Add an outofband indicator to the keyserver protocol.

Use signature flags for exportability check rather than re-parsing the
subpacket.

g10/ChangeLog

@@ -1,3 +1,16 @@
+2001-12-28  David Shaw  <dshaw@jabberwocky.com>
+
+	* keyserver.c (keyserver_spawn): Look for OPTIONS from the
+	keyserver helper - specifically, a "OUTOFBAND" option for the
+	email keyserver.
+
+	* mainproc.c (list_node), keylist.c (list_keyblock_colon),
+	import.c (delete_inv_parts), export.c (do_export_stream): Use
+	signature flags for exportability check rather than re-parsing the
+	subpacket.
+
+	* keyid.c, keydb.h (get_lsign_letter): No longer needed.
+
 2001-12-27  David Shaw  <dshaw@jabberwocky.com>
 
 	* exec.c (exec_finish): Show errors when temp files cannot be

g10/export.c

@@ -194,11 +194,8 @@ do_export_stream( IOBUF out, STRLIST users, int secret, int onlyrfc, int *any )
               continue;
 	    /* do not export packets which are marked as not exportable */
 	    if( node->pkt->pkttype == PKT_SIGNATURE ) {
-		const char *p;
+	        if( !node->pkt->pkt.signature->flags.exportable )
-		p = parse_sig_subpkt2( node->pkt->pkt.signature,
+		  continue; /* not exportable */
-				       SIGSUBPKT_EXPORTABLE, NULL );
-		if( p && !*p )
-		    continue; /* not exportable */
 
                 /* delete our verification cache */
                 delete_sig_subpkt (node->pkt->pkt.signature->unhashed,

g10/import.c

@@ -887,7 +887,6 @@ delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid )
 {
     KBNODE node;
     int nvalid=0, uid_seen=0;
-    const char *p;
 
     for(node=keyblock->next; node; node = node->next ) {
 	if( node->pkt->pkttype == PKT_USER_ID ) {
@@ -933,11 +932,9 @@ delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid )
 		 && check_pubkey_algo( node->pkt->pkt.signature->pubkey_algo)
 		 && node->pkt->pkt.signature->pubkey_algo != PUBKEY_ALGO_RSA )
 	    delete_kbnode( node ); /* build_packet() can't handle this */
-	else if( node->pkt->pkttype == PKT_SIGNATURE
+	else if( node->pkt->pkttype == PKT_SIGNATURE &&
-		 && (p = parse_sig_subpkt2( node->pkt->pkt.signature,
+		 !node->pkt->pkt.signature->flags.exportable &&
-					    SIGSUBPKT_EXPORTABLE, NULL ))
+		 seckey_available( node->pkt->pkt.signature->keyid ) ) {
-		 && !*p
-		 && seckey_available( node->pkt->pkt.signature->keyid ) ) {
 	    /* here we violate the rfc a bit by still allowing
 	     * to import non-exportable signature when we have the
 	     * the secret key used to create this signature - it

g10/keydb.h

@@ -213,7 +213,6 @@ KEYDB_HANDLE get_ctx_handle(GETKEY_CTX ctx);
 
 /*-- keyid.c --*/
 int pubkey_letter( int algo );
-int get_lsign_letter ( PKT_signature *sig );
 u32 keyid_from_sk( PKT_secret_key *sk, u32 *keyid );
 u32 keyid_from_pk( PKT_public_key *pk, u32 *keyid );
 u32 keyid_from_sig( PKT_signature *sig, u32 *keyid );

g10/keyid.c

@@ -48,18 +48,6 @@ pubkey_letter( int algo )
     }
 }
 
-int
-get_lsign_letter ( PKT_signature *sig )
-{
-    const char *p;
-    
-    if (!sig)
-        return '?';
-    p = parse_sig_subpkt2( sig, SIGSUBPKT_EXPORTABLE, NULL );
-    return (p && !*p)? 'l':'x';
-}
-
-
 static MD_HANDLE
 do_fingerprint_md( PKT_public_key *pk )
 {

g10/keylist.c

@@ -718,7 +718,7 @@ list_keyblock_colon( KBNODE keyblock, int secret )
 	       sigstr = "sig";
 	    else {
                 printf ("sig::::::::::%02x%c:\n",
-                        sig->sig_class, get_lsign_letter (sig) );
+                        sig->sig_class, sig->flags.exportable?'x':'l');
 		continue;
 	    }
 	    if( opt.check_sigs ) {
@@ -754,7 +754,7 @@ list_keyblock_colon( KBNODE keyblock, int secret )
                 print_string( stdout, p, n, ':' );
 		m_free(p);
 	    }
-            printf(":%02x%c:\n", sig->sig_class, get_lsign_letter (sig) );
+            printf(":%02x%c:\n", sig->sig_class,sig->flags.exportable?'x':'l');
 	    /* fixme: check or list other sigs here */
 	}
     }

g10/keyserver.c

@@ -256,7 +256,7 @@ print_keyinfo(int count,char *keystring,u32 *keyid)
 static int 
 keyserver_spawn(int action,STRLIST list,u32 (*kidlist)[2],int count,int *prog)
 {
-  int ret=0,i, gotversion=0;
+  int ret=0,i,gotversion=0,outofband=0;
   STRLIST temp;
   unsigned int maxlen=256,buflen;
   char *command=NULL,*searchstr=NULL;
@@ -447,6 +447,10 @@ keyserver_spawn(int action,STRLIST list,u32 (*kidlist)[2],int count,int *prog)
 	    log_info(_("Warning: keyserver handler from a different "
 		       "version of GnuPG (%s)\n"),&line[8]);
 	}
+
+      /* Currently the only OPTION */
+      if(strncasecmp(line,"OPTION OUTOFBAND",16)==0)
+	outofband=1;
     }
   while(line[0]!='\n');
 
@@ -456,60 +460,61 @@ keyserver_spawn(int action,STRLIST list,u32 (*kidlist)[2],int count,int *prog)
       goto fail;
     }
 
-  switch(action)
+  if(!outofband)
-    {
+    switch(action)
-    case GET:
       {
-	void *stats_handle;
+      case GET:
+	{
+	  void *stats_handle;
 
-	stats_handle=import_new_stats_handle();
+	  stats_handle=import_new_stats_handle();
 
-	/* Slurp up all the key data.  In the future, it might be nice
+	  /* Slurp up all the key data.  In the future, it might be nice
-	   to look for KEY foo OUTOFBAND and FAILED indicators.  It's
+	     to look for KEY foo OUTOFBAND and FAILED indicators.  It's
-	   harmless to ignore them, but ignoring them does make gpg
+	     harmless to ignore them, but ignoring them does make gpg
-	   complain about "no valid OpenPGP data found".  One way to
+	     complain about "no valid OpenPGP data found".  One way to
-	   do this could be to continue parsing this line-by-line and
+	     do this could be to continue parsing this line-by-line and
-	   make a temp iobuf for each key. */
+	     make a temp iobuf for each key. */
 
-	import_keys_stream(spawn->fromchild,
+	  import_keys_stream(spawn->fromchild,
-			   opt.keyserver_options.fast_import,stats_handle);
+			     opt.keyserver_options.fast_import,stats_handle);
 
-	import_print_stats(stats_handle);
+	  import_print_stats(stats_handle);
-	import_release_stats_handle(stats_handle);
+	  import_release_stats_handle(stats_handle);
 
+	  break;
+	}
+
+	/* Nothing to do here */
+      case SEND:
+	break;
+
+      case SEARCH:
+	{
+	  line=NULL;
+	  buflen = 0;
+	  maxlen = 80;
+	  /* Look for the COUNT line */
+	  do
+	    {
+	      if(iobuf_read_line(spawn->fromchild,&line,&buflen,&maxlen)==0)
+		{
+		  ret=G10ERR_READ_FILE;
+		  goto fail; /* i.e. EOF */
+		}
+	    }
+	  while(sscanf(line,"COUNT %d\n",&i)!=1);
+
+	  keyserver_search_prompt(spawn->fromchild,i,searchstr);
+
+	  break;
+	}
+
+      default:
+	log_fatal(_("no keyserver action!\n"));
 	break;
       }
 
-      /* Nothing to do here */
-    case SEND:
-      break;
-
-    case SEARCH:
-      {
-	line=NULL;
-        buflen = 0;
-        maxlen = 80;
-	/* Look for the COUNT line */
-	do
-	  {
-	    if(iobuf_read_line(spawn->fromchild,&line,&buflen,&maxlen)==0)
-	      {
-		ret=G10ERR_READ_FILE;
-		goto fail; /* i.e. EOF */
-	      }
-	  }
-	while(sscanf(line,"COUNT %d\n",&i)!=1);
-
-	keyserver_search_prompt(spawn->fromchild,i,searchstr);
-
-	break;
-      }
-
-    default:
-      log_fatal(_("no keyserver action!\n"));
-      break;
-    }
-
  fail:
   *prog=exec_finish(spawn);
 
@@ -765,7 +770,7 @@ keyserver_search(STRLIST tokens)
 }
 
 /* Count is just for cosmetics.  If it is too small, it will grow
-   safely.  If it negative it disables the "Key x-y of z" messages. */
+   safely.  If negative it disables the "Key x-y of z" messages. */
 void 
 keyserver_search_prompt(IOBUF buffer,int count,const char *searchstr)
 {

g10/mainproc.c

@@ -986,7 +986,7 @@ list_node( CTX c, KBNODE node )
 	    m_free(p);
 	}
 	if( opt.with_colons )
-	    printf(":%02x%c:", sig->sig_class, get_lsign_letter (sig) );
+	    printf(":%02x%c:", sig->sig_class, sig->flags.exportable?'x':'l');
 	putchar('\n');
     }
     else