x%s): no UID found in LDAP" % (primary_key, fingerprint));
155 (uid, uid_id) = ldap_fin_uid_id[primary_key];
156 q = projectB.query("UPDATE fingerprint SET uid = %s WHERE id = %s" % (uid_id, fingerprint_id));
157 print "Assigning %s to 0x%s." % (uid, fingerprint);
160 for keyring in Cnf.ValueList("Emilie::ExtraKeyrings"):
161 extra_keyrings += " --keyring=%s" % (keyring);
162 cmd = "gpg --keyring=%s --keyring=%s %s --list-key %s" \
163 % (Cnf["Dinstall::PGPKeyring"], Cnf["Dinstall::GPGKeyring"],
164 extra_keyrings, fingerprint);
165 (result, output) = commands.getstatusoutput(cmd);
167 cmd = "gpg --keyserver=%s --allow-non-selfsigned-uid --recv-key %s" % (Cnf["Emilie::KeyServer"], fingerprint);
168 (result, output) = commands.getstatusoutput(cmd);
170 print "0x%s: NOT found on keyserver." % (fingerprint);
176 cmd = "gpg --list-key %s" % (fingerprint);
177 (result, output) = commands.getstatusoutput(cmd);
179 print "0x%s: --list-key returned error after --recv-key didn't." % (fingerprint);
184 m = re_debian_address.search(output);
186 guess_uid = m.group(1);
189 name = " ".join(output.split('\n')[0].split()[3:]);
190 print "0x%s -> %s -> %s" % (fingerprint, name, guess_uid);
191 # FIXME: make me optionally non-interactive
192 # FIXME: default to the guessed ID
195 uid = utils.our_raw_input("Map to which UID ? ");
196 Attrs = l.search_s(LDAPDn,ldap.SCOPE_ONELEVEL,"(uid=%s)" % (uid), ["cn","mn","sn"])
198 print "That UID doesn't exist in LDAP!"
202 name = " ".join([get_ldap_value(entry, "cn"),
203 get_ldap_value(entry, "mn"),
204 get_ldap_value(entry, "sn")]);
205 prompt = "Map to %s - %s (y/N) ? " % (uid, name.replace(" "," "));
206 yn = utils.our_raw_input(prompt).lower();
208 uid_id = db_access.get_or_set_uid_id(uid);
209 projectB.query("UPDATE fingerprint SET uid = %s WHERE id = %s" % (uid_id, fingerprint_id));
210 print "Assigning %s to 0x%s." % (uid, fingerprint);
213 projectB.query("COMMIT WORK");
215 ############################################################
217 if __name__ == '__main__':