mirrors/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-30 23:30:59 +01:00
Code Issues Projects Releases Wiki Activity

- FIX #566

Browse Source 
- reorder get_<DNS>_record() for better overview
- move CMDLINE__IP away from main into determine_ip_addresses() where it belongs to
This commit is contained in:
Dirk 2017-01-17 13:57:14 +01:00
parent e7a35934ae
commit e9916dd1f4
1 changed files with 90 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

167
testssl.sh
View File

@ -10951,79 +10951,6 @@ get_aaaa_record() {
echo "$ip6" echo "$ip6"
} }
# now get all IP addresses
determine_ip_addresses() {
local ip4=""
local ip6=""
if is_ipv4addr "$NODE"; then
ip4="$NODE" # only an IPv4 address was supplied as an argument, no hostname
SNI="" # override Server Name Indication as we test the IP only
else
ip4=$(get_local_a $NODE) # is there a local host entry?
if [[ -z $ip4 ]]; then # empty: no (LOCAL_A is predefined as false)
check_resolver_bins
ip4=$(get_a_record $NODE)
else
LOCAL_A=true # we have the ip4 from local host entry and need to signal this to testssl
fi
# same now for ipv6
ip6=$(get_local_aaaa $NODE)
if [[ -z $ip6 ]]; then
check_resolver_bins
ip6=$(get_aaaa_record $NODE)
else
LOCAL_AAAA=true # we have a local ipv6 entry and need to signal this to testssl
fi
fi
if [[ -z "$ip4" ]]; then # IPv6 only address
if "$HAS_IPv6"; then
IPADDRs=$(newline_to_spaces "$ip6")
IP46ADDRs="$IPADDRs" # IP46ADDRs are the ones to display, IPADDRs the ones to test
fi
else
if "$HAS_IPv6" && [[ -n "$ip6" ]]; then
IPADDRs=$(newline_to_spaces "$ip4 $ip6")
IP46ADDRs="$IPADDRs"
else
IPADDRs=$(newline_to_spaces "$ip4")
IP46ADDRs=$(newline_to_spaces "$ip4 $ip6")
fi
fi
if [[ -z "$IPADDRs" ]] && [[ -z "$CMDLINE_IP" ]]; then
fatal "No IPv4 address for \"$NODE\" available" -1
fi
return 0 # IPADDR and IP46ADDR is set now
}
determine_rdns() {
local saved_openssl_conf="$OPENSSL_CONF"
local nodeip="$(tr -d '[]' <<< $NODEIP)" # for DNS we do not need the square brackets of IPv6 addresses
"$NODNS" && rDNS="--" && return 0
OPENSSL_CONF="" # see https://github.com/drwetter/testssl.sh/issues/134
if [[ "$NODE" == *.local ]]; then
if which avahi-resolve &>/dev/null; then
rDNS=$(avahi-resolve -a $nodeip 2>/dev/null | awk '{ print $2 }')
elif which dig &>/dev/null; then
rDNS=$(dig -x $nodeip @224.0.0.251 -p 5353 +notcp +noall +answer | awk '/PTR/ { print $NF }')
fi
elif which dig &> /dev/null; then
rDNS=$(dig -x $nodeip +noall +answer | awk '/PTR/ { print $NF }') # +short returns also CNAME, e.g. openssl.org
elif which host &> /dev/null; then
rDNS=$(host -t PTR $nodeip 2>/dev/null | awk '/pointer/ { print $NF }')
elif which drill &> /dev/null; then
rDNS=$(drill -x ptr $nodeip 2>/dev/null | awk '/^\;\;\sANSWER\sSECTION\:$/,/\;\;\sAUTHORITY\sSECTION\:$/ { print $5,$6 }' | sed '/^\s$/d')
elif which nslookup &> /dev/null; then
rDNS=$(nslookup -type=PTR $nodeip 2>/dev/null | grep -v 'canonical name =' | grep 'name = ' | awk '{ print $NF }' | sed 's/\.$//')
fi
OPENSSL_CONF="$saved_openssl_conf" # see https://github.com/drwetter/testssl.sh/issues/134
rDNS="$(echo $rDNS)"
[[ -z "$rDNS" ]] && rDNS="--"
return 0
}
# RFC6844: DNS Certification Authority Authorization (CAA) Resource Record # RFC6844: DNS Certification Authority Authorization (CAA) Resource Record
# arg1: domain to check for # arg1: domain to check for
get_caa_rr_record() { get_caa_rr_record() {
@ -11080,6 +11007,94 @@ get_mx_record() {
echo "$mxs" echo "$mxs"
} }
# set IPADDRs and IP46ADDRs
#
determine_ip_addresses() {
local ip4=""
local ip6=""
if [[ -n "$CMDLINE_IP" ]]; then
# command line has supplied an IP address
[[ "$CMDLINE_IP" == "one" ]] && \
CMDLINE_IP="$(get_a_record $NODE | head -1)"
# use first IPv4 address
NODEIP="$CMDLINE_IP"
if is_ipv4addr "$NODEIP"; then
ip4="$NODEIP"
elif is_ipv6addr "$NODEIP"; then
ip6="$NODEIP"
else
fatal "couldn't identify supplied \"CMDLINE_IP\"" 2
fi
elif is_ipv4addr "$NODE"; then
ip4="$NODE" # only an IPv4 address was supplied as an argument, no hostname
SNI="" # override Server Name Indication as we test the IP only
else
ip4=$(get_local_a $NODE) # is there a local host entry?
if [[ -z $ip4 ]]; then # empty: no (LOCAL_A is predefined as false)
check_resolver_bins
ip4=$(get_a_record $NODE)
else
LOCAL_A=true # we have the ip4 from local host entry and need to signal this to testssl
fi
# same now for ipv6
ip6=$(get_local_aaaa $NODE)
if [[ -z $ip6 ]]; then
check_resolver_bins
ip6=$(get_aaaa_record $NODE)
else
LOCAL_AAAA=true # we have a local ipv6 entry and need to signal this to testssl
fi
fi
if [[ -z "$ip4" ]]; then # IPv6 only address
if "$HAS_IPv6"; then
IPADDRs=$(newline_to_spaces "$ip6")
IP46ADDRs="$IPADDRs" # IP46ADDRs are the ones to display, IPADDRs the ones to test
fi
else
if "$HAS_IPv6" && [[ -n "$ip6" ]]; then
IPADDRs=$(newline_to_spaces "$ip4 $ip6")
IP46ADDRs="$IPADDRs"
else
IPADDRs=$(newline_to_spaces "$ip4")
IP46ADDRs=$(newline_to_spaces "$ip4 $ip6")
fi
fi
if [[ -z "$IPADDRs" ]]; then
fatal "No IPv4 address for \"$NODE\" available" -1
fi
return 0 # IPADDR and IP46ADDR is set now
}
determine_rdns() {
local saved_openssl_conf="$OPENSSL_CONF"
local nodeip="$(tr -d '[]' <<< $NODEIP)" # for DNS we do not need the square brackets of IPv6 addresses
"$NODNS" && rDNS="--" && return 0
OPENSSL_CONF="" # see https://github.com/drwetter/testssl.sh/issues/134
if [[ "$NODE" == *.local ]]; then
if which avahi-resolve &>/dev/null; then
rDNS=$(avahi-resolve -a $nodeip 2>/dev/null | awk '{ print $2 }')
elif which dig &>/dev/null; then
rDNS=$(dig -x $nodeip @224.0.0.251 -p 5353 +notcp +noall +answer | awk '/PTR/ { print $NF }')
fi
elif which dig &> /dev/null; then
rDNS=$(dig -x $nodeip +noall +answer | awk '/PTR/ { print $NF }') # +short returns also CNAME, e.g. openssl.org
elif which host &> /dev/null; then
rDNS=$(host -t PTR $nodeip 2>/dev/null | awk '/pointer/ { print $NF }')
elif which drill &> /dev/null; then
rDNS=$(drill -x ptr $nodeip 2>/dev/null | awk '/^\;\;\sANSWER\sSECTION\:$/,/\;\;\sAUTHORITY\sSECTION\:$/ { print $5,$6 }' | sed '/^\s$/d')
elif which nslookup &> /dev/null; then
rDNS=$(nslookup -type=PTR $nodeip 2>/dev/null | grep -v 'canonical name =' | grep 'name = ' | awk '{ print $NF }' | sed 's/\.$//')
fi
OPENSSL_CONF="$saved_openssl_conf" # see https://github.com/drwetter/testssl.sh/issues/134
rDNS="$(echo $rDNS)"
[[ -z "$rDNS" ]] && rDNS="--"
return 0
}
# We need to get the IP address of the proxy so we can use it in fd_socket # We need to get the IP address of the proxy so we can use it in fd_socket
# #
check_proxy() { check_proxy() {
@ -12011,13 +12026,11 @@ if $do_mx_all_ips; then
else else
parse_hn_port "${URI}" # NODE, URL_PATH, PORT, IPADDR and IP46ADDR is set now parse_hn_port "${URI}" # NODE, URL_PATH, PORT, IPADDR and IP46ADDR is set now
prepare_logging prepare_logging
if ! determine_ip_addresses && [[ -z "$CMDLINE_IP" ]]; then if ! determine_ip_addresses; then
fatal "No IP address could be determined" 2 fatal "No IP address could be determined" 2
fi fi
if [[ -n "$CMDLINE_IP" ]]; then if [[ -n "$CMDLINE_IP" ]]; then
[[ "$CMDLINE_IP" == "one" ]] && \ # we just test the one supplied
CMDLINE_IP=$(echo -n "$IPADDRs" | awk '{ print $1 }')
NODEIP="$CMDLINE_IP" # specific ip address for NODE was supplied
lets_roll "${STARTTLS_PROTOCOL}" lets_roll "${STARTTLS_PROTOCOL}"
ret=$? ret=$?
else # no --ip was supplied else # no --ip was supplied