gpg-agent: Add restricted connection feature.

* agent/agent.h (opt): Add field extra_socket. (server_control_s): Add field restricted. * agent/command.c: Check restricted flag on many commands. * agent/gpg-agent.c (oExtraSocket): New. (opts): Add option --extra-socket. (socket_name_extra): New. (cleanup): Cleanup that socket name. (main): Implement oExtraSocket. (create_socket_name): Add arg homedir and change all callers. (create_server_socket): Rename arg is_ssh to primary and change callers. (start_connection_thread): Take ctrl as arg. (start_connection_thread_std): New. (start_connection_thread_extra): New. (handle_connections): Add arg listen_fd_extra and replace the connection starting code by parameterized loop. * common/asshelp.c (start_new_gpg_agent): Detect the use of the restricted mode and don't fail on sending the pinentry environment. * common/util.h (GPG_ERR_FORBIDDEN): New.
author: Мирослав Николић <[email protected]> 2014-11-27 19:41:37 +0000
committer: Werner Koch <[email protected]> 2014-11-27 19:41:37 +0000
commit: f173cdcdfbfd083b035516a406c2c754f38a0ace (patch)
tree: b1f162fcb7e39ade104379129f6731aacdce2344 /common/asshelp.c
parent: agent: Make auditing of the option list easier. (diff)
download: gnupg-f173cdcdfbfd083b035516a406c2c754f38a0ace.tar.gz
gnupg-f173cdcdfbfd083b035516a406c2c754f38a0ace.zip
1 files changed, 17 insertions, 3 deletions
diff --git a/common/asshelp.c b/common/asshelp.c
index e675fdad8..51ef17227 100644
--- a/common/asshelp.c
+++ b/common/asshelp.c
@@ -504,9 +504,23 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
   err = assuan_transact (ctx, "RESET",
                          NULL, NULL, NULL, NULL, NULL, NULL);
   if (!err)
-    err = send_pinentry_environment (ctx, errsource,
-                                     opt_lc_ctype, opt_lc_messages,
-                                     session_env);
+    {
+      err = send_pinentry_environment (ctx, errsource,
+                                       opt_lc_ctype, opt_lc_messages,
+                                       session_env);
+      if (gpg_err_code (err) == GPG_ERR_FORBIDDEN
+          && gpg_err_source (err) == GPG_ERR_SOURCE_GPGAGENT)
+        {
+          /* Check whether we are in restricted mode.  */
+          if (!assuan_transact (ctx, "GETINFO restricted",
+                                NULL, NULL, NULL, NULL, NULL, NULL))
+            {
+              if (verbose)
+                log_info (_("connection to agent is in restricted mode\n"));
+              err = 0;
+            }
+        }
+    }
   if (err)
     {
       assuan_release (ctx);
author	Мирослав Николић <[email protected]>	2014-11-27 19:41:37 +0000
committer	Werner Koch <[email protected]>	2014-11-27 19:41:37 +0000
commit	f173cdcdfbfd083b035516a406c2c754f38a0ace (patch)
tree	b1f162fcb7e39ade104379129f6731aacdce2344 /common/asshelp.c
parent	agent: Make auditing of the option list easier. (diff)
download	gnupg-f173cdcdfbfd083b035516a406c2c754f38a0ace.tar.gz gnupg-f173cdcdfbfd083b035516a406c2c754f38a0ace.zip