projects / thirdparty / pdns.git / blame
| Commit | Line | Data |
|---|---|---|
| 870a0fe4 AT |
1 | #ifdef HAVE_CONFIG_H |
| 2 | #include "config.h" | |
| 3 | #endif | |
| 806c95f2 | 4 | #include "secpoll-recursor.hh" |
| 5 | #include "syncres.hh" | |
| 6 | #include "logger.hh" | |
| 7 | #include "arguments.hh" | |
| 6c85e51f | 8 | #include "version.hh" |
| 77b9f5ff | 9 | |
| d36904fb | 10 | #include <stdint.h> |
| 806c95f2 | 11 | #ifndef PACKAGEVERSION |
| 77b9f5ff | 12 | #define PACKAGEVERSION getPDNSVersion() |
| 806c95f2 | 13 | #endif |
| 14 | ||
| 15 | uint32_t g_security_status; | |
| 16 | string g_security_message; | |
| 17 | ||
| 18 | void doSecPoll(time_t* last_secpoll) | |
| 19 | { | |
| 20 | if(::arg()["security-poll-suffix"].empty()) | |
| 21 | return; | |
| 22 | ||
| 23 | struct timeval now; | |
| 24 | gettimeofday(&now, 0); | |
| 25 | SyncRes sr(now); | |
| 26 | ||
| 27 | vector<DNSResourceRecord> ret; | |
| 28 | ||
| 18b73338 KM |
29 | string version = "recursor-" +string(PACKAGEVERSION); |
| 30 | string query = version.substr(0, 63)+ ".security-status."+::arg()["security-poll-suffix"]; | |
| 6c85e51f | 31 | |
| c0a074d7 | 32 | if(*query.rbegin()!='.') |
| 33 | query+='.'; | |
| 34 | ||
| 35 | boost::replace_all(query, "+", "_"); | |
| 666c4c22 | 36 | boost::replace_all(query, "~", "_"); |
| c0a074d7 | 37 | |
| 6c85e51f | 38 | int res=sr.beginResolve(query, QType(QType::TXT), 1, ret); |
| 806c95f2 | 39 | if(!res && !ret.empty()) { |
| 40 | string content=ret.begin()->content; | |
| 41 | if(!content.empty() && content[0]=='"' && content[content.size()-1]=='"') { | |
| 42 | content=content.substr(1, content.length()-2); | |
| 43 | } | |
| 44 | ||
| 45 | pair<string, string> split = splitField(content, ' '); | |
| 46 | ||
| 47 | g_security_status = atoi(split.first.c_str()); | |
| 48 | g_security_message = split.second; | |
| 49 | ||
| 50 | *last_secpoll=now.tv_sec; | |
| 51 | } | |
| 52 | else { | |
| 74b340fb | 53 | string pkgv(PACKAGEVERSION); |
| 54 | if(pkgv.find("git")) | |
| 55 | L<<Logger::Warning<<"Could not retrieve security status update for '" +pkgv+ "' on '"+query+"', RCODE = "<< RCode::to_s(res)<<endl; | |
| c0a074d7 | 56 | if(g_security_status == 1) // it was ok, not it is unknown |
| 806c95f2 | 57 | g_security_status = 0; |
| c0a074d7 | 58 | if(res == RCode::NXDomain) // if we had servfail, keep on trying more more frequently |
| 59 | *last_secpoll=now.tv_sec; | |
| 806c95f2 | 60 | } |
| 61 | ||
| 62 | if(g_security_status == 2) { | |
| 63 | L<<Logger::Error<<"PowerDNS Security Update Recommended: "<<g_security_message<<endl; | |
| 64 | } | |
| 65 | else if(g_security_status == 3) { | |
| 66 | L<<Logger::Error<<"PowerDNS Security Update Mandatory: "<<g_security_message<<endl; | |
| 67 | } | |
| 68 | } |