projects / thirdparty / pdns.git / blame
| Commit | Line | Data |
|---|---|---|
| 870a0fe4 AT |
1 | #ifdef HAVE_CONFIG_H |
| 2 | #include "config.h" | |
| 3 | #endif | |
| 199631c6 | 4 | #include "secpoll-auth.hh" |
| 5 | ||
| 6 | #include "logger.hh" | |
| 7 | #include "arguments.hh" | |
| 8 | #include "version.hh" | |
| 199631c6 | 9 | #include "dnsparser.hh" |
| 10 | #include "misc.hh" | |
| fa8fd4d2 | 11 | |
| 199631c6 | 12 | #include "sstuff.hh" |
| 13 | #include "dnswriter.hh" | |
| 14 | #include "dns_random.hh" | |
| 15 | #include "namespaces.hh" | |
| 16 | #include "statbag.hh" | |
| 24317c7f | 17 | #include "stubresolver.hh" |
| 2d40d42b | 18 | #include "secpoll.hh" |
| 90ba52e0 | 19 | #include "dnsrecords.hh" |
| d36904fb | 20 | #include <stdint.h> |
| 2e39551c | 21 | #ifndef PACKAGEVERSION |
| 77b9f5ff | 22 | #define PACKAGEVERSION getPDNSVersion() |
| 199631c6 | 23 | #endif |
| 24 | ||
| 25 | string g_security_message; | |
| 26 | ||
| 27 | extern StatBag S; | |
| 28 | ||
| 1758334d PL |
29 | /** Do an actual secpoll for the current version |
| 30 | * @param first bool that tells if this is the first secpoll run since startup | |
| 31 | */ | |
| 199631c6 | 32 | void doSecPoll(bool first) |
| 33 | { | |
| 34 | if(::arg()["security-poll-suffix"].empty()) | |
| 35 | return; | |
| 36 | ||
| 37 | struct timeval now; | |
| 38 | gettimeofday(&now, 0); | |
| 2d40d42b | 39 | string pkgv(PACKAGEVERSION); |
| 199631c6 | 40 | |
| 2d40d42b | 41 | string version = "auth-" + pkgv; |
| 1a02ba61 | 42 | string query = version.substr(0, 63) +".security-status."+::arg()["security-poll-suffix"]; |
| 199631c6 | 43 | |
| 44 | if(*query.rbegin()!='.') | |
| 45 | query+='.'; | |
| 46 | ||
| 47 | boost::replace_all(query, "+", "_"); | |
| 666c4c22 | 48 | boost::replace_all(query, "~", "_"); |
| 199631c6 | 49 | |
| 607f2b3f | 50 | int security_status = std::stoi(S.getValueStr("security-status")); |
| 199631c6 | 51 | |
| 2d40d42b PL |
52 | vector<DNSRecord> ret; |
| 53 | int res = stubDoResolve(DNSName(query), QType::TXT, ret); | |
| 199631c6 | 54 | |
| 2d40d42b PL |
55 | if (res == RCode::NXDomain && !isReleaseVersion(pkgv)) { |
| 56 | g_log<<Logger::Warning<<"Not validating response for security status update, this is a non-release version"<<endl; | |
| 0a444ae4 PL |
57 | return; |
| 58 | } | |
| 59 | ||
| 2d40d42b PL |
60 | string security_message; |
| 61 | ||
| 62 | try { | |
| 63 | processSecPoll(res, ret, security_status, security_message); | |
| 64 | } catch(const PDNSException &pe) { | |
| 65 | S.set("security-status", security_status); | |
| 66 | g_log<<Logger::Warning<<"Could not retrieve security status update for '" + pkgv + "' on '"+ query + "': "<<pe.reason<<endl; | |
| 0a444ae4 | 67 | return; |
| 199631c6 | 68 | } |
| 69 | ||
| 2d40d42b PL |
70 | |
| 71 | S.set("security-status", security_status); | |
| 72 | g_security_message = security_message; | |
| 0a444ae4 | 73 | |
| 199631c6 | 74 | if(security_status == 1 && first) { |
| e6a9dde5 | 75 | g_log<<Logger::Warning << "Polled security status of version "<<PACKAGEVERSION<<" at startup, no known issues reported: " <<g_security_message<<endl; |
| 199631c6 | 76 | } |
| 77 | if(security_status == 2) { | |
| e6a9dde5 | 78 | g_log<<Logger::Error<<"PowerDNS Security Update Recommended: "<<g_security_message<<endl; |
| 199631c6 | 79 | } |
| 607f2b3f | 80 | if(security_status == 3) { |
| e6a9dde5 | 81 | g_log<<Logger::Error<<"PowerDNS Security Update Mandatory: "<<g_security_message<<endl; |
| 199631c6 | 82 | } |
| 199631c6 | 83 | } |