checker: Add new firewall tests
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
19943dcc85
commit
170bc9ae35
@ -85,7 +85,7 @@ func studentChecker(std *adlin.Student, also_check_matrix bool, offline bool) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// PingResolver
|
// PingResolver
|
||||||
if tunnel_version == 3 {
|
if has_test(CheckMap[tunnel_version], PingResolver) {
|
||||||
tmp := strings.Split(stdIP, ":")
|
tmp := strings.Split(stdIP, ":")
|
||||||
tmp[len(tmp)-1] = "2"
|
tmp[len(tmp)-1] = "2"
|
||||||
stdResolverIP := strings.Join(tmp, ":")
|
stdResolverIP := strings.Join(tmp, ":")
|
||||||
@ -99,6 +99,23 @@ func studentChecker(std *adlin.Student, also_check_matrix bool, offline bool) {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Firewalled
|
||||||
|
if has_test(CheckMap[tunnel_version], Firewalled) {
|
||||||
|
if err = check_firewall("tcp", stdIP); err == nil {
|
||||||
|
if verbose {
|
||||||
|
log.Printf("%s just unlocked firewalled challenge\n", std.Login)
|
||||||
|
}
|
||||||
|
if _, err := std.UnlockChallenge(CheckMap[tunnel_version][Firewalled], ""); err != nil {
|
||||||
|
log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error())
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
std.RegisterChallengeError(CheckMap[tunnel_version][Firewalled], err)
|
||||||
|
if verbose {
|
||||||
|
log.Printf("%s and firewalled: %s\n", std.Login, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
dnsIP := stdIP
|
dnsIP := stdIP
|
||||||
var glueErr error
|
var glueErr error
|
||||||
// Is GLUE defined?
|
// Is GLUE defined?
|
||||||
@ -197,33 +214,37 @@ func studentChecker(std *adlin.Student, also_check_matrix bool, offline bool) {
|
|||||||
|
|
||||||
// Check Matrix (only if GLUE Ok and defer contraint)
|
// Check Matrix (only if GLUE Ok and defer contraint)
|
||||||
if glueErr == nil && also_check_matrix {
|
if glueErr == nil && also_check_matrix {
|
||||||
// Check Matrix Federation first
|
if has_test(CheckMap[tunnel_version], MatrixSrv) {
|
||||||
if v, err := check_matrix_federation(std.MyDelegatedDomain()); err == nil {
|
// Check Matrix Federation first
|
||||||
if verbose {
|
if v, err := check_matrix_federation(std.MyDelegatedDomain()); err == nil {
|
||||||
log.Printf("%s just unlocked Matrix federation challenge\n", std.Login)
|
if verbose {
|
||||||
}
|
log.Printf("%s just unlocked Matrix federation challenge\n", std.Login)
|
||||||
if _, err := std.UnlockChallenge(CheckMap[tunnel_version][MatrixSrv], v); err != nil {
|
}
|
||||||
log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error())
|
if _, err := std.UnlockChallenge(CheckMap[tunnel_version][MatrixSrv], v); err != nil {
|
||||||
}
|
log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error())
|
||||||
} else {
|
}
|
||||||
std.RegisterChallengeError(CheckMap[tunnel_version][MatrixSrv], err)
|
} else {
|
||||||
if verbose {
|
std.RegisterChallengeError(CheckMap[tunnel_version][MatrixSrv], err)
|
||||||
log.Printf("%s and Matrix federation: %s\n", std.Login, err)
|
if verbose {
|
||||||
|
log.Printf("%s and Matrix federation: %s\n", std.Login, err)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check Matrix Client
|
// Check Matrix Client
|
||||||
if v, err := check_matrix_client(std.MyDelegatedDomain()); err == nil {
|
if has_test(CheckMap[tunnel_version], MatrixClt) {
|
||||||
if verbose {
|
if v, err := check_matrix_client(std.MyDelegatedDomain()); err == nil {
|
||||||
log.Printf("%s just unlocked Matrix client challenge\n", std.Login)
|
if verbose {
|
||||||
}
|
log.Printf("%s just unlocked Matrix client challenge\n", std.Login)
|
||||||
if _, err := std.UnlockChallenge(CheckMap[tunnel_version][MatrixClt], v); err != nil {
|
}
|
||||||
log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error())
|
if _, err := std.UnlockChallenge(CheckMap[tunnel_version][MatrixClt], v); err != nil {
|
||||||
}
|
log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error())
|
||||||
} else {
|
}
|
||||||
std.RegisterChallengeError(CheckMap[tunnel_version][MatrixClt], err)
|
} else {
|
||||||
if verbose {
|
std.RegisterChallengeError(CheckMap[tunnel_version][MatrixClt], err)
|
||||||
log.Printf("%s and Matrix client: %s\n", std.Login, err)
|
if verbose {
|
||||||
|
log.Printf("%s and Matrix client: %s\n", std.Login, err)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -6,6 +6,7 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"log"
|
"log"
|
||||||
|
"math/rand"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
@ -21,7 +22,8 @@ import (
|
|||||||
type AdlinTest int
|
type AdlinTest int
|
||||||
|
|
||||||
const (
|
const (
|
||||||
HTTPonIP AdlinTest = iota
|
Firewalled AdlinTest = iota
|
||||||
|
HTTPonIP
|
||||||
HTTPonAssociatedDomain
|
HTTPonAssociatedDomain
|
||||||
HTTPSonAssociatedDomain
|
HTTPSonAssociatedDomain
|
||||||
DNSDelegation
|
DNSDelegation
|
||||||
@ -44,6 +46,7 @@ const (
|
|||||||
|
|
||||||
var CheckMap = map[int]map[AdlinTest]int{
|
var CheckMap = map[int]map[AdlinTest]int{
|
||||||
2: map[AdlinTest]int{
|
2: map[AdlinTest]int{
|
||||||
|
Firewalled: 100,
|
||||||
HTTPonIP: 101,
|
HTTPonIP: 101,
|
||||||
HTTPonAssociatedDomain: 102,
|
HTTPonAssociatedDomain: 102,
|
||||||
HTTPSonAssociatedDomain: 103,
|
HTTPSonAssociatedDomain: 103,
|
||||||
@ -53,7 +56,8 @@ var CheckMap = map[int]map[AdlinTest]int{
|
|||||||
HTTPSSNI: 107,
|
HTTPSSNI: 107,
|
||||||
DNSSEC: 110,
|
DNSSEC: 110,
|
||||||
},
|
},
|
||||||
3: map[AdlinTest]int{
|
/*2: map[AdlinTest]int{
|
||||||
|
Firewalled: 200,
|
||||||
HTTPonIP: 201,
|
HTTPonIP: 201,
|
||||||
HTTPonAssociatedDomain: 202,
|
HTTPonAssociatedDomain: 202,
|
||||||
HTTPSonAssociatedDomain: 203,
|
HTTPSonAssociatedDomain: 203,
|
||||||
@ -64,8 +68,8 @@ var CheckMap = map[int]map[AdlinTest]int{
|
|||||||
MatrixSrv: 208,
|
MatrixSrv: 208,
|
||||||
MatrixClt: 209,
|
MatrixClt: 209,
|
||||||
DNSSEC: 210,
|
DNSSEC: 210,
|
||||||
},
|
},*/
|
||||||
4: map[AdlinTest]int{
|
3: map[AdlinTest]int{
|
||||||
PingResolver: 300,
|
PingResolver: 300,
|
||||||
HTTPonIP: 301,
|
HTTPonIP: 301,
|
||||||
DNSDelegation: 303,
|
DNSDelegation: 303,
|
||||||
@ -83,6 +87,15 @@ var CheckMap = map[int]map[AdlinTest]int{
|
|||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func has_test(m map[AdlinTest]int, test AdlinTest) bool {
|
||||||
|
for k := range m {
|
||||||
|
if k == test {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
// ICMP
|
// ICMP
|
||||||
|
|
||||||
func check_ping(ip string, cb func(pkt *ping.Packet)) (err error) {
|
func check_ping(ip string, cb func(pkt *ping.Packet)) (err error) {
|
||||||
@ -105,6 +118,23 @@ func check_ping(ip string, cb func(pkt *ping.Packet)) (err error) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func check_firewall(network, ip string) error {
|
||||||
|
port := rand.Int31n(64500) + 1024
|
||||||
|
|
||||||
|
conn, err := net.DialTimeout(network, fmt.Sprintf("[%s]:%d", ip, port), 3*time.Second)
|
||||||
|
if err != nil {
|
||||||
|
if operr, ok := err.(*net.OpError); ok && operr.Timeout() {
|
||||||
|
// We expect a timeout here if the firewall is well setuped
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
return fmt.Errorf("Port %d is not filtered: %s", port, err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
|
conn.Close()
|
||||||
|
return fmt.Errorf("Port %d is open", port)
|
||||||
|
}
|
||||||
|
|
||||||
// PORT 53
|
// PORT 53
|
||||||
|
|
||||||
func get_GLUE(student *adlin.Student) (aaaa net.IP, err error) {
|
func get_GLUE(student *adlin.Student) (aaaa net.IP, err error) {
|
||||||
|
|||||||
Reference in New Issue
Block a user