agent: Allow GET_PASSPHRASE in restricted mode.

* agent/command.c (cmd_get_passphrase): Allow use in restricted mode but ignore the cacheid. -- The use case is symmetric encryption via the extra-socket. To avoid that the gpg running on the server has access to the cache we set the cache id to NULL so that the cache is not used at all.
2024-12-22 10:19:57 +01:00 · 2024-02-25 15:55:14 +01:00 · 2024-02-25 15:55:14 +01:00 · adf4db6e20
commit adf4db6e20
parent 2372f6a403
1 changed files with 4 additions and 5 deletions
--- a/agent/command.c
+++ b/agent/command.c
@ -1988,9 +1988,6 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
  struct pin_entry_info_s *pi2 = NULL;
  int is_generated;

-  if (ctrl->restricted)
-    return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
-
  opt_data = has_option (line, "--data");
  opt_check = has_option (line, "--check");
  opt_no_ask = has_option (line, "--no-ask");
@ -2039,7 +2036,9 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
  if (!desc)
    return set_error (GPG_ERR_ASS_PARAMETER, "no description given");

-  if (!strcmp (cacheid, "X"))
+  /* The only limitation in restricted mode is that we don't consider
+   * the cache.  */
+  if (ctrl->restricted || !strcmp (cacheid, "X"))
    cacheid = NULL;
  if (!strcmp (errtext, "X"))
    errtext = NULL;
@ -2121,7 +2120,7 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
          entry_errtext = NULL;
          is_generated = !!(pi->status & PINENTRY_STATUS_PASSWORD_GENERATED);

-          /* We don't allow an empty passpharse in this mode.  */
+          /* We don't allow an empty passphrase in this mode.  */
          if (!is_generated
              && check_passphrase_constraints (ctrl, pi->pin,
                                               pi->constraints_flags,