Re-enabled --passphrase-fd

doc/gpg.texi

@@ -2184,12 +2184,15 @@ signatures to prevent the mail system from breaking the signature. Note
 that all other PGP versions do it this way too.  Enabled by
 default. @option{--no-escape-from-lines} disables this option.
 
-@ifset gpgone
 @item --passphrase-fd @code{n}
 Read the passphrase from file descriptor @code{n}. Only the first line
 will be read from file descriptor @code{n}. If you use 0 for @code{n},
 the passphrase will be read from stdin. This can only be used if only
 one passphrase is supplied.
+@ifclear gpgone
+Note that this passphrase is only used if the option @option{--batch}
+has also been given.  This is different from @command{gpg}.
+@end ifclear
 
 @item --passphrase-file @code{file}
 Read the passphrase from file @code{file}. Only the first line will
@@ -2197,13 +2200,20 @@ be read from file @code{file}. This can only be used if only one
 passphrase is supplied. Obviously, a passphrase stored in a file is
 of questionable security if other users can read this file. Don't use
 this option if you can avoid it.
+@ifclear gpgone
+Note that this passphrase is only used if the option @option{--batch}
+has also been given.  This is different from @command{gpg}.
+@end ifclear
 
 @item --passphrase @code{string}
 Use @code{string} as the passphrase. This can only be used if only one
 passphrase is supplied. Obviously, this is of very questionable
 security on a multi-user system. Don't use this option if you can
 avoid it.
-@end ifset
+@ifclear gpgone
+Note that this passphrase is only used if the option @option{--batch}
+has also been given.  This is different from @command{gpg}.
+@end ifclear
 
 @item --command-fd @code{n}
 This is a replacement for the deprecated shared-memory IPC mode.

g10/ChangeLog

@@ -1,5 +1,7 @@
 2006-10-04  Werner Koch  <wk@g10code.com>
 
+	* passphrase.c: Allow for a static passphrase in batch mode.
+	
 	* call-agent.c (agent_havekey): Removed.
 	(percent_plus_escape): New.
 	(agent_get_passphrase): New.

g10/gpg.c

@@ -3172,7 +3172,7 @@ main (int argc, char **argv )
     FREE_STRLIST(sec_nrings);
 
 
-    if( pwfd != -1 )  /* read the passphrase now. */
+    if( pwfd != -1 )  /* Read the passphrase now. */
 	read_passphrase_from_fd( pwfd );
 
     fname = argc? *argv : NULL;

g10/passphrase.c

@@ -133,7 +133,7 @@ hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k, int create )
 int
 have_static_passphrase()
 {
-  return 0;
+  return !!fd_passwd && opt.batch;
 }
 
 /****************
@@ -184,24 +184,54 @@ next_to_last_passphrase(void)
 void
 set_passphrase_from_string(const char *pass)
 {
-  xfree( fd_passwd );
+  xfree (fd_passwd);
   fd_passwd = xmalloc_secure(strlen(pass)+1);
-  strcpy(fd_passwd,pass);
+  strcpy (fd_passwd, pass);
 }
 
 
 void
 read_passphrase_from_fd( int fd )
 {
-  /* Not used but we have to do a dummy read, so that it won't end up
-     at the begin of the message if the quite usual trick to prepend
-     the passphtrase to the message is used. */
-  char buf[1];
-  
-  while (!(read (fd, buf, 1) != 1 || *buf == '\n' ))
-    ;
-  *buf = 0;
-  return; 
+  int i, len;
+  char *pw;
+
+  if ( !opt.batch ) 
+    { /* Not used but we have to do a dummy read, so that it won't end
+         up at the begin of the message if the quite usual trick to
+         prepend the passphtrase to the message is used. */
+      char buf[1];
+
+      while (!(read (fd, buf, 1) != 1 || *buf == '\n' ))
+        ;
+      *buf = 0;
+      return; 
+    }
+
+  for (pw = NULL, i = len = 100; ; i++ ) 
+    {
+      if (i >= len-1 ) 
+        {
+          char *pw2 = pw;
+          len += 100;
+          pw = xmalloc_secure( len );
+          if( pw2 )
+            {
+              memcpy(pw, pw2, i );
+              xfree (pw2);
+            }
+          else
+            i=0;
+	}
+      if (read( fd, pw+i, 1) != 1 || pw[i] == '\n' )
+        break;
+    }
+  pw[i] = 0;
+  if (!opt.batch)
+    tty_printf("\b\b\b   \n" );
+
+  xfree ( fd_passwd );
+  fd_passwd = pw;
 }
 
 
@@ -434,9 +464,15 @@ ask_passphrase (const char *description,
         tty_printf ("\n%s\n",description);
     }
                
-  pw = passphrase_get (NULL, 0, cacheid,
-                       tryagain_text, description, prompt,
-                       canceled );
+  if (have_static_passphrase ()) 
+    {
+      pw = xmalloc_secure (strlen(fd_passwd)+1);
+      strcpy (pw, fd_passwd);
+    }
+  else
+    pw = passphrase_get (NULL, 0, cacheid,
+                         tryagain_text, description, prompt,
+                         canceled );
 
   if (!pw || !*pw)
     write_status( STATUS_MISSING_PASSPHRASE );
@@ -562,6 +598,12 @@ passphrase_to_dek (u32 *keyid, int pubkey_algo,
       pw = next_pw;
       next_pw = NULL;
     }
+  else if ( have_static_passphrase () ) 
+    {
+      /* Return the passphrase we have store in FD_PASSWD. */
+      pw = xmalloc_secure ( strlen(fd_passwd)+1 );
+      strcpy ( pw, fd_passwd );
+    }
   else 
     {
       /* Divert to the gpg-agent. */