Don't reverse resolve CNAMEs when advertising our SSHD
If the sshd.listenAddress has been configured to a CNAME, because
that is the name that clients should create "Host" configuration
blocks in ~/.ssh/config with, Gerrit must ensure we advertise the
CNAME in the server host key display, and in the output of the
/ssh_info URL for "repo upload". If we force the host name into
a canonical host name, we'll actually do the reverse lookup on
the IP and potentially get a different hostname than the one we
were supplied in the configuration file, causing clients to see
an address that the administrator was trying to hide.
Signed-off-by: Shawn O. Pearce <sop@google.com>
diff --git a/src/main/java/com/google/gerrit/server/SystemInfoServiceImpl.java b/src/main/java/com/google/gerrit/server/SystemInfoServiceImpl.java
index 8a674b6..2b361df 100644
--- a/src/main/java/com/google/gerrit/server/SystemInfoServiceImpl.java
+++ b/src/main/java/com/google/gerrit/server/SystemInfoServiceImpl.java
@@ -61,7 +61,7 @@
String host;
if (ip != null && ip.isAnyLocalAddress()) {
host = "";
- } else if (ip instanceof Inet6Address) {
+ } else if (isIPv6(ip)) {
host = "[" + addr.getHostName() + "]";
} else {
host = addr.getHostName();
@@ -76,6 +76,11 @@
return cfg;
}
+ private static boolean isIPv6(final InetAddress ip) {
+ return ip instanceof Inet6Address
+ && ip.getHostName().equals(ip.getHostAddress());
+ }
+
public void loadGerritConfig(final AsyncCallback<GerritConfig> callback) {
callback.onSuccess(getGerritConfig());
}
@@ -155,7 +160,7 @@
addr = new InetSocketAddress(ip, addr.getPort());
}
- if (addr.getPort() == 22 && !(ip instanceof Inet6Address)) {
+ if (addr.getPort() == 22 && !isIPv6(ip)) {
return addr.getHostName();
}
return "[" + addr.getHostName() + "]:" + addr.getPort();
diff --git a/src/main/java/com/google/gerrit/server/ssh/GerritSshDaemon.java b/src/main/java/com/google/gerrit/server/ssh/GerritSshDaemon.java
index 1d5e837..30c67e4 100644
--- a/src/main/java/com/google/gerrit/server/ssh/GerritSshDaemon.java
+++ b/src/main/java/com/google/gerrit/server/ssh/GerritSshDaemon.java
@@ -159,7 +159,7 @@
if (hostAddr.isAnyLocalAddress()) {
host = "*";
} else {
- host = "[" + hostAddr.getCanonicalHostName() + "]";
+ host = "[" + hostAddr.getHostName() + "]";
}
return host + ":" + inetAddr.getPort();
}
@@ -204,15 +204,7 @@
if (inetAddr.getAddress().isLoopbackAddress()) {
continue;
}
- if (inetAddr.getAddress().isAnyLocalAddress()) {
- return inetAddr;
- }
-
- String host = inetAddr.getAddress().getCanonicalHostName();
- if (host.equals(inetAddr.getAddress().getHostAddress())) {
- return inetAddr;
- }
- return InetSocketAddress.createUnresolved(host, inetAddr.getPort());
+ return inetAddr;
}
return null;
}
diff --git a/src/main/java/com/google/gerrit/server/ssh/SshServlet.java b/src/main/java/com/google/gerrit/server/ssh/SshServlet.java
index 01df417..95ef54a 100644
--- a/src/main/java/com/google/gerrit/server/ssh/SshServlet.java
+++ b/src/main/java/com/google/gerrit/server/ssh/SshServlet.java
@@ -23,7 +23,6 @@
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.SocketException;
-import java.net.UnknownHostException;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;