ssh: Returned faked response for the new session-bind extension.

* agent/command-ssh.c (SSH_OPT_CONSTRAIN_MAXSIGN): New.
(SSH_OPT_CONSTRAIN_EXTENSION): New.
(ssh_handler_add_identity): Ignore them.
(ssh_handler_extension): Take success for session-bind.
--

OpenSSH 8.9 does not gracefully allow communication with older agent
implementations.  Until this new OpenSSH feature has been settled we
return a faked response.

Code has not yet been tested.

GnuPG-bug-id: 5931

1 files changed, 14 insertions, 0 deletions

diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 46821e3c8..e12e8accc 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -75,6 +75,8 @@
 /* Options. */
 #define	SSH_OPT_CONSTRAIN_LIFETIME	   1
 #define	SSH_OPT_CONSTRAIN_CONFIRM	   2
+#define	SSH_OPT_CONSTRAIN_MAXSIGN	   3
+#define	SSH_OPT_CONSTRAIN_EXTENSION	 255
 
 /* Response types. */
 #define SSH_RESPONSE_SUCCESS               6
@@ -3165,6 +3167,11 @@ ssh_handler_add_identity (ctrl_t ctrl, estream_t request, estream_t response)
 	    break;
 	  }
 
+	case SSH_OPT_CONSTRAIN_MAXSIGN:
+	case SSH_OPT_CONSTRAIN_EXTENSION:
+          /* Not yet implemented.  */
+          break;
+
 	default:
 	  /* FIXME: log/bad?  */
 	  break;
@@ -3387,6 +3394,13 @@ ssh_handler_extension (ctrl_t ctrl, estream_t request, estream_t response)
           (response, session_env_list_stdenvnames (NULL, NULL));
       goto finalleave;
     }
+  else if (!strcmp (exttype, "[email protected]"))
+    {
+      ret_err = stream_write_byte (response, SSH_RESPONSE_SUCCESS);
+      log_info ("ssh-agent extension '%s' ignored - returning success anyway\n",
+                exttype);
+      goto finalleave;
+    }
   else
     {
       if (opt.verbose)