Google Git
Sign in
gerrit / gerrit / d41bbc6eaed0e1889eee4325f24827a09511e81a^! / .
commitd41bbc6eaed0e1889eee4325f24827a09511e81a[log] [tgz]
authorShawn O. Pearce <sop@google.com>Tue Jun 02 19:19:24 2009 -0700
committerShawn O. Pearce <sop@google.com>Tue Jun 02 19:20:13 2009 -0700
treed6d5a2bec8c8f4ba3f48a339d091bcb80f81ba6a
parent8059fac9ecc1dcae1cbce78d1a8ea84886de2a7c [diff]
Don't reverse resolve CNAMEs when advertising our SSHD

If the sshd.listenAddress has been configured to a CNAME, because
that is the name that clients should create "Host" configuration
blocks in ~/.ssh/config with, Gerrit must ensure we advertise the
CNAME in the server host key display, and in the output of the
/ssh_info URL for "repo upload".  If we force the host name into
a canonical host name, we'll actually do the reverse lookup on
the IP and potentially get a different hostname than the one we
were supplied in the configuration file, causing clients to see
an address that the administrator was trying to hide.

Signed-off-by: Shawn O. Pearce <sop@google.com>

diff --git a/src/main/java/com/google/gerrit/server/SystemInfoServiceImpl.java b/src/main/java/com/google/gerrit/server/SystemInfoServiceImpl.java
index 8a674b6..2b361df 100644
--- a/src/main/java/com/google/gerrit/server/SystemInfoServiceImpl.java
+++ b/src/main/java/com/google/gerrit/server/SystemInfoServiceImpl.java

@@ -61,7 +61,7 @@
           String host;
           if (ip != null && ip.isAnyLocalAddress()) {
             host = "";
-          } else if (ip instanceof Inet6Address) {
+          } else if (isIPv6(ip)) {
             host = "[" + addr.getHostName() + "]";
           } else {
             host = addr.getHostName();
@@ -76,6 +76,11 @@
     return cfg;
   }
 
+  private static boolean isIPv6(final InetAddress ip) {
+    return ip instanceof Inet6Address
+        && ip.getHostName().equals(ip.getHostAddress());
+  }
+
   public void loadGerritConfig(final AsyncCallback<GerritConfig> callback) {
     callback.onSuccess(getGerritConfig());
   }
@@ -155,7 +160,7 @@
       addr = new InetSocketAddress(ip, addr.getPort());
     }
 
-    if (addr.getPort() == 22 && !(ip instanceof Inet6Address)) {
+    if (addr.getPort() == 22 && !isIPv6(ip)) {
       return addr.getHostName();
     }
     return "[" + addr.getHostName() + "]:" + addr.getPort();

diff --git a/src/main/java/com/google/gerrit/server/ssh/GerritSshDaemon.java b/src/main/java/com/google/gerrit/server/ssh/GerritSshDaemon.java
index 1d5e837..30c67e4 100644
--- a/src/main/java/com/google/gerrit/server/ssh/GerritSshDaemon.java
+++ b/src/main/java/com/google/gerrit/server/ssh/GerritSshDaemon.java

@@ -159,7 +159,7 @@
       if (hostAddr.isAnyLocalAddress()) {
         host = "*";
       } else {
-        host = "[" + hostAddr.getCanonicalHostName() + "]";
+        host = "[" + hostAddr.getHostName() + "]";
       }
       return host + ":" + inetAddr.getPort();
     }
@@ -204,15 +204,7 @@
       if (inetAddr.getAddress().isLoopbackAddress()) {
         continue;
       }
-      if (inetAddr.getAddress().isAnyLocalAddress()) {
-        return inetAddr;
-      }
-
-      String host = inetAddr.getAddress().getCanonicalHostName();
-      if (host.equals(inetAddr.getAddress().getHostAddress())) {
-        return inetAddr;
-      }
-      return InetSocketAddress.createUnresolved(host, inetAddr.getPort());
+      return inetAddr;
     }
     return null;
   }

diff --git a/src/main/java/com/google/gerrit/server/ssh/SshServlet.java b/src/main/java/com/google/gerrit/server/ssh/SshServlet.java
index 01df417..95ef54a 100644
--- a/src/main/java/com/google/gerrit/server/ssh/SshServlet.java
+++ b/src/main/java/com/google/gerrit/server/ssh/SshServlet.java

@@ -23,7 +23,6 @@
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.SocketException;
-import java.net.UnknownHostException;
 
 import javax.servlet.ServletConfig;
 import javax.servlet.ServletException;