agent: Enable restricted, browser, and ssh socket by default.

* agent/gpg-agent.c (main): Provide defaults for 'extra-socket' and 'browser-socket', enable ssh socket by default, but do not emit the 'SSH_AUTH_SOCK' variable unless it has been explicitly requested. * configure.ac (GPG_AGENT_{EXTRA,BROWSER}_SOCK_NAME): New definitions. * doc/gpg-agent.texi: Update documentation. -- This change enables the restricted, browser, and ssh socket by default. Note that in all cases, the user has to do some additional configuration to her setup to make use of these features. Therefore, this should not break any existing setups, but makes it simpler to discover and use these features. Signed-off-by: Justus Winter <justus@g10code.com>
2025-07-02 22:46:30 +02:00 · 2016-09-15 14:47:00 +02:00 · 2016-09-15 14:47:00 +02:00 · e11686f973
commit e11686f973
parent 8d37018050
3 changed files with 26 additions and 10 deletions
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@ -1045,6 +1045,18 @@ main (int argc, char **argv )
      agent_exit (0);
    }

+  if (! opt.extra_socket)
+    {
+      opt.extra_socket = 1;  /* (1 = points into r/o section)  */
+      socket_name_extra = GPG_AGENT_EXTRA_SOCK_NAME;
+    }
+
+  if (! opt.browser_socket)
+    {
+      opt.browser_socket = 1;  /* (1 = points into r/o section)  */
+      socket_name_browser = GPG_AGENT_BROWSER_SOCK_NAME;
+    }
+
  set_debug ();

  if (atexit (cleanup))
@ -1241,13 +1253,10 @@ main (int argc, char **argv )
                                             &socket_nonce_browser);
        }

-      if (ssh_support)
-        {
-          socket_name_ssh = create_socket_name (GPG_AGENT_SSH_SOCK_NAME, 1);
-          fd_ssh = create_server_socket (socket_name_ssh, 0, 1,
-                                         &redir_socket_name_ssh,
-                                         &socket_nonce_ssh);
-        }
+      socket_name_ssh = create_socket_name (GPG_AGENT_SSH_SOCK_NAME, 1);
+      fd_ssh = create_server_socket (socket_name_ssh, 0, 1,
+                                     &redir_socket_name_ssh,
+                                     &socket_nonce_ssh);

      /* If we are going to exec a program in the parent, we record
         the PID, so that the child may check whether the program is
@ -1313,8 +1322,7 @@ main (int argc, char **argv )
 	    *socket_name_extra = 0;
 	  if (opt.browser_socket)
 	    *socket_name_browser = 0;
-	  if (ssh_support)
-	    *socket_name_ssh = 0;
+          *socket_name_ssh = 0;

          if (argc)
            { /* Run the program given on the commandline.  */