From: Evan Broder <broder@mit.edu>
Date: Sun, 26 Apr 2009 01:49:30 +0000 (-0400)
Subject: First attempt at invirtifying ssh.
X-Git-Tag: invirt1^0
X-Git-Url: http://xvm.mit.edu/gitweb/invirt/third/openssh.git/commitdiff_plain/20a40875dee946cbfb7e6ff754c4f5e92ca321d1

First attempt at invirtifying ssh.

This patch will set SSH_GSSAPI_NAME if GSSAPI was ever used in the
login process (including for gss-keyex). It could be the first step
towards being able to use Kerberos authentication for git commits.

svn path=/trunk/third/openssh/; revision=2301
---

20a40875dee946cbfb7e6ff754c4f5e92ca321d1
diff --git a/gssapi-name-in-env.patch b/gssapi-name-in-env.patch
new file mode 100644
index 0000000..a699232
--- /dev/null
+++ b/gssapi-name-in-env.patch
@@ -0,0 +1,16 @@
+--- openssh-4.7p1/gss-serv.c
++++ openssh-4.7p1/gss-serv.c
+@@ -355,6 +355,13 @@
+ 		child_set_env(envp, envsizep, gssapi_client.store.envvar,
+ 		    gssapi_client.store.envval);
+ 	}
++	if (gssapi_client.exportedname.length != 0 &&
++	    gssapi_client.exportedname.value != NULL) {
++	        debug("Setting %s to %s", "SSH_GSSAPI_NAME",
++		    gssapi_client.exportedname.value);
++		child_set_env(envp, envsizep, "SSH_GSSAPI_NAME",
++		    gssapi_client.exportedname.value);
++	}
+ }
+ 
+ /* Privileged */
diff --git a/invirtify-openssh b/invirtify-openssh
new file mode 100755
index 0000000..ba90580
--- /dev/null
+++ b/invirtify-openssh
@@ -0,0 +1,21 @@
+#!/bin/sh
+set -e
+
+name=openssh
+ivversionappend=invirt1
+
+dir=$(cd "$(dirname "$0")"; pwd)
+
+hack_package () {
+    patch -p1 < "$dir/gssapi-name-in-env.patch"
+    append_description <<EOF
+ .
+ This package was rebuilt for the Invirt project to add support for
+ setting the SSH_GSSAPI_NAME variable on GSSAPI logins.
+EOF
+    add_changelog 'Set SSH_GSSAPI_NAME on GSSAPI logins.'
+    add_invirt_provides
+    munge_sections
+}
+
+. ../common/invirtificator.sh