Skip to content

Commit 2d1a593

Browse files
wfaulkwfaulk
committed
add support for MacOS's dscacheutil
1 parent a719c46 commit 2d1a593

File tree

1 file changed

+22
-6
lines changed

1 file changed

+22
-6
lines changed

testssl.sh

Lines changed: 22 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -381,6 +381,7 @@ HAS_NSLOOKUP=false
381381
HAS_IDN=false
382382
HAS_IDN2=false
383383
HAS_AVAHIRESOLVE=false
384+
HAS_DSCACHEUTIL=false
384385
HAS_DIG_NOIDNOUT=false
385386
HAS_XXD=false
386387

@@ -21550,6 +21551,7 @@ HAS_NSLOOKUP: $HAS_NSLOOKUP
2155021551
HAS_IDN: $HAS_IDN
2155121552
HAS_IDN2: $HAS_IDN2
2155221553
HAS_AVAHIRESOLVE: $HAS_AVAHIRESOLVE
21554+
HAS_DSCACHEUTIL: $HAS_DSCACHEUTIL
2155321555
HAS_DIG_NOIDNOUT: $HAS_DIG_NOIDNOUT
2155421556
HAS_DIG_R: $HAS_DIG_R
2155521557
HAS_XXD: $HAS_XXD
@@ -22049,6 +22051,7 @@ check_resolver_bins() {
2204922051
type -p avahi-resolve &>/dev/null && HAS_AVAHIRESOLVE=true
2205022052
type -p idn &>/dev/null && HAS_IDN=true
2205122053
type -p idn2 &>/dev/null && HAS_IDN2=true
22054+
type -p dscacheutil &> /dev/null && HAS_DSCACHEUTIL=true
2205222055

2205322056
if ! "$HAS_DIG" && ! "$HAS_HOST" && ! "$HAS_DRILL" && ! "$HAS_NSLOOKUP"; then
2205422057
fatal "Neither \"dig\", \"host\", \"drill\" nor \"nslookup\" is present" $ERR_DNSBIN
@@ -22088,17 +22091,22 @@ get_a_record() {
2208822091
fi
2208922092
OPENSSL_CONF="" # see https://github.com/testssl/testssl.sh/issues/134
2209022093
if [[ "$NODE" == *.local ]]; then
22091-
if "$HAS_AVAHIRESOLVE"; then
22094+
if "$HAS_DSCACHEUTIL"; then
22095+
ip4=$(filter_ip4_address $(dscacheutil -q host -a name "$1" | awk '/^ip_address:/ { print $2 }'))
22096+
elif "$HAS_AVAHIRESOLVE"; then
2209222097
ip4=$(filter_ip4_address $(avahi-resolve -4 -n "$1" 2>/dev/null | awk '{ print $2 }'))
2209322098
elif "$HAS_DIG"; then
2209422099
ip4=$(filter_ip4_address $(dig $DIG_R @224.0.0.251 -p 5353 +short -t a +notcp "$1" 2>/dev/null | sed '/^;;/d'))
2209522100
elif "$HAS_DRILL"; then
2209622101
ip4=$(filter_ip4_address $(drill @224.0.0.251 -p 5353 "$1" 2>/dev/null | awk '/ANSWER SECTION/,/AUTHORITY SECTION/ { print $NF }' | awk '/^[0-9]/'))
2209722102
else
22098-
fatal "Local hostname given but neither 'avahi-resolve', 'dig' nor 'drill' is available." $ERR_DNSBIN
22103+
fatal "Local hostname given but neither 'dscacheutil', 'avahi-resolve', 'dig' nor 'drill' is available." $ERR_DNSBIN
2209922104
fi
2210022105
[[ -z "$ip4" ]] && debugme echo ".local IP address requested but mDNS resolution (IPv4) failed"
2210122106
fi
22107+
if [[ -z "$ip4" ]] && "$HAS_DSCACHEUTIL"; then
22108+
ip4=$(filter_ip4_address $(dscacheutil -q host -a name "$1" | awk '/^ip_address:/ { print $2 }'))
22109+
fi
2210222110
if [[ -z "$ip4" ]] && "$HAS_DIG"; then
2210322111
ip4=$(filter_ip4_address $(dig +search $DIG_R +short +timeout=2 +tries=2 $noidnout -t a "$1" 2>/dev/null | awk '/^[0-9]/ { print $1 }'))
2210422112
fi
@@ -22135,20 +22143,24 @@ get_aaaa_record() {
2213522143
fi
2213622144
if [[ -z "$ip6" ]]; then
2213722145
if [[ "$NODE" == *.local ]]; then
22138-
if "$HAS_AVAHIRESOLVE"; then
22146+
if "$HAS_DSCACHEUTIL"; then
22147+
ip6=$(filter_ip6_address $(dscacheutil -q host -a name "$1" | awk '/^ipv6_address:/ { print $2 }'))
22148+
elif "$HAS_AVAHIRESOLVE"; then
2213922149
ip6=$(filter_ip6_address $(avahi-resolve -6 -n "$1" 2>/dev/null | awk '{ print $2 }'))
2214022150
elif "$HAS_DIG"; then
2214122151
ip6=$(filter_ip6_address $(dig $DIG_R @ff02::fb -p 5353 -t aaaa +short +notcp "$NODE" 2>/dev/null))
2214222152
elif "$HAS_DRILL"; then
2214322153
ip6=$(filter_ip6_address $(drill @ff02::fb -p 5353 "$1" 2>/dev/null | awk '/ANSWER SECTION/,/AUTHORITY SECTION/ { print $NF }' | awk '/^[a-f0-9]/'))
2214422154
else
22145-
fatal "Local hostname given but neither 'avahi-resolve', 'dig' nor 'drill' is available." $ERR_DNSBIN
22155+
fatal "Local hostname given but neither 'dscacheutil', 'avahi-resolve', 'dig' nor 'drill' is available." $ERR_DNSBIN
2214622156
fi
2214722157
[[ -z "$ip6" ]] && debugme echo ".local IP address requested but mDNS resolution (IPv6) failed"
2214822158
fi
2214922159
fi
2215022160
if [[ -z "$ip6" ]]; then
22151-
if "$HAS_DIG"; then
22161+
if "$HAS_DSCACHEUTIL"; then
22162+
ip6=$(filter_ip6_address $(dscacheutil -q host -a name "$1" | awk '/^ipv6_address:/ { print $2 }'))
22163+
elif "$HAS_DIG"; then
2215222164
ip6=$(filter_ip6_address $(dig +search $DIG_R +short +timeout=2 +tries=2 $noidnout -t aaaa "$1" 2>/dev/null | awk '/^[a-f0-9]/ { print $1 }'))
2215322165
elif "$HAS_HOST"; then
2215422166
ip6=$(filter_ip6_address $(host -t aaaa "$1" | awk '/address/ { print $NF }'))
@@ -22382,11 +22394,15 @@ determine_rdns() {
2238222394
local nodeip="$(tr -d '[]' <<< $NODEIP)" # for DNS we do not need the square brackets of IPv6 addresses
2238322395
OPENSSL_CONF="" # see https://github.com/testssl/testssl.sh/issues/134
2238422396
if [[ "$NODE" == *.local ]]; then
22385-
if "$HAS_AVAHIRESOLVE"; then
22397+
if "$HAS_DSCACHEUTIL"; then
22398+
rDNS=$(dscacheutil -q host -a ip_address $nodeip | awk '/^name:/ { print $2 }')
22399+
elif "$HAS_AVAHIRESOLVE"; then
2238622400
rDNS=$(avahi-resolve -a $nodeip 2>/dev/null | awk '{ print $2 }')
2238722401
elif "$HAS_DIG"; then
2238822402
rDNS=$(dig $DIG_R -x $nodeip @224.0.0.251 -p 5353 +notcp +noall +answer +short | awk '{ print $1 }')
2238922403
fi
22404+
elif "$HAS_DSCACHEUTIL"; then
22405+
rDNS=$(dscacheutil -q host -a ip_address $nodeip | awk '/^name:/ { print $2 }')
2239022406
elif "$HAS_DIG"; then
2239122407
# 1+2 should suffice. It's a compromise for if e.g. network is down but we have a docker/localhost server
2239222408
rDNS=$(dig $DIG_R -x $nodeip +timeout=1 +tries=2 +noall +answer +short | awk '{ print $1 }') # +short returns also CNAME, e.g. openssl.org

0 commit comments

Comments
 (0)