8 files changed, 83 insertions, 32 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog
index 6b2f787fa..38a506d9c 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,7 @@
+Wed Sep 30 10:15:33 1998  Werner Koch  ([email protected])
+
+	* import.c (import_one): Fixed update of wrong keyblock.
+
 Tue Sep 29 08:32:08 1998  me,,,  (wk@tobold)
 
 	* mainproc.c (proc_plaintext): Display note for special filename.
diff --git a/g10/g10.c b/g10/g10.c
index 975876f73..c0e77b854 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -213,7 +213,7 @@ static ARGPARSE_OPTS opts[] = {
     { oNoComment, "no-comment", 0,   N_("do not write comment packets")},
     { oCompletesNeeded, "completes-needed", 1, N_("(default is 1)")},
     { oMarginalsNeeded, "marginals-needed", 1, N_("(default is 3)")},
-    { oLoadExtension, "load-extension" ,2, N_("|file|load extension module")},
+    { oLoadExtension, "load-extension" ,2, N_("|FILE|load extension module FILE")},
     { oRFC1991, "rfc1991",   0, N_("emulate the mode described in RFC1991")},
     { oS2KMode, "s2k-mode",  1, N_("|N|use passphrase mode N")},
     { oS2KDigest, "s2k-digest-algo",2,
diff --git a/g10/import.c b/g10/import.c
index 63d4bf9b2..ccfbccaad 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -360,7 +360,7 @@ import_one( const char *fname, KBNODE keyblock )
 	    if( (rc=lock_keyblock( &kbpos )) )
 		log_error_f(keyblock_resource_name(&kbpos),
 			 _("can't lock public keyring: %s\n"), g10_errstr(rc) );
-	    else if( (rc=update_keyblock( &kbpos, keyblock )) )
+	    else if( (rc=update_keyblock( &kbpos, keyblock_orig )) )
 		log_error_f( keyblock_resource_name(&kbpos),
 			    _("can't write keyblock: %s\n"), g10_errstr(rc) );
 	    unlock_keyblock( &kbpos );
@@ -398,7 +398,7 @@ import_one( const char *fname, KBNODE keyblock )
 					(ulong)keyid[1], g10_errstr(rc) );
 	}
 	else if( mod_key )
-	    rc = update_trustdb( new_key? pk: pk_orig);
+	    rc = update_trust_record( keyblock_orig );
 	else
 	    rc = clear_trust_checked_flag( new_key? pk : pk_orig );
     }
@@ -418,7 +418,6 @@ import_secret_one( const char *fname, KBNODE keyblock )
 {
     PKT_secret_key *sk;
     KBNODE node, uidnode;
-    KBNODE keyblock_orig = NULL;
     KBPOS kbpos;
     u32 keyid[2];
     int rc = 0;
@@ -477,7 +476,6 @@ import_secret_one( const char *fname, KBNODE keyblock )
 	log_error_f(fname, _("key %08lX: secret key not found: %s\n"),
 				(ulong)keyid[1], g10_errstr(rc));
 
-    release_kbnode( keyblock_orig );
     return rc;
 }
 
diff --git a/g10/packet.h b/g10/packet.h
index 0a4adc5f8..5bb383c86 100644
--- a/g10/packet.h
+++ b/g10/packet.h
@@ -83,8 +83,13 @@ typedef struct {
 
 
 typedef struct {
-    u32     keyid[2];	    /* 64 bit keyid */
     ulong   local_id;	    /* internal use, valid if > 0 */
+    struct {
+	unsigned checked:1; /* signature has been checked */
+	unsigned valid:1;   /* signature is good (if checked is set) */
+	unsigned unknown_critical:1;
+    } flags;
+    u32     keyid[2];	    /* 64 bit keyid */
     u32     timestamp;	    /* signature made */
     byte    version;
     byte    sig_class;	    /* sig classification, append for MD calculation*/
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 1cd14acfb..41afe5b9a 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -811,6 +811,11 @@ parse_signature( IOBUF inp, int pkttype, unsigned long pktlen,
 
     if( is_v4 ) { /*extract required information */
 	const byte *p;
+
+	/* FIXME: set sig->flags.unknown_critical is there is a
+	 * critical bit set for packets which are not understood
+	 * It does only make sense for hashed data.
+	 */
 	p = parse_sig_subpkt( sig->hashed_data, SIGSUBPKT_SIG_CREATED, NULL );
 	if( !p )
 	    log_error("signature packet without timestamp\n");
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 5e6873f9d..b983bb42c 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -224,6 +224,8 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest )
     rc = pubkey_verify( pk->pubkey_algo, result, sig->data, pk->pkey,
 			cmp_help, &ctx );
     mpi_free( result );
+    sig->flags.checked = 1;
+    sig->flags.valid = !rc;
 
     return rc;
 }
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 7bb015844..2ecc2e2bc 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -1879,6 +1879,27 @@ is_algo_in_prefs( ulong lid, int preftype, int algo )
 }
 
 
+static int
+get_dir_record( PKT_public_key *pk, TRUSTREC *rec )
+{
+    int rc=0;
+
+    if( pk->local_id ) {
+	if( tdbio_read_record( pk->local_id, rec, RECTYPE_DIR ) ) {
+	    log_error("get_dir_record: read record failed\n");
+	    rc = G10ERR_TRUSTDB;
+	}
+    }
+    else { /* no local_id: scan the trustdb */
+	if( (rc=tdbio_search_dir_bypk( pk, rec )) && rc != -1 )
+	    log_error("get_dir_record: search_record failed: %s\n",
+							    g10_errstr(rc));
+    }
+    return rc;
+}
+
+
+
 /****************
  * This function simply looks for the key in the trustdb
  * and makes sure that pk->local_id is set to the coreect value.
@@ -1890,22 +1911,7 @@ int
 query_trust_record( PKT_public_key *pk )
 {
     TRUSTREC rec;
-    int rc=0;
-
-    if( pk->local_id ) {
-	if( tdbio_read_record( pk->local_id, &rec, RECTYPE_DIR ) ) {
-	    log_error("query_trust_record: read record failed\n");
-	    return G10ERR_TRUSTDB;
-	}
-    }
-    else { /* no local_id: scan the trustdb */
-	if( (rc=tdbio_search_dir_bypk( pk, &rec )) && rc != -1 ) {
-	    log_error("query_trust_record: search_record failed: %s\n",
-							    g10_errstr(rc));
-	    return rc;
-	}
-    }
-    return rc;
+    return get_dir_record( pk, &rec );
 }
 
 
@@ -1915,17 +1921,9 @@ clear_trust_checked_flag( PKT_public_key *pk )
     TRUSTREC rec;
     int rc;
 
-    if( !pk->local_id ) {
-	query_trust_record( pk );
-	if( !pk->local_id )
-	    log_bug("clear_trust_checked_flag: Still no LID\n");
-    }
-
-    if( (rc=tdbio_read_record( pk->local_id, &rec, RECTYPE_DIR ))) {
-	log_error("clear_trust_checked_flag: read record failed: %s\n",
-							      g10_errstr(rc));
+    rc = get_dir_record( pk, &rec );
+    if( rc )
 	return rc;
-    }
 
     if( !(rec.r.dir.dirflags & DIRF_CHECKED) )
 	return 0;
@@ -1942,6 +1940,44 @@ clear_trust_checked_flag( PKT_public_key *pk )
 }
 
 
+
+/****************
+ * Update all the info from the public keyblock,  the signatures-checked
+ * flag is reset. The key must already exist in the keydb.
+ * Note: This function clears all keyblock flags.
+ */
+int
+update_trust_record( KBNODE keyblock )
+{
+    PKT_public_key *primary_pk;
+    KBNODE node;
+    TRUSTREC drec;
+    int modified = 0;
+    int rc = 0;
+
+    clear_kbnode_flags( keyblock );
+    node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
+    primary_pk = node->pkt->pkt.public_key;
+    rc = get_dir_record( primary_pk, &drec );
+    if( rc )
+	return rc;
+
+
+    if( drec.r.dir.dirflags & DIRF_CHECKED ) /* <<--- FIXME: remove this! */
+	modified = 1;
+
+    if( modified ) {
+	/* reset the checked flag */
+	drec.r.dir.dirflags &= ~DIRF_CHECKED;
+	rc = tdbio_write_record( &drec );
+	if( rc )
+	    log_error("update_trust_record: write dir record failed: %s\n",
+							    g10_errstr(rc));
+    }
+
+    return rc;
+}
+
 /****************
  * helper function for insert_trust_record()
  */
diff --git a/g10/trustdb.h b/g10/trustdb.h
index 4345a73a7..5c098d646 100644
--- a/g10/trustdb.h
+++ b/g10/trustdb.h
@@ -58,6 +58,7 @@ int keyid_from_lid( ulong lid, u32 *keyid );
 int query_trust_record( PKT_public_key *pk );
 int clear_trust_checked_flag( PKT_public_key *pk );
 int insert_trust_record( PKT_public_key *pk );
+int update_trust_record( KBNODE keyblock );
 int update_ownertrust( ulong lid, unsigned new_trust );
 
 /*-- pkclist.c --*/