]>
Commit | Line | Data |
---|---|---|
1 | // -*- mode: cpp; mode: fold -*- | |
2 | // Description /*{{{*/ | |
3 | // $Id: connect.cc,v 1.10.2.1 2004/01/16 18:58:50 mdz Exp $ | |
4 | /* ###################################################################### | |
5 | ||
6 | Connect - Replacement connect call | |
7 | ||
8 | This was originally authored by Jason Gunthorpe <jgg@debian.org> | |
9 | and is placed in the Public Domain, do with it what you will. | |
10 | ||
11 | ##################################################################### */ | |
12 | /*}}}*/ | |
13 | // Include Files /*{{{*/ | |
14 | #include <config.h> | |
15 | ||
16 | #include <apt-pkg/error.h> | |
17 | #include <apt-pkg/fileutl.h> | |
18 | #include <apt-pkg/strutl.h> | |
19 | #include <apt-pkg/acquire-method.h> | |
20 | #include <apt-pkg/configuration.h> | |
21 | #include <apt-pkg/srvrec.h> | |
22 | ||
23 | #include <stdio.h> | |
24 | #include <errno.h> | |
25 | #include <unistd.h> | |
26 | #include <sstream> | |
27 | #include <string.h> | |
28 | #include<set> | |
29 | #include<string> | |
30 | ||
31 | // Internet stuff | |
32 | #include <netinet/in.h> | |
33 | #include <sys/socket.h> | |
34 | #include <arpa/inet.h> | |
35 | #include <netdb.h> | |
36 | ||
37 | #include "connect.h" | |
38 | #include "rfc2553emu.h" | |
39 | #include <apti18n.h> | |
40 | /*}}}*/ | |
41 | ||
42 | static std::string LastHost; | |
43 | static int LastPort = 0; | |
44 | static struct addrinfo *LastHostAddr = 0; | |
45 | static struct addrinfo *LastUsed = 0; | |
46 | ||
47 | static std::vector<SrvRec> SrvRecords; | |
48 | ||
49 | // Set of IP/hostnames that we timed out before or couldn't resolve | |
50 | static std::set<std::string> bad_addr; | |
51 | ||
52 | // RotateDNS - Select a new server from a DNS rotation /*{{{*/ | |
53 | // --------------------------------------------------------------------- | |
54 | /* This is called during certain errors in order to recover by selecting a | |
55 | new server */ | |
56 | void RotateDNS() | |
57 | { | |
58 | if (LastUsed != 0 && LastUsed->ai_next != 0) | |
59 | LastUsed = LastUsed->ai_next; | |
60 | else | |
61 | LastUsed = LastHostAddr; | |
62 | } | |
63 | /*}}}*/ | |
64 | static bool ConnectionAllowed(char const * const Service, std::string const &Host)/*{{{*/ | |
65 | { | |
66 | if (APT::String::Endswith(Host, ".onion") && _config->FindB("Acquire::BlockDotOnion", true)) | |
67 | { | |
68 | // TRANSLATOR: %s is e.g. Tor's ".onion" which would likely fail or leak info (RFC7686) | |
69 | _error->Error(_("Direct connection to %s domains is blocked by default."), ".onion"); | |
70 | if (strcmp(Service, "http") == 0) | |
71 | _error->Error(_("If you meant to use Tor remember to use %s instead of %s."), "tor+http", "http"); | |
72 | return false; | |
73 | } | |
74 | return true; | |
75 | } | |
76 | /*}}}*/ | |
77 | // DoConnect - Attempt a connect operation /*{{{*/ | |
78 | // --------------------------------------------------------------------- | |
79 | /* This helper function attempts a connection to a single address. */ | |
80 | static bool DoConnect(struct addrinfo *Addr,std::string const &Host, | |
81 | unsigned long TimeOut,int &Fd,pkgAcqMethod *Owner) | |
82 | { | |
83 | // Show a status indicator | |
84 | char Name[NI_MAXHOST]; | |
85 | char Service[NI_MAXSERV]; | |
86 | ||
87 | Name[0] = 0; | |
88 | Service[0] = 0; | |
89 | getnameinfo(Addr->ai_addr,Addr->ai_addrlen, | |
90 | Name,sizeof(Name),Service,sizeof(Service), | |
91 | NI_NUMERICHOST|NI_NUMERICSERV); | |
92 | Owner->Status(_("Connecting to %s (%s)"),Host.c_str(),Name); | |
93 | ||
94 | // if that addr did timeout before, we do not try it again | |
95 | if(bad_addr.find(std::string(Name)) != bad_addr.end()) | |
96 | return false; | |
97 | ||
98 | /* If this is an IP rotation store the IP we are using.. If something goes | |
99 | wrong this will get tacked onto the end of the error message */ | |
100 | if (LastHostAddr->ai_next != 0) | |
101 | { | |
102 | std::stringstream ss; | |
103 | ioprintf(ss, _("[IP: %s %s]"),Name,Service); | |
104 | Owner->SetIP(ss.str()); | |
105 | } | |
106 | ||
107 | // Get a socket | |
108 | if ((Fd = socket(Addr->ai_family,Addr->ai_socktype, | |
109 | Addr->ai_protocol)) < 0) | |
110 | return _error->Errno("socket",_("Could not create a socket for %s (f=%u t=%u p=%u)"), | |
111 | Name,Addr->ai_family,Addr->ai_socktype,Addr->ai_protocol); | |
112 | ||
113 | SetNonBlock(Fd,true); | |
114 | if (connect(Fd,Addr->ai_addr,Addr->ai_addrlen) < 0 && | |
115 | errno != EINPROGRESS) | |
116 | return _error->Errno("connect",_("Cannot initiate the connection " | |
117 | "to %s:%s (%s)."),Host.c_str(),Service,Name); | |
118 | ||
119 | /* This implements a timeout for connect by opening the connection | |
120 | nonblocking */ | |
121 | if (WaitFd(Fd,true,TimeOut) == false) { | |
122 | bad_addr.insert(bad_addr.begin(), std::string(Name)); | |
123 | Owner->SetFailReason("Timeout"); | |
124 | return _error->Error(_("Could not connect to %s:%s (%s), " | |
125 | "connection timed out"),Host.c_str(),Service,Name); | |
126 | } | |
127 | ||
128 | // Check the socket for an error condition | |
129 | unsigned int Err; | |
130 | unsigned int Len = sizeof(Err); | |
131 | if (getsockopt(Fd,SOL_SOCKET,SO_ERROR,&Err,&Len) != 0) | |
132 | return _error->Errno("getsockopt",_("Failed")); | |
133 | ||
134 | if (Err != 0) | |
135 | { | |
136 | errno = Err; | |
137 | if(errno == ECONNREFUSED) | |
138 | Owner->SetFailReason("ConnectionRefused"); | |
139 | else if (errno == ETIMEDOUT) | |
140 | Owner->SetFailReason("ConnectionTimedOut"); | |
141 | bad_addr.insert(bad_addr.begin(), std::string(Name)); | |
142 | return _error->Errno("connect",_("Could not connect to %s:%s (%s)."),Host.c_str(), | |
143 | Service,Name); | |
144 | } | |
145 | ||
146 | return true; | |
147 | } | |
148 | /*}}}*/ | |
149 | // Connect to a given Hostname /*{{{*/ | |
150 | static bool ConnectToHostname(std::string const &Host, int const Port, | |
151 | const char * const Service, int DefPort, int &Fd, | |
152 | unsigned long const TimeOut, pkgAcqMethod * const Owner) | |
153 | { | |
154 | if (ConnectionAllowed(Service, Host) == false) | |
155 | return false; | |
156 | // Convert the port name/number | |
157 | char ServStr[300]; | |
158 | if (Port != 0) | |
159 | snprintf(ServStr,sizeof(ServStr),"%i", Port); | |
160 | else | |
161 | snprintf(ServStr,sizeof(ServStr),"%s", Service); | |
162 | ||
163 | /* We used a cached address record.. Yes this is against the spec but | |
164 | the way we have setup our rotating dns suggests that this is more | |
165 | sensible */ | |
166 | if (LastHost != Host || LastPort != Port) | |
167 | { | |
168 | Owner->Status(_("Connecting to %s"),Host.c_str()); | |
169 | ||
170 | // Free the old address structure | |
171 | if (LastHostAddr != 0) | |
172 | { | |
173 | freeaddrinfo(LastHostAddr); | |
174 | LastHostAddr = 0; | |
175 | LastUsed = 0; | |
176 | } | |
177 | ||
178 | // We only understand SOCK_STREAM sockets. | |
179 | struct addrinfo Hints; | |
180 | memset(&Hints,0,sizeof(Hints)); | |
181 | Hints.ai_socktype = SOCK_STREAM; | |
182 | Hints.ai_flags = 0; | |
183 | #ifdef AI_IDN | |
184 | if (_config->FindB("Acquire::Connect::IDN", true) == true) | |
185 | Hints.ai_flags |= AI_IDN; | |
186 | #endif | |
187 | // see getaddrinfo(3): only return address if system has such a address configured | |
188 | // useful if system is ipv4 only, to not get ipv6, but that fails if the system has | |
189 | // no address configured: e.g. offline and trying to connect to localhost. | |
190 | if (_config->FindB("Acquire::Connect::AddrConfig", true) == true) | |
191 | Hints.ai_flags |= AI_ADDRCONFIG; | |
192 | Hints.ai_protocol = 0; | |
193 | ||
194 | if(_config->FindB("Acquire::ForceIPv4", false) == true) | |
195 | Hints.ai_family = AF_INET; | |
196 | else if(_config->FindB("Acquire::ForceIPv6", false) == true) | |
197 | Hints.ai_family = AF_INET6; | |
198 | else | |
199 | Hints.ai_family = AF_UNSPEC; | |
200 | ||
201 | // if we couldn't resolve the host before, we don't try now | |
202 | if(bad_addr.find(Host) != bad_addr.end()) | |
203 | return _error->Error(_("Could not resolve '%s'"),Host.c_str()); | |
204 | ||
205 | // Resolve both the host and service simultaneously | |
206 | while (1) | |
207 | { | |
208 | int Res; | |
209 | if ((Res = getaddrinfo(Host.c_str(),ServStr,&Hints,&LastHostAddr)) != 0 || | |
210 | LastHostAddr == 0) | |
211 | { | |
212 | if (Res == EAI_NONAME || Res == EAI_SERVICE) | |
213 | { | |
214 | if (DefPort != 0) | |
215 | { | |
216 | snprintf(ServStr, sizeof(ServStr), "%i", DefPort); | |
217 | DefPort = 0; | |
218 | continue; | |
219 | } | |
220 | bad_addr.insert(bad_addr.begin(), Host); | |
221 | Owner->SetFailReason("ResolveFailure"); | |
222 | return _error->Error(_("Could not resolve '%s'"),Host.c_str()); | |
223 | } | |
224 | ||
225 | if (Res == EAI_AGAIN) | |
226 | { | |
227 | Owner->SetFailReason("TmpResolveFailure"); | |
228 | return _error->Error(_("Temporary failure resolving '%s'"), | |
229 | Host.c_str()); | |
230 | } | |
231 | if (Res == EAI_SYSTEM) | |
232 | return _error->Errno("getaddrinfo", _("System error resolving '%s:%s'"), | |
233 | Host.c_str(),ServStr); | |
234 | return _error->Error(_("Something wicked happened resolving '%s:%s' (%i - %s)"), | |
235 | Host.c_str(),ServStr,Res,gai_strerror(Res)); | |
236 | } | |
237 | break; | |
238 | } | |
239 | ||
240 | LastHost = Host; | |
241 | LastPort = Port; | |
242 | } | |
243 | ||
244 | // When we have an IP rotation stay with the last IP. | |
245 | struct addrinfo *CurHost = LastHostAddr; | |
246 | if (LastUsed != 0) | |
247 | CurHost = LastUsed; | |
248 | ||
249 | while (CurHost != 0) | |
250 | { | |
251 | if (DoConnect(CurHost,Host,TimeOut,Fd,Owner) == true) | |
252 | { | |
253 | LastUsed = CurHost; | |
254 | return true; | |
255 | } | |
256 | close(Fd); | |
257 | Fd = -1; | |
258 | ||
259 | // Ignore UNIX domain sockets | |
260 | do | |
261 | { | |
262 | CurHost = CurHost->ai_next; | |
263 | } | |
264 | while (CurHost != 0 && CurHost->ai_family == AF_UNIX); | |
265 | ||
266 | /* If we reached the end of the search list then wrap around to the | |
267 | start */ | |
268 | if (CurHost == 0 && LastUsed != 0) | |
269 | CurHost = LastHostAddr; | |
270 | ||
271 | // Reached the end of the search cycle | |
272 | if (CurHost == LastUsed) | |
273 | break; | |
274 | ||
275 | if (CurHost != 0) | |
276 | _error->Discard(); | |
277 | } | |
278 | ||
279 | if (_error->PendingError() == true) | |
280 | return false; | |
281 | return _error->Error(_("Unable to connect to %s:%s:"),Host.c_str(),ServStr); | |
282 | } | |
283 | /*}}}*/ | |
284 | // Connect - Connect to a server /*{{{*/ | |
285 | // --------------------------------------------------------------------- | |
286 | /* Performs a connection to the server (including SRV record lookup) */ | |
287 | bool Connect(std::string Host,int Port,const char *Service, | |
288 | int DefPort,int &Fd, | |
289 | unsigned long TimeOut,pkgAcqMethod *Owner) | |
290 | { | |
291 | if (_error->PendingError() == true) | |
292 | return false; | |
293 | ||
294 | if (ConnectionAllowed(Service, Host) == false) | |
295 | return false; | |
296 | ||
297 | if(LastHost != Host || LastPort != Port) | |
298 | { | |
299 | SrvRecords.clear(); | |
300 | if (_config->FindB("Acquire::EnableSrvRecords", true) == true) | |
301 | GetSrvRecords(Host, DefPort, SrvRecords); | |
302 | } | |
303 | ||
304 | size_t stackSize = 0; | |
305 | // try to connect in the priority order of the srv records | |
306 | std::string initialHost{std::move(Host)}; | |
307 | while(SrvRecords.empty() == false) | |
308 | { | |
309 | _error->PushToStack(); | |
310 | ++stackSize; | |
311 | // PopFromSrvRecs will also remove the server | |
312 | Host = PopFromSrvRecs(SrvRecords).target; | |
313 | auto const ret = ConnectToHostname(Host, Port, Service, DefPort, Fd, TimeOut, Owner); | |
314 | if (ret) | |
315 | { | |
316 | while(stackSize--) | |
317 | _error->RevertToStack(); | |
318 | return true; | |
319 | } | |
320 | } | |
321 | Host = std::move(initialHost); | |
322 | ||
323 | // we have no (good) SrvRecords for this host, connect right away | |
324 | _error->PushToStack(); | |
325 | ++stackSize; | |
326 | auto const ret = ConnectToHostname(Host, Port, Service, DefPort, Fd, | |
327 | TimeOut, Owner); | |
328 | while(stackSize--) | |
329 | if (ret) | |
330 | _error->RevertToStack(); | |
331 | else | |
332 | _error->MergeWithStack(); | |
333 | return ret; | |
334 | } |