Hi,

This implements the "query" extension from the ssh-agent I-D:
https://www.ietf.org/archive/id/draft-ietf-sshm-ssh-agent-15.html#name-query-extension

It's very straightforward; it just returns a list of strings. OpenSSH
supports only one extension request type, so it's a list with only
one entry.

ok?

diff --git a/authfd.h b/authfd.h
index 958d480..05ed763 100644
--- a/authfd.h
+++ b/authfd.h
@@ -102,6 +102,9 @@ int	ssh_agent_bind_hostkey(int sock, const struct sshkey *key,
 
 /* generic extension mechanism */
 #define SSH_AGENTC_EXTENSION			27
+#define SSH_AGENT_EXTENSION_FAILURE		28
+#define SSH_AGENT_EXTENSION_FAILURE		28
+#define SSH_AGENT_EXTENSION_RESPONSE		29
 
 #define	SSH_AGENT_CONSTRAIN_LIFETIME		1
 #define	SSH_AGENT_CONSTRAIN_CONFIRM		2
diff --git a/ssh-agent.c b/ssh-agent.c
index be08bf2..13469ca 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1753,6 +1753,26 @@ process_ext_session_bind(SocketEntry *e)
 	return r == 0 ? 1 : 0;
 }
 
+static int
+process_ext_query(SocketEntry *e)
+{
+	int r;
+	struct sshbuf *msg = NULL;
+
+	debug2_f("entering");
+	if ((msg = sshbuf_new()) == NULL)
+		fatal_f("sshbuf_new failed");
+	if ((r = sshbuf_put_u8(msg, SSH_AGENT_EXTENSION_RESPONSE)) != 0 ||
+	    (r = sshbuf_put_cstring(msg, "query")) != 0 ||
+	    /* string[]     supported extension types */
+	    (r = sshbuf_put_cstring(msg, "session-bind@openssh.com")) != 0)
+		fatal_fr(r, "compose");
+	if ((r = sshbuf_put_stringb(e->output, msg)) != 0)
+		fatal_fr(r, "enqueue");
+	sshbuf_free(msg);
+	return 1;
+}
+
 static void
 process_extension(SocketEntry *e)
 {
@@ -1764,7 +1784,9 @@ process_extension(SocketEntry *e)
 		error_fr(r, "parse");
 		goto send;
 	}
-	if (strcmp(name, "session-bind@openssh.com") == 0)
+	if (strcmp(name, "query") == 0)
+		success = process_ext_query(e);
+	else if (strcmp(name, "session-bind@openssh.com") == 0)
 		success = process_ext_session_bind(e);
 	else
 		debug_f("unsupported extension \"%s\"", name);