From 20a40875dee946cbfb7e6ff754c4f5e92ca321d1 Mon Sep 17 00:00:00 2001
From: Evan Broder <broder@mit.edu>
Date: Sat, 25 Apr 2009 21:49:30 -0400
Subject: [PATCH 1/1] First attempt at invirtifying ssh.

This patch will set SSH_GSSAPI_NAME if GSSAPI was ever used in the
login process (including for gss-keyex). It could be the first step
towards being able to use Kerberos authentication for git commits.

svn path=/trunk/third/openssh/; revision=2301
---
 gssapi-name-in-env.patch |   16 ++++++++++++++++
 invirtify-openssh        |   21 +++++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 gssapi-name-in-env.patch
 create mode 100755 invirtify-openssh

diff --git a/gssapi-name-in-env.patch b/gssapi-name-in-env.patch
new file mode 100644
index 0000000..a699232
--- /dev/null
+++ b/gssapi-name-in-env.patch
@@ -0,0 +1,16 @@
+--- openssh-4.7p1/gss-serv.c
++++ openssh-4.7p1/gss-serv.c
+@@ -355,6 +355,13 @@
+ 		child_set_env(envp, envsizep, gssapi_client.store.envvar,
+ 		    gssapi_client.store.envval);
+ 	}
++	if (gssapi_client.exportedname.length != 0 &&
++	    gssapi_client.exportedname.value != NULL) {
++	        debug("Setting %s to %s", "SSH_GSSAPI_NAME",
++		    gssapi_client.exportedname.value);
++		child_set_env(envp, envsizep, "SSH_GSSAPI_NAME",
++		    gssapi_client.exportedname.value);
++	}
+ }
+ 
+ /* Privileged */
diff --git a/invirtify-openssh b/invirtify-openssh
new file mode 100755
index 0000000..ba90580
--- /dev/null
+++ b/invirtify-openssh
@@ -0,0 +1,21 @@
+#!/bin/sh
+set -e
+
+name=openssh
+ivversionappend=invirt1
+
+dir=$(cd "$(dirname "$0")"; pwd)
+
+hack_package () {
+    patch -p1 < "$dir/gssapi-name-in-env.patch"
+    append_description <<EOF
+ .
+ This package was rebuilt for the Invirt project to add support for
+ setting the SSH_GSSAPI_NAME variable on GSSAPI logins.
+EOF
+    add_changelog 'Set SSH_GSSAPI_NAME on GSSAPI logins.'
+    add_invirt_provides
+    munge_sections
+}
+
+. ../common/invirtificator.sh
-- 
1.7.9.5