Don't reverse resolve CNAMEs when advertising our SSHD

If the sshd.listenAddress has been configured to a CNAME, because
that is the name that clients should create "Host" configuration
blocks in ~/.ssh/config with, Gerrit must ensure we advertise the
CNAME in the server host key display, and in the output of the
/ssh_info URL for "repo upload".  If we force the host name into
a canonical host name, we'll actually do the reverse lookup on
the IP and potentially get a different hostname than the one we
were supplied in the configuration file, causing clients to see
an address that the administrator was trying to hide.

Signed-off-by: Shawn O. Pearce <sop@google.com>

3 files changed, 9 insertions, 13 deletions

diff --git a/src/main/java/com/google/gerrit/server/SystemInfoServiceImpl.java b/src/main/java/com/google/gerrit/server/SystemInfoServiceImpl.java
index 8a674b694d..2b361df7f1 100644
--- a/src/main/java/com/google/gerrit/server/SystemInfoServiceImpl.java
+++ b/src/main/java/com/google/gerrit/server/SystemInfoServiceImpl.java
@@ -61,7 +61,7 @@ public class SystemInfoServiceImpl implements SystemInfoService {
           String host;
           if (ip != null && ip.isAnyLocalAddress()) {
             host = "";
-          } else if (ip instanceof Inet6Address) {
+          } else if (isIPv6(ip)) {
             host = "[" + addr.getHostName() + "]";
           } else {
             host = addr.getHostName();
@@ -76,6 +76,11 @@ public class SystemInfoServiceImpl implements SystemInfoService {
     return cfg;
   }
 
+  private static boolean isIPv6(final InetAddress ip) {
+    return ip instanceof Inet6Address
+        && ip.getHostName().equals(ip.getHostAddress());
+  }
+
   public void loadGerritConfig(final AsyncCallback<GerritConfig> callback) {
     callback.onSuccess(getGerritConfig());
   }
@@ -155,7 +160,7 @@ public class SystemInfoServiceImpl implements SystemInfoService {
       addr = new InetSocketAddress(ip, addr.getPort());
     }
 
-    if (addr.getPort() == 22 && !(ip instanceof Inet6Address)) {
+    if (addr.getPort() == 22 && !isIPv6(ip)) {
       return addr.getHostName();
     }
     return "[" + addr.getHostName() + "]:" + addr.getPort();
diff --git a/src/main/java/com/google/gerrit/server/ssh/GerritSshDaemon.java b/src/main/java/com/google/gerrit/server/ssh/GerritSshDaemon.java
index 1d5e837ffb..30c67e4e1f 100644
--- a/src/main/java/com/google/gerrit/server/ssh/GerritSshDaemon.java
+++ b/src/main/java/com/google/gerrit/server/ssh/GerritSshDaemon.java
@@ -159,7 +159,7 @@ public class GerritSshDaemon extends SshServer {
       if (hostAddr.isAnyLocalAddress()) {
         host = "*";
       } else {
-        host = "[" + hostAddr.getCanonicalHostName() + "]";
+        host = "[" + hostAddr.getHostName() + "]";
       }
       return host + ":" + inetAddr.getPort();
     }
@@ -204,15 +204,7 @@ public class GerritSshDaemon extends SshServer {
       if (inetAddr.getAddress().isLoopbackAddress()) {
         continue;
       }
-      if (inetAddr.getAddress().isAnyLocalAddress()) {
-        return inetAddr;
-      }
-
-      String host = inetAddr.getAddress().getCanonicalHostName();
-      if (host.equals(inetAddr.getAddress().getHostAddress())) {
-        return inetAddr;
-      }
-      return InetSocketAddress.createUnresolved(host, inetAddr.getPort());
+      return inetAddr;
     }
     return null;
   }
diff --git a/src/main/java/com/google/gerrit/server/ssh/SshServlet.java b/src/main/java/com/google/gerrit/server/ssh/SshServlet.java
index 01df417fed..95ef54aa72 100644
--- a/src/main/java/com/google/gerrit/server/ssh/SshServlet.java
+++ b/src/main/java/com/google/gerrit/server/ssh/SshServlet.java
@@ -23,7 +23,6 @@ import java.net.Inet6Address;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.SocketException;
-import java.net.UnknownHostException;
 
 import javax.servlet.ServletConfig;
 import javax.servlet.ServletException;