static struct addrinfo *LastUsed = 0;
static std::vector<SrvRec> SrvRecords;
-static int LastSrvRecord = 0;
// Set of IP/hostnames that we timed out before or couldn't resolve
static std::set<std::string> bad_addr;
LastUsed = LastHostAddr;
}
/*}}}*/
+static bool ConnectionAllowed(char const * const Service, std::string const &Host)/*{{{*/
+{
+ if (APT::String::Endswith(Host, ".onion") && _config->FindB("Acquire::BlockDotOnion", true))
+ {
+ // TRANSLATOR: %s is e.g. Tor's ".onion" which would likely fail or leak info (RFC7686)
+ _error->Error(_("Direct connection to %s domains is blocked by default."), ".onion");
+ if (strcmp(Service, "http") == 0)
+ _error->Error(_("If you meant to use Tor remember to use %s instead of %s."), "tor+http", "http");
+ return false;
+ }
+ return true;
+}
+ /*}}}*/
// DoConnect - Attempt a connect operation /*{{{*/
// ---------------------------------------------------------------------
/* This helper function attempts a connection to a single address. */
-static bool DoConnect(struct addrinfo *Addr,std::string Host,
+static bool DoConnect(struct addrinfo *Addr,std::string const &Host,
unsigned long TimeOut,int &Fd,pkgAcqMethod *Owner)
{
// Show a status indicator
return true;
}
/*}}}*/
-
-// Connect to a given Hostname
-bool ConnectToHostname(std::string Host,int Port,const char *Service,
- int DefPort,int &Fd,
- unsigned long TimeOut,pkgAcqMethod *Owner)
+// Connect to a given Hostname /*{{{*/
+static bool ConnectToHostname(std::string const &Host, int const Port,
+ const char * const Service, int DefPort, int &Fd,
+ unsigned long const TimeOut, pkgAcqMethod * const Owner)
{
+ if (ConnectionAllowed(Service, Host) == false)
+ return false;
// Convert the port name/number
char ServStr[300];
if (Port != 0)
struct addrinfo Hints;
memset(&Hints,0,sizeof(Hints));
Hints.ai_socktype = SOCK_STREAM;
- Hints.ai_flags = AI_ADDRCONFIG;
+ Hints.ai_flags = 0;
+ if (_config->FindB("Acquire::Connect::IDN", true) == true)
+ Hints.ai_flags |= AI_IDN;
+ // see getaddrinfo(3): only return address if system has such a address configured
+ // useful if system is ipv4 only, to not get ipv6, but that fails if the system has
+ // no address configured: e.g. offline and trying to connect to localhost.
+ if (_config->FindB("Acquire::Connect::AddrConfig", true) == true)
+ Hints.ai_flags |= AI_ADDRCONFIG;
Hints.ai_protocol = 0;
if(_config->FindB("Acquire::ForceIPv4", false) == true)
if (_error->PendingError() == true)
return false;
+ if (ConnectionAllowed(Service, Host) == false)
+ return false;
+
if(LastHost != Host || LastPort != Port)
{
SrvRecords.clear();
- bool res = GetSrvRecords(Host, DefPort, SrvRecords);
+ if (_config->FindB("Acquire::EnableSrvRecords", true) == true)
+ GetSrvRecords(Host, DefPort, SrvRecords);
}
- // we have no SrvRecords for this host, connect right away
- if(SrvRecords.size() == 0)
- return ConnectToHostname(Host, Port, Service, DefPort, Fd,
- TimeOut, Owner);
+ size_t stackSize = 0;
// try to connect in the priority order of the srv records
- while(SrvRecords.size() > 0)
+ std::string initialHost{std::move(Host)};
+ while(SrvRecords.empty() == false)
{
- Host = SrvRecords[0].target;
- if(ConnectToHostname(Host, Port, Service, DefPort, Fd, TimeOut, Owner))
+ _error->PushToStack();
+ ++stackSize;
+ // PopFromSrvRecs will also remove the server
+ Host = PopFromSrvRecs(SrvRecords).target;
+ auto const ret = ConnectToHostname(Host, Port, Service, DefPort, Fd, TimeOut, Owner);
+ if (ret)
+ {
+ while(stackSize--)
+ _error->RevertToStack();
return true;
-
- // we couldn't connect to this one, use the next
- SrvRecords.erase(SrvRecords.begin());
+ }
}
+ Host = std::move(initialHost);
- return false;
+ // we have no (good) SrvRecords for this host, connect right away
+ _error->PushToStack();
+ ++stackSize;
+ auto const ret = ConnectToHostname(Host, Port, Service, DefPort, Fd,
+ TimeOut, Owner);
+ while(stackSize--)
+ if (ret)
+ _error->RevertToStack();
+ else
+ _error->MergeWithStack();
+ return ret;
}