[X2go-Commits] nx-libs.git - master (branch) updated: redist-server/3.5.0.14-11-gb9a7a1b
X2Go dev team
git-admin at x2go.org
Mon Sep 17 16:50:24 CEST 2012
The branch, master has been updated
via b9a7a1b4fe1b74fb734da22364ea42a42e88368c (commit)
from f83009075ecc3baa1087b42ef385a0870ec71daa (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b9a7a1b4fe1b74fb734da22364ea42a42e88368c
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Mon Sep 17 16:50:15 2012 +0200
Add patch: 220_nxproxy-bind-loopback-only.patch, adds loopback option to nxproxy options and forces nxproxy to bind to loopback devices only.
-----------------------------------------------------------------------
Summary of changes:
debian/changelog | 2 +
.../patches/220_nxproxy-bind-loopback-only.patch | 130 ++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 133 insertions(+), 0 deletions(-)
create mode 100644 debian/patches/220_nxproxy-bind-loopback-only.patch
The diff of changes is:
diff --git a/debian/changelog b/debian/changelog
index e281ea7..630d97e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -13,6 +13,8 @@ nx-libs (2:3.5.0.15-0) UNRELEASED; urgency=low
* /debian/control:
+ Maintainer change in package: X2Go Developers <x2go-dev at lists.berlios.de>.
+ Priority: optional.
+ * Add patch: 220_nxproxy-bind-loopback-only.patch, adds loopback option to
+ nxproxy options and forces nxproxy to bind to loopback devices only.
-- Mike Gabriel <mike.gabriel at das-netzwerkteam.de> Thu, 28 Jun 2012 14:54:51 +0200
diff --git a/debian/patches/220_nxproxy-bind-loopback-only.patch b/debian/patches/220_nxproxy-bind-loopback-only.patch
new file mode 100644
index 0000000..b8f8765
--- /dev/null
+++ b/debian/patches/220_nxproxy-bind-loopback-only.patch
@@ -0,0 +1,130 @@
+Description: Force NX proxy to bind to loopback devices only (loopback option)
+Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
+--- a/nxcomp/Loop.cpp
++++ b/nxcomp/Loop.cpp
+@@ -952,6 +952,7 @@
+ static char displayHost[DEFAULT_STRING_LENGTH] = { 0 };
+ static char authCookie[DEFAULT_STRING_LENGTH] = { 0 };
+
++static int loopbackBind = DEFAULT_LOOPBACK_BIND;
+ static int proxyPort = DEFAULT_NX_PROXY_PORT;
+ static int xPort = DEFAULT_NX_X_PORT;
+
+@@ -3959,7 +3960,14 @@
+
+ tcpAddr.sin_family = AF_INET;
+ tcpAddr.sin_port = htons(proxyPortTCP);
+- tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY);
++ if ( loopbackBind )
++ {
++ tcpAddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
++ }
++ else
++ {
++ tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY);
++ }
+
+ if (bind(tcpFD, (sockaddr *) &tcpAddr, sizeof(tcpAddr)) == -1)
+ {
+@@ -4512,7 +4520,14 @@
+
+ tcpAddr.sin_family = AF_INET;
+ tcpAddr.sin_port = htons(portTCP);
+- tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY);
++ if ( loopbackBind )
++ {
++ tcpAddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
++ }
++ else
++ {
++ tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY);
++ }
+
+ if (bind(newFD, (sockaddr *) &tcpAddr, sizeof(tcpAddr)) == -1)
+ {
+@@ -6680,7 +6695,14 @@
+
+ #ifdef __APPLE__
+
+- tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY);
++ if ( loopbackBind )
++ {
++ tcpAddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
++ }
++ else
++ {
++ tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY);
++ }
+
+ #else
+
+@@ -8359,6 +8381,10 @@
+
+ listenPort = ValidateArg("local", name, value);
+ }
++ else if (strcasecmp(name, "loopback") == 0)
++ {
++ loopbackBind = ValidateArg("local", name, value);
++ }
+ else if (strcasecmp(name, "accept") == 0)
+ {
+ if (*connectHost != '\0')
+@@ -13735,7 +13761,14 @@
+ }
+ else
+ {
+- address = htonl(INADDR_ANY);
++ if ( loopbackBind )
++ {
++ address = htonl(INADDR_LOOPBACK);
++ }
++ else
++ {
++ address = htonl(INADDR_ANY);
++ }
+ }
+ }
+ else
+--- a/nxcomp/Misc.cpp
++++ b/nxcomp/Misc.cpp
+@@ -42,6 +42,14 @@
+ #undef DEBUG
+
+ //
++// By default nxproxy binds to all network interfaces, setting
++// DEFAULT_LOOPBACK_BIND to 1 enables binding to the loopback
++// device only.
++//
++
++const int DEFAULT_LOOPBACK_BIND = 0;
++
++//
+ // TCP port offset applied to any NX port specification.
+ //
+
+@@ -137,6 +145,8 @@
+ \n\
+ listen=n Local port used for accepting the proxy connection.\n\
+ \n\
++ loopback=b Bind to the loopback device only.\n\
++\n\
+ accept=s Name or IP of host that can connect to the proxy.\n\
+ \n\
+ connect=s Name or IP of host that the proxy will connect to.\n\
+--- a/nxcomp/Misc.h
++++ b/nxcomp/Misc.h
+@@ -90,6 +90,14 @@
+ extern const int DEFAULT_NX_SLAVE_PORT_SERVER_OFFSET;
+
+ //
++// NX proxy binds to all network interfaces by default
++// With the -loopback parameter, you can switch
++// over to binding to the loopback device only.
++//
++
++extern const int DEFAULT_LOOPBACK_BIND;
++
++//
+ // Return strings containing various info.
+ //
+
diff --git a/debian/patches/series b/debian/patches/series
index f47979a..bffdb97 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -40,6 +40,7 @@
202_nx-x11_enable-xinerama.full.patch
203_nxagent_disable-rootless-exit.full.patch
209_x2goagent-add-man-page.full.patch
+220_nxproxy-bind-loopback-only.patch
300_nxagent_set-wm-class.full.patch
301_nx-X11_use-shared-libs.full.patch
600_nx-X11+nxcompext+nxcompshad_unique-libnames.full.patch
hooks/post-receive
--
nx-libs.git (NX (redistributed))
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "nx-libs.git" (NX (redistributed)).
More information about the x2go-commits
mailing list