gpg-agent: Add restricted connection feature.
authorМирослав Николић <wk@gnupg.org>
Thu, 27 Nov 2014 19:41:37 +0000 (20:41 +0100)
committerWerner Koch <wk@gnupg.org>
Thu, 27 Nov 2014 19:41:37 +0000 (20:41 +0100)
commitf173cdcdfbfd083b035516a406c2c754f38a0ace
treeb1f162fcb7e39ade104379129f6731aacdce2344
parentccee34736b57a42ec4bdcb0d3181bdc6a08b0fff
gpg-agent: Add restricted connection feature.

* agent/agent.h (opt): Add field extra_socket.
(server_control_s): Add field restricted.
* agent/command.c: Check restricted flag on many commands.
* agent/gpg-agent.c (oExtraSocket): New.
(opts): Add option --extra-socket.
(socket_name_extra): New.
(cleanup): Cleanup that socket name.
(main): Implement oExtraSocket.
(create_socket_name): Add arg homedir and change all callers.
(create_server_socket): Rename arg is_ssh to primary and change
callers.
(start_connection_thread): Take ctrl as arg.
(start_connection_thread_std): New.
(start_connection_thread_extra): New.
(handle_connections): Add arg listen_fd_extra and replace the
connection starting code by parameterized loop.
* common/asshelp.c (start_new_gpg_agent): Detect the use of the
restricted mode and don't fail on sending the pinentry environment.

* common/util.h (GPG_ERR_FORBIDDEN): New.
agent/agent.h
agent/command.c
agent/gpg-agent.c
common/asshelp.c
common/util.h
doc/gpg-agent.texi