Add an outofband indicator to the keyserver protocol.

Use signature flags for exportability check rather than re-parsing the
subpacket.

g10/ChangeLog

@@ -1,3 +1,16 @@
+2001-12-28  David Shaw  <dshaw@jabberwocky.com>
+
+	* keyserver.c (keyserver_spawn): Look for OPTIONS from the
+	keyserver helper - specifically, a "OUTOFBAND" option for the
+	email keyserver.
+
+	* mainproc.c (list_node), keylist.c (list_keyblock_colon),
+	import.c (delete_inv_parts), export.c (do_export_stream): Use
+	signature flags for exportability check rather than re-parsing the
+	subpacket.
+
+	* keyid.c, keydb.h (get_lsign_letter): No longer needed.
+
 2001-12-27  David Shaw  <dshaw@jabberwocky.com>
 
 	* exec.c (exec_finish): Show errors when temp files cannot be

g10/export.c

@@ -194,10 +194,7 @@ do_export_stream( IOBUF out, STRLIST users, int secret, int onlyrfc, int *any )
               continue;
 	    /* do not export packets which are marked as not exportable */
 	    if( node->pkt->pkttype == PKT_SIGNATURE ) {
-		const char *p;
-		p = parse_sig_subpkt2( node->pkt->pkt.signature,
-				       SIGSUBPKT_EXPORTABLE, NULL );
-		if( p && !*p )
+	        if( !node->pkt->pkt.signature->flags.exportable )
 		  continue; /* not exportable */
 
                 /* delete our verification cache */

g10/import.c

@@ -887,7 +887,6 @@ delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid )
 {
     KBNODE node;
     int nvalid=0, uid_seen=0;
-    const char *p;
 
     for(node=keyblock->next; node; node = node->next ) {
 	if( node->pkt->pkttype == PKT_USER_ID ) {
@@ -933,11 +932,9 @@ delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid )
 		 && check_pubkey_algo( node->pkt->pkt.signature->pubkey_algo)
 		 && node->pkt->pkt.signature->pubkey_algo != PUBKEY_ALGO_RSA )
 	    delete_kbnode( node ); /* build_packet() can't handle this */
-	else if( node->pkt->pkttype == PKT_SIGNATURE
-		 && (p = parse_sig_subpkt2( node->pkt->pkt.signature,
-					    SIGSUBPKT_EXPORTABLE, NULL ))
-		 && !*p
-		 && seckey_available( node->pkt->pkt.signature->keyid ) ) {
+	else if( node->pkt->pkttype == PKT_SIGNATURE &&
+		 !node->pkt->pkt.signature->flags.exportable &&
+		 seckey_available( node->pkt->pkt.signature->keyid ) ) {
 	    /* here we violate the rfc a bit by still allowing
 	     * to import non-exportable signature when we have the
 	     * the secret key used to create this signature - it

g10/keydb.h

@@ -213,7 +213,6 @@ KEYDB_HANDLE get_ctx_handle(GETKEY_CTX ctx);
 
 /*-- keyid.c --*/
 int pubkey_letter( int algo );
-int get_lsign_letter ( PKT_signature *sig );
 u32 keyid_from_sk( PKT_secret_key *sk, u32 *keyid );
 u32 keyid_from_pk( PKT_public_key *pk, u32 *keyid );
 u32 keyid_from_sig( PKT_signature *sig, u32 *keyid );

g10/keyid.c

@@ -48,18 +48,6 @@ pubkey_letter( int algo )
     }
 }
 
-int
-get_lsign_letter ( PKT_signature *sig )
-{
-    const char *p;
-    
-    if (!sig)
-        return '?';
-    p = parse_sig_subpkt2( sig, SIGSUBPKT_EXPORTABLE, NULL );
-    return (p && !*p)? 'l':'x';
-}
-
-
 static MD_HANDLE
 do_fingerprint_md( PKT_public_key *pk )
 {

g10/keylist.c

@@ -718,7 +718,7 @@ list_keyblock_colon( KBNODE keyblock, int secret )
 	       sigstr = "sig";
 	    else {
                 printf ("sig::::::::::%02x%c:\n",
-                        sig->sig_class, get_lsign_letter (sig) );
+                        sig->sig_class, sig->flags.exportable?'x':'l');
 		continue;
 	    }
 	    if( opt.check_sigs ) {
@@ -754,7 +754,7 @@ list_keyblock_colon( KBNODE keyblock, int secret )
                 print_string( stdout, p, n, ':' );
 		m_free(p);
 	    }
-            printf(":%02x%c:\n", sig->sig_class, get_lsign_letter (sig) );
+            printf(":%02x%c:\n", sig->sig_class,sig->flags.exportable?'x':'l');
 	    /* fixme: check or list other sigs here */
 	}
     }

g10/keyserver.c

@@ -256,7 +256,7 @@ print_keyinfo(int count,char *keystring,u32 *keyid)
 static int 
 keyserver_spawn(int action,STRLIST list,u32 (*kidlist)[2],int count,int *prog)
 {
-  int ret=0,i, gotversion=0;
+  int ret=0,i,gotversion=0,outofband=0;
   STRLIST temp;
   unsigned int maxlen=256,buflen;
   char *command=NULL,*searchstr=NULL;
@@ -447,6 +447,10 @@ keyserver_spawn(int action,STRLIST list,u32 (*kidlist)[2],int count,int *prog)
 	    log_info(_("Warning: keyserver handler from a different "
 		       "version of GnuPG (%s)\n"),&line[8]);
 	}
+
+      /* Currently the only OPTION */
+      if(strncasecmp(line,"OPTION OUTOFBAND",16)==0)
+	outofband=1;
     }
   while(line[0]!='\n');
 
@@ -456,6 +460,7 @@ keyserver_spawn(int action,STRLIST list,u32 (*kidlist)[2],int count,int *prog)
       goto fail;
     }
 
+  if(!outofband)
     switch(action)
       {
       case GET:
@@ -765,7 +770,7 @@ keyserver_search(STRLIST tokens)
 }
 
 /* Count is just for cosmetics.  If it is too small, it will grow
-   safely.  If it negative it disables the "Key x-y of z" messages. */
+   safely.  If negative it disables the "Key x-y of z" messages. */
 void 
 keyserver_search_prompt(IOBUF buffer,int count,const char *searchstr)
 {

g10/mainproc.c

@@ -986,7 +986,7 @@ list_node( CTX c, KBNODE node )
 	    m_free(p);
 	}
 	if( opt.with_colons )
-	    printf(":%02x%c:", sig->sig_class, get_lsign_letter (sig) );
+	    printf(":%02x%c:", sig->sig_class, sig->flags.exportable?'x':'l');
 	putchar('\n');
     }
     else