X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/a01695e82cfbfa6e296c66879c1e41802d3ea413..8757a0f:/methods/connect.cc?ds=sidebyside diff --git a/methods/connect.cc b/methods/connect.cc index a90bc8084..cb2f83588 100644 --- a/methods/connect.cc +++ b/methods/connect.cc @@ -45,7 +45,6 @@ static struct addrinfo *LastHostAddr = 0; static struct addrinfo *LastUsed = 0; static std::vector SrvRecords; -static int LastSrvRecord = 0; // Set of IP/hostnames that we timed out before or couldn't resolve static std::set bad_addr; @@ -62,10 +61,23 @@ void RotateDNS() LastUsed = LastHostAddr; } /*}}}*/ +static bool ConnectionAllowed(char const * const Service, std::string const &Host)/*{{{*/ +{ + if (APT::String::Endswith(Host, ".onion") && _config->FindB("Acquire::BlockDotOnion", true)) + { + // TRANSLATOR: %s is e.g. Tor's ".onion" which would likely fail or leak info (RFC7686) + _error->Error(_("Direct connection to %s domains is blocked by default."), ".onion"); + if (strcmp(Service, "http") == 0) + _error->Error(_("If you meant to use Tor remember to use %s instead of %s."), "tor+http", "http"); + return false; + } + return true; +} + /*}}}*/ // DoConnect - Attempt a connect operation /*{{{*/ // --------------------------------------------------------------------- /* This helper function attempts a connection to a single address. */ -static bool DoConnect(struct addrinfo *Addr,std::string Host, +static bool DoConnect(struct addrinfo *Addr,std::string const &Host, unsigned long TimeOut,int &Fd,pkgAcqMethod *Owner) { // Show a status indicator @@ -134,15 +146,13 @@ static bool DoConnect(struct addrinfo *Addr,std::string Host, return true; } /*}}}*/ -// Connect - Connect to a server /*{{{*/ -// --------------------------------------------------------------------- -/* Performs a connection to the server */ -bool Connect(std::string Host,int Port,const char *Service,int DefPort,int &Fd, - unsigned long TimeOut,pkgAcqMethod *Owner) +// Connect to a given Hostname /*{{{*/ +static bool ConnectToHostname(std::string const &Host, int const Port, + const char * const Service, int DefPort, int &Fd, + unsigned long const TimeOut, pkgAcqMethod * const Owner) { - if (_error->PendingError() == true) + if (ConnectionAllowed(Service, Host) == false) return false; - // Convert the port name/number char ServStr[300]; if (Port != 0) @@ -155,15 +165,6 @@ bool Connect(std::string Host,int Port,const char *Service,int DefPort,int &Fd, sensible */ if (LastHost != Host || LastPort != Port) { - // FIXME: NOT READY FOR MERGING IN THIS FORM - // we need to first check SRV, then round-robin DNS - // this code will only ever use the first srv record - - // FIXME: ensure we cycle over the SrvRecords first before - // we do round-robin IP - if(GetSrvRecords(Host, Port, SrvRecords) && SrvRecords.size() > 0) - Host = SrvRecords[0].target; - Owner->Status(_("Connecting to %s"),Host.c_str()); // Free the old address structure @@ -178,7 +179,16 @@ bool Connect(std::string Host,int Port,const char *Service,int DefPort,int &Fd, struct addrinfo Hints; memset(&Hints,0,sizeof(Hints)); Hints.ai_socktype = SOCK_STREAM; - Hints.ai_flags = AI_ADDRCONFIG; + Hints.ai_flags = 0; +#ifdef AI_IDN + if (_config->FindB("Acquire::Connect::IDN", true) == true) + Hints.ai_flags |= AI_IDN; +#endif + // see getaddrinfo(3): only return address if system has such a address configured + // useful if system is ipv4 only, to not get ipv6, but that fails if the system has + // no address configured: e.g. offline and trying to connect to localhost. + if (_config->FindB("Acquire::Connect::AddrConfig", true) == true) + Hints.ai_flags |= AI_ADDRCONFIG; Hints.ai_protocol = 0; if(_config->FindB("Acquire::ForceIPv4", false) == true) @@ -271,3 +281,54 @@ bool Connect(std::string Host,int Port,const char *Service,int DefPort,int &Fd, return _error->Error(_("Unable to connect to %s:%s:"),Host.c_str(),ServStr); } /*}}}*/ +// Connect - Connect to a server /*{{{*/ +// --------------------------------------------------------------------- +/* Performs a connection to the server (including SRV record lookup) */ +bool Connect(std::string Host,int Port,const char *Service, + int DefPort,int &Fd, + unsigned long TimeOut,pkgAcqMethod *Owner) +{ + if (_error->PendingError() == true) + return false; + + if (ConnectionAllowed(Service, Host) == false) + return false; + + if(LastHost != Host || LastPort != Port) + { + SrvRecords.clear(); + if (_config->FindB("Acquire::EnableSrvRecords", true) == true) + GetSrvRecords(Host, DefPort, SrvRecords); + } + + size_t stackSize = 0; + // try to connect in the priority order of the srv records + std::string initialHost{std::move(Host)}; + while(SrvRecords.empty() == false) + { + _error->PushToStack(); + ++stackSize; + // PopFromSrvRecs will also remove the server + Host = PopFromSrvRecs(SrvRecords).target; + auto const ret = ConnectToHostname(Host, Port, Service, DefPort, Fd, TimeOut, Owner); + if (ret) + { + while(stackSize--) + _error->RevertToStack(); + return true; + } + } + Host = std::move(initialHost); + + // we have no (good) SrvRecords for this host, connect right away + _error->PushToStack(); + ++stackSize; + auto const ret = ConnectToHostname(Host, Port, Service, DefPort, Fd, + TimeOut, Owner); + while(stackSize--) + if (ret) + _error->RevertToStack(); + else + _error->MergeWithStack(); + return ret; +}