* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks
[not found] ` <20180714170809.C3A3920456@vcs0.savannah.gnu.org>
@ 2018-07-15 11:46 ` Robert Pluim
2018-07-15 15:34 ` Jimmy Yuen Ho Wong
0 siblings, 1 reply; 26+ messages in thread
From: Robert Pluim @ 2018-07-15 11:46 UTC (permalink / raw)
To: emacs-devel; +Cc: Jimmy Yuen Ho Wong
wyuenho@gmail.com (Jimmy Yuen Ho Wong) writes:
> branch: netsec
> commit 682578fcf74d4598e39eca81e09d81810d3fc28d
> Author: Jimmy Yuen Ho Wong <wyuenho@gmail.com>
> Commit: Jimmy Yuen Ho Wong <wyuenho@gmail.com>
>
> Add option to bypass NSM TLS checks on local networks
>
> * lisp/net/net-utils.el (nslookup-host-ipv4, nslookup-host-ipv6,
> ipv6-expand): New functions to lookup IPv4 and IPv6 addresses from
> DNS.
So this only works for people who have nslookup installed? Emacs
already uses getaddrinfo internally, would it help you if there was a
lisp-level interface to it?
Regards
Robert
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks
2018-07-15 11:46 ` netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks Robert Pluim
@ 2018-07-15 15:34 ` Jimmy Yuen Ho Wong
2018-07-16 13:34 ` Robert Pluim
0 siblings, 1 reply; 26+ messages in thread
From: Jimmy Yuen Ho Wong @ 2018-07-15 15:34 UTC (permalink / raw)
To: Robert Pluim; +Cc: emacs-devel
> On 15 Jul 2018, at 12:46 pm, Robert Pluim <rpluim@gmail.com> wrote:
>
> wyuenho@gmail.com (Jimmy Yuen Ho Wong) writes:
>
>> branch: netsec
>> commit 682578fcf74d4598e39eca81e09d81810d3fc28d
>> Author: Jimmy Yuen Ho Wong <wyuenho@gmail.com>
>> Commit: Jimmy Yuen Ho Wong <wyuenho@gmail.com>
>>
>> Add option to bypass NSM TLS checks on local networks
>>
>> * lisp/net/net-utils.el (nslookup-host-ipv4, nslookup-host-ipv6,
>> ipv6-expand): New functions to lookup IPv4 and IPv6 addresses from
>> DNS.
>
> So this only works for people who have nslookup installed? Emacs
> already uses getaddrinfo internally, would it help you if there was a
> lisp-level interface to it?
>
Yes it would. I was asking for that exact same thing :) lend me a hand on this?
> Regards
>
> Robert
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks
2018-07-15 15:34 ` Jimmy Yuen Ho Wong
@ 2018-07-16 13:34 ` Robert Pluim
2018-07-16 15:00 ` Eli Zaretskii
` (3 more replies)
0 siblings, 4 replies; 26+ messages in thread
From: Robert Pluim @ 2018-07-16 13:34 UTC (permalink / raw)
To: Jimmy Yuen Ho Wong; +Cc: emacs-devel
Jimmy Yuen Ho Wong <wyuenho@gmail.com> writes:
>> On 15 Jul 2018, at 12:46 pm, Robert Pluim <rpluim@gmail.com> wrote:
>>
>> wyuenho@gmail.com (Jimmy Yuen Ho Wong) writes:
>>
>>> branch: netsec
>>> commit 682578fcf74d4598e39eca81e09d81810d3fc28d
>>> Author: Jimmy Yuen Ho Wong <wyuenho@gmail.com>
>>> Commit: Jimmy Yuen Ho Wong <wyuenho@gmail.com>
>>>
>>> Add option to bypass NSM TLS checks on local networks
>>>
>>> * lisp/net/net-utils.el (nslookup-host-ipv4, nslookup-host-ipv6,
>>> ipv6-expand): New functions to lookup IPv4 and IPv6 addresses from
>>> DNS.
>>
>> So this only works for people who have nslookup installed? Emacs
>> already uses getaddrinfo internally, would it help you if there was a
>> lisp-level interface to it?
>>
>
> Yes it would. I was asking for that exact same thing :) lend me a hand on this?
Iʼm terrible at choosing names, please suggest better ones
(hostname-lookup, gethostbyname,....?). Output currently looks like
this, including a port number, but thatʼs easily changed:
(get-address-info "www.slashdot.org" 'ipv4)
([216 105 38 15 0] [216 105 38 15 0] [216 105 38 15 0])
(get-address-info "google.com")
([172 217 19 238 0] [172 217 19 238 0] [172 217 19 238 0] [10752 5200 16391 2060 0 0 0 8206 0] [10752 5200 16391 2060 0 0 0 8206 0] [10752 5200 16391 2060 0 0 0 8206 0])
Eli, I see thereʼs a sys_getaddrinfo in w32.c, is something needed to get emacs
to use that on MS-Windows?
diff --git i/src/process.c w/src/process.c
index 279b74bc66..7d0bf74cbe 100644
--- i/src/process.c
+++ w/src/process.c
@@ -4531,6 +4531,55 @@ Data that is unavailable is returned as nil. */)
#endif
}
+DEFUN ("get-address-info", Fget_address_info, Sget_address_info, 1, 2, 0,
+ doc: /* Look up ip address info of NAME.
+Optional parameter FAMILY controls whether to look up IPv4 or IPv6
+addresses. The default of nil means look up both, symbol `ipv4' means
+IPv4 only, symbol `ipv6' mean IPv6 only. Returns a list of addresses,
+or nil if none were found. */)
+ (Lisp_Object name, Lisp_Object family)
+{
+ Lisp_Object addresses = Qnil;
+ struct addrinfo *res, *lres;
+ int ret;
+
+ struct addrinfo hints;
+ memset (&hints, 0, sizeof hints);
+ if (EQ (family, Qnil))
+ hints.ai_family = AF_UNSPEC;
+ if (EQ (family, Qipv4))
+ hints.ai_family = AF_INET;
+#ifdef AF_INET6
+ if (EQ (family, Qipv6))
+ hints.ai_family = AF_INET6;
+#endif
+ hints.ai_socktype = 0;
+
+ ret = getaddrinfo (SSDATA (name), NULL, &hints, &res);
+ if (ret)
+#ifdef HAVE_GAI_STRERROR
+ {
+ synchronize_system_messages_locale ();
+ char const *str = gai_strerror (ret);
+ if (! NILP (Vlocale_coding_system))
+ str = SSDATA (code_convert_string_norecord
+ (build_string (str), Vlocale_coding_system, 0));
+ message ("\"%s\" \"%s\"", SSDATA (name), str);
+ }
+#else
+ message ("%s get-address-info error %d", SSDATA (name), ret);
+#endif
+ else
+ {
+ for (lres = res; lres; lres = lres->ai_next)
+ addresses = Fcons (conv_sockaddr_to_lisp (lres->ai_addr, lres->ai_addrlen), addresses);
+ addresses = Fnreverse (addresses);
+
+ freeaddrinfo (res);
+ }
+ return addresses;
+}
+
/* Turn off input and output for process PROC. */
static void
@@ -8274,6 +8323,7 @@ returns non-`nil'. */);
defsubr (&Sset_network_process_option);
defsubr (&Smake_network_process);
defsubr (&Sformat_network_address);
+ defsubr (&Sget_address_info);
defsubr (&Snetwork_interface_list);
defsubr (&Snetwork_interface_info);
#ifdef DATAGRAM_SOCKETS
^ permalink raw reply related [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks
2018-07-16 13:34 ` Robert Pluim
@ 2018-07-16 15:00 ` Eli Zaretskii
2018-07-16 15:24 ` Jimmy Yuen Ho Wong
2018-07-16 16:23 ` Robert Pluim
2018-07-16 15:31 ` Jimmy Yuen Ho Wong
` (2 subsequent siblings)
3 siblings, 2 replies; 26+ messages in thread
From: Eli Zaretskii @ 2018-07-16 15:00 UTC (permalink / raw)
To: Robert Pluim; +Cc: emacs-devel
> From: Robert Pluim <rpluim@gmail.com>
> Date: Mon, 16 Jul 2018 15:34:35 +0200
> Cc: emacs-devel@gnu.org
>
> Eli, I see thereʼs a sys_getaddrinfo in w32.c, is something needed
> to get emacs to use that on MS-Windows?
No, you don't need anything special. nt/inc/socket.h redirects
getaddrinfo into sys_getaddrinfo, and all our C sources see the
redirection.
> +DEFUN ("get-address-info", Fget_address_info, Sget_address_info, 1, 2, 0,
> + doc: /* Look up ip address info of NAME.
> +Optional parameter FAMILY controls whether to look up IPv4 or IPv6
> +addresses. The default of nil means look up both, symbol `ipv4' means
> +IPv4 only, symbol `ipv6' mean IPv6 only. Returns a list of addresses,
> +or nil if none were found. */)
This doc string doesn't tell that each address is a vector or a
string.
> + if (EQ (family, Qipv4))
> + hints.ai_family = AF_INET;
> +#ifdef AF_INET6
> + if (EQ (family, Qipv6))
> + hints.ai_family = AF_INET6;
> +#endif
Should we signal an error if 'ipv6' is requested on a system that
doesn't support that?
> + ret = getaddrinfo (SSDATA (name), NULL, &hints, &res);
You should encode NAME (using ENCODE_SYSTEM), because it could include
non-ASCII characters. In general, any Lisp string should be encoded
before you can pass its data to a C library function.
Thanks.
P.S. This needs a NEWS entry, at the very least, and perhaps also an
update for the ELisp manual.
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks
2018-07-16 15:00 ` Eli Zaretskii
@ 2018-07-16 15:24 ` Jimmy Yuen Ho Wong
2018-07-16 17:59 ` Eli Zaretskii
2018-07-16 16:23 ` Robert Pluim
1 sibling, 1 reply; 26+ messages in thread
From: Jimmy Yuen Ho Wong @ 2018-07-16 15:24 UTC (permalink / raw)
To: Eli Zaretskii; +Cc: Robert Pluim, Emacs-Devel devel
On Mon, Jul 16, 2018 at 4:00 PM Eli Zaretskii <eliz@gnu.org> wrote:
>
> > From: Robert Pluim <rpluim@gmail.com>
> > Date: Mon, 16 Jul 2018 15:34:35 +0200
> > Cc: emacs-devel@gnu.org
> >
> > Eli, I see thereʼs a sys_getaddrinfo in w32.c, is something needed
> > to get emacs to use that on MS-Windows?
>
> No, you don't need anything special. nt/inc/socket.h redirects
> getaddrinfo into sys_getaddrinfo, and all our C sources see the
> redirection.
>
> > +DEFUN ("get-address-info", Fget_address_info, Sget_address_info, 1, 2, 0,
> > + doc: /* Look up ip address info of NAME.
> > +Optional parameter FAMILY controls whether to look up IPv4 or IPv6
> > +addresses. The default of nil means look up both, symbol `ipv4' means
> > +IPv4 only, symbol `ipv6' mean IPv6 only. Returns a list of addresses,
> > +or nil if none were found. */)
>
> This doc string doesn't tell that each address is a vector or a
> string.
>
> > + if (EQ (family, Qipv4))
> > + hints.ai_family = AF_INET;
> > +#ifdef AF_INET6
> > + if (EQ (family, Qipv6))
> > + hints.ai_family = AF_INET6;
> > +#endif
>
> Should we signal an error if 'ipv6' is requested on a system that
> doesn't support that?
>
> > + ret = getaddrinfo (SSDATA (name), NULL, &hints, &res);
>
> You should encode NAME (using ENCODE_SYSTEM), because it could include
> non-ASCII characters. In general, any Lisp string should be encoded
> before you can pass its data to a C library function.
>
Does getaddrinfo accept unicode hostnames? If not I think we can just
make sure NAME is all ASCII as per Punycode for i18nized host names.
> Thanks.
>
> P.S. This needs a NEWS entry, at the very least, and perhaps also an
> update for the ELisp manual.
>
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks
2018-07-16 13:34 ` Robert Pluim
2018-07-16 15:00 ` Eli Zaretskii
@ 2018-07-16 15:31 ` Jimmy Yuen Ho Wong
2018-07-16 16:14 ` Stefan Monnier
2018-07-16 17:06 ` Andy Moreton
2018-07-16 17:48 ` Paul Eggert
3 siblings, 1 reply; 26+ messages in thread
From: Jimmy Yuen Ho Wong @ 2018-07-16 15:31 UTC (permalink / raw)
To: Emacs-Devel devel
On Mon, Jul 16, 2018 at 2:34 PM Robert Pluim <rpluim@gmail.com> wrote:
>
> Jimmy Yuen Ho Wong <wyuenho@gmail.com> writes:
>
> >> On 15 Jul 2018, at 12:46 pm, Robert Pluim <rpluim@gmail.com> wrote:
> >>
> >> wyuenho@gmail.com (Jimmy Yuen Ho Wong) writes:
> >>
> >>> branch: netsec
> >>> commit 682578fcf74d4598e39eca81e09d81810d3fc28d
> >>> Author: Jimmy Yuen Ho Wong <wyuenho@gmail.com>
> >>> Commit: Jimmy Yuen Ho Wong <wyuenho@gmail.com>
> >>>
> >>> Add option to bypass NSM TLS checks on local networks
> >>>
> >>> * lisp/net/net-utils.el (nslookup-host-ipv4, nslookup-host-ipv6,
> >>> ipv6-expand): New functions to lookup IPv4 and IPv6 addresses from
> >>> DNS.
> >>
> >> So this only works for people who have nslookup installed? Emacs
> >> already uses getaddrinfo internally, would it help you if there was a
> >> lisp-level interface to it?
> >>
> >
> > Yes it would. I was asking for that exact same thing :) lend me a hand on this?
>
> Iʼm terrible at choosing names, please suggest better ones
> (hostname-lookup, gethostbyname,....?). Output currently looks like
> this, including a port number, but thatʼs easily changed:
>
I wish I could think of a better name. All the good names are taken by
terrible implementations LOL
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks
2018-07-16 15:31 ` Jimmy Yuen Ho Wong
@ 2018-07-16 16:14 ` Stefan Monnier
2018-07-16 16:36 ` Robert Pluim
0 siblings, 1 reply; 26+ messages in thread
From: Stefan Monnier @ 2018-07-16 16:14 UTC (permalink / raw)
To: emacs-devel
>> Iʼm terrible at choosing names, please suggest better ones
>> (hostname-lookup, gethostbyname,....?). Output currently looks like
>> this, including a port number, but thatʼs easily changed:
> I wish I could think of a better name. All the good names are taken by
> terrible implementations LOL
All the C functions dealing with the network should use a common
namespace prefix, I think. That could be "network-" or "inet-" or
various others.
Stefan "just helping paint the shed"
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks
2018-07-16 15:00 ` Eli Zaretskii
2018-07-16 15:24 ` Jimmy Yuen Ho Wong
@ 2018-07-16 16:23 ` Robert Pluim
2018-07-16 17:16 ` Jimmy Yuen Ho Wong
2018-07-16 18:09 ` Eli Zaretskii
1 sibling, 2 replies; 26+ messages in thread
From: Robert Pluim @ 2018-07-16 16:23 UTC (permalink / raw)
To: Eli Zaretskii; +Cc: emacs-devel
Eli Zaretskii <eliz@gnu.org> writes:
>> From: Robert Pluim <rpluim@gmail.com>
>> Date: Mon, 16 Jul 2018 15:34:35 +0200
>> Cc: emacs-devel@gnu.org
>>
>> Eli, I see thereʼs a sys_getaddrinfo in w32.c, is something needed
>> to get emacs to use that on MS-Windows?
>
> No, you don't need anything special. nt/inc/socket.h redirects
> getaddrinfo into sys_getaddrinfo, and all our C sources see the
> redirection.
Thanks. I always forget how the nt stuff works.
>> +DEFUN ("get-address-info", Fget_address_info, Sget_address_info, 1, 2, 0,
>> + doc: /* Look up ip address info of NAME.
>> +Optional parameter FAMILY controls whether to look up IPv4 or IPv6
>> +addresses. The default of nil means look up both, symbol `ipv4' means
>> +IPv4 only, symbol `ipv6' mean IPv6 only. Returns a list of addresses,
>> +or nil if none were found. */)
>
> This doc string doesn't tell that each address is a vector or a
> string.
Yes. Iʼm waiting for Jimmy to tell me if the format works for him,
then Iʼll document whatever we end up with (and it can currently only
return a vector, and includes a port, which is probably not needed).
>> + if (EQ (family, Qipv4))
>> + hints.ai_family = AF_INET;
>> +#ifdef AF_INET6
>> + if (EQ (family, Qipv6))
>> + hints.ai_family = AF_INET6;
>> +#endif
>
> Should we signal an error if 'ipv6' is requested on a system that
> doesn't support that?
Iʼd be more inclined to return nil in that case. The effect is the
same, and the caller doesnʼt need to do redundant error handling.
>> + ret = getaddrinfo (SSDATA (name), NULL, &hints, &res);
>
> You should encode NAME (using ENCODE_SYSTEM), because it could include
> non-ASCII characters. In general, any Lisp string should be encoded
> before you can pass its data to a C library function.
>
My understanding is that this API only supports ASCII anyway. For
internationalized domain names you'd need to use puny-code (and we
donʼt currently use ENCODE_SYSTEM when calling getaddrinfo elsewhere).
> Thanks.
>
> P.S. This needs a NEWS entry, at the very least, and perhaps also an
> update for the ELisp manual.
Both, for sure.
Robert
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks
2018-07-16 16:14 ` Stefan Monnier
@ 2018-07-16 16:36 ` Robert Pluim
2018-07-16 18:11 ` Eli Zaretskii
2018-07-16 18:24 ` Stefan Monnier
0 siblings, 2 replies; 26+ messages in thread
From: Robert Pluim @ 2018-07-16 16:36 UTC (permalink / raw)
To: Stefan Monnier; +Cc: emacs-devel
Stefan Monnier <monnier@iro.umontreal.ca> writes:
>>> Iʼm terrible at choosing names, please suggest better ones
>>> (hostname-lookup, gethostbyname,....?). Output currently looks like
>>> this, including a port number, but thatʼs easily changed:
>> I wish I could think of a better name. All the good names are taken by
>> terrible implementations LOL
>
> All the C functions dealing with the network should use a common
> namespace prefix, I think. That could be "network-" or "inet-" or
> various others.
>
Emacs has a whole bunch of commands and variables starting with
'network-', that makes sense to me.
> Stefan "just helping paint the shed"
network-lookup-info? network-lookup-hostname-info? There are so many
colours to choose from.
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks
2018-07-16 13:34 ` Robert Pluim
2018-07-16 15:00 ` Eli Zaretskii
2018-07-16 15:31 ` Jimmy Yuen Ho Wong
@ 2018-07-16 17:06 ` Andy Moreton
2018-07-16 17:15 ` Jimmy Yuen Ho Wong
2018-07-16 17:48 ` Paul Eggert
3 siblings, 1 reply; 26+ messages in thread
From: Andy Moreton @ 2018-07-16 17:06 UTC (permalink / raw)
To: emacs-devel
On Mon 16 Jul 2018, Robert Pluim wrote:
> Jimmy Yuen Ho Wong <wyuenho@gmail.com> writes:
>
>>> On 15 Jul 2018, at 12:46 pm, Robert Pluim <rpluim@gmail.com> wrote:
>>>
>>> wyuenho@gmail.com (Jimmy Yuen Ho Wong) writes:
>>>
>>>> branch: netsec
>>>> commit 682578fcf74d4598e39eca81e09d81810d3fc28d
>>>> Author: Jimmy Yuen Ho Wong <wyuenho@gmail.com>
>>>> Commit: Jimmy Yuen Ho Wong <wyuenho@gmail.com>
>>>>
>>>> Add option to bypass NSM TLS checks on local networks
>>>>
>>>> * lisp/net/net-utils.el (nslookup-host-ipv4, nslookup-host-ipv6,
>>>> ipv6-expand): New functions to lookup IPv4 and IPv6 addresses from
>>>> DNS.
>>>
>>> So this only works for people who have nslookup installed? Emacs
>>> already uses getaddrinfo internally, would it help you if there was a
>>> lisp-level interface to it?
>>>
>>
>> Yes it would. I was asking for that exact same thing :) lend me a hand on this?
>
> Iʼm terrible at choosing names, please suggest better ones
> (hostname-lookup, gethostbyname,....?). Output currently looks like
> this, including a port number, but thatʼs easily changed:
Given that we already have `network-interface-list' and
`network-interface-info' I think this should be named `network-address-info'.
Your patch works on Windows 10 (64bit mingw64 MSYS2):
ELISP> (get-address-info "www.slashdot.org" 'ipv4)
([216 105 38 15 0])
ELISP> (get-address-info "google.com")
([216 58 213 110 0])
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks
2018-07-16 17:06 ` Andy Moreton
@ 2018-07-16 17:15 ` Jimmy Yuen Ho Wong
0 siblings, 0 replies; 26+ messages in thread
From: Jimmy Yuen Ho Wong @ 2018-07-16 17:15 UTC (permalink / raw)
To: andrewjmoreton; +Cc: Emacs-Devel devel
>
> Given that we already have `network-interface-list' and
> `network-interface-info' I think this should be named `network-address-info'.
>
Sounds good to me!
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks
2018-07-16 16:23 ` Robert Pluim
@ 2018-07-16 17:16 ` Jimmy Yuen Ho Wong
2018-07-16 17:46 ` Robert Pluim
2018-07-16 18:09 ` Eli Zaretskii
1 sibling, 1 reply; 26+ messages in thread
From: Jimmy Yuen Ho Wong @ 2018-07-16 17:16 UTC (permalink / raw)
To: Emacs-Devel devel; +Cc: Eli Zaretskii
>
> Yes. Iʼm waiting for Jimmy to tell me if the format works for him,
> then Iʼll document whatever we end up with (and it can currently only
> return a vector, and includes a port, which is probably not needed).
>
Oh you are waiting for me, you can just push to my branch or master
and I'll test it out.
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks
2018-07-16 17:16 ` Jimmy Yuen Ho Wong
@ 2018-07-16 17:46 ` Robert Pluim
0 siblings, 0 replies; 26+ messages in thread
From: Robert Pluim @ 2018-07-16 17:46 UTC (permalink / raw)
To: Jimmy Yuen Ho Wong; +Cc: Eli Zaretskii, Emacs-Devel devel
Jimmy Yuen Ho Wong <wyuenho@gmail.com> writes:
>>
>> Yes. Iʼm waiting for Jimmy to tell me if the format works for him,
>> then Iʼll document whatever we end up with (and it can currently only
>> return a vector, and includes a port, which is probably not needed).
>>
>
> Oh you are waiting for me, you can just push to my branch or master
> and I'll test it out.
Iʼve pushed to the netsec branch.
Regards
Robert
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks
2018-07-16 13:34 ` Robert Pluim
` (2 preceding siblings ...)
2018-07-16 17:06 ` Andy Moreton
@ 2018-07-16 17:48 ` Paul Eggert
2018-07-17 5:56 ` Robert Pluim
3 siblings, 1 reply; 26+ messages in thread
From: Paul Eggert @ 2018-07-16 17:48 UTC (permalink / raw)
To: emacs-devel
Robert Pluim wrote:
> + ret = getaddrinfo (SSDATA (name), NULL, &hints, &res);
Why does the Lisp API always pass NULL here? Shouldn't there be some way to
specify the service at the Lisp level?
More generally, there's a lot of code duplication between this new function and
what's already in the implementation of make-network-process. Intead,
make-network-process should call this new function (or some C variant of it).
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks
2018-07-16 15:24 ` Jimmy Yuen Ho Wong
@ 2018-07-16 17:59 ` Eli Zaretskii
0 siblings, 0 replies; 26+ messages in thread
From: Eli Zaretskii @ 2018-07-16 17:59 UTC (permalink / raw)
To: Jimmy Yuen Ho Wong; +Cc: rpluim, emacs-devel
> From: Jimmy Yuen Ho Wong <wyuenho@gmail.com>
> Date: Mon, 16 Jul 2018 16:24:45 +0100
> Cc: Robert Pluim <rpluim@gmail.com>, Emacs-Devel devel <emacs-devel@gnu.org>
>
> > > + ret = getaddrinfo (SSDATA (name), NULL, &hints, &res);
> >
> > You should encode NAME (using ENCODE_SYSTEM), because it could include
> > non-ASCII characters. In general, any Lisp string should be encoded
> > before you can pass its data to a C library function.
> >
>
> Does getaddrinfo accept unicode hostnames? If not I think we can just
> make sure NAME is all ASCII as per Punycode for i18nized host names.
That's fine with me, but my point is that simply plugging the string
data into a libc function is usually not OK.
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks
2018-07-16 16:23 ` Robert Pluim
2018-07-16 17:16 ` Jimmy Yuen Ho Wong
@ 2018-07-16 18:09 ` Eli Zaretskii
2018-07-17 10:09 ` Robert Pluim
1 sibling, 1 reply; 26+ messages in thread
From: Eli Zaretskii @ 2018-07-16 18:09 UTC (permalink / raw)
To: Robert Pluim; +Cc: emacs-devel
> From: Robert Pluim <rpluim@gmail.com>
> Cc: emacs-devel@gnu.org
> Date: Mon, 16 Jul 2018 18:23:21 +0200
>
> > No, you don't need anything special. nt/inc/socket.h redirects
> > getaddrinfo into sys_getaddrinfo, and all our C sources see the
> > redirection.
>
> Thanks. I always forget how the nt stuff works.
In general, all the sys_* stuff is invisible everywhere except in
w32.c.
> >> + ret = getaddrinfo (SSDATA (name), NULL, &hints, &res);
> >
> > You should encode NAME (using ENCODE_SYSTEM), because it could include
> > non-ASCII characters. In general, any Lisp string should be encoded
> > before you can pass its data to a C library function.
> >
>
> My understanding is that this API only supports ASCII anyway.
Then I think we should test that it's either a unibyte string or a
string whose size in bytes is equal to its size in characters, and
signal an error if that doesn't hold.
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks
2018-07-16 16:36 ` Robert Pluim
@ 2018-07-16 18:11 ` Eli Zaretskii
2018-07-16 18:24 ` Stefan Monnier
1 sibling, 0 replies; 26+ messages in thread
From: Eli Zaretskii @ 2018-07-16 18:11 UTC (permalink / raw)
To: Robert Pluim; +Cc: emacs-devel
> From: Robert Pluim <rpluim@gmail.com>
> Date: Mon, 16 Jul 2018 18:36:37 +0200
> Cc: emacs-devel@gnu.org
>
> Emacs has a whole bunch of commands and variables starting with
> 'network-', that makes sense to me.
>
> > Stefan "just helping paint the shed"
>
> network-lookup-info? network-lookup-hostname-info? There are so many
> colours to choose from.
FWIW, I'm okay with get-address-info, for 2 reasons:
. we don't other related names start with anything like that;
. other languages use names very close to getaddrinfo, so why cannot we?
But if you want to use some other name, feel free.
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks
2018-07-16 16:36 ` Robert Pluim
2018-07-16 18:11 ` Eli Zaretskii
@ 2018-07-16 18:24 ` Stefan Monnier
1 sibling, 0 replies; 26+ messages in thread
From: Stefan Monnier @ 2018-07-16 18:24 UTC (permalink / raw)
To: emacs-devel
> network-lookup-info? network-lookup-hostname-info? There are so many
> colours to choose from.
I'll let you choose that part of the color (so long as it's black, of
course).
Stefan
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks
2018-07-16 17:48 ` Paul Eggert
@ 2018-07-17 5:56 ` Robert Pluim
2018-07-17 18:07 ` Robert Pluim
0 siblings, 1 reply; 26+ messages in thread
From: Robert Pluim @ 2018-07-17 5:56 UTC (permalink / raw)
To: Paul Eggert; +Cc: emacs-devel
Paul Eggert <eggert@cs.ucla.edu> writes:
> Robert Pluim wrote:
>> + ret = getaddrinfo (SSDATA (name), NULL, &hints, &res);
>
> Why does the Lisp API always pass NULL here? Shouldn't there be some
> way to specify the service at the Lisp level?
I donʼt think thatʼs currently needed at the lisp level, and I didnʼt
want to overcomplicate the API.
> More generally, there's a lot of code duplication between this new
> function and what's already in the implementation of
> make-network-process. Intead, make-network-process should call this
> new function (or some C variant of it).
I guess that would be possible. Iʼll look into it.
Robert
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks
2018-07-16 18:09 ` Eli Zaretskii
@ 2018-07-17 10:09 ` Robert Pluim
2018-07-17 15:50 ` Eli Zaretskii
0 siblings, 1 reply; 26+ messages in thread
From: Robert Pluim @ 2018-07-17 10:09 UTC (permalink / raw)
To: Eli Zaretskii; +Cc: emacs-devel
Eli Zaretskii <eliz@gnu.org> writes:
>
> Then I think we should test that it's either a unibyte string or a
> string whose size in bytes is equal to its size in characters, and
> signal an error if that doesn't hold.
So I tried using STRING_MULTIBYTE, but of course eww uses
puny-encode-domain on unicode hostnames, and that returns a multibyte
string that only contains ASCII characters. Rather than opening that
can of worms, I settled on checking
SBYTES (host) != SCHARS (host)
I couldn't find an "is this a pure-ASCII string" function.
Regards
Robert
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks
2018-07-17 10:09 ` Robert Pluim
@ 2018-07-17 15:50 ` Eli Zaretskii
2018-07-17 15:53 ` Robert Pluim
0 siblings, 1 reply; 26+ messages in thread
From: Eli Zaretskii @ 2018-07-17 15:50 UTC (permalink / raw)
To: Robert Pluim; +Cc: emacs-devel
> From: Robert Pluim <rpluim@gmail.com>
> Cc: emacs-devel@gnu.org
> Date: Tue, 17 Jul 2018 12:09:10 +0200
>
> Eli Zaretskii <eliz@gnu.org> writes:
> >
> > Then I think we should test that it's either a unibyte string or a
> > string whose size in bytes is equal to its size in characters, and
> > signal an error if that doesn't hold.
>
> So I tried using STRING_MULTIBYTE, but of course eww uses
> puny-encode-domain on unicode hostnames, and that returns a multibyte
> string that only contains ASCII characters. Rather than opening that
> can of worms, I settled on checking
>
> SBYTES (host) != SCHARS (host)
This will signal an error for unibyte strings, because there SBYTES is
always -1. So I think you should do this instead:
STRING_MULTIBYTE (host) && SBYTES (host) != SCHARS (host)
> I couldn't find an "is this a pure-ASCII string" function.
It is rarely needed, IME.
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks
2018-07-17 15:50 ` Eli Zaretskii
@ 2018-07-17 15:53 ` Robert Pluim
2018-07-17 16:17 ` Robert Pluim
0 siblings, 1 reply; 26+ messages in thread
From: Robert Pluim @ 2018-07-17 15:53 UTC (permalink / raw)
To: Eli Zaretskii; +Cc: emacs-devel
Eli Zaretskii <eliz@gnu.org> writes:
>> From: Robert Pluim <rpluim@gmail.com>
>> Cc: emacs-devel@gnu.org
>> Date: Tue, 17 Jul 2018 12:09:10 +0200
>>
>> Eli Zaretskii <eliz@gnu.org> writes:
>> >
>> > Then I think we should test that it's either a unibyte string or a
>> > string whose size in bytes is equal to its size in characters, and
>> > signal an error if that doesn't hold.
>>
>> So I tried using STRING_MULTIBYTE, but of course eww uses
>> puny-encode-domain on unicode hostnames, and that returns a multibyte
>> string that only contains ASCII characters. Rather than opening that
>> can of worms, I settled on checking
>>
>> SBYTES (host) != SCHARS (host)
>
> This will signal an error for unibyte strings, because there SBYTES is
> always -1. So I think you should do this instead:
>
Ah, I was assuming they'd always be in sync.
> STRING_MULTIBYTE (host) && SBYTES (host) != SCHARS (host)
OK, that works.
Thanks
Robert
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks
2018-07-17 15:53 ` Robert Pluim
@ 2018-07-17 16:17 ` Robert Pluim
2018-07-17 17:15 ` Eli Zaretskii
0 siblings, 1 reply; 26+ messages in thread
From: Robert Pluim @ 2018-07-17 16:17 UTC (permalink / raw)
To: emacs-devel
Robert Pluim <rpluim@gmail.com> writes:
> Eli Zaretskii <eliz@gnu.org> writes:
>
>>> From: Robert Pluim <rpluim@gmail.com>
>>> Cc: emacs-devel@gnu.org
>>> Date: Tue, 17 Jul 2018 12:09:10 +0200
>>>
>>> Eli Zaretskii <eliz@gnu.org> writes:
>>> >
>>> > Then I think we should test that it's either a unibyte string or a
>>> > string whose size in bytes is equal to its size in characters, and
>>> > signal an error if that doesn't hold.
>>>
>>> So I tried using STRING_MULTIBYTE, but of course eww uses
>>> puny-encode-domain on unicode hostnames, and that returns a multibyte
>>> string that only contains ASCII characters. Rather than opening that
>>> can of worms, I settled on checking
>>>
>>> SBYTES (host) != SCHARS (host)
>>
>> This will signal an error for unibyte strings, because there SBYTES is
>> always -1. So I think you should do this instead:
>>
>
> Ah, I was assuming they'd always be in sync.
>
>> STRING_MULTIBYTE (host) && SBYTES (host) != SCHARS (host)
>
> OK, that works.
I couldn't get my original to fail with a unibyte string. Turns out
that even though size_byte is indeed -1 for unibyte strings, in that
case SBYTES returns the size field:
ptrdiff_t nbytes = s->u.s.size_byte < 0 ? s->u.s.size : s->u.s.size_byte;
Having said that, testing for STRING_MULTIBYTE is harmless.
Robert
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks
2018-07-17 16:17 ` Robert Pluim
@ 2018-07-17 17:15 ` Eli Zaretskii
2018-07-17 18:00 ` Robert Pluim
0 siblings, 1 reply; 26+ messages in thread
From: Eli Zaretskii @ 2018-07-17 17:15 UTC (permalink / raw)
To: Robert Pluim; +Cc: emacs-devel
> From: Robert Pluim <rpluim@gmail.com>
> Date: Tue, 17 Jul 2018 18:17:57 +0200
>
> I couldn't get my original to fail with a unibyte string. Turns out
> that even though size_byte is indeed -1 for unibyte strings, in that
> case SBYTES returns the size field:
>
> ptrdiff_t nbytes = s->u.s.size_byte < 0 ? s->u.s.size : s->u.s.size_byte;
Ah, yes. I keep forgetting that. Which is one more reason not to
rely on that, if you ask me ;-)
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks
2018-07-17 17:15 ` Eli Zaretskii
@ 2018-07-17 18:00 ` Robert Pluim
0 siblings, 0 replies; 26+ messages in thread
From: Robert Pluim @ 2018-07-17 18:00 UTC (permalink / raw)
To: Eli Zaretskii; +Cc: emacs-devel
Eli Zaretskii <eliz@gnu.org> writes:
>> From: Robert Pluim <rpluim@gmail.com>
>> Date: Tue, 17 Jul 2018 18:17:57 +0200
>>
>> I couldn't get my original to fail with a unibyte string. Turns out
>> that even though size_byte is indeed -1 for unibyte strings, in that
>> case SBYTES returns the size field:
>>
>> ptrdiff_t nbytes = s->u.s.size_byte < 0 ? s->u.s.size : s->u.s.size_byte;
>
> Ah, yes. I keep forgetting that. Which is one more reason not to
> rely on that, if you ask me ;-)
STRING_MULTIBYTE it is then.
Robert
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks
2018-07-17 5:56 ` Robert Pluim
@ 2018-07-17 18:07 ` Robert Pluim
0 siblings, 0 replies; 26+ messages in thread
From: Robert Pluim @ 2018-07-17 18:07 UTC (permalink / raw)
To: emacs-devel; +Cc: eggert
Robert Pluim <rpluim@gmail.com> writes:
> Paul Eggert <eggert@cs.ucla.edu> writes:
>> More generally, there's a lot of code duplication between this new
>> function and what's already in the implementation of
>> make-network-process. Intead, make-network-process should call this
>> new function (or some C variant of it).
So I split the common functionality into an internal function, and
made the lisp function call that, and updated make-network-process to
call it. Also a lispref entry and some tests (that uncovered a rather
embarassing bug), all pushed to the netsec branch.
Regards
Robert
^ permalink raw reply [flat|nested] 26+ messages in thread
end of thread, other threads:[~2018-07-17 18:07 UTC | newest]
Thread overview: 26+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20180714170806.8972.58581@vcs0.savannah.gnu.org>
[not found] ` <20180714170809.C3A3920456@vcs0.savannah.gnu.org>
2018-07-15 11:46 ` netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks Robert Pluim
2018-07-15 15:34 ` Jimmy Yuen Ho Wong
2018-07-16 13:34 ` Robert Pluim
2018-07-16 15:00 ` Eli Zaretskii
2018-07-16 15:24 ` Jimmy Yuen Ho Wong
2018-07-16 17:59 ` Eli Zaretskii
2018-07-16 16:23 ` Robert Pluim
2018-07-16 17:16 ` Jimmy Yuen Ho Wong
2018-07-16 17:46 ` Robert Pluim
2018-07-16 18:09 ` Eli Zaretskii
2018-07-17 10:09 ` Robert Pluim
2018-07-17 15:50 ` Eli Zaretskii
2018-07-17 15:53 ` Robert Pluim
2018-07-17 16:17 ` Robert Pluim
2018-07-17 17:15 ` Eli Zaretskii
2018-07-17 18:00 ` Robert Pluim
2018-07-16 15:31 ` Jimmy Yuen Ho Wong
2018-07-16 16:14 ` Stefan Monnier
2018-07-16 16:36 ` Robert Pluim
2018-07-16 18:11 ` Eli Zaretskii
2018-07-16 18:24 ` Stefan Monnier
2018-07-16 17:06 ` Andy Moreton
2018-07-16 17:15 ` Jimmy Yuen Ho Wong
2018-07-16 17:48 ` Paul Eggert
2018-07-17 5:56 ` Robert Pluim
2018-07-17 18:07 ` Robert Pluim
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.