First attempt at invirtifying ssh.

This patch will set SSH_GSSAPI_NAME if GSSAPI was ever used in the
login process (including for gss-keyex). It could be the first step
towards being able to use Kerberos authentication for git commits.

svn path=/trunk/third/openssh/; revision=2301

diff --git a/gssapi-name-in-env.patch b/gssapi-name-in-env.patch
new file mode 100644 (file)
index 0000000..a699232
--- /dev/null
+++ b/gssapi-name-in-env.patch
@@ -0,0 +1,16 @@
+--- openssh-4.7p1/gss-serv.c
++++ openssh-4.7p1/gss-serv.c
+@@ -355,6 +355,13 @@
+               child_set_env(envp, envsizep, gssapi_client.store.envvar,
+                   gssapi_client.store.envval);
+       }
++      if (gssapi_client.exportedname.length != 0 &&
++          gssapi_client.exportedname.value != NULL) {
++              debug("Setting %s to %s", "SSH_GSSAPI_NAME",
++                  gssapi_client.exportedname.value);
++              child_set_env(envp, envsizep, "SSH_GSSAPI_NAME",
++                  gssapi_client.exportedname.value);
++      }
+ }
+ 
+ /* Privileged */

diff --git a/invirtify-openssh b/invirtify-openssh
new file mode 100755 (executable)
index 0000000..ba90580
--- /dev/null
+++ b/invirtify-openssh
@@ -0,0 +1,21 @@
+#!/bin/sh
+set -e
+
+name=openssh
+ivversionappend=invirt1
+
+dir=$(cd "$(dirname "$0")"; pwd)
+
+hack_package () {
+    patch -p1 < "$dir/gssapi-name-in-env.patch"
+    append_description <<EOF
+ .
+ This package was rebuilt for the Invirt project to add support for
+ setting the SSH_GSSAPI_NAME variable on GSSAPI logins.
+EOF
+    add_changelog 'Set SSH_GSSAPI_NAME on GSSAPI logins.'
+    add_invirt_provides
+    munge_sections
+}
+
+. ../common/invirtificator.sh