From d8c633a7d53496951dafd9feed0878e501838382 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Mon, 11 Nov 2024 08:03:57 -0500 Subject: [PATCH] Add localhost to ssh principals/equiv It shouldn't be possible to hijack localhost, so allow such addresses to be principaled and be listed in equiv. --- confluent_server/confluent/selfservice.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/confluent_server/confluent/selfservice.py b/confluent_server/confluent/selfservice.py index b7577b92..2486a71e 100644 --- a/confluent_server/confluent/selfservice.py +++ b/confluent_server/confluent/selfservice.py @@ -53,7 +53,7 @@ def listdump(input): def get_extra_names(nodename, cfg, myip=None): - names = set([]) + names = set(['127.0.0.1', '::1', 'localhost', 'localhost.localdomain']) dnsinfo = cfg.get_node_attributes(nodename, ('dns.*', 'net.*hostname')) dnsinfo = dnsinfo.get(nodename, {}) domain = dnsinfo.get('dns.domain', {}).get('value', None) @@ -631,4 +631,8 @@ def get_cluster_list(nodename=None, cfg=None): nodes.add(myname) if domain and domain not in myname: nodes.add('{0}.{1}'.format(myname, domain)) + nodes.add('::1') + nodes.add('127.0.0.1') + nodes.add('localhost') + nodes.add('localhost.domain') return nodes, domain