pdns/secpoll-auth.cc

   1 #ifdef HAVE_CONFIG_H
   2 #include "config.h"
   3 #endif
   4 #include "secpoll-auth.hh"
   5
   6 #include "logger.hh"
   7 #include "arguments.hh"
   8 #include "version.hh"
   9 #include "dnsparser.hh"
  10 #include "misc.hh"
  11
  12 #include "sstuff.hh"
  13 #include "dnswriter.hh"
  14 #include "dns_random.hh"
  15 #include "namespaces.hh"
  16 #include "statbag.hh"
  17 #include "stubresolver.hh"
  18 #include "secpoll.hh"
  19 #include "dnsrecords.hh"
  20 #include <stdint.h>
  21 #ifndef PACKAGEVERSION
  22 #define PACKAGEVERSION getPDNSVersion()
  23 #endif
  24
  25 string g_security_message;
  26
  27 extern StatBag S;
  28
  29 /** Do an actual secpoll for the current version
  30  * @param first bool that tells if this is the first secpoll run since startup
  31  */
  32 void doSecPoll(bool first)
  33 {
  34   if(::arg()["security-poll-suffix"].empty())
  35     return;
  36
  37   struct timeval now;
  38   gettimeofday(&now, 0);
  39   string pkgv(PACKAGEVERSION);
  40
  41   string version = "auth-" + pkgv;
  42   string query = version.substr(0, 63) +".security-status."+::arg()["security-poll-suffix"];
  43
  44   if(*query.rbegin()!='.')
  45     query+='.';
  46
  47   boost::replace_all(query, "+", "_");
  48   boost::replace_all(query, "~", "_");
  49
  50   int security_status = std::stoi(S.getValueStr("security-status"));
  51
  52   vector<DNSRecord> ret;
  53   int res = stubDoResolve(DNSName(query), QType::TXT, ret);
  54
  55   if (res == RCode::NXDomain && !isReleaseVersion(pkgv)) {
  56     g_log<<Logger::Warning<<"Not validating response for security status update, this is a non-release version"<<endl;
  57     return;
  58   }
  59
  60   string security_message;
  61
  62   try {
  63     processSecPoll(res, ret, security_status, security_message);
  64   } catch(const PDNSException &pe) {
  65     S.set("security-status", security_status);
  66     g_log<<Logger::Warning<<"Could not retrieve security status update for '" + pkgv + "' on '"+ query + "': "<<pe.reason<<endl;
  67     return;
  68   }
  69
  70
  71   S.set("security-status", security_status);
  72   g_security_message = security_message;
  73
  74   if(security_status == 1 && first) {
  75     g_log<<Logger::Warning << "Polled security status of version "<<PACKAGEVERSION<<" at startup, no known issues reported: " <<g_security_message<<endl;
  76   }
  77   if(security_status == 2) {
  78     g_log<<Logger::Error<<"PowerDNS Security Update Recommended: "<<g_security_message<<endl;
  79   }
  80   if(security_status == 3) {
  81     g_log<<Logger::Error<<"PowerDNS Security Update Mandatory: "<<g_security_message<<endl;
  82   }
  83 }