From f173cdcdfbfd083b035516a406c2c754f38a0ace Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=9C=D0=B8=D1=80=D0=BE=D1=81=D0=BB=D0=B0=D0=B2=20=D0=9D?= =?UTF-8?q?=D0=B8=D0=BA=D0=BE=D0=BB=D0=B8=D1=9B?= Date: Thu, 27 Nov 2014 20:41:37 +0100 Subject: gpg-agent: Add restricted connection feature. * agent/agent.h (opt): Add field extra_socket. (server_control_s): Add field restricted. * agent/command.c: Check restricted flag on many commands. * agent/gpg-agent.c (oExtraSocket): New. (opts): Add option --extra-socket. (socket_name_extra): New. (cleanup): Cleanup that socket name. (main): Implement oExtraSocket. (create_socket_name): Add arg homedir and change all callers. (create_server_socket): Rename arg is_ssh to primary and change callers. (start_connection_thread): Take ctrl as arg. (start_connection_thread_std): New. (start_connection_thread_extra): New. (handle_connections): Add arg listen_fd_extra and replace the connection starting code by parameterized loop. * common/asshelp.c (start_new_gpg_agent): Detect the use of the restricted mode and don't fail on sending the pinentry environment. * common/util.h (GPG_ERR_FORBIDDEN): New. --- common/util.h | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'common/util.h') diff --git a/common/util.h b/common/util.h index dd5fdb14c..a6f86069a 100644 --- a/common/util.h +++ b/common/util.h @@ -35,6 +35,12 @@ #include /* We need errno. */ #include /* We need gpg_error_t and estream. */ +/* These error codes are used but not defined in the required + libgpg-error version. Define them here. */ +#if GPG_ERROR_VERSION_NUMBER < 0x011200 /* 1.18 */ +# define GPG_ERR_FORBIDDEN 251 +#endif + /* Hash function used with libksba. */ #define HASH_FNC ((void (*)(void *, const void*,size_t))gcry_md_write) -- cgit v1.2.3