Re-enabled --passphrase-fd

2025-04-17 15:44:34 +02:00 · 2006-10-04 17:22:24 +00:00 · 2006-10-04 17:22:24 +00:00 · 3b1f186c87
commit 3b1f186c87
parent 8684a78518
31 changed files with 5874 additions and 5811 deletions
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@ -2184,12 +2184,15 @@ signatures to prevent the mail system from breaking the signature. Note
 that all other PGP versions do it this way too.  Enabled by
 default. @option{--no-escape-from-lines} disables this option.
@ifset gpgone
@item --passphrase-fd @code{n}
 Read the passphrase from file descriptor @code{n}. Only the first line
 will be read from file descriptor @code{n}. If you use 0 for @code{n},
 the passphrase will be read from stdin. This can only be used if only
 one passphrase is supplied.
@ifclear gpgone
 Note that this passphrase is only used if the option @option{--batch}
 has also been given.  This is different from @command{gpg}.
@end ifclear
@item --passphrase-file @code{file}
 Read the passphrase from file @code{file}. Only the first line will
@ -2197,13 +2200,20 @@ be read from file @code{file}. This can only be used if only one
 passphrase is supplied. Obviously, a passphrase stored in a file is
 of questionable security if other users can read this file. Don't use
 this option if you can avoid it.
@ifclear gpgone
 Note that this passphrase is only used if the option @option{--batch}
 has also been given.  This is different from @command{gpg}.
@end ifclear
@item --passphrase @code{string}
 Use @code{string} as the passphrase. This can only be used if only one
 passphrase is supplied. Obviously, this is of very questionable
 security on a multi-user system. Don't use this option if you can
 avoid it.
-@end ifset
+@ifclear gpgone
 Note that this passphrase is only used if the option @option{--batch}
 has also been given.  This is different from @command{gpg}.
@end ifclear
@item --command-fd @code{n}
 This is a replacement for the deprecated shared-memory IPC mode.
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,5 +1,7 @@
 2006-10-04  Werner Koch  <wk@g10code.com>
 	* passphrase.c: Allow for a static passphrase in batch mode.
 	* call-agent.c (agent_havekey): Removed.
 	(percent_plus_escape): New.
 	(agent_get_passphrase): New.
--- a/g10/gpg.c
+++ b/g10/gpg.c
@ -3172,7 +3172,7 @@ main (int argc, char **argv )
    FREE_STRLIST(sec_nrings);
-    if( pwfd != -1 )  /* read the passphrase now. */
+    if( pwfd != -1 )  /* Read the passphrase now. */
 	read_passphrase_from_fd( pwfd );
    fname = argc? *argv : NULL;
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@ -133,7 +133,7 @@ hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k, int create )
 int
 have_static_passphrase()
 {
-  return 0;
+  return !!fd_passwd && opt.batch;
 }
 /****************
@ -184,24 +184,54 @@ next_to_last_passphrase(void)
 void
 set_passphrase_from_string(const char *pass)
 {
-  xfree( fd_passwd );
+  xfree (fd_passwd);
  fd_passwd = xmalloc_secure(strlen(pass)+1);
-  strcpy(fd_passwd,pass);
+  strcpy (fd_passwd, pass);
 }
 void
 read_passphrase_from_fd( int fd )
 {
-  /* Not used but we have to do a dummy read, so that it won't end up
+  int i, len;
-     at the begin of the message if the quite usual trick to prepend
+  char *pw;
-     the passphtrase to the message is used. */
+
-  char buf[1];
+  if ( !opt.batch ) 
-  
+    { /* Not used but we have to do a dummy read, so that it won't end
-  while (!(read (fd, buf, 1) != 1 || *buf == '\n' ))
+         up at the begin of the message if the quite usual trick to
-    ;
+         prepend the passphtrase to the message is used. */
-  *buf = 0;
+      char buf[1];
-  return; 
+
      while (!(read (fd, buf, 1) != 1 || *buf == '\n' ))
        ;
      *buf = 0;
      return; 
    }
  for (pw = NULL, i = len = 100; ; i++ ) 
    {
      if (i >= len-1 ) 
        {
          char *pw2 = pw;
          len += 100;
          pw = xmalloc_secure( len );
          if( pw2 )
            {
              memcpy(pw, pw2, i );
              xfree (pw2);
            }
          else
            i=0;
 	}
      if (read( fd, pw+i, 1) != 1 || pw[i] == '\n' )
        break;
    }
  pw[i] = 0;
  if (!opt.batch)
    tty_printf("\b\b\b   \n" );
  xfree ( fd_passwd );
  fd_passwd = pw;
 }
@ -434,9 +464,15 @@ ask_passphrase (const char *description,
        tty_printf ("\n%s\n",description);
    }
-  pw = passphrase_get (NULL, 0, cacheid,
+  if (have_static_passphrase ()) 
-                       tryagain_text, description, prompt,
+    {
-                       canceled );
+      pw = xmalloc_secure (strlen(fd_passwd)+1);
      strcpy (pw, fd_passwd);
    }
  else
    pw = passphrase_get (NULL, 0, cacheid,
                         tryagain_text, description, prompt,
                         canceled );
  if (!pw || !*pw)
    write_status( STATUS_MISSING_PASSPHRASE );
@ -562,6 +598,12 @@ passphrase_to_dek (u32 *keyid, int pubkey_algo,
      pw = next_pw;
      next_pw = NULL;
    }
  else if ( have_static_passphrase () ) 
    {
      /* Return the passphrase we have store in FD_PASSWD. */
      pw = xmalloc_secure ( strlen(fd_passwd)+1 );
      strcpy ( pw, fd_passwd );
    }
  else 
    {
      /* Divert to the gpg-agent. */
--- a/po/be.po
+++ b/po/be.po
--- a/po/ca.po
+++ b/po/ca.po
--- a/po/cs.po
+++ b/po/cs.po
--- a/po/da.po
+++ b/po/da.po
--- a/po/de.po
+++ b/po/de.po
--- a/po/el.po
+++ b/po/el.po
--- a/po/eo.po
+++ b/po/eo.po
--- a/po/es.po
+++ b/po/es.po
--- a/po/et.po
+++ b/po/et.po
--- a/po/fi.po
+++ b/po/fi.po
--- a/po/fr.po
+++ b/po/fr.po
--- a/po/gl.po
+++ b/po/gl.po
--- a/po/hu.po
+++ b/po/hu.po
--- a/po/id.po
+++ b/po/id.po
--- a/po/it.po
+++ b/po/it.po
--- a/po/ja.po
+++ b/po/ja.po
--- a/po/nb.po
+++ b/po/nb.po
--- a/po/pl.po
+++ b/po/pl.po
--- a/po/pt.po
+++ b/po/pt.po
--- a/po/pt_BR.po
+++ b/po/pt_BR.po
--- a/po/ro.po
+++ b/po/ro.po
--- a/po/ru.po
+++ b/po/ru.po
--- a/po/sk.po
+++ b/po/sk.po
--- a/po/sv.po
+++ b/po/sv.po
--- a/po/tr.po
+++ b/po/tr.po
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
--- a/po/zh_TW.po
+++ b/po/zh_TW.po