From 2e941ab7a386d6f74898aede7fe3385e1fa49cbc Mon Sep 17 00:00:00 2001
From: David Shaw <dshaw@jabberwocky.com>
Date: Fri, 7 Dec 2001 01:00:21 +0000
Subject: [PATCH] New option --expert Do not allow signing a revoked UID unless
 --expert is set, and ask even then. Do not allow signing a revoked key unless
 --expert is set, and ask even then.

---
 g10/ChangeLog | 10 ++++++++++
 g10/g10.c     |  6 ++++++
 g10/keyedit.c | 45 +++++++++++++++++++++++++++++++++++++++++----
 g10/options.h |  1 +
 4 files changed, 58 insertions(+), 4 deletions(-)

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 0f4822f9a..34c07ccf0 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,13 @@
+2001-12-04  David Shaw  <dshaw@jabberwocky.com>
+
+	* keyedit.c (keyedit_menu): Do not allow signing a revoked key
+	unless --expert is set, and ask even then.
+
+	* keyedit.c (sign_uids): Do not allow signing a revoked UID unless
+	--expert is set, and ask even then.
+
+	* g10.c, options.h : New option --expert
+
 2001-11-16  David Shaw  <dshaw@jabberwocky.com>
 
 	* Allow the user to select no compression via "--compress-algo 0"
diff --git a/g10/g10.c b/g10/g10.c
index 25a3d9fc4..e4062909e 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -119,6 +119,8 @@ enum cmd_and_opt_values { aNull = 0,
     aRefreshKeys,
 
     oTextmode,
+    oExpert,
+    oNoExpert,
     oFingerprint,
     oWithFingerprint,
     oAnswerYes,
@@ -322,6 +324,8 @@ static ARGPARSE_OPTS opts[] = {
     { oCompress, NULL,	      1, N_("|N|set compress level N (0 disables)") },
     { oTextmodeShort, NULL,   0, "@"},
     { oTextmode, "textmode",  0, N_("use canonical text mode")},
+    { oExpert, "expert",   0, "@"},
+    { oNoExpert, "no-expert",   0, "@"},
     { oOutput, "output",    2, N_("use as output file")},
     { oVerbose, "verbose",   0, N_("verbose") },
     { oQuiet,	"quiet",   0, N_("be somewhat more quiet") },
@@ -1054,6 +1058,8 @@ main( int argc, char **argv )
 	    break;
 	  case oTextmodeShort: opt.textmode = 2; break;
 	  case oTextmode: opt.textmode=1;  break;
+	  case oExpert: opt.expert = 1; break;
+	  case oNoExpert: opt.expert = 0; break;
 	  case oUser: /* store the local users */
 	    add_to_strlist2( &locusr, pargs.r.ret_str, utf8_strings );
 	    break;
diff --git a/g10/keyedit.c b/g10/keyedit.c
index bc262ba7c..425070d6b 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -275,14 +275,14 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, int local )
      *    
      * We use the CERT flag to request the primary which must always
      * be one which is capable of signing keys.  I can't see a reason
-     * why to sign keys using a subkey.  Implementation of SUAGE_CERT
+     * why to sign keys using a subkey.  Implementation of USAGE_CERT
      * is just a hack in getkey.c and does not mean that a subkey
      * marked as certification capable will be used */
     rc=build_sk_list( locusr, &sk_list, 0, PUBKEY_USAGE_SIG|PUBKEY_USAGE_CERT);
     if( rc )
 	goto leave;
 
-    /* loop over all signaturs */
+    /* loop over all signators */
     for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
 	u32 sk_keyid[2];
 	size_t n;
@@ -308,6 +308,24 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, int local )
 	for( node=keyblock; node; node = node->next ) {
 	    if( node->pkt->pkttype == PKT_USER_ID ) {
 		uidnode = (node->flag & NODFLG_MARK_A)? node : NULL;
+		if(uidnode && uidnode->pkt->pkt.user_id->is_revoked)
+		  {
+		    tty_printf(_("User ID \"%s\" is revoked.\n"),
+			       uidnode->pkt->pkt.user_id->name);
+
+		    if(opt.expert)
+		      {
+			tty_printf(_("Are you sure you still "
+				     "want to sign it?\n"));
+
+			/* No, so remove the mark and continue */
+			if(!cpr_get_answer_is_yes("sign_uid.okay",
+						  _("Really sign? ")))
+			  uidnode->flag &= ~NODFLG_MARK_A;
+		      }
+		    else
+		      uidnode->flag &= ~NODFLG_MARK_A;
+		  }
 	    }
 	    else if( uidnode && node->pkt->pkttype == PKT_SIGNATURE
 		&& (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) {
@@ -317,8 +335,10 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, int local )
 
 		    /* Fixme: see whether there is a revocation in which
 		     * case we should allow to sign it again. */
-		    tty_printf(_("Already signed by key %08lX\n"),
-							(ulong)sk_keyid[1] );
+		    tty_printf(_("User ID \"%s\" is already signed "
+				 "by key %08lX\n"),
+			       uidnode->pkt->pkt.user_id->name,
+			       (ulong)sk_keyid[1] );
                     sprintf (buf, "%08lX%08lX",
                              (ulong)sk->keyid[0], (ulong)sk->keyid[1] );
                     write_status_text (STATUS_ALREADY_SIGNED, buf);
@@ -764,6 +784,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
 	int i, arg_number;
         const char *arg_string = "";
 	char *p;
+	PKT_public_key *pk=keyblock->pkt->pkt.public_key;
 
 	tty_printf("\n");
 	if( redisplay ) {
@@ -865,6 +886,22 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
 
 	  case cmdSIGN: /* sign (only the public key) */
 	  case cmdLSIGN: /* sign (only the public key) */
+	    if( pk->is_revoked )
+	      {
+		tty_printf(_("Key is revoked.\n"));
+
+		if(opt.expert)
+		  {
+		    tty_printf(_("Are you sure you still want to sign it?\n"));
+
+		    if(!cpr_get_answer_is_yes("keyedit.sign_revoked.okay",
+					      _("Really sign? ")))
+		      break;
+		  }
+		else
+		  break;
+	      }
+
 	    if( count_uids(keyblock) > 1 && !count_selected_uids(keyblock) ) {
 		if( !cpr_get_answer_is_yes("keyedit.sign_all.okay",
 					   _("Really sign all user IDs? ")) ) {
diff --git a/g10/options.h b/g10/options.h
index 6c56553f8..cbcb33fed 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -45,6 +45,7 @@ struct {
     int dry_run;
     int list_only;
     int textmode;
+    int expert;
     int batch;	    /* run in batch mode */
     int answer_yes; /* answer yes on most questions */
     int answer_no;  /* answer no on most questions */