[X2go-Commits] nx-libs.git - master (branch) updated: redist-server/3.5.0.14-11-gb9a7a1b

X2Go dev team git-admin at x2go.org
Mon Sep 17 16:50:24 CEST 2012


The branch, master has been updated
       via  b9a7a1b4fe1b74fb734da22364ea42a42e88368c (commit)
      from  f83009075ecc3baa1087b42ef385a0870ec71daa (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b9a7a1b4fe1b74fb734da22364ea42a42e88368c
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Mon Sep 17 16:50:15 2012 +0200

    Add patch: 220_nxproxy-bind-loopback-only.patch, adds loopback option to nxproxy options and forces nxproxy to bind to loopback devices only.

-----------------------------------------------------------------------

Summary of changes:
 debian/changelog                                   |    2 +
 .../patches/220_nxproxy-bind-loopback-only.patch   |  130 ++++++++++++++++++++
 debian/patches/series                              |    1 +
 3 files changed, 133 insertions(+), 0 deletions(-)
 create mode 100644 debian/patches/220_nxproxy-bind-loopback-only.patch

The diff of changes is:
diff --git a/debian/changelog b/debian/changelog
index e281ea7..630d97e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -13,6 +13,8 @@ nx-libs (2:3.5.0.15-0) UNRELEASED; urgency=low
   * /debian/control:
     + Maintainer change in package: X2Go Developers <x2go-dev at lists.berlios.de>.
     + Priority: optional.
+  * Add patch: 220_nxproxy-bind-loopback-only.patch, adds loopback option to
+    nxproxy options and forces nxproxy to bind to loopback devices only.
 
  -- Mike Gabriel <mike.gabriel at das-netzwerkteam.de>  Thu, 28 Jun 2012 14:54:51 +0200
 
diff --git a/debian/patches/220_nxproxy-bind-loopback-only.patch b/debian/patches/220_nxproxy-bind-loopback-only.patch
new file mode 100644
index 0000000..b8f8765
--- /dev/null
+++ b/debian/patches/220_nxproxy-bind-loopback-only.patch
@@ -0,0 +1,130 @@
+Description: Force NX proxy to bind to loopback devices only (loopback option)
+Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
+--- a/nxcomp/Loop.cpp
++++ b/nxcomp/Loop.cpp
+@@ -952,6 +952,7 @@
+ static char displayHost[DEFAULT_STRING_LENGTH] = { 0 };
+ static char authCookie[DEFAULT_STRING_LENGTH]  = { 0 };
+ 
++static int loopbackBind = DEFAULT_LOOPBACK_BIND;
+ static int proxyPort = DEFAULT_NX_PROXY_PORT;
+ static int xPort     = DEFAULT_NX_X_PORT;
+ 
+@@ -3959,7 +3960,14 @@
+ 
+   tcpAddr.sin_family = AF_INET;
+   tcpAddr.sin_port = htons(proxyPortTCP);
+-  tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY);
++  if ( loopbackBind )
++  {
++    tcpAddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
++  }
++  else
++  {
++    tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY);
++  }
+ 
+   if (bind(tcpFD, (sockaddr *) &tcpAddr, sizeof(tcpAddr)) == -1)
+   {
+@@ -4512,7 +4520,14 @@
+ 
+   tcpAddr.sin_family = AF_INET;
+   tcpAddr.sin_port = htons(portTCP);
+-  tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY);
++  if ( loopbackBind )
++  {
++    tcpAddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
++  }
++  else
++  {
++    tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY);
++  }
+ 
+   if (bind(newFD, (sockaddr *) &tcpAddr, sizeof(tcpAddr)) == -1)
+   {
+@@ -6680,7 +6695,14 @@
+ 
+   #ifdef __APPLE__
+ 
+-  tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY);
++  if ( loopbackBind )
++  {
++    tcpAddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
++  }
++  else
++  {
++    tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY);
++  }
+ 
+   #else
+ 
+@@ -8359,6 +8381,10 @@
+ 
+       listenPort = ValidateArg("local", name, value);
+     }
++    else if (strcasecmp(name, "loopback") == 0)
++    {
++      loopbackBind = ValidateArg("local", name, value);
++    }
+     else if (strcasecmp(name, "accept") == 0)
+     {
+       if (*connectHost != '\0')
+@@ -13735,7 +13761,14 @@
+     }
+     else
+     {
+-      address = htonl(INADDR_ANY);
++      if ( loopbackBind )
++      {
++        address = htonl(INADDR_LOOPBACK);
++      }
++      else
++      {
++        address = htonl(INADDR_ANY);
++      }
+     }
+   }
+   else
+--- a/nxcomp/Misc.cpp
++++ b/nxcomp/Misc.cpp
+@@ -42,6 +42,14 @@
+ #undef  DEBUG
+ 
+ //
++// By default nxproxy binds to all network interfaces, setting
++// DEFAULT_LOOPBACK_BIND to 1 enables binding to the loopback
++// device only.
++//
++
++const int DEFAULT_LOOPBACK_BIND = 0;
++
++//
+ // TCP port offset applied to any NX port specification.
+ //
+ 
+@@ -137,6 +145,8 @@
+ \n\
+   listen=n     Local port used for accepting the proxy connection.\n\
+ \n\
++  loopback=b   Bind to the loopback device only.\n\
++\n\
+   accept=s     Name or IP of host that can connect to the proxy.\n\
+ \n\
+   connect=s    Name or IP of host that the proxy will connect to.\n\
+--- a/nxcomp/Misc.h
++++ b/nxcomp/Misc.h
+@@ -90,6 +90,14 @@
+ extern const int DEFAULT_NX_SLAVE_PORT_SERVER_OFFSET;
+ 
+ //
++// NX proxy binds to all network interfaces by default
++// With the -loopback parameter, you can switch
++// over to binding to the loopback device only.
++//
++
++extern const int DEFAULT_LOOPBACK_BIND;
++
++//
+ // Return strings containing various info.
+ //
+ 
diff --git a/debian/patches/series b/debian/patches/series
index f47979a..bffdb97 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -40,6 +40,7 @@
 202_nx-x11_enable-xinerama.full.patch
 203_nxagent_disable-rootless-exit.full.patch
 209_x2goagent-add-man-page.full.patch
+220_nxproxy-bind-loopback-only.patch
 300_nxagent_set-wm-class.full.patch
 301_nx-X11_use-shared-libs.full.patch
 600_nx-X11+nxcompext+nxcompshad_unique-libnames.full.patch


hooks/post-receive
-- 
nx-libs.git (NX (redistributed))

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "nx-libs.git" (NX (redistributed)).




More information about the x2go-commits mailing list