* trustdb.h, trustdb.c (clean_sigs_from_uid): Add flag to remove all
authorDavid Shaw <dshaw@jabberwocky.com>
Thu, 10 Nov 2005 21:18:49 +0000 (21:18 +0000)
committerDavid Shaw <dshaw@jabberwocky.com>
Thu, 10 Nov 2005 21:18:49 +0000 (21:18 +0000)
non-selfsigs from key during cleaning.  Change all callers.

* export.c (do_export_stream): Use it here so we don't need additional
minimize code in the export path.

g10/ChangeLog
g10/export.c
g10/import.c
g10/keyedit.c
g10/trustdb.c
g10/trustdb.h

index a09a0dd..76a93d7 100644 (file)
@@ -1,3 +1,11 @@
+2005-11-10  David Shaw  <dshaw@jabberwocky.com>
+
+       * trustdb.h, trustdb.c (clean_sigs_from_uid): Add flag to remove
+       all non-selfsigs from key during cleaning.  Change all callers.
+
+       * export.c (do_export_stream): Use it here so we don't need
+       additional minimize code in the export path.
+
 2005-11-06  David Shaw  <dshaw@jabberwocky.com>
 
        * options.skel: Add a section for --encrypt-to.  This is Debian
index 053e1c1..a571054 100644 (file)
@@ -293,7 +293,6 @@ do_export_stream( IOBUF out, STRLIST users, int secret,
     subkey_list_t subkey_list = NULL;  /* Track alreay processed subkeys. */
     KEYDB_HANDLE kdbhd;
     STRLIST sl;
-    u32 keyid[2];
 
     *any = 0;
     init_packet( &pkt );
@@ -383,10 +382,6 @@ do_export_stream( IOBUF out, STRLIST users, int secret,
        else
          {
            /* It's a public key export. */
-           if((options&EXPORT_MINIMAL)
-              && (node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
-             keyid_from_pk(node->pkt->pkt.public_key,keyid);
-
            if(options&EXPORT_CLEAN_UIDS)
              clean_uids_from_key(keyblock,opt.verbose);
          }
@@ -460,26 +455,20 @@ do_export_stream( IOBUF out, STRLIST users, int secret,
                 }
              }
 
-
            if(node->pkt->pkttype==PKT_USER_ID)
              {
                /* Run clean_sigs_from_uid against each uid if
-                  export-clean-sigs is on. */
+                  export-clean-sigs is on.  export-minimal causes it
+                  to remove all non-selfsigs as well.  Note that
+                  export-minimal only applies to UID sigs (0x10,
+                  0x11, 0x12, and 0x13).  A designated revocation is
+                  not stripped. */
                if(options&EXPORT_CLEAN_SIGS)
-                 clean_sigs_from_uid(keyblock,node,opt.verbose);
+                 clean_sigs_from_uid(keyblock,node,
+                                     opt.verbose,options&EXPORT_MINIMAL);
              }
            else if(node->pkt->pkttype==PKT_SIGNATURE)
              {
-               /* If we have export-minimal turned on, do not include
-                  any signature that isn't a selfsig.  Note that this
-                  only applies to uid sigs (0x10, 0x11, 0x12, and
-                  0x13).  A designated revocation is not stripped. */
-               if((options&EXPORT_MINIMAL)
-                  && IS_UID_SIG(node->pkt->pkt.signature)
-                  && (node->pkt->pkt.signature->keyid[0]!=keyid[0]
-                      || node->pkt->pkt.signature->keyid[1]!=keyid[1]))
-                 continue;
-
                /* do not export packets which are marked as not
                   exportable */
                if(!(options&EXPORT_LOCAL_SIGS)
index d8a7b2a..f367b03 100644 (file)
@@ -674,7 +674,7 @@ clean_sigs_from_all_uids(KBNODE keyblock)
 
   for(uidnode=keyblock->next;uidnode;uidnode=uidnode->next)
     if(uidnode->pkt->pkttype==PKT_USER_ID)
-      deleted+=clean_sigs_from_uid(keyblock,uidnode,opt.verbose);
+      deleted+=clean_sigs_from_uid(keyblock,uidnode,opt.verbose,0);
 
   return deleted;
 }
index 1e07b1d..18ae1f4 100644 (file)
@@ -3199,7 +3199,7 @@ menu_clean_sigs_from_uids(KBNODE keyblock)
          char *user=utf8_to_native(uidnode->pkt->pkt.user_id->name,
                                    uidnode->pkt->pkt.user_id->len,
                                    0);
-         deleted=clean_sigs_from_uid(keyblock,uidnode,opt.verbose);
+         deleted=clean_sigs_from_uid(keyblock,uidnode,opt.verbose,0);
          if(deleted)
            {
              tty_printf(deleted==1?
index ae0a6cc..47c4186 100644 (file)
@@ -1575,13 +1575,16 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
 }
 
 int
-clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy)
+clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only)
 {
   int deleted=0;
   KBNODE node;
+  u32 keyid[2];
 
   assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
 
+  keyid_from_pk(keyblock->pkt->pkt.public_key,keyid);
+
   /* Passing in a 0 for current time here means that we'll never weed
      out an expired sig.  This is correct behavior since we want to
      keep the most recent expired sig in a series. */
@@ -1607,12 +1610,15 @@ clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy)
       node && node->pkt->pkttype==PKT_SIGNATURE;
       node=node->next)
     {
+      int keep=self_only?(node->pkt->pkt.signature->keyid[0]==keyid[0]
+                         && node->pkt->pkt.signature->keyid[1]==keyid[1]):1;
+
       /* Keep usable uid sigs ... */
-      if(node->flag & (1<<8))
+      if((node->flag & (1<<8)) && keep)
        continue;
 
       /* ... and usable revocations... */
-      if(node->flag & (1<<11))
+      if((node->flag & (1<<11)) && keep)
        continue;
 
       /* ... and sigs from unavailable keys. */
index b9dae35..e75e7f8 100644 (file)
@@ -82,7 +82,7 @@ const char *get_ownertrust_string (PKT_public_key *pk);
 void update_ownertrust (PKT_public_key *pk, unsigned int new_trust );
 int clear_ownertrusts (PKT_public_key *pk);
 
-int clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy);
+int clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only);
 int clean_uids_from_key(KBNODE keyblock,int noisy);
 
 /*-- tdbdump.c --*/