* options.skel, options.h, main.h, keydb.h, pkclist.c (build_pk_list,

expand_groups), g10.c (main, add_group): Add new "group" command to allow
one name to expand into multiple keys. For simplicity, and to avoid
potential loops, we only expand once - you can't make an alias that points
to an alias.

* main.h, g10.c (main), keygen.c (build_personal_digest_list): Simplify
the default digest list - there is really no need for the other hashes
since they will never be used after SHA-1 in the list.

* options.skel, options.h, g10.c (main), hkp.c (hkp_ask_import,
hkp_export, hkp_search), keyserver.c (parse_keyserver_options,
parse_keyserver_uri, keyserver_work, keyserver_refresh): Make the
"x-broken-hkp" keyserver scheme into keyserver-option "broken-http-proxy".
Move honor_http_proxy into keyserver_options.  Canonicalize the three
variations of "hkp", "x-hkp", and "x-broken-hkp" into "hkp".

g10/ChangeLog

@@ -1,3 +1,24 @@
+2002-06-07  David Shaw  <dshaw@jabberwocky.com>
+
+	* options.skel, options.h, main.h, keydb.h, pkclist.c
+	(build_pk_list, expand_groups), g10.c (main, add_group): Add new
+	"group" command to allow one name to expand into multiple keys.
+	For simplicity, and to avoid potential loops, we only expand once
+	- you can't make an alias that points to an alias.
+
+	* main.h, g10.c (main), keygen.c (build_personal_digest_list):
+	Simplify the default digest list - there is really no need for the
+	other hashes since they will never be used after SHA-1 in the
+	list.
+
+	* options.skel, options.h, g10.c (main), hkp.c (hkp_ask_import,
+	hkp_export, hkp_search), keyserver.c (parse_keyserver_options,
+	parse_keyserver_uri, keyserver_work, keyserver_refresh): Make the
+	"x-broken-hkp" keyserver scheme into keyserver-option
+	"broken-http-proxy".  Move honor_http_proxy into
+	keyserver_options.  Canonicalize the three variations of "hkp",
+	"x-hkp", and "x-broken-hkp" into "hkp".
+
 2002-06-07  Stefan Bellon  <sbellon@sbellon.de>
 
 	* g10.c [__riscos__]: Added --attribute-file to do the same as

g10/g10.c

@@ -294,6 +294,7 @@ enum cmd_and_opt_values { aNull = 0,
     oTTYtype,
     oLCctype,
     oLCmessages,
+    oGroup,
 aTest };
 
 
@@ -578,6 +579,7 @@ static ARGPARSE_OPTS opts[] = {
     { oTTYtype,    "ttytype",     2, "@" },
     { oLCctype,    "lc-ctype",    2, "@" },
     { oLCmessages, "lc-messages", 2, "@" },
+    { oGroup,      "group",       2, "@" },
 {0} };
 
 
@@ -800,6 +802,32 @@ set_cmd( enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd )
 }
 
 
+static void add_group(char *string)
+{
+  char *name,*value;
+  struct groupitem *item;
+  STRLIST values=NULL;
+
+  /* Break off the group name */
+  name=strsep(&string," ");
+  if(string==NULL)
+    {
+      log_error(_("no values for group \"%s\"\n"),name);
+      return;
+    }
+
+  /* Break apart the values */
+  while((value=strsep(&string," ")) && *value!='\0')
+    add_to_strlist2(&values,value,utf8_strings);
+
+  item=m_alloc(sizeof(struct groupitem));
+  item->name=name;
+  item->values=values;
+  item->next=opt.grouplist;
+
+  opt.grouplist=item;
+}
+
 
 int
 main( int argc, char **argv )
@@ -1342,7 +1370,7 @@ main( int argc, char **argv )
 	  case oNoLiteral: opt.no_literal = 1; break;
 	  case oSetFilesize: opt.set_filesize = pargs.r.ret_ulong; break;
 	  case oHonorHttpProxy:
-                opt.honor_http_proxy = 1;
+                opt.keyserver_options.honor_http_proxy = 1;
 		log_info(_("WARNING: %s is a deprecated option.\n"),
 			 "--honor-http-proxy");
 		log_info(_("please use \"--keyserver-options %s\" instead\n"),
@@ -1398,6 +1426,7 @@ main( int argc, char **argv )
           case oTTYtype: opt.ttytype = pargs.r.ret_str; break;
           case oLCctype: opt.lc_ctype = pargs.r.ret_str; break;
           case oLCmessages: opt.lc_messages = pargs.r.ret_str; break;
+	  case oGroup: add_group(pargs.r.ret_str); break;
 	  default : pargs.err = configfp? 1:2; break;
 	}
     }
@@ -1629,7 +1658,7 @@ main( int argc, char **argv )
 
     /* We provide defaults for the personal digest list */
     if(!pers_digest_list)
-      pers_digest_list=build_personal_digest_list();
+      pers_digest_list="h2";
 
     if(pers_cipher_list &&
        keygen_set_std_prefs(pers_cipher_list,PREFTYPE_SYM))

g10/hkp.c

@@ -53,7 +53,7 @@ hkp_ask_import( KEYDB_SEARCH_DESC *desc, void *stats_handle)
     struct http_context hd;
     char *request;
     int rc;
-    unsigned int hflags = opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY : 0;
+    unsigned int hflags = opt.keyserver_options.honor_http_proxy? HTTP_FLAG_TRY_PROXY : 0;
     u32 key[2];
 
     if(desc->mode==KEYDB_SEARCH_MODE_FPR20)
@@ -77,7 +77,7 @@ hkp_ask_import( KEYDB_SEARCH_DESC *desc, void *stats_handle)
      * binary mode ... how?
      */
 
-    if(ascii_strcasecmp(opt.keyserver_scheme,"x-broken-hkp")==0)
+    if(opt.keyserver_options.broken_http_proxy)
       hflags |= HTTP_FLAG_NO_SHUTDOWN;
 
     sprintf(request,"x-hkp://%s%s%s/pks/lookup?op=get&search=0x%08lX",
@@ -113,7 +113,7 @@ hkp_export( STRLIST users )
     struct http_context hd;
     char *request;
     unsigned int status;
-    unsigned int hflags = opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY : 0;
+    unsigned int hflags = opt.keyserver_options.honor_http_proxy? HTTP_FLAG_TRY_PROXY : 0;
 
     iobuf_push_filter( temp, urlencode_filter, NULL );
 
@@ -131,7 +131,7 @@ hkp_export( STRLIST users )
 
     request = m_alloc( strlen( opt.keyserver_host ) + 100 );
 
-    if(ascii_strcasecmp(opt.keyserver_scheme,"x-broken-hkp")==0)
+    if(opt.keyserver_options.broken_http_proxy)
       hflags |= HTTP_FLAG_NO_SHUTDOWN;
 
     sprintf( request, "x-hkp://%s%s%s/pks/add",
@@ -449,7 +449,7 @@ int hkp_search(STRLIST tokens)
   char *request;
 #endif
   struct http_context hd;
-  unsigned int hflags=opt.honor_http_proxy?HTTP_FLAG_TRY_PROXY:0;
+  unsigned int hflags=opt.keyserver_options.honor_http_proxy?HTTP_FLAG_TRY_PROXY:0;
   byte *line=NULL;
 
   /* Glue the tokens together to make a search string */
@@ -512,7 +512,7 @@ int hkp_search(STRLIST tokens)
 
   request=m_alloc(strlen(opt.keyserver_host) + 100 + strlen(searchurl));
 
-  if(ascii_strcasecmp(opt.keyserver_scheme,"x-broken-hkp")==0)
+  if(opt.keyserver_options.broken_http_proxy)
     hflags |= HTTP_FLAG_NO_SHUTDOWN;
 
   sprintf(request,"x-hkp://%s%s%s/pks/lookup?op=index&search=%s",

g10/keydb.h

@@ -165,7 +165,7 @@ int keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr);
 void show_revocation_reason( PKT_public_key *pk, int mode );
 int  check_signatures_trust( PKT_signature *sig );
 void release_pk_list( PK_LIST pk_list );
-int  build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use );
+int  build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use );
 int  select_algo_from_prefs( PK_LIST pk_list, int preftype, void *hint );
 int  select_mdc_from_pklist (PK_LIST pk_list);
 

g10/keygen.c

@@ -2417,25 +2417,3 @@ write_keyblock( IOBUF out, KBNODE node )
     }
     return 0;
 }
-
-char *
-build_personal_digest_list(void)
-{
-  int i,n=0;
-  static char pers_digest_list[(MAX_PREFS*5)+1];
-
-  /* The end result of this is to favor SHA-1 over everything, and put
-     MD5 at the very end of the list. */
-
-  /* Don't put in 100-110 automatically */
-  for(i=2;i<100 && n<MAX_PREFS;i++)
-    {
-      if(check_digest_algo(i)==0)
-	{
-	  sprintf(pers_digest_list+strlen(pers_digest_list),"H%d ",i);
-	  n++;
-	}
-    }
-
-  return pers_digest_list;
-}

g10/keyserver.c

@@ -79,9 +79,9 @@ parse_keyserver_options(char *options)
       else if(ascii_strcasecmp(tok,"no-verbose")==0)
 	opt.keyserver_options.verbose--;
       else if(ascii_strcasecmp(tok,"honor-http-proxy")==0)
-	opt.honor_http_proxy=1;
+	opt.keyserver_options.honor_http_proxy=1;
       else if(ascii_strcasecmp(tok,"no-honor-http-proxy")==0)
-	opt.honor_http_proxy=0;
+	opt.keyserver_options.honor_http_proxy=0;
       else if(ascii_strcasecmp(tok,"refresh-add-fake-v3-keyids")==0)
 	opt.keyserver_options.refresh_add_fake_v3_keyids=1;
       else if(ascii_strcasecmp(tok,"no-refresh-add-fake-v3-keyids")==0)
@@ -90,6 +90,10 @@ parse_keyserver_options(char *options)
 	opt.keyserver_options.auto_key_retrieve=1;
       else if(ascii_strcasecmp(tok,"no-auto-key-retrieve")==0)
 	opt.keyserver_options.auto_key_retrieve=0;
+      else if(ascii_strcasecmp(tok,"broken-http-proxy")==0)
+	opt.keyserver_options.broken_http_proxy=1;
+      else if(ascii_strcasecmp(tok,"no-broken-http-proxy")==0)
+	opt.keyserver_options.broken_http_proxy=0;
       else if(strlen(tok)>0)
 	add_to_strlist(&opt.keyserver_options.other,tok);
 
@@ -107,9 +111,25 @@ parse_keyserver_uri(char *uri)
   if(uri==NULL)
     {
       uri=opt.keyserver_scheme;
-      opt.keyserver_scheme="x-hkp";
+      opt.keyserver_scheme="hkp";
     }
 
+  if(ascii_strcasecmp(opt.keyserver_scheme,"x-broken-hkp")==0)
+    {
+      log_info(_("WARNING: %s is a deprecated option.\n"),
+ 	       "x-broken-hkp");
+      log_info(_("please use \"--keyserver-options %s\" instead\n"),
+ 	       "broken-http-proxy");
+      opt.keyserver_scheme="hkp";
+      opt.keyserver_options.broken_http_proxy=1;
+    }
+  else if(ascii_strcasecmp(opt.keyserver_scheme,"x-hkp")==0)
+    {
+      /* Canonicalize this to "hkp" so it works with both the internal
+	 and external keyserver interface. */
+      opt.keyserver_scheme="hkp";
+    } 
+
   /* Skip the "//", if any */
   if(strlen(uri)>2 && uri[0]=='/' && uri[1]=='/')
     uri+=2;
@@ -573,9 +593,7 @@ keyserver_work(int action,STRLIST list,KEYDB_SEARCH_DESC *desc,int count)
 
 #ifndef USE_EXTERNAL_HKP
   /* Use the internal HKP code */
-  if(ascii_strcasecmp(opt.keyserver_scheme,"x-hkp")==0 ||
-     ascii_strcasecmp(opt.keyserver_scheme,"hkp")==0 ||
-     ascii_strcasecmp(opt.keyserver_scheme,"x-broken-hkp")==0)
+  if(ascii_strcasecmp(opt.keyserver_scheme,"hkp")==0)
     {
       void *stats_handle = import_new_stats_handle ();
 
@@ -858,9 +876,7 @@ keyserver_refresh(STRLIST users)
      scheme, then enable fake v3 keyid generation. */
   if(opt.keyserver_options.refresh_add_fake_v3_keyids &&
      opt.keyserver_scheme &&
-     (ascii_strcasecmp(opt.keyserver_scheme,"x-hkp")==0 ||
-      ascii_strcasecmp(opt.keyserver_scheme,"hkp")==0 ||
-      ascii_strcasecmp(opt.keyserver_scheme,"x-broken-hkp")==0 ||
+     (ascii_strcasecmp(opt.keyserver_scheme,"hkp")==0 ||
       ascii_strcasecmp(opt.keyserver_scheme,"mailto")==0))
     fakev3=1;
 

g10/main.h

@@ -36,6 +36,12 @@ typedef struct {
     cipher_filter_context_t cfx;
 } encrypt_filter_context_t;
 
+struct groupitem
+{
+  char *name;
+  STRLIST values;
+  struct groupitem *next;
+};
 
 /*-- g10.c --*/
 extern int g10_errors_seen;
@@ -120,7 +126,6 @@ int keygen_add_std_prefs( PKT_signature *sig, void *opaque );
 int keygen_upd_std_prefs( PKT_signature *sig, void *opaque );
 int keygen_add_revkey(PKT_signature *sig, void *opaque);
 int generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock );
-char *build_personal_digest_list(void);
 
 /*-- openfile.c --*/
 int overwrite_filep( const char *fname );

g10/options.h

@@ -21,6 +21,7 @@
 #define G10_OPTIONS_H
 
 #include <types.h>
+#include "main.h"
 #include "packet.h"
 
 #undef ENABLE_COMMENT_PACKETS  /* don't create comment packets */
@@ -122,6 +123,8 @@ struct {
       int keep_temp_files:1;
       int refresh_add_fake_v3_keyids:1;
       int auto_key_retrieve:1;
+      int honor_http_proxy:1;
+      int broken_http_proxy:1;
       STRLIST other;
     } keyserver_options;
     int exec_disable;
@@ -145,7 +148,6 @@ struct {
     int allow_freeform_uid;
     int no_literal;
     ulong set_filesize;
-    int honor_http_proxy;
     int fast_list_mode;
     int fixed_list_mode;
     int ignore_time_conflict;
@@ -165,6 +167,7 @@ struct {
     int preserve_permissions;
     int no_homedir_creation;
     int show_keyring;
+    struct groupitem *grouplist;
 } opt;
 
 

g10/options.skel

@@ -59,12 +59,13 @@ $Id$
 # as default character set.
 #charset utf-8
 
-
-# You may define aliases like this:
-#   alias mynames  -u 0x12345678 -u 0x456789ab -z 9
-# everytime you use --mynames, it will be expanded to the options
-# in the above defintion.  The name of the alias may not be abbreviated.
-# NOTE: This is not yet implemented
+# Group names may be defined like this:
+#   group mynames paige 0x12345678 joe patti
+#
+# Any time "mynames" is a receipient (-r or --recipient), it will be
+# expanded to the names "paige", "joe", and "patti", and the key ID
+# "0x12345678".  Note there is only one level of expansion - you
+# cannot make an group that points to another group.
 
 # lock the file only once for the lifetime of a process.
 # if you do not define this, the lock will be obtained and released
@@ -97,11 +98,10 @@ lock-once
 # through the usual method:
 #      x-hkp://keyserver.example.net:22742
 #
-# If you have problems connecting to a HKP server through a buggy
-# http proxy, you can use this:
-#      x-broken-hkp://keyserver.example.net
-# But first you should make sure that you have read the man page regarding
-# proxies (honor-http-proxy)
+# If you have problems connecting to a HKP server through a buggy http
+# proxy, you can use keyserver option broken-http-proxy (see below),
+# but first you should make sure that you have read the man page
+# regarding proxies (keyserver option honor-http-proxy)
 #
 # Most users just set the name and type of their preferred keyserver.
 # Most servers do synchronize with each other and DNS round-robin may
@@ -130,9 +130,11 @@ lock-once
 # keep-temp-files = do not delete temporary files after using them
 #                   (really only useful for debugging)
 #
-# honor-http-proxy = if the keyserver uses http, honor the http_proxy
+# honor-http-proxy = if the keyserver uses HTTP, honor the http_proxy
 #                    environment variable
 #
+# broken-http-proxy = try to work around a buggy HTTP proxy
+#
 # auto-key-retrieve = automatically fetch keys as needed from the
 #                     keyserver when verifying signatures or when importing
 #                     keys that have been revoked by a revocation key that

g10/pkclist.c

@@ -690,17 +690,54 @@ default_recipient(void)
     return p;
 }
 
+/* For simplicity, and to avoid potential loops, we only expand once -
+   you can't make an alias that points to an alias. */
+static STRLIST
+expand_groups(STRLIST input)
+{
+  STRLIST output=NULL,rover;
+  struct groupitem *groups;
+
+  for(rover=input;rover;rover=rover->next)
+    {
+      for(groups=opt.grouplist;groups;groups=groups->next)
+	{
+	  /* need strcasecmp() here, as this should be localized */
+	  if(strcasecmp(groups->name,rover->d)==0)
+	    {
+	      STRLIST each;
+
+	      /* maintain current utf8-ness */
+	      for(each=groups->values;each;each=each->next)
+		add_to_strlist(&output,each->d);
+
+	      break;
+	    }
+	}
+
+      /* Didn't find any groups, so use the existing string */
+      if(!groups)
+	add_to_strlist(&output,rover->d);
+    }
+
+  return output;
+}
 
 int
-build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use )
+build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
 {
     PK_LIST pk_list = NULL;
     PKT_public_key *pk=NULL;
     int rc=0;
     int any_recipients=0;
-    STRLIST rov;
+    STRLIST rov,remusr;
     char *def_rec = NULL;
 
+    if(opt.grouplist)
+      remusr=expand_groups(rcpts);
+    else
+      remusr=rcpts;
+
     /* check whether there are any recipients in the list and build the
      * list of the encrypt-to ones (we always trust them) */
     for( rov = remusr; rov; rov = rov->next ) {
@@ -949,6 +986,8 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use )
 	release_pk_list( pk_list );
     else
 	*ret_pk_list = pk_list;
+    if(opt.grouplist)
+      free_strlist(remusr);
     return rc;
 }