From 75ad30031f6167765973a8fb4dfb49c8b2a55ee7 Mon Sep 17 00:00:00 2001
From: David Shaw <dshaw@jabberwocky.com>
Date: Wed, 17 Jul 2002 19:48:19 +0000
Subject: [PATCH] * keyedit.c (show_key_with_all_names_colon): The 0x40 class
 bit in a designated revoker means "sensitive", not "local".  It's exportable
 under the right circumstances.

* main.h, options.h, export.c (do_export_stream), g10.c (main), hkp.c
(hkp_export), keyserver.c (keyserver_spawn: Add a flag to skip attribute
packets and their signatures while exporting.  This is to accomodate
keyservers (pksd again) that choke on attributes. Use keyserver-option
"include-attributes" to control it.  This defaults to ON (i.e. don't
skip).
---
 g10/ChangeLog   | 13 +++++++++++++
 g10/export.c    | 41 ++++++++++++++++++++++++++++-------------
 g10/g10.c       |  3 ++-
 g10/hkp.c       |  6 +++++-
 g10/keyedit.c   |  4 ++--
 g10/keyserver.c |  7 ++++++-
 g10/main.h      |  6 ++++--
 g10/options.h   |  1 +
 8 files changed, 61 insertions(+), 20 deletions(-)

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 6cef35c42..630afbd2e 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,16 @@
+2002-07-17  David Shaw  <dshaw@jabberwocky.com>
+
+	* keyedit.c (show_key_with_all_names_colon): The 0x40 class bit in
+	a designated revoker means "sensitive", not "local".  It's
+	exportable under the right circumstances.
+
+	* main.h, options.h, export.c (do_export_stream), g10.c (main),
+	hkp.c (hkp_export), keyserver.c (keyserver_spawn: Add a flag to
+	skip attribute packets and their signatures while exporting.  This
+	is to accomodate keyservers (pksd again) that choke on attributes.
+	Use keyserver-option "include-attributes" to control it.  This
+	defaults to ON (i.e. don't skip).
+
 2002-07-09  David Shaw  <dshaw@jabberwocky.com>
 
 	* options.h, keyserver.c (parse_keyserver_uri, keyserver_spawn,
diff --git a/g10/export.c b/g10/export.c
index 47d06e651..83e6b970e 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -34,20 +34,21 @@
 #include "main.h"
 #include "i18n.h"
 
-static int do_export( STRLIST users, int secret, int onlyrfc );
+static int do_export( STRLIST users, int secret, int flags );
 static int do_export_stream( IOBUF out, STRLIST users,
-			     int secret, int onlyrfc, int *any );
+			     int secret, int flags, int *any );
 
 /****************
  * Export the public keys (to standard out or --output).
  * Depending on opt.armor the output is armored.
- * If onlyrfc is True only RFC24404 compatible keys are exported.
- * If USERS is NULL, the complete ring will be exported.
- */
+ * flags has two bits: EXPORT_FLAG_ONLYRFC, so that only RFC2440
+ * compatible keys are exported, and EXPORT_FLAG_SKIPATTRIBS to not
+ * export attribute packets (photo IDs).
+ * If USERS is NULL, the complete ring will be exported.  */
 int
-export_pubkeys( STRLIST users, int onlyrfc )
+export_pubkeys( STRLIST users, int flags )
 {
-    return do_export( users, 0, onlyrfc );
+    return do_export( users, 0, flags );
 }
 
 /****************
@@ -55,11 +56,11 @@ export_pubkeys( STRLIST users, int onlyrfc )
  * been exported
  */
 int
-export_pubkeys_stream( IOBUF out, STRLIST users, int onlyrfc )
+export_pubkeys_stream( IOBUF out, STRLIST users, int flags )
 {
     int any, rc;
 
-    rc = do_export_stream( out, users, 0, onlyrfc, &any );
+    rc = do_export_stream( out, users, 0, flags, &any );
     if( !rc && !any )
 	rc = -1;
     return rc;
@@ -78,7 +79,7 @@ export_secsubkeys( STRLIST users )
 }
 
 static int
-do_export( STRLIST users, int secret, int onlyrfc )
+do_export( STRLIST users, int secret, int flags )
 {
     IOBUF out = NULL;
     int any, rc;
@@ -98,7 +99,7 @@ do_export( STRLIST users, int secret, int onlyrfc )
     }
     if( opt.compress_keys && opt.compress )
 	iobuf_push_filter( out, compress_filter, &zfx );
-    rc = do_export_stream( out, users, secret, onlyrfc, &any );
+    rc = do_export_stream( out, users, secret, flags, &any );
 
     if( rc || !any )
 	iobuf_cancel(out);
@@ -109,7 +110,7 @@ do_export( STRLIST users, int secret, int onlyrfc )
 
 
 static int
-do_export_stream( IOBUF out, STRLIST users, int secret, int onlyrfc, int *any )
+do_export_stream( IOBUF out, STRLIST users, int secret, int flags, int *any )
 {
     int rc = 0;
     PACKET pkt;
@@ -166,7 +167,8 @@ do_export_stream( IOBUF out, STRLIST users, int secret, int onlyrfc, int *any )
 	}
 
 	/* do not export keys which are incompatible with rfc2440 */
-	if( onlyrfc && (node = find_kbnode( keyblock, PKT_PUBLIC_KEY )) ) {
+	if( (flags&EXPORT_FLAG_ONLYRFC) &&
+	    (node = find_kbnode( keyblock, PKT_PUBLIC_KEY )) ) {
 	    PKT_public_key *pk = node->pkt->pkt.public_key;
 	    if( pk->version == 3 && pk->pubkey_algo > 3 ) {
 		log_info(_("key %08lX: not a rfc2440 key - skipped\n"),
@@ -231,6 +233,19 @@ do_export_stream( IOBUF out, STRLIST users, int secret, int onlyrfc, int *any )
 				 SIGSUBPKT_PRIV_VERIFY_CACHE);
 	    }
 
+	    /* Don't export attribs? */
+	    if( (flags&EXPORT_FLAG_SKIPATTRIBS) &&
+		node->pkt->pkttype == PKT_USER_ID &&
+		node->pkt->pkt.user_id->attrib_data ) {
+	      /* Skip until we get to something that is not an attrib
+		 or a signature on an attrib */
+	      while(kbctx->next && kbctx->next->pkt->pkttype==PKT_SIGNATURE) {
+		kbctx=kbctx->next;
+	      }
+ 
+	      continue;
+	    }
+
 	    if( secret == 2 && node->pkt->pkttype == PKT_SECRET_KEY ) {
 		/* we don't want to export the secret parts of the
 		 * primary key, this is done by using GNU protection mode 1001
diff --git a/g10/g10.c b/g10/g10.c
index f2cef6fa0..3d1105827 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -903,6 +903,7 @@ main( int argc, char **argv )
     opt.force_v3_sigs = 1;
     opt.escape_from = 1;
     opt.keyserver_options.include_subkeys=1;
+    opt.keyserver_options.include_attributes=1;
 #if defined (__MINGW32__) || defined (__CYGWIN32__)
     opt.homedir = read_w32_registry_string( NULL, "Software\\GNU\\GnuPG", "HomeDir" );
 #else
@@ -2008,7 +2009,7 @@ main( int argc, char **argv )
 	else if( cmd == aRecvKeys )
 	    keyserver_import( sl );
 	else
-	    export_pubkeys( sl, (cmd == aExport) );
+	    export_pubkeys( sl, (cmd == aExport)?EXPORT_FLAG_ONLYRFC:0 );
 	free_strlist(sl);
 	break;
 
diff --git a/g10/hkp.c b/g10/hkp.c
index 1d4baaf47..50626adf9 100644
--- a/g10/hkp.c
+++ b/g10/hkp.c
@@ -114,6 +114,7 @@ hkp_export( STRLIST users )
     IOBUF temp = iobuf_temp();
     struct http_context hd;
     char *request;
+    int attribs=EXPORT_FLAG_ONLYRFC;
     unsigned int status;
     unsigned int hflags = opt.keyserver_options.honor_http_proxy? HTTP_FLAG_TRY_PROXY : 0;
 
@@ -123,7 +124,10 @@ hkp_export( STRLIST users )
     afx.what = 1;
     iobuf_push_filter( temp, armor_filter, &afx );
 
-    rc = export_pubkeys_stream( temp, users, 1 );
+    if(!opt.keyserver_options.include_attributes)
+      attribs|=EXPORT_FLAG_SKIPATTRIBS;
+
+    rc = export_pubkeys_stream( temp, users, attribs );
     if( rc == -1 ) {
 	iobuf_close(temp);
 	return 0;
diff --git a/g10/keyedit.c b/g10/keyedit.c
index db811ac0c..8bf4ff2ee 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -1612,8 +1612,8 @@ show_key_with_all_names_colon (KBNODE keyblock)
                   p = pk->revkey[i].fpr;
                   for (j=0; j < 20; j++, p++ )
                     printf ("%02X", *p);
-                  printf (":%02x%c:\n", pk->revkey[i].class,
-                          (pk->revkey[i].class&0x40)? 'l':'x');
+                  printf (":%02x%s:\n", pk->revkey[i].class,
+                          (pk->revkey[i].class&0x40)?"s":"");
                 }
             }
         }
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 252459c88..4f3c4e790 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -54,6 +54,7 @@ struct kopts
   {"include-revoked",1,&opt.keyserver_options.include_revoked},
   {"include-disabled",1,&opt.keyserver_options.include_disabled},
   {"include-subkeys",1,&opt.keyserver_options.include_subkeys},
+  {"include-attributes",0,&opt.keyserver_options.include_attributes},
   {"keep-temp-files",0,&opt.keyserver_options.keep_temp_files},
   {"honor-http-proxy",1,&opt.keyserver_options.honor_http_proxy},
   {"broken-http-proxy",1,&opt.keyserver_options.broken_http_proxy},
@@ -451,6 +452,10 @@ keyserver_spawn(int action,STRLIST list,
 	  {
 	    armor_filter_context_t afx;
 	    IOBUF buffer=iobuf_temp();
+	    int attribs=EXPORT_FLAG_ONLYRFC;
+
+	    if(!opt.keyserver_options.include_attributes)
+	      attribs|=EXPORT_FLAG_SKIPATTRIBS;
 
 	    temp=NULL;
 	    add_to_strlist(&temp,key->d);
@@ -459,7 +464,7 @@ keyserver_spawn(int action,STRLIST list,
 	    afx.what=1;
 	    iobuf_push_filter(buffer,armor_filter,&afx);
 
-	    if(export_pubkeys_stream(buffer,temp,1)==-1)
+	    if(export_pubkeys_stream(buffer,temp,attribs)==-1)
 	      iobuf_close(buffer);
 	    else
 	      {
diff --git a/g10/main.h b/g10/main.h
index e7153bd55..ec0efd3c8 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -159,8 +159,10 @@ void import_print_stats (void *hd);
 int collapse_uids( KBNODE *keyblock );
 
 /*-- export.c --*/
-int export_pubkeys( STRLIST users, int onlyrfc );
-int export_pubkeys_stream( IOBUF out, STRLIST users, int onlyrfc );
+#define EXPORT_FLAG_ONLYRFC     1
+#define EXPORT_FLAG_SKIPATTRIBS 2
+int export_pubkeys( STRLIST users, int flags );
+int export_pubkeys_stream( IOBUF out, STRLIST users, int flags );
 int export_seckeys( STRLIST users );
 int export_secsubkeys( STRLIST users );
 
diff --git a/g10/options.h b/g10/options.h
index 78bfca0df..eb4dd1b8b 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -122,6 +122,7 @@ struct {
       int include_revoked;
       int include_disabled;
       int include_subkeys;
+      int include_attributes;
       int honor_http_proxy;
       int broken_http_proxy;
       int use_temp_files;