gpg-agent: Add restricted connection feature.

* agent/agent.h (opt): Add field extra_socket.
(server_control_s): Add field restricted.
* agent/command.c: Check restricted flag on many commands.
* agent/gpg-agent.c (oExtraSocket): New.
(opts): Add option --extra-socket.
(socket_name_extra): New.
(cleanup): Cleanup that socket name.
(main): Implement oExtraSocket.
(create_socket_name): Add arg homedir and change all callers.
(create_server_socket): Rename arg is_ssh to primary and change
callers.
(start_connection_thread): Take ctrl as arg.
(start_connection_thread_std): New.
(start_connection_thread_extra): New.
(handle_connections): Add arg listen_fd_extra and replace the
connection starting code by parameterized loop.
* common/asshelp.c (start_new_gpg_agent): Detect the use of the
restricted mode and don't fail on sending the pinentry environment.

* common/util.h (GPG_ERR_FORBIDDEN): New.

common/asshelp.c

@@ -504,9 +504,23 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
   err = assuan_transact (ctx, "RESET",
                          NULL, NULL, NULL, NULL, NULL, NULL);
   if (!err)
-    err = send_pinentry_environment (ctx, errsource,
-                                     opt_lc_ctype, opt_lc_messages,
-                                     session_env);
+    {
+      err = send_pinentry_environment (ctx, errsource,
+                                       opt_lc_ctype, opt_lc_messages,
+                                       session_env);
+      if (gpg_err_code (err) == GPG_ERR_FORBIDDEN
+          && gpg_err_source (err) == GPG_ERR_SOURCE_GPGAGENT)
+        {
+          /* Check whether we are in restricted mode.  */
+          if (!assuan_transact (ctx, "GETINFO restricted",
+                                NULL, NULL, NULL, NULL, NULL, NULL))
+            {
+              if (verbose)
+                log_info (_("connection to agent is in restricted mode\n"));
+              err = 0;
+            }
+        }
+    }
   if (err)
     {
       assuan_release (ctx);