* sign.c (sign_file): Do not push textmode filter onto an unopened IOBUF

(segfault).  Noted by Marcus Brinkmann.  Push and reinitialize textmode
filter for each file in a multiple file list.

* packet.h, getkey.c (fixup_uidnode), keyedit.c (show_prefs): Set and show
the keyserver no-modify flag.

* keygen.c (add_keyserver_modify): New. (keygen_upd_std_prefs): Call it
here. (keygen_set_std_prefs): Accept "ks-modify" and "no-ks-modify" as
prefs to set and unset keyserver modify flag.

6 files changed, 101 insertions, 17 deletions

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 2eadc3f16..339906acb 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,5 +1,18 @@
 2003-02-22  David Shaw  <[email protected]>
 
+	* sign.c (sign_file): Do not push textmode filter onto an unopened
+	IOBUF (segfault).  Noted by Marcus Brinkmann.  Push and
+	reinitialize textmode filter for each file in a multiple file
+	list.
+
+	* packet.h, getkey.c (fixup_uidnode), keyedit.c (show_prefs): Set
+	and show the keyserver no-modify flag.
+
+	* keygen.c (add_keyserver_modify): New.
+	(keygen_upd_std_prefs): Call it here.
+	(keygen_set_std_prefs): Accept "ks-modify" and "no-ks-modify" as
+	prefs to set and unset keyserver modify flag.
+
 	* g10.c (main): Accept "s1" in addition to "idea" to match the
 	other ciphers.
 
diff --git a/g10/getkey.c b/g10/getkey.c
index 9040d386c..a4403e523 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1296,6 +1296,11 @@ fixup_uidnode ( KBNODE uidnode, KBNODE signode, u32 keycreated )
     p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n);
     if (p && n && (p[0] & 0x01))
         uid->mdc_feature = 1;
+    /* and the keyserver modify flag */
+    uid->ks_modify = 1;
+    p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS, &n);
+    if (p && n && (p[0] & 0x80))
+        uid->ks_modify = 0;
             
 }
 
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 9a7d1f2a7..e34ee3aaa 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -1694,9 +1694,22 @@ show_prefs (PKT_user_id *uid, int verbose)
 	    }
 	    tty_printf ("%s",compress_algo_to_string(0));
         }
-        tty_printf ("\n     Features: ");
-	if(uid->mdc_feature)
-	  tty_printf ("MDC");
+	if(uid->mdc_feature || !uid->ks_modify)
+	  {
+	    tty_printf ("\n     Features: ");
+	    any=0;
+	    if(uid->mdc_feature)
+	      {
+		tty_printf ("MDC");
+		any=1;
+	      }
+	    if(!uid->ks_modify)
+	      {
+		if(any)
+		  tty_printf (", ");
+		tty_printf ("Keyserver no-modify");
+	      }
+	  }
 	tty_printf("\n");
     }
     else {
@@ -1709,6 +1722,8 @@ show_prefs (PKT_user_id *uid, int verbose)
         }
         if (uid->mdc_feature)
             tty_printf (" [mdc]");
+        if (!uid->ks_modify)
+            tty_printf (" [no-ks-modify]");
         tty_printf("\n");
     }
 }
diff --git a/g10/keygen.c b/g10/keygen.c
index 508241743..039f77060 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -106,7 +106,7 @@ static byte hash_prefs[MAX_PREFS];
 static int nhash_prefs;
 static byte zip_prefs[MAX_PREFS];
 static int nzip_prefs;
-static int mdc_available;
+static int mdc_available,ks_modify;
 
 static void do_generate_keypair( struct para_data_s *para,
 				 struct output_control_s *outctrl );
@@ -235,8 +235,8 @@ int
 keygen_set_std_prefs (const char *string,int personal)
 {
     byte sym[MAX_PREFS], hash[MAX_PREFS], zip[MAX_PREFS];
-    int  nsym=0, nhash=0, nzip=0, mdc=1; /* mdc defaults on */
-    int val,rc = 0;
+    int nsym=0, nhash=0, nzip=0, val, rc=0;
+    int mdc=1, modify=0; /* mdc defaults on, modify defaults off. */
 
     if (!string || !ascii_strcasecmp (string, "default")) {
       if (opt.def_preference_list)
@@ -284,6 +284,10 @@ keygen_set_std_prefs (const char *string,int personal)
 	      mdc=1;
 	    else if (ascii_strcasecmp(tok,"no-mdc")==0)
 	      mdc=0;
+	    else if (ascii_strcasecmp(tok,"ks-modify")==0)
+	      modify=1;
+	    else if (ascii_strcasecmp(tok,"no-ks-modify")==0)
+	      modify=0;
 	    else
 	      {
 		log_info (_("invalid item `%s' in preference string\n"),tok);
@@ -380,6 +384,7 @@ keygen_set_std_prefs (const char *string,int personal)
 	    memcpy (hash_prefs, hash, (nhash_prefs=nhash));
 	    memcpy (zip_prefs,  zip,  (nzip_prefs=nzip));
 	    mdc_available = mdc;
+	    ks_modify = modify;
 	    prefs_initialized = 1;
 	  }
       }
@@ -425,6 +430,7 @@ PKT_user_id *keygen_get_std_prefs(void)
   uid->prefs[j].value=0;
 
   uid->mdc_feature=mdc_available;
+  uid->ks_modify=ks_modify;
 
   return uid;
 }
@@ -470,6 +476,50 @@ add_feature_mdc (PKT_signature *sig,int enabled)
     m_free (buf);
 }
 
+static void
+add_keyserver_modify (PKT_signature *sig,int enabled)
+{
+  const byte *s;
+  size_t n;
+  int i;
+  char *buf;
+
+  /* The keyserver modify flag is a negative flag (i.e. no-modify) */
+  enabled=!enabled;
+
+  s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS, &n );
+  /* Already set or cleared */
+  if (s && n &&
+      ((enabled && (s[0] & 0x80)) || (!enabled && !(s[0] & 0x80))))
+    return;
+
+  if (!s || !n) { /* create a new one */
+    n = 1;
+    buf = m_alloc_clear (n);
+  }
+  else {
+    buf = m_alloc (n);
+    memcpy (buf, s, n);
+  }
+
+  if(enabled)
+    buf[0] |= 0x80; /* no-modify flag */
+  else
+    buf[0] &= ~0x80;
+
+  /* Are there any bits set? */
+  for(i=0;i<n;i++)
+    if(buf[i]!=0)
+      break;
+
+  if(i==n)
+    delete_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS);
+  else
+    build_sig_subpkt (sig, SIGSUBPKT_KS_FLAGS, buf, n);
+
+  m_free (buf);
+}
+
 int
 keygen_upd_std_prefs( PKT_signature *sig, void *opaque )
 {
@@ -502,6 +552,7 @@ keygen_upd_std_prefs( PKT_signature *sig, void *opaque )
 
     /* Make sure that the MDC feature flag is set if needed */
     add_feature_mdc (sig,mdc_available);
+    add_keyserver_modify (sig,ks_modify);
 
     return 0;
 }
@@ -516,20 +567,11 @@ int
 keygen_add_std_prefs( PKT_signature *sig, void *opaque )
 {
     PKT_public_key *pk = opaque;
-    byte buf[8];
 
     do_add_key_flags (sig, pk->pubkey_usage);
     keygen_add_key_expire( sig, opaque );
     keygen_upd_std_prefs (sig, opaque);
 
-    buf[0] = 0x80; /* no modify - It is reasonable that a key holder
-		    * has the possibility to reject signatures from users
-		    * who are known to sign everything without any
-		    * validation - so a signed key should be send
-		    * to the holder who in turn can put it on a keyserver
-		    */
-    build_sig_subpkt( sig, SIGSUBPKT_KS_FLAGS, buf, 1 );
-
     return 0;
 }
 
diff --git a/g10/packet.h b/g10/packet.h
index 1d4b69cfb..d357cfdb5 100644
--- a/g10/packet.h
+++ b/g10/packet.h
@@ -179,6 +179,7 @@ typedef struct {
     u32 expiredate;       /* expires at this date or 0 if not at all */
     prefitem_t *prefs;    /* list of preferences (may be NULL)*/
     int mdc_feature;
+    int ks_modify;
     u32 created;          /* according to the self-signature */
     byte selfsigversion;
     char name[1];
diff --git a/g10/sign.c b/g10/sign.c
index 92342eaea..84fc65f82 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -644,7 +644,6 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
     memset( &afx, 0, sizeof afx);
     memset( &zfx, 0, sizeof zfx);
     memset( &mfx, 0, sizeof mfx);
-    memset( &tfx, 0, sizeof tfx);
     memset( &efx, 0, sizeof efx);
     init_packet( &pkt );
 
@@ -698,8 +697,12 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
 	goto leave;
 
     /* prepare to calculate the MD over the input */
-    if( opt.textmode && !outfile )
+    if( opt.textmode && !outfile && !multifile )
+      {
+	memset( &tfx, 0, sizeof tfx);
 	iobuf_push_filter( inp, text_filter, &tfx );
+      }
+
     mfx.md = md_open(0, 0);
 
    /* If we're encrypting and signing, it is reasonable to pick the
@@ -818,6 +821,11 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
 		}
 		if( opt.verbose )
 		    fprintf(stderr, " `%s'", sl->d );
+		if(opt.textmode)
+		  {
+		    memset( &tfx, 0, sizeof tfx);
+		    iobuf_push_filter( inp, text_filter, &tfx );
+		  }
 		iobuf_push_filter( inp, md_filter, &mfx );
 		while( iobuf_get(inp) != -1 )
 		    ;