[thirdparty/pdns.git] / pdns / secpoll-auth.cc

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include "secpoll-auth.hh"

#include "logger.hh"
#include "arguments.hh"
#include "version.hh"
#include "dnsparser.hh"
#include "misc.hh"

#include "sstuff.hh"
#include "dnswriter.hh"
#include "dns_random.hh"
#include "namespaces.hh"
#include "statbag.hh"
#include "stubresolver.hh"
#include "dnsrecords.hh"
#include <stdint.h>
#ifndef PACKAGEVERSION
#define PACKAGEVERSION getPDNSVersion()
#endif

string g_security_message;

extern StatBag S;

/** Do an actual secpoll for the current version
 * @param first bool that tells if this is the first secpoll run since startup
 */
void doSecPoll(bool first)
{
  if(::arg()["security-poll-suffix"].empty())
    return;

  struct timeval now;
  gettimeofday(&now, 0);

  string version = "auth-" + string(PACKAGEVERSION);
  string query = version.substr(0, 63) +".security-status."+::arg()["security-poll-suffix"];

  if(*query.rbegin()!='.')
    query+='.';

  boost::replace_all(query, "+", "_");
  boost::replace_all(query, "~", "_");

  vector<DNSZoneRecord> ret;

  int res=stubDoResolve(DNSName(query), QType::TXT, ret);

  int security_status=0;

  if(!res && !ret.empty()) {
    string content=getRR<TXTRecordContent>(ret.begin()->dr)->d_text;

    pair<string, string> split = splitField(unquotify(content), ' ');

    security_status = std::stoi(split.first);
    g_security_message = split.second;

  }
  else {
    string pkgv(PACKAGEVERSION);
    if(pkgv.find("0.0.") != 0)
      g_log<<Logger::Warning<<"Could not retrieve security status update for '" + pkgv + "' on '"+query+"', RCODE = "<< RCode::to_s(res)<<endl;
    else
      g_log<<Logger::Warning<<"Not validating response for security status update, this is a non-release version."<<endl;
  }

  if(security_status == 1 && first) {
    g_log<<Logger::Warning << "Polled security status of version "<<PACKAGEVERSION<<" at startup, no known issues reported: " <<g_security_message<<endl;
  }
  if(security_status == 2) {
    g_log<<Logger::Error<<"PowerDNS Security Update Recommended: "<<g_security_message<<endl;
  }
  else if(security_status == 3) {
    g_log<<Logger::Error<<"PowerDNS Security Update Mandatory: "<<g_security_message<<endl;
  }

  S.set("security-status",security_status);

}
Commit	Line	Data
870a0fe4 AT	1	#ifdef HAVE_CONFIG_H
	2	#include "config.h"
	3	#endif
199631c6	4	#include "secpoll-auth.hh"
	5
	6	#include "logger.hh"
	7	#include "arguments.hh"
	8	#include "version.hh"
199631c6	9	#include "dnsparser.hh"
199631c6	10	#include "misc.hh"
fa8fd4d2	11
199631c6	12	#include "sstuff.hh"
	13	#include "dnswriter.hh"
	14	#include "dns_random.hh"
	15	#include "namespaces.hh"
	16	#include "statbag.hh"
24317c7f	17	#include "stubresolver.hh"
90ba52e0	18	#include "dnsrecords.hh"
d36904fb	19	#include <stdint.h>
2e39551c	20	#ifndef PACKAGEVERSION
77b9f5ff	21	#define PACKAGEVERSION getPDNSVersion()
199631c6	22	#endif
	23
	24	string g_security_message;
	25
	26	extern StatBag S;
	27
1758334d PL	28	/** Do an actual secpoll for the current version
	29	* @param first bool that tells if this is the first secpoll run since startup
	30	*/
199631c6	31	void doSecPoll(bool first)
	32	{
	33	if(::arg()["security-poll-suffix"].empty())
	34	return;
	35
	36	struct timeval now;
	37	gettimeofday(&now, 0);
	38
1a02ba61 KM	39	string version = "auth-" + string(PACKAGEVERSION);
1a02ba61 KM	40	string query = version.substr(0, 63) +".security-status."+::arg()["security-poll-suffix"];
199631c6	41
	42	if(*query.rbegin()!='.')
	43	query+='.';
	44
	45	boost::replace_all(query, "+", "_");
666c4c22	46	boost::replace_all(query, "~", "_");
199631c6	47
90ba52e0	48	vector<DNSZoneRecord> ret;
199631c6	49
90ba52e0	50	int res=stubDoResolve(DNSName(query), QType::TXT, ret);
199631c6	51
0a92cdb0	52	int security_status=0;
199631c6	53
199631c6	54	if(!res && !ret.empty()) {
90ba52e0	55	string content=getRR<TXTRecordContent>(ret.begin()->dr)->d_text;
2e39551c	56
33c79a8a	57	pair<string, string> split = splitField(unquotify(content), ' ');
2e39551c	58
335da0ba	59	security_status = std::stoi(split.first);
199631c6	60	g_security_message = split.second;
	61
	62	}
	63	else {
74b340fb	64	string pkgv(PACKAGEVERSION);
a350fc7a	65	if(pkgv.find("0.0.") != 0)
e6a9dde5	66	g_log<<Logger::Warning<<"Could not retrieve security status update for '" + pkgv + "' on '"+query+"', RCODE = "<< RCode::to_s(res)<<endl;
a4e9add5	67	else
e6a9dde5	68	g_log<<Logger::Warning<<"Not validating response for security status update, this is a non-release version."<<endl;
199631c6	69	}
	70
	71	if(security_status == 1 && first) {
e6a9dde5	72	g_log<<Logger::Warning << "Polled security status of version "<<PACKAGEVERSION<<" at startup, no known issues reported: " <<g_security_message<<endl;
199631c6	73	}
199631c6	74	if(security_status == 2) {
e6a9dde5	75	g_log<<Logger::Error<<"PowerDNS Security Update Recommended: "<<g_security_message<<endl;
199631c6	76	}
199631c6	77	else if(security_status == 3) {
e6a9dde5	78	g_log<<Logger::Error<<"PowerDNS Security Update Mandatory: "<<g_security_message<<endl;
199631c6	79	}
	80
	81	S.set("security-status",security_status);
	82
	83	}