Add an outofband indicator to the keyserver protocol.

Use signature flags for exportability check rather than re-parsing the subpacket.
2025-02-02 16:43:03 +01:00 · 2001-12-28 16:34:01 +00:00 · 2001-12-28 16:34:01 +00:00 · aa2e2392da
commit aa2e2392da
parent 1a2d0ebc11
8 changed files with 73 additions and 74 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,16 @@
 2001-12-28  David Shaw  <dshaw@jabberwocky.com>
 	* keyserver.c (keyserver_spawn): Look for OPTIONS from the
 	keyserver helper - specifically, a "OUTOFBAND" option for the
 	email keyserver.
 	* mainproc.c (list_node), keylist.c (list_keyblock_colon),
 	import.c (delete_inv_parts), export.c (do_export_stream): Use
 	signature flags for exportability check rather than re-parsing the
 	subpacket.
 	* keyid.c, keydb.h (get_lsign_letter): No longer needed.
 2001-12-27  David Shaw  <dshaw@jabberwocky.com>
 	* exec.c (exec_finish): Show errors when temp files cannot be
--- a/g10/export.c
+++ b/g10/export.c
@ -194,10 +194,7 @@ do_export_stream( IOBUF out, STRLIST users, int secret, int onlyrfc, int *any )
              continue;
 	    /* do not export packets which are marked as not exportable */
 	    if( node->pkt->pkttype == PKT_SIGNATURE ) {
-		const char *p;
+	        if( !node->pkt->pkt.signature->flags.exportable )
 		p = parse_sig_subpkt2( node->pkt->pkt.signature,
 				       SIGSUBPKT_EXPORTABLE, NULL );
 		if( p && !*p )
 		  continue; /* not exportable */
                /* delete our verification cache */
--- a/g10/import.c
+++ b/g10/import.c
@ -887,7 +887,6 @@ delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid )
 {
    KBNODE node;
    int nvalid=0, uid_seen=0;
    const char *p;
    for(node=keyblock->next; node; node = node->next ) {
 	if( node->pkt->pkttype == PKT_USER_ID ) {
@ -933,11 +932,9 @@ delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid )
 		 && check_pubkey_algo( node->pkt->pkt.signature->pubkey_algo)
 		 && node->pkt->pkt.signature->pubkey_algo != PUBKEY_ALGO_RSA )
 	    delete_kbnode( node ); /* build_packet() can't handle this */
-	else if( node->pkt->pkttype == PKT_SIGNATURE
+	else if( node->pkt->pkttype == PKT_SIGNATURE &&
-		 && (p = parse_sig_subpkt2( node->pkt->pkt.signature,
+		 !node->pkt->pkt.signature->flags.exportable &&
-					    SIGSUBPKT_EXPORTABLE, NULL ))
+		 seckey_available( node->pkt->pkt.signature->keyid ) ) {
 		 && !*p
 		 && seckey_available( node->pkt->pkt.signature->keyid ) ) {
 	    /* here we violate the rfc a bit by still allowing
 	     * to import non-exportable signature when we have the
 	     * the secret key used to create this signature - it
--- a/g10/keydb.h
+++ b/g10/keydb.h
@ -213,7 +213,6 @@ KEYDB_HANDLE get_ctx_handle(GETKEY_CTX ctx);
 /*-- keyid.c --*/
 int pubkey_letter( int algo );
 int get_lsign_letter ( PKT_signature *sig );
 u32 keyid_from_sk( PKT_secret_key *sk, u32 *keyid );
 u32 keyid_from_pk( PKT_public_key *pk, u32 *keyid );
 u32 keyid_from_sig( PKT_signature *sig, u32 *keyid );
--- a/g10/keyid.c
+++ b/g10/keyid.c
@ -48,18 +48,6 @@ pubkey_letter( int algo )
    }
 }
 int
 get_lsign_letter ( PKT_signature *sig )
 {
    const char *p;
    if (!sig)
        return '?';
    p = parse_sig_subpkt2( sig, SIGSUBPKT_EXPORTABLE, NULL );
    return (p && !*p)? 'l':'x';
 }
 static MD_HANDLE
 do_fingerprint_md( PKT_public_key *pk )
 {
--- a/g10/keylist.c
+++ b/g10/keylist.c
@ -718,7 +718,7 @@ list_keyblock_colon( KBNODE keyblock, int secret )
 	       sigstr = "sig";
 	    else {
                printf ("sig::::::::::%02x%c:\n",
-                        sig->sig_class, get_lsign_letter (sig) );
+                        sig->sig_class, sig->flags.exportable?'x':'l');
 		continue;
 	    }
 	    if( opt.check_sigs ) {
@ -754,7 +754,7 @@ list_keyblock_colon( KBNODE keyblock, int secret )
                print_string( stdout, p, n, ':' );
 		m_free(p);
 	    }
-            printf(":%02x%c:\n", sig->sig_class, get_lsign_letter (sig) );
+            printf(":%02x%c:\n", sig->sig_class,sig->flags.exportable?'x':'l');
 	    /* fixme: check or list other sigs here */
 	}
    }
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@ -256,7 +256,7 @@ print_keyinfo(int count,char *keystring,u32 *keyid)
 static int 
 keyserver_spawn(int action,STRLIST list,u32 (*kidlist)[2],int count,int *prog)
 {
-  int ret=0,i, gotversion=0;
+  int ret=0,i,gotversion=0,outofband=0;
  STRLIST temp;
  unsigned int maxlen=256,buflen;
  char *command=NULL,*searchstr=NULL;
@ -447,6 +447,10 @@ keyserver_spawn(int action,STRLIST list,u32 (*kidlist)[2],int count,int *prog)
 	    log_info(_("Warning: keyserver handler from a different "
 		       "version of GnuPG (%s)\n"),&line[8]);
 	}
      /* Currently the only OPTION */
      if(strncasecmp(line,"OPTION OUTOFBAND",16)==0)
 	outofband=1;
    }
  while(line[0]!='\n');
@ -456,6 +460,7 @@ keyserver_spawn(int action,STRLIST list,u32 (*kidlist)[2],int count,int *prog)
      goto fail;
    }
  if(!outofband)
    switch(action)
      {
      case GET:
@ -765,7 +770,7 @@ keyserver_search(STRLIST tokens)
 }
 /* Count is just for cosmetics.  If it is too small, it will grow
-   safely.  If it negative it disables the "Key x-y of z" messages. */
+   safely.  If negative it disables the "Key x-y of z" messages. */
 void 
 keyserver_search_prompt(IOBUF buffer,int count,const char *searchstr)
 {
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@ -986,7 +986,7 @@ list_node( CTX c, KBNODE node )
 	    m_free(p);
 	}
 	if( opt.with_colons )
-	    printf(":%02x%c:", sig->sig_class, get_lsign_letter (sig) );
+	    printf(":%02x%c:", sig->sig_class, sig->flags.exportable?'x':'l');
 	putchar('\n');
    }
    else