agent: Add option --no-allow-external-cache.

* agent/agent.h (opt): Add field allow_external_cache.
* agent/call-pinentry.c (start_pinentry): Act upon new var.
* agent/gpg-agent.c (oNoAllowExternalCache): New.
(opts): Add option --no-allow-external-cache.
(parse_rereadable_options): Set this option.
--

Pinentry 0.9.2 may be build with libsecret support and thus an extra
checkbox is displayed to allow the user to get passwords out of an
libsecret maintained cache.  Security aware user may want to avoid
this feature and may do this at runtime by enabling this option.

Signed-off-by: Werner Koch <[email protected]>

1 files changed, 3 insertions, 0 deletions

diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index d0d938f25..cf2d18845 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -538,6 +538,9 @@ static gc_option_t gc_options_gpg_agent[] =
    { "ignore-cache-for-signing", GC_OPT_FLAG_RUNTIME,
      GC_LEVEL_BASIC, "gnupg", "do not use the PIN cache when signing",
      GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
+   { "no-allow-external-cache", GC_OPT_FLAG_RUNTIME,
+     GC_LEVEL_BASIC, "gnupg", "disallow the use of an external password cache",
+     GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
    { "no-allow-mark-trusted", GC_OPT_FLAG_RUNTIME,
      GC_LEVEL_ADVANCED, "gnupg", "disallow clients to mark keys as \"trusted\"",
      GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },