2013-09-27 01:40:27 +02:00
|
|
|
#!/usr/bin/python
|
|
|
|
|
2013-09-28 04:21:55 +02:00
|
|
|
#
|
2024-01-06 14:34:54 +01:00
|
|
|
# lacre
|
2013-09-28 04:21:55 +02:00
|
|
|
#
|
2024-01-06 14:34:54 +01:00
|
|
|
# This file is part of the lacre source code.
|
2013-09-28 04:21:55 +02:00
|
|
|
#
|
2024-01-06 14:34:54 +01:00
|
|
|
# lacre is free software: you can redistribute it and/or modify
|
2022-10-19 20:52:11 +02:00
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
|
|
# (at your option) any later version.
|
2013-09-28 04:21:55 +02:00
|
|
|
#
|
2024-01-06 14:34:54 +01:00
|
|
|
# lacre source code is distributed in the hope that it will be useful,
|
2022-10-19 20:52:11 +02:00
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
2013-09-28 04:21:55 +02:00
|
|
|
#
|
2022-10-19 20:52:11 +02:00
|
|
|
# You should have received a copy of the GNU General Public License
|
2024-01-06 14:34:54 +01:00
|
|
|
# along with lacre source code. If not, see <http://www.gnu.org/licenses/>.
|
2013-09-28 04:21:55 +02:00
|
|
|
#
|
|
|
|
|
2023-12-19 18:21:00 +01:00
|
|
|
import sys
|
2022-04-12 21:43:52 +02:00
|
|
|
import logging
|
|
|
|
import lacre
|
|
|
|
import lacre.config as conf
|
2023-11-01 21:30:26 +01:00
|
|
|
from lacre.notify import notify
|
2013-09-27 01:40:27 +02:00
|
|
|
|
2024-01-06 14:34:54 +01:00
|
|
|
# Read configuration from /etc/lacre.conf
|
2023-09-21 20:02:52 +02:00
|
|
|
conf.load_config()
|
|
|
|
|
|
|
|
lacre.init_logging(conf.get_item('logging', 'config'))
|
2023-11-15 20:25:42 +01:00
|
|
|
LOG = logging.getLogger('webgate-cron.py')
|
2023-09-21 20:02:52 +02:00
|
|
|
|
|
|
|
import GnuPG
|
2023-12-17 14:03:20 +01:00
|
|
|
from lacre.repositories import KeyConfirmationQueue, IdentityRepository, init_engine
|
2022-04-23 09:11:15 +02:00
|
|
|
|
|
|
|
|
2023-11-01 21:30:26 +01:00
|
|
|
def _validate_config():
|
|
|
|
missing = conf.validate_config(additional=conf.CRON_REQUIRED)
|
|
|
|
if missing:
|
|
|
|
LOG.error('Missing config parameters: %s', missing)
|
2023-11-25 14:04:32 +01:00
|
|
|
exit(lacre.EX_CONFIG)
|
2023-10-29 19:39:08 +01:00
|
|
|
|
2022-04-23 09:11:15 +02:00
|
|
|
|
2024-01-21 11:28:46 +01:00
|
|
|
def import_key(key_dir, armored_key, key_id, email, key_queue, identities):
|
|
|
|
# import the key to gpg
|
|
|
|
(fingerprint, _) = GnuPG.add_key(key_dir, armored_key)
|
|
|
|
|
|
|
|
key_queue.mark_accepted(key_id)
|
|
|
|
identities.register_or_update(email, fingerprint)
|
|
|
|
|
|
|
|
LOG.info('Imported key from: %s', email)
|
|
|
|
if conf.flag_enabled('cron', 'send_email'):
|
|
|
|
notify("PGP key registration successful", "registrationSuccess.md", email)
|
|
|
|
|
|
|
|
|
|
|
|
def import_failed(key_id, email, key_queue):
|
|
|
|
key_queue.delete_keys(key_id)
|
|
|
|
LOG.warning('Import confirmation failed: %s', email)
|
|
|
|
|
|
|
|
if conf.flag_enabled('cron', 'send_email'):
|
|
|
|
notify("PGP key registration failed", "registrationError.md", email)
|
|
|
|
|
|
|
|
|
|
|
|
def delete_key(key_id, email, key_queue):
|
|
|
|
# delete key so we don't continue processing it
|
|
|
|
LOG.debug('Empty key received, just deleting')
|
|
|
|
|
|
|
|
key_queue.delete_keys(row_id)
|
|
|
|
if conf.flag_enabled('cron', 'send_email'):
|
|
|
|
notify("PGP key deleted", "keyDeleted.md", email)
|
|
|
|
|
|
|
|
|
|
|
|
def cleanup(key_dir, key_queue):
|
|
|
|
"""Delete keys and queue entries."""
|
|
|
|
|
|
|
|
LOG.info('Cleaning up after a round of key confirmation')
|
|
|
|
for email, row_id in key_queue.fetch_keys_to_delete():
|
|
|
|
LOG.debug('Removing key from keyring: %s', email)
|
|
|
|
GnuPG.delete_key(key_dir, email)
|
|
|
|
|
|
|
|
LOG.debug('Removing key from identity store: %s', row_id)
|
|
|
|
key_queue.delete_keys(row_id)
|
|
|
|
|
|
|
|
LOG.info('Deleted key for: %s', email)
|
|
|
|
|
|
|
|
|
2023-11-01 21:30:26 +01:00
|
|
|
_validate_config()
|
2022-04-23 09:11:15 +02:00
|
|
|
|
2023-12-19 18:21:00 +01:00
|
|
|
if not (conf.flag_enabled('database', 'enabled') and conf.config_item_set('database', 'url')):
|
|
|
|
print("Warning: doing nothing since database settings are not configured!")
|
|
|
|
LOG.error("Warning: doing nothing since database settings are not configured!")
|
|
|
|
sys.exit(lacre.EX_CONFIG)
|
|
|
|
|
|
|
|
|
|
|
|
try:
|
2023-12-17 14:03:20 +01:00
|
|
|
db_engine = init_engine(conf.get_item('database', 'url'))
|
2022-10-19 20:52:11 +02:00
|
|
|
|
2023-12-17 14:03:20 +01:00
|
|
|
identities = IdentityRepository(engine=db_engine)
|
|
|
|
key_queue = KeyConfirmationQueue(engine=db_engine)
|
2023-11-01 21:30:26 +01:00
|
|
|
|
|
|
|
key_dir = conf.get_item('gpg', 'keyhome')
|
|
|
|
LOG.debug('Using GnuPG with home directory in %s', key_dir)
|
|
|
|
|
2024-01-21 11:28:46 +01:00
|
|
|
for armored_key, row_id, email in key_queue.fetch_keys():
|
2022-10-19 20:52:11 +02:00
|
|
|
# delete any other public keys associated with this confirmed email address
|
2023-11-24 22:59:21 +01:00
|
|
|
key_queue.delete_keys(row_id, email=email)
|
|
|
|
identities.delete(email)
|
2023-11-01 21:30:26 +01:00
|
|
|
GnuPG.delete_key(key_dir, email)
|
2024-01-21 11:28:46 +01:00
|
|
|
LOG.info('Deleted key via import request for: %s', email)
|
2022-10-19 20:52:11 +02:00
|
|
|
|
2024-01-21 11:28:46 +01:00
|
|
|
if not armored_key.strip(): # we have this so that user can submit blank key to remove any encryption
|
2022-10-19 20:52:11 +02:00
|
|
|
# delete key so we don't continue processing it
|
2024-01-21 11:28:46 +01:00
|
|
|
delete_key(row_id, email, key_queue)
|
|
|
|
continue
|
2022-10-19 20:52:11 +02:00
|
|
|
|
2024-01-21 11:28:46 +01:00
|
|
|
if GnuPG.confirm_key(armored_key, email):
|
|
|
|
import_key(key_dir, armored_key, row_id, email, key_queue, identities)
|
|
|
|
else:
|
|
|
|
import_failed(row_id, email, key_queue)
|
2024-01-04 19:45:25 +01:00
|
|
|
|
2024-01-21 11:28:46 +01:00
|
|
|
cleanup(key_dir, key_queue)
|
2023-12-19 18:21:00 +01:00
|
|
|
except:
|
|
|
|
LOG.exception('Unexpected issue during key confirmation')
|