ssh: Returned faked response for the new session-bind extension.

* agent/command-ssh.c (SSH_OPT_CONSTRAIN_MAXSIGN): New. (SSH_OPT_CONSTRAIN_EXTENSION): New. (ssh_handler_add_identity): Ignore them. (ssh_handler_extension): Take success for session-bind. -- OpenSSH 8.9 does not gracefully allow communication with older agent implementations. Until this new OpenSSH feature has been settled we return a faked response. Code has not yet been tested. GnuPG-bug-id: 5931
2025-01-03 12:11:33 +01:00 · 2022-04-14 12:30:55 +02:00 · 2022-04-14 12:30:55 +02:00 · 46d62d80a2
commit 46d62d80a2
parent dd727ec968
1 changed files with 14 additions and 0 deletions
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@ -75,6 +75,8 @@
 /* Options. */
 #define	SSH_OPT_CONSTRAIN_LIFETIME	   1
 #define	SSH_OPT_CONSTRAIN_CONFIRM	   2
+#define	SSH_OPT_CONSTRAIN_MAXSIGN	   3
+#define	SSH_OPT_CONSTRAIN_EXTENSION	 255

 /* Response types. */
 #define SSH_RESPONSE_SUCCESS               6
@ -3165,6 +3167,11 @@ ssh_handler_add_identity (ctrl_t ctrl, estream_t request, estream_t response)
 	    break;
 	  }

+	case SSH_OPT_CONSTRAIN_MAXSIGN:
+	case SSH_OPT_CONSTRAIN_EXTENSION:
+          /* Not yet implemented.  */
+          break;
+
 	default:
 	  /* FIXME: log/bad?  */
 	  break;
@ -3387,6 +3394,13 @@ ssh_handler_extension (ctrl_t ctrl, estream_t request, estream_t response)
          (response, session_env_list_stdenvnames (NULL, NULL));
      goto finalleave;
    }
+  else if (!strcmp (exttype, "session-bind@openssh.org"))
+    {
+      ret_err = stream_write_byte (response, SSH_RESPONSE_SUCCESS);
+      log_info ("ssh-agent extension '%s' ignored - returning success anyway\n",
+                exttype);
+      goto finalleave;
+    }
  else
    {
      if (opt.verbose)