checker: Fix SNAT speaking and remove DNAT check on HTTPS (not possible)
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
f48170e50b
commit
9043bafe3d
2 changed files with 17 additions and 39 deletions
|
|
@ -143,13 +143,13 @@ func studentChecker(std *adlin.Student, also_check_matrix bool, offline bool) {
|
|||
std.RegisterChallengeError(CheckMap[tunnel_version][HTTPonDelegatedDomain], fmt.Errorf("Unable to perform the test due to GLUE problem: %w", glueErr))
|
||||
} else if err := check_http(addr.String(), std.MyDelegatedDomain()); err == nil {
|
||||
if tunnel_version == 3 {
|
||||
// Try port 80 on miniflux => should not respond if SNAT is correctly configured
|
||||
// Try port 80 on miniflux => should not respond if DNAT is correctly configured
|
||||
minifluxIP := tun.GetServerIP(6)
|
||||
if err := check_http(minifluxIP, std.MyDelegatedDomain()); err == nil {
|
||||
if verbose {
|
||||
log.Printf("%s and HTTP (with DNS ip=%s): %s\n", std.Login, addr.String(), "Bad SNAT config")
|
||||
log.Printf("%s and HTTP (with DNS ip=%s): %s\n", std.Login, addr.String(), "Bad DNAT config")
|
||||
}
|
||||
if errreg := std.RegisterChallengeError(CheckMap[tunnel_version][HTTPonDelegatedDomain], fmt.Errorf("Your SNAT on IPv6 is badly configured. See HTTP IP result.")); errreg != nil {
|
||||
if errreg := std.RegisterChallengeError(CheckMap[tunnel_version][HTTPonDelegatedDomain], fmt.Errorf("Your DNAT on IPv6 is badly configured. See HTTP IP result.")); errreg != nil {
|
||||
log.Printf("Unable to register challenge error for %s: %s\n", std.Login, errreg)
|
||||
}
|
||||
} else {
|
||||
|
|
@ -178,36 +178,14 @@ func studentChecker(std *adlin.Student, also_check_matrix bool, offline bool) {
|
|||
// Check HTTPs with DNS
|
||||
if glueErr != nil {
|
||||
std.RegisterChallengeError(CheckMap[tunnel_version][HTTPSonDelegatedDomain], fmt.Errorf("Unable to perform the test due to GLUE problem: %w", glueErr))
|
||||
} else if err := check_https(std.MyDelegatedDomain(), addr.String()); err == nil {
|
||||
if tunnel_version == 3 {
|
||||
// Try port 443 on miniflux => should not respond if SNAT is correctly configured
|
||||
minifluxIP := tun.GetServerIP(6)
|
||||
if err := check_https(std.MyDelegatedDomain(), minifluxIP); err == nil {
|
||||
if verbose {
|
||||
log.Printf("%s and HTTPS (with DNS ip=%s): %s\n", std.Login, addr.String(), "Bad SNAT config")
|
||||
}
|
||||
if errreg := std.RegisterChallengeError(CheckMap[tunnel_version][HTTPSonDelegatedDomain], fmt.Errorf("Your SNAT on IPv6 is badly configured. You should not have SNAT on 443 port.")); errreg != nil {
|
||||
log.Printf("Unable to register challenge error for %s: %s\n", std.Login, errreg)
|
||||
}
|
||||
} else {
|
||||
snicheck1 = true
|
||||
snicheck1_tested = true
|
||||
if verbose {
|
||||
log.Printf("%s just unlocked HTTPS challenge\n", std.Login)
|
||||
}
|
||||
if _, err := std.UnlockChallenge(CheckMap[tunnel_version][HTTPSonDelegatedDomain], ""); err != nil {
|
||||
log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error())
|
||||
}
|
||||
}
|
||||
} else {
|
||||
snicheck1 = true
|
||||
snicheck1_tested = true
|
||||
if verbose {
|
||||
log.Printf("%s just unlocked HTTPS challenge\n", std.Login)
|
||||
}
|
||||
if _, err := std.UnlockChallenge(CheckMap[tunnel_version][HTTPSonDelegatedDomain], ""); err != nil {
|
||||
log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error())
|
||||
}
|
||||
} else if err := check_https(std.MyDelegatedDomain()); err == nil {
|
||||
snicheck1 = true
|
||||
snicheck1_tested = true
|
||||
if verbose {
|
||||
log.Printf("%s just unlocked HTTPS challenge\n", std.Login)
|
||||
}
|
||||
if _, err := std.UnlockChallenge(CheckMap[tunnel_version][HTTPSonDelegatedDomain], ""); err != nil {
|
||||
log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error())
|
||||
}
|
||||
} else {
|
||||
snicheck1_tested = true
|
||||
|
|
@ -279,13 +257,13 @@ func studentChecker(std *adlin.Student, also_check_matrix bool, offline bool) {
|
|||
// Check HTTP without DNS
|
||||
if err := check_http(stdIP, ""); err == nil {
|
||||
if tunnel_version == 3 {
|
||||
// Try port 80 on miniflux => should not respond if SNAT is correctly configured
|
||||
// Try port 80 on miniflux => should not respond if DNAT is correctly configured
|
||||
minifluxIP := tun.GetServerIP(6)
|
||||
if err := check_http(minifluxIP, ""); err == nil {
|
||||
if verbose {
|
||||
log.Printf("%s and HTTP IP (without DNS): %s\n", std.Login, "Bad SNAT config")
|
||||
log.Printf("%s and HTTP IP (without DNS): %s\n", std.Login, "Bad DNAT config")
|
||||
}
|
||||
if errreg := std.RegisterChallengeError(CheckMap[tunnel_version][HTTPonIP], fmt.Errorf("Your SNAT on IPv6 is too large: it seems that all requests to port 80 behind the router are redirected to web host. Eg. [news]:80 should not respond, however it responds with contents.")); errreg != nil {
|
||||
if errreg := std.RegisterChallengeError(CheckMap[tunnel_version][HTTPonIP], fmt.Errorf("Your DNAT on IPv6 is too large: it seems that all requests to port 80 behind the router are redirected to web host. Eg. [news]:80 should not respond, however it responds with contents.")); errreg != nil {
|
||||
log.Printf("Unable to register challenge error for %s: %s\n", std.Login, errreg)
|
||||
}
|
||||
} else {
|
||||
|
|
@ -329,7 +307,7 @@ func studentChecker(std *adlin.Student, also_check_matrix bool, offline bool) {
|
|||
}
|
||||
|
||||
// Check HTTPs without DNS
|
||||
if err := check_https(std.MyAssociatedDomain(), stdIP); err == nil {
|
||||
if err := check_https(std.MyAssociatedDomain()); err == nil {
|
||||
if verbose {
|
||||
log.Printf("%s just unlocked HTTPS challenge\n", std.Login)
|
||||
}
|
||||
|
|
|
|||
Reference in a new issue