зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1893944 - Don't resolve HTTPS RR for local domains, r=necko-reviewers,jesup
Differential Revision: https://phabricator.services.mozilla.com/D208984
This commit is contained in:
Родитель
a49f06158e
Коммит
143549cbab
|
@ -170,7 +170,7 @@ static void EventTelemetryPrefChanged(const char* aPref, void* aData) {
|
|||
StaticPrefs::network_trr_confirmation_telemetry_enabled());
|
||||
}
|
||||
|
||||
nsresult TRRService::Init() {
|
||||
nsresult TRRService::Init(bool aNativeHTTPSQueryEnabled) {
|
||||
MOZ_ASSERT(NS_IsMainThread(), "wrong thread");
|
||||
if (mInitialized) {
|
||||
return NS_OK;
|
||||
|
@ -189,6 +189,7 @@ nsresult TRRService::Init() {
|
|||
|
||||
sTRRServicePtr = this;
|
||||
|
||||
mNativeHTTPSQueryEnabled = aNativeHTTPSQueryEnabled;
|
||||
ReadPrefs(nullptr);
|
||||
mConfirmation.HandleEvent(ConfirmationEvent::Init);
|
||||
|
||||
|
@ -1021,7 +1022,9 @@ bool TRRService::IsExcludedFromTRR_unlocked(const nsACString& aHost) {
|
|||
return true;
|
||||
}
|
||||
if (mDNSSuffixDomains.Contains(subdomain)) {
|
||||
LOG(("Subdomain [%s] of host [%s] Is Excluded From TRR via pref\n",
|
||||
LOG(
|
||||
("Subdomain [%s] of host [%s] Is Excluded From TRR via DNSSuffix "
|
||||
"domains\n",
|
||||
subdomain.BeginReading(), aHost.BeginReading()));
|
||||
return true;
|
||||
}
|
||||
|
|
|
@ -42,7 +42,7 @@ class TRRService : public TRRServiceBase,
|
|||
|
||||
bool OnWritingThread() const override { return NS_IsMainThread(); }
|
||||
|
||||
nsresult Init();
|
||||
nsresult Init(bool aNativeHTTPSQueryEnabled);
|
||||
nsresult Start();
|
||||
bool Enabled(nsIRequest::TRRMode aRequestMode = nsIRequest::TRR_DEFAULT_MODE);
|
||||
bool IsConfirmed() { return mConfirmation.State() == CONFIRM_OK; }
|
||||
|
|
|
@ -163,8 +163,9 @@ void TRRServiceBase::OnTRRModeChange() {
|
|||
}
|
||||
|
||||
static bool readHosts = false;
|
||||
// When native HTTPS query is enabled, we need to read etc/hosts.
|
||||
if ((mMode == nsIDNSService::MODE_TRRFIRST ||
|
||||
mMode == nsIDNSService::MODE_TRRONLY) &&
|
||||
mMode == nsIDNSService::MODE_TRRONLY || mNativeHTTPSQueryEnabled) &&
|
||||
!readHosts) {
|
||||
readHosts = true;
|
||||
ReadEtcHostsFile();
|
||||
|
|
|
@ -82,6 +82,7 @@ class TRRServiceBase : public nsIProxyConfigChangedCallback {
|
|||
Atomic<bool, Relaxed> mURISetByDetection{false};
|
||||
Atomic<bool, Relaxed> mTRRConnectionInfoInited{false};
|
||||
DataMutex<RefPtr<nsHttpConnectionInfo>> mDefaultTRRConnectionInfo;
|
||||
bool mNativeHTTPSQueryEnabled{false};
|
||||
};
|
||||
|
||||
} // namespace net
|
||||
|
|
|
@ -874,7 +874,7 @@ nsDNSService::Init() {
|
|||
do_GetService("@mozilla.org/network/oblivious-http-service;1"));
|
||||
|
||||
mTrrService = new TRRService();
|
||||
if (NS_FAILED(mTrrService->Init())) {
|
||||
if (NS_FAILED(mTrrService->Init(mResolver->IsNativeHTTPSEnabled()))) {
|
||||
mTrrService = nullptr;
|
||||
}
|
||||
|
||||
|
|
|
@ -455,7 +455,8 @@ already_AddRefed<nsHostRecord> nsHostResolver::InitLoopbackRecord(
|
|||
return rec.forget();
|
||||
}
|
||||
|
||||
static bool IsNativeHTTPSEnabled() {
|
||||
// static
|
||||
bool nsHostResolver::IsNativeHTTPSEnabled() {
|
||||
if (!StaticPrefs::network_dns_native_https_query()) {
|
||||
return false;
|
||||
}
|
||||
|
@ -527,6 +528,7 @@ nsresult nsHostResolver::ResolveHost(const nsACString& aHost,
|
|||
bool excludedFromTRR = false;
|
||||
if (TRRService::Get() && TRRService::Get()->IsExcludedFromTRR(host)) {
|
||||
flags |= nsIDNSService::RESOLVE_DISABLE_TRR;
|
||||
flags |= nsIDNSService::RESOLVE_DISABLE_NATIVE_HTTPS_QUERY;
|
||||
excludedFromTRR = true;
|
||||
|
||||
if (!aTrrServer.IsEmpty()) {
|
||||
|
@ -1182,8 +1184,14 @@ nsresult nsHostResolver::NameLookup(nsHostRecord* rec,
|
|||
(rec->mEffectiveTRRMode == nsIRequest::TRR_FIRST_MODE &&
|
||||
(rec->flags & nsIDNSService::RESOLVE_DISABLE_TRR || serviceNotReady ||
|
||||
NS_FAILED(rv)))) {
|
||||
if (!IsNativeHTTPSEnabled() && !rec->IsAddrRecord()) {
|
||||
return rv;
|
||||
if (!rec->IsAddrRecord()) {
|
||||
if (!IsNativeHTTPSEnabled()) {
|
||||
return NS_ERROR_UNKNOWN_HOST;
|
||||
}
|
||||
|
||||
if (rec->flags & nsIDNSService::RESOLVE_DISABLE_NATIVE_HTTPS_QUERY) {
|
||||
return NS_ERROR_UNKNOWN_HOST;
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef DEBUG
|
||||
|
|
|
@ -339,6 +339,8 @@ class nsHostResolver : public nsISupports, public AHostResolver {
|
|||
* Called by the networking dashboard via the DnsService2
|
||||
*/
|
||||
void GetDNSCacheEntries(nsTArray<mozilla::net::DNSCacheEntries>*);
|
||||
|
||||
static bool IsNativeHTTPSEnabled();
|
||||
};
|
||||
|
||||
#endif // nsHostResolver_h__
|
||||
|
|
|
@ -91,9 +91,11 @@ interface nsIDNSService : nsISupports
|
|||
// If set, the DNS service will pass a DNS record to
|
||||
// OnLookupComplete even when there was a resolution error.
|
||||
RESOLVE_WANT_RECORD_ON_ERROR = (1 << 16),
|
||||
// If set, the native HTTPS query is not allowed.
|
||||
RESOLVE_DISABLE_NATIVE_HTTPS_QUERY = (1 << 17),
|
||||
|
||||
// Bitflag containing all possible flags.
|
||||
ALL_DNSFLAGS_BITS = ((1 << 17) - 1),
|
||||
ALL_DNSFLAGS_BITS = ((1 << 18) - 1),
|
||||
};
|
||||
|
||||
cenum ConfirmationState : 8 {
|
||||
|
|
|
@ -353,7 +353,10 @@ function hexToUint8Array(hex) {
|
|||
|
||||
add_task(
|
||||
{
|
||||
skip_if: () => mozinfo.os == "win" || mozinfo.os == "android",
|
||||
skip_if: () =>
|
||||
mozinfo.os == "win" ||
|
||||
mozinfo.os == "android" ||
|
||||
mozinfo.socketprocess_networking,
|
||||
},
|
||||
async function test_https_record_override() {
|
||||
let trrServer = new TRRServer();
|
||||
|
@ -414,6 +417,7 @@ add_task(
|
|||
Services.prefs.setBoolPref("network.dns.native_https_query", true);
|
||||
registerCleanupFunction(async () => {
|
||||
Services.prefs.clearUserPref("network.dns.native_https_query");
|
||||
Services.prefs.clearUserPref("network.trr.excluded-domains");
|
||||
});
|
||||
|
||||
let listener = new Listener();
|
||||
|
@ -511,5 +515,24 @@ add_task(
|
|||
"def...",
|
||||
"got correct answer"
|
||||
);
|
||||
|
||||
// Adding "service.com" into excluded-domains should fail
|
||||
// native HTTPS query.
|
||||
Services.prefs.setCharPref("network.trr.excluded-domains", "service.com");
|
||||
listener = new Listener();
|
||||
try {
|
||||
Services.dns.asyncResolve(
|
||||
"service.com",
|
||||
Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
|
||||
0,
|
||||
null,
|
||||
listener,
|
||||
mainThread,
|
||||
defaultOriginAttributes
|
||||
);
|
||||
Assert.ok(false, "asyncResolve should fail");
|
||||
} catch (e) {
|
||||
Assert.equal(e.result, Cr.NS_ERROR_UNKNOWN_HOST);
|
||||
}
|
||||
}
|
||||
);
|
||||
|
|
Загрузка…
Ссылка в новой задаче