[openssh-commits] [openssh] 02/02: upstream: Implement "query" extension from

git+noreply at mindrot.org git+noreply at mindrot.org
Tue Jan 27 17:50:03 AEDT 2026 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 832a77000abe61f61bddb9e595f45c7131c0269d
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Tue Jan 27 06:48:29 2026 +0000

    upstream: Implement "query" extension from
    
    draft-ietf-sshm-ssh-agent
    
    feedback jsg@, tb@; ok tb@
    
    OpenBSD-Commit-ID: adb2b79473ff86ba781ed5ab2735c1437b590f07
---
 authfd.h    |  4 +++-
 ssh-agent.c | 26 ++++++++++++++++++++++++--
 2 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/authfd.h b/authfd.h
index 958d480de..da4830a96 100644
--- a/authfd.h
+++ b/authfd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.h,v 1.53 2025/08/29 03:50:38 djm Exp $ */
+/* $OpenBSD: authfd.h,v 1.54 2026/01/27 06:48:29 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -102,6 +102,8 @@ int	ssh_agent_bind_hostkey(int sock, const struct sshkey *key,
 
 /* generic extension mechanism */
 #define SSH_AGENTC_EXTENSION			27
+#define SSH_AGENT_EXTENSION_FAILURE		28
+#define SSH_AGENT_EXTENSION_RESPONSE		29
 
 #define	SSH_AGENT_CONSTRAIN_LIFETIME		1
 #define	SSH_AGENT_CONSTRAIN_CONFIRM		2
diff --git a/ssh-agent.c b/ssh-agent.c
index 963f4feb3..3bf01ce84 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.316 2025/12/22 01:49:03 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.317 2026/01/27 06:48:29 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1756,6 +1756,26 @@ process_ext_session_bind(SocketEntry *e)
 	return r == 0 ? 1 : 0;
 }
 
+static int
+process_ext_query(SocketEntry *e)
+{
+	int r;
+	struct sshbuf *msg = NULL;
+
+	debug2_f("entering");
+	if ((msg = sshbuf_new()) == NULL)
+		fatal_f("sshbuf_new failed");
+	if ((r = sshbuf_put_u8(msg, SSH_AGENT_EXTENSION_RESPONSE)) != 0 ||
+	    (r = sshbuf_put_cstring(msg, "query")) != 0 ||
+	    /* string[]     supported extension types */
+	    (r = sshbuf_put_cstring(msg, "session-bind at openssh.com")) != 0)
+		fatal_fr(r, "compose");
+	if ((r = sshbuf_put_stringb(e->output, msg)) != 0)
+		fatal_fr(r, "enqueue");
+	sshbuf_free(msg);
+	return 1;
+}
+
 static void
 process_extension(SocketEntry *e)
 {
@@ -1767,7 +1787,9 @@ process_extension(SocketEntry *e)
 		error_fr(r, "parse");
 		goto send;
 	}
-	if (strcmp(name, "session-bind at openssh.com") == 0)
+	if (strcmp(name, "query") == 0)
+		success = process_ext_query(e);
+	else if (strcmp(name, "session-bind at openssh.com") == 0)
 		success = process_ext_session_bind(e);
 	else
 		debug_f("unsupported extension \"%s\"", name);

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list