* pkclist.c (do_we_trust_pre): If an untrusted key was chosen by a

particular user ID, use that ID as the one to ask about when prompting
whether to use the key anyway. (build_pk_list): Similar change here when
adding keys to the recipient list.

* trustdb.c (update_validity): Fix bug that prevented more than one
validity record per trust record. (get_validity): When retrieving validity
for a (user) supplied user ID, return the validity for that user ID only,
and do not fall back to the general key validity. (validate_one_keyblock):
Some commentary on whether non-self-signed user IDs belong in the web of
trust (arguably, they do).

3 files changed, 82 insertions, 25 deletions

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 99247bf96..6ea996178 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,20 @@
+2003-04-30  David Shaw  <[email protected]>
+
+	* pkclist.c (do_we_trust_pre): If an untrusted key was chosen by a
+	particular user ID, use that ID as the one to ask about when
+	prompting whether to use the key anyway.
+	(build_pk_list): Similar change here when adding keys to the
+	recipient list.
+
+	* trustdb.c (update_validity): Fix bug that prevented more than
+	one validity record per trust record.
+	(get_validity): When retrieving validity for a (user) supplied
+	user ID, return the validity for that user ID only, and do not
+	fall back to the general key validity.
+	(validate_one_keyblock): Some commentary on whether
+	non-self-signed user IDs belong in the web of trust (arguably,
+	they do).
+
 2003-04-29  Werner Koch  <[email protected]>
 
 	* sig-check.c (check_key_signature2): Made "no subkey for subkey
diff --git a/g10/pkclist.c b/g10/pkclist.c
index a80b18289..982b16774 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -525,17 +525,23 @@ do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel )
 	return 0;
 
     if( !opt.batch && !rc ) {
-	char *p;
 	u32 keyid[2];
-	size_t n;
 
 	keyid_from_pk( pk, keyid);
 	tty_printf( "%4u%c/%08lX %s \"",
 		  nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ),
 		  (ulong)keyid[1], datestr_from_pk( pk ) );
-	p = get_user_id( keyid, &n );
-	tty_print_utf8_string( p, n ),
-	m_free(p);
+	/* If the pk was chosen by a particular user ID, this is the
+	   one to ask about. */
+	if(pk->user_id)
+	  tty_print_utf8_string(pk->user_id->name,pk->user_id->len);
+	else
+	  {
+	    size_t n;
+	    char *p = get_user_id( keyid, &n );
+	    tty_print_utf8_string( p, n );
+	    m_free(p);
+	  }
 	tty_printf("\"\n");
         print_fingerprint (pk, NULL, 2);
 	tty_printf("\n");
@@ -889,8 +895,8 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
 		}
 		else {
 		    int trustlevel;
-
-		    trustlevel = get_validity (pk, NULL);
+		    
+		    trustlevel = get_validity (pk, pk->user_id);
 		    if( (trustlevel & TRUST_FLAG_DISABLED) ) {
 			tty_printf(_("Public key is disabled.\n") );
 		    }
@@ -903,8 +909,6 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
 			}
 			else {
 			    PK_LIST r;
-			    char *p;
-			    size_t n;
 			    u32 keyid[2];
 
 			    keyid_from_pk( pk, keyid);
@@ -913,9 +917,16 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
 				       pubkey_letter( pk->pubkey_algo ),
 				       (ulong)keyid[1],
 				       datestr_from_pk( pk ) );
-			    p = get_user_id( keyid, &n );
-			    tty_print_utf8_string( p, n );
-			    m_free(p);
+			    if(pk->user_id)
+			      tty_print_utf8_string(pk->user_id->name,
+						    pk->user_id->len);
+			    else
+			      {
+				size_t n;
+				char *p = get_user_id( keyid, &n );
+				tty_print_utf8_string( p, n );
+				m_free(p);
+			      }
 			    tty_printf("\"\n");
 
 			    r = m_alloc( sizeof *r );
@@ -985,7 +996,7 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
 	    else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, use )) ) {
 		int trustlevel;
 
-		trustlevel = get_validity (pk, NULL);
+		trustlevel = get_validity (pk, pk->user_id);
 		if( (trustlevel & TRUST_FLAG_DISABLED) ) {
 		    free_public_key(pk); pk = NULL;
 		    log_info(_("%s: skipped: public key is disabled\n"),
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 5f27b973c..c148cfd2d 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -692,13 +692,13 @@ update_validity (PKT_public_key *pk, PKT_user_id *uid,
       vrec.rectype = RECTYPE_VALID;
       memcpy (vrec.r.valid.namehash, namehash, 20);
       vrec.r.valid.next = trec.r.trust.validlist;
+      trec.r.trust.validlist = vrec.recnum;
     }
   vrec.r.valid.validity = validity;
   vrec.r.valid.full_count = uid->help_full_count;
   vrec.r.valid.marginal_count = uid->help_marginal_count;
   write_record (&vrec);
   trec.r.trust.depth = depth;
-  trec.r.trust.validlist = vrec.recnum;
   write_record (&trec);
 }
 
@@ -739,7 +739,6 @@ clear_validity (PKT_public_key *pk)
   return any;
 }
 
-
 /***********************************************
  *********  Query trustdb values  **************
  ***********************************************/
@@ -804,7 +803,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
       else
 	rmd160_hash_buffer (namehash, uid->name, uid->len );
     }
-  
+
   init_trustdb ();
   if (!did_nextcheck)
     {
@@ -861,16 +860,30 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
   while (recno)
     {
       read_record (recno, &vrec, RECTYPE_VALID);
-      if ( validity < (vrec.r.valid.validity & TRUST_MASK) )
-        validity = (vrec.r.valid.validity & TRUST_MASK);
-      if ( uid && !memcmp (vrec.r.valid.namehash, namehash, 20) )
-        break;
+
+      if(uid)
+	{
+	  /* If a user ID is given we return the validity for that
+	     user ID ONLY.  If the namehash is not found, then there
+	     is no validity at all (i.e. the user ID wasn't
+	     signed). */
+	  if(memcmp(vrec.r.valid.namehash,namehash,20)==0)
+	    {
+	      validity=(vrec.r.valid.validity & TRUST_MASK);
+	      break;
+	    }
+	}
+      else
+	{
+	  /* If no namehash is given, we take the maximum validity
+	     over all user IDs */
+	  if ( validity < (vrec.r.valid.validity & TRUST_MASK) )
+	    validity = (vrec.r.valid.validity & TRUST_MASK);
+	}
+
       recno = vrec.r.valid.next;
     }
   
-  if (recno) /* okay, use the user ID associated one */
-    validity = (vrec.r.valid.validity & TRUST_MASK);
-
   if ( (trec.r.trust.ownertrust & TRUST_FLAG_DISABLED) )
     validity |= TRUST_FLAG_DISABLED;
 
@@ -1304,6 +1317,16 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
   keyid_from_pk(pk, main_kid);
   for (node=kb; node; node = node->next)
     {
+      /* A bit of discussion here: is it better for the web of trust
+	 to be built among only self-signed uids?  On the one hand, a
+	 self-signed uid is a statement that the key owner definitely
+	 intended that uid to be there, but on the other hand, a
+	 signed (but not self-signed) uid does carry trust, of a sort,
+	 even if it is a statement being made by people other than the
+	 key owner "through" the uids on the key owner's key.  I'm
+	 going with the latter. -dshaw */
+
+      /* && node->pkt->pkt.user_id->created) */
       if (node->pkt->pkttype == PKT_USER_ID)
         {
           if (uidnode && issigned)
@@ -1318,13 +1341,19 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
             }
           uidnode = node;
 	  uid=uidnode->pkt->pkt.user_id;
+#if 0
+	  /* If the selfsig is going to expire...  This is disabled as
+	     we do count un-self-signed uids in the web of trust. */
+	  if(uid->expiredate && uid->expiredate<*next_expire)
+	    *next_expire = uid->expiredate;
+#endif
           issigned = 0;
 	  get_validity_counts(pk,uid);
           mark_usable_uid_certs (kb, uidnode, main_kid, klist, 
                                  curtime, next_expire);
         }
-      else if (node->pkt->pkttype == PKT_SIGNATURE 
-               && (node->flag & (1<<8)) && uid)
+      else if (node->pkt->pkttype == PKT_SIGNATURE
+	       && (node->flag & (1<<8)) && uid)
         {
           PKT_signature *sig = node->pkt->pkt.signature;