diff options
author | Shawn O. Pearce <sop@google.com> | 2009-06-02 19:19:24 -0700 |
---|---|---|
committer | Shawn O. Pearce <sop@google.com> | 2009-06-02 19:20:13 -0700 |
commit | d41bbc6eaed0e1889eee4325f24827a09511e81a (patch) | |
tree | d6d5a2bec8c8f4ba3f48a339d091bcb80f81ba6a | |
parent | 8059fac9ecc1dcae1cbce78d1a8ea84886de2a7c (diff) |
Don't reverse resolve CNAMEs when advertising our SSHD
If the sshd.listenAddress has been configured to a CNAME, because
that is the name that clients should create "Host" configuration
blocks in ~/.ssh/config with, Gerrit must ensure we advertise the
CNAME in the server host key display, and in the output of the
/ssh_info URL for "repo upload". If we force the host name into
a canonical host name, we'll actually do the reverse lookup on
the IP and potentially get a different hostname than the one we
were supplied in the configuration file, causing clients to see
an address that the administrator was trying to hide.
Signed-off-by: Shawn O. Pearce <sop@google.com>
3 files changed, 9 insertions, 13 deletions
diff --git a/src/main/java/com/google/gerrit/server/SystemInfoServiceImpl.java b/src/main/java/com/google/gerrit/server/SystemInfoServiceImpl.java index 8a674b694d..2b361df7f1 100644 --- a/src/main/java/com/google/gerrit/server/SystemInfoServiceImpl.java +++ b/src/main/java/com/google/gerrit/server/SystemInfoServiceImpl.java @@ -61,7 +61,7 @@ public class SystemInfoServiceImpl implements SystemInfoService { String host; if (ip != null && ip.isAnyLocalAddress()) { host = ""; - } else if (ip instanceof Inet6Address) { + } else if (isIPv6(ip)) { host = "[" + addr.getHostName() + "]"; } else { host = addr.getHostName(); @@ -76,6 +76,11 @@ public class SystemInfoServiceImpl implements SystemInfoService { return cfg; } + private static boolean isIPv6(final InetAddress ip) { + return ip instanceof Inet6Address + && ip.getHostName().equals(ip.getHostAddress()); + } + public void loadGerritConfig(final AsyncCallback<GerritConfig> callback) { callback.onSuccess(getGerritConfig()); } @@ -155,7 +160,7 @@ public class SystemInfoServiceImpl implements SystemInfoService { addr = new InetSocketAddress(ip, addr.getPort()); } - if (addr.getPort() == 22 && !(ip instanceof Inet6Address)) { + if (addr.getPort() == 22 && !isIPv6(ip)) { return addr.getHostName(); } return "[" + addr.getHostName() + "]:" + addr.getPort(); diff --git a/src/main/java/com/google/gerrit/server/ssh/GerritSshDaemon.java b/src/main/java/com/google/gerrit/server/ssh/GerritSshDaemon.java index 1d5e837ffb..30c67e4e1f 100644 --- a/src/main/java/com/google/gerrit/server/ssh/GerritSshDaemon.java +++ b/src/main/java/com/google/gerrit/server/ssh/GerritSshDaemon.java @@ -159,7 +159,7 @@ public class GerritSshDaemon extends SshServer { if (hostAddr.isAnyLocalAddress()) { host = "*"; } else { - host = "[" + hostAddr.getCanonicalHostName() + "]"; + host = "[" + hostAddr.getHostName() + "]"; } return host + ":" + inetAddr.getPort(); } @@ -204,15 +204,7 @@ public class GerritSshDaemon extends SshServer { if (inetAddr.getAddress().isLoopbackAddress()) { continue; } - if (inetAddr.getAddress().isAnyLocalAddress()) { - return inetAddr; - } - - String host = inetAddr.getAddress().getCanonicalHostName(); - if (host.equals(inetAddr.getAddress().getHostAddress())) { - return inetAddr; - } - return InetSocketAddress.createUnresolved(host, inetAddr.getPort()); + return inetAddr; } return null; } diff --git a/src/main/java/com/google/gerrit/server/ssh/SshServlet.java b/src/main/java/com/google/gerrit/server/ssh/SshServlet.java index 01df417fed..95ef54aa72 100644 --- a/src/main/java/com/google/gerrit/server/ssh/SshServlet.java +++ b/src/main/java/com/google/gerrit/server/ssh/SshServlet.java @@ -23,7 +23,6 @@ import java.net.Inet6Address; import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.SocketException; -import java.net.UnknownHostException; import javax.servlet.ServletConfig; import javax.servlet.ServletException; |