]>
Commit | Line | Data |
---|---|---|
870a0fe4 AT |
1 | #ifdef HAVE_CONFIG_H |
2 | #include "config.h" | |
3 | #endif | |
806c95f2 | 4 | #include "secpoll-recursor.hh" |
5 | #include "syncres.hh" | |
6 | #include "logger.hh" | |
7 | #include "arguments.hh" | |
6c85e51f | 8 | #include "version.hh" |
77b9f5ff | 9 | |
d36904fb | 10 | #include <stdint.h> |
806c95f2 | 11 | #ifndef PACKAGEVERSION |
77b9f5ff | 12 | #define PACKAGEVERSION getPDNSVersion() |
806c95f2 | 13 | #endif |
14 | ||
15 | uint32_t g_security_status; | |
16 | string g_security_message; | |
17 | ||
18 | void doSecPoll(time_t* last_secpoll) | |
19 | { | |
20 | if(::arg()["security-poll-suffix"].empty()) | |
21 | return; | |
22 | ||
23 | struct timeval now; | |
24 | gettimeofday(&now, 0); | |
25 | SyncRes sr(now); | |
26 | ||
27 | vector<DNSResourceRecord> ret; | |
28 | ||
18b73338 KM |
29 | string version = "recursor-" +string(PACKAGEVERSION); |
30 | string query = version.substr(0, 63)+ ".security-status."+::arg()["security-poll-suffix"]; | |
6c85e51f | 31 | |
c0a074d7 | 32 | if(*query.rbegin()!='.') |
33 | query+='.'; | |
34 | ||
35 | boost::replace_all(query, "+", "_"); | |
666c4c22 | 36 | boost::replace_all(query, "~", "_"); |
c0a074d7 | 37 | |
6c85e51f | 38 | int res=sr.beginResolve(query, QType(QType::TXT), 1, ret); |
806c95f2 | 39 | if(!res && !ret.empty()) { |
40 | string content=ret.begin()->content; | |
41 | if(!content.empty() && content[0]=='"' && content[content.size()-1]=='"') { | |
42 | content=content.substr(1, content.length()-2); | |
43 | } | |
44 | ||
45 | pair<string, string> split = splitField(content, ' '); | |
46 | ||
47 | g_security_status = atoi(split.first.c_str()); | |
48 | g_security_message = split.second; | |
49 | ||
50 | *last_secpoll=now.tv_sec; | |
51 | } | |
52 | else { | |
74b340fb | 53 | string pkgv(PACKAGEVERSION); |
54 | if(pkgv.find("git")) | |
55 | L<<Logger::Warning<<"Could not retrieve security status update for '" +pkgv+ "' on '"+query+"', RCODE = "<< RCode::to_s(res)<<endl; | |
c0a074d7 | 56 | if(g_security_status == 1) // it was ok, not it is unknown |
806c95f2 | 57 | g_security_status = 0; |
c0a074d7 | 58 | if(res == RCode::NXDomain) // if we had servfail, keep on trying more more frequently |
59 | *last_secpoll=now.tv_sec; | |
806c95f2 | 60 | } |
61 | ||
62 | if(g_security_status == 2) { | |
63 | L<<Logger::Error<<"PowerDNS Security Update Recommended: "<<g_security_message<<endl; | |
64 | } | |
65 | else if(g_security_status == 3) { | |
66 | L<<Logger::Error<<"PowerDNS Security Update Mandatory: "<<g_security_message<<endl; | |
67 | } | |
68 | } |