===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshd.c,v
retrieving revision 1.431
retrieving revision 1.432
diff -u -r1.431 -r1.432
--- src/usr.bin/ssh/sshd.c	2015/01/07 18:15:07	1.431
+++ src/usr.bin/ssh/sshd.c	2015/01/14 20:05:27	1.432
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.431 2015/01/07 18:15:07 tedu Exp $ */
+/* $OpenBSD: sshd.c,v 1.432 2015/01/14 20:05:27 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -105,6 +105,7 @@
 #include "roaming.h"
 #include "ssh-sandbox.h"
 #include "version.h"
+#include "ssherr.h"
 
 #ifndef O_NOCTTY
 #define O_NOCTTY	0
@@ -172,7 +173,7 @@
 Kex *xxx_kex;
 
 /* Daemon's agent connection */
-AuthenticationConnection *auth_conn = NULL;
+int auth_sock = -1;
 int have_agent = 0;
 
 /*
@@ -631,7 +632,7 @@
 static int
 privsep_preauth(Authctxt *authctxt)
 {
-	int status;
+	int status, r;
 	pid_t pid;
 	struct ssh_sandbox *box = NULL;
 
@@ -649,8 +650,14 @@
 		debug2("Network child is on pid %ld", (long)pid);
 
 		pmonitor->m_pid = pid;
-		if (have_agent)
-			auth_conn = ssh_get_authentication_connection();
+		if (have_agent) {
+			r = ssh_get_authentication_socket(&auth_sock);
+			if (r != 0) {
+				error("Could not get agent socket: %s",
+				    ssh_err(r));
+				have_agent = 0;
+			}
+		}
 		if (box != NULL)
 			ssh_sandbox_parent_preauth(box, pid);
 		monitor_child_preauth(authctxt, pmonitor);
@@ -1331,7 +1338,7 @@
 {
 	extern char *optarg;
 	extern int optind;
-	int opt, i, j, on = 1;
+	int r, opt, i, j, on = 1;
 	int sock_in = -1, sock_out = -1, newsock = -1;
 	const char *remote_ip;
 	int remote_port;
@@ -1592,7 +1599,7 @@
 		if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME))
 			setenv(SSH_AUTHSOCKET_ENV_NAME,
 			    options.host_key_agent, 1);
-		have_agent = ssh_agent_present();
+		have_agent = ssh_get_authentication_socket(NULL);
 	}
 
 	for (i = 0; i < options.num_host_key_files; i++) {
@@ -1957,8 +1964,12 @@
 	if (use_privsep) {
 		if (privsep_preauth(authctxt) == 1)
 			goto authenticated;
-	} else if (compat20 && have_agent)
-		auth_conn = ssh_get_authentication_connection();
+	} else if (compat20 && have_agent) {
+		if ((r = ssh_get_authentication_socket(&auth_sock)) != 0) {
+			error("Unable to get agent socket: %s", ssh_err(r));
+			have_agent = -1;
+		}
+	}
 
 	/* perform the key exchange */
 	/* authenticate user and start session */
@@ -2251,6 +2262,8 @@
 sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, u_int *slen,
     u_char *data, u_int dlen)
 {
+	int r;
+
 	if (privkey) {
 		if (PRIVSEP(key_sign(privkey, signature, slen, data, dlen) < 0))
 			fatal("%s: key_sign failed", __func__);
@@ -2258,9 +2271,15 @@
 		if (mm_key_sign(pubkey, signature, slen, data, dlen) < 0)
 			fatal("%s: pubkey_sign failed", __func__);
 	} else {
-		if (ssh_agent_sign(auth_conn, pubkey, signature, slen, data,
-		    dlen))
-			fatal("%s: ssh_agent_sign failed", __func__);
+		size_t xxx_slen;
+
+		if ((r = ssh_agent_sign(auth_sock, pubkey, signature, &xxx_slen,
+		    data, dlen, datafellows)) != 0)
+			fatal("%s: ssh_agent_sign failed: %s",
+			    __func__, ssh_err(r));
+		/* XXX: Old API is u_int; new size_t */
+		if (slen != NULL)
+			*slen = xxx_slen;
 	}
 }