Software /
code /
prosody
Annotate
net/resolvers/basic.lua @ 11708:5ef729c355f3
Revert 926d53af9a7a: Restore DANE support
Previous commit adds a workaround, so this doesn't mutate global state
anymore, only per-connection 'extra' state as originally intended.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 18 Jul 2021 21:57:24 +0200 |
parent | 11430:56a282ecdcf1 |
child | 11901:26406ce35e20 |
rev | line source |
---|---|
8531
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 local adns = require "net.adns"; |
8775
ae7cf011e46a
net.resolvers.basic: Support IP address literals
Kim Alvefur <zash@zash.se>
parents:
8531
diff
changeset
|
2 local inet_pton = require "util.net".pton; |
10439
97c0f5fe5f41
net.resolvers.basic: Normalise IP literals, ensures net.server is happy
Kim Alvefur <zash@zash.se>
parents:
10437
diff
changeset
|
3 local inet_ntop = require "util.net".ntop; |
10384
94c9c574cd8a
net.resolvers: Apply IDNA conversion to ascii for DNS lookups (fixes #1426)
Kim Alvefur <zash@zash.se>
parents:
9496
diff
changeset
|
4 local idna_to_ascii = require "util.encodings".idna.to_ascii; |
9691
e11e076f0eb8
various: Don't rely on _G.unpack existing
Kim Alvefur <zash@zash.se>
parents:
9496
diff
changeset
|
5 local unpack = table.unpack or unpack; -- luacheck: ignore 113 |
8531
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 local methods = {}; |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 local resolver_mt = { __index = methods }; |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 |
10485
913276ba0c47
net.connect: Mention RFC 6724 regression
Kim Alvefur <zash@zash.se>
parents:
10484
diff
changeset
|
10 -- FIXME RFC 6724 |
10484
b13a31cea7d9
net.connect: Add some TODOs and FIXMEs
Kim Alvefur <zash@zash.se>
parents:
10441
diff
changeset
|
11 |
8531
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 -- Find the next target to connect to, and |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 -- pass it to cb() |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 function methods:next(cb) |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 if self.targets then |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 if #self.targets == 0 then |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 cb(nil); |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 return; |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 end |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 local next_target = table.remove(self.targets, 1); |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 cb(unpack(next_target, 1, 4)); |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 return; |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 end |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 |
10385
62a7042e0771
net.resolvers: Abort on hostnames not passing IDNA validation
Kim Alvefur <zash@zash.se>
parents:
10384
diff
changeset
|
25 if not self.hostname then |
62a7042e0771
net.resolvers: Abort on hostnames not passing IDNA validation
Kim Alvefur <zash@zash.se>
parents:
10384
diff
changeset
|
26 -- FIXME report IDNA error |
62a7042e0771
net.resolvers: Abort on hostnames not passing IDNA validation
Kim Alvefur <zash@zash.se>
parents:
10384
diff
changeset
|
27 cb(nil); |
10400
4c2d789a106b
net.resolvers: Fix traceback from hostname failing IDNA
Kim Alvefur <zash@zash.se>
parents:
10385
diff
changeset
|
28 return; |
10385
62a7042e0771
net.resolvers: Abort on hostnames not passing IDNA validation
Kim Alvefur <zash@zash.se>
parents:
10384
diff
changeset
|
29 end |
62a7042e0771
net.resolvers: Abort on hostnames not passing IDNA validation
Kim Alvefur <zash@zash.se>
parents:
10384
diff
changeset
|
30 |
11414 | 31 local secure = true; |
32 local tlsa = {}; | |
8531
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 local targets = {}; |
11414 | 34 local n = 3; |
8531
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 local function ready() |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 n = n - 1; |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 if n > 0 then return; end |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 self.targets = targets; |
11414 | 39 if self.extra and self.extra.use_dane then |
11420
f768db80aee0
net.resolvers.basic: Don't enable DANE with zero TLSA records
Kim Alvefur <zash@zash.se>
parents:
11414
diff
changeset
|
40 if secure and tlsa[1] then |
11708
5ef729c355f3
Revert 926d53af9a7a: Restore DANE support
Kim Alvefur <zash@zash.se>
parents:
11430
diff
changeset
|
41 self.extra.tlsa = tlsa; |
5ef729c355f3
Revert 926d53af9a7a: Restore DANE support
Kim Alvefur <zash@zash.se>
parents:
11430
diff
changeset
|
42 self.extra.dane_hostname = self.hostname; |
5ef729c355f3
Revert 926d53af9a7a: Restore DANE support
Kim Alvefur <zash@zash.se>
parents:
11430
diff
changeset
|
43 else |
5ef729c355f3
Revert 926d53af9a7a: Restore DANE support
Kim Alvefur <zash@zash.se>
parents:
11430
diff
changeset
|
44 self.extra.tlsa = nil; |
5ef729c355f3
Revert 926d53af9a7a: Restore DANE support
Kim Alvefur <zash@zash.se>
parents:
11430
diff
changeset
|
45 self.extra.dane_hostname = nil; |
11414 | 46 end |
47 end | |
8531
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 self:next(cb); |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 end |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 -- Resolve DNS to target list |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
52 local dns_resolver = adns.resolver(); |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
53 |
10624
0725b7b8dc14
net.resolvers.basic: Obey extra.use_ipv4/use_ipv6
Matthew Wild <mwild1@gmail.com>
parents:
10621
diff
changeset
|
54 if not self.extra or self.extra.use_ipv4 ~= false then |
10621
e5ab31845094
net.resolvers.basic: Obey use_ipv4/use_ipv6
Matthew Wild <mwild1@gmail.com>
parents:
10485
diff
changeset
|
55 dns_resolver:lookup(function (answer) |
e5ab31845094
net.resolvers.basic: Obey use_ipv4/use_ipv6
Matthew Wild <mwild1@gmail.com>
parents:
10485
diff
changeset
|
56 if answer then |
11414 | 57 secure = secure and answer.secure; |
10621
e5ab31845094
net.resolvers.basic: Obey use_ipv4/use_ipv6
Matthew Wild <mwild1@gmail.com>
parents:
10485
diff
changeset
|
58 for _, record in ipairs(answer) do |
e5ab31845094
net.resolvers.basic: Obey use_ipv4/use_ipv6
Matthew Wild <mwild1@gmail.com>
parents:
10485
diff
changeset
|
59 table.insert(targets, { self.conn_type.."4", record.a, self.port, self.extra }); |
e5ab31845094
net.resolvers.basic: Obey use_ipv4/use_ipv6
Matthew Wild <mwild1@gmail.com>
parents:
10485
diff
changeset
|
60 end |
8531
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
61 end |
10621
e5ab31845094
net.resolvers.basic: Obey use_ipv4/use_ipv6
Matthew Wild <mwild1@gmail.com>
parents:
10485
diff
changeset
|
62 ready(); |
e5ab31845094
net.resolvers.basic: Obey use_ipv4/use_ipv6
Matthew Wild <mwild1@gmail.com>
parents:
10485
diff
changeset
|
63 end, self.hostname, "A", "IN"); |
10626
26fb44b61a17
net.resolvers.basic: Fix continuing if IPv6 or Legacy IP is disabled
Kim Alvefur <zash@zash.se>
parents:
10624
diff
changeset
|
64 else |
8531
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
65 ready(); |
10621
e5ab31845094
net.resolvers.basic: Obey use_ipv4/use_ipv6
Matthew Wild <mwild1@gmail.com>
parents:
10485
diff
changeset
|
66 end |
e5ab31845094
net.resolvers.basic: Obey use_ipv4/use_ipv6
Matthew Wild <mwild1@gmail.com>
parents:
10485
diff
changeset
|
67 |
10624
0725b7b8dc14
net.resolvers.basic: Obey extra.use_ipv4/use_ipv6
Matthew Wild <mwild1@gmail.com>
parents:
10621
diff
changeset
|
68 if not self.extra or self.extra.use_ipv6 ~= false then |
10621
e5ab31845094
net.resolvers.basic: Obey use_ipv4/use_ipv6
Matthew Wild <mwild1@gmail.com>
parents:
10485
diff
changeset
|
69 dns_resolver:lookup(function (answer) |
e5ab31845094
net.resolvers.basic: Obey use_ipv4/use_ipv6
Matthew Wild <mwild1@gmail.com>
parents:
10485
diff
changeset
|
70 if answer then |
11414 | 71 secure = secure and answer.secure; |
10621
e5ab31845094
net.resolvers.basic: Obey use_ipv4/use_ipv6
Matthew Wild <mwild1@gmail.com>
parents:
10485
diff
changeset
|
72 for _, record in ipairs(answer) do |
e5ab31845094
net.resolvers.basic: Obey use_ipv4/use_ipv6
Matthew Wild <mwild1@gmail.com>
parents:
10485
diff
changeset
|
73 table.insert(targets, { self.conn_type.."6", record.aaaa, self.port, self.extra }); |
e5ab31845094
net.resolvers.basic: Obey use_ipv4/use_ipv6
Matthew Wild <mwild1@gmail.com>
parents:
10485
diff
changeset
|
74 end |
e5ab31845094
net.resolvers.basic: Obey use_ipv4/use_ipv6
Matthew Wild <mwild1@gmail.com>
parents:
10485
diff
changeset
|
75 end |
e5ab31845094
net.resolvers.basic: Obey use_ipv4/use_ipv6
Matthew Wild <mwild1@gmail.com>
parents:
10485
diff
changeset
|
76 ready(); |
e5ab31845094
net.resolvers.basic: Obey use_ipv4/use_ipv6
Matthew Wild <mwild1@gmail.com>
parents:
10485
diff
changeset
|
77 end, self.hostname, "AAAA", "IN"); |
11430
56a282ecdcf1
net.resolvers.basic: Fix completion condition when IPv6 is disabled
Kim Alvefur <zash@zash.se>
parents:
11421
diff
changeset
|
78 else |
56a282ecdcf1
net.resolvers.basic: Fix completion condition when IPv6 is disabled
Kim Alvefur <zash@zash.se>
parents:
11421
diff
changeset
|
79 ready(); |
11414 | 80 end |
81 | |
82 if self.extra and self.extra.use_dane == true then | |
83 dns_resolver:lookup(function (answer) | |
84 if answer then | |
85 secure = secure and answer.secure; | |
86 for _, record in ipairs(answer) do | |
87 table.insert(tlsa, record.tlsa); | |
88 end | |
89 end | |
90 ready(); | |
91 end, ("_%d._tcp.%s"):format(self.port, self.hostname), "TLSA", "IN"); | |
10626
26fb44b61a17
net.resolvers.basic: Fix continuing if IPv6 or Legacy IP is disabled
Kim Alvefur <zash@zash.se>
parents:
10624
diff
changeset
|
92 else |
26fb44b61a17
net.resolvers.basic: Fix continuing if IPv6 or Legacy IP is disabled
Kim Alvefur <zash@zash.se>
parents:
10624
diff
changeset
|
93 ready(); |
10621
e5ab31845094
net.resolvers.basic: Obey use_ipv4/use_ipv6
Matthew Wild <mwild1@gmail.com>
parents:
10485
diff
changeset
|
94 end |
8531
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
95 end |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
96 |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
97 local function new(hostname, port, conn_type, extra) |
10436
0d702ec77f0c
net.resolvers.basic: Move IP literal check to constructor
Kim Alvefur <zash@zash.se>
parents:
10400
diff
changeset
|
98 local ascii_host = idna_to_ascii(hostname); |
0d702ec77f0c
net.resolvers.basic: Move IP literal check to constructor
Kim Alvefur <zash@zash.se>
parents:
10400
diff
changeset
|
99 local targets = nil; |
11007
1d8e1f7a587c
net.resolvers.basic: Default conn_type to 'tcp' consistently if unspecified (thanks marc0s)
Matthew Wild <mwild1@gmail.com>
parents:
10439
diff
changeset
|
100 conn_type = conn_type or "tcp"; |
10436
0d702ec77f0c
net.resolvers.basic: Move IP literal check to constructor
Kim Alvefur <zash@zash.se>
parents:
10400
diff
changeset
|
101 |
0d702ec77f0c
net.resolvers.basic: Move IP literal check to constructor
Kim Alvefur <zash@zash.se>
parents:
10400
diff
changeset
|
102 local is_ip = inet_pton(hostname); |
10437
fcfc8f4d14a8
net.resolvers.basic: Fix resolution of IPv6 literals (in brackets) (fixes #1459)
Kim Alvefur <zash@zash.se>
parents:
10436
diff
changeset
|
103 if not is_ip and hostname:sub(1,1) == '[' then |
fcfc8f4d14a8
net.resolvers.basic: Fix resolution of IPv6 literals (in brackets) (fixes #1459)
Kim Alvefur <zash@zash.se>
parents:
10436
diff
changeset
|
104 is_ip = inet_pton(hostname:sub(2,-2)); |
fcfc8f4d14a8
net.resolvers.basic: Fix resolution of IPv6 literals (in brackets) (fixes #1459)
Kim Alvefur <zash@zash.se>
parents:
10436
diff
changeset
|
105 end |
10436
0d702ec77f0c
net.resolvers.basic: Move IP literal check to constructor
Kim Alvefur <zash@zash.se>
parents:
10400
diff
changeset
|
106 if is_ip then |
10439
97c0f5fe5f41
net.resolvers.basic: Normalise IP literals, ensures net.server is happy
Kim Alvefur <zash@zash.se>
parents:
10437
diff
changeset
|
107 hostname = inet_ntop(is_ip); |
10436
0d702ec77f0c
net.resolvers.basic: Move IP literal check to constructor
Kim Alvefur <zash@zash.se>
parents:
10400
diff
changeset
|
108 if #is_ip == 16 then |
0d702ec77f0c
net.resolvers.basic: Move IP literal check to constructor
Kim Alvefur <zash@zash.se>
parents:
10400
diff
changeset
|
109 targets = { { conn_type.."6", hostname, port, extra } }; |
0d702ec77f0c
net.resolvers.basic: Move IP literal check to constructor
Kim Alvefur <zash@zash.se>
parents:
10400
diff
changeset
|
110 elseif #is_ip == 4 then |
0d702ec77f0c
net.resolvers.basic: Move IP literal check to constructor
Kim Alvefur <zash@zash.se>
parents:
10400
diff
changeset
|
111 targets = { { conn_type.."4", hostname, port, extra } }; |
0d702ec77f0c
net.resolvers.basic: Move IP literal check to constructor
Kim Alvefur <zash@zash.se>
parents:
10400
diff
changeset
|
112 end |
0d702ec77f0c
net.resolvers.basic: Move IP literal check to constructor
Kim Alvefur <zash@zash.se>
parents:
10400
diff
changeset
|
113 end |
0d702ec77f0c
net.resolvers.basic: Move IP literal check to constructor
Kim Alvefur <zash@zash.se>
parents:
10400
diff
changeset
|
114 |
8531
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
115 return setmetatable({ |
10436
0d702ec77f0c
net.resolvers.basic: Move IP literal check to constructor
Kim Alvefur <zash@zash.se>
parents:
10400
diff
changeset
|
116 hostname = ascii_host; |
8531
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
117 port = port; |
11007
1d8e1f7a587c
net.resolvers.basic: Default conn_type to 'tcp' consistently if unspecified (thanks marc0s)
Matthew Wild <mwild1@gmail.com>
parents:
10439
diff
changeset
|
118 conn_type = conn_type; |
8531
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
119 extra = extra; |
10436
0d702ec77f0c
net.resolvers.basic: Move IP literal check to constructor
Kim Alvefur <zash@zash.se>
parents:
10400
diff
changeset
|
120 targets = targets; |
8531
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
121 }, resolver_mt); |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
122 end |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
123 |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
124 return { |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
125 new = new; |
601681acea73
net.connect: New API for outgoing connections, based on 'service resolvers'
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
126 }; |