agent: New option --restricted for PRESET_PASSPHRASE.

* agent/command.c (cmd_preset_passphrase): Add option.

* agent/preset-passphrase.c (oRestricted): New.
(opts): Add option --restricted.
(main): Set option.
(preset_passphrase): Use option.
--

We use a different cache for connections from the extra-socket.
However, with gpg-preset-passphrase is only able to preset a
passphrase into the regular cache.  Further, a restricted connection
may not use PRESET_PASSPHRASE.  To solve this we add an new option to
preset the passphrase into the "restricted" cache.  For the
gpg-preset-passphrase tool we also add the option --restricted.

Note that this does not yet work with gpg-preset-passphrase --forget.

agent/command.c

@@ -2491,14 +2491,17 @@ cmd_passwd (assuan_context_t ctx, char *line)
 
 
 static const char hlp_preset_passphrase[] =
-  "PRESET_PASSPHRASE [--inquire] <string_or_keygrip> <timeout> [<hexstring>]\n"
+  "PRESET_PASSPHRASE [--inquire] [--restricted] \\\n"
+  "                  <string_or_keygrip> <timeout> [<hexstring>]\n"
   "\n"
   "Set the cached passphrase/PIN for the key identified by the keygrip\n"
   "to passwd for the given time, where -1 means infinite and 0 means\n"
   "the default (currently only a timeout of -1 is allowed, which means\n"
   "to never expire it).  If passwd is not provided, ask for it via the\n"
   "pinentry module unless --inquire is passed in which case the passphrase\n"
-  "is retrieved from the client via a server inquire.\n";
+  "is retrieved from the client via a server inquire.  The option\n"
+  "--restricted can be used to put the passphrase into the cache used\n"
+  "by restricted connections.";
 static gpg_error_t
 cmd_preset_passphrase (assuan_context_t ctx, char *line)
 {
@@ -2509,6 +2512,7 @@ cmd_preset_passphrase (assuan_context_t ctx, char *line)
   int ttl;
   size_t len;
   int opt_inquire;
+  int opt_restricted;
 
   if (ctrl->restricted)
     return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
@@ -2517,6 +2521,7 @@ cmd_preset_passphrase (assuan_context_t ctx, char *line)
     return set_error (GPG_ERR_NOT_SUPPORTED, "no --allow-preset-passphrase");
 
   opt_inquire = has_option (line, "--inquire");
+  opt_restricted = has_option (line, "--restricted");
   line = skip_options (line);
   grip_clear = line;
   while (*line && (*line != ' ' && *line != '\t'))
@@ -2579,7 +2584,11 @@ cmd_preset_passphrase (assuan_context_t ctx, char *line)
 
   if (!rc)
     {
+      int save_restricted = ctrl->restricted;
+      if (opt_restricted)
+        ctrl->restricted = 1;
       rc = agent_put_cache (ctrl, grip_clear, CACHE_MODE_ANY, passphrase, ttl);
+      ctrl->restricted = save_restricted;
       if (opt_inquire)
         {
 	  wipememory (passphrase, len);

agent/preset-passphrase.c

@@ -63,11 +63,13 @@ enum cmd_and_opt_values
   oNoVerbose = 500,
 
   oHomedir,
+  oRestricted,
 
 aTest };
 
 
 static const char *opt_passphrase;
+static int opt_restricted;
 
 static gpgrt_opt_t opts[] = {
 
@@ -79,6 +81,7 @@ static gpgrt_opt_t opts[] = {
   { oForget,  "forget",  256, "forget passphrase"},
 
   { oHomedir, "homedir", 2, "@" },
+  { oRestricted,  "restricted", 0, "put into the restricted cache"},
 
   ARGPARSE_end ()
 };
@@ -156,7 +159,9 @@ preset_passphrase (const char *keygrip)
       return;
     }
 
-  rc = asprintf (&line, "PRESET_PASSPHRASE %s -1 %s\n", keygrip,
+  rc = asprintf (&line, "PRESET_PASSPHRASE %s%s -1 %s\n",
+                 opt_restricted? "--restricted ":"",
+                 keygrip,
 		 passphrase_esc);
   wipememory (passphrase_esc, strlen (passphrase_esc));
   xfree (passphrase_esc);
@@ -232,6 +237,8 @@ main (int argc, char **argv)
         case oForget: cmd = oForget; break;
         case oPassphrase: opt_passphrase = pargs.r.ret_str; break;
 
+        case oRestricted: opt_restricted = 1; break;
+
         default : pargs.err = 2; break;
 	}
     }