]>
Commit | Line | Data |
---|---|---|
870a0fe4 AT |
1 | #ifdef HAVE_CONFIG_H |
2 | #include "config.h" | |
3 | #endif | |
199631c6 | 4 | #include "secpoll-auth.hh" |
5 | ||
6 | #include "logger.hh" | |
7 | #include "arguments.hh" | |
8 | #include "version.hh" | |
199631c6 | 9 | #include "dnsparser.hh" |
10 | #include "misc.hh" | |
fa8fd4d2 | 11 | |
199631c6 | 12 | #include "sstuff.hh" |
13 | #include "dnswriter.hh" | |
14 | #include "dns_random.hh" | |
15 | #include "namespaces.hh" | |
16 | #include "statbag.hh" | |
24317c7f | 17 | #include "stubresolver.hh" |
90ba52e0 | 18 | #include "dnsrecords.hh" |
d36904fb | 19 | #include <stdint.h> |
2e39551c | 20 | #ifndef PACKAGEVERSION |
77b9f5ff | 21 | #define PACKAGEVERSION getPDNSVersion() |
199631c6 | 22 | #endif |
23 | ||
24 | string g_security_message; | |
25 | ||
26 | extern StatBag S; | |
27 | ||
1758334d PL |
28 | /** Do an actual secpoll for the current version |
29 | * @param first bool that tells if this is the first secpoll run since startup | |
30 | */ | |
199631c6 | 31 | void doSecPoll(bool first) |
32 | { | |
33 | if(::arg()["security-poll-suffix"].empty()) | |
34 | return; | |
35 | ||
36 | struct timeval now; | |
37 | gettimeofday(&now, 0); | |
38 | ||
1a02ba61 KM |
39 | string version = "auth-" + string(PACKAGEVERSION); |
40 | string query = version.substr(0, 63) +".security-status."+::arg()["security-poll-suffix"]; | |
199631c6 | 41 | |
42 | if(*query.rbegin()!='.') | |
43 | query+='.'; | |
44 | ||
45 | boost::replace_all(query, "+", "_"); | |
666c4c22 | 46 | boost::replace_all(query, "~", "_"); |
199631c6 | 47 | |
90ba52e0 | 48 | vector<DNSZoneRecord> ret; |
199631c6 | 49 | |
90ba52e0 | 50 | int res=stubDoResolve(DNSName(query), QType::TXT, ret); |
199631c6 | 51 | |
0a92cdb0 | 52 | int security_status=0; |
199631c6 | 53 | |
54 | if(!res && !ret.empty()) { | |
90ba52e0 | 55 | string content=getRR<TXTRecordContent>(ret.begin()->dr)->d_text; |
2e39551c | 56 | |
33c79a8a | 57 | pair<string, string> split = splitField(unquotify(content), ' '); |
2e39551c | 58 | |
335da0ba | 59 | security_status = std::stoi(split.first); |
199631c6 | 60 | g_security_message = split.second; |
61 | ||
62 | } | |
63 | else { | |
74b340fb | 64 | string pkgv(PACKAGEVERSION); |
a350fc7a | 65 | if(pkgv.find("0.0.") != 0) |
e6a9dde5 | 66 | g_log<<Logger::Warning<<"Could not retrieve security status update for '" + pkgv + "' on '"+query+"', RCODE = "<< RCode::to_s(res)<<endl; |
a4e9add5 | 67 | else |
e6a9dde5 | 68 | g_log<<Logger::Warning<<"Not validating response for security status update, this is a non-release version."<<endl; |
199631c6 | 69 | } |
70 | ||
71 | if(security_status == 1 && first) { | |
e6a9dde5 | 72 | g_log<<Logger::Warning << "Polled security status of version "<<PACKAGEVERSION<<" at startup, no known issues reported: " <<g_security_message<<endl; |
199631c6 | 73 | } |
74 | if(security_status == 2) { | |
e6a9dde5 | 75 | g_log<<Logger::Error<<"PowerDNS Security Update Recommended: "<<g_security_message<<endl; |
199631c6 | 76 | } |
77 | else if(security_status == 3) { | |
e6a9dde5 | 78 | g_log<<Logger::Error<<"PowerDNS Security Update Mandatory: "<<g_security_message<<endl; |
199631c6 | 79 | } |
80 | ||
81 | S.set("security-status",security_status); | |
82 | ||
83 | } |