]> git.saurik.com Git - apt.git/blobdiff - methods/connect.cc
reorganize server-states resetting in http/https
[apt.git] / methods / connect.cc
index 8de4ad74799d29715bee12d8e97ad670d20b7e2b..c819c1dfb01886bd09976d76ee98aa240c71ac34 100644 (file)
@@ -45,7 +45,6 @@ static struct addrinfo *LastHostAddr = 0;
 static struct addrinfo *LastUsed = 0;
 
 static std::vector<SrvRec> SrvRecords;
-static int LastSrvRecord = 0;
 
 // Set of IP/hostnames that we timed out before or couldn't resolve
 static std::set<std::string> bad_addr;
@@ -62,10 +61,23 @@ void RotateDNS()
       LastUsed = LastHostAddr;
 }
                                                                        /*}}}*/
+static bool ConnectionAllowed(char const * const Service, std::string const &Host)/*{{{*/
+{
+   if (APT::String::Endswith(Host, ".onion") && _config->FindB("Acquire::BlockDotOnion", true))
+   {
+      // TRANSLATOR: %s is e.g. Tor's ".onion" which would likely fail or leak info (RFC7686)
+      _error->Error(_("Direct connection to %s domains is blocked by default."), ".onion");
+      if (strcmp(Service, "http") == 0)
+       _error->Error(_("If you meant to use Tor remember to use %s instead of %s."), "tor+http", "http");
+      return false;
+   }
+   return true;
+}
+                                                                       /*}}}*/
 // DoConnect - Attempt a connect operation                             /*{{{*/
 // ---------------------------------------------------------------------
 /* This helper function attempts a connection to a single address. */
-static bool DoConnect(struct addrinfo *Addr,std::string Host,
+static bool DoConnect(struct addrinfo *Addr,std::string const &Host,
                      unsigned long TimeOut,int &Fd,pkgAcqMethod *Owner)
 {
    // Show a status indicator
@@ -134,12 +146,13 @@ static bool DoConnect(struct addrinfo *Addr,std::string Host,
    return true;
 }
                                                                        /*}}}*/
-
-// Connect to a given Hostname 
-bool ConnectAfterSrvRecords(std::string Host,int Port,const char *Service,
-                            int DefPort,int &Fd,
-                            unsigned long TimeOut,pkgAcqMethod *Owner)
+// Connect to a given Hostname                                         /*{{{*/
+static bool ConnectToHostname(std::string const &Host, int const Port,
+      const char * const Service, int DefPort, int &Fd,
+      unsigned long const TimeOut, pkgAcqMethod * const Owner)
 {
+   if (ConnectionAllowed(Service, Host) == false)
+      return false;
    // Convert the port name/number
    char ServStr[300];
    if (Port != 0)
@@ -166,7 +179,14 @@ bool ConnectAfterSrvRecords(std::string Host,int Port,const char *Service,
       struct addrinfo Hints;
       memset(&Hints,0,sizeof(Hints));
       Hints.ai_socktype = SOCK_STREAM;
-      Hints.ai_flags = AI_ADDRCONFIG;
+      Hints.ai_flags = 0;
+      if (_config->FindB("Acquire::Connect::IDN", true) == true)
+        Hints.ai_flags |= AI_IDN;
+      // see getaddrinfo(3): only return address if system has such a address configured
+      // useful if system is ipv4 only, to not get ipv6, but that fails if the system has
+      // no address configured: e.g. offline and trying to connect to localhost.
+      if (_config->FindB("Acquire::Connect::AddrConfig", true) == true)
+        Hints.ai_flags |= AI_ADDRCONFIG;
       Hints.ai_protocol = 0;
       
       if(_config->FindB("Acquire::ForceIPv4", false) == true)
@@ -261,36 +281,52 @@ bool ConnectAfterSrvRecords(std::string Host,int Port,const char *Service,
                                                                        /*}}}*/
 // Connect - Connect to a server                                       /*{{{*/
 // ---------------------------------------------------------------------
-/* Performs a connection to the server */
+/* Performs a connection to the server (including SRV record lookup) */
 bool Connect(std::string Host,int Port,const char *Service,
                             int DefPort,int &Fd,
                             unsigned long TimeOut,pkgAcqMethod *Owner)
 {
-#if 0
    if (_error->PendingError() == true)
       return false;
-#endif
+
+   if (ConnectionAllowed(Service, Host) == false)
+      return false;
 
    if(LastHost != Host || LastPort != Port)
    {
       SrvRecords.clear();
-      bool res = GetSrvRecords(Host, DefPort, SrvRecords);
+      if (_config->FindB("Acquire::EnableSrvRecords", true) == true)
+         GetSrvRecords(Host, DefPort, SrvRecords);
    }
-   if(SrvRecords.size() == 0)
-      return ConnectAfterSrvRecords(Host, Port, Service, DefPort, Fd, 
-                                    TimeOut, Owner);
 
-   bool connected = false;
-   while(SrvRecords.size() > 0)
+   size_t stackSize = 0;
+   // try to connect in the priority order of the srv records
+   std::string initialHost{std::move(Host)};
+   while(SrvRecords.empty() == false)
    {
-      Host = SrvRecords[0].target;
-      connected = ConnectAfterSrvRecords(Host, Port, Service, DefPort, Fd, 
-                                         TimeOut, Owner);
-      if(connected == true)
+      _error->PushToStack();
+      ++stackSize;
+      // PopFromSrvRecs will also remove the server
+      Host = PopFromSrvRecs(SrvRecords).target;
+      auto const ret = ConnectToHostname(Host, Port, Service, DefPort, Fd, TimeOut, Owner);
+      if (ret)
+      {
+        while(stackSize--)
+           _error->RevertToStack();
          return true;
+      }
+   }
+   Host = std::move(initialHost);
 
-      // we couldn't connect to this one, use the next
-      SrvRecords.erase(SrvRecords.begin());
-   } 
-   return false;
+   // we have no (good) SrvRecords for this host, connect right away
+   _error->PushToStack();
+   ++stackSize;
+   auto const ret = ConnectToHostname(Host, Port, Service, DefPort, Fd,
+        TimeOut, Owner);
+   while(stackSize--)
+      if (ret)
+        _error->RevertToStack();
+      else
+        _error->MergeWithStack();
+   return ret;
 }