Mercurial > kallithea
changeset 7832:75b0d3fd6303
ssh: handle IPv6 ssh connections
Performing ssh actions towards Kallithea via an IPv6 connection gave the
following error:
$ hg incoming ssh://kallithea@example.com/repo
remote: Traceback (most recent call last):
remote: File ".../bin/kallithea-cli", line 11, in <module>
remote: load_entry_point('Kallithea', 'console_scripts', 'kallithea-cli')()
remote: File ".../python2.7/site-packages/click/core.py", line 764, in __call__
remote: return self.main(*args, **kwargs)
remote: File ".../python2.7/site-packages/click/core.py", line 717, in main
remote: rv = self.invoke(ctx)
remote: File ".../python2.7/site-packages/click/core.py", line 1137, in invoke
remote: return _process_result(sub_ctx.command.invoke(sub_ctx))
remote: File ".../python2.7/site-packages/click/core.py", line 956, in invoke
remote: return ctx.invoke(self.callback, **ctx.params)
remote: File ".../python2.7/site-packages/click/core.py", line 555, in invoke
remote: return callback(*args, **kwargs)
remote: File ".../kallithea/bin/kallithea_cli_base.py", line 79, in runtime_wrapper
remote: return annotated(*args, **kwargs)
remote: File ".../kallithea/bin/kallithea_cli_ssh.py", line 74, in ssh_serve
remote: vcs_handler.serve(user_id, key_id, client_ip)
remote: File ".../kallithea/lib/vcs/backends/ssh.py", line 65, in serve
remote: self.authuser = AuthUser.make(dbuser=dbuser, ip_addr=client_ip)
remote: File ".../kallithea/lib/auth.py", line 407, in make
remote: if not check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips):
remote: File ".../kallithea/lib/auth.py", line 860, in check_ip_access
remote: if ipaddr.IPAddress(source_ip) in ipaddr.IPNetwork(ip):
remote: File ".../kallithea/lib/ipaddr.py", line 76, in IPAddress
remote:
remote: ValueError: '2' does not appear to be an IPv4 or IPv6 address
abort: no suitable response from remote hg!
This was caused by IPv4-exclusive parsing of the SSH_CONNECTION variable.
With an IPv6 address starting with '2a02:1810:', only the first '2' would
survive.
According to 'man 1 ssh':
SSH_CONNECTION Identifies the client and server ends of the con‐
nection. The variable contains four space-sepa‐
rated values: client IP address, client port num‐
ber, server IP address, and server port number.
So, the client IP address will be the first space-separated word, regardless
of IPv4 or IPv6. Use that knowledge without further parsing.
(commit message by Thomas De Schampheleire)
| author | Mads Kiilerich <mads@kiilerich.com> |
|---|---|
| date | Wed, 14 Aug 2019 20:59:27 +0200 |
| parents | df05acbbfde0 |
| children | 52637097d62f |
| files | kallithea/bin/kallithea_cli_ssh.py |
| diffstat | 1 files changed, 1 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/bin/kallithea_cli_ssh.py Tue Aug 13 21:51:03 2019 +0200 +++ b/kallithea/bin/kallithea_cli_ssh.py Wed Aug 14 20:59:27 2019 +0200 @@ -52,8 +52,7 @@ os.environ['LANGUAGE'] = ssh_locale # trumps LC_ALL for GNU gettext message handling ssh_original_command = os.environ.get('SSH_ORIGINAL_COMMAND', '') - connection = re.search(r'^([0-9.]+)', os.environ.get('SSH_CONNECTION', '')) - client_ip = connection.group(1) if connection else '0.0.0.0' + client_ip = os.environ.get('SSH_CONNECTION', '').split(' ', 1)[0] or '0.0.0.0' log.debug('ssh-serve was invoked for SSH command %r from %s', ssh_original_command, client_ip) if not ssh_original_command: